openkylin
/
openssl3
mirror of https://gitee.com/openkylin/openssl3.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

merge upstream 3.0.8​

This commit is contained in:
shangxiaoyang 2023-03-09 14:44:59 +08:00
parent d02da937df
commit 62ed5dc1eb
809 changed files with 20652 additions and 7041 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

503
CHANGES.md
View File

@ -28,6 +28,496 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
* Fixed NULL dereference during PKCS7 data verification.
A NULL pointer can be dereferenced when signatures are being
verified on PKCS7 signed or signedAndEnveloped data. In case the hash
algorithm used for the signature is known to the OpenSSL library but
the implementation of the hash algorithm is not available the digest
initialization will fail. There is a missing check for the return
value from the initialization function which later leads to invalid
usage of the digest API most likely leading to a crash.
([CVE-2023-0401])
PKCS7 data is processed by the SMIME library calls and also by the
time stamp (TS) library calls. The TLS implementation in OpenSSL does
not call these functions however third party applications would be
affected if they call these functions to verify signatures on untrusted
data.
*Tomáš Mráz*
* Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but the public structure definition for GENERAL_NAME incorrectly specified
the type of the x400Address field as ASN1_TYPE. This field is subsequently
interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather
than an ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to
pass arbitrary pointers to a memcmp call, enabling them to read memory
contents or enact a denial of service.
([CVE-2023-0286])
*Hugo Landau*
* Fixed NULL dereference validating DSA public key.
An invalid pointer dereference on read can be triggered when an
application tries to check a malformed DSA public key by the
EVP_PKEY_public_check() function. This will most likely lead
to an application crash. This function can be called on public
keys supplied from untrusted sources which could allow an attacker
to cause a denial of service attack.
The TLS implementation in OpenSSL does not call this function
but applications might call the function if there are additional
security requirements imposed by standards such as FIPS 140-3.
([CVE-2023-0217])
*Shane Lontis, Tomáš Mráz*
* Fixed Invalid pointer dereference in d2i_PKCS7 functions.
An invalid pointer dereference on read can be triggered when an
application tries to load malformed PKCS7 data with the
d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
The result of the dereference is an application crash which could
lead to a denial of service attack. The TLS implementation in OpenSSL
does not call this function however third party applications might
call these functions on untrusted data.
([CVE-2023-0216])
*Tomáš Mráz*
* Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
([CVE-2023-0215])
*Viktor Dukhovni, Matt Caswell*
* Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
([CVE-2022-4450])
*Kurt Roeckx, Matt Caswell*
* Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
([CVE-2022-4304])
*Dmitry Belyavsky, Hubert Kario*
* Fixed X.509 Name Constraints Read Buffer Overflow.
A read buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. The read buffer overrun might
result in a crash which could lead to a denial of service attack.
In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
([CVE-2022-4203])
*Viktor Dukhovni*
* Fixed X.509 Policy Constraints Double Locking security issue.
If an X.509 certificate contains a malformed policy constraint and
policy processing is enabled, then a write lock will be taken twice
recursively. On some operating systems (most widely: Windows) this
results in a denial of service when the affected process hangs. Policy
processing being enabled on a publicly facing server is not considered
to be a common setup.
([CVE-2022-3996])
*Paul Dale*
* Our provider implementations of `OSSL_FUNC_KEYMGMT_EXPORT` and
`OSSL_FUNC_KEYMGMT_GET_PARAMS` for EC and SM2 keys now honor
`OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` as set (and
default to `POINT_CONVERSION_UNCOMPRESSED`) when exporting
`OSSL_PKEY_PARAM_PUB_KEY`, instead of unconditionally using
`POINT_CONVERSION_COMPRESSED` as in previous 3.x releases.
For symmetry, our implementation of `EVP_PKEY_ASN1_METHOD->export_to`
for legacy EC and SM2 keys is also changed similarly to honor the
equivalent conversion format flag as specified in the underlying
`EC_KEY` object being exported to a provider, when this function is
called through `EVP_PKEY_export()`.
*Nicola Tuveri*
### Changes between 3.0.6 and 3.0.7 [1 Nov 2022]
* Fixed two buffer overflows in punycode decoding functions.
A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed the malicious certificate or for the application to continue
certificate verification despite failure to construct a path to a trusted
issuer.
In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
An attacker can craft a malicious email address to overflow
an arbitrary number of bytes containing the `.` character (decimal 46)
on the stack. This buffer overflow could result in a crash (causing a
denial of service).
([CVE-2022-3786])
An attacker can craft a malicious email address to overflow four
attacker-controlled bytes on the stack. This buffer overflow could
result in a crash (causing a denial of service) or potentially remote code
execution depending on stack layout for any given platform/compiler.
([CVE-2022-3602])
*Paul Dale*
* Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
parameters in OpenSSL code.
Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
Using these invalid names may cause algorithms to use slower methods
that ignore the CRT parameters.
*Shane Lontis*
* Fixed a regression introduced in 3.0.6 version raising errors on some stack
operations.
*Tomáš Mráz*
* Fixed a regression introduced in 3.0.6 version not refreshing the certificate
data to be signed before signing the certificate.
*Gibeom Gwon*
* Added RIPEMD160 to the default provider.
*Paul Dale*
* Ensured that the key share group sent or accepted for the key exchange
is allowed for the protocol version.
*Matt Caswell*
### Changes between 3.0.5 and 3.0.6 [11 Oct 2022]
* OpenSSL supports creating a custom cipher via the legacy
EVP_CIPHER_meth_new() function and associated function calls. This function
was deprecated in OpenSSL 3.0 and application authors are instead encouraged
to use the new provider mechanism in order to implement custom ciphers.
OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers
passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and
EVP_CipherInit_ex2() functions (as well as other similarly named encryption
and decryption initialisation functions). Instead of using the custom cipher
directly it incorrectly tries to fetch an equivalent cipher from the
available providers. An equivalent cipher is found based on the NID passed to
EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a
given cipher. However it is possible for an application to incorrectly pass
NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef
is used in this way the OpenSSL encryption/decryption initialisation function
will match the NULL cipher as being equivalent and will fetch this from the
available providers. This will succeed if the default provider has been
loaded (or if a third party provider has been loaded that offers this
cipher). Using the NULL cipher means that the plaintext is emitted as the
ciphertext.
Applications are only affected by this issue if they call
EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an
encryption/decryption initialisation function. Applications that only use
SSL/TLS are not impacted by this issue.
([CVE-2022-3358])
*Matt Caswell*
* Fix LLVM vs Apple LLVM version numbering confusion that caused build failures
on MacOS 10.11
*Richard Levitte*
* Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
*Adam Joseph*
* Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a
ticket
*Matt Caswell*
* Correctly handle a retransmitted ClientHello in DTLS
*Matt Caswell*
* Fixed detection of ktls support in cross-compile environment on Linux
*Tomas Mraz*
* Fixed some regressions and test failures when running the 3.0.0 FIPS provider
against 3.0.x
*Paul Dale*
* Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
*Matt Caswell*
* Fix UWP builds by defining VirtualLock
*Charles Milette*
* For known safe primes use the minimum key length according to RFC 7919.
Longer private key sizes unnecessarily raise the cycles needed to compute the
shared secret without any increase of the real security. This fixes a
regression from 1.1.1 where these shorter keys were generated for the known
safe primes.
*Tomas Mraz*
* Added the loongarch64 target
*Shi Pujin*
* Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were
only passed to the FIPS provider and not to the default or legacy provider.
*Juergen Christ*
* Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
*Bernd Edlinger*
* Added a missing header for memcmp that caused compilation failure on some
platforms
*Gregor Jasny*
### Changes between 3.0.4 and 3.0.5 [5 Jul 2022]
* The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
SSL/TLS servers or other servers using 2048 bit RSA private keys running
on machines supporting AVX512IFMA instructions of the X86_64 architecture
are affected by this issue.
([CVE-2022-2274])
*Xi Ruoyao*
* AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
([CVE-2022-2097])
*Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño*
### Changes between 3.0.3 and 3.0.4 [21 Jun 2022]
* In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection have been
fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-2068)
*Daniel Fiala, Tomáš Mráz*
* Case insensitive string comparison no longer uses locales. It has instead
been directly implemented.
*Paul Dale*
### Changes between 3.0.2 and 3.0.3 [3 May 2022]
* Case insensitive string comparison is reimplemented via new locale-agnostic
comparison functions OPENSSL_str[n]casecmp always using the POSIX locale for
comparison. The previous implementation had problems when the Turkish locale
was used.
*Dmitry Belyavskiy*
* Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-1292)
*Tomáš Mráz*
* Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
certificate on an OCSP response. The bug caused the function in the case
where the (non-default) flag OCSP_NOCHECKS is used to return a postivie
response (meaning a successful verification) even in the case where the
response signing certificate fails to verify.
It is anticipated that most users of `OCSP_basic_verify` will not use the
OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return
a negative value (indicating a fatal error) in the case of a certificate
verification failure. The normal expected return value in this case would be
0.
This issue also impacts the command line OpenSSL "ocsp" application. When
verifying an ocsp response with the "-no_cert_checks" option the command line
application will report that the verification is successful even though it
has in fact failed. In this case the incorrect successful response will also
be accompanied by error messages showing the failure and contradicting the
apparently successful result.
([CVE-2022-1343])
*Matt Caswell*
* Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
AAD data as the MAC key. This made the MAC key trivially predictable.
An attacker could exploit this issue by performing a man-in-the-middle attack
to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such
that the modified data would still pass the MAC integrity check.
Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0
endpoint will always be rejected by the recipient and the connection will
fail at that point. Many application protocols require data to be sent from
the client to the server first. Therefore, in such a case, only an OpenSSL
3.0 server would be impacted when talking to a non-OpenSSL 3.0 client.
If both endpoints are OpenSSL 3.0 then the attacker could modify data being
sent in both directions. In this case both clients and servers could be
affected, regardless of the application protocol.
Note that in the absence of an attacker this bug means that an OpenSSL 3.0
endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete
the handshake when using this ciphersuite.
The confidentiality of data is not impacted by this issue, i.e. an attacker
cannot decrypt data that has been encrypted using this ciphersuite - they can
only modify it.
In order for this attack to work both endpoints must legitimately negotiate
the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in
OpenSSL 3.0, and is not available within the default provider or the default
ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been
negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the
following must have occurred:
1) OpenSSL must have been compiled with the (non-default) compile time option
enable-weak-ssl-ciphers
2) OpenSSL must have had the legacy provider explicitly loaded (either
through application code or via configuration)
3) The ciphersuite must have been explicitly added to the ciphersuite list
4) The libssl security level must have been set to 0 (default is 1)
5) A version of SSL/TLS below TLSv1.3 must have been negotiated
6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any
others that both endpoints have in common
(CVE-2022-1434)
*Matt Caswell*
* Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
occuppied by the removed hash table entries.
This function is used when decoding certificates or keys. If a long lived
process periodically decodes certificates or keys its memory usage will
expand without bounds and the process might be terminated by the operating
system causing a denial of service. Also traversing the empty hash table
entries will take increasingly more time.
Typically such long lived processes might be TLS clients or TLS servers
configured to accept client certificate authentication.
(CVE-2022-1473)
*Hugo Landau, Aliaksei Levin*
* The functions `OPENSSL_LH_stats` and `OPENSSL_LH_stats_bio` now only report
the `num_items`, `num_nodes` and `num_alloc_nodes` statistics. All other
statistics are no longer supported. For compatibility, these statistics are
still listed in the output but are now always reported as zero.
*Hugo Landau*
### Changes between 3.0.1 and 3.0.2 [15 Mar 2022]
* Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
@ -18899,7 +19389,7 @@ ndif
*Ralf S. Engelschall*
* Incorporated the popular no-RSA/DSA-only patches
which allow to compile a RSA-free SSLeay.
which allow to compile an RSA-free SSLeay.
*Andrew Cooke / Interrader Ldt., Ralf S. Engelschall*
@ -19088,6 +19578,17 @@ ndif
<!-- Links -->
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563

2
CONTRIBUTING.md
View File

@ -60,7 +60,7 @@ guidelines:
GitHub Actions and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
[coding style]: https://www.openssl.org/policies/codingstyle.html
[coding style]: https://www.openssl.org/policies/technical/coding-style.html
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see

23
Configurations/10-main.conf
View File

@ -697,7 +697,7 @@ my %targets = (
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_ldflag => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" },
enable => [ "afalgeng", "ktls" ],
enable => [ "afalgeng" ],
},
"linux-latomic" => {
inherit_from => [ "linux-generic32" ],
@ -797,7 +797,7 @@ my %targets = (
inherit_from => [ "linux-latomic" ],
cflags => add("-mabi=n32"),
cxxflags => add("-mabi=n32"),
bn_ops => "RC4_CHAR",
bn_ops => "RC4_CHAR SIXTY_FOUR_BIT",
asm_arch => 'mips64',
perlasm_scheme => "n32",
multilib => "32",
@ -818,6 +818,13 @@ my %targets = (
perlasm_scheme => "linux64",
},
# loongarch64 below refers to contemporary LoongArch Architecture
# specifications,
"linux64-loongarch64" => {
inherit_from => [ "linux-generic64"],
perlasm_scheme => "linux64",
},
#### IA-32 targets...
#### These two targets are a bit aged and are to be used on older Linux
#### machines where gcc doesn't understand -m32 and -m64
@ -1062,6 +1069,14 @@ my %targets = (
perlasm_scheme => "elf",
},
"BSD-aarch64" => {
inherit_from => [ "BSD-generic64" ],
lib_cppflags => add("-DL_ENDIAN"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
asm_arch => 'aarch64',
perlasm_scheme => "linux64",
},
# riscv64 below refers to contemporary RISCV Architecture
# specifications,
"BSD-riscv64" => {
@ -1294,7 +1309,7 @@ my %targets = (
inherit_from => [ "BASE_Windows" ],
template => 1,
CC => "cl",
CPP => '"$(CC)" /EP /C',
CPP => '$(CC) /EP /C',
CFLAGS => "/W3 /wd4090 /nologo",
coutflag => "/Fo",
LD => "link",
@ -1303,7 +1318,7 @@ my %targets = (
ldpostoutflag => "",
ld_resp_delim => "\n",
bin_lflags => "setargv.obj",
makedepcmd => '"$(CC)" /Zs /showIncludes',
makedepcmd => '$(CC) /Zs /showIncludes',
makedep_scheme => 'VC',
AR => "lib",
ARFLAGS => "/nologo",

215
Configurations/20-debian.conf
View File

@ -1,215 +0,0 @@
my %targets = (
"debian" => {
cflags => add("-Wa,--noexecstack -Wall"),
},
"debian-alpha" => {
inherit_from => [ "linux-alpha-gcc", "debian" ],
},
"debian-alpha-ev4" => {
inherit_from => [ "debian-alpha" ],
cflags => add("-mcpu=ev4"),
},
"debian-alpha-ev5" => {
inherit_from => [ "debian-alpha" ],
cflags => add("-mcpu=ev5"),
},
"debian-arm64" => {
inherit_from => [ "linux-aarch64", "debian" ],
},
"debian-arm64ilp32" => {
inherit_from => [ "linux-arm64ilp32", "debian" ],
},
"debian-armel" => {
inherit_from => [ "linux-armv4", "debian" ],
},
"debian-armhf" => {
inherit_from => [ "linux-armv4", "debian" ],
},
"debian-amd64" => {
inherit_from => [ "linux-x86_64", "debian" ],
},
"debian-i386" => {
inherit_from => [ "linux-elf", "debian" ],
},
"debian-avr32" => {
inherit_from => [ "linux-generic32", "debian" ],
},
"debian-kfreebsd-amd64" => {
inherit_from => [ "debian-amd64" ],
enable => [ ],
},
"debian-kfreebsd-i386" => {
inherit_from => [ "debian-i386" ],
enable => [ ],
},
"debian-hppa" => {
inherit_from => [ "linux-generic32", "debian" ],
cflags => add("-DB_ENDIAN"),
},
"debian-hurd-i386" => {
inherit_from => [ "hurd-x86", "debian" ],
},
"debian-ia64" => {
inherit_from => [ "linux-ia64", "debian" ],
},
"debian-m68k" => {
inherit_from => [ "linux-generic32", "debian" ],
cflags => add("-DB_ENDIAN"),
},
"debian-mips" => {
inherit_from => [ "linux-mips32", "debian" ],
cflags => add("-DB_ENDIAN"),
},
"debian-mipsel" => {
inherit_from => [ "linux-mips32", "debian" ],
cflags => add("-DL_ENDIAN"),
},
"debian-mipsn32" => {
inherit_from => [ "linux-mips64", "debian" ],
cflags => add("-DB_ENDIAN"),
},
"debian-mipsn32el" => {
inherit_from => [ "linux-mips64", "debian" ],
cflags => add("-DL_ENDIAN"),
},
"debian-mips64" => {
inherit_from => [ "linux64-mips64", "debian" ],
cflags => add("-DB_ENDIAN"),
},
"debian-mips64el" => {
inherit_from => [ "linux64-mips64", "debian" ],
cflags => add("-DL_ENDIAN"),
},
# Temporary MIPS R6 targets. Those will vanish approx in 1.1.1 because
# aes-mips.pl creates proper R6 ASM code. After that, we can inherit from
# the linux*-mips* targets.
"linux-mips32r6" => {
# Configure script adds minimally required -march for assembly
# support, if no -march was specified at command line.
inherit_from => [ "linux-generic32"],
cflags => add("-mabi=32"),
perlasm_scheme => "o32",
shared_ldflag => add("-mabi=32"),
},
# mips32 and mips64 below refer to contemporary MIPS Architecture
# specifications, MIPS32 and MIPS64, rather than to kernel bitness.
"linux-mips64r6" => {
inherit_from => [ "linux-generic32"],
cflags => add("-mabi=n32"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
perlasm_scheme => "n32",
shared_ldflag => add("-mabi=n32"),
multilib => "32",
},
"linux64-mips64r6" => {
inherit_from => [ "linux-generic64"],
cflags => add("-mabi=64"),
perlasm_scheme => "64",
shared_ldflag => add("-mabi=64"),
multilib => "64",
},
"debian-mipsr6" => {
inherit_from => [ "linux-mips32r6", "debian" ],
cflags => add("-DB_ENDIAN"),
},
"debian-mipsr6el" => {
inherit_from => [ "linux-mips32r6", "debian" ],
cflags => add("-DL_ENDIAN"),
},
"debian-mipsn32r6" => {
inherit_from => [ "linux-mips64r6", "debian" ],
cflags => add("-DB_ENDIAN"),
},
"debian-mipsn32r6el" => {
inherit_from => [ "linux-mips64r6", "debian" ],
cflags => add("-DL_ENDIAN"),
},
"debian-mips64r6" => {
inherit_from => [ "linux64-mips64r6", "debian" ],
cflags => add("-DB_ENDIAN"),
},
"debian-mips64r6el" => {
inherit_from => [ "linux64-mips64r6", "debian" ],
cflags => add("-DL_ENDIAN"),
},
"debian-musl-linux-arm64" => {
inherit_from => [ "linux-aarch64", "debian" ],
},
"debian-musl-linux-armhf" => {
inherit_from => [ "linux-armv4", "debian" ],
},
"debian-musl-linux-i386" => {
inherit_from => [ "linux-elf", "debian" ],
},
"debian-musl-linux-mips" => {
inherit_from => [ "linux-mips32", "debian" ],
cflags => add("-DB_ENDIAN"),
},
"debian-musl-linux-mipsel" => {
inherit_from => [ "linux-mips32", "debian" ],
cflags => add("-DL_ENDIAN"),
},
"debian-nios2" => {
inherit_from => [ "linux-generic32", "debian" ],
},
"debian-powerpc" => {
inherit_from => [ "linux-ppc", "debian" ],
},
"debian-powerpcspe" => {
inherit_from => [ "linux-ppc", "debian" ],
},
"debian-ppc64" => {
inherit_from => [ "linux-generic64", "debian", ],
asm_arch => 'ppc64',
cflags => add("-DB_ENDIAN"),
perlasm_scheme => "linux64",
},
"debian-ppc64el" => {
inherit_from => [ "linux-ppc64le", "debian" ],
},
"debian-riscv64" => {
inherit_from => [ "linux-generic64", "debian" ],
},
"debian-s390" => {
inherit_from => [ "linux-generic32", "debian" ],
},
"debian-s390x" => {
inherit_from => [ "linux64-s390x", "debian" ],
},
"debian-sh3" => {
inherit_from => [ "linux-generic32", "debian" ],
},
"debian-sh3eb" => {
inherit_from => [ "linux-generic32", "debian" ],
},
"debian-sh4" => {
inherit_from => [ "linux-generic32", "debian" ],
},
"debian-sh4eb" => {
inherit_from => [ "linux-generic32", "debian" ],
},
"debian-m32r" => {
inherit_from => [ "linux-generic32", "debian" ],
},
"debian-sparc" => {
inherit_from => [ "linux-generic32", "debian", ],
asm_arch => 'sparcv9',
cflags => add("-DB_ENDIAN -DBN_DIV2W"),
},
"debian-sparc64" => {
inherit_from => [ "linux-generic64", "debian" ],
asm_arch => 'sparcv9',
cflags => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"),
bn_ops => "BN_LLONG RC4_CHAR",
ex_libs => add("-latomic"),
},
"debian-tilegx" => {
inherit_from => [ "linux-generic64", "debian" ],
},
"debian-x32" => {
inherit_from => [ "linux-x32", "debian" ],
},
);

1
Configurations/50-djgpp.conf
View File

@ -4,6 +4,7 @@
my %targets = (
"DJGPP" => {
inherit_from => [ "BASE_unix" ],
CC => "gcc",
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",

25
Configurations/descrip.mms.tmpl
View File

@ -549,6 +549,7 @@ clean : libclean
- DELETE []vmsconfig.pm;*
distclean : clean
- DELETE [.include.openssl]configuration.h;*
- DELETE configdata.pm;*
- DELETE descrip.mms;*
@ -981,9 +982,10 @@ EOF
? '' : ' --case-insensitive';
return <<"EOF";
$target : $gen0 $deps $mkdef
\$(PERL) $mkdef$ord_ver --ordinals $gen0 --name $ord_name "--OS" "VMS"$case_insensitive > $target
\$(PERL) $mkdef$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name "--OS" "VMS"$case_insensitive > $target
EOF
} elsif (platform->isasm($args{src})) {
} elsif (platform->isasm($args{src})
|| platform->iscppasm($args{src})) {
#
# Assembler generator
#
@ -993,7 +995,9 @@ EOF
dso => "$dso_cflags $dso_cppflags",
bin => "$bin_cflags $bin_cppflags" } -> {$args{intent}};
my $defs = join("", map { ",".$_ } @{$args{defs}});
my $target = platform->asm($args{src});
my $target = platform->isasm($args{src})
? platform->asm($args{src})
: $args{src};
my $generator;
if ($gen0 =~ /\.pl$/) {
@ -1006,21 +1010,6 @@ EOF
}
if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
$target : $gen0 $deps
$generator \$\@-S
\@ extradefines = "$defs"
PIPE \$(CPP) $cppflags \$\@-S | -
\$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i
\@ DELETE/SYMBOL/LOCAL extradefines
RENAME \$\@-i \$\@
DELETE \$\@-S;
EOF
}
# Otherwise....
return <<"EOF";
$target : $gen0 $deps
\@ extradefines = "$defs"

11
Configurations/gentemplate.pm
View File

@ -56,7 +56,8 @@ sub emit {
my $fh = $self->{output};
die "No name?" unless $name;
print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}";
print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}"
unless defined $opts{attrs}->{skip};
}
my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
@ -200,7 +201,7 @@ sub dogenerate {
my $self = shift;
my $src = shift;
# Safety measure
return "" unless defined $self->{info}->{generate}->{$_};
return "" unless defined $self->{info}->{generate}->{$src};
return "" if $cache{$src};
my $obj = shift;
my $bin = shift;
@ -209,6 +210,7 @@ sub dogenerate {
die "$src is generated by Configure, should not appear in build file\n"
if ref $self->{info}->{generate}->{$src} eq "";
my $script = $self->{info}->{generate}->{$src}->[0];
my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}};
$self->emit('generatesrc',
src => $src,
product => $bin,
@ -220,10 +222,15 @@ sub dogenerate {
defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
attrs => { %attrs },
%opts);
foreach (@{$self->{info}->{depends}->{$src} // []}) {
$self->dogenerate($_, $obj, $bin, %opts);
}
# The generator itself may be is generated
if ($self->{info}->{generate}->{$script}) {
$self->dogenerate($script, $obj, $bin, %opts);
}
}
$cache{$src} = 1;
}

2
Configurations/platform/AIX.pm
View File

@ -25,5 +25,5 @@ sub staticname {
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
return platform::BASE->staticname($_[1]) . '_a';
return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
}

5
Configurations/platform/BASE.pm
View File

@ -42,7 +42,7 @@ sub def { return __base($_[1], '.ld') . $_[0]->defext() }
sub obj { return __base($_[1], '.o') . $_[0]->objext() }
sub res { return __base($_[1], '.res') . $_[0]->resext() }
sub dep { return __base($_[1], '.o') . $_[0]->depext() } # <- objname
sub asm { return __base($_[1], '.S', '.s') . $_[0]->asmext() }
sub asm { return __base($_[1], '.s') . $_[0]->asmext() }
# Another set of convenience functions for standard checks of certain
# internal extensions and conversion from internal to platform specific
@ -51,7 +51,8 @@ sub asm { return __base($_[1], '.S', '.s') . $_[0]->asmext() }
sub isdef { return $_[1] =~ m|\.ld$|; }
sub isobj { return $_[1] =~ m|\.o$|; }
sub isres { return $_[1] =~ m|\.res$|; }
sub isasm { return $_[1] =~ m|\.[Ss]$|; }
sub isasm { return $_[1] =~ m|\.s$|; }
sub iscppasm { return $_[1] =~ m|\.S$|; }
sub isstaticlib { return $_[1] =~ m|\.a$|; }
sub convertext {
if ($_[0]->isdef($_[1])) { return $_[0]->def($_[1]); }

2
Configurations/shared-info.pl
View File

@ -25,7 +25,7 @@ sub detect_gnu_cc {
my %shared_info;
%shared_info = (
'gnu-shared' => {
shared_ldflag => '-shared',
shared_ldflag => '-shared -Wl,-Bsymbolic',
shared_sonameflag => '-Wl,-soname=',
},
'linux-shared' => sub {

12
Configurations/unix-Makefile.tmpl
View File

@ -318,8 +318,7 @@ HTMLDIR=$(DOCDIR)/html
# MANSUFFIX is for the benefit of anyone who may want to have a suffix
# appended after the manpage file section number. "ssl" is popular,
# resulting in files such as config.5ssl rather than config.5.
MANSUFFIX=ssl
MANSECTION=SSL
MANSUFFIX=ossl
HTMLSUFFIX=html
# For "optional" echo messages, to get "real" silence
@ -595,6 +594,7 @@ clean: libclean
-find . -type l \! -name '.*' -exec $(RM) {} \;
distclean: clean
$(RM) include/openssl/configuration.h
$(RM) configdata.pm
$(RM) Makefile
@ -1400,6 +1400,7 @@ libcrypto.pc:
fi; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines-{- $sover_dirname -}'; \
echo 'modulesdir=$${libdir}/ossl-modules'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
@ -1536,7 +1537,7 @@ EOF
my $pod = $gen0;
return <<"EOF";
$args{src}: $pod
pod2man --name=$name --section=$section\$(MANSECTION) --center=OpenSSL \\
pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\
--release=\$(VERSION) $pod >\$\@
EOF
} elsif (platform->isdef($args{src})) {
@ -1549,9 +1550,10 @@ EOF
my $ord_name = $args{generator}->[1] || $args{product};
return <<"EOF";
$target: $gen0 $deps \$(SRCDIR)/util/mkdef.pl
\$(PERL) \$(SRCDIR)/util/mkdef.pl$ord_ver --ordinals $gen0 --name $ord_name --OS $mkdef_os > $target
\$(PERL) \$(SRCDIR)/util/mkdef.pl$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS $mkdef_os > $target
EOF
} elsif (platform->isasm($args{src})) {
} elsif (platform->isasm($args{src})
|| platform->iscppasm($args{src})) {
#
# Assembler generator
#

34
Configurations/windows-makefile.tmpl
View File

@ -478,6 +478,7 @@ clean: libclean
-rd /Q /S test\test-runs
distclean: clean
-del /Q /F include\openssl\configuration.h
-del /Q /F configdata.pm
-del /Q /F makefile
@ -499,8 +500,8 @@ uninstall_docs: uninstall_html_docs
{- output_off() if $disabled{fips}; "" -}
install_fips: build_sw $(INSTALL_FIPSMODULECONF)
# @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR)
@$(PERL) $(SRCDIR)\util\mkdir-p.pl $(OPENSSLDIR)
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)"
@$(ECHO) "*** Installing FIPS module"
@$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULE)" "$(MODULESDIR)"
@ -741,12 +742,13 @@ EOF
rel2abs($config{builddir}));
my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION_NUMBER)' : '';
my $ord_name =
$args{generator}->[1] || platform->dsoname($args{product});
$args{generator}->[1] || basename(platform->dsoname($args{product}));
return <<"EOF";
$target: $gen0 $deps $mkdef
"\$(PERL)" $mkdef$ord_ver --ordinals $gen0 --name $ord_name --OS windows > $target
"\$(PERL)" "$mkdef"$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS windows > $target
EOF
} elsif (platform->isasm($args{src})) {
} elsif (platform->isasm($args{src})
|| platform->iscppasm($args{src})) {
#
# Assembler generator
#
@ -756,11 +758,13 @@ EOF
dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)',
bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)'
} -> {$args{intent}};
my $target = platform->asm($args{src});
my $target = platform->isasm($args{src})
? platform->asm($args{src})
: $args{src};
my $generator;
if ($gen0 =~ /\.pl$/) {
$generator = '"$(PERL)"'.$gen_incs.' '.$gen0.$gen_args
$generator = '"$(PERL)"'.$gen_incs.' "'.$gen0.'"'.$gen_args
.' "$(PERLASM_SCHEME)"'.$incs.' '.$cppflags.$defs.' $(PROCESSSOR)';
} elsif ($gen0 =~ /\.S$/) {
$generator = undef;
@ -769,18 +773,6 @@ EOF
}
if (defined($generator)) {
# If the target is named foo.S in build.info, we want to
# end up generating foo.s in two steps.
if ($args{src} =~ /\.S$/) {
return <<"EOF";
$target: "$gen0" $deps
cmd /C "set "ASM=\$(AS)" & $generator \$@.S"
\$(CPP) $incs $cppflags $defs \$@.S > \$@.i
move /Y \$@.i \$@
del /Q \$@.S
EOF
}
# Otherwise....
return <<"EOF";
$target: "$gen0" $deps
cmd /C "set "ASM=\$(AS)" & $generator \$@"
@ -817,7 +809,7 @@ EOF
$gen0 = platform->bin($gen0);
return <<"EOF";
$args{src}: $gen0 $deps "\$(BLDDIR)\\util\\wrap.pl"
"\$(PERL)" "\$(BLDDIR)\\util\\wrap.pl" $gen0$gen_args > \$@
"\$(PERL)" "\$(BLDDIR)\\util\\wrap.pl" "$gen0"$gen_args > \$@
EOF
} else {
#
@ -825,7 +817,7 @@ EOF
#
return <<"EOF";
$args{src}: "$gen0" $deps
"\$(PERL)"$gen_incs $gen0$gen_args > \$@
"\$(PERL)"$gen_incs "$gen0"$gen_args > \$@
EOF
}
}

45
Configure
View File

@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -1394,7 +1394,7 @@ $target{build_scheme} = [ $target{build_scheme} ]
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
foreach my $checker (($builder_platform."-".$config{build_file}."-checker.pm",
$builder_platform."-checker.pm")) {
my $checker_path = catfile($srcdir, "Configurations", $checker);
if (-f $checker_path) {
@ -1502,9 +1502,7 @@ unless ($disabled{asan} || defined $detected_sanitizers{asan}) {
}
unless ($disabled{ubsan} || defined $detected_sanitizers{ubsan}) {
# -DPEDANTIC or -fnosanitize=alignment may also be required on some
# platforms.
push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all";
push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all", "-DPEDANTIC";
}
unless ($disabled{msan} || defined $detected_sanitizers{msan}) {
@ -1716,20 +1714,13 @@ unless ($disabled{devcryptoeng}) {
unless ($disabled{ktls}) {
$config{ktls}="";
if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
my $usr = "/usr/$config{cross_compile_prefix}";
chop($usr);
if ($config{cross_compile_prefix} eq "") {
$usr = "/usr";
}
my $minver = (4 << 16) + (13 << 8) + 0;
my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
if ($verstr[2] < $minver) {
my $cc = $config{CROSS_COMPILE}.$config{CC};
if ($target =~ m/^linux/) {
system("printf '#include <sys/types.h>\n#include <linux/tls.h>' | $cc -E - >/dev/null 2>&1");
if ($? != 0) {
disable('too-old-kernel', 'ktls');
}
} elsif ($target =~ m/^BSD/) {
my $cc = $config{CROSS_COMPILE}.$config{CC};
system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
if ($? != 0) {
disable('too-old-freebsd', 'ktls');
@ -1876,8 +1867,8 @@ if ($builder eq "unified") {
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
my @build_file_template_names =
( $builder_platform."-".$target{build_file}.".tmpl",
$target{build_file}.".tmpl" );
( $builder_platform."-".$config{build_file}.".tmpl",
$config{build_file}.".tmpl" );
my @build_file_templates = ();
# First, look in the user provided directory, if given
@ -2211,9 +2202,10 @@ if ($builder eq "unified") {
\$attributes{depends}, $+{ATTRIBS},
tokenize($expand_variables->($+{VALUE})))
if !@skip || $skip[$#skip] > 0; },
qr/^\s* GENERATE ${index_re} \s* = \s* ${value_re} \s* $/x
qr/^\s* GENERATE ${index_re} ${attribs_re} \s* = \s* ${value_re} \s* $/x
=> sub { $push_to->(\%generate, $expand_variables->($+{INDEX}),
undef, undef, $expand_variables->($+{VALUE}))
\$attributes{generate}, $+{ATTRIBS},
$expand_variables->($+{VALUE}))
if !@skip || $skip[$#skip] > 0; },
qr/^\s* (?:\#.*)? $/x => sub { },
"OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" },
@ -2381,6 +2373,10 @@ EOF
$check_generate{$ddest}->{$generator[0]}++;
$unified_info{generate}->{$ddest} = [ @generator ];
# Fix up associated attributes
$unified_info{attributes}->{generate}->{$ddest} =
$attributes{generate}->{$dest}->{$gen}
if defined $attributes{generate}->{$dest}->{$gen};
}
foreach (keys %depends) {
@ -2771,7 +2767,7 @@ EOF
keys %{$unified_info{htmldocs} // {}}),
(map { @{$unified_info{mandocs}->{$_} // []} }
keys %{$unified_info{mandocs} // {}}) ] );
foreach my $type (keys %loopinfo) {
foreach my $type (sort keys %loopinfo) {
foreach my $product (@{$loopinfo{$type}}) {
my %dirs = ();
my $pd = dirname($product);
@ -2792,7 +2788,7 @@ EOF
push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
if $d ne $pd;
}
foreach (keys %dirs) {
foreach (sort keys %dirs) {
push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
$product;
}
@ -2827,7 +2823,6 @@ my %template_vars = (
user_crossable => \@user_crossable,
);
my $configdata_outname = 'configdata.pm';
print "Creating $configdata_outname\n";
open CONFIGDATA, ">$configdata_outname.new"
or die "Trying to create $configdata_outname.new: $!";
my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir);
@ -2843,12 +2838,14 @@ $configdata_tmpl->fill_in(
] }
) or die $Text::Template::ERROR;
close CONFIGDATA;
rename "$configdata_outname.new", $configdata_outname;
if ($builder_platform eq 'unix') {
my $mode = (0755 & ~umask);
chmod $mode, 'configdata.pm'
or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!);
}
print "Created $configdata_outname\n";
print "Running $configdata_outname\n";
my $perlcmd = (quotify("maybeshell", $config{PERL}))[0];
@ -2888,7 +2885,7 @@ exit(0);
#
sub death_handler {
die @_ if $^S; # To prevent the added message in eval blocks
my $build_file = $target{build_file} // "build file";
my $build_file = $config{build_file} // "build file";
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.

15
INSTALL.md
View File

@ -244,9 +244,8 @@ and issue the following command.
$ nmake install
The easiest way to elevate the Command Prompt is to press and hold down
the both the `<CTRL>` and `<SHIFT>` key while clicking the menu item in the
task menu.
The easiest way to elevate the Command Prompt is to press and hold down both
the `<CTRL>` and `<SHIFT>` keys while clicking the menu item in the task menu.
The default installation location is
@ -974,7 +973,7 @@ the individual protocol versions.
### no-{protocol}-method
no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}-method
no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method
Analogous to `no-{protocol}` but in addition do not build the methods for
applications to explicitly select individual protocol versions. Note that there
@ -1204,6 +1203,14 @@ and `descrip.mms` on OpenVMS) from a suitable template in `Configurations/`,
and defines various macros in `include/openssl/configuration.h` (generated
from `include/openssl/configuration.h.in`.
If none of the generated build files suit your purpose, it's possible to
write your own build file template and give its name through the environment
variable `BUILDFILE`. For example, Ninja build files could be supported by
writing `Configurations/build.ninja.tmpl` and then configure with `BUILDFILE`
set like this (Unix syntax shown, you'll have to adapt for other platforms):
$ BUILDFILE=build.ninja perl Configure [options...]
### Out of Tree Builds
OpenSSL can be configured to build in a build directory separate from the

63
NEWS.md
View File

@ -18,6 +18,54 @@ OpenSSL Releases
OpenSSL 3.0
-----------
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
* Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
* Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286])
* Fixed NULL dereference validating DSA public key ([CVE-2023-0217])
* Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216])
* Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215])
* Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450])
* Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304])
* Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203])
* Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996])
### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022]
* Added RIPEMD160 to the default provider.
* Fixed regressions introduced in 3.0.6 version.
* Fixed two buffer overflows in punycode decoding functions.
([CVE-2022-3786]) and ([CVE-2022-3602])
### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022]
* Fix for custom ciphers to prevent accidental use of NULL encryption
([CVE-2022-3358])
### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022]
* Fixed heap memory corruption with RSA private key operation
([CVE-2022-2274])
* Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
([CVE-2022-2097])
### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022]
* Fixed additional bugs in the c_rehash script which was not properly
sanitising shell metacharacters to prevent command injection
([CVE-2022-2068])
### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022]
* Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection ([CVE-2022-1292])
* Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
certificate on an OCSP response ([CVE-2022-1343])
* Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
AAD data as the MAC key ([CVE-2022-1434])
* Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
occuppied by the removed hash table entries ([CVE-2022-1473])
### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022]
* Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
@ -100,7 +148,8 @@ OpenSSL 3.0
RC4, RC5 and SEED cipher functions have been deprecated.
* All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
have been deprecated.
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0,
except when RSA key exchange without SHA1 is used.
* Added providers, a new pluggability concept that will replace the
ENGINE API and ENGINE implementations.
@ -1381,7 +1430,17 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563

3
NOTES-NONSTOP.md
View File

@ -186,6 +186,9 @@ following variables:
if [ -n "$PRE_RELEASE_TAG" ]; then
PRE_RELEASE_TAG="-$PRE_RELEASE_TAG"
fi
if [ -n "$BUILD_METADATA" ]; then
BUILD_METADATA="+$BUILD_METADATA"
fi
echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\
sed -e 's/[-.+]/_/g'
)

84
NOTES-WINDOWS.md
View File

@ -28,12 +28,12 @@ For this option you can use Cygwin.
Native builds using Visual C++
==============================
The native builds using Visual C++ have a VC-* prefix.
The native builds using Visual C++ have a `VC-*` prefix.
Requirement details
-------------------
In addition to the requirements and instructions listed in INSTALL.md,
In addition to the requirements and instructions listed in `INSTALL.md`,
these are required as well:
### Perl
@ -64,22 +64,26 @@ Quick start
4. Use Visual Studio Developer Command Prompt with administrative privileges,
choosing one of its variants depending on the intended architecture.
Or run "cmd" and execute "vcvarsall.bat" with one of the options x86,
x86_amd64, x86_arm, x86_arm64, amd64, amd64_x86, amd64_arm, or amd64_arm64.
This sets up the environment variables needed for nmake.exe, cl.exe, etc.
Or run `cmd` and execute `vcvarsall.bat` with one of the options `x86`,
`x86_amd64`, `x86_arm`, `x86_arm64`, `amd64`, `amd64_x86`, `amd64_arm`,
or `amd64_arm64`.
This sets up the environment variables needed for `nmake.exe`, `cl.exe`,
etc.
See also
<https://docs.microsoft.com/cpp/build/building-on-the-command-line>
5. From the root of the OpenSSL source directory enter
perl Configure VC-WIN32 if you want 32-bit OpenSSL or
perl Configure VC-WIN64A if you want 64-bit OpenSSL or
perl Configure to let Configure figure out the platform
- `perl Configure VC-WIN32` if you want 32-bit OpenSSL or
- `perl Configure VC-WIN64A` if you want 64-bit OpenSSL or
- `perl Configure VC-WIN64-ARM` if you want Windows on Arm (win-arm64)
OpenSSL or
- `perl Configure` to let Configure figure out the platform
6. nmake
6. `nmake`
7. nmake test
7. `nmake test`
8. nmake install
8. `nmake install`
For the full installation instructions, or if anything goes wrong at any stage,
check the INSTALL.md file.
@ -109,25 +113,25 @@ installation for examples), these fallbacks are used:
ALSO NOTE that those directories are usually write protected, even if
your account is in the Administrators group. To work around that,
start the command prompt by right-clicking on it and choosing "Run as
Administrator" before running 'nmake install'. The other solution
Administrator" before running `nmake install`. The other solution
is, of course, to choose a different set of directories by using
--prefix and --openssldir when configuring.
`--prefix` and `--openssldir` when configuring.
Special notes for Universal Windows Platform builds, aka VC-*-UWP
--------------------------------------------------------------------
Special notes for Universal Windows Platform builds, aka `VC-*-UWP`
-------------------------------------------------------------------
- UWP targets only support building the static and dynamic libraries.
- You should define the platform type to "uwp" and the target arch via
"vcvarsall.bat" before you compile. For example, if you want to build
"arm64" builds, you should run "vcvarsall.bat x86_arm64 uwp".
- You should define the platform type to `uwp` and the target arch via
`vcvarsall.bat` before you compile. For example, if you want to build
`arm64` builds, you should run `vcvarsall.bat x86_arm64 uwp`.
Native builds using Embarcadero C++Builder
=========================================
This toolchain (a descendant of Turbo/Borland C++) is an alternative to MSVC.
OpenSSL currently includes an experimental 32-bit configuration targeting the
Clang-based compiler (bcc32c.exe) in v10.3.3 Community Edition.
Clang-based compiler (`bcc32c.exe`) in v10.3.3 Community Edition.
<https://www.embarcadero.com/products/cbuilder/starter>
1. Install Perl.
@ -135,11 +139,11 @@ Clang-based compiler (bcc32c.exe) in v10.3.3 Community Edition.
2. Open the RAD Studio Command Prompt.
3. Go to the root of the OpenSSL source directory and run:
perl Configure BC-32 --prefix=%CD%
`perl Configure BC-32 --prefix=%CD%`
4. make -N
4. `make -N`
5. make -N test
5. `make -N test`
6. Build your program against this OpenSSL:
* Set your include search path to the "include" subdirectory of OpenSSL.
@ -166,9 +170,9 @@ MinGW offers an alternative way to build native OpenSSL, by cross compilation.
- Perl, at least version 5.10.0, which usually comes pre-installed with MSYS2
- make, installed using "pacman -S make" into the MSYS2 environment
- make, installed using `pacman -S make` into the MSYS2 environment
- MinGW[64] compiler: mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc.
- MinGW[64] compiler: `mingw-w64-i686-gcc` and/or `mingw-w64-x86_64-gcc`.
These compilers must be on your MSYS2 $PATH.
A common error is to not have these on your $PATH.
The MSYS2 version of gcc will not work correctly here.
@ -176,22 +180,28 @@ MinGW offers an alternative way to build native OpenSSL, by cross compilation.
In the MSYS2 shell do the configuration depending on the target architecture:
./Configure mingw ...
or
./Configure mingw64 ...
or
./Configure ...
for the default architecture.
Apart from that, follow the Unix / Linux instructions in INSTALL.md.
Apart from that, follow the Unix / Linux instructions in `INSTALL.md`.
* It is also possible to build mingw[64] on Linux or Cygwin.
In this case configure with the corresponding --cross-compile-prefix= option.
For example
In this case configure with the corresponding `--cross-compile-prefix=`
option. For example
./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ...
or
./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ...
This requires that you've installed the necessary add-on packages for
@ -203,18 +213,18 @@ Linking native applications
This section applies to all native builds.
If you link with static OpenSSL libraries then you're expected to
additionally link your application with WS2_32.LIB, GDI32.LIB,
ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
additionally link your application with `WS2_32.LIB`, `GDI32.LIB`,
`ADVAPI32.LIB`, `CRYPT32.LIB` and `USER32.LIB`. Those developing
non-interactive service applications might feel concerned about
linking with GDI32.LIB and USER32.LIB, as they are justly associated
linking with `GDI32.LIB` and `USER32.LIB`, as they are justly associated
with interactive desktop, which is not available to service
processes. The toolkit is designed to detect in which context it's
currently executed, GUI, console app or service, and act accordingly,
namely whether or not to actually make GUI calls. Additionally those
who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and
who wish to `/DELAYLOAD:GDI32.DLL` and `/DELAYLOAD:USER32.DLL` and
actually keep them off service process should consider implementing
and exporting from .exe image in question own _OPENSSL_isservice not
relying on USER32.DLL. E.g., on Windows Vista and later you could:
and exporting from .exe image in question own `_OPENSSL_isservice` not
relying on `USER32.DLL`. E.g., on Windows Vista and later you could:
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{
@ -233,7 +243,7 @@ See also the OPENSSL_Applink manual page.
Hosted builds using Cygwin
==========================
Cygwin implements a POSIX/Unix runtime system (cygwin1.dll) on top of the
Cygwin implements a POSIX/Unix runtime system (`cygwin1.dll`) on top of the
Windows subsystem and provides a Bash shell and GNU tools environment.
Consequently, a build of OpenSSL with Cygwin is virtually identical to the
Unix procedure.
@ -249,7 +259,7 @@ To build OpenSSL using Cygwin, you need to:
Apart from that, follow the Unix / Linux instructions in INSTALL.md.
NOTE: "make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
NOTE: `make test` and normal file operations may fail in directories
mounted as text (i.e. `mount -t c:\somewhere /home`) due to Cygwin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.
mount is used, e.g. `mount -b c:\somewhere /home`.

1
README-ENGINES.md
View File

@ -314,4 +314,3 @@ It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
A quick test done right before the release showed that trying "openssl speed
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made
to write at memory address 0x00000002.

23
README-FIPS.md
View File

@ -1,13 +1,29 @@
OpenSSL FIPS support
====================
This release of OpenSSL includes a cryptographic module that is intended to be
This release of OpenSSL includes a cryptographic module that can be
FIPS 140-2 validated. The module is implemented as an OpenSSL provider.
A provider is essentially a dynamically loadable module which implements
cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file
for further details.
The OpenSSL FIPS provider comes as shared library called `fips.so` (on Unix)
A cryptographic module is only FIPS validated after it has gone through the complex
FIPS 140 validation process. As this process takes a very long time, it is not
possible to validate every minor release of OpenSSL.
If you need a FIPS validated module then you must ONLY generate a FIPS provider
using OpenSSL versions that have valid FIPS certificates. A FIPS certificate
contains a link to a Security Policy, and you MUST follow the instructions
in the Security Policy in order to be FIPS compliant.
See <https://www.openssl.org/source/> for information related to OpenSSL
FIPS certificates and Security Policies.
Newer OpenSSL Releases that include security or bug fixes can be used to build
all other components (such as the core API's, TLS and the default, base and
legacy providers) without any restrictions, but the FIPS provider must be built
as specified in the Security Policy (normally with a different version of the
source code).
The OpenSSL FIPS provider is a shared library called `fips.so` (on Unix), or
resp. `fips.dll` (on Windows). The FIPS provider does not get built and
installed automatically. To enable it, you need to configure OpenSSL using
the `enable-fips` option.
@ -15,6 +31,9 @@ the `enable-fips` option.
Installing the FIPS module
==========================
The following is only a guide.
Please read the Security Policy for up to date installation instructions.
If the FIPS provider is enabled, it gets installed automatically during the
normal installation process. Simply follow the normal procedure (configure,
make, make test, make install) as described in the [INSTALL](INSTALL.md) file.

4
VERSION.dat
View File

@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
PATCH=2
PATCH=8
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="15 Mar 2022"
RELEASE_DATE="7 Feb 2023"
SHLIB_VERSION=3

22
apps/ca.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -922,7 +922,8 @@ end_of_options:
goto end;
}
} else {
if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
serial = load_serial(serialfile, NULL, create_ser, NULL);
if (serial == NULL) {
BIO_printf(bio_err, "error while loading serial number\n");
goto end;
}
@ -1162,7 +1163,8 @@ end_of_options:
if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
!= NULL)
if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL))
== NULL) {
BIO_printf(bio_err, "error while loading CRL number\n");
goto end;
}
@ -2367,7 +2369,7 @@ static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg)
case REV_CRL_REASON:
for (i = 0; i < 8; i++) {
if (strcasecmp(rev_arg, crl_reasons[i]) == 0) {
if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) {
reason = crl_reasons[i];
break;
}
@ -2467,18 +2469,18 @@ static int make_revoked(X509_REVOKED *rev, const char *str)
rtmp = ASN1_ENUMERATED_new();
if (rtmp == NULL || !ASN1_ENUMERATED_set(rtmp, reason_code))
goto end;
if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
if (X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0) <= 0)
goto end;
}
if (rev && comp_time) {
if (!X509_REVOKED_add1_ext_i2d
(rev, NID_invalidity_date, comp_time, 0, 0))
if (X509_REVOKED_add1_ext_i2d
(rev, NID_invalidity_date, comp_time, 0, 0) <= 0)
goto end;
}
if (rev && hold) {
if (!X509_REVOKED_add1_ext_i2d
(rev, NID_hold_instruction_code, hold, 0, 0))
if (X509_REVOKED_add1_ext_i2d
(rev, NID_hold_instruction_code, hold, 0, 0) <= 0)
goto end;
}
@ -2584,7 +2586,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
}
if (reason_str) {
for (i = 0; i < NUM_REASONS; i++) {
if (strcasecmp(reason_str, crl_reasons[i]) == 0) {
if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) {
reason_code = i;
break;
}

7
apps/ciphers.c
View File

@ -227,6 +227,10 @@ int ciphers_main(int argc, char **argv)
if (!verbose) {
for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
if (!ossl_assert(c != NULL))
continue;
p = SSL_CIPHER_get_name(c);
if (p == NULL)
break;
@ -242,6 +246,9 @@ int ciphers_main(int argc, char **argv)
c = sk_SSL_CIPHER_value(sk, i);
if (!ossl_assert(c != NULL))
continue;
if (Verbose) {
unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);

84
apps/cmp.c
View File

@ -1745,7 +1745,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx)
valptr[0] = '\0';
valptr++;
if (strncasecmp(valptr, "int:", 4) != 0) {
if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) {
CMP_err("missing 'int:' in -geninfo option");
return 0;
}
@ -1923,7 +1923,6 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL)
goto err;
(void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info);
/* info will be freed along with CMP ctx */
info->server = opt_server;
info->port = server_port;
/* workaround for callback design flaw, see #17088: */
@ -2690,8 +2689,8 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
(void)OSSL_CMP_CTX_set1_senderNonce(srv_cmp_ctx, NULL);
}
if (!ret || !keep_alive
|| OSSL_CMP_CTX_get_status(srv_cmp_ctx) == -1
/* transaction closed by OSSL_CMP_CTX_server_perform() */) {
|| OSSL_CMP_CTX_get_status(srv_cmp_ctx) != OSSL_CMP_PKISTATUS_trans
/* transaction closed by OSSL_CMP_CTX_server_perform() */) {
BIO_free_all(cbio);
cbio = NULL;
}
@ -2703,6 +2702,35 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
}
#endif
static void print_status(void)
{
/* print PKIStatusInfo */
int status = OSSL_CMP_CTX_get_status(cmp_ctx);
char *buf = app_malloc(OSSL_CMP_PKISI_BUFLEN, "PKIStatusInfo buf");
const char *string =
OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN);
const char *from = "", *server = "";
#ifndef OPENSSL_NO_SOCK
if (opt_server != NULL) {
from = " from ";
server = opt_server;
}
#endif
CMP_print(bio_err,
status == OSSL_CMP_PKISTATUS_accepted
? OSSL_CMP_LOG_INFO :
status == OSSL_CMP_PKISTATUS_rejection
|| status == OSSL_CMP_PKISTATUS_waiting
? OSSL_CMP_LOG_ERR : OSSL_CMP_LOG_WARNING,
status == OSSL_CMP_PKISTATUS_accepted ? "info" :
status == OSSL_CMP_PKISTATUS_rejection ? "server error" :
status == OSSL_CMP_PKISTATUS_waiting ? "internal error"
: "warning", "received%s%s %s", from, server,
string != NULL ? string : "<unknown PKIStatus>");
OPENSSL_free(buf);
}
int cmp_main(int argc, char **argv)
{
char *configfile = NULL;
@ -2925,39 +2953,10 @@ int cmp_main(int argc, char **argv)
default:
break;
}
if (OSSL_CMP_CTX_get_status(cmp_ctx) < 0)
if (OSSL_CMP_CTX_get_status(cmp_ctx) < OSSL_CMP_PKISTATUS_accepted)
goto err; /* we got no response, maybe even did not send request */
{
/* print PKIStatusInfo */
int status = OSSL_CMP_CTX_get_status(cmp_ctx);
char *buf = app_malloc(OSSL_CMP_PKISI_BUFLEN, "PKIStatusInfo buf");
const char *string =
OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf,
OSSL_CMP_PKISI_BUFLEN);
const char *from = "", *server = "";
#ifndef OPENSSL_NO_SOCK
if (opt_server != NULL) {
from = " from ";
server = opt_server;
}
#endif
CMP_print(bio_err,
status == OSSL_CMP_PKISTATUS_accepted
? OSSL_CMP_LOG_INFO :
status == OSSL_CMP_PKISTATUS_rejection
|| status == OSSL_CMP_PKISTATUS_waiting
? OSSL_CMP_LOG_ERR : OSSL_CMP_LOG_WARNING,
status == OSSL_CMP_PKISTATUS_accepted ? "info" :
status == OSSL_CMP_PKISTATUS_rejection ? "server error" :
status == OSSL_CMP_PKISTATUS_waiting ? "internal error"
: "warning",
"received%s%s %s", from, server,
string != NULL ? string : "<unknown PKIStatus>");
OPENSSL_free(buf);
}
print_status();
if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx),
opt_extracertsout, "extra") < 0)
ret = 0;
@ -3001,12 +3000,19 @@ int cmp_main(int argc, char **argv)
if (ret != 1)
OSSL_CMP_CTX_print_errors(cmp_ctx);
ossl_cmp_mock_srv_free(OSSL_CMP_CTX_get_transfer_cb_arg(cmp_ctx));
if (cmp_ctx != NULL) {
#ifndef OPENSSL_NO_SOCK
APP_HTTP_TLS_INFO_free(OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx));
APP_HTTP_TLS_INFO *info = OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx);
#endif
X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx));
OSSL_CMP_CTX_free(cmp_ctx);
ossl_cmp_mock_srv_free(OSSL_CMP_CTX_get_transfer_cb_arg(cmp_ctx));
X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx));
/* cannot free info already here, as it may be used indirectly by: */
OSSL_CMP_CTX_free(cmp_ctx);
#ifndef OPENSSL_NO_SOCK
APP_HTTP_TLS_INFO_free(info);
#endif
}
X509_VERIFY_PARAM_free(vpm);
release_engine(engine);

31
apps/dgst.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -66,7 +66,7 @@ const OPTIONS dgst_options[] = {
{"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
{"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms"},
{"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"},
{"d", OPT_DEBUG, '-', "Print debug info"},
{"debug", OPT_DEBUG, '-', "Print debug info"},
@ -114,6 +114,8 @@ int dgst_main(int argc, char **argv)
buf = app_malloc(BUFSIZE, "I/O buffer");
md = (EVP_MD *)EVP_get_digestbyname(argv[0]);
if (md != NULL)
digestname = argv[0];
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
@ -321,8 +323,10 @@ int dgst_main(int argc, char **argv)
}
if (hmac_key != NULL) {
if (md == NULL)
if (md == NULL) {
md = (EVP_MD *)EVP_sha256();
digestname = SN_sha256;
}
sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
(unsigned char *)hmac_key,
strlen(hmac_key));
@ -340,9 +344,19 @@ int dgst_main(int argc, char **argv)
goto end;
}
if (do_verify)
res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
if (impl == NULL)
res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
else
res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
else
res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
if (impl == NULL)
res = EVP_DigestSignInit_ex(mctx, &pctx, digestname,
app_get0_libctx(),
app_get0_propq(), sigkey, NULL);
else
res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
if (res == 0) {
BIO_printf(bio_err, "Error setting context\n");
goto end;
@ -406,6 +420,11 @@ int dgst_main(int argc, char **argv)
BIO_printf(bio_err, "Length can only be specified for XOF\n");
goto end;
}
/*
* Signing using XOF is not supported by any algorithms currently since
* each algorithm only calls EVP_DigestFinal_ex() in their sign_final
* and verify_final methods.
*/
if (sigkey != NULL) {
BIO_printf(bio_err, "Signing key cannot be specified for XOF\n");
goto end;
@ -467,7 +486,7 @@ static void show_digests(const OBJ_NAME *name, void *arg)
return;
/* Filter out message digests that we cannot use */
md = EVP_get_digestbyname(name->name);
md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
if (md == NULL)
return;

20
apps/dhparam.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -181,7 +181,11 @@ int dhparam_main(int argc, char **argv)
if (num) {
const char *alg = dsaparam ? "DSA" : "DH";
ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL);
if (infile != NULL) {
BIO_printf(bio_err, "Warning, input file %s ignored\n", infile);
}
ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), alg, app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err,
"Error, %s param generation context allocation failed\n",
@ -202,16 +206,16 @@ int dhparam_main(int argc, char **argv)
}
if (dsaparam) {
if (!EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, num)) {
if (EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, num) <= 0) {
BIO_printf(bio_err, "Error, unable to set DSA prime length\n");
goto end;
}
} else {
if (!EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, num)) {
if (EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, num) <= 0) {
BIO_printf(bio_err, "Error, unable to set DH prime length\n");
goto end;
}
if (!EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, g)) {
if (EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, g) <= 0) {
BIO_printf(bio_err, "Error, unable to set generator\n");
goto end;
}
@ -309,12 +313,12 @@ int dhparam_main(int argc, char **argv)
EVP_PKEY_print_params(out, pkey, 4, NULL);
if (check) {
ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err, "Error, failed to check DH parameters\n");
goto end;
}
if (!EVP_PKEY_param_check(ctx)) {
if (EVP_PKEY_param_check(ctx) <= 0) {
BIO_printf(bio_err, "Error, invalid parameters generated\n");
goto end;
}
@ -381,7 +385,7 @@ static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh)
goto err;
}
ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL);
ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DHX", app_get0_propq());
if (ctx == NULL
|| EVP_PKEY_fromdata_init(ctx) <= 0
|| EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) {

9
apps/dsaparam.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -147,7 +147,7 @@ int dsaparam_main(int argc, char **argv)
if (out == NULL)
goto end;
ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DSA", app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err,
"Error, DSA parameter generation context allocation failed\n");
@ -172,7 +172,7 @@ int dsaparam_main(int argc, char **argv)
"Error, DSA key generation paramgen init failed\n");
goto end;
}
if (!EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, num)) {
if (EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, num) <= 0) {
BIO_printf(bio_err,
"Error, DSA key generation setting bit length failed\n");
goto end;
@ -205,7 +205,8 @@ int dsaparam_main(int argc, char **argv)
}
if (genkey) {
EVP_PKEY_CTX_free(ctx);
ctx = EVP_PKEY_CTX_new(params, NULL);
ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params,
app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err,
"Error, DSA key generation context allocation failed\n");

4
apps/ec.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -232,7 +232,7 @@ int ec_main(int argc, char **argv)
BIO_printf(bio_err, "unable to check EC key\n");
goto end;
}
if (!EVP_PKEY_check(pctx))
if (EVP_PKEY_check(pctx) <= 0)
BIO_printf(bio_err, "EC Key Invalid!\n");
else
BIO_printf(bio_err, "EC Key valid.\n");

18
apps/ecparam.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -229,10 +229,12 @@ int ecparam_main(int argc, char **argv)
point_format, 0);
*p = OSSL_PARAM_construct_end();
if (strcasecmp(curve_name, "SM2") == 0)
gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "sm2", NULL);
if (OPENSSL_strcasecmp(curve_name, "SM2") == 0)
gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "sm2",
app_get0_propq());
else
gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL);
gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "ec",
app_get0_propq());
if (gctx_params == NULL
|| EVP_PKEY_keygen_init(gctx_params) <= 0
|| EVP_PKEY_CTX_set_params(gctx_params, params) <= 0
@ -283,8 +285,9 @@ int ecparam_main(int argc, char **argv)
BIO_printf(bio_err, "unable to set check_type\n");
goto end;
}
pctx = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL);
if (pctx == NULL || !EVP_PKEY_param_check(pctx)) {
pctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key,
app_get0_propq());
if (pctx == NULL || EVP_PKEY_param_check(pctx) <= 0) {
BIO_printf(bio_err, "failed\n");
goto end;
}
@ -313,7 +316,8 @@ int ecparam_main(int argc, char **argv)
* EVP_PKEY_CTX_set_group_name(gctx, curvename);
* EVP_PKEY_keygen(gctx, &key) <= 0)
*/
gctx_key = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL);
gctx_key = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key,
app_get0_propq());
if (EVP_PKEY_keygen_init(gctx_key) <= 0
|| EVP_PKEY_keygen(gctx_key, &key) <= 0) {
BIO_printf(bio_err, "unable to generate key\n");

4
apps/gendsa.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -134,7 +134,7 @@ int gendsa_main(int argc, char **argv)
" Your key size is %d! Larger key size may behave not as expected.\n",
OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_get_bits(pkey));
ctx = EVP_PKEY_CTX_new(pkey, NULL);
ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, app_get0_propq());
if (ctx == NULL) {
BIO_printf(bio_err, "unable to create PKEY context\n");
goto end;

5
apps/genrsa.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -179,7 +179,8 @@ opthelp:
if (out == NULL)
goto end;
if (!init_gen_str(&ctx, "RSA", eng, 0, NULL, NULL))
if (!init_gen_str(&ctx, "RSA", eng, 0, app_get0_libctx(),
app_get0_propq()))
goto end;
EVP_PKEY_CTX_set_cb(ctx, genrsa_cb);

13
apps/include/apps.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -13,6 +13,7 @@
# include "e_os.h" /* struct timeval for DTLS */
# include "internal/nelem.h"
# include "internal/sockets.h" /* for openssl_fdset() */
# include "internal/cryptlib.h" /* ossl_assert() */
# include <assert.h>
# include <stdarg.h>
@ -219,12 +220,16 @@ typedef struct ca_db_st {
void app_bail_out(char *fmt, ...);
void *app_malloc(size_t sz, const char *what);
BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
ASN1_INTEGER **retai);
/* load_serial, save_serial, and rotate_serial are also used for CRL numbers */
BIGNUM *load_serial(const char *serialfile, int *exists, int create,
ASN1_INTEGER **retai);
int save_serial(const char *serialfile, const char *suffix,
const BIGNUM *serial, ASN1_INTEGER **retai);
int rotate_serial(const char *serialfile, const char *new_suffix,
const char *old_suffix);
int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(const char *dbfile, const char *suffix, CA_DB *db);

67
apps/lib/apps.c
View File

@ -308,6 +308,7 @@ static char *app_get_pass(const char *arg, int keepbio)
pwdbio = BIO_push(btmp, pwdbio);
#endif
} else if (strcmp(arg, "stdin") == 0) {
unbuffer(stdin);
pwdbio = dup_bio_in(FORMAT_TEXT);
if (pwdbio == NULL) {
BIO_printf(bio_err, "Can't open BIO for stdin\n");
@ -688,8 +689,8 @@ int load_cert_certs(const char *uri,
int ret = 0;
char *pass_string;
if (exclude_http && (strncasecmp(uri, "http://", 7) == 0
|| strncasecmp(uri, "https://", 8) == 0)) {
if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0
|| OPENSSL_strncasecmp(uri, "https://", 8) == 0)) {
BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc);
return ret;
}
@ -1182,20 +1183,22 @@ int set_name_ex(unsigned long *flags, const char *arg)
int set_dateopt(unsigned long *dateopt, const char *arg)
{
if (strcasecmp(arg, "rfc_822") == 0)
if (OPENSSL_strcasecmp(arg, "rfc_822") == 0)
*dateopt = ASN1_DTFLGS_RFC822;
else if (strcasecmp(arg, "iso_8601") == 0)
else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0)
*dateopt = ASN1_DTFLGS_ISO8601;
return 0;
else
return 0;
return 1;
}
int set_ext_copy(int *copy_type, const char *arg)
{
if (strcasecmp(arg, "none") == 0)
if (OPENSSL_strcasecmp(arg, "none") == 0)
*copy_type = EXT_COPY_NONE;
else if (strcasecmp(arg, "copy") == 0)
else if (OPENSSL_strcasecmp(arg, "copy") == 0)
*copy_type = EXT_COPY_ADD;
else if (strcasecmp(arg, "copyall") == 0)
else if (OPENSSL_strcasecmp(arg, "copyall") == 0)
*copy_type = EXT_COPY_ALL;
else
return 0;
@ -1275,7 +1278,7 @@ static int set_table_opts(unsigned long *flags, const char *arg,
}
for (ptbl = in_tbl; ptbl->name; ptbl++) {
if (strcasecmp(arg, ptbl->name) == 0) {
if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) {
*flags &= ~ptbl->mask;
if (c)
*flags |= ptbl->flag;
@ -1369,8 +1372,8 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile,
if (lookup == NULL)
goto end;
if (CAfile != NULL) {
if (!X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM,
libctx, propq)) {
if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM,
libctx, propq) <= 0) {
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
goto end;
}
@ -1385,7 +1388,7 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile,
if (lookup == NULL)
goto end;
if (CApath != NULL) {
if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
if (X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM) <= 0) {
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
goto end;
}
@ -1454,7 +1457,8 @@ static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
#undef BSIZE
#define BSIZE 256
BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
BIGNUM *load_serial(const char *serialfile, int *exists, int create,
ASN1_INTEGER **retai)
{
BIO *in = NULL;
BIGNUM *ret = NULL;
@ -1466,6 +1470,8 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
goto err;
in = BIO_new_file(serialfile, "r");
if (exists != NULL)
*exists = in != NULL;
if (in == NULL) {
if (!create) {
perror(serialfile);
@ -1473,8 +1479,14 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
}
ERR_clear_error();
ret = BN_new();
if (ret == NULL || !rand_serial(ret, ai))
if (ret == NULL) {
BIO_printf(bio_err, "Out of memory\n");
} else if (!rand_serial(ret, ai)) {
BIO_printf(bio_err, "Error creating random number to store in %s\n",
serialfile);
BN_free(ret);
ret = NULL;
}
} else {
if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
BIO_printf(bio_err, "Unable to load number from %s\n",
@ -1488,12 +1500,13 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai)
}
}
if (ret && retai) {
if (ret != NULL && retai != NULL) {
*retai = ai;
ai = NULL;
}
err:
ERR_print_errors(bio_err);
if (ret == NULL)
ERR_print_errors(bio_err);
BIO_free(in);
ASN1_INTEGER_free(ai);
return ret;
@ -2456,7 +2469,9 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg;
SSL_CTX *ssl_ctx = info->ssl_ctx;
if (connect && detail) { /* connecting with TLS */
if (ssl_ctx == NULL) /* not using TLS */
return bio;
if (connect) {
SSL *ssl;
BIO *sbio = NULL;
@ -2536,6 +2551,11 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy,
"missing SSL_CTX");
goto end;
}
if (!use_ssl && ssl_ctx != NULL) {
ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT,
"SSL_CTX given but use_ssl == 0");
goto end;
}
info.server = server;
info.port = port;
@ -2917,6 +2937,9 @@ BIO *dup_bio_out(int format)
BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
void *prefix = NULL;
if (b == NULL)
return NULL;
#ifdef OPENSSL_SYS_VMS
if (FMT_istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
@ -2936,7 +2959,7 @@ BIO *dup_bio_err(int format)
BIO *b = BIO_new_fp(stderr,
BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
#ifdef OPENSSL_SYS_VMS
if (FMT_istext(format))
if (b != NULL && FMT_istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
return b;
@ -3356,14 +3379,6 @@ int opt_legacy_okay(void)
{
int provider_options = opt_provider_option_given();
int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL;
#ifndef OPENSSL_NO_ENGINE
ENGINE *e = ENGINE_get_first();
if (e != NULL) {
ENGINE_free(e);
return 1;
}
#endif
/*
* Having a provider option specified or a custom library context or
* property query, is a sure sign we're not using legacy.

2
apps/lib/cmp_mock_srv.c
View File

@ -301,7 +301,7 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
if (ctx->sendError) {
if (sk_OSSL_CMP_ITAV_num(in) > 1 || ctx->sendError) {
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
return 0;
}

2
apps/lib/engine_loader.c
View File

@ -71,7 +71,7 @@ static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader,
char *keyid = NULL;
OSSL_STORE_LOADER_CTX *ctx = NULL;
if (strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1)
if (OPENSSL_strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1)
!= 0)
return NULL;
p += sizeof(ENGINE_SCHEME_COLON) - 1;

9
apps/lib/http_server.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -453,10 +453,11 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
}
*line_end = '\0';
/* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) {
if (strcasecmp(value, "keep-alive") == 0)
if (found_keep_alive != NULL
&& OPENSSL_strcasecmp(key, "Connection") == 0) {
if (OPENSSL_strcasecmp(value, "keep-alive") == 0)
*found_keep_alive = 1;
else if (strcasecmp(value, "close") == 0)
else if (OPENSSL_strcasecmp(value, "close") == 0)
*found_keep_alive = 0;
}
}

9
apps/lib/names.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -11,14 +11,11 @@
#include <openssl/bio.h>
#include <openssl/safestack.h>
#include "names.h"
#ifdef _WIN32
# define strcasecmp _stricmp
#endif
#include "openssl/crypto.h"
int name_cmp(const char * const *a, const char * const *b)
{
return strcasecmp(*a, *b);
return OPENSSL_strcasecmp(*a, *b);
}
void collect_names(const char *name, void *vdata)

28
apps/lib/s_cb.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -76,22 +76,28 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
}
switch (err) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
BIO_puts(bio_err, "issuer= ");
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
0, get_nameopt());
BIO_puts(bio_err, "\n");
if (err_cert != NULL) {
BIO_puts(bio_err, "issuer= ");
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
0, get_nameopt());
BIO_puts(bio_err, "\n");
}
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err, "notBefore=");
ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
BIO_printf(bio_err, "\n");
if (err_cert != NULL) {
BIO_printf(bio_err, "notBefore=");
ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
BIO_printf(bio_err, "\n");
}
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err, "notAfter=");
ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
BIO_printf(bio_err, "\n");
if (err_cert != NULL) {
BIO_printf(bio_err, "notAfter=");
ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
BIO_printf(bio_err, "\n");
}
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
if (!verify_args.quiet)

4
apps/lib/vms_term_sock.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016 VMS Software, Inc. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -132,7 +132,7 @@ int main (int argc, char *argv[], char *envp[])
len;
LogMessage ("Enter 'q' or 'Q' to quit ...");
while (strcasecmp (TermBuff, "Q")) {
while (OPENSSL_strcasecmp (TermBuff, "Q")) {
/*
** Create the terminal socket
*/

12
apps/list.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -71,7 +71,7 @@ static void legacy_cipher_fn(const EVP_CIPHER *c,
{
if (select_name != NULL
&& (c == NULL
|| strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0))
|| OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0))
return;
if (c != NULL) {
BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c));
@ -370,7 +370,7 @@ DEFINE_STACK_OF(EVP_RAND)
static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b)
{
int ret = strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b));
int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b));
if (ret == 0)
ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)),
@ -404,7 +404,7 @@ static void list_random_generators(void)
const EVP_RAND *m = sk_EVP_RAND_value(rands, i);
if (select_name != NULL
&& strcasecmp(EVP_RAND_get0_name(m), select_name) != 0)
&& OPENSSL_strcasecmp(EVP_RAND_get0_name(m), select_name) != 0)
continue;
BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m));
BIO_printf(bio_out, " @ %s\n",
@ -463,7 +463,7 @@ static void display_random(const char *name, EVP_RAND_CTX *drbg)
if (gettables != NULL)
for (; gettables->key != NULL; gettables++) {
/* State has been dealt with already, so ignore */
if (strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0)
if (OPENSSL_strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0)
continue;
/* Outside of verbose mode, we skip non-string values */
if (gettables->data_type != OSSL_PARAM_UTF8_STRING
@ -1474,7 +1474,7 @@ const OPTIONS list_options[] = {
"List of cipher commands (deprecated)"},
#endif
{"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
"List of cipher algorithms"},
"List of symmetric cipher algorithms"},
{"encoders", OPT_ENCODERS, '-', "List of encoding methods" },
{"decoders", OPT_DECODERS, '-', "List of decoding methods" },
{"key-managers", OPT_KEYMANAGERS, '-', "List of key managers" },

5
apps/mac.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -170,9 +170,6 @@ opthelp:
goto err;
}
/* Use text mode for stdin */
if (infile == NULL || strcmp(infile, "-") == 0)
inform = FORMAT_TEXT;
in = bio_open_default(infile, 'r', inform);
if (in == NULL)
goto err;

9
apps/ocsp.c
View File

@ -135,7 +135,7 @@ const OPTIONS ocsp_options[] = {
{"no_certs", OPT_NO_CERTS, '-',
"Don't include any certificates in signed request"},
{"badsig", OPT_BADSIG, '-',
"Corrupt last byte of loaded OSCP response signature (for test)"},
"Corrupt last byte of loaded OCSP response signature (for test)"},
{"CA", OPT_CA, '<', "CA certificate"},
{"nmin", OPT_NMIN, 'p', "Number of minutes before next update"},
{"nrequest", OPT_REQUEST, 'p',
@ -724,6 +724,8 @@ redo_accept:
make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey,
rsign_md, rsign_sigopts, rother, rflags, nmin, ndays,
badsig, resp_certid_md);
if (resp == NULL)
goto end;
if (cbio != NULL)
send_ocsp_response(cbio, resp);
} else if (host != NULL) {
@ -1115,6 +1117,11 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
single = OCSP_basic_add1_status(bs, cid,
V_OCSP_CERTSTATUS_REVOKED,
reason, revtm, thisupd, nextupd);
if (single == NULL) {
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
NULL);
goto end;
}
if (invtm != NULL)
OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
invtm, 0, 0);

4
apps/openssl.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -307,7 +307,7 @@ int main(int argc, char *argv[])
BIO_free(bio_in);
BIO_free_all(bio_out);
apps_shutdown();
BIO_free(bio_err);
BIO_free_all(bio_err);
EXIT(ret);
}

4
apps/pkcs12.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -143,7 +143,7 @@ const OPTIONS pkcs12_options[] = {
"Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"},
#endif
{"macalg", OPT_MACALG, 's',
"Digest algorithm to use in MAC (default SHA1)"},
"Digest algorithm to use in MAC (default SHA256)"},
{"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"},
{"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
{"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"},

4
apps/pkey.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -250,7 +250,7 @@ int pkey_main(int argc, char **argv)
goto end;
}
if (check)
if (check && !pubin)
r = EVP_PKEY_check(ctx);
else
r = EVP_PKEY_public_check(ctx);

11
apps/pkeyparam.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -101,7 +101,8 @@ int pkeyparam_main(int argc, char **argv)
out = bio_open_default(outfile, 'w', FORMAT_PEM);
if (out == NULL)
goto end;
pkey = PEM_read_bio_Parameters(in, NULL);
pkey = PEM_read_bio_Parameters_ex(in, NULL, app_get0_libctx(),
app_get0_propq());
if (pkey == NULL) {
BIO_printf(bio_err, "Error reading parameters\n");
ERR_print_errors(bio_err);
@ -109,7 +110,11 @@ int pkeyparam_main(int argc, char **argv)
}
if (check) {
ctx = EVP_PKEY_CTX_new(pkey, e);
if (e == NULL)
ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey,
app_get0_propq());
else
ctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;

4
apps/rehash.c
View File

@ -214,7 +214,7 @@ static int handle_symlink(const char *filename, const char *fullpath)
return -1;
for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
const char *suffix = suffixes[type];
if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
if (OPENSSL_strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
break;
}
i += strlen(suffixes[type]);
@ -249,7 +249,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h)
if ((ext = strrchr(filename, '.')) == NULL)
goto end;
for (i = 0; i < OSSL_NELEM(extensions); i++) {
if (strcasecmp(extensions[i], ext + 1) == 0)
if (OPENSSL_strcasecmp(extensions[i], ext + 1) == 0)
break;
}
if (i >= OSSL_NELEM(extensions))

2
apps/req.c
View File

@ -992,7 +992,7 @@ int req_main(int argc, char **argv)
goto end;
}
fprintf(stdout, "Modulus=");
if (EVP_PKEY_is_a(tpubkey, "RSA")) {
if (EVP_PKEY_is_a(tpubkey, "RSA") || EVP_PKEY_is_a(tpubkey, "RSA-PSS")) {
BIGNUM *n = NULL;
if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n))

8
apps/rsa.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -61,7 +61,7 @@ const OPTIONS rsa_options[] = {
OPT_SECTION("Input"),
{"in", OPT_IN, 's', "Input file"},
{"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE"},
{"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
{"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
@ -257,7 +257,7 @@ int rsa_main(int argc, char **argv)
ERR_print_errors(bio_err);
goto end;
}
if (!EVP_PKEY_is_a(pkey, "RSA")) {
if (!EVP_PKEY_is_a(pkey, "RSA") && !EVP_PKEY_is_a(pkey, "RSA-PSS")) {
BIO_printf(bio_err, "Not an RSA key\n");
goto end;
}
@ -304,7 +304,7 @@ int rsa_main(int argc, char **argv)
} else if (r == 0) {
BIO_printf(bio_err, "RSA key not ok\n");
ERR_print_errors(bio_err);
} else if (r == -1) {
} else if (r < 0) {
ERR_print_errors(bio_err);
goto end;
}

24
apps/rsautl.c
View File

@ -243,25 +243,25 @@ int rsautl_main(int argc, char **argv)
switch (rsa_mode) {
case RSA_VERIFY:
rv = EVP_PKEY_verify_recover_init(ctx)
&& EVP_PKEY_CTX_set_rsa_padding(ctx, pad)
rv = EVP_PKEY_verify_recover_init(ctx) > 0
&& EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0
&& EVP_PKEY_verify_recover(ctx, rsa_out, &rsa_outlen,
rsa_in, rsa_inlen);
rsa_in, rsa_inlen) > 0;
break;
case RSA_SIGN:
rv = EVP_PKEY_sign_init(ctx)
&& EVP_PKEY_CTX_set_rsa_padding(ctx, pad)
&& EVP_PKEY_sign(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen);
rv = EVP_PKEY_sign_init(ctx) > 0
&& EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0
&& EVP_PKEY_sign(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen) > 0;
break;
case RSA_ENCRYPT:
rv = EVP_PKEY_encrypt_init(ctx)
&& EVP_PKEY_CTX_set_rsa_padding(ctx, pad)
&& EVP_PKEY_encrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen);
rv = EVP_PKEY_encrypt_init(ctx) > 0
&& EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0
&& EVP_PKEY_encrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen) > 0;
break;
case RSA_DECRYPT:
rv = EVP_PKEY_decrypt_init(ctx)
&& EVP_PKEY_CTX_set_rsa_padding(ctx, pad)
&& EVP_PKEY_decrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen);
rv = EVP_PKEY_decrypt_init(ctx) > 0
&& EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0
&& EVP_PKEY_decrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen) > 0;
break;
}

15
apps/s_client.c
View File

@ -703,7 +703,6 @@ typedef enum PROTOCOL_choice {
PROTO_TELNET,
PROTO_XMPP,
PROTO_XMPP_SERVER,
PROTO_CONNECT,
PROTO_IRC,
PROTO_MYSQL,
PROTO_POSTGRES,
@ -986,7 +985,6 @@ int s_client_main(int argc, char **argv)
break;
case OPT_PROXY:
proxystr = opt_arg();
starttls_proto = PROTO_CONNECT;
break;
case OPT_PROXY_USER:
proxyuser = opt_arg();
@ -2157,6 +2155,13 @@ int s_client_main(int argc, char **argv)
sbuf_len = 0;
sbuf_off = 0;
if (proxystr != NULL) {
/* Here we must use the connect string target host & port */
if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
0 /* no timeout */, bio_err, prog))
goto shut;
}
switch ((PROTOCOL_CHOICE) starttls_proto) {
case PROTO_OFF:
break;
@ -2344,12 +2349,6 @@ int s_client_main(int argc, char **argv)
goto shut;
}
break;
case PROTO_CONNECT:
/* Here we must use the connect string target host & port */
if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
0 /* no timeout */, bio_err, prog))
goto shut;
break;
case PROTO_IRC:
{
int numeric;

56
apps/s_server.c
View File

@ -432,7 +432,7 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg)
return SSL_TLSEXT_ERR_NOACK;
if (servername != NULL) {
if (strcasecmp(servername, p->servername))
if (OPENSSL_strcasecmp(servername, p->servername))
return p->extension_error;
if (ctx2 != NULL) {
BIO_printf(p->biodebug, "Switching server context.\n");
@ -1160,6 +1160,8 @@ int s_server_main(int argc, char *argv[])
case OPT_UNIX:
socket_family = AF_UNIX;
OPENSSL_free(host); host = OPENSSL_strdup(opt_arg());
if (host == NULL)
goto end;
OPENSSL_free(port); port = NULL;
break;
case OPT_UNLINK:
@ -2296,6 +2298,30 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
static long int count_reads_callback(BIO *bio, int cmd, const char *argp, size_t len,
int argi, long argl, int ret, size_t *processed)
{
unsigned int *p_counter = (unsigned int *)BIO_get_callback_arg(bio);
switch (cmd) {
case BIO_CB_READ: /* No break here */
case BIO_CB_GETS:
if (p_counter != NULL)
++*p_counter;
break;
default:
break;
}
if (s_debug) {
BIO_set_callback_arg(bio, (char *)bio_s_out);
ret = (int)bio_dump_callback(bio, cmd, argp, len, argi, argl, ret, processed);
BIO_set_callback_arg(bio, (char *)p_counter);
}
return ret;
}
static int sv_body(int s, int stype, int prot, unsigned char *context)
{
char *buf = NULL;
@ -2425,10 +2451,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */
if (s_debug) {
BIO_set_callback_ex(SSL_get_rbio(con), bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
}
BIO_set_callback_ex(SSL_get_rbio(con), count_reads_callback);
if (s_msg) {
#ifndef OPENSSL_NO_SSL_TRACE
if (s_msg == 2)
@ -2706,8 +2729,25 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
*/
if ((!async || !SSL_waiting_for_async(con))
&& !SSL_is_init_finished(con)) {
i = init_ssl_connection(con);
/*
* Count number of reads during init_ssl_connection.
* It helps us to distinguish configuration errors from errors
* caused by a client.
*/
unsigned int read_counter = 0;
BIO_set_callback_arg(SSL_get_rbio(con), (char *)&read_counter);
i = init_ssl_connection(con);
BIO_set_callback_arg(SSL_get_rbio(con), NULL);
/*
* If initialization fails without reads, then
* there was a fatal error in configuration.
*/
if (i <= 0 && read_counter == 0) {
ret = -1;
goto err;
}
if (i < 0) {
ret = 0;
goto err;
@ -3029,7 +3069,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
}
/* lets make the output buffer a reasonable size */
if (!BIO_set_write_buffer_size(io, bufsize))
if (BIO_set_write_buffer_size(io, bufsize) <= 0)
goto err;
if ((con = SSL_new(ctx)) == NULL)
@ -3465,7 +3505,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
goto err;
/* lets make the output buffer a reasonable size */
if (!BIO_set_write_buffer_size(io, bufsize))
if (BIO_set_write_buffer_size(io, bufsize) <= 0)
goto err;
if ((con = SSL_new(ctx)) == NULL)

60
apps/speed.c
View File

@ -67,6 +67,7 @@
# define HAVE_FORK 0
# else
# define HAVE_FORK 1
# include <sys/wait.h>
# endif
#endif
@ -691,7 +692,7 @@ static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername,
goto end;
}
if (!EVP_CIPHER_CTX_set_key_length(ctx, keylen)) {
if (EVP_CIPHER_CTX_set_key_length(ctx, keylen) <= 0) {
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
goto end;
@ -875,11 +876,14 @@ static int FFDH_derive_key_loop(void *args)
loopargs_t *tempargs = *(loopargs_t **) args;
EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum];
unsigned char *derived_secret = tempargs->secret_ff_a;
size_t outlen = MAX_FFDH_SIZE;
int count;
for (count = 0; COND(ffdh_c[testnum][0]); count++)
for (count = 0; COND(ffdh_c[testnum][0]); count++) {
/* outlen can be overwritten with a too small value (no padding used) */
size_t outlen = MAX_FFDH_SIZE;
EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen);
}
return count;
}
#endif /* OPENSSL_NO_DH */
@ -2004,7 +2008,7 @@ int speed_main(int argc, char **argv)
goto end;
if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
goto end;
goto skip_hmac; /* Digest not found */
}
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
@ -2021,7 +2025,7 @@ int speed_main(int argc, char **argv)
EVP_MAC_free(mac);
mac = NULL;
}
skip_hmac:
if (doit[D_CBC_DES]) {
int st = 1;
@ -2620,11 +2624,11 @@ int speed_main(int argc, char **argv)
* code, for maximum performance.
*/
if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */
|| !EVP_PKEY_derive_init(test_ctx) /* init derivation test_ctx */
|| !EVP_PKEY_derive_set_peer(test_ctx, key_A) /* set peer pubkey in test_ctx */
|| !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) /* determine max length */
|| !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) /* compute a*B */
|| !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) /* compute b*A */
|| EVP_PKEY_derive_init(test_ctx) <= 0 /* init derivation test_ctx */
|| EVP_PKEY_derive_set_peer(test_ctx, key_A) <= 0 /* set peer pubkey in test_ctx */
|| EVP_PKEY_derive(test_ctx, NULL, &test_outlen) <= 0 /* determine max length */
|| EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) <= 0 /* compute a*B */
|| EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) <= 0 /* compute b*A */
|| test_outlen != outlen /* compare output length */) {
ecdh_checks = 0;
BIO_printf(bio_err, "ECDH computation failure.\n");
@ -3055,10 +3059,10 @@ int speed_main(int argc, char **argv)
ffdh_checks = 0;
break;
}
if (!EVP_PKEY_derive_init(test_ctx) ||
!EVP_PKEY_derive_set_peer(test_ctx, pkey_A) ||
!EVP_PKEY_derive(test_ctx, NULL, &test_out) ||
!EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) ||
if (EVP_PKEY_derive_init(test_ctx) <= 0 ||
EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 ||
EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 ||
EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 ||
test_out != secret_size) {
BIO_printf(bio_err, "FFDH computation failure.\n");
op_count = 1;
@ -3416,6 +3420,7 @@ static int do_multi(int multi, int size_num)
int n;
int fd[2];
int *fds;
int status;
static char sep[] = ":";
fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
@ -3451,7 +3456,12 @@ static int do_multi(int multi, int size_num)
char buf[1024];
char *p;
f = fdopen(fds[n], "r");
if ((f = fdopen(fds[n], "r")) == NULL) {
BIO_printf(bio_err, "fdopen failure with 0x%x\n",
errno);
OPENSSL_free(fds);
return 1;
}
while (fgets(buf, sizeof(buf), f)) {
p = strchr(buf, '\n');
if (p)
@ -3574,6 +3584,20 @@ static int do_multi(int multi, int size_num)
fclose(f);
}
OPENSSL_free(fds);
for (n = 0; n < multi; ++n) {
while (wait(&status) == -1)
if (errno != EINTR) {
BIO_printf(bio_err, "Waitng for child failed with 0x%x\n",
errno);
return 1;
}
if (WIFEXITED(status) && WEXITSTATUS(status)) {
BIO_printf(bio_err, "Child exited with %d\n", WEXITSTATUS(status));
} else if (WIFSIGNALED(status)) {
BIO_printf(bio_err, "Child terminated by signal %d\n",
WTERMSIG(status));
}
}
return 1;
}
#endif
@ -3607,14 +3631,14 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
goto err;
}
key = app_malloc(keylen, "evp_cipher key");
if (!EVP_CIPHER_CTX_rand_key(ctx, key))
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
app_bail_out("failed to generate random cipher key\n");
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL))
app_bail_out("failed to set cipher key\n");
OPENSSL_clear_free(key, keylen);
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
sizeof(no_key), no_key))
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
sizeof(no_key), no_key) <= 0)
app_bail_out("failed to set AEAD key\n");
if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
app_bail_out("failed to get cipher name\n");

6
apps/storeutl.c
View File

@ -163,8 +163,7 @@ int storeutl_main(int argc, char *argv[])
break;
case OPT_CRITERION_ISSUER:
if (criterion != 0
|| (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
&& issuer != NULL)) {
&& criterion != OSSL_STORE_SEARCH_BY_ISSUER_SERIAL) {
BIO_printf(bio_err, "%s: criterion already given.\n",
prog);
goto end;
@ -181,8 +180,7 @@ int storeutl_main(int argc, char *argv[])
break;
case OPT_CRITERION_SERIAL:
if (criterion != 0
|| (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
&& serial != NULL)) {
&& criterion != OSSL_STORE_SEARCH_BY_ISSUER_SERIAL) {
BIO_printf(bio_err, "%s: criterion already given.\n",
prog);
goto end;

14
apps/ts.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -976,6 +976,10 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
const char *propq = app_get0_propq();
cert_ctx = X509_STORE_new();
if (cert_ctx == NULL) {
BIO_printf(bio_err, "memory allocation failure\n");
return NULL;
}
X509_STORE_set_verify_cb(cert_ctx, verify_cb);
if (CApath != NULL) {
lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
@ -983,7 +987,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
if (X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM) <= 0) {
BIO_printf(bio_err, "Error loading directory %s\n", CApath);
goto err;
}
@ -995,8 +999,8 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
if (!X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM, libctx,
propq)) {
if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM, libctx,
propq) <= 0) {
BIO_printf(bio_err, "Error loading file %s\n", CAfile);
goto err;
}
@ -1008,7 +1012,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
BIO_printf(bio_err, "memory allocation failure\n");
goto err;
}
if (!X509_LOOKUP_load_store_ex(lookup, CAstore, libctx, propq)) {
if (X509_LOOKUP_load_store_ex(lookup, CAstore, libctx, propq) <= 0) {
BIO_printf(bio_err, "Error loading store URI %s\n", CAstore);
goto err;
}

32
apps/x509.c
View File

@ -534,7 +534,7 @@ int x509_main(int argc, char **argv)
aliasout = ++num;
break;
case OPT_CACREATESERIAL:
CA_createserial = ++num;
CA_createserial = 1;
break;
case OPT_CLREXT:
clrext = 1;
@ -660,9 +660,19 @@ int x509_main(int argc, char **argv)
BIO_printf(bio_err, "Cannot use both -key/-signkey and -CA option\n");
goto end;
}
} else if (CAkeyfile != NULL) {
BIO_printf(bio_err,
"Warning: ignoring -CAkey option since no -CA option is given\n");
} else {
#define WARN_NO_CA(opt) BIO_printf(bio_err, \
"Warning: ignoring " opt " option since -CA option is not given\n");
if (CAkeyfile != NULL)
WARN_NO_CA("-CAkey");
if (CAkeyformat != FORMAT_UNDEF)
WARN_NO_CA("-CAkeyform");
if (CAformat != FORMAT_UNDEF)
WARN_NO_CA("-CAform");
if (CAserial != NULL)
WARN_NO_CA("-CAserial");
if (CA_createserial)
WARN_NO_CA("-CAcreateserial");
}
if (extfile == NULL) {
@ -725,7 +735,7 @@ int x509_main(int argc, char **argv)
}
if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
goto end;
if (sno == NULL) {
if (CAfile == NULL && sno == NULL) {
sno = ASN1_INTEGER_new();
if (sno == NULL || !rand_serial(NULL, sno))
goto end;
@ -954,7 +964,7 @@ int x509_main(int argc, char **argv)
purpose_print(out, x, X509_PURPOSE_get0(j));
} else if (i == modulus) {
BIO_printf(out, "Modulus=");
if (EVP_PKEY_is_a(pkey, "RSA")) {
if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) {
BIGNUM *n = NULL;
/* Every RSA key has an 'n' */
@ -1081,6 +1091,7 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile,
char *buf = NULL;
ASN1_INTEGER *bs = NULL;
BIGNUM *serial = NULL;
int defaultfile = 0, file_exists;
if (serialfile == NULL) {
const char *p = strrchr(CAfile, '.');
@ -1090,9 +1101,10 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile,
memcpy(buf, CAfile, len);
memcpy(buf + len, POSTFIX, sizeof(POSTFIX));
serialfile = buf;
defaultfile = 1;
}
serial = load_serial(serialfile, create, NULL);
serial = load_serial(serialfile, &file_exists, create || defaultfile, NULL);
if (serial == NULL)
goto end;
@ -1101,8 +1113,10 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile,
goto end;
}
if (!save_serial(serialfile, NULL, serial, &bs))
goto end;
if (file_exists || create)
save_serial(serialfile, NULL, serial, &bs);
else
bs = BN_to_ASN1_INTEGER(serial, NULL);
end:
OPENSSL_free(buf);

6
build.info
View File

@ -22,7 +22,6 @@ DEPEND[]=include/openssl/asn1.h \
include/openssl/cmp.h \
include/openssl/cms.h \
include/openssl/conf.h \
include/openssl/configuration.h \
include/openssl/crmf.h \
include/openssl/crypto.h \
include/openssl/ct.h \
@ -49,7 +48,10 @@ GENERATE[include/openssl/bio.h]=include/openssl/bio.h.in
GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in
GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
GENERATE[include/openssl/conf.h]=include/openssl/conf.h.in
GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
# include/openssl/configuration.h is generated by configdata.pm
# We still need this information for the FIPS module checksum, but the attribute
# 'skip' ensures that nothing is actually done with it.
GENERATE[include/openssl/configuration.h]{skip}=include/openssl/configuration.h.in
GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in
GENERATE[include/openssl/crypto.h]=include/openssl/crypto.h.in
GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in

62
configdata.pm.in
View File

@ -77,6 +77,7 @@ unless (caller) {
use Getopt::Long;
use File::Spec::Functions;
use File::Basename;
use File::Compare qw(compare_text);
use File::Copy;
use Pod::Usage;
@ -90,7 +91,7 @@ unless (caller) {
# We do that in two steps, where the first step emits perl
# snipets.
my $buildfile = $target{build_file};
my $buildfile = $config{build_file};
my $buildfile_template = "$buildfile.in";
my @autowarntext = (
'WARNING: do not edit!',
@ -111,7 +112,6 @@ unless (caller) {
use lib '{- sourcedir('Configurations') -}';
use gentemplate;
print 'Creating ',$buildfile_template,"\n";
open my $buildfile_template_fh, ">$buildfile_template"
or die "Trying to create $buildfile_template: $!";
foreach (@{$config{build_file_templates}}) {
@ -120,6 +120,7 @@ unless (caller) {
}
gentemplate(output => $buildfile_template_fh, %gendata);
close $buildfile_template_fh;
print 'Created ',$buildfile_template,"\n";
use OpenSSL::Template;
@ -131,11 +132,11 @@ use lib '{- $config{builddir} -}';
use platform;
_____
print 'Creating ',$buildfile,"\n";
my $tmpl;
open BUILDFILE, ">$buildfile.new"
or die "Trying to create $buildfile.new: $!";
my $tmpl = OpenSSL::Template->new(TYPE => 'FILE',
SOURCE => $buildfile_template);
$tmpl = OpenSSL::Template->new(TYPE => 'FILE',
SOURCE => $buildfile_template);
$tmpl->fill_in(FILENAME => $_,
OUTPUT => \*BUILDFILE,
HASH => \%gendata,
@ -148,6 +149,57 @@ _____
close BUILDFILE;
rename("$buildfile.new", $buildfile)
or die "Trying to rename $buildfile.new to $buildfile: $!";
print 'Created ',$buildfile,"\n";
my $configuration_h =
catfile('include', 'openssl', 'configuration.h');
my $configuration_h_in =
catfile($config{sourcedir}, 'include', 'openssl', 'configuration.h.in');
open CONFIGURATION_H, ">${configuration_h}.new"
or die "Trying to create ${configuration_h}.new: $!";
$tmpl = OpenSSL::Template->new(TYPE => 'FILE',
SOURCE => $configuration_h_in);
$tmpl->fill_in(FILENAME => $_,
OUTPUT => \*CONFIGURATION_H,
HASH => \%gendata,
PREPEND => $prepend,
# To ensure that global variables and functions
# defined in one template stick around for the
# next, making them combinable
PACKAGE => 'OpenSSL::safe')
or die $Text::Template::ERROR;
close CONFIGURATION_H;
# When using stat() on Windows, we can get it to perform better by
# avoid some data. This doesn't affect the mtime field, so we're not
# losing anything...
${^WIN32_SLOPPY_STAT} = 1;
my $update_configuration_h = 0;
if (-f $configuration_h) {
my $configuration_h_mtime = (stat($configuration_h))[9];
my $configuration_h_in_mtime = (stat($configuration_h_in))[9];
# If configuration.h.in was updated after the last configuration.h,
# or if configuration.h.new differs configuration.h, we update
# configuration.h
if ($configuration_h_mtime < $configuration_h_in_mtime
|| compare_text("${configuration_h}.new", $configuration_h) != 0) {
$update_configuration_h = 1;
} else {
# If nothing has changed, let's just drop the new one and
# pretend like nothing happened
unlink "${configuration_h}.new"
}
} else {
$update_configuration_h = 1;
}
if ($update_configuration_h) {
rename("${configuration_h}.new", $configuration_h)
or die "Trying to rename ${configuration_h}.new to $configuration_h: $!";
print 'Created ',$configuration_h,"\n";
}
exit(0);
}

5
crypto/LPdir_unix.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -141,7 +141,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
p--;
if (p > (*ctx)->entry_name && p[-1] == ';')
p[-1] = '\0';
if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0)
if (OPENSSL_strcasecmp((*ctx)->entry_name,
(*ctx)->previous_entry_name) == 0)
goto again;
}
#endif

6
crypto/aes/asm/aesni-x86.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -2025,7 +2025,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
&jb (&label("grandloop"));
&jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);
@ -2451,7 +2451,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
&pxor ($rndkey1,$inout5);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
&jb (&label("grandloop"));
&jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);

64
crypto/aes/asm/aesv8-armx.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -1797,6 +1797,21 @@ $code.=<<___;
#ifndef __ARMEB__
rev $ctr, $ctr
#endif
___
$code.=<<___ if ($flavour =~ /64/);
vorr $dat1,$dat0,$dat0
add $tctr1, $ctr, #1
vorr $dat2,$dat0,$dat0
add $ctr, $ctr, #2
vorr $ivec,$dat0,$dat0
rev $tctr1, $tctr1
vmov.32 ${dat1}[3],$tctr1
b.ls .Lctr32_tail
rev $tctr2, $ctr
sub $len,$len,#3 // bias
vmov.32 ${dat2}[3],$tctr2
___
$code.=<<___ if ($flavour !~ /64/);
add $tctr1, $ctr, #1
vorr $ivec,$dat0,$dat0
rev $tctr1, $tctr1
@ -1810,7 +1825,7 @@ $code.=<<___;
vorr $dat2,$ivec,$ivec
___
$code.=<<___ if ($flavour =~ /64/);
cmp $len,#2
cmp $len,#32
b.lo .Loop3x_ctr32
add w13,$ctr,#1
@ -2003,11 +2018,25 @@ $code.=<<___;
aese $dat1,q8
aesmc $tmp1,$dat1
vld1.8 {$in0},[$inp],#16
___
$code.=<<___ if ($flavour =~ /64/);
vorr $dat0,$ivec,$ivec
___
$code.=<<___ if ($flavour !~ /64/);
add $tctr0,$ctr,#1
___
$code.=<<___;
aese $dat2,q8
aesmc $dat2,$dat2
vld1.8 {$in1},[$inp],#16
___
$code.=<<___ if ($flavour =~ /64/);
vorr $dat1,$ivec,$ivec
___
$code.=<<___ if ($flavour !~ /64/);
rev $tctr0,$tctr0
___
$code.=<<___;
aese $tmp0,q9
aesmc $tmp0,$tmp0
aese $tmp1,q9
@ -2016,6 +2045,12 @@ $code.=<<___;
mov $key_,$key
aese $dat2,q9
aesmc $tmp2,$dat2
___
$code.=<<___ if ($flavour =~ /64/);
vorr $dat2,$ivec,$ivec
add $tctr0,$ctr,#1
___
$code.=<<___;
aese $tmp0,q12
aesmc $tmp0,$tmp0
aese $tmp1,q12
@ -2031,22 +2066,47 @@ $code.=<<___;
aese $tmp1,q13
aesmc $tmp1,$tmp1
veor $in2,$in2,$rndlast
___
$code.=<<___ if ($flavour =~ /64/);
rev $tctr0,$tctr0
aese $tmp2,q13
aesmc $tmp2,$tmp2
vmov.32 ${dat0}[3], $tctr0
___
$code.=<<___ if ($flavour !~ /64/);
vmov.32 ${ivec}[3], $tctr0
aese $tmp2,q13
aesmc $tmp2,$tmp2
vorr $dat0,$ivec,$ivec
___
$code.=<<___;
rev $tctr1,$tctr1
aese $tmp0,q14
aesmc $tmp0,$tmp0
___
$code.=<<___ if ($flavour !~ /64/);
vmov.32 ${ivec}[3], $tctr1
rev $tctr2,$ctr
___
$code.=<<___;
aese $tmp1,q14
aesmc $tmp1,$tmp1
___
$code.=<<___ if ($flavour =~ /64/);
vmov.32 ${dat1}[3], $tctr1
rev $tctr2,$ctr
aese $tmp2,q14
aesmc $tmp2,$tmp2
vmov.32 ${dat2}[3], $tctr2
___
$code.=<<___ if ($flavour !~ /64/);
vorr $dat1,$ivec,$ivec
vmov.32 ${ivec}[3], $tctr2
aese $tmp2,q14
aesmc $tmp2,$tmp2
vorr $dat2,$ivec,$ivec
___
$code.=<<___;
subs $len,$len,#3
aese $tmp0,q15
aese $tmp1,q15

16
crypto/aes/build.info
View File

@ -2,9 +2,9 @@ LIBS=../../libcrypto
$AESASM=aes_core.c aes_cbc.c
IF[{- !$disabled{asm} -}]
$AESASM_x86=aes-586.s
$AESASM_x86=aes-586.S
$AESDEF_x86=AES_ASM
$AESASM_x86_sse2=vpaes-x86.s aesni-x86.s
$AESASM_x86_sse2=vpaes-x86.S aesni-x86.S
$AESDEF_x86_sse2=VPAES_ASM OPENSSL_IA32_SSE2
$AESASM_x86_64=\
@ -81,12 +81,12 @@ ENDIF
GENERATE[aes-ia64.s]=asm/aes-ia64.S
GENERATE[aes-586.s]=asm/aes-586.pl
DEPEND[aes-586.s]=../perlasm/x86asm.pl
GENERATE[vpaes-x86.s]=asm/vpaes-x86.pl
DEPEND[vpaes-586.s]=../perlasm/x86asm.pl
GENERATE[aesni-x86.s]=asm/aesni-x86.pl
DEPEND[aesni-586.s]=../perlasm/x86asm.pl
GENERATE[aes-586.S]=asm/aes-586.pl
DEPEND[aes-586.S]=../perlasm/x86asm.pl
GENERATE[vpaes-x86.S]=asm/vpaes-x86.pl
DEPEND[vpaes-586.S]=../perlasm/x86asm.pl
GENERATE[aesni-x86.S]=asm/aesni-x86.pl
DEPEND[aesni-586.S]=../perlasm/x86asm.pl
GENERATE[aes-x86_64.s]=asm/aes-x86_64.pl
GENERATE[vpaes-x86_64.s]=asm/vpaes-x86_64.pl

10
crypto/arm_arch.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -100,17 +100,17 @@ extern unsigned int OPENSSL_armv8_rsa_neonized;
# define ARM_CPU_PART_N1 0xD0C
# define MIDR_PARTNUM_SHIFT 4
# define MIDR_PARTNUM_MASK (0xfff << MIDR_PARTNUM_SHIFT)
# define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT)
# define MIDR_PARTNUM(midr) \
(((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT)
# define MIDR_IMPLEMENTER_SHIFT 24
# define MIDR_IMPLEMENTER_MASK (0xff << MIDR_IMPLEMENTER_SHIFT)
# define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT)
# define MIDR_IMPLEMENTER(midr) \
(((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT)
# define MIDR_ARCHITECTURE_SHIFT 16
# define MIDR_ARCHITECTURE_MASK (0xf << MIDR_ARCHITECTURE_SHIFT)
# define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT)
# define MIDR_ARCHITECTURE(midr) \
(((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT)
@ -121,7 +121,7 @@ extern unsigned int OPENSSL_armv8_rsa_neonized;
# define MIDR_CPU_MODEL(imp, partnum) \
(((imp) << MIDR_IMPLEMENTER_SHIFT) | \
(0xf << MIDR_ARCHITECTURE_SHIFT) | \
(0xfU << MIDR_ARCHITECTURE_SHIFT) | \
((partnum) << MIDR_PARTNUM_SHIFT))
# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \

12
crypto/armcap.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -257,11 +257,11 @@ void OPENSSL_cpuid_setup(void)
}
# endif
/* Things that getauxval didn't tell us */
if (sigsetjmp(ill_jmp, 1) == 0) {
_armv7_tick();
OPENSSL_armcap_P |= ARMV7_TICK;
}
/*
* Probing for ARMV7_TICK is known to produce unreliable results,
* so we will only use the feature when the user explicitly enables
* it with OPENSSL_armcap.
*/
sigaction(SIGILL, &ill_oact, NULL);
sigprocmask(SIG_SETMASK, &oset, NULL);

5
crypto/asn1/ameth_lib.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -10,7 +10,6 @@
/* We need to use some engine deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
#include "e_os.h" /* for strncasecmp */
#include "internal/cryptlib.h"
#include <stdio.h>
#include <openssl/asn1t.h>
@ -134,7 +133,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
continue;
if ((int)strlen(ameth->pem_str) == len
&& strncasecmp(ameth->pem_str, str, len) == 0)
&& OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0)
return ameth;
}
return NULL;

6
crypto/asn1/asn1_gen.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -10,7 +10,6 @@
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/x509v3.h>
#include "e_os.h" /* strncasecmp() */
#define ASN1_GEN_FLAG 0x10000
#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
@ -565,7 +564,8 @@ static int asn1_str2tag(const char *tagstr, int len)
tntmp = tnst;
for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) {
if ((len == tntmp->len) && (strncasecmp(tntmp->strnam, tagstr, len) == 0))
if ((len == tntmp->len)
&& (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0))
return tntmp->tag;
}

27
crypto/asn1/asn_mime.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -69,6 +69,8 @@ static void mime_hdr_free(MIME_HEADER *hdr);
int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
const ASN1_ITEM *it)
{
int rv = 1;
/* If streaming create stream BIO and copy all content through it */
if (flags & SMIME_STREAM) {
BIO *bio, *tbio;
@ -77,7 +79,10 @@ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
return 0;
}
SMIME_crlf_copy(in, bio, flags);
if (!SMIME_crlf_copy(in, bio, flags)) {
rv = 0;
}
(void)BIO_flush(bio);
/* Free up successive BIOs until we hit the old output BIO */
do {
@ -92,7 +97,7 @@ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
*/
else
ASN1_item_i2d_bio(it, out, val);
return 1;
return rv;
}
/* Base 64 read and write of ASN1 structure */
@ -346,8 +351,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
* set up to finalise when it is written through.
*/
if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
SMIME_crlf_copy(data, out, flags);
return 1;
return SMIME_crlf_copy(data, out, flags);
}
if (!aux || !aux->asn1_cb) {
@ -365,7 +369,8 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
return 0;
/* Copy data across, passing through filter BIOs for processing */
SMIME_crlf_copy(data, sarg.ndef_bio, flags);
if (!SMIME_crlf_copy(data, sarg.ndef_bio, flags))
rv = 0;
/* Finalize structure */
if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
@ -510,13 +515,16 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
char eol;
int len;
char linebuf[MAX_SMLEN];
int ret;
/*
* Buffer output so we don't write one line at a time. This is useful
* when streaming as we don't end up with one OCTET STRING per line.
*/
bf = BIO_new(BIO_f_buffer());
if (bf == NULL)
if (bf == NULL) {
ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
return 0;
}
out = BIO_push(bf, out);
if (flags & SMIME_BINARY) {
while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
@ -545,9 +553,12 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
}
}
}
(void)BIO_flush(out);
ret = BIO_flush(out);
BIO_pop(out);
BIO_free(bf);
if (ret <= 0)
return 0;
return 1;
}

4
crypto/asn1/bio_asn1.c
View File

@ -172,7 +172,7 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
case ASN1_STATE_START:
if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
return 0;
return -1;
break;
/* Copy any pre data first */
@ -189,7 +189,7 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
case ASN1_STATE_HEADER:
ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
if (!ossl_assert(ctx->buflen <= ctx->bufsize))
return 0;
return -1;
p = ctx->buf;
ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class);
ctx->copylen = inl;

42
crypto/asn1/bio_ndef.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -49,13 +49,19 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
void *parg);
/* unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() */
/*
* On success, the returned BIO owns the input BIO as part of its BIO chain.
* On failure, NULL is returned and the input BIO is owned by the caller.
*
* Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
*/
BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
{
NDEF_SUPPORT *ndef_aux = NULL;
BIO *asn_bio = NULL;
const ASN1_AUX *aux = it->funcs;
ASN1_STREAM_ARG sarg;
BIO *pop_bio = NULL;
if (!aux || !aux->asn1_cb) {
ERR_raise(ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED);
@ -70,21 +76,39 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
out = BIO_push(asn_bio, out);
if (out == NULL)
goto err;
pop_bio = asn_bio;
BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0
|| BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0
|| BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
goto err;
/*
* Now let callback prepends any digest, cipher etc BIOs ASN1 structure
* needs.
* Now let the callback prepend any digest, cipher, etc., that the BIO's
* ASN1 structure needs.
*/
sarg.out = out;
sarg.ndef_bio = NULL;
sarg.boundary = NULL;
if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
/*
* The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
* middle of some partially built, but not returned BIO chain.
*/
if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) {
/*
* ndef_aux is now owned by asn_bio so we must not free it in the err
* clean up block
*/
ndef_aux = NULL;
goto err;
}
/*
* We must not fail now because the callback has prepended additional
* BIOs to the chain
*/
ndef_aux->val = val;
ndef_aux->it = it;
@ -92,11 +116,11 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
ndef_aux->boundary = sarg.boundary;
ndef_aux->out = out;
BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
return sarg.ndef_bio;
err:
/* BIO_pop() is NULL safe */
(void)BIO_pop(pop_bio);
BIO_free(asn_bio);
OPENSSL_free(ndef_aux);
return NULL;

8
crypto/bf/build.info
View File

@ -2,7 +2,7 @@ LIBS=../../libcrypto
$BFASM=bf_enc.c
IF[{- !$disabled{asm} -}]
$BFASM_x86=bf-586.s
$BFASM_x86=bf-586.S
# Now that we have defined all the arch specific variables, use the
# appropriate one
@ -17,9 +17,9 @@ SOURCE[../../libcrypto]=$ALL
# When all deprecated symbols are removed, libcrypto doesn't export the
# blowfish functions, so we must include them directly in liblegacy.a
IF[{- $disabled{'deprecated-3.0'} -}]
IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}]
SOURCE[../../providers/liblegacy.a]=$ALL
ENDIF
GENERATE[bf-586.s]=asm/bf-586.pl
DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
GENERATE[bf-586.S]=asm/bf-586.pl
DEPEND[bf-586.S]=../perlasm/x86asm.pl ../perlasm/cbc.pl

4
crypto/bio/bf_buff.c
View File

@ -383,8 +383,8 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_CTRL_DUP:
dbio = (BIO *)ptr;
if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) ||
!BIO_set_write_buffer_size(dbio, ctx->obuf_size))
if (BIO_set_read_buffer_size(dbio, ctx->ibuf_size) <= 0 ||
BIO_set_write_buffer_size(dbio, ctx->obuf_size) <= 0)
ret = 0;
break;
case BIO_CTRL_PEEK:

2
crypto/bio/bf_lbuf.c
View File

@ -284,7 +284,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_CTRL_DUP:
dbio = (BIO *)ptr;
if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size))
if (BIO_set_write_buffer_size(dbio, ctx->obuf_size) <= 0)
ret = 0;
break;
default:

23
crypto/bio/bio_lib.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -12,6 +12,7 @@
#include <stdio.h>
#include <errno.h>
#include <openssl/crypto.h>
#include "internal/numbers.h"
#include "bio_local.h"
/*
@ -620,12 +621,28 @@ long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
*/
size_t BIO_ctrl_pending(BIO *bio)
{
return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
long ret = BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
if (ret < 0)
ret = 0;
#if LONG_MAX > SIZE_MAX
if (ret > SIZE_MAX)
ret = SIZE_MAX;
#endif
return (size_t)ret;
}
size_t BIO_ctrl_wpending(BIO *bio)
{
return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
long ret = BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
if (ret < 0)
ret = 0;
#if LONG_MAX > SIZE_MAX
if (ret > SIZE_MAX)
ret = SIZE_MAX;
#endif
return (size_t)ret;
}
/* put the 'bio' on the end of b's list of operators */

6
crypto/bio/bio_sock.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -35,6 +35,8 @@ static int wsa_init_done = 0;
# include <unistd.h>
# if defined __VMS
# include <sys/socket.h>
# elif defined _HPUX_SOURCE
# include <sys/time.h>
# else
# include <sys/select.h>
# endif
@ -400,7 +402,7 @@ int BIO_socket_wait(int fd, int for_read, time_t max_time)
return 1;
now = time(NULL);
if (max_time <= now)
if (max_time < now)
return 0;
FD_ZERO(&confds);

22
crypto/bio/bio_sock2.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -52,17 +52,6 @@ int BIO_socket(int domain, int socktype, int protocol, int options)
ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_CREATE_SOCKET);
return INVALID_SOCKET;
}
# ifndef OPENSSL_NO_KTLS
{
/*
* The new socket is created successfully regardless of ktls_enable.
* ktls_enable doesn't change any functionality of the socket, except
* changing the setsockopt to enable the processing of ktls_start.
* Thus, it is not a problem to call it for non-TLS sockets.
*/
ktls_enable(sock);
}
# endif
return sock;
}
@ -128,6 +117,15 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options)
}
return 0;
}
# ifndef OPENSSL_NO_KTLS
/*
* The new socket is created successfully regardless of ktls_enable.
* ktls_enable doesn't change any functionality of the socket, except
* changing the setsockopt to enable the processing of ktls_start.
* Thus, it is not a problem to call it for non-TLS sockets.
*/
ktls_enable(sock);
# endif
return 1;
}

17
crypto/bio/bss_conn.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -188,6 +188,9 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
break;
case BIO_CONN_S_BLOCKED_CONNECT:
/* wait for socket being writable, before querying BIO_sock_error */
if (BIO_socket_wait(b->num, 0, time(NULL)) == 0)
break;
i = BIO_sock_error(b->num);
if (i != 0) {
BIO_clear_retry_flags(b);
@ -205,8 +208,18 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
ERR_raise(ERR_LIB_BIO, BIO_R_NBIO_CONNECT_ERROR);
ret = 0;
goto exit_loop;
} else
} else {
c->state = BIO_CONN_S_OK;
# ifndef OPENSSL_NO_KTLS
/*
* The new socket is created successfully regardless of ktls_enable.
* ktls_enable doesn't change any functionality of the socket, except
* changing the setsockopt to enable the processing of ktls_start.
* Thus, it is not a problem to call it for non-TLS sockets.
*/
ktls_enable(b->num);
# endif
}
break;
case BIO_CONN_S_CONNECT_ERROR:

88
crypto/bio/bss_dgram.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -195,12 +195,6 @@ static void dgram_adjust_rcv_timeout(BIO *b)
{
# if defined(SO_RCVTIMEO)
bio_dgram_data *data = (bio_dgram_data *)b->ptr;
union {
size_t s;
int i;
} sz = {
0
};
/* Is a timer active? */
if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
@ -210,21 +204,21 @@ static void dgram_adjust_rcv_timeout(BIO *b)
# ifdef OPENSSL_SYS_WINDOWS
int timeout;
sz.i = sizeof(timeout);
int sz = sizeof(timeout);
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void *)&timeout, &sz.i) < 0) {
(void *)&timeout, &sz) < 0) {
perror("getsockopt");
} else {
data->socket_timeout.tv_sec = timeout / 1000;
data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
}
# else
sz.i = sizeof(data->socket_timeout);
socklen_t sz = sizeof(data->socket_timeout);
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
&(data->socket_timeout), (void *)&sz) < 0) {
&(data->socket_timeout), &sz) < 0) {
perror("getsockopt");
} else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0)
OPENSSL_assert(sz.s <= sizeof(data->socket_timeout));
} else
OPENSSL_assert(sz <= sizeof(data->socket_timeout));
# endif
/* Get current time */
@ -607,19 +601,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
{
union {
size_t s;
int i;
} sz = {
0
};
# ifdef OPENSSL_SYS_WINDOWS
int sz = 0;
int timeout;
struct timeval *tv = (struct timeval *)ptr;
sz.i = sizeof(timeout);
sz = sizeof(timeout);
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
(void *)&timeout, &sz.i) < 0) {
(void *)&timeout, &sz) < 0) {
perror("getsockopt");
ret = -1;
} else {
@ -628,16 +617,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = sizeof(*tv);
}
# else
sz.i = sizeof(struct timeval);
socklen_t sz = sizeof(struct timeval);
if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
ptr, (void *)&sz) < 0) {
ptr, &sz) < 0) {
perror("getsockopt");
ret = -1;
} else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
OPENSSL_assert(sz.s <= sizeof(struct timeval));
ret = (int)sz.s;
} else
ret = sz.i;
} else {
OPENSSL_assert(sz <= sizeof(struct timeval));
ret = (int)sz;
}
# endif
}
break;
@ -664,19 +652,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
{
union {
size_t s;
int i;
} sz = {
0
};
# ifdef OPENSSL_SYS_WINDOWS
int sz = 0;
int timeout;
struct timeval *tv = (struct timeval *)ptr;
sz.i = sizeof(timeout);
sz = sizeof(timeout);
if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
(void *)&timeout, &sz.i) < 0) {
(void *)&timeout, &sz) < 0) {
perror("getsockopt");
ret = -1;
} else {
@ -685,16 +668,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = sizeof(*tv);
}
# else
sz.i = sizeof(struct timeval);
socklen_t sz = sizeof(struct timeval);
if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
ptr, (void *)&sz) < 0) {
ptr, &sz) < 0) {
perror("getsockopt");
ret = -1;
} else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
OPENSSL_assert(sz.s <= sizeof(struct timeval));
ret = (int)sz.s;
} else
ret = sz.i;
} else {
OPENSSL_assert(sz <= sizeof(struct timeval));
ret = (int)sz;
}
# endif
}
break;
@ -1918,22 +1900,22 @@ static void get_current_time(struct timeval *t)
{
# if defined(_WIN32)
SYSTEMTIME st;
union {
unsigned __int64 ul;
FILETIME ft;
} now;
unsigned __int64 now_ul;
FILETIME now_ft;
GetSystemTime(&st);
SystemTimeToFileTime(&st, &now.ft);
SystemTimeToFileTime(&st, &now_ft);
now_ul = ((unsigned __int64)now_ft.dwHighDateTime << 32) | now_ft.dwLowDateTime;
# ifdef __MINGW32__
now.ul -= 116444736000000000ULL;
now_ul -= 116444736000000000ULL;
# else
now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
now_ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
# endif
t->tv_sec = (long)(now.ul / 10000000);
t->tv_usec = ((int)(now.ul % 10000000)) / 10;
t->tv_sec = (long)(now_ul / 10000000);
t->tv_usec = ((int)(now_ul % 10000000)) / 10;
# else
gettimeofday(t, NULL);
if (gettimeofday(t, NULL) < 0)
perror("gettimeofday");
# endif
}

581
crypto/bn/asm/ppc64-mont-fixed.pl
View File

@ -1,581 +0,0 @@
#! /usr/bin/env perl
# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# ====================================================================
# Written by Amitay Isaacs <amitay@ozlabs.org>, Martin Schwenke
# <martin@meltin.net> & Alastair D'Silva <alastair@d-silva.org> for
# the OpenSSL project.
# ====================================================================
#
# Fixed length (n=6), unrolled PPC Montgomery Multiplication
#
# 2021
#
# Although this is a generic implementation for unrolling Montgomery
# Multiplication for arbitrary values of n, this is currently only
# used for n = 6 to improve the performance of ECC p384.
#
# Unrolling allows intermediate results to be stored in registers,
# rather than on the stack, improving performance by ~7% compared to
# the existing PPC assembly code.
#
# The ISA 3.0 implementation uses combination multiply/add
# instructions (maddld, maddhdu) to improve performance by an
# additional ~10% on Power 9.
#
# Finally, saving non-volatile registers into volatile vector
# registers instead of onto the stack saves a little more.
#
# On a Power 9 machine we see an overall improvement of ~18%.
#
use strict;
use warnings;
my ($flavour, $output, $dir, $xlate);
# $output is the last argument if it looks like a file (it has an extension)
# $flavour is the first argument if it doesn't look like a file
$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
die "can't locate ppc-xlate.pl";
open STDOUT,"| $^X $xlate $flavour \"$output\""
or die "can't call $xlate: $!";
if ($flavour !~ /64/) {
die "bad flavour ($flavour) - only ppc64 permitted";
}
my $SIZE_T= 8;
# Registers are global so the code is remotely readable
# Parameters for Montgomery multiplication
my $sp = "r1";
my $toc = "r2";
my $rp = "r3";
my $ap = "r4";
my $bp = "r5";
my $np = "r6";
my $n0 = "r7";
my $num = "r8";
my $i = "r9";
my $c0 = "r10";
my $bp0 = "r11";
my $bpi = "r11";
my $bpj = "r11";
my $tj = "r12";
my $apj = "r12";
my $npj = "r12";
my $lo = "r14";
my $c1 = "r14";
# Non-volatile registers used for tp[i]
#
# 12 registers are available but the limit on unrolling is 10,
# since registers from $tp[0] to $tp[$n+1] are used.
my @tp = ("r20" .. "r31");
# volatile VSRs for saving non-volatile GPRs - faster than stack
my @vsrs = ("v32" .. "v46");
package Mont;
sub new($$)
{
my ($class, $n) = @_;
if ($n > 10) {
die "Can't unroll for BN length ${n} (maximum 10)"
}
my $self = {
code => "",
n => $n,
};
bless $self, $class;
return $self;
}
sub add_code($$)
{
my ($self, $c) = @_;
$self->{code} .= $c;
}
sub get_code($)
{
my ($self) = @_;
return $self->{code};
}
sub get_function_name($)
{
my ($self) = @_;
return "bn_mul_mont_fixed_n" . $self->{n};
}
sub get_label($$)
{
my ($self, $l) = @_;
return "L" . $l . "_" . $self->{n};
}
sub get_labels($@)
{
my ($self, @labels) = @_;
my %out = ();
foreach my $l (@labels) {
$out{"$l"} = $self->get_label("$l");
}
return \%out;
}
sub nl($)
{
my ($self) = @_;
$self->add_code("\n");
}
sub copy_result($)
{
my ($self) = @_;
my ($n) = $self->{n};
for (my $j = 0; $j < $n; $j++) {
$self->add_code(<<___);
std $tp[$j],`$j*$SIZE_T`($rp)
___
}
}
sub mul_mont_fixed($)
{
my ($self) = @_;
my ($n) = $self->{n};
my $fname = $self->get_function_name();
my $label = $self->get_labels("outer", "enter", "sub", "copy", "end");
$self->add_code(<<___);
.globl .${fname}
.align 5
.${fname}:
___
$self->save_registers();
$self->add_code(<<___);
ld $n0,0($n0)
ld $bp0,0($bp)
ld $apj,0($ap)
___
$self->mul_c_0($tp[0], $apj, $bp0, $c0);
for (my $j = 1; $j < $n - 1; $j++) {
$self->add_code(<<___);
ld $apj,`$j*$SIZE_T`($ap)
___
$self->mul($tp[$j], $apj, $bp0, $c0);
}
$self->add_code(<<___);
ld $apj,`($n-1)*$SIZE_T`($ap)
___
$self->mul_last($tp[$n-1], $tp[$n], $apj, $bp0, $c0);
$self->add_code(<<___);
li $tp[$n+1],0
___
$self->add_code(<<___);
li $i,0
mtctr $num
b $label->{"enter"}
.align 4
$label->{"outer"}:
ldx $bpi,$bp,$i
ld $apj,0($ap)
___
$self->mul_add_c_0($tp[0], $tp[0], $apj, $bpi, $c0);
for (my $j = 1; $j < $n; $j++) {
$self->add_code(<<___);
ld $apj,`$j*$SIZE_T`($ap)
___
$self->mul_add($tp[$j], $tp[$j], $apj, $bpi, $c0);
}
$self->add_code(<<___);
addc $tp[$n],$tp[$n],$c0
addze $tp[$n+1],$tp[$n+1]
___
$self->add_code(<<___);
.align 4
$label->{"enter"}:
mulld $bpi,$tp[0],$n0
ld $npj,0($np)
___
$self->mul_add_c_0($lo, $tp[0], $bpi, $npj, $c0);
for (my $j = 1; $j < $n; $j++) {
$self->add_code(<<___);
ld $npj,`$j*$SIZE_T`($np)
___
$self->mul_add($tp[$j-1], $tp[$j], $npj, $bpi, $c0);
}
$self->add_code(<<___);
addc $tp[$n-1],$tp[$n],$c0
addze $tp[$n],$tp[$n+1]
addi $i,$i,$SIZE_T
bdnz $label->{"outer"}
and. $tp[$n],$tp[$n],$tp[$n]
bne $label->{"sub"}
cmpld $tp[$n-1],$npj
blt $label->{"copy"}
$label->{"sub"}:
___
#
# Reduction
#
$self->add_code(<<___);
ld $bpj,`0*$SIZE_T`($np)
subfc $c1,$bpj,$tp[0]
std $c1,`0*$SIZE_T`($rp)
___
for (my $j = 1; $j < $n - 1; $j++) {
$self->add_code(<<___);
ld $bpj,`$j*$SIZE_T`($np)
subfe $c1,$bpj,$tp[$j]
std $c1,`$j*$SIZE_T`($rp)
___
}
$self->add_code(<<___);
subfe $c1,$npj,$tp[$n-1]
std $c1,`($n-1)*$SIZE_T`($rp)
___
$self->add_code(<<___);
addme. $tp[$n],$tp[$n]
beq $label->{"end"}
$label->{"copy"}:
___
$self->copy_result();
$self->add_code(<<___);
$label->{"end"}:
___
$self->restore_registers();
$self->add_code(<<___);
li r3,1
blr
.size .${fname},.-.${fname}
___
}
package Mont::GPR;
our @ISA = ('Mont');
sub new($$)
{
my ($class, $n) = @_;
return $class->SUPER::new($n);
}
sub save_registers($)
{
my ($self) = @_;
my $n = $self->{n};
$self->add_code(<<___);
std $lo,-8($sp)
___
for (my $j = 0; $j <= $n+1; $j++) {
$self->{code}.=<<___;
std $tp[$j],-`($j+2)*8`($sp)
___
}
$self->add_code(<<___);
___
}
sub restore_registers($)
{
my ($self) = @_;
my $n = $self->{n};
$self->add_code(<<___);
ld $lo,-8($sp)
___
for (my $j = 0; $j <= $n+1; $j++) {
$self->{code}.=<<___;
ld $tp[$j],-`($j+2)*8`($sp)
___
}
$self->{code} .=<<___;
___
}
# Direct translation of C mul()
sub mul($$$$$)
{
my ($self, $r, $a, $w, $c) = @_;
$self->add_code(<<___);
mulld $lo,$a,$w
addc $r,$lo,$c
mulhdu $c,$a,$w
addze $c,$c
___
}
# Like mul() but $c is ignored as an input - an optimisation to save a
# preliminary instruction that would set input $c to 0
sub mul_c_0($$$$$)
{
my ($self, $r, $a, $w, $c) = @_;
$self->add_code(<<___);
mulld $r,$a,$w
mulhdu $c,$a,$w
___
}
# Like mul() but does not to the final addition of CA into $c - an
# optimisation to save an instruction
sub mul_last($$$$$$)
{
my ($self, $r1, $r2, $a, $w, $c) = @_;
$self->add_code(<<___);
mulld $lo,$a,$w
addc $r1,$lo,$c
mulhdu $c,$a,$w
addze $r2,$c
___
}
# Like C mul_add() but allow $r_out and $r_in to be different
sub mul_add($$$$$$)
{
my ($self, $r_out, $r_in, $a, $w, $c) = @_;
$self->add_code(<<___);
mulld $lo,$a,$w
addc $lo,$lo,$c
mulhdu $c,$a,$w
addze $c,$c
addc $r_out,$r_in,$lo
addze $c,$c
___
}
# Like mul_add() but $c is ignored as an input - an optimisation to save a
# preliminary instruction that would set input $c to 0
sub mul_add_c_0($$$$$$)
{
my ($self, $r_out, $r_in, $a, $w, $c) = @_;
$self->add_code(<<___);
mulld $lo,$a,$w
addc $r_out,$r_in,$lo
mulhdu $c,$a,$w
addze $c,$c
___
}
package Mont::GPR_300;
our @ISA = ('Mont::GPR');
sub new($$)
{
my ($class, $n) = @_;
my $mont = $class->SUPER::new($n);
return $mont;
}
sub get_function_name($)
{
my ($self) = @_;
return "bn_mul_mont_300_fixed_n" . $self->{n};
}
sub get_label($$)
{
my ($self, $l) = @_;
return "L" . $l . "_300_" . $self->{n};
}
# Direct translation of C mul()
sub mul($$$$$)
{
my ($self, $r, $a, $w, $c, $last) = @_;
$self->add_code(<<___);
maddld $r,$a,$w,$c
maddhdu $c,$a,$w,$c
___
}
# Save the last carry as the final entry
sub mul_last($$$$$)
{
my ($self, $r1, $r2, $a, $w, $c) = @_;
$self->add_code(<<___);
maddld $r1,$a,$w,$c
maddhdu $r2,$a,$w,$c
___
}
# Like mul() but $c is ignored as an input - an optimisation to save a
# preliminary instruction that would set input $c to 0
sub mul_c_0($$$$$)
{
my ($self, $r, $a, $w, $c) = @_;
$self->add_code(<<___);
mulld $r,$a,$w
mulhdu $c,$a,$w
___
}
# Like C mul_add() but allow $r_out and $r_in to be different
sub mul_add($$$$$$)
{
my ($self, $r_out, $r_in, $a, $w, $c) = @_;
$self->add_code(<<___);
maddld $lo,$a,$w,$c
maddhdu $c,$a,$w,$c
addc $r_out,$r_in,$lo
addze $c,$c
___
}
# Like mul_add() but $c is ignored as an input - an optimisation to save a
# preliminary instruction that would set input $c to 0
sub mul_add_c_0($$$$$$)
{
my ($self, $r_out, $r_in, $a, $w, $c) = @_;
$self->add_code(<<___);
maddld $lo,$a,$w,$r_in
maddhdu $c,$a,$w,$r_in
___
if ($r_out ne $lo) {
$self->add_code(<<___);
mr $r_out,$lo
___
}
$self->nl();
}
package main;
my $code;
$code.=<<___;
.machine "any"
.text
___
my $mont;
$mont = new Mont::GPR(6);
$mont->mul_mont_fixed();
$code .= $mont->get_code();
$mont = new Mont::GPR_300(6);
$mont->mul_mont_fixed();
$code .= $mont->get_code();
$code =~ s/\`([^\`]*)\`/eval $1/gem;
$code.=<<___;
.asciz "Montgomery Multiplication for PPC by <amitay\@ozlabs.org>, <alastair\@d-silva.org>"
___
print $code;
close STDOUT or die "error closing STDOUT: $!";

15
crypto/bn/asm/rsaz-avx512.pl
View File

@ -1,4 +1,4 @@
# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2020, Intel Corporation. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
@ -48,8 +48,17 @@ if (!$avx512 && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
$avx512ifma = ($1==2.11 && $2>=8) + ($1>=2.12);
}
if (!$avx512 && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
$avx512ifma = ($2>=7.0);
if (!$avx512 && `$ENV{CC} -v 2>&1`
=~ /(Apple)?\s*((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)\.([0-9]+)?/) {
my $ver = $3 + $4/100.0 + $5/10000.0; # 3.1.0->3.01, 3.10.1->3.1001
if ($1) {
# Apple conditions, they use a different version series, see
# https://en.wikipedia.org/wiki/Xcode#Xcode_7.0_-_10.x_(since_Free_On-Device_Development)_2
# clang 7.0.0 is Apple clang 10.0.1
$avx512ifma = ($ver>=10.0001)
} else {
$avx512ifma = ($3>=7.0);
}
}
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""

198
crypto/bn/asm/x86_64-mont5.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -2103,193 +2103,6 @@ __bn_post4x_internal:
.size __bn_post4x_internal,.-__bn_post4x_internal
___
}
{
$code.=<<___;
.globl bn_from_montgomery
.type bn_from_montgomery,\@abi-omnipotent
.align 32
bn_from_montgomery:
.cfi_startproc
testl \$7,`($win64?"48(%rsp)":"%r9d")`
jz bn_from_mont8x
xor %eax,%eax
ret
.cfi_endproc
.size bn_from_montgomery,.-bn_from_montgomery
.type bn_from_mont8x,\@function,6
.align 32
bn_from_mont8x:
.cfi_startproc
.byte 0x67
mov %rsp,%rax
.cfi_def_cfa_register %rax
push %rbx
.cfi_push %rbx
push %rbp
.cfi_push %rbp
push %r12
.cfi_push %r12
push %r13
.cfi_push %r13
push %r14
.cfi_push %r14
push %r15
.cfi_push %r15
.Lfrom_prologue:
shl \$3,${num}d # convert $num to bytes
lea ($num,$num,2),%r10 # 3*$num in bytes
neg $num
mov ($n0),$n0 # *n0
##############################################################
# Ensure that stack frame doesn't alias with $rptr+3*$num
# modulo 4096, which covers ret[num], am[num] and n[num]
# (see bn_exp.c). The stack is allocated to aligned with
# bn_power5's frame, and as bn_from_montgomery happens to be
# last operation, we use the opportunity to cleanse it.
#
lea -320(%rsp,$num,2),%r11
mov %rsp,%rbp
sub $rptr,%r11
and \$4095,%r11
cmp %r11,%r10
jb .Lfrom_sp_alt
sub %r11,%rbp # align with $aptr
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256)
jmp .Lfrom_sp_done
.align 32
.Lfrom_sp_alt:
lea 4096-320(,$num,2),%r10
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256)
sub %r10,%r11
mov \$0,%r10
cmovc %r10,%r11
sub %r11,%rbp
.Lfrom_sp_done:
and \$-64,%rbp
mov %rsp,%r11
sub %rbp,%r11
and \$-4096,%r11
lea (%rbp,%r11),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lfrom_page_walk
jmp .Lfrom_page_walk_done
.Lfrom_page_walk:
lea -4096(%rsp),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lfrom_page_walk
.Lfrom_page_walk_done:
mov $num,%r10
neg $num
##############################################################
# Stack layout
#
# +0 saved $num, used in reduction section
# +8 &t[2*$num], used in reduction section
# +32 saved *n0
# +40 saved %rsp
# +48 t[2*$num]
#
mov $n0, 32(%rsp)
mov %rax, 40(%rsp) # save original %rsp
.cfi_cfa_expression %rsp+40,deref,+8
.Lfrom_body:
mov $num,%r11
lea 48(%rsp),%rax
pxor %xmm0,%xmm0
jmp .Lmul_by_1
.align 32
.Lmul_by_1:
movdqu ($aptr),%xmm1
movdqu 16($aptr),%xmm2
movdqu 32($aptr),%xmm3
movdqa %xmm0,(%rax,$num)
movdqu 48($aptr),%xmm4
movdqa %xmm0,16(%rax,$num)
.byte 0x48,0x8d,0xb6,0x40,0x00,0x00,0x00 # lea 64($aptr),$aptr
movdqa %xmm1,(%rax)
movdqa %xmm0,32(%rax,$num)
movdqa %xmm2,16(%rax)
movdqa %xmm0,48(%rax,$num)
movdqa %xmm3,32(%rax)
movdqa %xmm4,48(%rax)
lea 64(%rax),%rax
sub \$64,%r11
jnz .Lmul_by_1
movq $rptr,%xmm1
movq $nptr,%xmm2
.byte 0x67
mov $nptr,%rbp
movq %r10, %xmm3 # -num
___
$code.=<<___ if ($addx);
mov OPENSSL_ia32cap_P+8(%rip),%r11d
and \$0x80108,%r11d
cmp \$0x80108,%r11d # check for AD*X+BMI2+BMI1
jne .Lfrom_mont_nox
lea (%rax,$num),$rptr
call __bn_sqrx8x_reduction
call __bn_postx4x_internal
pxor %xmm0,%xmm0
lea 48(%rsp),%rax
jmp .Lfrom_mont_zero
.align 32
.Lfrom_mont_nox:
___
$code.=<<___;
call __bn_sqr8x_reduction
call __bn_post4x_internal
pxor %xmm0,%xmm0
lea 48(%rsp),%rax
jmp .Lfrom_mont_zero
.align 32
.Lfrom_mont_zero:
mov 40(%rsp),%rsi # restore %rsp
.cfi_def_cfa %rsi,8
movdqa %xmm0,16*0(%rax)
movdqa %xmm0,16*1(%rax)
movdqa %xmm0,16*2(%rax)
movdqa %xmm0,16*3(%rax)
lea 16*4(%rax),%rax
sub \$32,$num
jnz .Lfrom_mont_zero
mov \$1,%rax
mov -48(%rsi),%r15
.cfi_restore %r15
mov -40(%rsi),%r14
.cfi_restore %r14
mov -32(%rsi),%r13
.cfi_restore %r13
mov -24(%rsi),%r12
.cfi_restore %r12
mov -16(%rsi),%rbp
.cfi_restore %rbp
mov -8(%rsi),%rbx
.cfi_restore %rbx
lea (%rsi),%rsp
.cfi_def_cfa_register %rsp
.Lfrom_epilogue:
ret
.cfi_endproc
.size bn_from_mont8x,.-bn_from_mont8x
___
}
}}}
if ($addx) {{{
@ -3896,10 +3709,6 @@ mul_handler:
.rva .LSEH_begin_bn_power5
.rva .LSEH_end_bn_power5
.rva .LSEH_info_bn_power5
.rva .LSEH_begin_bn_from_mont8x
.rva .LSEH_end_bn_from_mont8x
.rva .LSEH_info_bn_from_mont8x
___
$code.=<<___ if ($addx);
.rva .LSEH_begin_bn_mulx4x_mont_gather5
@ -3931,11 +3740,6 @@ $code.=<<___;
.byte 9,0,0,0
.rva mul_handler
.rva .Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue # HandlerData[]
.align 8
.LSEH_info_bn_from_mont8x:
.byte 9,0,0,0
.rva mul_handler
.rva .Lfrom_prologue,.Lfrom_body,.Lfrom_epilogue # HandlerData[]
___
$code.=<<___ if ($addx);
.align 8

16
crypto/bn/bn_blind.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -13,20 +13,6 @@
#define BN_BLINDING_COUNTER 32
struct bn_blinding_st {
BIGNUM *A;
BIGNUM *Ai;
BIGNUM *e;
BIGNUM *mod; /* just a reference */
CRYPTO_THREAD_ID tid;
int counter;
unsigned long flags;
BN_MONT_CTX *m_ctx;
int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
CRYPTO_RWLOCK *lock;
};
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
{
BN_BLINDING *ret = NULL;

8
crypto/bn/bn_div.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -446,8 +446,10 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
snum->neg = num_neg;
snum->top = div_n;
snum->flags |= BN_FLG_FIXED_TOP;
if (rm != NULL)
bn_rshift_fixed_top(rm, snum, norm_shift);
if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0)
goto err;
BN_CTX_end(ctx);
return 1;
err:

3
crypto/bn/bn_err.c
View File

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -32,6 +32,7 @@ static const ERR_STRING_DATA BN_str_reasons[] = {
{ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_PRIME_CANDIDATE), "no prime candidate"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SUITABLE_DIGEST), "no suitable digest"},
{ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE),

83
crypto/bn/bn_exp.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -36,6 +36,15 @@
/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
/*
* Beyond this limit the constant time code is disabled due to
* the possible overflow in the computation of powerbufLen in
* BN_mod_exp_mont_consttime.
* When this limit is exceeded, the computation will be done using
* non-constant time code, but it will take very long.
*/
#define BN_CONSTTIME_SIZE_LIMIT (INT_MAX / BN_BYTES / 256)
/* this one works - simple but works */
int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
@ -187,13 +196,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return ret;
}
BN_RECP_CTX_init(&recp);
BN_CTX_start(ctx);
aa = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
if (val[0] == NULL)
goto err;
BN_RECP_CTX_init(&recp);
if (m->neg) {
/* ignore sign of 'm' */
if (!BN_copy(aa, m))
@ -302,12 +312,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
BIGNUM *val[TABLE_SIZE];
BN_MONT_CTX *mont = NULL;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
}
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
@ -316,6 +320,14 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
return 0;
}
if (m->top <= BN_CONSTTIME_SIZE_LIMIT
&& (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0)) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
@ -614,6 +626,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
top = m->top;
if (top > BN_CONSTTIME_SIZE_LIMIT) {
/* Prevent overflowing the powerbufLen computation below */
return BN_mod_exp_mont(rr, a, p, m, ctx, in_mont);
}
/*
* Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
* whether the top bits are zero.
@ -693,7 +710,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
else
#endif
#if defined(OPENSSL_BN_ASM_MONT5)
if (window >= 5) {
if (window >= 5 && top <= BN_SOFT_LIMIT) {
window = 5; /* ~5% improvement for RSA2048 sign, and even
* for RSA4096 */
/* reserve space for mont->N.d[] copy */
@ -754,6 +771,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
goto err;
if (top > BN_SOFT_LIMIT)
goto fallback;
#if defined(SPARC_T4_MONT)
if (t4) {
typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np,
@ -896,14 +916,21 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
#if defined(OPENSSL_BN_ASM_MONT5)
if (window == 5 && top > 1) {
/*
* This optimization uses ideas from http://eprint.iacr.org/2011/239,
* specifically optimization of cache-timing attack countermeasures
* and pre-computation optimization.
*/
/*
* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
* 512-bit RSA is hardly relevant, we omit it to spare size...
* This optimization uses ideas from https://eprint.iacr.org/2011/239,
* specifically optimization of cache-timing attack countermeasures,
* pre-computation optimization, and Almost Montgomery Multiplication.
*
* The paper discusses a 4-bit window to optimize 512-bit modular
* exponentiation, used in RSA-1024 with CRT, but RSA-1024 is no longer
* important.
*
* |bn_mul_mont_gather5| and |bn_power5| implement the "almost"
* reduction variant, so the values here may not be fully reduced.
* They are bounded by R (i.e. they fit in |top| words), not |m|.
* Additionally, we pass these "almost" reduced inputs into
* |bn_mul_mont|, which implements the normal reduction variant.
* Given those inputs, |bn_mul_mont| may not give reduced
* output, but it will still produce "almost" reduced output.
*/
void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
@ -915,9 +942,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
int bn_get_bits5(const BN_ULONG *ap, int off);
int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *not_used, const BN_ULONG *np,
const BN_ULONG *n0, int num);
BN_ULONG *n0 = mont->n0, *np;
@ -1006,17 +1030,22 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
}
}
ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
tmp.top = top;
bn_correct_top(&tmp);
if (ret) {
if (!BN_copy(rr, &tmp))
ret = 0;
goto err; /* non-zero ret means it's not error */
}
/*
* The result is now in |tmp| in Montgomery form, but it may not be
* fully reduced. This is within bounds for |BN_from_montgomery|
* (tmp < R <= m*R) so it will, when converting from Montgomery form,
* produce a fully reduced result.
*
* This differs from Figure 2 of the paper, which uses AMM(h, 1) to
* convert from Montgomery form with unreduced output, followed by an
* extra reduction step. In the paper's terminology, we replace
* steps 9 and 10 with MM(h, 1).
*/
} else
#endif
{
fallback:
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))

8
crypto/bn/bn_gcd.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
if (R == NULL)
goto err;
BN_one(X);
if (!BN_one(X))
goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
if (R == NULL)
goto err;
BN_one(X);
if (!BN_one(X))
goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;

36
crypto/bn/bn_local.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -42,6 +42,26 @@
# include <openssl/rand.h>
# endif
/*
* This should limit the stack usage due to alloca to about 4K.
* BN_SOFT_LIMIT is a soft limit equivalent to 2*OPENSSL_RSA_MAX_MODULUS_BITS.
* Beyond that size bn_mul_mont is no longer used, and the constant time
* assembler code is disabled, due to the blatant alloca and bn_mul_mont usage.
* Note that bn_mul_mont does an alloca that is hidden away in assembly.
* It is not recommended to do computations with numbers exceeding this limit,
* since the result will be highly version dependent:
* While the current OpenSSL version will use non-optimized, but safe code,
* previous versions will use optimized code, that may crash due to unexpected
* stack overflow, and future versions may very well turn this into a hard
* limit.
* Note however, that it is possible to override the size limit using
* "./config -DBN_SOFT_LIMIT=<limit>" if necessary, and the O/S specific
* stack limit is known and taken into consideration.
*/
# ifndef BN_SOFT_LIMIT
# define BN_SOFT_LIMIT (4096 / BN_BYTES)
# endif
# ifndef OPENSSL_SMALL_FOOTPRINT
# define BN_MUL_COMBA
# define BN_SQR_COMBA
@ -270,6 +290,20 @@ struct bn_gencb_st {
} cb;
};
struct bn_blinding_st {
BIGNUM *A;
BIGNUM *Ai;
BIGNUM *e;
BIGNUM *mod; /* just a reference */
CRYPTO_THREAD_ID tid;
int counter;
unsigned long flags;
BN_MONT_CTX *m_ctx;
int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
CRYPTO_RWLOCK *lock;
};
/*-
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
*

4
crypto/bn/bn_mont.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -42,7 +42,7 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
int num = mont->N.top;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
if (num > 1 && a->top == num && b->top == num) {
if (num > 1 && num <= BN_SOFT_LIMIT && a->top == num && b->top == num) {
if (bn_wexpand(r, num) == NULL)
return 0;
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {

35
crypto/bn/bn_nist.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -249,17 +249,28 @@ const BIGNUM *BN_get0_nist_prime_521(void)
return &ossl_bignum_nist_p_521;
}
static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
{
int i;
#ifdef BN_DEBUG
(void)ossl_assert(top <= max);
#endif
for (i = 0; i < top; i++)
dst[i] = src[i];
for (; i < max; i++)
dst[i] = 0;
/*
* To avoid more recent compilers (specifically clang-14) from treating this
* code as a violation of the strict aliasing conditions and omiting it, this
* cannot be declared as a function. Moreover, the dst parameter cannot be
* cached in a local since this no longer references the union and again falls
* foul of the strict aliasing criteria. Refer to #18225 for the initial
* diagnostics and llvm/llvm-project#55255 for the later discussions with the
* LLVM developers. The problem boils down to if an array in the union is
* converted to a pointer or if it is used directly.
*
* This function was inlined regardless, so there is no space cost to be
* paid for making it a macro.
*/
#define nist_cp_bn_0(dst, src_in, top, max) \
{ \
int ii; \
const BN_ULONG *src = src_in; \
\
for (ii = 0; ii < top; ii++) \
(dst)[ii] = src[ii]; \
for (; ii < max; ii++) \
(dst)[ii] = 0; \
}
static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)

15
crypto/bn/bn_ppc.c
View File

@ -19,12 +19,6 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
if (num < 4)
return 0;
@ -40,14 +34,5 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
* no opportunity to figure it out...
*/
#if defined(_ARCH_PPC64) && !defined(__ILP32__)
if (num == 6) {
if (OPENSSL_ppccap_P & PPC_MADD300)
return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
else
return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
}
#endif
return bn_mul_mont_int(rp, ap, bp, np, n0, num);
}

7
crypto/bn/bn_prime.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -308,9 +308,10 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
goto err;
#endif
ret = ossl_bn_miller_rabin_is_prime(w, checks, ctx, cb, 0, &status);
if (!ret)
if (!ossl_bn_miller_rabin_is_prime(w, checks, ctx, cb, 0, &status)) {
ret = -1;
goto err;
}
ret = (status == BN_PRIMETEST_PROBABLY_PRIME);
err:
#ifndef FIPS_MODULE

11
crypto/bn/bn_rand.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -136,6 +136,11 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
int n;
int count = 100;
if (r == NULL) {
ERR_raise(ERR_LIB_BN, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (range->neg || BN_is_zero(range)) {
ERR_raise(ERR_LIB_BN, BN_R_INVALID_RANGE);
return 0;
@ -315,7 +320,9 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
err:
EVP_MD_CTX_free(mdctx);
EVP_MD_free(md);
OPENSSL_free(k_bytes);
OPENSSL_clear_free(k_bytes, num_k_bytes);
OPENSSL_cleanse(digest, sizeof(digest));
OPENSSL_cleanse(random_bytes, sizeof(random_bytes));
OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
return ret;
}

17
crypto/bn/bn_rsa_fips186_4.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -303,7 +303,14 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
if (BN_is_negative(R) && !BN_add(R, R, r1r2x2))
goto err;
imax = 5 * bits; /* max = 5/2 * nbits */
/*
* In FIPS 186-4 imax was set to 5 * nlen/2.
* Analysis by Allen Roginsky (See https://csrc.nist.gov/CSRC/media/Publications/fips/186/4/final/documents/comments-received-fips186-4-december-2015.pdf
* page 68) indicates this has a 1 in 2 million chance of failure.
* The number has been updated to 20 * nlen/2 as used in
* FIPS186-5 Appendix B.9 Step 9.
*/
imax = 20 * bits; /* max = 20/2 * nbits */
for (;;) {
if (Xin == NULL) {
/*
@ -342,7 +349,11 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
goto err;
}
/* (Step 8-10) */
if (++i >= imax || !BN_add(Y, Y, r1r2x2))
if (++i >= imax) {
ERR_raise(ERR_LIB_BN, BN_R_NO_PRIME_CANDIDATE);
goto err;
}
if (!BN_add(Y, Y, r1r2x2))
goto err;
}
}

28
crypto/bn/build.info
View File

@ -16,7 +16,7 @@ IF[{- !$disabled{asm} -}]
# All variables are named in such a way that they can be "indexed" with
# $target{asm_arch}
$BNASM_x86=bn-586.s co-586.s x86-mont.s x86-gf2m.s
$BNASM_x86=bn-586.S co-586.S x86-mont.S x86-gf2m.S
# bn-586 is the only one implementing bn_*_part_words
# => OPENSSL_BN_ASM_PART_WORDS
$BNDEF_x86=OPENSSL_BN_ASM_PART_WORDS OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m
@ -79,7 +79,7 @@ IF[{- !$disabled{asm} -}]
$BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s
$BNDEF_ppc32=OPENSSL_BN_ASM_MONT
$BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s
$BNASM_ppc64=$BNASM_ppc32
$BNDEF_ppc64=$BNDEF_ppc32
$BNASM_c64xplus=asm/bn-c64xplus.asm
@ -105,7 +105,7 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c
bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c rsa_sup_mul.c
SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c
DEFINE[../../libcrypto]=$BNDEF
IF[{- !$disabled{'deprecated-0.9.8'} -}]
@ -116,25 +116,20 @@ IF[{- !$disabled{'deprecated-3.0'} -}]
ENDIF
SOURCE[../../providers/libfips.a]=$COMMON $BNASM
DEFINE[../../providers/libfips.a]=$BNDEF
# Because some CPUID implementations use some BN assembler (!!!), we
# must include assembler code into the legacy provider under the same
# conditions as CPUID code is included. See ../build.info
SOURCE[../../providers/liblegacy.a]=$BNASM
DEFINE[../../providers/liblegacy.a]=$BNDEF
# Implementations are now spread across several libraries, so the defines
# need to be applied to all affected libraries and modules.
DEFINE[../../providers/libcommon.a]=$BNDEF
INCLUDE[bn_exp.o]=..
GENERATE[bn-586.s]=asm/bn-586.pl
DEPEND[bn-586.s]=../perlasm/x86asm.pl
GENERATE[co-586.s]=asm/co-586.pl
DEPEND[co-586.s]=../perlasm/x86asm.pl
GENERATE[x86-mont.s]=asm/x86-mont.pl
DEPEND[x86-mont.s]=../perlasm/x86asm.pl
GENERATE[x86-gf2m.s]=asm/x86-gf2m.pl
DEPEND[x86-gf2m.s]=../perlasm/x86asm.pl
GENERATE[bn-586.S]=asm/bn-586.pl
DEPEND[bn-586.S]=../perlasm/x86asm.pl
GENERATE[co-586.S]=asm/co-586.pl
DEPEND[co-586.S]=../perlasm/x86asm.pl
GENERATE[x86-mont.S]=asm/x86-mont.pl
DEPEND[x86-mont.S]=../perlasm/x86asm.pl
GENERATE[x86-gf2m.S]=asm/x86-gf2m.pl
DEPEND[x86-gf2m.S]=../perlasm/x86asm.pl
GENERATE[sparcv9a-mont.S]=asm/sparcv9a-mont.pl
INCLUDE[sparcv9a-mont.o]=..
@ -171,7 +166,6 @@ GENERATE[parisc-mont.s]=asm/parisc-mont.pl
GENERATE[bn-ppc.s]=asm/ppc.pl
GENERATE[ppc-mont.s]=asm/ppc-mont.pl
GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl
GENERATE[ppc64-mont-fixed.s]=asm/ppc64-mont-fixed.pl
GENERATE[alpha-mont.S]=asm/alpha-mont.pl

604
crypto/bn/rsa_sup_mul.c Normal file
View File

@ -0,0 +1,604 @@
#include <openssl/e_os2.h>
#include <stddef.h>
#include <sys/types.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsaerr.h>
#include "internal/endian.h"
#include "internal/numbers.h"
#include "internal/constant_time.h"
#include "bn_local.h"
# if BN_BYTES == 8
typedef uint64_t limb_t;
# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16
typedef uint128_t limb2_t;
# define HAVE_LIMB2_T
# endif
# define LIMB_BIT_SIZE 64
# define LIMB_BYTE_SIZE 8
# elif BN_BYTES == 4
typedef uint32_t limb_t;
typedef uint64_t limb2_t;
# define LIMB_BIT_SIZE 32
# define LIMB_BYTE_SIZE 4
# define HAVE_LIMB2_T
# else
# error "Not supported"
# endif
/*
* For multiplication we're using schoolbook multiplication,
* so if we have two numbers, each with 6 "digits" (words)
* the multiplication is calculated as follows:
* A B C D E F
* x I J K L M N
* --------------
* N*F
* N*E
* N*D
* N*C
* N*B
* N*A
* M*F
* M*E
* M*D
* M*C
* M*B
* M*A
* L*F
* L*E
* L*D
* L*C
* L*B
* L*A
* K*F
* K*E
* K*D
* K*C
* K*B
* K*A
* J*F
* J*E
* J*D
* J*C
* J*B
* J*A
* I*F
* I*E
* I*D
* I*C
* I*B
* + I*A
* ==========================
* N*B N*D N*F
* + N*A N*C N*E
* + M*B M*D M*F
* + M*A M*C M*E
* + L*B L*D L*F
* + L*A L*C L*E
* + K*B K*D K*F
* + K*A K*C K*E
* + J*B J*D J*F
* + J*A J*C J*E
* + I*B I*D I*F
* + I*A I*C I*E
*
* 1+1 1+3 1+5
* 1+0 1+2 1+4
* 0+1 0+3 0+5
* 0+0 0+2 0+4
*
* 0 1 2 3 4 5 6
* which requires n^2 multiplications and 2n full length additions
* as we can keep every other result of limb multiplication in two separate
* limbs
*/
#if defined HAVE_LIMB2_T
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
{
limb2_t t;
/*
* this is idiomatic code to tell compiler to use the native mul
* those three lines will actually compile to single instruction
*/
t = (limb2_t)a * b;
*hi = t >> LIMB_BIT_SIZE;
*lo = (limb_t)t;
}
#elif (BN_BYTES == 8) && (defined _MSC_VER)
/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */
#pragma intrinsic(_umul128)
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
{
*lo = _umul128(a, b, hi);
}
#else
/*
* if the compiler doesn't have either a 128bit data type nor a "return
* high 64 bits of multiplication"
*/
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
{
limb_t a_low = (limb_t)(uint32_t)a;
limb_t a_hi = a >> 32;
limb_t b_low = (limb_t)(uint32_t)b;
limb_t b_hi = b >> 32;
limb_t p0 = a_low * b_low;
limb_t p1 = a_low * b_hi;
limb_t p2 = a_hi * b_low;
limb_t p3 = a_hi * b_hi;
uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32);
*lo = p0 + (p1 << 32) + (p2 << 32);
*hi = p3 + (p1 >> 32) + (p2 >> 32) + cy;
}
#endif
/* add two limbs with carry in, return carry out */
static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry)
{
limb_t carry1, carry2, t;
/*
* `c = a + b; if (c < a)` is idiomatic code that makes compilers
* use add with carry on assembly level
*/
*ret = a + carry;
if (*ret < a)
carry1 = 1;
else
carry1 = 0;
t = *ret;
*ret = t + b;
if (*ret < t)
carry2 = 1;
else
carry2 = 0;
return carry1 + carry2;
}
/*
* add two numbers of the same size, return overflow
*
* add a to b, place result in ret; all arrays need to be n limbs long
* return overflow from addition (0 or 1)
*/
static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n)
{
limb_t c = 0;
ossl_ssize_t i;
for(i = n - 1; i > -1; i--)
c = _add_limb(&ret[i], a[i], b[i], c);
return c;
}
/*
* return number of limbs necessary for temporary values
* when multiplying numbers n limbs large
*/
static ossl_inline size_t mul_limb_numb(size_t n)
{
return 2 * n * 2;
}
/*
* multiply two numbers of the same size
*
* multiply a by b, place result in ret; a and b need to be n limbs long
* ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs
* long
*/
static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp)
{
limb_t *r_odd, *r_even;
size_t i, j, k;
r_odd = tmp;
r_even = &tmp[2 * n];
memset(ret, 0, 2 * n * sizeof(limb_t));
for (i = 0; i < n; i++) {
for (k = 0; k < i + n + 1; k++) {
r_even[k] = 0;
r_odd[k] = 0;
}
for (j = 0; j < n; j++) {
/*
* place results from even and odd limbs in separate arrays so that
* we don't have to calculate overflow every time we get individual
* limb multiplication result
*/
if (j % 2 == 0)
_mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]);
else
_mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]);
}
/*
* skip the least significant limbs when adding multiples of
* more significant limbs (they're zero anyway)
*/
add(ret, ret, r_even, n + i + 1);
add(ret, ret, r_odd, n + i + 1);
}
}
/* modifies the value in place by performing a right shift by one bit */
static ossl_inline void rshift1(limb_t *val, size_t n)
{
limb_t shift_in = 0, shift_out = 0;
size_t i;
for (i = 0; i < n; i++) {
shift_out = val[i] & 1;
val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1);
shift_in = shift_out;
}
}
/* extend the LSB of flag to all bits of limb */
static ossl_inline limb_t mk_mask(limb_t flag)
{
flag |= flag << 1;
flag |= flag << 2;
flag |= flag << 4;
flag |= flag << 8;
flag |= flag << 16;
#if (LIMB_BYTE_SIZE == 8)
flag |= flag << 32;
#endif
return flag;
}
/*
* copy from either a or b to ret based on flag
* when flag == 0, then copies from b
* when flag == 1, then copies from a
*/
static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n)
{
/*
* would be more efficient with non volatile mask, but then gcc
* generates code with jumps
*/
volatile limb_t mask;
size_t i;
mask = mk_mask(flag);
for (i = 0; i < n; i++) {
#if (LIMB_BYTE_SIZE == 8)
ret[i] = constant_time_select_64(mask, a[i], b[i]);
#else
ret[i] = constant_time_select_32(mask, a[i], b[i]);
#endif
}
}
static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow)
{
limb_t borrow1, borrow2, t;
/*
* while it doesn't look constant-time, this is idiomatic code
* to tell compilers to use the carry bit from subtraction
*/
*ret = a - borrow;
if (*ret > a)
borrow1 = 1;
else
borrow1 = 0;
t = *ret;
*ret = t - b;
if (*ret > t)
borrow2 = 1;
else
borrow2 = 0;
return borrow1 + borrow2;
}
/*
* place the result of a - b into ret, return the borrow bit.
* All arrays need to be n limbs long
*/
static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n)
{
limb_t borrow = 0;
ossl_ssize_t i;
for (i = n - 1; i > -1; i--)
borrow = _sub_limb(&ret[i], a[i], b[i], borrow);
return borrow;
}
/* return the number of limbs necessary to allocate for the mod() tmp operand */
static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum)
{
return (anum + modnum) * 3;
}
/*
* calculate a % mod, place the result in ret
* size of a is defined by anum, size of ret and mod is modnum,
* size of tmp is returned by mod_limb_numb()
*/
static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
size_t modnum, limb_t *tmp)
{
limb_t *atmp, *modtmp, *rettmp;
limb_t res;
size_t i;
memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE);
atmp = tmp;
modtmp = &tmp[anum + modnum];
rettmp = &tmp[(anum + modnum) * 2];
for (i = modnum; i <modnum + anum; i++)
atmp[i] = a[i-modnum];
for (i = 0; i < modnum; i++)
modtmp[i] = mod[i];
for (i = 0; i < anum * LIMB_BIT_SIZE; i++) {
rshift1(modtmp, anum + modnum);
res = sub(rettmp, atmp, modtmp, anum+modnum);
cselect(res, atmp, atmp, rettmp, anum+modnum);
}
memcpy(ret, &atmp[anum], sizeof(limb_t) * modnum);
}
/* necessary size of tmp for a _mul_add_limb() call with provided anum */
static ossl_inline size_t _mul_add_limb_numb(size_t anum)
{
return 2 * (anum + 1);
}
/* multiply a by m, add to ret, return carry */
static limb_t _mul_add_limb(limb_t *ret, limb_t *a, size_t anum,
limb_t m, limb_t *tmp)
{
limb_t carry = 0;
limb_t *r_odd, *r_even;
size_t i;
memset(tmp, 0, sizeof(limb_t) * (anum + 1) * 2);
r_odd = tmp;
r_even = &tmp[anum + 1];
for (i = 0; i < anum; i++) {
/*
* place the results from even and odd limbs in separate arrays
* so that we have to worry about carry just once
*/
if (i % 2 == 0)
_mul_limb(&r_even[i], &r_even[i + 1], a[i], m);
else
_mul_limb(&r_odd[i], &r_odd[i + 1], a[i], m);
}
/* assert: add() carry here will be equal zero */
add(r_even, r_even, r_odd, anum + 1);
/*
* while here it will not overflow as the max value from multiplication
* is -2 while max overflow from addition is 1, so the max value of
* carry is -1 (i.e. max int)
*/
carry = add(ret, ret, &r_even[1], anum) + r_even[0];
return carry;
}
static ossl_inline size_t mod_montgomery_limb_numb(size_t modnum)
{
return modnum * 2 + _mul_add_limb_numb(modnum);
}
/*
* calculate a % mod, place result in ret
* assumes that a is in Montgomery form with the R (Montgomery modulus) being
* smallest power of two big enough to fit mod and that's also a power
* of the count of number of bits in limb_t (B).
* For calculation, we also need n', such that mod * n' == -1 mod B.
* anum must be <= 2 * modnum
* ret needs to be modnum words long
* tmp needs to be mod_montgomery_limb_numb(modnum) limbs long
*/
static void mod_montgomery(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
size_t modnum, limb_t ni0, limb_t *tmp)
{
limb_t carry, v;
limb_t *res, *rp, *tmp2;
ossl_ssize_t i;
res = tmp;
/*
* for intermediate result we need an integer twice as long as modulus
* but keep the input in the least significant limbs
*/
memset(res, 0, sizeof(limb_t) * (modnum * 2));
memcpy(&res[modnum * 2 - anum], a, sizeof(limb_t) * anum);
rp = &res[modnum];
tmp2 = &res[modnum * 2];
carry = 0;
/* add multiples of the modulus to the value until R divides it cleanly */
for (i = modnum; i > 0; i--, rp--) {
v = _mul_add_limb(rp, mod, modnum, rp[modnum-1] * ni0, tmp2);
v = v + carry + rp[-1];
carry |= (v != rp[-1]);
carry &= (v <= rp[-1]);
rp[-1] = v;
}
/* perform the final reduction by mod... */
carry -= sub(ret, rp, mod, modnum);
/* ...conditionally */
cselect(carry, ret, rp, ret, modnum);
}
/* allocated buffer should be freed afterwards */
static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs)
{
int i;
int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
limb_t *ptr = buf + (limbs - real_limbs);
for (i = 0; i < real_limbs; i++)
ptr[i] = bn->d[real_limbs - i - 1];
}
#if LIMB_BYTE_SIZE == 8
static ossl_inline uint64_t be64(uint64_t host)
{
uint64_t big = 0;
DECLARE_IS_ENDIAN;
if (!IS_LITTLE_ENDIAN)
return host;
big |= (host & 0xff00000000000000) >> 56;
big |= (host & 0x00ff000000000000) >> 40;
big |= (host & 0x0000ff0000000000) >> 24;
big |= (host & 0x000000ff00000000) >> 8;
big |= (host & 0x00000000ff000000) << 8;
big |= (host & 0x0000000000ff0000) << 24;
big |= (host & 0x000000000000ff00) << 40;
big |= (host & 0x00000000000000ff) << 56;
return big;
}
#else
/* Not all platforms have htobe32(). */
static ossl_inline uint32_t be32(uint32_t host)
{
uint32_t big = 0;
DECLARE_IS_ENDIAN;
if (!IS_LITTLE_ENDIAN)
return host;
big |= (host & 0xff000000) >> 24;
big |= (host & 0x00ff0000) >> 8;
big |= (host & 0x0000ff00) << 8;
big |= (host & 0x000000ff) << 24;
return big;
}
#endif
/*
* We assume that intermediate, possible_arg2, blinding, and ctx are used
* similar to BN_BLINDING_invert_ex() arguments.
* to_mod is RSA modulus.
* buf and num is the serialization buffer and its length.
*
* Here we use classic/Montgomery multiplication and modulo. After the calculation finished
* we serialize the new structure instead of BIGNUMs taking endianness into account.
*/
int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
const BN_BLINDING *blinding,
const BIGNUM *possible_arg2,
const BIGNUM *to_mod, BN_CTX *ctx,
unsigned char *buf, int num)
{
limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL;
limb_t *l_ret = NULL, *l_tmp = NULL, l_buf;
size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0;
size_t l_tmp_count = 0;
int ret = 0;
size_t i;
unsigned char *tmp;
const BIGNUM *arg1 = intermediate;
const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2;
l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count;
l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE);
if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL))
goto err;
BN_to_limb(arg1, l_im, l_size);
BN_to_limb(arg2, l_mul, l_size);
BN_to_limb(to_mod, l_mod, l_mod_count);
l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE);
if (blinding->m_ctx != NULL) {
l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ?
mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count);
l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
} else {
l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ?
mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count);
l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
}
if ((l_ret == NULL) || (l_tmp == NULL))
goto err;
if (blinding->m_ctx != NULL) {
limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count,
blinding->m_ctx->n0[0], l_tmp);
} else {
limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp);
}
/* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */
if (num < BN_num_bytes(to_mod)) {
ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
memset(buf, 0, num);
tmp = buf + num - BN_num_bytes(to_mod);
for (i = 0; i < l_mod_count; i++) {
#if LIMB_BYTE_SIZE == 8
l_buf = be64(l_ret[i]);
#else
l_buf = be32(l_ret[i]);
#endif
if (i == 0) {
int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num);
memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta);
tmp += delta;
} else {
memcpy(tmp, &l_buf, LIMB_BYTE_SIZE);
tmp += LIMB_BYTE_SIZE;
}
}
ret = num;
err:
OPENSSL_free(l_im);
OPENSSL_free(l_mul);
OPENSSL_free(l_mod);
OPENSSL_free(l_tmp);
OPENSSL_free(l_ret);
return ret;
}

10
crypto/bn/rsaz_exp.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2012, Intel Corporation. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -66,6 +66,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
unsigned char *R2 = table_s; /* borrow */
int index;
int wvalue;
BN_ULONG tmp[16];
if ((((size_t)p_str & 4095) + 320) >> 12) {
result = p_str;
@ -237,7 +238,10 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
rsaz_1024_red2norm_avx2(result_norm, result);
bn_reduce_once_in_place(result_norm, /*carry=*/0, m_norm, tmp, 16);
OPENSSL_cleanse(storage, sizeof(storage));
OPENSSL_cleanse(tmp, sizeof(tmp));
}
/*
@ -266,6 +270,7 @@ void RSAZ_512_mod_exp(BN_ULONG result[8],
unsigned char *p_str = (unsigned char *)exponent;
int index;
unsigned int wvalue;
BN_ULONG tmp[8];
/* table[0] = 1_inv */
temp[0] = 0 - m[0];
@ -309,7 +314,10 @@ void RSAZ_512_mod_exp(BN_ULONG result[8],
/* from Montgomery */
rsaz_512_mul_by_one(result, temp, m, k0);
bn_reduce_once_in_place(result, /*carry=*/0, m, tmp, 8);
OPENSSL_cleanse(storage, sizeof(storage));
OPENSSL_cleanse(tmp, sizeof(tmp));
}
#endif

25
crypto/bn/rsaz_exp.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2020, Intel Corporation. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -22,6 +22,8 @@
# define RSAZ_ENABLED
# include <openssl/bn.h>
# include "internal/constant_time.h"
# include "bn_local.h"
void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
const BN_ULONG base_norm[16],
@ -52,6 +54,27 @@ int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1,
BN_ULONG k0_2,
int factor_size);
static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask,
const BN_ULONG *a,
const BN_ULONG *b, size_t num)
{
size_t i;
for (i = 0; i < num; i++) {
r[i] = constant_time_select_64(mask, a[i], b[i]);
}
}
static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r,
BN_ULONG carry,
const BN_ULONG *m,
BN_ULONG *tmp, size_t num)
{
carry -= bn_sub_words(tmp, r, m, num);
bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num);
return carry;
}
# endif
#endif

27
crypto/bn/rsaz_exp_x2.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2020, Intel Corporation. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -220,6 +220,12 @@ int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1,
from_words52(res1, factor_size, rr1_red);
from_words52(res2, factor_size, rr2_red);
/* bn_reduce_once_in_place expects number of BN_ULONG, not bit size */
factor_size /= sizeof(BN_ULONG) * 8;
bn_reduce_once_in_place(res1, /*carry=*/0, m1, storage, factor_size);
bn_reduce_once_in_place(res2, /*carry=*/0, m2, storage, factor_size);
ret = 1;
err:
if (storage != NULL) {
@ -462,9 +468,13 @@ static void to_words52(BN_ULONG *out, int out_len,
in_str = (uint8_t *)in;
for (; in_bitsize >= (2 * DIGIT_SIZE); in_bitsize -= (2 * DIGIT_SIZE), out += 2) {
out[0] = (*(uint64_t *)in_str) & DIGIT_MASK;
uint64_t digit;
memcpy(&digit, in_str, sizeof(digit));
out[0] = digit & DIGIT_MASK;
in_str += 6;
out[1] = ((*(uint64_t *)in_str) >> 4) & DIGIT_MASK;
memcpy(&digit, in_str, sizeof(digit));
out[1] = (digit >> 4) & DIGIT_MASK;
in_str += 7;
out_len -= 2;
}
@ -520,10 +530,15 @@ static void from_words52(BN_ULONG *out, int out_bitsize, const BN_ULONG *in)
{
uint8_t *out_str = (uint8_t *)out;
for (; out_bitsize >= (2 * DIGIT_SIZE); out_bitsize -= (2 * DIGIT_SIZE), in += 2) {
(*(uint64_t *)out_str) = in[0];
for (; out_bitsize >= (2 * DIGIT_SIZE);
out_bitsize -= (2 * DIGIT_SIZE), in += 2) {
uint64_t digit;
digit = in[0];
memcpy(out_str, &digit, sizeof(digit));
out_str += 6;
(*(uint64_t *)out_str) ^= in[1] << 4;
digit = digit >> 48 | in[1] << 4;
memcpy(out_str, &digit, sizeof(digit));
out_str += 7;
}

12
crypto/build.info
View File

@ -14,7 +14,7 @@ $UPLINKSRC=
$UPLINKDEF=
IF[{- !$disabled{uplink} -}]
$UPLINKSRC_common=../ms/uplink.c
$UPLINKSRC_x86=$UPLINKSRC_common uplink-x86.s
$UPLINKSRC_x86=$UPLINKSRC_common uplink-x86.S
$UPLINKSRC_x86_64=$UPLINKSRC_common uplink-x86_64.s
$UPLINKSRC_ia64=$UPLINKSRC_common uplink-ia64.s
@ -27,7 +27,7 @@ ENDIF
$CPUIDASM=mem_clr.c
$CPUIDDEF=
IF[{- !$disabled{asm} && $config{processor} ne '386' -}]
$CPUIDASM_x86=x86cpuid.s
$CPUIDASM_x86=x86cpuid.S
$CPUIDASM_x86_64=x86_64cpuid.s
@ -97,6 +97,10 @@ $UTIL_COMMON=\
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
param_build_set.c der_writer.c threads_lib.c params_dup.c
IF[{- !$disabled{shared} -}]
SOURCE[../libssl]=sparse_array.c
ENDIF
SOURCE[../libcrypto]=$UTIL_COMMON \
mem.c mem_sec.c \
cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
@ -111,11 +115,11 @@ DEPEND[info.o]=buildinf.h
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
GENERATE[uplink-x86.s]=../ms/uplink-x86.pl
GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
GENERATE[uplink-ia64.s]=../ms/uplink-ia64.pl
GENERATE[x86cpuid.s]=x86cpuid.pl
GENERATE[x86cpuid.S]=x86cpuid.pl
DEPEND[x86cpuid.s]=perlasm/x86asm.pl
GENERATE[x86_64cpuid.s]=x86_64cpuid.pl

6
crypto/camellia/build.info
View File

@ -2,7 +2,7 @@ LIBS=../../libcrypto
$CMLLASM=camellia.c cmll_misc.c cmll_cbc.c
IF[{- !$disabled{asm} -}]
$CMLLASM_x86=cmll-x86.s
$CMLLASM_x86=cmll-x86.S
$CMLLASM_x86_64=cmll-x86_64.s cmll_misc.c
$CMLLASM_sparcv9=camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S
@ -17,8 +17,8 @@ ENDIF
SOURCE[../../libcrypto]=cmll_ecb.c cmll_ofb.c cmll_cfb.c cmll_ctr.c $CMLLASM
DEFINE[../../libcrypto]=$CMLLDEF
GENERATE[cmll-x86.s]=asm/cmll-x86.pl
DEPEND[cmll-x86.s]=../perlasm/x86asm.pl
GENERATE[cmll-x86.S]=asm/cmll-x86.pl
DEPEND[cmll-x86.S]=../perlasm/x86asm.pl
GENERATE[cmll-x86_64.s]=asm/cmll-x86_64.pl
GENERATE[cmllt4-sparcv9.S]=asm/cmllt4-sparcv9.pl
INCLUDE[cmllt4-sparcv9.o]=..

8
crypto/camellia/camellia.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -499,9 +499,9 @@ void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
PUTU32(plaintext + 12, s1);
}
void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[],
const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
const KEY_TABLE_TYPE keyTable, u8 plaintext[])
{
Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
plaintext, keyTable, ciphertext);
ciphertext, keyTable, plaintext);
}

8
crypto/cast/build.info
View File

@ -3,7 +3,7 @@ LIBS=../../libcrypto
$CASTASM=c_enc.c
# CAST assembly source is not PIC
IF[{- !$disabled{asm} && $disabled{pic} -}]
$CASTASM_x86=cast-586.s
$CASTASM_x86=cast-586.S
# Now that we have defined all the arch specific variables, use the
# appropriate one
@ -18,9 +18,9 @@ SOURCE[../../libcrypto]=$ALL
# When all deprecated symbols are removed, libcrypto doesn't export the
# cast functions, so we must include them directly in liblegacy.a
IF[{- $disabled{'deprecated-3.0'} -}]
IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}]
SOURCE[../../providers/liblegacy.a]=$ALL
ENDIF
GENERATE[cast-586.s]=asm/cast-586.pl
DEPEND[cast-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
GENERATE[cast-586.S]=asm/cast-586.pl
DEPEND[cast-586.S]=../perlasm/x86asm.pl ../perlasm/cbc.pl

Some files were not shown because too many files have changed in this diff Show More