diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c5643fbf5c2b69..b3c6717fff597f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,7 +23,7 @@ permissions: jobs: check_update: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - name: install unifdef run: | @@ -42,7 +42,7 @@ jobs: run: git diff --exit-code check_docs: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: config @@ -62,7 +62,7 @@ jobs: # We are not as strict with libraries, but rather adapt to what's # expected to be available in a certain version of each platform. check-ansi: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: config @@ -71,7 +71,7 @@ jobs: run: make -s -j4 basic_gcc: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -91,7 +91,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} basic_clang: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -107,8 +107,27 @@ jobs: - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + self-hosted: + strategy: + matrix: + os: [freebsd-13.2, ubuntu-arm64-22.04] + runs-on: ${{ matrix.os }}-self-hosted + continue-on-error: true + steps: + - uses: actions/checkout@v4 + - name: config + run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + - name: config dump + run: ./configdata.pm --dump + - name: make + run: make -j4 + - name: get cpu info + run: ./util/opensslwrap.sh version -c + - name: make test + run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + minimal: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -125,7 +144,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} no-deprecated: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -141,11 +160,8 @@ jobs: - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} - no-shared: - strategy: - matrix: - os: [ ubuntu-latest, macos-latest ] - runs-on: ${{matrix.os}} + no-shared-ubuntu: + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -155,12 +171,32 @@ jobs: - name: make run: make -s -j4 - name: get cpu info - run: ./util/opensslwrap.sh version -c + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c + - name: make test + run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + + no-shared-macos: + runs-on: macos-latest + if: github.server_url == 'https://github.com' + steps: + - uses: actions/checkout@v4 + - name: checkout fuzz/corpora submodule + run: git submodule update --init --depth 1 fuzz/corpora + - name: config + run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump + - name: make + run: make -s -j4 + - name: get cpu info + run: | + sysctl machdep.cpu + ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} non-caching: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -177,7 +213,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]" address_ub_sanitizer: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -194,7 +230,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 fuzz_tests: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -211,7 +247,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*" memory_sanitizer: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -229,7 +265,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 threads_sanitizer: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -246,7 +282,7 @@ jobs: run: make V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*" test HARNESS_JOBS=${HARNESS_JOBS:-4} enable_non-default_options: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -265,7 +301,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} fips_and_ktls: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -284,7 +320,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} no-legacy: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -301,7 +337,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} legacy: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -317,27 +353,74 @@ jobs: - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} - out-of-source-and-install: - strategy: - matrix: - os: [ubuntu-latest, macos-latest ] - runs-on: ${{matrix.os}} + # out-of-source-and-install checks multiple things at the same time: + # - That building, testing and installing works from an out-of-source + # build tree + # - That building, testing and installing works with a read-only source + # tree + out-of-readonly-source-and-install-ubuntu: + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 + with: + path: ./source - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - - name: extra preparations + working-directory: ./source + - name: make source read-only + run: chmod -R a-w ./source + - name: create build and install directories run: | mkdir ./build mkdir ./install - name: config - run: ../config --banner=Configured enable-fips enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) && perl configdata.pm --dump + run: | + ../source/config --banner=Configured enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) + perl configdata.pm --dump working-directory: ./build - name: make run: make -s -j4 working-directory: ./build - name: get cpu info - run: ./util/opensslwrap.sh version -c + run: | + cat /proc/cpuinfo + ./util/opensslwrap.sh version -c + working-directory: ./build + - name: make test + run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} + working-directory: ./build + - name: make install + run: make install + working-directory: ./build + + out-of-readonly-source-and-install-macos: + runs-on: macos-latest + if: github.server_url == 'https://github.com' + steps: + - uses: actions/checkout@v4 + with: + path: ./source + - name: checkout fuzz/corpora submodule + run: git submodule update --init --depth 1 fuzz/corpora + working-directory: ./source + - name: make source read-only + run: chmod -R a-w ./source + - name: create build and install directories + run: | + mkdir ./build + mkdir ./install + - name: config + run: | + ../source/config --banner=Configured enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) + perl configdata.pm --dump + working-directory: ./build + - name: make + run: make -s -j4 + working-directory: ./build + - name: get cpu info + run: | + sysctl machdep.cpu + ./util/opensslwrap.sh version -c working-directory: ./build - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} @@ -347,7 +430,7 @@ jobs: working-directory: ./build external-tests: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 with: @@ -380,7 +463,7 @@ jobs: run: make test TESTS="test_external_oqsprovider" external-test-pyca: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} strategy: matrix: RUST: @@ -396,15 +479,12 @@ jobs: - name: make run: make -s -j4 - name: Setup Python - uses: actions/setup-python@v4.7.1 + uses: actions/setup-python@v5.0.0 with: python-version: ${{ matrix.PYTHON }} - - uses: actions-rs/toolchain@v1 + - uses: dtolnay/rust-toolchain@master with: - profile: minimal toolchain: ${{ matrix.RUST }} - override: true - default: true - name: get cpu info run: | cat /proc/cpuinfo @@ -413,7 +493,7 @@ jobs: run: make test TESTS="test_external_pyca" VERBOSE=1 external-test-cf-quiche: - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - uses: actions/checkout@v4 with: @@ -422,11 +502,7 @@ jobs: run: ./config --banner=Configured --strict-warnings enable-external-tests && perl configdata.pm --dump - name: make run: make -s -j4 - - uses: actions-rs/toolchain@v1 - with: - profile: default - toolchain: stable - default: true + - uses: dtolnay/rust-toolchain@stable - name: get cpu info run: | cat /proc/cpuinfo diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml index 79af07c7016786..c3dd90cab9a0af 100644 --- a/.github/workflows/cross-compiles.yml +++ b/.github/workflows/cross-compiles.yml @@ -148,7 +148,7 @@ jobs: tests: none } ] - runs-on: ubuntu-latest + runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }} steps: - name: install package repository if: matrix.platform.ppa != '' @@ -183,15 +183,15 @@ jobs: run: make -s -j4 - name: install qemu - if: github.event_name == 'push' && matrix.platform.tests != 'none' + if: matrix.platform.tests != 'none' run: sudo apt-get -yq --force-yes install qemu-user - name: Set QEMU environment - if: github.event_name == 'push' && matrix.platform.qemucpu != '' + if: matrix.platform.qemucpu != '' run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV - name: Set OpenSSL caps environment - if: github.event_name == 'push' && matrix.platform.opensslcapsname != '' + if: matrix.platform.opensslcapsname != '' run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\ ${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV @@ -210,3 +210,9 @@ jobs: make test HARNESS_JOBS=${HARNESS_JOBS:-4} \ TESTS="${{ matrix.platform.tests }} -test_afalg" \ QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} + - name: make evp tests + if: github.event_name == 'pull_request' && matrix.platform.tests != 'none' + run: | + make test HARNESS_JOBS=${HARNESS_JOBS:-4} \ + TESTS="test_evp*" \ + QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml index 1b56755bfbb176..a9777a23943708 100644 --- a/.github/workflows/fips-checksums.yml +++ b/.github/workflows/fips-checksums.yml @@ -69,7 +69,7 @@ jobs: - name: save PR number run: echo ${{ github.event.number }} > ./artifact/pr_num - name: save artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: fips_checksum path: artifact/ diff --git a/.github/workflows/interop-tests.yml b/.github/workflows/interop-tests.yml new file mode 100644 index 00000000000000..d6a17f67900c55 --- /dev/null +++ b/.github/workflows/interop-tests.yml @@ -0,0 +1,52 @@ +# Notes: +# /__w/openssl is the path that github bind-mounts into the container so the ci +# filesystem for this job can be reached. Please note that any changes made to +# this job involving file system paths should be made prefixed with, or relative +# to that directory +name: Interoperability tests with GnuTLS and NSS +on: + schedule: + - cron: '0 6 * * *' +jobs: + test: + runs-on: ubuntu-22.04 + container: + image: docker.io/fedora:39 + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 + timeout-minutes: 90 + strategy: + fail-fast: false + matrix: + COMPONENT: [gnutls, nss] + env: + COMPONENT: ${{ matrix.COMPONENT }} + steps: + - uses: actions/checkout@v4 + - name: Display environment + run: export + - name : Install needed tools + run: | + dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \ + fips-mode-setup crypto-policies-scripts + - name: install interop tests + run: | + cd ${GITHUB_WORKSPACE} + git clone --branch=openssl --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git + - name: build openssl as an rpm + run: | + mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree + cd /build && cp ${GITHUB_WORKSPACE}/interop/openssl.spec SPECS/ && \ + cd SPECS/ && source ${GITHUB_WORKSPACE}/VERSION.dat && \ + sed -i "s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \ + sed -i 's/^Release: .*$/Release: dev/' openssl.spec + yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing + mkdir -p /build/SOURCES + tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/ + rpmbuild -bb /build/SPECS/openssl.spec + dnf install -y /build/RPMS/x86_64/openssl-* + - name: Run interop tests + run: | + cd interop + tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local execute -h tmt --interactive + openssl version + echo "Finished - important to prevent unwanted output truncating" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8ff02cee2757eb..e167416be561b6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,7 +26,7 @@ jobs: fuzz-seconds: 600 dry-run: false - name: Upload Crash - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: failure() with: name: artifacts diff --git a/.github/workflows/os-zoo.yml b/.github/workflows/os-zoo.yml index 29137bd7c7d89b..27752083281685 100644 --- a/.github/workflows/os-zoo.yml +++ b/.github/workflows/os-zoo.yml @@ -167,3 +167,22 @@ jobs: - name: test working-directory: _build run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4 + + self-hosted: + strategy: + matrix: + os: [freebsd-13.2, ubuntu-arm64-22.04] + runs-on: ${{ matrix.os }}-self-hosted + continue-on-error: true + steps: + - uses: actions/checkout@v4 + - name: config + run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + - name: config dump + run: ./configdata.pm --dump + - name: make + run: make -j4 + - name: get cpu info + run: ./util/opensslwrap.sh version -c + - name: make test + run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} diff --git a/.github/workflows/provider-compatibility.yml b/.github/workflows/provider-compatibility.yml index 8fc125cbd83e5c..afb2782690bc93 100644 --- a/.github/workflows/provider-compatibility.yml +++ b/.github/workflows/provider-compatibility.yml @@ -93,7 +93,7 @@ jobs: -providers working-directory: ${{ matrix.release.dir }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: ${{ matrix.release.tgz }} path: ${{ matrix.release.tgz }} @@ -169,7 +169,7 @@ jobs: run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} working-directory: ${{ matrix.branch.dir }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: ${{ matrix.branch.tgz }} path: ${{ matrix.branch.tgz }} @@ -201,7 +201,7 @@ jobs: fi continue-on-error: true - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 if: steps.early_exit.outcome == 'success' with: name: ${{ matrix.tree_a }}.tar.gz @@ -209,7 +209,7 @@ jobs: if: steps.early_exit.outcome == 'success' run: tar xzf "${{ matrix.tree_a }}.tar.gz" - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 if: steps.early_exit.outcome == 'success' with: name: ${{ matrix.tree_b }}.tar.gz diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index 157746f39ff57d..eda5005f68f9e5 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -130,7 +130,8 @@ jobs: no-zlib, enable-zlib-dynamic, no-zlib-dynamic, - -DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING + -DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING, + -DSSL3_ALIGN_PAYLOAD=4 ] runs-on: ubuntu-latest steps: diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index c80741cf517cf3..1892b08481faa9 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -25,7 +25,7 @@ jobs: config: enable-fips - arch: win32 config: --strict-warnings no-fips - runs-on: ${{matrix.os}} + runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -75,7 +75,7 @@ jobs: os: - windows-2019 - windows-2022 - runs-on: ${{matrix.os}} + runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -113,7 +113,7 @@ jobs: os: - windows-2019 - windows-2022 - runs-on: ${{matrix.os}} + runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule @@ -159,7 +159,7 @@ jobs: # are we really learning sth new from win32? So let's save some CO2 for now disabling this # - arch: win32 # config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips - runs-on: ${{matrix.os}} + runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} env: CYGWIN_NOWINPATH: 1 SHELLOPTS: igncr diff --git a/.gitignore b/.gitignore index 62b93dbe573667..68522d40e75da7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ - # Ignore editor artefacts /.dir-locals.el @@ -250,8 +249,3 @@ doc-nits # LSP (Language Server Protocol) support .cache/ compile_commands.json - -# vcauthtls stuff -.cproject -.project -.settings/ diff --git a/CHANGES.md b/CHANGES.md index 804119fd33d355..440132a6b1e7fa 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -27,7 +27,58 @@ OpenSSL 3.2 ### Changes between 3.2.0 and 3.2.1 [xx XXX xxxx] - * none yet + * When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time. + + An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack. + + The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the "-pubin" and "-check" options on untrusted data. + + To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will + now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason. + + ([CVE-2023-6237]) + + *Tomáš Mráz* + + * Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to + have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey + rather than SM2. + + *Richard Levitte* + + * The POLY1305 MAC (message authentication code) implementation in OpenSSL + for PowerPC CPUs saves the contents of vector registers in different + order than they are restored. Thus the contents of some of these vector + registers is corrupted when returning to the caller. The vulnerable code is + used only on newer PowerPC processors supporting the PowerISA 2.07 + instructions. + + The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the + application process. However unless the compiler uses the vector registers + for storing pointers, the most likely consequence, if any, would be an + incorrect result of some application dependent calculations or a crash + leading to a denial of service. + + ([CVE-2023-6129]) + + *Rohan McLure* + + * Disable building QUIC server utility when OpenSSL is configured with + `no-apps`. + + *Vitalii Koshura* ### Changes between 3.1 and 3.2.0 [23 Nov 2023] @@ -20323,6 +20374,8 @@ ndif +[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 +[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 13a5d63695fee3..9773af905f5be4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,22 +9,36 @@ Development is done on GitHub in the [openssl/openssl] repository. [openssl/openssl]: -To request new features or report bugs, please open an issue on GitHub +To request new a feature, ask a question, or report a bug, +please open an [issue on GitHub](https://github.com/openssl/openssl/issues). -To submit a patch, please open a pull request on GitHub. If you are thinking -of making a large contribution, open an issue for it before starting work, -to get comments from the community. Someone may be already working on -the same thing, or there may be reasons why that feature isn't implemented. +To submit a patch or implement a new feature, please open a +[pull request on GitHub](https://github.com/openssl/openssl/pulls). +If you are thinking of making a large contribution, +open an issue for it before starting work, to get comments from the community. +Someone may be already working on the same thing, +or there may be special reasons why a feature is not implemented. To make it easier to review and accept your pull request, please follow these guidelines: 1. Anything other than a trivial contribution requires a [Contributor License Agreement] (CLA), giving us permission to use your code. - If your contribution is too small to require a CLA (e.g. fixing a spelling - mistake), place the text "`CLA: trivial`" on a line by itself separated by - an empty line from the rest of the commit message. It is not sufficient to - only place the text in the GitHub pull request description. + If your contribution is too small to require a CLA (e.g., fixing a spelling + mistake), then place the text "`CLA: trivial`" on a line by itself below + the rest of your commit message separated by an empty line, like this: + + ``` + One-line summary of trivial change + + Optional main body of commit message. It might contain a sentence + or two explaining the trivial change. + + CLA: trivial + ``` + + It is not sufficient to only place the text "`CLA: trivial`" in the GitHub + pull request description. [Contributor License Agreement]: @@ -32,8 +46,8 @@ guidelines: ``` git commit --amend - [add the line, save and quit the editor] - git push -f + # add the line, save and quit the editor + git push -f [ []] ``` 2. All source files should start with the following text (with @@ -53,22 +67,24 @@ guidelines: often. We do not accept merge commits, you will have to remove them (usually by rebasing) before it will be acceptable. - 4. Patches should follow our [coding style] and compile without warnings. + 4. Code provided should follow our [coding style] and compile without warnings. + There is a [Perl tool](util/check-format.pl) that helps + finding code formatting mistakes and other coding style nits. Where `gcc` or `clang` is available, you should use the `--strict-warnings` `Configure` option. OpenSSL compiles on many varied - platforms: try to ensure you only use portable features. Clean builds via - GitHub Actions and AppVeyor are required, and they are started automatically - whenever a PR is created or updated. + platforms: try to ensure you only use portable features. + Clean builds via GitHub Actions are required. They are started automatically + whenever a PR is created or updated by committers. [coding style]: https://www.openssl.org/policies/technical/coding-style.html - 5. When at all possible, patches should include tests. These can + 5. When at all possible, code contributions should include tests. These can either be added to an existing test, or completely new. Please see [test/README.md](test/README.md) for information on the test framework. 6. New features or changed functionality must include - documentation. Please look at the "pod" files in doc/man[1357] for - examples of our style. Run "make doc-nits" to make sure that your + documentation. Please look at the `.pod` files in `doc/man[1357]` for + examples of our style. Run `make doc-nits` to make sure that your documentation changes are clean. 7. For user visible changes (API changes, behaviour changes, ...), @@ -78,17 +94,9 @@ guidelines: Have a look through existing entries for inspiration. Please note that this is NOT simply a copy of git-log one-liners. Also note that security fixes get an entry in [CHANGES.md](CHANGES.md). - This file helps users get more in depth information of what comes + This file helps users get more in-depth information of what comes with a specific release without having to sift through the higher noise ratio in git-log. - 8. For larger or more important user visible changes, as well as - security fixes, please add a line in [NEWS.md](NEWS.md). - On exception, it might be worth adding a multi-line entry (such as - the entry that announces all the types that became opaque with - OpenSSL 1.1.0). - This file helps users get a very quick summary of what comes with a - specific release, to see if an upgrade is worth the effort. - - 9. Guidelines how to integrate error output of new crypto library modules + 8. Guidelines how to integrate error output of new crypto library modules can be found in [crypto/err/README.md](crypto/err/README.md). diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index d1a15a1152747b..2a047caa7d4a46 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -821,12 +821,13 @@ my %targets = ( asm_arch => 'riscv32', }, - # loongarch64 below refers to contemporary LOONGARCH Architecture + # loongarch64 below refers to contemporary LoongArch Architecture # specifications, "linux64-loongarch64" => { inherit_from => [ "linux-generic64"], perlasm_scheme => "linux64", asm_arch => 'loongarch64', + lib_cppflags => add("-DL_ENDIAN"), }, #### IA-32 targets... @@ -2124,5 +2125,15 @@ my %targets = ( inherit_from => [ "vms-generic" ], bn_ops => "SIXTY_FOUR_BIT", pointer_size => "", + }, + "vms-x86_64-p32" => { + inherit_from => [ "vms-x86_64" ], + cflags => add("/POINTER_SIZE=32"), + pointer_size => "32", + }, + "vms-x86_64-p64" => { + inherit_from => [ "vms-x86_64" ], + cflags => add("/POINTER_SIZE=64=ARGV"), + pointer_size => "64", } ); diff --git a/Configurations/50-nonstop.conf b/Configurations/50-nonstop.conf index 827a13b4eec209..873e398169bb7c 100644 --- a/Configurations/50-nonstop.conf +++ b/Configurations/50-nonstop.conf @@ -170,24 +170,6 @@ '_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'], ex_libs => '-lput', }, - 'nonstop-model-spt' => { - template => 1, - cflags => add('-Wnowarn=140'), - defines => ['_SPT_MODEL_', - 'SPT_THREAD_AWARE_NONBLOCK', - '_REENTRANT'], - ex_libs => '-lspt', - }, - - # Additional floss model that can be combined with any of the other models. - # If used without any of the other models, the entry that does so must - # disable threads. - 'nonstop-model-floss' => { - template => 1, - defines => ['OPENSSL_TANDEM_FLOSS', '_ENABLE_FLOSS_THREADS'], - includes => ['/usr/local/include'], - ex_libs => '-lfloss', - }, ###################################################################### # Now for the entries themselves, let's combine things! @@ -225,25 +207,6 @@ multilib => '64-put', multibin => '64-put', }, - 'nonstop-nsx_spt' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-oss', - 'nonstop-ilp32', - 'nonstop-efloat-x86_64', - 'nonstop-model-spt' ], - multilib => '-spt', - multibin => '-spt', - }, - 'nonstop-nsx_spt_floss' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-oss', - 'nonstop-ilp32', - 'nonstop-efloat-x86_64', - 'nonstop-model-floss', - 'nonstop-model-spt'], - multilib => '-spt', - multibin => '-spt', - }, 'nonstop-nsx_g' => { inherit_from => [ 'nonstop-common', 'nonstop-archenv-x86_64-guardian', @@ -293,24 +256,6 @@ multilib => '64-put', multibin => '64-put', }, - 'nonstop-nse_spt' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-oss', - 'nonstop-ilp32', - 'nonstop-efloat-itanium', - 'nonstop-model-spt' ], - multilib => '-spt', - multibin => '-spt', - }, - 'nonstop-nse_spt_floss' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-oss', - 'nonstop-ilp32', - 'nonstop-efloat-itanium', - 'nonstop-model-floss', 'nonstop-model-spt' ], - multilib => '-spt', - multibin => '-spt', - }, 'nonstop-nse_g' => { inherit_from => [ 'nonstop-common', 'nonstop-archenv-itanium-guardian', diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 828e1e91fbb26b..94eb7e28102e0c 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -516,7 +516,8 @@ build_all_generated : $(GENERATED_MANDATORY) $(GENERATED) build_docs all : build_sw build_docs test : tests -{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep run_tests +{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep + $(MMS) $(MMSQUALIFIERS) run_tests run_tests : @ ! {- output_off() if $disabled{tests}; "" -} DEFINE SRCTOP "$(SRCDIR)" @@ -748,13 +749,15 @@ vmsconfig.pm : configdata.pm WRITE CONFIG " shlib_version => '","{- $config{shlib_version} -}","'," WRITE CONFIG " shlib_major => '","{- $config{shlib_major} -}","'," WRITE CONFIG " shlib_minor => '","{- $config{shlib_minor} -}","'," - WRITE CONFIG " no_shared => '","{- $disabled{shared} -}","'," WRITE CONFIG " INSTALLTOP => '$(INSTALLTOP)'," WRITE CONFIG " OPENSSLDIR => '$(OPENSSLDIR)'," + WRITE CONFIG ");" + WRITE CONFIG "our %target = (" WRITE CONFIG " pointer_size => '","{- $target{pointer_size} -}","'," WRITE CONFIG ");" - WRITE CONFIG "our %target = ();" - WRITE CONFIG "our %disabled = ();" + WRITE CONFIG "our %disabled = (" + WRITE CONFIG " shared => '","{- $disabled{shared} -}","'," + WRITE CONFIG ");" WRITE CONFIG "our %withargs = ();" WRITE CONFIG "our %unified_info = ();" WRITE CONFIG "1;" diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 8ddb1282af7b62..b3350a10486c78 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -544,8 +544,9 @@ help: ## Show this help screen ##@ Testing test: tests ## Run tests (alias of "tests") -{- dependmagic('tests', 'Run tests'); -}: build_programs_nodep build_modules_nodep link-utils run_tests -run_tests: +{- dependmagic('tests', 'Run tests'); -}: build_programs_nodep build_modules_nodep link-utils + $(MAKE) run_tests +run_tests: FORCE @ : {- output_off() if $disabled{tests}; "" -} ( SRCTOP=$(SRCDIR) \ BLDTOP=$(BLDDIR) \ @@ -1363,18 +1364,16 @@ renumber: build_generated --renumber \ $(SSLHEADERS) -$(SRCDIR)/util/libcrypto.num: $(CRYPTOHEADERS) $(SRCDIR)/include/openssl/symhacks.h +.PHONY: ordinals +ordinals: build_generated $(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION_NUMBER) --no-warnings \ --ordinals $(SRCDIR)/util/libcrypto.num \ --symhacks $(SRCDIR)/include/openssl/symhacks.h \ $(CRYPTOHEADERS) -$(SRCDIR)/util/libssl.num: $(SSLHEADERS) $(SRCDIR)/include/openssl/symhacks.h $(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION_NUMBER) --no-warnings \ --ordinals $(SRCDIR)/util/libssl.num \ --symhacks $(SRCDIR)/include/openssl/symhacks.h \ $(SSLHEADERS) -.PHONY: ordinals -ordinals: build_generated $(SRCDIR)/util/libcrypto.num $(SRCDIR)/util/libssl.num test_ordinals: $(MAKE) run_tests TESTS=test_ordinals diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 1f260e49d46b26..d09773e71ab9d9 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -440,6 +440,8 @@ all: build_sw {- "build_docs" if !$disabled{docs}; -} test: tests {- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep copy-utils + $(MAKE) /$(MAKEFLAGS) run_tests +run_tests: @{- output_off() if $disabled{tests}; "\@rem" -} cmd /C "set "SRCTOP=$(SRCDIR)" & set "BLDTOP=$(BLDDIR)" & set "PERL=$(PERL)" & set "FIPSKEY=$(FIPSKEY)" & "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)" @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} diff --git a/Configure b/Configure index 1496a12f3a53fa..cca1ac8d162ee4 100755 --- a/Configure +++ b/Configure @@ -520,7 +520,6 @@ my @disablables = ( "ui-console", "unit-test", "uplink", - "vcauthtls", "weak-ssl-ciphers", "whirlpool", "zlib", @@ -580,7 +579,6 @@ our %disabled = ( # "what" => "comment" "trace" => "default", "ubsan" => "default", "unit-test" => "default", - "vcauthtls" => "default", "weak-ssl-ciphers" => "default", "zlib" => "default", "zlib-dynamic" => "default", @@ -1893,11 +1891,12 @@ if ($builder eq "unified") { my $base = shift; my $dir = shift; my $relativeto = shift || "."; + my $no_mkpath = shift // 0; $dir = catdir($base,$dir) unless isabsolute($dir); # Make sure the directories we're building in exists - mkpath($dir); + mkpath($dir) unless $no_mkpath; my $res = abs2rel(absolutedir($dir), rel2abs($relativeto)); #print STDERR "DEBUG[cleandir]: $dir , $base => $res\n"; @@ -1908,6 +1907,7 @@ if ($builder eq "unified") { my $base = shift; my $file = shift; my $relativeto = shift || "."; + my $no_mkpath = shift // 0; $file = catfile($base,$file) unless isabsolute($file); @@ -1915,7 +1915,7 @@ if ($builder eq "unified") { my $f = basename($file); # Make sure the directories we're building in exists - mkpath($d); + mkpath($d) unless $no_mkpath; my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto)); #print STDERR "DEBUG[cleanfile]: $d , $f => $res\n"; @@ -1945,7 +1945,7 @@ if ($builder eq "unified") { } # Then, look in our standard directory push @build_file_templates, - ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) } + ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir, 1) } @build_file_template_names ); my $build_file_template; @@ -1960,7 +1960,7 @@ if ($builder eq "unified") { } $config{build_file_templates} = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"), - $blddir), + $blddir, 1), $build_file_template ]; my @build_dirs = ( [ ] ); # current directory @@ -1969,7 +1969,7 @@ if ($builder eq "unified") { # We want to detect configdata.pm in the source tree, so we # don't use it if the build tree is different. - my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir); + my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir, 1); # Any source file that we recognise is placed in this hash table, with # the list of its intended destinations as value. When everything has @@ -2322,7 +2322,7 @@ EOF my $dest = $_; my $ddest = cleanfile($buildd, $_, $blddir); foreach (@{$sources{$dest}}) { - my $s = cleanfile($sourced, $_, $blddir); + my $s = cleanfile($sourced, $_, $blddir, 1); # If it's generated or we simply don't find it in the source # tree, we assume it's in the build tree. @@ -2367,7 +2367,7 @@ EOF my $dest = $_; my $ddest = cleanfile($buildd, $_, $blddir); foreach (@{$shared_sources{$dest}}) { - my $s = cleanfile($sourced, $_, $blddir); + my $s = cleanfile($sourced, $_, $blddir, 1); # If it's generated or we simply don't find it in the source # tree, we assume it's in the build tree. @@ -2422,7 +2422,7 @@ EOF if scalar @{$generate{$_}} > 1; my @generator = split /\s+/, $generate{$dest}->[0]; my $gen = $generator[0]; - $generator[0] = cleanfile($sourced, $gen, $blddir); + $generator[0] = cleanfile($sourced, $gen, $blddir, 1); # If the generator is itself generated, it's in the build tree if ($generate{$gen} || ! -f $generator[0]) { @@ -2448,7 +2448,7 @@ EOF } elsif ($dest eq '') { $ddest = ''; } else { - $ddest = cleanfile($sourced, $dest, $blddir); + $ddest = cleanfile($sourced, $dest, $blddir, 1); # If the destination doesn't exist in source, it can only be # a generated file in the build tree. @@ -2473,12 +2473,12 @@ EOF && $f =~ m/^(.*?)\|(.*)$/) { $i = $1; $m = $2; - $i = cleanfile($sourced, $i, $blddir); + $i = cleanfile($sourced, $i, $blddir, 1); $i2 = cleanfile($buildd, $i, $blddir); - $d = cleanfile($sourced, "$i/$m", $blddir); + $d = cleanfile($sourced, "$i/$m", $blddir, 1); $d2 = cleanfile($buildd, "$i/$m", $blddir); } else { - $d = cleanfile($sourced, $f, $blddir); + $d = cleanfile($sourced, $f, $blddir, 1); $d2 = cleanfile($buildd, $f, $blddir); } @@ -2509,7 +2509,7 @@ EOF foreach (keys %includes) { my $dest = $_; - my $ddest = cleanfile($sourced, $_, $blddir); + my $ddest = cleanfile($sourced, $_, $blddir, 1); # If the destination doesn't exist in source, it can only be # a generated file in the build tree. @@ -2517,7 +2517,7 @@ EOF $ddest = cleanfile($buildd, $_, $blddir); } foreach (@{$includes{$dest}}) { - my $is = cleandir($sourced, $_, $blddir); + my $is = cleandir($sourced, $_, $blddir, 1); my $ib = cleandir($buildd, $_, $blddir); push @{$unified_info{includes}->{$ddest}->{source}}, $is unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}}; @@ -2530,7 +2530,7 @@ EOF my $ddest; if ($dest ne "") { - $ddest = cleanfile($sourced, $dest, $blddir); + $ddest = cleanfile($sourced, $dest, $blddir, 1); # If the destination doesn't exist in source, it can only # be a generated file in the build tree. @@ -2914,7 +2914,7 @@ my %template_vars = ( my $configdata_outname = 'configdata.pm'; open CONFIGDATA, ">$configdata_outname.new" or die "Trying to create $configdata_outname.new: $!"; -my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir); +my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir, 1); my $configdata_tmpl = OpenSSL::Template->new(TYPE => 'FILE', SOURCE => $configdata_tmplname); $configdata_tmpl->fill_in( diff --git a/NEWS.md b/NEWS.md index eca59e7d0b470d..24c8aaaaeb089d 100644 --- a/NEWS.md +++ b/NEWS.md @@ -22,7 +22,12 @@ OpenSSL 3.2 ### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [under development] - * none + * Fixed Excessive time spent checking invalid RSA public keys + ([CVE-2023-6237]) + + * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC + CPUs which support PowerISA 2.07 + ([CVE-2023-6129]) ### Major changes between OpenSSL 3.1 and OpenSSL 3.2.0 [23 Nov 2023] @@ -1571,6 +1576,8 @@ OpenSSL 0.9.x +[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 +[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 [CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md index 68438b998884e2..65bfc1087dcabf 100644 --- a/NOTES-NONSTOP.md +++ b/NOTES-NONSTOP.md @@ -26,15 +26,16 @@ is the only FLOSS variant that has been broadly tested. Threading Models ---------------- -OpenSSL can be built using unthreaded, POSIX User Threads (PUT), or Standard -POSIX Threads (SPT). Select the following build configuration for each on -the TNS/X (L-Series) platform: +OpenSSL can be built either using the POSIX User Threads (PUT) threading model, +or with threading support disabled. Select the following build configuration +for each on the TNS/X (L-Series) platform: - * `nonstop-nsx` or default will select an unthreaded build. + * `nonstop-nsx` or default will select an unthreaded 32-bit build. + * `nonstop-nsx_64` selects an unthreaded 64-bit memory and file length build. * `nonstop-nsx_put` selects the PUT build. - * `nonstop-nsx_64_put` selects the 64 bit file length PUT build. - * `nonstop-nsx_spt_floss` selects the SPT build with FLOSS. FLOSS is - required for SPT builds because of a known hang when using SPT on its own. + * `nonstop-nsx_64_put` selects the 64-bit memory and file length PUT build. + +The SPT threading model is no longer supported as of OpenSSL 3.2. ### TNS/E Considerations @@ -145,9 +146,7 @@ update this list: - nonstop-nsx_64_put **Note:** Cross-compile builds for TNS/E have not been attempted, but should -follow the same considerations as for TNS/X above. SPT builds generally require -FLOSS, which is not available for workstation builds. As a result, SPT builds -of OpenSSL cannot be cross-compiled. +follow the same considerations as for TNS/X above. Also see the NSDEE discussion below for more historical information. @@ -223,9 +222,6 @@ assumes that your PWD is set according to your installation standards. ./Configure nonstop-nsx_put --prefix=${PWD} \ --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nsx_spt_floss --prefix=${PWD} \ - --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ - --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} ./Configure nonstop-nsx_64 --prefix=${PWD} \ --openssldir=${PWD}/ssl no-threads \ --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} @@ -245,9 +241,6 @@ assumes that your PWD is set according to your installation standards. ./Configure nonstop-nse_put --prefix=${PWD} \ --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nse_spt_floss --prefix=${PWD} \ - --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ - --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} ./Configure nonstop-nse_64 --prefix=${PWD} \ --openssldir=${PWD}/ssl no-threads \ --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} diff --git a/VMS/openssl_ivp.com.in b/VMS/openssl_ivp.com.in index 6810792b38d3d6..582e1fe1a7fa58 100644 --- a/VMS/openssl_ivp.com.in +++ b/VMS/openssl_ivp.com.in @@ -21,9 +21,9 @@ $ @'INSTALLTOP_'SYS$STARTUP]openssl_startup'v' $ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v' $ $ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" - - .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $config{no_shared}; "" -}- + .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $disabled{shared}; "" -}- .OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" - - .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $config{no_shared}; "" -}- + .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $disabled{shared}; "" -}- .OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" - .OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" - .OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. "" diff --git a/VMS/openssl_shutdown.com.in b/VMS/openssl_shutdown.com.in index 4193c900f9e99e..c2b9cf6c70b413 100644 --- a/VMS/openssl_shutdown.com.in +++ b/VMS/openssl_shutdown.com.in @@ -39,19 +39,19 @@ $ DEAS OSSL$MODULES'pz' $ DEAS OSSL$EXE $ DEAS OSSL$LIBCRYPTO'pz' $ DEAS OSSL$LIBSSL'pz' -${- output_off() if $config{no_shared}; "" -} +${- output_off() if $disabled{shared}; "" -} $ DEAS OSSL$LIBCRYPTO'sv'_SHR'pz' $ DEAS OSSL$LIBSSL'sv'_SHR'pz' -${- output_on() if $config{no_shared}; "" -} +${- output_on() if $disabled{shared}; "" -} $ DEAS OPENSSL $ $ IF P2 .NES. "NOALIASES" $ THEN $ DEAS OSSL$ENGINES'pz' -${- output_off() if $config{no_shared}; "" -} +${- output_off() if $disabled{shared}; "" -} $ DEAS OSSL$LIBCRYPTO_SHR'pz' $ DEAS OSSL$LIBSSL_SHR'pz' -${- output_on() if $config{no_shared}; "" -} +${- output_on() if $disabled{shared}; "" -} $ ENDIF $ $ EXIT 'status' diff --git a/VMS/openssl_startup.com.in b/VMS/openssl_startup.com.in index bbf3e3b4e6e488..738f508d56f537 100644 --- a/VMS/openssl_startup.com.in +++ b/VMS/openssl_startup.com.in @@ -103,19 +103,19 @@ $ DEF OSSL$EXE OSSL$INSTROOT:[EXE.'arch'],- OSSL$INSTROOT:[EXE] $ DEF OSSL$LIBCRYPTO'pz' OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB $ DEF OSSL$LIBSSL'pz' OSSL$LIB:OSSL$LIBSSL'pz'.OLB -${- output_off() if $config{no_shared}; "" -} +${- output_off() if $disabled{shared}; "" -} $ DEF OSSL$LIBCRYPTO'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE $ DEF OSSL$LIBSSL'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE -${- output_on() if $config{no_shared}; "" -} +${- output_on() if $disabled{shared}; "" -} $ DEF OPENSSL OSSL$INCLUDE:[OPENSSL] $ $ IF P2 .NES. "NOALIASES" $ THEN $ DEF OSSL$ENGINES'pz' OSSL$ENGINES'sv''pz' -${- output_off() if $config{no_shared}; "" -} +${- output_off() if $disabled{shared}; "" -} $ DEF OSSL$LIBCRYPTO_SHR'pz' OSSL$LIBCRYPTO'sv'_SHR'pz' $ DEF OSSL$LIBSSL_SHR'pz' OSSL$LIBSSL'sv'_SHR'pz' -${- output_on() if $config{no_shared}; "" -} +${- output_on() if $disabled{shared}; "" -} $ ENDIF $ $ bailout: diff --git a/apps/asn1parse.c b/apps/asn1parse.c index 097b0cc1eddfb4..bf62f859479075 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -178,7 +178,7 @@ int asn1parse_main(int argc, char **argv) if ((buf = BUF_MEM_new()) == NULL) goto end; - if (informat == FORMAT_PEM) { + if (genconf == NULL && genstr == NULL && informat == FORMAT_PEM) { if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { BIO_printf(bio_err, "Error reading PEM file\n"); ERR_print_errors(bio_err); diff --git a/apps/cms.c b/apps/cms.c index 9c4e4ee5e0553a..f93c98ac92c416 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -628,7 +628,8 @@ int cms_main(int argc, char **argv) "recipient certificate file"); if (cert == NULL) goto end; - sk_X509_push(encerts, cert); + if (!sk_X509_push(encerts, cert)) + goto end; cert = NULL; } else { recipfile = opt_arg(); @@ -837,7 +838,8 @@ int cms_main(int argc, char **argv) "recipient certificate file"); if (cert == NULL) goto end; - sk_X509_push(encerts, cert); + if (!sk_X509_push(encerts, cert)) + goto end; cert = NULL; } } @@ -1447,6 +1449,7 @@ static CMS_ReceiptRequest STACK_OF(OPENSSL_STRING) *rr_from) { STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL; + CMS_ReceiptRequest *rr; rct_to = make_names_stack(rr_to); if (rct_to == NULL) @@ -1458,10 +1461,14 @@ static CMS_ReceiptRequest } else { rct_from = NULL; } - return CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from, - rct_to, app_get0_libctx()); + rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from, + rct_to, app_get0_libctx()); + if (rr == NULL) + goto err; + return rr; err: sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free); + sk_GENERAL_NAMES_pop_free(rct_from, GENERAL_NAMES_free); return NULL; } diff --git a/apps/errstr.c b/apps/errstr.c index 782705a78a33d2..21349d21cb4207 100644 --- a/apps/errstr.c +++ b/apps/errstr.c @@ -62,7 +62,7 @@ int errstr_main(int argc, char **argv) /* All remaining arg are error code. */ ret = 0; for (argv = opt_rest(); *argv != NULL; argv++) { - if (sscanf(*argv, "%lx", &l) == 0) { + if (sscanf(*argv, "%lx", &l) <= 0) { ret++; } else { ERR_error_string_n(l, buf, sizeof(buf)); diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index 52f1d5b1126f3a..33c3b6278c823f 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -112,7 +112,3 @@ int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm, char *srpuserseed, char *srp_verifier_file); void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out); #endif /* OPENSSL_NO_SRP */ - -#ifndef OPENSSL_NO_VCAUTHTLS -int set_vc_did_stuff(SSL_CTX *ctx, EVP_PKEY *vc, EVP_PKEY *did); -#endif \ No newline at end of file diff --git a/apps/lib/opt.c b/apps/lib/opt.c index 2d61ac9a7865ec..0490c39c251669 100644 --- a/apps/lib/opt.c +++ b/apps/lib/opt.c @@ -726,7 +726,12 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm) opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg()); return 0; } - X509_VERIFY_PARAM_add0_policy(vpm, otmp); + if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) { + ASN1_OBJECT_free(otmp); + opt_printf_stderr("%s: Internal error adding Policy %s\n", + prog, opt_arg()); + return 0; + } break; case OPT_V_PURPOSE: /* purpose name -> purpose index */ diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index f715dcd2c3e391..743d88993f4f52 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -151,34 +151,6 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) return 1; } -#ifndef OPENSSL_NO_VCAUTHTLS -int set_vc_did_stuff(SSL_CTX *ctx, EVP_PKEY *vc, EVP_PKEY *did) -{ - if (did == NULL || vc == NULL) - return 1; - - if (SSL_CTX_use_VC(ctx, vc) <= 0) { - BIO_printf(bio_err, "error setting certificate\n"); - ERR_print_errors(bio_err); - return 0; - } - - if (SSL_CTX_use_DID(ctx, did) <= 0) { - BIO_printf(bio_err, "error setting private key\n"); - ERR_print_errors(bio_err); - return 0; - } - - /*if (!SSL_CTX_check_DID_private_key(ctx)) { - BIO_printf(bio_err, - "Private key does not match the certificate public key\n"); - return 0; - }*/ - - return 1; -} -#endif - int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain) { diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index 014c1c0bc0eceb..ace51686addc4f 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -208,7 +208,7 @@ int init_client(int *sock, const char *host, const char *port, hostname = BIO_ADDR_hostname_string(BIO_ADDRINFO_address(ai), 1); if (hostname != NULL) { - BIO_printf(bio_out, "Connecting to %s\n", hostname); + BIO_printf(bio_err, "Connecting to %s\n", hostname); OPENSSL_free(hostname); } /* Remove any stale errors from previous connection attempts */ diff --git a/apps/list.c b/apps/list.c index 8649598df7fcb3..adcf6803b4950a 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1238,6 +1238,9 @@ static void list_provider_info(void) sk_OSSL_PROVIDER_sort(providers); for (i = 0; i < sk_OSSL_PROVIDER_num(providers); i++) { const OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(providers, i); + const char *provname = OSSL_PROVIDER_get0_name(prov); + + BIO_printf(bio_out, " %s\n", provname); /* Query the "known" information parameters, the order matches below */ params[0] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME, @@ -1250,23 +1253,23 @@ static void list_provider_info(void) params[4] = OSSL_PARAM_construct_end(); OSSL_PARAM_set_all_unmodified(params); if (!OSSL_PROVIDER_get_params(prov, params)) { - BIO_printf(bio_err, "ERROR: Unable to query provider parameters\n"); - return; - } - - /* Print out the provider information, the params order matches above */ - BIO_printf(bio_out, " %s\n", OSSL_PROVIDER_get0_name(prov)); - if (OSSL_PARAM_modified(params)) - BIO_printf(bio_out, " name: %s\n", name); - if (OSSL_PARAM_modified(params + 1)) - BIO_printf(bio_out, " version: %s\n", version); - if (OSSL_PARAM_modified(params + 2)) - BIO_printf(bio_out, " status: %sactive\n", status ? "" : "in"); - if (verbose) { - if (OSSL_PARAM_modified(params + 3)) - BIO_printf(bio_out, " build info: %s\n", buildinfo); - print_param_types("gettable provider parameters", - OSSL_PROVIDER_gettable_params(prov), 4); + BIO_printf(bio_err, + "WARNING: Unable to query provider parameters for %s\n", + provname); + } else { + /* Print out the provider information, the params order matches above */ + if (OSSL_PARAM_modified(params)) + BIO_printf(bio_out, " name: %s\n", name); + if (OSSL_PARAM_modified(params + 1)) + BIO_printf(bio_out, " version: %s\n", version); + if (OSSL_PARAM_modified(params + 2)) + BIO_printf(bio_out, " status: %sactive\n", status ? "" : "in"); + if (verbose) { + if (OSSL_PARAM_modified(params + 3)) + BIO_printf(bio_out, " build info: %s\n", buildinfo); + print_param_types("gettable provider parameters", + OSSL_PROVIDER_gettable_params(prov), 4); + } } } sk_OSSL_PROVIDER_free(providers); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 1fa0abd3d4c610..117b6736436f0c 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -14,7 +14,6 @@ #include #include "apps.h" #include "progs.h" -#include #include #include #include @@ -535,7 +534,6 @@ int pkcs12_main(int argc, char **argv) EVP_MD *macmd = NULL; unsigned char *catmp = NULL; int i; - CONF *conf = NULL; ASN1_OBJECT *obj = NULL; if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) { @@ -681,12 +679,6 @@ int pkcs12_main(int argc, char **argv) if (!twopass) OPENSSL_strlcpy(macpass, pass, sizeof(macpass)); - /* Load the config file */ - if ((conf = app_load_config(default_config_file)) == NULL) - goto export_end; - if (!app_load_modules(conf)) - goto export_end; - if (jdktrust != NULL) { obj = OBJ_txt2obj(jdktrust, 0); } @@ -731,7 +723,6 @@ int pkcs12_main(int argc, char **argv) OSSL_STACK_OF_X509_free(certs); OSSL_STACK_OF_X509_free(untrusted_certs); X509_free(ee_cert); - NCONF_free(conf); ASN1_OBJECT_free(obj); ERR_print_errors(bio_err); goto end; diff --git a/apps/rehash.c b/apps/rehash.c index 1e5cf38a7fe47b..56a6ccea0928a6 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -45,9 +45,6 @@ # ifndef PATH_MAX # define PATH_MAX 4096 # endif -# ifndef NAME_MAX -# define NAME_MAX 255 -# endif # define MAX_COLLISIONS 256 # if defined(OPENSSL_SYS_VXWORKS) @@ -356,10 +353,10 @@ static int do_dir(const char *dirname, enum Hash h) struct stat st; unsigned char idmask[MAX_COLLISIONS / 8]; int n, numfiles, nextid, dirlen, buflen, errs = 0; - size_t i; + size_t i, fname_max_len = 20; /* maximum length of "%08x.r%d" */ const char *pathsep = ""; const char *filename; - char *buf, *copy = NULL; + char *buf = NULL, *copy = NULL; STACK_OF(OPENSSL_STRING) *files = NULL; if (app_access(dirname, W_OK) < 0) { @@ -371,8 +368,6 @@ static int do_dir(const char *dirname, enum Hash h) pathsep = "/"; dirlen++; } - buflen = dirlen + NAME_MAX + 1; - buf = app_malloc(buflen, "filename buffer"); if (verbose) BIO_printf(bio_out, "Doing %s\n", dirname); @@ -383,17 +378,25 @@ static int do_dir(const char *dirname, enum Hash h) goto err; } while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) { + size_t fname_len = strlen(filename); + if ((copy = OPENSSL_strdup(filename)) == NULL || sk_OPENSSL_STRING_push(files, copy) == 0) { OPENSSL_free(copy); + OPENSSL_DIR_end(&d); BIO_puts(bio_err, "out of memory\n"); errs = 1; goto err; } + if (fname_len > fname_max_len) + fname_max_len = fname_len; } OPENSSL_DIR_end(&d); sk_OPENSSL_STRING_sort(files); + buflen = dirlen + fname_max_len + 1; + buf = app_malloc(buflen, "filename buffer"); + numfiles = sk_OPENSSL_STRING_num(files); for (n = 0; n < numfiles; ++n) { filename = sk_OPENSSL_STRING_value(files, n); diff --git a/apps/req.c b/apps/req.c index 3ce2b384969b67..00ef231e115744 100644 --- a/apps/req.c +++ b/apps/req.c @@ -704,7 +704,7 @@ int req_main(int argc, char **argv) } goto end; } - BIO_free(out); + BIO_free_all(out); out = NULL; BIO_printf(bio_err, "-----\n"); } diff --git a/apps/s_client.c b/apps/s_client.c index 25362352e8e6c0..78a44755cb54fb 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -118,10 +118,6 @@ static int is_dNS_name(const char *host); static const unsigned char cert_type_rpk[] = { TLSEXT_cert_type_rpk, TLSEXT_cert_type_x509 }; static int enable_server_rpk = 0; -#ifndef OPENSSL_NO_VCAUTHTLS -static const unsigned char cert_type_vc[] = { TLSEXT_cert_type_vc, TLSEXT_cert_type_x509 }; -#endif - static int saved_errno; static void save_errno(void) @@ -963,11 +959,6 @@ int s_client_main(int argc, char **argv) BIO_ADDR *peer_addr = NULL; struct user_data_st user_data; -#ifndef OPENSSL_NO_VCAUTHTLS - EVP_PKEY *vc = NULL; - EVP_PKEY *did = NULL; -#endif - FD_ZERO(&readfds); FD_ZERO(&writefds); /* Known false-positive of MemorySanitizer. */ @@ -1752,17 +1743,6 @@ int s_client_main(int argc, char **argv) if (key_file == NULL) key_file = cert_file; -#ifndef OPENSSL_NO_VCAUTHTLS - did = load_key(key_file, key_format, 0, pass, e, - "client DID document and private key" ); - if (did == NULL) - goto end; - - vc = load_key(cert_file, key_format, 0, pass, e, - "client VC" ); - if (vc == NULL) - goto end; -#else if (key_file != NULL) { key = load_key(key_file, key_format, 0, pass, e, "client certificate private key"); @@ -1776,7 +1756,6 @@ int s_client_main(int argc, char **argv) if (cert == NULL) goto end; } -#endif if (chain_file != NULL) { if (!load_certs(chain_file, 0, &chain, pass, "client certificate chain")) @@ -2050,13 +2029,8 @@ int s_client_main(int argc, char **argv) ssl_ctx_add_crls(ctx, crls, crl_download); -#ifndef OPENSSL_NO_VCAUTHTLS - if(!set_vc_did_stuff(ctx, vc, did)) - goto end; -#else if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain)) goto end; -#endif if (!noservername) { tlsextcbp.biodebug = bio_err; @@ -2099,29 +2073,16 @@ int s_client_main(int argc, char **argv) SSL_set_post_handshake_auth(con, 1); if (enable_client_rpk) -#ifndef OPENSSL_NO_VCAUTHTLS - if (!SSL_set1_client_cert_type(con, cert_type_vc, sizeof(cert_type_vc))) { - BIO_printf(bio_err, "Error setting client certificate types\n"); - goto end; - } -#else if (!SSL_set1_client_cert_type(con, cert_type_rpk, sizeof(cert_type_rpk))) { BIO_printf(bio_err, "Error setting client certificate types\n"); goto end; } -#endif - if (enable_server_rpk) -#ifndef OPENSSL_NO_VCAUTHTLS - if (!SSL_set1_server_cert_type(con, cert_type_vc, sizeof(cert_type_vc))) { - BIO_printf(bio_err, "Error setting server certificate types\n"); - goto end; - } -#else + if (enable_server_rpk) { if (!SSL_set1_server_cert_type(con, cert_type_rpk, sizeof(cert_type_rpk))) { BIO_printf(bio_err, "Error setting server certificate types\n"); goto end; } -#endif + } if (sess_in != NULL) { SSL_SESSION *sess; @@ -3392,10 +3353,6 @@ int s_client_main(int argc, char **argv) bio_c_out = NULL; BIO_free(bio_c_msg); bio_c_msg = NULL; -#ifndef OPENSSL_NO_VCAUTHTLS - EVP_PKEY_free(vc); - EVP_PKEY_free(did); -#endif return ret; } diff --git a/apps/s_server.c b/apps/s_server.c index fed785c74802a3..b1164d10cc8938 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1,7 +1,3 @@ -/* - * Modifications Copyright 2024 Fondazione LINKS. - */ - /* * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved @@ -75,8 +71,8 @@ static void print_connection_info(SSL *con); static const int bufsize = 16 * 1024; static int accept_socket = -1; -#define TEST_CERT "apps/server.pem" -#define TEST_CERT2 "apps/server2.pem" +#define TEST_CERT "server.pem" +#define TEST_CERT2 "server2.pem" static int s_nbio = 0; static int s_nbio_test = 0; @@ -107,10 +103,6 @@ static const char *session_id_prefix = NULL; static const unsigned char cert_type_rpk[] = { TLSEXT_cert_type_rpk, TLSEXT_cert_type_x509 }; static int enable_client_rpk = 0; -#ifndef OPENSSL_NO_VCAUTHTLS -static const unsigned char cert_type_vc[] = { TLSEXT_cert_type_vc, TLSEXT_cert_type_x509 }; -#endif - #ifndef OPENSSL_NO_DTLS static int enable_timeouts = 0; static long socket_mtu; @@ -1084,10 +1076,6 @@ int s_server_main(int argc, char *argv[]) int tfo = 0; int cert_comp = 0; int enable_server_rpk = 0; -#ifndef OPENSSL_NO_VCAUTHTLS - EVP_PKEY *vc = NULL; - EVP_PKEY *did = NULL; -#endif /* Init of few remaining global variables */ local_argc = argc; @@ -1726,6 +1714,11 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_err, "Can only use -listen with DTLS\n"); goto end; } + + if (rev && socket_type == SOCK_DGRAM) { + BIO_printf(bio_err, "Can't use -rev with DTLS\n"); + goto end; + } #endif if (tfo && socket_type != SOCK_STREAM) { @@ -1794,17 +1787,6 @@ int s_server_main(int argc, char *argv[]) goto end; if (nocert == 0) { -#ifndef OPENSSL_NO_VCAUTHTLS - did = load_key(s_key_file, s_key_format, 0, pass, engine, - "server DID document and private key" ); - if (did == NULL) - goto end; - - vc = load_key(s_cert_file, s_key_format, 0, pass, engine, - "server VC" ); - if (vc == NULL) - goto end; -#else s_key = load_key(s_key_file, s_key_format, 0, pass, engine, "server certificate private key"); if (s_key == NULL) @@ -1833,7 +1815,6 @@ int s_server_main(int argc, char *argv[]) if (s_cert2 == NULL) goto end; } -#endif } #if !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto_neg_in) { @@ -2174,13 +2155,8 @@ int s_server_main(int argc, char *argv[]) EVP_PKEY_free(dhpkey); } -#ifndef OPENSSL_NO_VCAUTHTLS - if(!set_vc_did_stuff(ctx, vc, did)) - goto end; -#else if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) goto end; -#endif if (s_serverinfo_file != NULL && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) { @@ -2317,29 +2293,15 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_s_out, "Error compressing certs on ctx2\n"); } if (enable_server_rpk) -#ifndef OPENSSL_NO_VCAUTHTLS - if (!SSL_CTX_set1_server_cert_type(ctx, cert_type_vc, sizeof(cert_type_vc))) { - BIO_printf(bio_s_out, "Error setting server certificate types\n"); - goto end; - } -#else if (!SSL_CTX_set1_server_cert_type(ctx, cert_type_rpk, sizeof(cert_type_rpk))) { BIO_printf(bio_s_out, "Error setting server certificate types\n"); goto end; } -#endif if (enable_client_rpk) -#ifndef OPENSSL_NO_VCAUTHTLS - if (!SSL_CTX_set1_client_cert_type(ctx, cert_type_vc, sizeof(cert_type_vc))) { - BIO_printf(bio_s_out, "Error setting server certificate types\n"); - goto end; - } -#else if (!SSL_CTX_set1_client_cert_type(ctx, cert_type_rpk, sizeof(cert_type_rpk))) { BIO_printf(bio_s_out, "Error setting server certificate types\n"); goto end; } -#endif if (rev) server_cb = rev_body; @@ -2395,10 +2357,6 @@ int s_server_main(int argc, char *argv[]) bio_s_msg = NULL; #ifdef CHARSET_EBCDIC BIO_meth_free(methods_ebcdic); -#endif -#ifndef OPENSSL_NO_VCAUTHTLS - EVP_PKEY_free(vc); - EVP_PKEY_free(did); #endif return ret; } diff --git a/apps/smime.c b/apps/smime.c index 88b0475d2d4fd0..b59e14b0b5ed6f 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -484,7 +484,8 @@ int smime_main(int argc, char **argv) "recipient certificate file"); if (cert == NULL) goto end; - sk_X509_push(encerts, cert); + if (!sk_X509_push(encerts, cert)) + goto end; cert = NULL; argv++; } diff --git a/crypto/aes/build.info b/crypto/aes/build.info index aff318b34e0b0e..c4e7e87de9e2ab 100644 --- a/crypto/aes/build.info +++ b/crypto/aes/build.info @@ -38,7 +38,11 @@ IF[{- !$disabled{asm} -}] $AESASM_parisc20_64=$AESASM_parisc11 $AESDEF_parisc20_64=$AESDEF_parisc11 - $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s + IF[{- $target{sys_id} ne "AIX" && $target{sys_id} ne "MACOSX" -}] + $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s + ELSE + $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s + ENDIF $AESDEF_ppc32=AES_ASM VPAES_ASM $AESASM_ppc64=$AESASM_ppc32 $AESDEF_ppc64=$AESDEF_ppc32 diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 7d80798655f1c4..c8170e16267d4a 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -139,7 +139,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if (*out) { free_out = 0; dest = *out; - ASN1_STRING_set0(dest, NULL, 0); + ASN1_STRING_set0(dest, NULL, 0); dest->type = str_type; } else { free_out = 1; @@ -153,6 +153,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, /* If both the same type just copy across */ if (inform == outform) { if (!ASN1_STRING_set(dest, in, len)) { + if (free_out) { + ASN1_STRING_free(dest); + *out = NULL; + } ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); return -1; } @@ -183,8 +187,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, break; } if ((p = OPENSSL_malloc(outlen + 1)) == NULL) { - if (free_out) + if (free_out) { ASN1_STRING_free(dest); + *out = NULL; + } return -1; } dest->length = outlen; diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index f1702f262ef8a9..931e2854d6d341 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -295,16 +295,22 @@ ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) tmps->type = type; p = (char*)tmps->data; - if (type == V_ASN1_GENERALIZEDTIME) + if (ts->tm_mon > INT_MAX - 1) + goto err; + + if (type == V_ASN1_GENERALIZEDTIME) { + if (ts->tm_year > INT_MAX - 1900) + goto err; tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900, ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec); - else + } else { tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100, ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec); + } #ifdef CHARSET_EBCDIC ebcdic2ascii(tmps->data, tmps->data, tmps->length); diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 6f816307afd4d6..1e183f4f18aa5c 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -67,6 +67,10 @@ static int do_create(const char *value, const char *name) if (p == NULL) { ln = name; ostr = value; + } else if (p == value) { + /* we started with a leading comma */ + ln = name; + ostr = p + 1; } else { ln = value; ostr = p + 1; diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c index 515d8181b692ed..93c6f61bd95b51 100644 --- a/crypto/asn1/asn_mstbl.c +++ b/crypto/asn1/asn_mstbl.c @@ -72,6 +72,8 @@ static int do_tcreate(const char *value, const char *name) goto err; for (i = 0; i < sk_CONF_VALUE_num(lst); i++) { cnf = sk_CONF_VALUE_value(lst, i); + if (cnf->value == NULL) + goto err; if (strcmp(cnf->name, "min") == 0) { tbl_min = strtoul(cnf->value, &eptr, 0); if (*eptr) @@ -98,7 +100,9 @@ static int do_tcreate(const char *value, const char *name) if (rv == 0) { if (cnf) ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, - "field=%s, value=%s", cnf->name, cnf->value); + "field=%s, value=%s", cnf->name, + cnf->value != NULL ? cnf->value + : value); else ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, "name=%s, value=%s", name, value); diff --git a/crypto/bio/bio_sock.c b/crypto/bio/bio_sock.c index 3c8b28501ca8a8..ee3ee5b78fda22 100644 --- a/crypto/bio/bio_sock.c +++ b/crypto/bio/bio_sock.c @@ -354,7 +354,7 @@ int BIO_socket_nbio(int s, int mode) int l; l = mode; -# if defined(FIONBIO) && !defined(OPENSSL_SYS_TANDEM) +# ifdef FIONBIO l = mode; ret = BIO_socket_ioctl(s, FIONBIO, &l); diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 5195634fdfa766..62a76d0b4ad55d 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -61,6 +61,11 @@ # define NO_RECVMMSG # endif # endif +# if defined(__GNU__) + /* GNU/Hurd does not have IP_PKTINFO yet */ + #undef NO_RECVMSG + #define NO_RECVMSG +# endif # if !defined(M_METHOD) # if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG) # define M_METHOD M_METHOD_WSARECVMSG diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 83e1f11e181ce2..444c5ca7a37554 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -730,14 +730,20 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { BIGNUM *b = NULL; int ret = 0; + int numbits; BN_CTX_start(ctx); if ((b = BN_CTX_get(ctx)) == NULL) goto err; + /* Fail on a non-sensical input p value */ + numbits = BN_num_bits(p); + if (numbits <= 1) + goto err; + /* generate blinding value */ do { - if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1, + if (!BN_priv_rand_ex(b, numbits - 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; } while (BN_is_zero(b)); diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index c1dbed05984fc2..bc864346fb69d2 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -319,6 +319,28 @@ static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top) # endif #endif /* BN_BITS2 != 64 */ +#ifdef NIST_INT64 +/* Helpers to load/store a 32-bit word (uint32_t) from/into a memory + * location and avoid potential aliasing issue. */ +static ossl_inline uint32_t load_u32(const void *ptr) +{ + uint32_t tmp; + + memcpy(&tmp, ptr, sizeof(tmp)); + return tmp; +} + +static ossl_inline void store_lo32(void *ptr, NIST_INT64 val) +{ + /* A cast is needed for big-endian system: on a 32-bit BE system + * NIST_INT64 may be defined as well if the compiler supports 64-bit + * long long. */ + uint32_t tmp = (uint32_t)val; + + memcpy(ptr, &tmp, sizeof(tmp)); +} +#endif /* NIST_INT64 */ + #define nist_set_192(to, from, a1, a2, a3) \ { \ bn_cp_64(to, 0, from, (a3) - 3) \ @@ -374,42 +396,42 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; - acc = rp[0]; + acc = load_u32(&rp[0]); acc += bp[3 * 2 - 6]; acc += bp[5 * 2 - 6]; - rp[0] = (unsigned int)acc; + store_lo32(&rp[0], acc); acc >>= 32; - acc += rp[1]; + acc += load_u32(&rp[1]); acc += bp[3 * 2 - 5]; acc += bp[5 * 2 - 5]; - rp[1] = (unsigned int)acc; + store_lo32(&rp[1], acc); acc >>= 32; - acc += rp[2]; + acc += load_u32(&rp[2]); acc += bp[3 * 2 - 6]; acc += bp[4 * 2 - 6]; acc += bp[5 * 2 - 6]; - rp[2] = (unsigned int)acc; + store_lo32(&rp[2], acc); acc >>= 32; - acc += rp[3]; + acc += load_u32(&rp[3]); acc += bp[3 * 2 - 5]; acc += bp[4 * 2 - 5]; acc += bp[5 * 2 - 5]; - rp[3] = (unsigned int)acc; + store_lo32(&rp[3], acc); acc >>= 32; - acc += rp[4]; + acc += load_u32(&rp[4]); acc += bp[4 * 2 - 6]; acc += bp[5 * 2 - 6]; - rp[4] = (unsigned int)acc; + store_lo32(&rp[4], acc); acc >>= 32; - acc += rp[5]; + acc += load_u32(&rp[5]); acc += bp[4 * 2 - 5]; acc += bp[5 * 2 - 5]; - rp[5] = (unsigned int)acc; + store_lo32(&rp[5], acc); carry = (int)(acc >> 32); } @@ -683,36 +705,36 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; - acc = rp[0]; + acc = load_u32(&rp[0]); acc += bp[8 - 8]; acc += bp[9 - 8]; acc -= bp[11 - 8]; acc -= bp[12 - 8]; acc -= bp[13 - 8]; acc -= bp[14 - 8]; - rp[0] = (unsigned int)acc; + store_lo32(&rp[0], acc); acc >>= 32; - acc += rp[1]; + acc += load_u32(&rp[1]); acc += bp[9 - 8]; acc += bp[10 - 8]; acc -= bp[12 - 8]; acc -= bp[13 - 8]; acc -= bp[14 - 8]; acc -= bp[15 - 8]; - rp[1] = (unsigned int)acc; + store_lo32(&rp[1], acc); acc >>= 32; - acc += rp[2]; + acc += load_u32(&rp[2]); acc += bp[10 - 8]; acc += bp[11 - 8]; acc -= bp[13 - 8]; acc -= bp[14 - 8]; acc -= bp[15 - 8]; - rp[2] = (unsigned int)acc; + store_lo32(&rp[2], acc); acc >>= 32; - acc += rp[3]; + acc += load_u32(&rp[3]); acc += bp[11 - 8]; acc += bp[11 - 8]; acc += bp[12 - 8]; @@ -721,10 +743,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, acc -= bp[15 - 8]; acc -= bp[8 - 8]; acc -= bp[9 - 8]; - rp[3] = (unsigned int)acc; + store_lo32(&rp[3], acc); acc >>= 32; - acc += rp[4]; + acc += load_u32(&rp[4]); acc += bp[12 - 8]; acc += bp[12 - 8]; acc += bp[13 - 8]; @@ -732,10 +754,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, acc += bp[14 - 8]; acc -= bp[9 - 8]; acc -= bp[10 - 8]; - rp[4] = (unsigned int)acc; + store_lo32(&rp[4], acc); acc >>= 32; - acc += rp[5]; + acc += load_u32(&rp[5]); acc += bp[13 - 8]; acc += bp[13 - 8]; acc += bp[14 - 8]; @@ -743,10 +765,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, acc += bp[15 - 8]; acc -= bp[10 - 8]; acc -= bp[11 - 8]; - rp[5] = (unsigned int)acc; + store_lo32(&rp[5], acc); acc >>= 32; - acc += rp[6]; + acc += load_u32(&rp[6]); acc += bp[14 - 8]; acc += bp[14 - 8]; acc += bp[15 - 8]; @@ -755,10 +777,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, acc += bp[13 - 8]; acc -= bp[8 - 8]; acc -= bp[9 - 8]; - rp[6] = (unsigned int)acc; + store_lo32(&rp[6], acc); acc >>= 32; - acc += rp[7]; + acc += load_u32(&rp[7]); acc += bp[15 - 8]; acc += bp[15 - 8]; acc += bp[15 - 8]; @@ -767,7 +789,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, acc -= bp[11 - 8]; acc -= bp[12 - 8]; acc -= bp[13 - 8]; - rp[7] = (unsigned int)acc; + store_lo32(&rp[7], acc); carry = (int)(acc >> 32); } @@ -920,32 +942,32 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; - acc = rp[0]; + acc = load_u32(&rp[0]); acc += bp[12 - 12]; acc += bp[21 - 12]; acc += bp[20 - 12]; acc -= bp[23 - 12]; - rp[0] = (unsigned int)acc; + store_lo32(&rp[0], acc); acc >>= 32; - acc += rp[1]; + acc += load_u32(&rp[1]); acc += bp[13 - 12]; acc += bp[22 - 12]; acc += bp[23 - 12]; acc -= bp[12 - 12]; acc -= bp[20 - 12]; - rp[1] = (unsigned int)acc; + store_lo32(&rp[1], acc); acc >>= 32; - acc += rp[2]; + acc += load_u32(&rp[2]); acc += bp[14 - 12]; acc += bp[23 - 12]; acc -= bp[13 - 12]; acc -= bp[21 - 12]; - rp[2] = (unsigned int)acc; + store_lo32(&rp[2], acc); acc >>= 32; - acc += rp[3]; + acc += load_u32(&rp[3]); acc += bp[15 - 12]; acc += bp[12 - 12]; acc += bp[20 - 12]; @@ -953,10 +975,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, acc -= bp[14 - 12]; acc -= bp[22 - 12]; acc -= bp[23 - 12]; - rp[3] = (unsigned int)acc; + store_lo32(&rp[3], acc); acc >>= 32; - acc += rp[4]; + acc += load_u32(&rp[4]); acc += bp[21 - 12]; acc += bp[21 - 12]; acc += bp[16 - 12]; @@ -967,10 +989,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, acc -= bp[15 - 12]; acc -= bp[23 - 12]; acc -= bp[23 - 12]; - rp[4] = (unsigned int)acc; + store_lo32(&rp[4], acc); acc >>= 32; - acc += rp[5]; + acc += load_u32(&rp[5]); acc += bp[22 - 12]; acc += bp[22 - 12]; acc += bp[17 - 12]; @@ -979,10 +1001,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, acc += bp[21 - 12]; acc += bp[23 - 12]; acc -= bp[16 - 12]; - rp[5] = (unsigned int)acc; + store_lo32(&rp[5], acc); acc >>= 32; - acc += rp[6]; + acc += load_u32(&rp[6]); acc += bp[23 - 12]; acc += bp[23 - 12]; acc += bp[18 - 12]; @@ -990,48 +1012,48 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, acc += bp[14 - 12]; acc += bp[22 - 12]; acc -= bp[17 - 12]; - rp[6] = (unsigned int)acc; + store_lo32(&rp[6], acc); acc >>= 32; - acc += rp[7]; + acc += load_u32(&rp[7]); acc += bp[19 - 12]; acc += bp[16 - 12]; acc += bp[15 - 12]; acc += bp[23 - 12]; acc -= bp[18 - 12]; - rp[7] = (unsigned int)acc; + store_lo32(&rp[7], acc); acc >>= 32; - acc += rp[8]; + acc += load_u32(&rp[8]); acc += bp[20 - 12]; acc += bp[17 - 12]; acc += bp[16 - 12]; acc -= bp[19 - 12]; - rp[8] = (unsigned int)acc; + store_lo32(&rp[8], acc); acc >>= 32; - acc += rp[9]; + acc += load_u32(&rp[9]); acc += bp[21 - 12]; acc += bp[18 - 12]; acc += bp[17 - 12]; acc -= bp[20 - 12]; - rp[9] = (unsigned int)acc; + store_lo32(&rp[9], acc); acc >>= 32; - acc += rp[10]; + acc += load_u32(&rp[10]); acc += bp[22 - 12]; acc += bp[19 - 12]; acc += bp[18 - 12]; acc -= bp[21 - 12]; - rp[10] = (unsigned int)acc; + store_lo32(&rp[10], acc); acc >>= 32; - acc += rp[11]; + acc += load_u32(&rp[11]); acc += bp[23 - 12]; acc += bp[20 - 12]; acc += bp[19 - 12]; acc -= bp[22 - 12]; - rp[11] = (unsigned int)acc; + store_lo32(&rp[11], acc); carry = (int)(acc >> 32); } diff --git a/crypto/chacha/asm/chacha-loongarch64.pl b/crypto/chacha/asm/chacha-loongarch64.pl index ea9cc7ecce237b..0a194dd7990094 100644 --- a/crypto/chacha/asm/chacha-loongarch64.pl +++ b/crypto/chacha/asm/chacha-loongarch64.pl @@ -17,6 +17,14 @@ my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$x)=map("\$r$_",(12..21)); my ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8)=map("\$r$_",(23..31)); +# The saved floating-point registers in the LP64D ABI. In LoongArch +# with vector extension, the low 64 bits of a vector register alias with +# the corresponding FPR. So we must save and restore the corresponding +# FPR if we'll write into a vector register. The ABI only requires +# saving and restoring the FPR (i.e. 64 bits of the corresponding vector +# register), not the entire vector register. +my ($fs0,$fs1,$fs2,$fs3,$fs4,$fs5,$fs6,$fs7)=map("\$f$_",(24..31)); + # Here is the 128-bit vector register layout for LSX extension. my ($vr0,$vr1,$vr2,$vr3,$vr4,$vr5,$vr6,$vr7,$vr8,$vr9,$vr10, $vr11,$vr12,$vr13,$vr14,$vr15,$vr16,$vr17,$vr18,$vr19, @@ -63,16 +71,29 @@ # $a4 = arg #5 (counter array) beqz $len,.Lno_data + ori $t3,$zero,64 la.pcrel $t0,OPENSSL_loongarch_hwcap_P ld.w $t0,$t0,0 + bleu $len,$t3,.LChaCha20_1x # goto 1x when len <= 64 + + andi $t0,$t0,LOONGARCH_HWCAP_LASX | LOONGARCH_HWCAP_LSX + beqz $t0,.LChaCha20_1x + + addi.d $sp,$sp,-64 + fst.d $fs0,$sp,0 + fst.d $fs1,$sp,8 + fst.d $fs2,$sp,16 + fst.d $fs3,$sp,24 + fst.d $fs4,$sp,32 + fst.d $fs5,$sp,40 + fst.d $fs6,$sp,48 + fst.d $fs7,$sp,56 + andi $t1,$t0,LOONGARCH_HWCAP_LASX bnez $t1,.LChaCha20_8x - andi $t2,$t0,LOONGARCH_HWCAP_LSX - bnez $t2,.LChaCha20_4x - - b .LChaCha20_1x + b .LChaCha20_4x EOF @@ -441,9 +462,6 @@ sub ROUND_4x { $code .= < #include #include -#include "cms_local.h" #include "internal/nelem.h" +#include "crypto/x509.h" +#include "cms_local.h" /*- * Attribute flags. @@ -94,7 +95,7 @@ X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) { - if (X509at_add1_attr(&si->signedAttrs, attr)) + if (ossl_x509at_add1_attr(&si->signedAttrs, attr)) return 1; return 0; } @@ -103,7 +104,7 @@ int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) + if (ossl_x509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) return 1; return 0; } @@ -111,7 +112,7 @@ int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) + if (ossl_x509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) return 1; return 0; } @@ -120,7 +121,8 @@ int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len)) + if (ossl_x509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, + len)) return 1; return 0; } @@ -161,7 +163,7 @@ X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) { - if (X509at_add1_attr(&si->unsignedAttrs, attr)) + if (ossl_x509at_add1_attr(&si->unsignedAttrs, attr)) return 1; return 0; } @@ -170,7 +172,7 @@ int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) + if (ossl_x509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) return 1; return 0; } @@ -179,7 +181,7 @@ int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) + if (ossl_x509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) return 1; return 0; } @@ -188,8 +190,8 @@ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, - type, bytes, len)) + if (ossl_x509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, + type, bytes, len)) return 1; return 0; } diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c index e3e9a220fd8edd..31436d4d687237 100644 --- a/crypto/cms/cms_rsa.c +++ b/crypto/cms/cms_rsa.c @@ -99,8 +99,10 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) goto err; if (label != NULL - && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) + && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) { + OPENSSL_free(label); goto err; + } /* Carry on */ rv = 1; diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index 68ee90b97055e7..9f1309c507c5bd 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,6 +41,8 @@ static const ERR_STRING_DATA CONF_str_reasons[] = { "openssl conf references missing section"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE), "recursive directory include"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_SECTION_REFERENCE), + "recursive section reference"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RELATIVE_PATH), "relative path"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY), "ssl command section empty"}, diff --git a/crypto/ec/asm/ecp_sm2p256-armv8.pl b/crypto/ec/asm/ecp_sm2p256-armv8.pl index 50950865e43402..62fadc0454afe4 100644 --- a/crypto/ec/asm/ecp_sm2p256-armv8.pl +++ b/crypto/ec/asm/ecp_sm2p256-armv8.pl @@ -28,44 +28,44 @@ sub bn_mod_add() { my $mod = shift; $code.=<<___; - # Load inputs + // Load inputs ldp $s0,$s1,[x1] ldp $s2,$s3,[x1,#16] ldp $s4,$s5,[x2] ldp $s6,$s7,[x2,#16] - # Addition + // Addition adds $s0,$s0,$s4 adcs $s1,$s1,$s5 adcs $s2,$s2,$s6 adcs $s3,$s3,$s7 adc $t4,xzr,xzr - # Load polynomial + // Load polynomial adr x2,$mod ldp $s4,$s5,[x2] ldp $s6,$s7,[x2,#16] - # Backup Addition + // Backup Addition mov $t0,$s0 mov $t1,$s1 mov $t2,$s2 mov $t3,$s3 - # Sub polynomial + // Sub polynomial subs $t0,$t0,$s4 sbcs $t1,$t1,$s5 sbcs $t2,$t2,$s6 sbcs $t3,$t3,$s7 sbcs $t4,$t4,xzr - # Select based on carry + // Select based on carry csel $s0,$s0,$t0,cc csel $s1,$s1,$t1,cc csel $s2,$s2,$t2,cc csel $s3,$s3,$t3,cc - # Store results + // Store results stp $s0,$s1,[x0] stp $s2,$s3,[x0,#16] ___ @@ -74,44 +74,44 @@ () sub bn_mod_sub() { my $mod = shift; $code.=<<___; - # Load inputs + // Load inputs ldp $s0,$s1,[x1] ldp $s2,$s3,[x1,#16] ldp $s4,$s5,[x2] ldp $s6,$s7,[x2,#16] - # Subtraction + // Subtraction subs $s0,$s0,$s4 sbcs $s1,$s1,$s5 sbcs $s2,$s2,$s6 sbcs $s3,$s3,$s7 sbc $t4,xzr,xzr - # Load polynomial + // Load polynomial adr x2,$mod ldp $s4,$s5,[x2] ldp $s6,$s7,[x2,#16] - # Backup subtraction + // Backup subtraction mov $t0,$s0 mov $t1,$s1 mov $t2,$s2 mov $t3,$s3 - # Add polynomial + // Add polynomial adds $t0,$t0,$s4 adcs $t1,$t1,$s5 adcs $t2,$t2,$s6 adcs $t3,$t3,$s7 tst $t4,$t4 - # Select based on carry + // Select based on carry csel $s0,$s0,$t0,eq csel $s1,$s1,$t1,eq csel $s2,$s2,$t2,eq csel $s3,$s3,$t3,eq - # Store results + // Store results stp $s0,$s1,[x0] stp $s2,$s3,[x0,#16] ___ @@ -120,38 +120,38 @@ () sub bn_mod_div_by_2() { my $mod = shift; $code.=<<___; - # Load inputs + // Load inputs ldp $s0,$s1,[x1] ldp $s2,$s3,[x1,#16] - # Save the least significant bit + // Save the least significant bit mov $t0,$s0 - # Right shift 1 + // Right shift 1 extr $s0,$s1,$s0,#1 extr $s1,$s2,$s1,#1 extr $s2,$s3,$s2,#1 lsr $s3,$s3,#1 - # Load mod + // Load mod adr x2,$mod ldp $s4,$s5,[x2] ldp $s6,$s7,[x2,#16] - # Parity check + // Parity check tst $t0,#1 csel $s4,xzr,$s4,eq csel $s5,xzr,$s5,eq csel $s6,xzr,$s6,eq csel $s7,xzr,$s7,eq - # Add + // Add adds $s0,$s0,$s4 adcs $s1,$s1,$s5 adcs $s2,$s2,$s6 adc $s3,$s3,$s7 - # Store results + // Store results stp $s0,$s1,[x0] stp $s2,$s3,[x0,#16] ___ @@ -183,17 +183,17 @@ () .align 5 bn_rshift1: AARCH64_VALID_CALL_TARGET - # Load inputs + // Load inputs ldp $s0,$s1,[x0] ldp $s2,$s3,[x0,#16] - # Right shift + // Right shift extr $s0,$s1,$s0,#1 extr $s1,$s2,$s1,#1 extr $s2,$s3,$s2,#1 lsr $s3,$s3,#1 - # Store results + // Store results stp $s0,$s1,[x0] stp $s2,$s3,[x0,#16] @@ -206,19 +206,19 @@ () .align 5 bn_sub: AARCH64_VALID_CALL_TARGET - # Load inputs + // Load inputs ldp $s0,$s1,[x1] ldp $s2,$s3,[x1,#16] ldp $s4,$s5,[x2] ldp $s6,$s7,[x2,#16] - # Subtraction + // Subtraction subs $s0,$s0,$s4 sbcs $s1,$s1,$s5 sbcs $s2,$s2,$s6 sbc $s3,$s3,$s7 - # Store results + // Store results stp $s0,$s1,[x0] stp $s2,$s3,[x0,#16] @@ -255,11 +255,11 @@ () .align 5 ecp_sm2p256_mul_by_3: AARCH64_VALID_CALL_TARGET - # Load inputs + // Load inputs ldp $s0,$s1,[x1] ldp $s2,$s3,[x1,#16] - # 2*a + // 2*a adds $s0,$s0,$s0 adcs $s1,$s1,$s1 adcs $s2,$s2,$s2 @@ -271,7 +271,7 @@ () mov $t2,$s2 mov $t3,$s3 - # Sub polynomial + // Sub polynomial adr x2,.Lpoly ldp $s4,$s5,[x2] ldp $s6,$s7,[x2,#16] @@ -287,7 +287,7 @@ () csel $s3,$s3,$t3,cs eor $t4,$t4,$t4 - # 3*a + // 3*a ldp $s4,$s5,[x1] ldp $s6,$s7,[x1,#16] adds $s0,$s0,$s4 @@ -301,7 +301,7 @@ () mov $t2,$s2 mov $t3,$s3 - # Sub polynomial + // Sub polynomial adr x2,.Lpoly ldp $s4,$s5,[x2] ldp $s6,$s7,[x2,#16] @@ -316,7 +316,7 @@ () csel $s2,$s2,$t2,cs csel $s3,$s3,$t3,cs - # Store results + // Store results stp $s0,$s1,[x0] stp $s2,$s3,[x0,#16] @@ -360,45 +360,45 @@ () .size ecp_sm2p256_sub_mod_ord,.-ecp_sm2p256_sub_mod_ord .macro RDC - # a = | s7 | ... | s0 |, where si are 64-bit quantities - # = |a15|a14| ... |a1|a0|, where ai are 32-bit quantities - # | s7 | s6 | s5 | s4 | - # | a15 | a14 | a13 | a12 | a11 | a10 | a9 | a8 | - # | s3 | s2 | s1 | s0 | - # | a7 | a6 | a5 | a4 | a3 | a2 | a1 | a0 | - # ================================================= - # | a8 | a11 | a10 | a9 | a8 | 0 | s4 | (+) - # | a9 | a15 | s6 | a11 | 0 | a10 | a9 | (+) - # | a10 | 0 | a14 | a13 | a12 | 0 | s5 | (+) - # | a11 | 0 | s7 | a13 | 0 | a12 | a11 | (+) - # | a12 | 0 | s7 | a13 | 0 | s6 | (+) - # | a12 | 0 | 0 | a15 | a14 | 0 | a14 | a13 | (+) - # | a13 | 0 | 0 | 0 | a15 | 0 | a14 | a13 | (+) - # | a13 | 0 | 0 | 0 | 0 | 0 | s7 | (+) - # | a14 | 0 | 0 | 0 | 0 | 0 | s7 | (+) - # | a14 | 0 | 0 | 0 | 0 | 0 | 0 | a15 | (+) - # | a15 | 0 | 0 | 0 | 0 | 0 | 0 | a15 | (+) - # | a15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | (+) - # | s7 | 0 | 0 | 0 | 0 | 0 | 0 | (+) - # | 0 | 0 | 0 | 0 | 0 | a8 | 0 | 0 | (-) - # | 0 | 0 | 0 | 0 | 0 | a9 | 0 | 0 | (-) - # | 0 | 0 | 0 | 0 | 0 | a13 | 0 | 0 | (-) - # | 0 | 0 | 0 | 0 | 0 | a14 | 0 | 0 | (-) - # | U[7]| U[6]| U[5]| U[4]| U[3]| U[2]| U[1]| U[0]| - # | V[3] | V[2] | V[1] | V[0] | - - # 1. 64-bit addition - # t2=s6+s7+s7 + // a = | s7 | ... | s0 |, where si are 64-bit quantities + // = |a15|a14| ... |a1|a0|, where ai are 32-bit quantities + // | s7 | s6 | s5 | s4 | + // | a15 | a14 | a13 | a12 | a11 | a10 | a9 | a8 | + // | s3 | s2 | s1 | s0 | + // | a7 | a6 | a5 | a4 | a3 | a2 | a1 | a0 | + // ================================================= + // | a8 | a11 | a10 | a9 | a8 | 0 | s4 | (+) + // | a9 | a15 | s6 | a11 | 0 | a10 | a9 | (+) + // | a10 | 0 | a14 | a13 | a12 | 0 | s5 | (+) + // | a11 | 0 | s7 | a13 | 0 | a12 | a11 | (+) + // | a12 | 0 | s7 | a13 | 0 | s6 | (+) + // | a12 | 0 | 0 | a15 | a14 | 0 | a14 | a13 | (+) + // | a13 | 0 | 0 | 0 | a15 | 0 | a14 | a13 | (+) + // | a13 | 0 | 0 | 0 | 0 | 0 | s7 | (+) + // | a14 | 0 | 0 | 0 | 0 | 0 | s7 | (+) + // | a14 | 0 | 0 | 0 | 0 | 0 | 0 | a15 | (+) + // | a15 | 0 | 0 | 0 | 0 | 0 | 0 | a15 | (+) + // | a15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | (+) + // | s7 | 0 | 0 | 0 | 0 | 0 | 0 | (+) + // | 0 | 0 | 0 | 0 | 0 | a8 | 0 | 0 | (-) + // | 0 | 0 | 0 | 0 | 0 | a9 | 0 | 0 | (-) + // | 0 | 0 | 0 | 0 | 0 | a13 | 0 | 0 | (-) + // | 0 | 0 | 0 | 0 | 0 | a14 | 0 | 0 | (-) + // | U[7]| U[6]| U[5]| U[4]| U[3]| U[2]| U[1]| U[0]| + // | V[3] | V[2] | V[1] | V[0] | + + // 1. 64-bit addition + // t2=s6+s7+s7 adds $t2,$s6,$s7 adcs $t1,xzr,xzr adds $t2,$t2,$s7 adcs $t1,$t1,xzr - # t3=s4+s5+t2 + // t3=s4+s5+t2 adds $t3,$s4,$t2 adcs $t4,$t1,xzr adds $t3,$t3,$s5 adcs $t4,$t4,xzr - # sum + // sum adds $s0,$s0,$t3 adcs $s1,$s1,$t4 adcs $s2,$s2,$t2 @@ -410,7 +410,7 @@ () stp $s0,$s1,[sp,#32] stp $s2,$s3,[sp,#48] - # 2. 64-bit to 32-bit spread + // 2. 64-bit to 32-bit spread mov $t1,#0xffffffff mov $s0,$s4 mov $s1,$s5 @@ -425,7 +425,7 @@ () lsr $s6,$s6,#32 // a13 lsr $s7,$s7,#32 // a15 - # 3. 32-bit addition + // 3. 32-bit addition add $t1,$a14,$a12 // t1 <- a12 + a14 add $t2,$a15,$a13 // t2 <- a13 + a15 add $t3,$a8,$a9 // t3 <- a8 + a9 @@ -446,53 +446,53 @@ () add $a11,$a11,$t2 // a11 <- a9 + a11 + 2*(a13 + a15) add $t1,$t1,$t4 // t1 <- a10 + a12 + 2*a14 - # U[0] s5 a9 + a11 + 2*(a13 + a15) - # U[1] t1 a10 + a12 + 2*a14 - # U[2] -t3 a8 + a9 + a13 + a14 - # U[3] s2 a8 + a11 + a12 + 2*a13 + a14 + a15 - # U[4] s4 a9 + a13 + a15 - # U[5] t4 a10 + a14 - # U[6] s7 a11 + a15 - # U[7] s1 a8 + a9 + a10 + a11 + 2*(a12 + a13 + a14 + a15) + // U[0] s5 a9 + a11 + 2*(a13 + a15) + // U[1] t1 a10 + a12 + 2*a14 + // U[2] -t3 a8 + a9 + a13 + a14 + // U[3] s2 a8 + a11 + a12 + 2*a13 + a14 + a15 + // U[4] s4 a9 + a13 + a15 + // U[5] t4 a10 + a14 + // U[6] s7 a11 + a15 + // U[7] s1 a8 + a9 + a10 + a11 + 2*(a12 + a13 + a14 + a15) - # 4. 32-bit to 64-bit + // 4. 32-bit to 64-bit lsl $s0,$t1,#32 extr $t1,$s2,$t1,#32 extr $s2,$t4,$s2,#32 extr $t4,$s1,$t4,#32 lsr $s1,$s1,#32 - # 5. 64-bit addition + // 5. 64-bit addition adds $s5,$s5,$s0 adcs $t1,$t1,xzr adcs $s4,$s4,$s2 adcs $s7,$s7,$t4 adcs $t0,$t0,$s1 - # V[0] s5 - # V[1] t1 - # V[2] s4 - # V[3] s7 - # carry t0 - # sub t3 + // V[0] s5 + // V[1] t1 + // V[2] s4 + // V[3] s7 + // carry t0 + // sub t3 - # 5. Process s0-s3 + // 5. Process s0-s3 ldp $s0,$s1,[sp,#32] ldp $s2,$s3,[sp,#48] - # add with V0-V3 + // add with V0-V3 adds $s0,$s0,$s5 adcs $s1,$s1,$t1 adcs $s2,$s2,$s4 adcs $s3,$s3,$s7 adcs $t0,$t0,xzr - # sub with t3 + // sub with t3 subs $s1,$s1,$t3 sbcs $s2,$s2,xzr sbcs $s3,$s3,xzr sbcs $t0,$t0,xzr - # 6. MOD - # First Mod + // 6. MOD + // First Mod lsl $t1,$t0,#32 subs $t2,$t1,$t0 @@ -501,8 +501,8 @@ () adcs $s2,$s2,xzr adcs $s3,$s3,$t1 - # Last Mod - # return y - p if y > p else y + // Last Mod + // return y - p if y > p else y mov $s4,$s0 mov $s5,$s1 mov $s6,$s2 @@ -533,44 +533,44 @@ () .align 5 ecp_sm2p256_mul: AARCH64_SIGN_LINK_REGISTER - # Store scalar registers + // Store scalar registers stp x29,x30,[sp,#-80]! add x29,sp,#0 stp x16,x17,[sp,#16] stp x18,x19,[sp,#64] - # Load inputs + // Load inputs ldp $s0,$s1,[x1] ldp $s2,$s3,[x1,#16] ldp $s4,$s5,[x2] ldp $s6,$s7,[x2,#16] -### multiplication ### - # ======================== - # s3 s2 s1 s0 - # * s7 s6 s5 s4 - # ------------------------ - # + s0 s0 s0 s0 - # * * * * - # s7 s6 s5 s4 - # s1 s1 s1 s1 - # * * * * - # s7 s6 s5 s4 - # s2 s2 s2 s2 - # * * * * - # s7 s6 s5 s4 - # s3 s3 s3 s3 - # * * * * - # s7 s6 s5 s4 - # ------------------------ - # s7 s6 s5 s4 s3 s2 s1 s0 - # ======================== - -### s0*s4 ### +// ### multiplication ### + // ======================== + // s3 s2 s1 s0 + // * s7 s6 s5 s4 + // ------------------------ + // + s0 s0 s0 s0 + // * * * * + // s7 s6 s5 s4 + // s1 s1 s1 s1 + // * * * * + // s7 s6 s5 s4 + // s2 s2 s2 s2 + // * * * * + // s7 s6 s5 s4 + // s3 s3 s3 s3 + // * * * * + // s7 s6 s5 s4 + // ------------------------ + // s7 s6 s5 s4 s3 s2 s1 s0 + // ======================== + +// ### s0*s4 ### mul $t5,$s0,$s4 umulh $t2,$s0,$s4 -### s1*s4 + s0*s5 ### +// ### s1*s4 + s0*s5 ### mul $t0,$s1,$s4 umulh $t1,$s1,$s4 adds $t2,$t2,$t0 @@ -582,7 +582,7 @@ () adcs $t3,$t3,$t1 adcs $t4,xzr,xzr -### s2*s4 + s1*s5 + s0*s6 ### +// ### s2*s4 + s1*s5 + s0*s6 ### mul $t0,$s2,$s4 umulh $t1,$s2,$s4 adds $t3,$t3,$t0 @@ -600,7 +600,7 @@ () adcs $t4,$t4,$t1 adcs $t6,$t6,xzr -### s3*s4 + s2*s5 + s1*s6 + s0*s7 ### +// ### s3*s4 + s2*s5 + s1*s6 + s0*s7 ### mul $t0,$s3,$s4 umulh $t1,$s3,$s4 adds $t4,$t4,$t0 @@ -625,7 +625,7 @@ () adcs $t6,$t6,$t1 adcs $t7,$t7,xzr -### s3*s5 + s2*s6 + s1*s7 ### +// ### s3*s5 + s2*s6 + s1*s7 ### mul $t0,$s3,$s5 umulh $t1,$s3,$s5 adds $t6,$t6,$t0 @@ -644,7 +644,7 @@ () adcs $t7,$t7,$t1 adcs $t8,$t8,xzr -### s3*s6 + s2*s7 ### +// ### s3*s6 + s2*s7 ### mul $t0,$s3,$s6 umulh $t1,$s3,$s6 adds $t7,$t7,$t0 @@ -657,7 +657,7 @@ () adcs $t8,$t8,$t1 adcs $t6,$t6,xzr -### s3*s7 ### +// ### s3*s7 ### mul $t0,$s3,$s7 umulh $t1,$s3,$s7 adds $s6,$t8,$t0 @@ -668,15 +668,15 @@ () mov $s2,$t3 mov $s3,$t4 - # result of mul: s7 s6 s5 s4 s3 s2 s1 s0 + // result of mul: s7 s6 s5 s4 s3 s2 s1 s0 -### Reduction ### +// ### Reduction ### RDC stp $s0,$s1,[x0] stp $s2,$s3,[x0,#16] - # Restore scalar registers + // Restore scalar registers ldp x16,x17,[sp,#16] ldp x18,x19,[sp,#64] ldp x29,x30,[sp],#80 @@ -692,48 +692,48 @@ () ecp_sm2p256_sqr: AARCH64_SIGN_LINK_REGISTER - # Store scalar registers + // Store scalar registers stp x29,x30,[sp,#-80]! add x29,sp,#0 stp x16,x17,[sp,#16] stp x18,x19,[sp,#64] - # Load inputs + // Load inputs ldp $s4,$s5,[x1] ldp $s6,$s7,[x1,#16] -### square ### - # ======================== - # s7 s6 s5 s4 - # * s7 s6 s5 s4 - # ------------------------ - # + s4 s4 s4 s4 - # * * * * - # s7 s6 s5 s4 - # s5 s5 s5 s5 - # * * * * - # s7 s6 s5 s4 - # s6 s6 s6 s6 - # * * * * - # s7 s6 s5 s4 - # s7 s7 s7 s7 - # * * * * - # s7 s6 s5 s4 - # ------------------------ - # s7 s6 s5 s4 s3 s2 s1 s0 - # ======================== - -### s4*s5 ### +// ### square ### + // ======================== + // s7 s6 s5 s4 + // * s7 s6 s5 s4 + // ------------------------ + // + s4 s4 s4 s4 + // * * * * + // s7 s6 s5 s4 + // s5 s5 s5 s5 + // * * * * + // s7 s6 s5 s4 + // s6 s6 s6 s6 + // * * * * + // s7 s6 s5 s4 + // s7 s7 s7 s7 + // * * * * + // s7 s6 s5 s4 + // ------------------------ + // s7 s6 s5 s4 s3 s2 s1 s0 + // ======================== + +// ### s4*s5 ### mul $s1,$s4,$s5 umulh $s2,$s4,$s5 -### s4*s6 ### +// ### s4*s6 ### mul $t0,$s6,$s4 umulh $s3,$s6,$s4 adds $s2,$s2,$t0 adcs $s3,$s3,xzr -### s4*s7 + s5*s6 ### +// ### s4*s7 + s5*s6 ### mul $t0,$s7,$s4 umulh $t1,$s7,$s4 adds $s3,$s3,$t0 @@ -745,19 +745,19 @@ () adcs $s0,$s0,$t1 adcs $t2,xzr,xzr -### s5*s7 ### +// ### s5*s7 ### mul $t0,$s7,$s5 umulh $t1,$s7,$s5 adds $s0,$s0,$t0 adcs $t2,$t2,$t1 -### s6*s7 ### +// ### s6*s7 ### mul $t0,$s7,$s6 umulh $t1,$s7,$s6 adds $t2,$t2,$t0 adcs $t3,$t1,xzr -### 2*(t3,t2,s0,s3,s2,s1) ### +// ### 2*(t3,t2,s0,s3,s2,s1) ### adds $s1,$s1,$s1 adcs $s2,$s2,$s2 adcs $s3,$s3,$s3 @@ -766,19 +766,19 @@ () adcs $t3,$t3,$t3 adcs $t4,xzr,xzr -### s4*s4 ### +// ### s4*s4 ### mul $t5,$s4,$s4 umulh $t6,$s4,$s4 -### s5*s5 ### +// ### s5*s5 ### mul $s4,$s5,$s5 umulh $s5,$s5,$s5 -### s6*s6 ### +// ### s6*s6 ### mul $t0,$s6,$s6 umulh $t1,$s6,$s6 -### s7*s7 ### +// ### s7*s7 ### mul $t7,$s7,$s7 umulh $t8,$s7,$s7 @@ -796,15 +796,15 @@ () mov $s6,$t3 mov $s7,$t4 - # result of mul: s7 s6 s5 s4 s3 s2 s1 s0 + // result of mul: s7 s6 s5 s4 s3 s2 s1 s0 -### Reduction ### +// ### Reduction ### RDC stp $s0,$s1,[x0] stp $s2,$s3,[x0,#16] - # Restore scalar registers + // Restore scalar registers ldp x16,x17,[sp,#16] ldp x18,x19,[sp,#64] ldp x29,x30,[sp],#80 diff --git a/crypto/ec/ecp_sm2p256.c b/crypto/ec/ecp_sm2p256.c index 6ec42455299b31..7668b61378b629 100644 --- a/crypto/ec/ecp_sm2p256.c +++ b/crypto/ec/ecp_sm2p256.c @@ -40,28 +40,28 @@ typedef struct { #if !defined(OPENSSL_NO_SM2_PRECOMP) /* Coordinates of G, for which we have precomputed tables */ -static const BN_ULONG def_xG[P256_LIMBS] ALIGN32 = { +ALIGN32 static const BN_ULONG def_xG[P256_LIMBS] = { 0x715a4589334c74c7, 0x8fe30bbff2660be1, 0x5f9904466a39c994, 0x32c4ae2c1f198119 }; -static const BN_ULONG def_yG[P256_LIMBS] ALIGN32 = { +ALIGN32 static const BN_ULONG def_yG[P256_LIMBS] = { 0x02df32e52139f0a0, 0xd0a9877cc62a4740, 0x59bdcee36b692153, 0xbc3736a2f4f6779c, }; #endif /* p and order for SM2 according to GB/T 32918.5-2017 */ -static const BN_ULONG def_p[P256_LIMBS] ALIGN32 = { +ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = { 0xffffffffffffffff, 0xffffffff00000000, 0xffffffffffffffff, 0xfffffffeffffffff }; -static const BN_ULONG def_ord[P256_LIMBS] ALIGN32 = { +ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = { 0x53bbf40939d54123, 0x7203df6b21c6052b, 0xffffffffffffffff, 0xfffffffeffffffff }; -static const BN_ULONG ONE[P256_LIMBS] ALIGN32 = {1, 0, 0, 0}; +ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0}; /* Functions implemented in assembly */ /* @@ -139,10 +139,10 @@ static ossl_inline int is_greater(const BN_ULONG *a, const BN_ULONG *b) /* Binary algorithm for inversion in Fp */ #define BN_MOD_INV(out, in, mod_div, mod_sub, mod) \ do { \ - BN_ULONG u[4] ALIGN32; \ - BN_ULONG v[4] ALIGN32; \ - BN_ULONG x1[4] ALIGN32 = {1, 0, 0, 0}; \ - BN_ULONG x2[4] ALIGN32 = {0}; \ + ALIGN32 BN_ULONG u[4]; \ + ALIGN32 BN_ULONG v[4]; \ + ALIGN32 BN_ULONG x1[4] = {1, 0, 0, 0}; \ + ALIGN32 BN_ULONG x2[4] = {0}; \ \ if (is_zeros(in)) \ return; \ @@ -188,9 +188,9 @@ static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out, static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P) { unsigned int i; - BN_ULONG tmp0[P256_LIMBS] ALIGN32; - BN_ULONG tmp1[P256_LIMBS] ALIGN32; - BN_ULONG tmp2[P256_LIMBS] ALIGN32; + ALIGN32 BN_ULONG tmp0[P256_LIMBS]; + ALIGN32 BN_ULONG tmp1[P256_LIMBS]; + ALIGN32 BN_ULONG tmp2[P256_LIMBS]; /* zero-check P->Z */ if (is_zeros(P->Z)) { @@ -225,10 +225,10 @@ static void ecp_sm2p256_point_add_affine(P256_POINT *R, const P256_POINT *P, const P256_POINT_AFFINE *Q) { unsigned int i; - BN_ULONG tmp0[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG tmp1[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG tmp2[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG tmp3[P256_LIMBS] ALIGN32 = {0}; + ALIGN32 BN_ULONG tmp0[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG tmp1[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG tmp2[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG tmp3[P256_LIMBS] = {0}; /* zero-check P->Z */ if (is_zeros(P->Z)) { @@ -288,9 +288,9 @@ static void ecp_sm2p256_point_add(P256_POINT *R, const P256_POINT *P, const P256_POINT *Q) { unsigned int i; - BN_ULONG tmp0[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG tmp1[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG tmp2[P256_LIMBS] ALIGN32 = {0}; + ALIGN32 BN_ULONG tmp0[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG tmp1[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG tmp2[P256_LIMBS] = {0}; /* zero-check P | Q ->Z */ if (is_zeros(P->Z)) { @@ -382,7 +382,7 @@ static void ecp_sm2p256_point_P_mul_by_scalar(P256_POINT *R, const BN_ULONG *k, { int i, init = 0; unsigned int index, mask = 0x0f; - P256_POINT precomputed[16] ALIGN64; + ALIGN64 P256_POINT precomputed[16]; memset(R, 0, sizeof(P256_POINT)); @@ -427,8 +427,8 @@ static void ecp_sm2p256_point_P_mul_by_scalar(P256_POINT *R, const BN_ULONG *k, static void ecp_sm2p256_point_get_affine(P256_POINT_AFFINE *R, const P256_POINT *P) { - BN_ULONG z_inv3[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG z_inv2[P256_LIMBS] ALIGN32 = {0}; + ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0}; if (is_one(P->Z)) { memcpy(R->X, P->X, 32); @@ -461,13 +461,13 @@ static int ecp_sm2p256_get_affine(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { - BN_ULONG z_inv2[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG z_inv3[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG x_aff[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG y_aff[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG point_x[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG point_y[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG point_z[P256_LIMBS] ALIGN32 = {0}; + ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0}; if (EC_POINT_is_at_infinity(group, point)) { ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); @@ -510,7 +510,7 @@ static int ecp_sm2p256_windowed_mul(const EC_GROUP *group, unsigned int i; int ret = 0; const BIGNUM **scalars = NULL; - BN_ULONG k[P256_LIMBS] ALIGN32 = {0}; + ALIGN32 BN_ULONG k[P256_LIMBS] = {0}; P256_POINT kP; ALIGN32 union { P256_POINT p; @@ -572,7 +572,7 @@ static int ecp_sm2p256_points_mul(const EC_GROUP *group, { int ret = 0, p_is_infinity = 0; const EC_POINT *generator = NULL; - BN_ULONG k[P256_LIMBS] ALIGN32 = {0}; + ALIGN32 BN_ULONG k[P256_LIMBS] = {0}; ALIGN32 union { P256_POINT p; P256_POINT_AFFINE a; @@ -646,9 +646,9 @@ static int ecp_sm2p256_points_mul(const EC_GROUP *group, static int ecp_sm2p256_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { - BN_ULONG a_fe[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG b_fe[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG r_fe[P256_LIMBS] ALIGN32 = {0}; + ALIGN32 BN_ULONG a_fe[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG b_fe[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG r_fe[P256_LIMBS] = {0}; if (a == NULL || b == NULL || r == NULL) return 0; @@ -670,8 +670,8 @@ static int ecp_sm2p256_field_mul(const EC_GROUP *group, BIGNUM *r, static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { - BN_ULONG a_fe[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG r_fe[P256_LIMBS] ALIGN32 = {0}; + ALIGN32 BN_ULONG a_fe[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG r_fe[P256_LIMBS] = {0}; if (a == NULL || r == NULL) return 0; @@ -693,8 +693,8 @@ static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, const BIGNUM *x, BN_CTX *ctx) { int ret = 0; - BN_ULONG t[P256_LIMBS] ALIGN32 = {0}; - BN_ULONG out[P256_LIMBS] ALIGN32 = {0}; + ALIGN32 BN_ULONG t[P256_LIMBS] = {0}; + ALIGN32 BN_ULONG out[P256_LIMBS] = {0}; if (bn_wexpand(r, P256_LIMBS) == NULL) { ECerr(ERR_LIB_EC, ERR_R_BN_LIB); diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c index 943a6bb3702a2c..2afa5c706301b1 100644 --- a/crypto/ec/ecx_backend.c +++ b/crypto/ec/ecx_backend.c @@ -114,7 +114,7 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection) return NULL; ret->libctx = key->libctx; - ret->haspubkey = key->haspubkey; + ret->haspubkey = 0; ret->keylen = key->keylen; ret->type = key->type; @@ -127,8 +127,11 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection) goto err; } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 + && key->haspubkey == 1) { memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey)); + ret->haspubkey = 1; + } if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 && key->privkey != NULL) { diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index 24f61fbf1593a5..eb1be1c9805431 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -721,10 +721,9 @@ int ossl_decoder_cache_flush(OSSL_LIB_CTX *libctx) DECODER_CACHE *cache = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DECODER_CACHE_INDEX); - if (cache == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB); + if (cache == NULL) return 0; - } + if (!CRYPTO_THREAD_write_lock(cache->lock)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 5f60bd52d2d466..a30d25e5c570c3 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -424,6 +424,7 @@ CONF_R_NUMBER_TOO_LARGE:121:number too large CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION:124:\ openssl conf references missing section CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include +CONF_R_RECURSIVE_SECTION_REFERENCE:126:recursive section reference CONF_R_RELATIVE_PATH:125:relative path CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 450ebe8a0d37dd..0d61f4e49fda61 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -885,8 +885,6 @@ typedef struct { /* KMO-AES parameter block - end */ } kmo; unsigned int fc; - - int res; } S390X_AES_OFB_CTX; typedef struct { @@ -903,8 +901,6 @@ typedef struct { /* KMF-AES parameter block - end */ } kmf; unsigned int fc; - - int res; } S390X_AES_CFB_CTX; typedef struct { @@ -1068,7 +1064,6 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx, memcpy(cctx->kmo.param.cv, iv, ivlen); memcpy(cctx->kmo.param.k, key, keylen); cctx->fc = S390X_AES_FC(keylen); - cctx->res = 0; return 1; } @@ -1078,7 +1073,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - int n = cctx->res; + int n = ctx->num; int rem; memcpy(cctx->kmo.param.cv, iv, ivlen); @@ -1111,7 +1106,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } memcpy(iv, cctx->kmo.param.cv, ivlen); - cctx->res = n; + ctx->num = n; return 1; } @@ -1137,7 +1132,6 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx, if (!enc) cctx->fc |= S390X_DECRYPT; - cctx->res = 0; memcpy(cctx->kmf.param.cv, iv, ivlen); memcpy(cctx->kmf.param.k, key, keylen); return 1; @@ -1151,7 +1145,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - int n = cctx->res; + int n = ctx->num; int rem; unsigned char tmp; @@ -1197,7 +1191,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } memcpy(iv, cctx->kmf.param.cv, ivlen); - cctx->res = n; + ctx->num = n; return 1; } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index c643ae8f9a028c..7008f425490193 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -318,13 +318,26 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata, * there is a correct name_id and meth_id, since those have * already been calculated in get_evp_method_from_store() and * put_evp_method_in_store() above. + * Note that there is a corner case here, in which, if a user + * passes a name of the form name1:name2:..., then the construction + * will create a method against all names, but the lookup will fail + * as ossl_namemap_name2num treats the name string as a single name + * rather than introducing new features where in the EVP__fetch + * parses the string and querys for each, return an error. */ if (name_id == 0) name_id = ossl_namemap_name2num(namemap, name); - meth_id = evp_method_id(name_id, operation_id); - if (name_id != 0) - ossl_method_store_cache_set(store, prov, meth_id, propq, - method, up_ref_method, free_method); + if (name_id == 0) { + ERR_raise_data(ERR_LIB_EVP, ERR_R_FETCH_FAILED, + "Algorithm %s cannot be found", name); + free_method(method); + method = NULL; + } else { + meth_id = evp_method_id(name_id, operation_id); + if (meth_id != 0) + ossl_method_store_cache_set(store, prov, meth_id, propq, + method, up_ref_method, free_method); + } } /* diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c index 3164d01d9e48fe..cd0e25c85e4e1f 100644 --- a/crypto/http/http_lib.c +++ b/crypto/http/http_lib.c @@ -118,7 +118,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, port = ++p; /* remaining port spec handling is also done for the default values */ /* make sure a decimal port number is given */ - if (!sscanf(port, "%u", &portnum) || portnum > 65535) { + if (sscanf(port, "%u", &portnum) <= 0 || portnum > 65535) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port); goto err; } diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl index 3200a0fa9bff08..5a8608069691d1 100755 --- a/crypto/md5/asm/md5-aarch64.pl +++ b/crypto/md5/asm/md5-aarch64.pl @@ -28,10 +28,13 @@ *STDOUT=*OUT; $code .= <obj; switch (ca->type) { case ADDED_DATA: - ret = a->length << 20L; + ret = (unsigned long)a->length << 20UL; p = (unsigned char *)a->data; for (i = 0; i < a->length; i++) ret ^= p[i] << ((i * 3) % 24); @@ -790,6 +790,10 @@ int OBJ_create(const char *oid, const char *sn, const char *ln) } else { /* Create a no-OID ASN1_OBJECT */ tmpoid = ASN1_OBJECT_new(); + if (tmpoid == NULL) { + ERR_raise(ERR_LIB_OBJ, ERR_R_ASN1_LIB); + return 0; + } } if (!ossl_obj_write_lock(1)) { diff --git a/crypto/param_build.c b/crypto/param_build.c index 2392e5909cf43c..799094da9bd547 100644 --- a/crypto/param_build.c +++ b/crypto/param_build.c @@ -255,9 +255,9 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, OSSL_PARAM_BLD_DEF *pd; int secure; - if (bsize == 0) { + if (bsize == 0) bsize = strlen(buf); - } else if (bsize > INT_MAX) { + if (bsize > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; } @@ -274,9 +274,9 @@ int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, { OSSL_PARAM_BLD_DEF *pd; - if (bsize == 0) { + if (bsize == 0) bsize = strlen(buf); - } else if (bsize > INT_MAX) { + if (bsize > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; } diff --git a/crypto/params.c b/crypto/params.c index f2582b0927a16f..425c402fd53c56 100644 --- a/crypto/params.c +++ b/crypto/params.c @@ -197,6 +197,10 @@ static int unsigned_from_unsigned(void *dest, size_t dest_len, /* General purpose get integer parameter call that handles odd sizes */ static int general_get_int(const OSSL_PARAM *p, void *val, size_t val_size) { + if (p->data == NULL) { + err_null_argument; + return 0; + } if (p->data_type == OSSL_PARAM_INTEGER) return signed_from_signed(val, val_size, p->data, p->data_size); if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) @@ -226,6 +230,11 @@ static int general_set_int(OSSL_PARAM *p, void *val, size_t val_size) /* General purpose get unsigned integer parameter call that handles odd sizes */ static int general_get_uint(const OSSL_PARAM *p, void *val, size_t val_size) { + + if (p->data == NULL) { + err_null_argument; + return 0; + } if (p->data_type == OSSL_PARAM_INTEGER) return unsigned_from_signed(val, val_size, p->data, p->data_size); if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) @@ -385,6 +394,11 @@ int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val) return 0; } + if (p->data == NULL) { + err_null_argument; + return 0; + } + if (p->data_type == OSSL_PARAM_INTEGER) { #ifndef OPENSSL_SMALL_FOOTPRINT int64_t i64; @@ -534,6 +548,11 @@ int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val) return 0; } + if (p->data == NULL) { + err_null_argument; + return 0; + } + if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { #ifndef OPENSSL_SMALL_FOOTPRINT uint64_t u64; @@ -685,6 +704,11 @@ int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val) return 0; } + if (p->data == NULL) { + err_null_argument; + return 0; + } + if (p->data_type == OSSL_PARAM_INTEGER) { #ifndef OPENSSL_SMALL_FOOTPRINT switch (p->data_size) { @@ -829,6 +853,11 @@ int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val) return 0; } + if (p->data == NULL) { + err_null_argument; + return 0; + } + if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { #ifndef OPENSSL_SMALL_FOOTPRINT switch (p->data_size) { @@ -1040,7 +1069,7 @@ int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val) { BIGNUM *b = NULL; - if (val == NULL || p == NULL) { + if (val == NULL || p == NULL || p->data == NULL) { err_null_argument; return 0; } @@ -1132,7 +1161,7 @@ int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val) int64_t i64; uint64_t u64; - if (val == NULL || p == NULL) { + if (val == NULL || p == NULL || p->data == NULL) { err_null_argument; return 0; } diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c index 38e0927195be06..15910298172e24 100644 --- a/crypto/params_from_text.c +++ b/crypto/params_from_text.c @@ -115,7 +115,13 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key, break; case OSSL_PARAM_OCTET_STRING: if (*ishex) { - *buf_n = strlen(value) >> 1; + size_t hexdigits = strlen(value); + if ((hexdigits % 2) != 0) { + /* We don't accept an odd number of hex digits */ + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ODD_NUMBER_OF_DIGITS); + return 0; + } + *buf_n = hexdigits >> 1; } else { *buf_n = value_n; } diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index 359670a2da89e6..6b93cfb84f8186 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -111,7 +111,12 @@ $gnuas=1; } elsif (`$ENV{CC} --version 2>/dev/null` - =~ /clang .*/) + =~ /(clang .*|Intel.*oneAPI .*)/) +{ + $gnuas=1; +} +elsif (`$ENV{CC} -V 2>/dev/null` + =~ /nvc .*/) { $gnuas=1; } diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 64b17d74e8740a..98ace97ae89208 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -78,6 +78,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA); return NULL; } + + if (p7->d.data == NULL) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); + return NULL; + } + return ASN1_item_unpack_ex(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), ossl_pkcs7_ctx_get0_libctx(&p7->ctx), ossl_pkcs7_ctx_get0_propq(&p7->ctx)); @@ -152,6 +158,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, { if (!PKCS7_type_is_encrypted(p7)) return NULL; + + if (p7->d.encrypted == NULL) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); + return NULL; + } + return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, @@ -191,6 +203,12 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12) ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA); return NULL; } + + if (p12->authsafes->d.data == NULL) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); + return NULL; + } + p7ctx = &p12->authsafes->ctx; p7s = ASN1_item_unpack_ex(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 4096aa1f8a7294..ebf602703f2648 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -98,6 +98,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, return 0; } + if (p12->authsafes->d.data == NULL) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); + return 0; + } + salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; if (p12->mac->iter == NULL) diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index 9ea82d09d803e4..c2ece54ca31daa 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -80,8 +80,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) bags = PKCS12_unpack_p7data(p7); } else if (bagnid == NID_pkcs7_encrypted) { bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); - if (!alg_get(p7->d.encrypted->enc_data->algorithm, - &pbe_nid, &pbe_iter, &pbe_saltlen, &cipherid)) + if (p7->d.encrypted == NULL + || !alg_get(p7->d.encrypted->enc_data->algorithm, + &pbe_nid, &pbe_iter, &pbe_saltlen, &cipherid)) goto err; } else { continue; diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 49a0da5f819c48..8228315eeaa3a3 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) int ctype_nid = OBJ_obj2nid(p7->type); const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); - if (ctype_nid == NID_pkcs7_signed) + if (ctype_nid == NID_pkcs7_signed) { + if (p7->d.sign == NULL) + return 0; mdalgs = p7->d.sign->md_algs; - else + } else { mdalgs = NULL; + } flags ^= SMIME_OLDMIME; diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl index 9f86134d923fba..2e601bb9c24be7 100755 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ b/crypto/poly1305/asm/poly1305-ppc.pl @@ -744,7 +744,7 @@ my $LOCALS= 6*$SIZE_T; my $VSXFRAME = $LOCALS + 6*$SIZE_T; $VSXFRAME += 128; # local variables - $VSXFRAME += 13*16; # v20-v31 offload + $VSXFRAME += 12*16; # v20-v31 offload my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0; @@ -919,12 +919,12 @@ addi r11,r11,32 stvx v22,r10,$sp addi r10,r10,32 - stvx v23,r10,$sp - addi r10,r10,32 - stvx v24,r11,$sp + stvx v23,r11,$sp addi r11,r11,32 - stvx v25,r10,$sp + stvx v24,r10,$sp addi r10,r10,32 + stvx v25,r11,$sp + addi r11,r11,32 stvx v26,r10,$sp addi r10,r10,32 stvx v27,r11,$sp @@ -1153,12 +1153,12 @@ addi r11,r11,32 stvx v22,r10,$sp addi r10,r10,32 - stvx v23,r10,$sp - addi r10,r10,32 - stvx v24,r11,$sp + stvx v23,r11,$sp addi r11,r11,32 - stvx v25,r10,$sp + stvx v24,r10,$sp addi r10,r10,32 + stvx v25,r11,$sp + addi r11,r11,32 stvx v26,r10,$sp addi r10,r10,32 stvx v27,r11,$sp @@ -1899,26 +1899,26 @@ mtspr 256,r12 # restore vrsave lvx v20,r10,$sp addi r10,r10,32 - lvx v21,r10,$sp - addi r10,r10,32 - lvx v22,r11,$sp + lvx v21,r11,$sp addi r11,r11,32 - lvx v23,r10,$sp + lvx v22,r10,$sp addi r10,r10,32 - lvx v24,r11,$sp + lvx v23,r11,$sp addi r11,r11,32 - lvx v25,r10,$sp + lvx v24,r10,$sp addi r10,r10,32 - lvx v26,r11,$sp + lvx v25,r11,$sp addi r11,r11,32 - lvx v27,r10,$sp + lvx v26,r10,$sp addi r10,r10,32 - lvx v28,r11,$sp + lvx v27,r11,$sp addi r11,r11,32 - lvx v29,r10,$sp + lvx v28,r10,$sp addi r10,r10,32 - lvx v30,r11,$sp - lvx v31,r10,$sp + lvx v29,r11,$sp + addi r11,r11,32 + lvx v30,r10,$sp + lvx v31,r11,$sp $POP r27,`$VSXFRAME-$SIZE_T*5`($sp) $POP r28,`$VSXFRAME-$SIZE_T*4`($sp) $POP r29,`$VSXFRAME-$SIZE_T*3`($sp) diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 8ba42a0dcb8ade..f94d0d3d41db41 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -97,9 +97,18 @@ static int parse_number(const char *t[], OSSL_PROPERTY_DEFINITION *res) const char *s = *t; int64_t v = 0; - if (!ossl_isdigit(*s)) - return 0; do { + if (!ossl_isdigit(*s)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_A_DECIMAL_DIGIT, + "HERE-->%s", *t); + return 0; + } + /* overflow check */ + if (v > ((INT64_MAX - (*s - '0')) / 10)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, + "Property %s overflows", *t); + return 0; + } v = v * 10 + (*s++ - '0'); } while (ossl_isdigit(*s)); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { @@ -117,15 +126,27 @@ static int parse_hex(const char *t[], OSSL_PROPERTY_DEFINITION *res) { const char *s = *t; int64_t v = 0; + int sval; - if (!ossl_isxdigit(*s)) - return 0; do { + if (ossl_isdigit(*s)) { + sval = *s - '0'; + } else if (ossl_isxdigit(*s)) { + sval = ossl_tolower(*s) - 'a' + 10; + } else { + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT, + "%s", *t); + return 0; + } + + if (v > ((INT64_MAX - sval) / 16)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, + "Property %s overflows", *t); + return 0; + } + v <<= 4; - if (ossl_isdigit(*s)) - v += *s - '0'; - else - v += ossl_tolower(*s) - 'a'; + v += sval; } while (ossl_isxdigit(*++s)); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT, @@ -143,9 +164,18 @@ static int parse_oct(const char *t[], OSSL_PROPERTY_DEFINITION *res) const char *s = *t; int64_t v = 0; - if (*s == '9' || *s == '8' || !ossl_isdigit(*s)) - return 0; do { + if (*s == '9' || *s == '8' || !ossl_isdigit(*s)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_OCTAL_DIGIT, + "HERE-->%s", *t); + return 0; + } + if (v > ((INT64_MAX - (*s - '0')) / 8)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, + "Property %s overflows", *t); + return 0; + } + v = (v << 3) + (*s - '0'); } while (ossl_isdigit(*++s) && *s != '9' && *s != '8'); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index 288ade6b4de25b..ba2d924255ddf6 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -64,13 +64,22 @@ static const char *skip_dot(const char *name) return name; } -static int provider_conf_params(OSSL_PROVIDER *prov, - OSSL_PROVIDER_INFO *provinfo, - const char *name, const char *value, - const CONF *cnf) +/* + * Parse the provider params section + * Returns: + * 1 for success + * 0 for non-fatal errors + * < 0 for fatal errors + */ +static int provider_conf_params_internal(OSSL_PROVIDER *prov, + OSSL_PROVIDER_INFO *provinfo, + const char *name, const char *value, + const CONF *cnf, + STACK_OF(OPENSSL_CSTRING) *visited) { STACK_OF(CONF_VALUE) *sect; int ok = 1; + int rc = 0; sect = NCONF_get_section(cnf, value); if (sect != NULL) { @@ -80,6 +89,25 @@ static int provider_conf_params(OSSL_PROVIDER *prov, OSSL_TRACE1(CONF, "Provider params: start section %s\n", value); + /* + * Check to see if the provided section value has already + * been visited. If it has, then we have a recursive lookup + * in the configuration which isn't valid. As such we should error + * out + */ + for (i = 0; i < sk_OPENSSL_CSTRING_num(visited); i++) { + if (sk_OPENSSL_CSTRING_value(visited, i) == value) { + ERR_raise(ERR_LIB_CONF, CONF_R_RECURSIVE_SECTION_REFERENCE); + return -1; + } + } + + /* + * We've not visited this node yet, so record it on the stack + */ + if (!sk_OPENSSL_CSTRING_push(visited, value)) + return -1; + if (name != NULL) { OPENSSL_strlcpy(buffer, name, sizeof(buffer)); OPENSSL_strlcat(buffer, ".", sizeof(buffer)); @@ -89,14 +117,20 @@ static int provider_conf_params(OSSL_PROVIDER *prov, for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i); - if (buffer_len + strlen(sectconf->name) >= sizeof(buffer)) - return 0; + if (buffer_len + strlen(sectconf->name) >= sizeof(buffer)) { + sk_OPENSSL_CSTRING_pop(visited); + return -1; + } buffer[buffer_len] = '\0'; OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer)); - if (!provider_conf_params(prov, provinfo, buffer, sectconf->value, - cnf)) - return 0; + rc = provider_conf_params_internal(prov, provinfo, buffer, + sectconf->value, cnf, visited); + if (rc < 0) { + sk_OPENSSL_CSTRING_pop(visited); + return rc; + } } + sk_OPENSSL_CSTRING_pop(visited); OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value); } else { @@ -110,6 +144,33 @@ static int provider_conf_params(OSSL_PROVIDER *prov, return ok; } +/* + * recursively parse the provider configuration section + * of the config file. + * Returns + * 1 on success + * 0 on non-fatal error + * < 0 on fatal errors + */ +static int provider_conf_params(OSSL_PROVIDER *prov, + OSSL_PROVIDER_INFO *provinfo, + const char *name, const char *value, + const CONF *cnf) +{ + int rc; + STACK_OF(OPENSSL_CSTRING) *visited = sk_OPENSSL_CSTRING_new_null(); + + if (visited == NULL) + return -1; + + rc = provider_conf_params_internal(prov, provinfo, name, + value, cnf, visited); + + sk_OPENSSL_CSTRING_free(visited); + + return rc; +} + static int prov_already_activated(const char *name, STACK_OF(OSSL_PROVIDER) *activated) { @@ -130,6 +191,13 @@ static int prov_already_activated(const char *name, return 0; } +/* + * Attempt to activate a provider + * Returns: + * 1 on successful activation + * 0 on failed activation for non-fatal error + * < 0 on failed activation for fatal errors + */ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, const char *value, const char *path, int soft, const CONF *cnf) @@ -141,7 +209,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - return 0; + return -1; } if (!prov_already_activated(name, pcgbl->activated_providers)) { /* @@ -154,7 +222,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, if (!ossl_provider_disable_fallback_loading(libctx)) { CRYPTO_THREAD_unlock(pcgbl->lock); ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - return 0; + return -1; } prov = ossl_provider_find(libctx, name, 1); if (prov == NULL) @@ -163,7 +231,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, CRYPTO_THREAD_unlock(pcgbl->lock); if (soft) ERR_clear_error(); - return 0; + return (soft == 0) ? -1 : 0; } if (path != NULL) @@ -171,7 +239,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, ok = provider_conf_params(prov, NULL, NULL, value, cnf); - if (ok) { + if (ok == 1) { if (!ossl_provider_activate(prov, 1, 0)) { ok = 0; } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { @@ -195,7 +263,8 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, } } } - if (!ok) + + if (ok <= 0) ossl_provider_free(prov); } CRYPTO_THREAD_unlock(pcgbl->lock); @@ -212,6 +281,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, const char *path = NULL; long activate = 0; int ok = 0; + int added = 0; name = skip_dot(name); OSSL_TRACE1(CONF, "Configuring provider %s\n", name); @@ -266,19 +336,23 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, } if (ok) ok = provider_conf_params(NULL, &entry, NULL, value, cnf); - if (ok && (entry.path != NULL || entry.parameters != NULL)) + if (ok >= 1 && (entry.path != NULL || entry.parameters != NULL)) { ok = ossl_provider_info_add_to_store(libctx, &entry); - if (!ok || (entry.path == NULL && entry.parameters == NULL)) { - ossl_provider_info_clear(&entry); + added = 1; } - + if (added == 0) + ossl_provider_info_clear(&entry); } /* - * Even if ok is 0, we still return success. Failure to load a provider is - * not fatal. We want to continue to load the rest of the config file. + * Provider activation returns a tristate: + * 1 for successful activation + * 0 for non-fatal activation failure + * < 0 for fatal activation failure + * We return success (1) for activation, (1) for non-fatal activation + * failure, and (0) for fatal activation failure */ - return 1; + return ok >= 0; } static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) @@ -301,7 +375,7 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { cval = sk_CONF_VALUE_value(elist, i); if (!provider_conf_load(NCONF_get0_libctx((CONF *)cnf), - cval->name, cval->value, cnf)) + cval->name, cval->value, cnf)) return 0; } diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 838bcd161c810e..57dacd76f7869f 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -970,44 +970,46 @@ static int provider_init(OSSL_PROVIDER *prov) prov->provctx = tmp_provctx; prov->dispatch = provider_dispatch; - for (; provider_dispatch->function_id != 0; provider_dispatch++) { - switch (provider_dispatch->function_id) { - case OSSL_FUNC_PROVIDER_TEARDOWN: - prov->teardown = - OSSL_FUNC_provider_teardown(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS: - prov->gettable_params = - OSSL_FUNC_provider_gettable_params(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_GET_PARAMS: - prov->get_params = - OSSL_FUNC_provider_get_params(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_SELF_TEST: - prov->self_test = - OSSL_FUNC_provider_self_test(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_GET_CAPABILITIES: - prov->get_capabilities = - OSSL_FUNC_provider_get_capabilities(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_QUERY_OPERATION: - prov->query_operation = - OSSL_FUNC_provider_query_operation(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION: - prov->unquery_operation = - OSSL_FUNC_provider_unquery_operation(provider_dispatch); - break; + if (provider_dispatch != NULL) { + for (; provider_dispatch->function_id != 0; provider_dispatch++) { + switch (provider_dispatch->function_id) { + case OSSL_FUNC_PROVIDER_TEARDOWN: + prov->teardown = + OSSL_FUNC_provider_teardown(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS: + prov->gettable_params = + OSSL_FUNC_provider_gettable_params(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_GET_PARAMS: + prov->get_params = + OSSL_FUNC_provider_get_params(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_SELF_TEST: + prov->self_test = + OSSL_FUNC_provider_self_test(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_GET_CAPABILITIES: + prov->get_capabilities = + OSSL_FUNC_provider_get_capabilities(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_QUERY_OPERATION: + prov->query_operation = + OSSL_FUNC_provider_query_operation(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION: + prov->unquery_operation = + OSSL_FUNC_provider_unquery_operation(provider_dispatch); + break; #ifndef OPENSSL_NO_ERR # ifndef FIPS_MODULE - case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: - p_get_reason_strings = - OSSL_FUNC_provider_get_reason_strings(provider_dispatch); - break; + case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: + p_get_reason_strings = + OSSL_FUNC_provider_get_reason_strings(provider_dispatch); + break; # endif #endif + } } } diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 9548054da7bd7d..1c3b33c28b332b 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1001,6 +1001,10 @@ int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx, */ int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { + /* If key type not RSA return error */ + if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) + return -1; + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)); } @@ -1028,6 +1032,10 @@ int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, */ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) { + /* If key type not RSA return error */ + if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) + return -1; + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)md); } diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c index c585465b32752f..3f0a1e0d6b1ee1 100644 --- a/crypto/rsa/rsa_sp800_56b_check.c +++ b/crypto/rsa/rsa_sp800_56b_check.c @@ -289,6 +289,11 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa) return 0; nbits = BN_num_bits(rsa->n); + if (nbits > OPENSSL_RSA_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE); + return 0; + } + #ifdef FIPS_MODULE /* * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1) @@ -324,7 +329,8 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa) goto err; } - ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status); + /* Highest number of MR rounds from FIPS 186-5 Section B.3 Table B.1 */ + ret = ossl_bn_miller_rabin_is_prime(rsa->n, 5, ctx, NULL, 1, &status); #ifdef FIPS_MODULE if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) { #else diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 450bbba0537b6a..5073c137a20b1c 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -128,6 +128,17 @@ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type, count = 0; goto err; } + /* + * X509_STORE_add_cert() added a reference rather than a copy, + * so we need a fresh X509 object. + */ + X509_free(x); + x = X509_new_ex(libctx, propq); + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB); + count = 0; + goto err; + } count++; } } else if (type == X509_FILETYPE_ASN1) { diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c index b990d54048e6b3..0d28bf9c13cec1 100644 --- a/crypto/x509/v3_addr.c +++ b/crypto/x509/v3_addr.c @@ -984,6 +984,10 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, * the other input values. */ if (safi != NULL) { + if (val->value == NULL) { + ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE); + goto err; + } *safi = strtoul(val->value, &t, 0); t += strspn(t, " \t"); if (*safi > 0xFF || *t++ != ':') { diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c index d1c3dd5d9ffd21..1cb892df670024 100644 --- a/crypto/x509/v3_asid.c +++ b/crypto/x509/v3_asid.c @@ -169,8 +169,11 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) + if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) { + ASIdentifierChoice_free(*choice); + *choice = NULL; return 0; + } (*choice)->type = ASIdentifierChoice_inherit; } return (*choice)->type == ASIdentifierChoice_inherit; @@ -196,18 +199,23 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid, default: return 0; } - if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) + if (*choice != NULL && (*choice)->type != ASIdentifierChoice_asIdsOrRanges) return 0; if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); - if ((*choice)->u.asIdsOrRanges == NULL) + if ((*choice)->u.asIdsOrRanges == NULL) { + ASIdentifierChoice_free(*choice); + *choice = NULL; return 0; + } (*choice)->type = ASIdentifierChoice_asIdsOrRanges; } if ((aor = ASIdOrRange_new()) == NULL) return 0; + if (!sk_ASIdOrRange_reserve((*choice)->u.asIdsOrRanges, 1)) + goto err; if (max == NULL) { aor->type = ASIdOrRange_id; aor->u.id = min; @@ -220,7 +228,8 @@ int X509v3_asid_add_id_or_range(ASIdentifiers *asid, ASN1_INTEGER_free(aor->u.range->max); aor->u.range->max = max; } - if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) + /* Cannot fail due to the reservation above */ + if (!ossl_assert(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) goto err; return 1; @@ -536,6 +545,11 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, goto err; } + if (val->value == NULL) { + ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); + goto err; + } + /* * Handle inheritance. */ diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c index 08df3faf86eefa..e9f6e08e27a7cc 100644 --- a/crypto/x509/v3_crld.c +++ b/crypto/x509/v3_crld.c @@ -70,6 +70,11 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; + if (cnf->value == NULL) { + ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE); + goto err; + } + if (HAS_PREFIX(cnf->name, "fullname")) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c index 978a0f3ed86703..4d5fe82f329e1b 100644 --- a/crypto/x509/v3_ist.c +++ b/crypto/x509/v3_ist.c @@ -50,25 +50,33 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_ } if (strcmp(cnf->name, "signTool") == 0) { ist->signTool = ASN1_UTF8STRING_new(); - if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) { + if (ist->signTool == NULL + || cnf->value == NULL + || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } } else if (strcmp(cnf->name, "cATool") == 0) { ist->cATool = ASN1_UTF8STRING_new(); - if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) { + if (ist->cATool == NULL + || cnf->value == NULL + || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } } else if (strcmp(cnf->name, "signToolCert") == 0) { ist->signToolCert = ASN1_UTF8STRING_new(); - if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) { + if (ist->signToolCert == NULL + || cnf->value == NULL + || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } } else if (strcmp(cnf->name, "cAToolCert") == 0) { ist->cAToolCert = ASN1_UTF8STRING_new(); - if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) { + if (ist->cAToolCert == NULL + || cnf->value == NULL + || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c index 7798505eec6e8f..9adf4947071c8c 100644 --- a/crypto/x509/v3_san.c +++ b/crypto/x509/v3_san.c @@ -581,6 +581,8 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) { + ASN1_IA5STRING_free(gen->d.ia5); + gen->d.ia5 = NULL; ERR_raise(ERR_LIB_X509V3, ERR_R_ASN1_LIB); goto err; } @@ -651,16 +653,21 @@ static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) */ ASN1_TYPE_free(gen->d.otherName->value); if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL) - return 0; + goto err; objlen = p - value; objtmp = OPENSSL_strndup(value, objlen); if (objtmp == NULL) - return 0; + goto err; gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); OPENSSL_free(objtmp); if (!gen->d.otherName->type_id) - return 0; + goto err; return 1; + + err: + OTHERNAME_free(gen->d.otherName); + gen->d.otherName = NULL; + return 0; } static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c index 8540f10d1ecdc3..74209d3e3f2de7 100644 --- a/crypto/x509/v3_sxnet.c +++ b/crypto/x509/v3_sxnet.c @@ -103,8 +103,10 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, int i; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) + if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) { + SXNET_free(sx); return NULL; + } } return sx; } @@ -123,7 +125,11 @@ int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userle ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE); return 0; } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); + if (!SXNET_add_id_INTEGER(psx, izone, user, userlen)) { + ASN1_INTEGER_free(izone); + return 0; + } + return 1; } /* Add an id given the zone as an unsigned long */ @@ -139,8 +145,11 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, ASN1_INTEGER_free(izone); return 0; } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); - + if (!SXNET_add_id_INTEGER(psx, izone, user, userlen)) { + ASN1_INTEGER_free(izone); + return 0; + } + return 1; } /* @@ -195,6 +204,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB); goto err; } + ASN1_INTEGER_free(id->zone); id->zone = zone; *psx = sx; return 1; diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 3878bb3ef598f3..659c2f5b74349c 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -79,8 +79,8 @@ X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) return sk_X509_ATTRIBUTE_delete(x, loc); } -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr) +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr) { X509_ATTRIBUTE *new_attr = NULL; STACK_OF(X509_ATTRIBUTE) *sk = NULL; @@ -89,10 +89,6 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return NULL; } - if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) { - ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE); - return NULL; - } if (*x == NULL) { if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) { @@ -119,19 +115,68 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, return NULL; } +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr) +{ + if (x == NULL || attr == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) { + ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE); + return NULL; + } + + return ossl_x509at_add1_attr(x, attr); +} + +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len) +{ + X509_ATTRIBUTE *attr; + STACK_OF(X509_ATTRIBUTE) *ret; + + attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); + if (attr == NULL) + return 0; + ret = ossl_x509at_add1_attr(x, attr); + X509_ATTRIBUTE_free(attr); + return ret; +} + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) +{ + if (x == NULL || obj == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (*x != NULL && X509at_get_attr_by_OBJ(*x, obj, -1) != -1) { + ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE); + return NULL; + } + + return ossl_x509at_add1_attr_by_OBJ(x, obj, type, bytes, len); +} + +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, + int nid, int type, + const unsigned char *bytes, + int len) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; - attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); + attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); if (attr == NULL) return 0; - ret = X509at_add1_attr(x, attr); + ret = ossl_x509at_add1_attr(x, attr); X509_ATTRIBUTE_free(attr); return ret; } @@ -140,14 +185,32 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, int nid, int type, const unsigned char *bytes, int len) +{ + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (*x != NULL && X509at_get_attr_by_NID(*x, nid, -1) != -1) { + ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE); + return NULL; + } + + return ossl_x509at_add1_attr_by_NID(x, nid, type, bytes, len); +} + +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, + const char *attrname, + int type, + const unsigned char *bytes, + int len) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; - attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); + attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); if (attr == NULL) return 0; - ret = X509at_add1_attr(x, attr); + ret = ossl_x509at_add1_attr(x, attr); X509_ATTRIBUTE_free(attr); return ret; } diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index fa73b331a5ae3e..77de85dc5b2d53 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -202,7 +202,7 @@ X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) if (req == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; + return NULL; } attr = X509at_delete_attr(req->req_info.attributes, loc); if (attr != NULL) diff --git a/dev/NEWS-FORMAT.md b/dev/NEWS-FORMAT.md new file mode 100644 index 00000000000000..9807c41bad2899 --- /dev/null +++ b/dev/NEWS-FORMAT.md @@ -0,0 +1,209 @@ +Editorial conventions for NEWS.md +================================= + +With 3.2 onwards we are seeking to make our NEWS.md file more like release +notes, structured to provide useful and pertinent information to those consuming +a release. + +General editorial principles +---------------------------- + +- Use `*` for top-level lists and use a blank line between each list item. + This makes the file more readable when read in raw form, which will commonly + occur when a user examines an unpacked tarball. + +- Cite RFCs with a space: `RFC 9000` + +- Put URLs at the end of the file and reference them rather than giving them + inline. This eases maintenance if a commonly used URL needs to be changed. + +- The blocks within a section for a release line are ordered roughly in + descending order of importance. Equally, list items within a block should be + listed in descending order of significance or severity. + +- Try to develop blog posts to match our wording, especially for the list of + new features. + +- Adopt uniform wording for lists where appropriate but do not insist on + sticking to them where these wordings are unworkable or suboptimal. + +- Everything here is a recommendation, not a requirement. + +- Omit blocks which have no items to list. + +Structure +--------- + +Each release line has a section, which is broken down into the initial and patch +releases within that release line. The most recent releases come first. + +The structure is as follows: + +```text +OpenSSL x.y +----------- + + + + +``` + +### Structure of a release entry + +For each release in a release line, the recommended structure is as follows: + +```text +### Major changes between OpenSSL {PREV_VERSION} and OpenSSL {VERSION} [1 Jan 2023] + + + + + + +``` + +#### Opener paragraph + +For a feature release, the following opener paragraph is suggested: + +```text +OpenSSL x.y.0 is a feature release adding significant new functionality to +OpenSSL. +``` + +For a patch release with no CVEs fixed, the following opener paragraph is +suggested: + +```text +OpenSSL x.y.z is a patch release. +``` + +For a patch release which fixes one or more CVEs, the following opener paragraph +is suggested, to be adjusted as appropriate: + +```text +OpenSSL x.y.z is a security patch release. The most severe CVE fixed in this +release is Medium. +``` + +#### Listing potentially incompatible changes + +If there are any potentially significant or incompatible changes, the following +block should be added: + +```text +This release incorporates the following potentially significant or incompatible +changes: + + * The ... has been changed so that xxx. + + * The ... has been changed so that yyy. + +``` + +Bullet items in this block should be complete sentences with trailing full stops +giving a brief summary. They may optionally be followed by full paragraphs +giving further information if needed. + +#### Listing feature additions + +If there are any feature additions, the following block should be added: + +```text +This release adds the following new features: + + * Support for ... (RFC 1234) + + * Support for ... (RFC 2345) + + This is an elaborating paragraph. + + * Multiple new features and improvements to ... + +``` + +Bullet items in this block should be summary lines without a trailing full stop +giving a brief summary, optionally followed by references to applicable +standards in parentheses. They may optionally be followed by full paragraphs +giving further information if needed. The summary line should not start with a +verb as the opener line for this block provides the verb. + +For consistency, use the wording `Support for ...` as the summary line if +possible and practical. + +List features in descending order of significance (approximately). + +#### Listing known issues + +Known issues can be called out as follows: + +```text +The following known issues are present in this release and will be rectified in +a future release: + + * xxx (#12345) + +``` + +The editorial conventions for this block are similar to those for feature +additions, except that an issue number is listed rather than a reference to a +standard. + +#### Listing documentation enhancements + +Significant documentation enhancements can be called out as follows: + +```text +This release incorporates the following documentation enhancements: + + * Added xyz + + This is an elaborating paragraph, which might for example + provide a link to where this documentation can be viewed. + + * Clarified xyz + +``` + +The editorial conventions for this block are similar to those for feature +additions, except that the verb is part of the summary line. The other rules are +the same. + +For consistency, use the wording `Added ...` or `Clarified ...` as the summary +line if possible. + +#### Listing bug fixes and mitigations + +Significant bug fixes or mitigations can be called out as follows: + +```text +This release incorporates the following bug fixes and mitigations: + + * Mitigated (CVE ID as link and any other + relevant links) + + * Fixed (optional reference link or #issue number as + appropriate) +``` + +The words “bug fixes” or “mitigations” in the leader line should be deleted as +appropriate if inapplicable to a release. + +Fixes for issues with an issue number in the main repository should be given as +`#1234`. Any other issue (for example, a project issue) should be given as a +link, as most users will not know where to find such issues. + +List CVE mitigations first in descending order of severity, followed by bugs in +(very rough) descending order of severity. + +#### Trailing advice + +The following trailer is recommended: + +```text +A more detailed list of changes in this release can be found in the +[CHANGES.md] file. + +As always, bug reports and issues relating to OpenSSL can be [filed on our issue +tracker][issue tracker]. +``` diff --git a/doc/build.info b/doc/build.info index aec4ae616fb407..c88399a138064f 100644 --- a/doc/build.info +++ b/doc/build.info @@ -855,6 +855,10 @@ DEPEND[html/man3/CMS_sign_receipt.html]=man3/CMS_sign_receipt.pod GENERATE[html/man3/CMS_sign_receipt.html]=man3/CMS_sign_receipt.pod DEPEND[man/man3/CMS_sign_receipt.3]=man3/CMS_sign_receipt.pod GENERATE[man/man3/CMS_sign_receipt.3]=man3/CMS_sign_receipt.pod +DEPEND[html/man3/CMS_signed_get_attr.html]=man3/CMS_signed_get_attr.pod +GENERATE[html/man3/CMS_signed_get_attr.html]=man3/CMS_signed_get_attr.pod +DEPEND[man/man3/CMS_signed_get_attr.3]=man3/CMS_signed_get_attr.pod +GENERATE[man/man3/CMS_signed_get_attr.3]=man3/CMS_signed_get_attr.pod DEPEND[html/man3/CMS_uncompress.html]=man3/CMS_uncompress.pod GENERATE[html/man3/CMS_uncompress.html]=man3/CMS_uncompress.pod DEPEND[man/man3/CMS_uncompress.3]=man3/CMS_uncompress.pod @@ -1263,6 +1267,10 @@ DEPEND[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod GENERATE[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod DEPEND[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod GENERATE[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod +DEPEND[html/man3/EVP_PKEY_get_attr.html]=man3/EVP_PKEY_get_attr.pod +GENERATE[html/man3/EVP_PKEY_get_attr.html]=man3/EVP_PKEY_get_attr.pod +DEPEND[man/man3/EVP_PKEY_get_attr.3]=man3/EVP_PKEY_get_attr.pod +GENERATE[man/man3/EVP_PKEY_get_attr.3]=man3/EVP_PKEY_get_attr.pod DEPEND[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod GENERATE[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod DEPEND[man/man3/EVP_PKEY_get_default_digest_nid.3]=man3/EVP_PKEY_get_default_digest_nid.pod @@ -2787,6 +2795,10 @@ DEPEND[html/man3/X509_ALGOR_dup.html]=man3/X509_ALGOR_dup.pod GENERATE[html/man3/X509_ALGOR_dup.html]=man3/X509_ALGOR_dup.pod DEPEND[man/man3/X509_ALGOR_dup.3]=man3/X509_ALGOR_dup.pod GENERATE[man/man3/X509_ALGOR_dup.3]=man3/X509_ALGOR_dup.pod +DEPEND[html/man3/X509_ATTRIBUTE.html]=man3/X509_ATTRIBUTE.pod +GENERATE[html/man3/X509_ATTRIBUTE.html]=man3/X509_ATTRIBUTE.pod +DEPEND[man/man3/X509_ATTRIBUTE.3]=man3/X509_ATTRIBUTE.pod +GENERATE[man/man3/X509_ATTRIBUTE.3]=man3/X509_ATTRIBUTE.pod DEPEND[html/man3/X509_CRL_get0_by_serial.html]=man3/X509_CRL_get0_by_serial.pod GENERATE[html/man3/X509_CRL_get0_by_serial.html]=man3/X509_CRL_get0_by_serial.pod DEPEND[man/man3/X509_CRL_get0_by_serial.3]=man3/X509_CRL_get0_by_serial.pod @@ -2831,6 +2843,10 @@ DEPEND[html/man3/X509_PUBKEY_new.html]=man3/X509_PUBKEY_new.pod GENERATE[html/man3/X509_PUBKEY_new.html]=man3/X509_PUBKEY_new.pod DEPEND[man/man3/X509_PUBKEY_new.3]=man3/X509_PUBKEY_new.pod GENERATE[man/man3/X509_PUBKEY_new.3]=man3/X509_PUBKEY_new.pod +DEPEND[html/man3/X509_REQ_get_attr.html]=man3/X509_REQ_get_attr.pod +GENERATE[html/man3/X509_REQ_get_attr.html]=man3/X509_REQ_get_attr.pod +DEPEND[man/man3/X509_REQ_get_attr.3]=man3/X509_REQ_get_attr.pod +GENERATE[man/man3/X509_REQ_get_attr.3]=man3/X509_REQ_get_attr.pod DEPEND[html/man3/X509_REQ_get_extensions.html]=man3/X509_REQ_get_extensions.pod GENERATE[html/man3/X509_REQ_get_extensions.html]=man3/X509_REQ_get_extensions.pod DEPEND[man/man3/X509_REQ_get_extensions.3]=man3/X509_REQ_get_extensions.pod @@ -3121,6 +3137,7 @@ html/man3/CMS_get0_type.html \ html/man3/CMS_get1_ReceiptRequest.html \ html/man3/CMS_sign.html \ html/man3/CMS_sign_receipt.html \ +html/man3/CMS_signed_get_attr.html \ html/man3/CMS_uncompress.html \ html/man3/CMS_verify.html \ html/man3/CMS_verify_receipt.html \ @@ -3223,6 +3240,7 @@ html/man3/EVP_PKEY_digestsign_supports_digest.html \ html/man3/EVP_PKEY_encapsulate.html \ html/man3/EVP_PKEY_encrypt.html \ html/man3/EVP_PKEY_fromdata.html \ +html/man3/EVP_PKEY_get_attr.html \ html/man3/EVP_PKEY_get_default_digest_nid.html \ html/man3/EVP_PKEY_get_field_type.html \ html/man3/EVP_PKEY_get_group_name.html \ @@ -3604,6 +3622,7 @@ html/man3/UI_new.html \ html/man3/X509V3_get_d2i.html \ html/man3/X509V3_set_ctx.html \ html/man3/X509_ALGOR_dup.html \ +html/man3/X509_ATTRIBUTE.html \ html/man3/X509_CRL_get0_by_serial.html \ html/man3/X509_EXTENSION_set_object.html \ html/man3/X509_LOOKUP.html \ @@ -3615,6 +3634,7 @@ html/man3/X509_NAME_get0_der.html \ html/man3/X509_NAME_get_index_by_NID.html \ html/man3/X509_NAME_print_ex.html \ html/man3/X509_PUBKEY_new.html \ +html/man3/X509_REQ_get_attr.html \ html/man3/X509_REQ_get_extensions.html \ html/man3/X509_SIG_get0.html \ html/man3/X509_STORE_CTX_get_by_subject.html \ @@ -3760,6 +3780,7 @@ man/man3/CMS_get0_type.3 \ man/man3/CMS_get1_ReceiptRequest.3 \ man/man3/CMS_sign.3 \ man/man3/CMS_sign_receipt.3 \ +man/man3/CMS_signed_get_attr.3 \ man/man3/CMS_uncompress.3 \ man/man3/CMS_verify.3 \ man/man3/CMS_verify_receipt.3 \ @@ -3862,6 +3883,7 @@ man/man3/EVP_PKEY_digestsign_supports_digest.3 \ man/man3/EVP_PKEY_encapsulate.3 \ man/man3/EVP_PKEY_encrypt.3 \ man/man3/EVP_PKEY_fromdata.3 \ +man/man3/EVP_PKEY_get_attr.3 \ man/man3/EVP_PKEY_get_default_digest_nid.3 \ man/man3/EVP_PKEY_get_field_type.3 \ man/man3/EVP_PKEY_get_group_name.3 \ @@ -4243,6 +4265,7 @@ man/man3/UI_new.3 \ man/man3/X509V3_get_d2i.3 \ man/man3/X509V3_set_ctx.3 \ man/man3/X509_ALGOR_dup.3 \ +man/man3/X509_ATTRIBUTE.3 \ man/man3/X509_CRL_get0_by_serial.3 \ man/man3/X509_EXTENSION_set_object.3 \ man/man3/X509_LOOKUP.3 \ @@ -4254,6 +4277,7 @@ man/man3/X509_NAME_get0_der.3 \ man/man3/X509_NAME_get_index_by_NID.3 \ man/man3/X509_NAME_print_ex.3 \ man/man3/X509_PUBKEY_new.3 \ +man/man3/X509_REQ_get_attr.3 \ man/man3/X509_REQ_get_extensions.3 \ man/man3/X509_SIG_get0.3 \ man/man3/X509_STORE_CTX_get_by_subject.3 \ diff --git a/doc/designs/ddd/ddd-02-conn-nonblocking-threads.c b/doc/designs/ddd/ddd-02-conn-nonblocking-threads.c index dd981c3e6643bb..19d978bba078aa 100644 --- a/doc/designs/ddd/ddd-02-conn-nonblocking-threads.c +++ b/doc/designs/ddd/ddd-02-conn-nonblocking-threads.c @@ -119,6 +119,7 @@ APP_CONN *new_conn(SSL_CTX *ctx, const char *hostname) if (SSL_set_alpn_protos(ssl, alpn, sizeof(alpn))) { /* Note: SSL_set_alpn_protos returns 1 for failure. */ BIO_free_all(out); + free(conn); return NULL; } #endif diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 1dae76cc1288b9..50c2030aa353cf 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -237,12 +237,12 @@ This sets the RSA padding mode. Acceptable values for I are B for PKCS#1 padding, B for no padding, B for B mode, B for X9.31 mode and B for PSS. -In PKCS#1 padding if the message digest is not set then the supplied data is +In PKCS#1 padding, if the message digest is not set, then the supplied data is signed or verified directly instead of using a B structure. If a -digest is set then the a B structure is used and its the length +digest is set, then the B structure is used and its length must correspond to the digest type. -Note, for B padding, as a protection against Bleichenbacher attack, +Note, for B padding, as a protection against the Bleichenbacher attack, the decryption will not fail in case of padding check failures. Use B and manual inspection of the decrypted message to verify if the decrypted value has correct PKCS#1 v1.5 padding. diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index b0b6fd25ebe704..c2232006e52c14 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -289,7 +289,7 @@ It is implied by the B<-CA> option. This option implies the B<-new> flag if B<-in> is not given. If an existing request is specified with the B<-in> option, it is converted -to the a certificate; otherwise a request is created from scratch. +to a certificate; otherwise a request is created from scratch. Unless specified using the B<-set_serial> option, a large random number will be used for the serial number. diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 84cf6fdd81f1f5..dedef6209dcbdb 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -629,7 +629,11 @@ Disables support for receiving TLSv1.3 compressed certificate. Enables support for SSL/TLS compression. This option was introduced in OpenSSL 1.1.0. TLS compression is not recommended and is off by default as of -OpenSSL 1.1.0. +OpenSSL 1.1.0. TLS compression can only be used in security level 1 or +lower. From OpenSSL 3.2.0 and above the default security level is 2, so this +option will have no effect without also changing the security level. Use the +B<-cipher> option to change the security level. See L for +more information. =item B<-no_comp> diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 611b410cfd63c8..8429a34e35eaa3 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -626,10 +626,14 @@ OpenSSL 1.1.0. =item B<-comp> -Enable negotiation of TLS compression. +Enables support for SSL/TLS compression. This option was introduced in OpenSSL 1.1.0. TLS compression is not recommended and is off by default as of -OpenSSL 1.1.0. +OpenSSL 1.1.0. TLS compression can only be used in security level 1 or +lower. From OpenSSL 3.2.0 and above the default security level is 2, so this +option will have no effect without also changing the security level. Use the +B<-cipher> option to change the security level. See L for +more information. =item B<-no_ticket> diff --git a/doc/man3/BIO_f_md.pod b/doc/man3/BIO_f_md.pod index c2b825e35272b9..397952f05a10d4 100644 --- a/doc/man3/BIO_f_md.pod +++ b/doc/man3/BIO_f_md.pod @@ -19,7 +19,7 @@ BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter =head1 DESCRIPTION BIO_f_md() returns the message digest BIO method. This is a filter -BIO that digests any data passed through it, it is a BIO wrapper +BIO that digests any data passed through it. It is a BIO wrapper for the digest routines EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal(). @@ -36,8 +36,8 @@ BIO_set_md() sets the message digest of BIO B to B: this must be called to initialize a digest BIO before any data is passed through it. It is a BIO_ctrl() macro. -BIO_get_md() places the a pointer to the digest BIOs digest method -in B, it is a BIO_ctrl() macro. +BIO_get_md() places a pointer to the digest BIOs digest method +in B. It is a BIO_ctrl() macro. BIO_get_md_ctx() returns the digest BIOs context into B. diff --git a/doc/man3/CMS_signed_get_attr.pod b/doc/man3/CMS_signed_get_attr.pod new file mode 100644 index 00000000000000..833cfc441b935f --- /dev/null +++ b/doc/man3/CMS_signed_get_attr.pod @@ -0,0 +1,214 @@ +=pod + +=head1 NAME + +CMS_signed_get_attr_count, +CMS_signed_get_attr_by_NID, CMS_signed_get_attr_by_OBJ, CMS_signed_get_attr, +CMS_signed_delete_attr, +CMS_signed_add1_attr, CMS_signed_add1_attr_by_OBJ, +CMS_signed_add1_attr_by_NID, CMS_signed_add1_attr_by_txt, +CMS_signed_get0_data_by_OBJ, +CMS_unsigned_get_attr_count, +CMS_unsigned_get_attr_by_NID, CMS_unsigned_get_attr_by_OBJ, +CMS_unsigned_get_attr, CMS_unsigned_delete_attr, +CMS_unsigned_add1_attr, CMS_unsigned_add1_attr_by_OBJ, +CMS_unsigned_add1_attr_by_NID, CMS_unsigned_add1_attr_by_txt, +CMS_unsigned_get0_data_by_OBJ +- CMS signed and unsigned attribute functions + +=head1 SYNOPSIS + + #include + + int CMS_signed_get_attr_count(const CMS_SignerInfo *si); + int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); + int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); + X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); + X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); + int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); + int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); + int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); + int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); + void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *oid, + int lastpos, int type); + + int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); + int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); + int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); + X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); + X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); + int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); + int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); + int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); + int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); + void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +=head1 DESCRIPTION + +CMS_signerInfo contains separate attribute lists for signed and unsigned +attributes. Each CMS_signed_XXX() function is used for signed attributes, and +each CMS_unsigned_XXX() function is used for unsigned attributes. +Since the CMS_unsigned_XXX() functions work in the same way as the +CMS_signed_XXX() equivalents, only the CMS_signed_XXX() functions are +described below. + +CMS_signed_get_attr_by_OBJ() finds the location of the first matching object +I in the SignerInfo's I signed attribute list. The search starts at the +position after I. If the returned value is positive then it can be used +on the next call to CMS_signed_get_attr_by_OBJ() as the value of I in +order to iterate through the remaining attributes. I can be set to any +negative value on the first call, in order to start searching from the start of +the signed attribute list. + +CMS_signed_get_attr_by_NID() is similar to CMS_signed_get_attr_by_OBJ() except +that it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +CMS_signed_get_attr() returns the B object at index I in the +I signed attribute list. I should be in the range from 0 to +CMS_signed_get_attr_count() - 1. + +CMS_signed_delete_attr() removes the B object at index I in +the I signed attribute list. An error occurs if the I attribute list +is NULL. + +CMS_signed_add1_attr() pushes a copy of the passed in B object +to the I signed attribute list. A new signed attribute list is created if +required. An error occurs if I is NULL. + +CMS_signed_add1_attr_by_OBJ() creates a new signed B using +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new +I with type I and data I of length I and then pushes it +to the I object's attribute list. + +CMS_signed_add1_attr_by_NID() is similar to CMS_signed_add1_attr_by_OBJ() except +that it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +CMS_signed_add1_attr_by_txt() is similar to CMS_signed_add1_attr_by_OBJ() +except that it passes a name I associated with the object. +See for a list of SN_* names. + +CMS_signed_get0_data_by_OBJ() finds the first attribute in a I signed +attributes list that matches the I starting at index I +and returns the data retrieved from the found attributes first B +object. An error will occur if the attribute type I does not match the +type of the B object OR if I is either B or +B OR the attribute is not found. +If I is less than -1 then an error will occur if there are multiple +objects in the signed attribute list that match I. +If I is less than -2 then an error will occur if there is more than +one B object in the found signed attribute. + +Refer to L for information related to attributes. + +=head1 RETURN VALUES + +The CMS_unsigned_XXX() functions return values are similar to those of the +equivalent CMS_signed_XXX() functions. + +CMS_signed_get_attr_count() returns the number of signed attributes in the +SignerInfo I, or -1 if the signed attribute list is NULL. + +CMS_signed_get_attr_by_OBJ() returns -1 if either the signed attribute list of +I is empty OR if I is not found, otherwise it returns the location of +the I in the SignerInfo's I signed attribute list. + +CMS_signed_get_attr_by_NID() is similar to CMS_signed_get_attr_by_OBJ() except +that it returns -2 if the I is not known by OpenSSL. + +CMS_signed_get_attr() returns either a signed B or NULL on error. + +CMS_signed_delete_attr() returns either the removed signed B or +NULL if there is a error. + +CMS_signed_add1_attr(), CMS_signed_add1_attr_by_OBJ(), +CMS_signed_add1_attr_by_NID(), CMS_signed_add1_attr_by_txt(), +return 1 on success or 0 on error. + +CMS_signed_get0_data_by_OBJ() returns the data retrieved from the found +signed attributes first B object, or NULL if an error occurs. + +=head1 NOTES + +Some attributes are added automatically during the signing process. + +Calling CMS_SignerInfo_sign() adds the NID_pkcs9_signingTime signed +attribute. + +Calling CMS_final(), CMS_final_digest() or CMS_dataFinal() adds the +NID_pkcs9_messageDigest signed attribute. + +The NID_pkcs9_contentType signed attribute is always added if the +NID_pkcs9_signingTime attribute is added. + +Calling CMS_sign_ex(), CMS_sign_receipt() or CMS_add1_signer() may add +attributes depending on the flags parameter. See L for +more information. + +OpenSSL applies special rules for the following attribute NIDs: + +=over 4 + +=item CMS Signed Attributes + +NID_pkcs9_contentType +NID_pkcs9_messageDigest +NID_pkcs9_signingTime + +=item ESS Signed Attributes + +NID_id_smime_aa_signingCertificate +NID_id_smime_aa_signingCertificateV2 +NID_id_smime_aa_receiptRequest + +=item CMS Unsigned Attributes + +NID_pkcs9_countersignature + +=back + +CMS_signed_add1_attr(), CMS_signed_add1_attr_by_OBJ(), +CMS_signed_add1_attr_by_NID(), CMS_signed_add1_attr_by_txt() +and the equivalent CMS_unsigned_add1_attrXXX() functions allow +duplicate attributes to be added. The attribute rules are not checked +during these function calls, and are deferred until the sign or verify process +(i.e. during calls to any of CMS_sign_ex(), CMS_sign(), CMS_sign_receipt(), +CMS_add1_signer(), CMS_Final(), CMS_dataFinal(), CMS_final_digest(), +CMS_verify(), CMS_verify_receipt() or CMS_SignedData_verify()). + +For CMS attribute rules see RFC 5652 Section 11. +For ESS attribute rules see RFC 2634 Section 1.3.4 and RFC 5035 Section 5.4. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/COMP_CTX_new.pod b/doc/man3/COMP_CTX_new.pod index f73df521e8d615..997f1187f46be9 100644 --- a/doc/man3/COMP_CTX_new.pod +++ b/doc/man3/COMP_CTX_new.pod @@ -123,7 +123,8 @@ Zstandard may be found at L. Compression of SSL/TLS records is not recommended, as it has been shown to lead to the CRIME attack L. It is disabled by default, and may be enabled by clearing the -SSL_OP_NO_COMPRESSION options of the L or +SSL_OP_NO_COMPRESSION option and setting the security level as appropriate. +See the documentation for the L and L functions. Compression is also used to support certificate compression as described diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index a04e6d102f1ad9..955340b94d4a05 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -373,7 +373,12 @@ exists. =item EVP_EncryptUpdate() Encrypts I bytes from the buffer I and writes the encrypted version to -I. This function can be called multiple times to encrypt successive blocks +I. The pointers I and I may point to the same location, in which +case the encryption will be done in-place. If I and I point to different +locations, the two buffers must be disjoint, otherwise the operation might fail +or the outcome might be undefined. + +This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data. For most ciphers and modes, the amount of data written can be anything @@ -382,10 +387,9 @@ For wrap cipher modes, the amount of data written can be anything from zero bytes to (inl + cipher_block_size) bytes. For stream ciphers, the amount of data written can be anything from zero bytes to inl bytes. -Thus, I should contain sufficient room for the operation being performed. -The actual number of bytes written is placed in I. It also -checks if I and I are partially overlapping, and if they are -0 is returned to indicate failure. +Thus, the buffer pointed to by I must contain sufficient room for the +operation being performed. +The actual number of bytes written is placed in I. If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts the "final" data, that is any data that remains in a partial block. diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 56ac92a486728e..762c0175ff131a 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -145,6 +145,9 @@ the key. If I is NULL, the key must be set via I either as part of this call or separately using EVP_MAC_CTX_set_params(). Providing non-NULL I to this function is equivalent to calling EVP_MAC_CTX_set_params() with those I for the same I beforehand. +Note: There are additional requirements for some MAC algorithms during +re-initalization (i.e. calling EVP_MAC_init() on an EVP_MAC after EVP_MAC_final() +has been called on the same object). See the NOTES section below. EVP_MAC_init() should be called before EVP_MAC_update() and EVP_MAC_final(). @@ -342,6 +345,13 @@ not be considered a breaking change to the API. The usage of the parameter names "custom", "iv" and "salt" correspond to the names used in the standard where the algorithm was defined. +Some MAC algorithms store internal state that cannot be extracted during +re-initalization. For example GMAC cannot extract an B from the +underlying CIPHER context, and so calling EVP_MAC_init() on an EVP_MAC object +after EVP_MAC_final() has been called cannot reset its cipher state to what it +was when the B was initially generated. For such instances, an +B parameter must be passed with each call to EVP_MAC_init(). + =head1 RETURN VALUES EVP_MAC_fetch() returns a pointer to a newly fetched B, or diff --git a/doc/man3/EVP_PKEY_get_attr.pod b/doc/man3/EVP_PKEY_get_attr.pod new file mode 100644 index 00000000000000..101677422c3c20 --- /dev/null +++ b/doc/man3/EVP_PKEY_get_attr.pod @@ -0,0 +1,113 @@ +=pod + +=head1 NAME + +EVP_PKEY_get_attr, +EVP_PKEY_get_attr_count, +EVP_PKEY_get_attr_by_NID, EVP_PKEY_get_attr_by_OBJ, +EVP_PKEY_delete_attr, +EVP_PKEY_add1_attr, +EVP_PKEY_add1_attr_by_OBJ, EVP_PKEY_add1_attr_by_NID, EVP_PKEY_add1_attr_by_txt +- EVP_PKEY B functions + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_get_attr_count(const EVP_PKEY *key); + int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); + int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); + X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); + X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); + int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); + int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); + int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); + int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +=head1 DESCRIPTION + +These functions are used by B. + +EVP_PKEY_get_attr_by_OBJ() finds the location of the first matching object I +in the I attribute list. The search starts at the position after I. +If the returned value is positive then it can be used on the next call to +EVP_PKEY_get_attr_by_OBJ() as the value of I in order to iterate through +the remaining attributes. I can be set to any negative value on the +first call, in order to start searching from the start of the attribute list. + +EVP_PKEY_get_attr_by_NID() is similar to EVP_PKEY_get_attr_by_OBJ() except that +it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +EVP_PKEY_get_attr() returns the B object at index I in the +I attribute list. I should be in the range from 0 to +EVP_PKEY_get_attr_count() - 1. + +EVP_PKEY_delete_attr() removes the B object at index I in +the I attribute list. + +EVP_PKEY_add1_attr() pushes a copy of the passed in B object +to the I attribute list. A new I attribute list is created if required. +An error occurs if either I is NULL, or the attribute already exists. + +EVP_PKEY_add1_attr_by_OBJ() creates a new B using +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new +I with type I and data I of length I and then pushes it +to the I object's attribute list. If I already exists in the attribute +list then an error occurs. + +EVP_PKEY_add1_attr_by_NID() is similar to EVP_PKEY_add1_attr_by_OBJ() except +that it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +EVP_PKEY_add1_attr_by_txt() is similar to EVP_PKEY_add1_attr_by_OBJ() except +that it passes a name I associated with the object. +See for a list of SN_* names. + +=head1 RETURN VALUES + +EVP_PKEY_get_attr_count() returns the number of attributes in the I object +attribute list or -1 if the attribute list is NULL. + +EVP_PKEY_get_attr_by_OBJ() returns -1 if either the list is empty OR the object +is not found, otherwise it returns the location of the object in the list. + +EVP_PKEY_get_attr_by_NID() is similar to EVP_PKEY_get_attr_by_OBJ(), except that +it returns -2 if the I is not known by OpenSSL. + +EVP_PKEY_get_attr() returns either a B or NULL if there is a +error. + +EVP_PKEY_delete_attr() returns either the removed B or NULL if +there is a error. + +EVP_PKEY_add1_attr(), EVP_PKEY_add1_attr_by_OBJ(), EVP_PKEY_add1_attr_by_NID() +and EVP_PKEY_add1_attr_by_txt() return 1 on success or 0 otherwise. + +=head1 NOTES + +A B object's attribute list is initially NULL. All the above functions +listed will return an error unless EVP_PKEY_add1_attr() is called. +All functions listed assume that the I is not NULL. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index 07df271b59050c..059f080e3e99f5 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -8,10 +8,12 @@ LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, -lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error, +lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_num_items, lh_TYPE_get_down_load, +lh_TYPE_set_down_load, lh_TYPE_error, OPENSSL_LH_new, OPENSSL_LH_free, OPENSSL_LH_flush, OPENSSL_LH_insert, OPENSSL_LH_delete, OPENSSL_LH_retrieve, -OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error +OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_num_items, +OPENSSL_LH_get_down_load, OPENSSL_LH_set_down_load, OPENSSL_LH_error - dynamic hash table =head1 SYNOPSIS @@ -36,6 +38,10 @@ OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, TYPE *arg); + unsigned long lh_TYPE_num_items(OPENSSL_LHASH *lh); + unsigned long lh_TYPE_get_down_load(OPENSSL_LHASH *lh); + void lh_TYPE_set_down_load(OPENSSL_LHASH *lh, unsigned long dl); + int lh_TYPE_error(LHASH_OF(TYPE) *table); typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); @@ -54,8 +60,14 @@ OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); + unsigned long OPENSSL_LH_num_items(OPENSSL_LHASH *lh); + unsigned long OPENSSL_LH_get_down_load(OPENSSL_LHASH *lh); + void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long dl); + int OPENSSL_LH_error(OPENSSL_LHASH *lh); + #define LH_LOAD_MULT /* integer constant */ + The following macro is deprecated: DEFINE_LHASH_OF(TYPE); @@ -157,15 +169,6 @@ For example: /* Then the hash table itself can be deallocated */ lh_TYPE_free(hashtable); -When doing this, be careful if you delete entries from the hash table -in your callbacks: the table may decrease in size, moving the item -that you are currently on down lower in the hash table - this could -cause some entries to be skipped during the iteration. The second -best solution to this problem is to set hash-Edown_load=0 before -you start (which will stop the hash table ever decreasing in size). -The best solution is probably to avoid deleting items from the hash -table inside a "doall" callback! - B_doall_arg>() is the same as B_doall>() except that I will be called with I as the second argument and I should be of type B(B>) (a callback prototype @@ -187,21 +190,47 @@ that is provided by the caller): lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO, logging_bio); +Note that it is by default B safe to use B_delete>() inside a +callback passed to B_doall>() or B_doall_arg>(). The +reason for this is that deleting an item from the hash table may result in the +hash table being contracted to a smaller size and rehashed. +B_doall>() and B_doall_arg>() are unsafe and will exhibit +undefined behaviour under these conditions, as these functions assume the hash +table size and bucket pointers do not change during the call. + +If it is desired to use B_doall>() or B_doall_arg>() with +B_delete>(), it is essential that you call +B_set_down_load>() with a I argument of 0 first. This +disables hash table contraction and guarantees that it will be safe to delete +items from a hash table during a call to B_doall>() or +B_doall_arg>(). + +It is never safe to call B_insert>() during a call to +B_doall>() or B_doall_arg>(). B_error>() can be used to determine if an error occurred in the last operation. +B_num_items>() returns the number of items in the hash table. + +B_get_down_load>() and B_set_down_load>() get and set the +factor used to determine when the hash table is contracted. The factor is the +load factor at or below which hash table contraction will occur, multiplied by +B, where the load factor is the number of items divided by the +number of nodes. Setting this value to 0 disables hash table contraction. + OPENSSL_LH_new() is the same as the B_new>() except that it is not type specific. So instead of returning an B)> value it returns a B. In the same way the functions OPENSSL_LH_free(), OPENSSL_LH_flush(), OPENSSL_LH_insert(), OPENSSL_LH_delete(), -OPENSSL_LH_retrieve(), OPENSSL_LH_doall(), OPENSSL_LH_doall_arg(), and -OPENSSL_LH_error() are equivalent to the similarly named B> functions -except that they return or use a B where the equivalent B> -function returns or uses a B *> or B) *>. B> -functions are implemented as type checked wrappers around the B -functions. Most applications should not call the B functions -directly. +OPENSSL_LH_retrieve(), OPENSSL_LH_doall(), OPENSSL_LH_doall_arg(), +OPENSSL_LH_num_items(), OPENSSL_LH_get_down_load(), OPENSSL_LH_set_down_load() +and OPENSSL_LH_error() are equivalent to the similarly named B> +functions except that they return or use a B where the equivalent +B> function returns or uses a B *> or B) *>. +B> functions are implemented as type checked wrappers around the +B functions. Most applications should not call the B +functions directly. =head1 RETURN VALUES diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 29cefe673cc34f..dae0de083a62de 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -112,7 +112,7 @@ OSSL_PARAM_UNMODIFIED, OSSL_PARAM_modified, OSSL_PARAM_set_all_unmodified A collection of utility functions that simplify and add type safety to the L arrays. The following B> names are supported: -=over 1 +=over 2 =item * diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index 5291338d3c4d0c..3d8463a1e855fd 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -72,9 +72,15 @@ export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. -If a certificate contains an I or I then this will be -used for the corresponding B or B in the -PKCS12 structure. +If I is B and I contains an I then this will be +used for the corresponding B in the PKCS12 structure instead. +Similarly, if I is NULL and I contains a I then this will be +used for the corresponding B in the PKCS12 structure instead of the +id calculated from the I. + +For all certificates in I then if a certificate contains an I or +I then this will be used for the corresponding B or +B in the PKCS12 structure. Either I, I or both can be B to indicate that no key or certificate is required. In previous versions both had to be present or diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 7ffd731410a0ea..203ef17a265130 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -46,7 +46,10 @@ As of OpenSSL 1.1.0, compression is off by default. Enables support for SSL/TLS compression, same as clearing B. This command was introduced in OpenSSL 1.1.0. -As of OpenSSL 1.1.0, compression is off by default. +As of OpenSSL 1.1.0, compression is off by default. TLS compression can only be +used in security level 1 or lower. From OpenSSL 3.2.0 and above the default +security level is 2, so this option will have no effect without also changing +the security level. See L. =item B<-no_ticket> diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 56695e4abd507d..5ec1e5baabdd5b 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -250,8 +250,12 @@ and compressed certificates will not be accepted from the peer. =item SSL_OP_NO_COMPRESSION -Do not use compression even if it is supported. This option is set by default. -To switch it off use SSL_clear_options(). +Do not use TLS record compression even if it is supported. This option is set by +default. To switch it off use SSL_clear_options(). Note that TLS record +compression is not recommended and is not available at security level 2 or +above. From OpenSSL 3.2 the default security level is 2, so clearing this option +will have no effect without also changing the default security level. See +L. =item SSL_OP_NO_ENCRYPT_THEN_MAC diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 5d178bb8e4de8b..f289383c781521 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -42,8 +42,8 @@ ticket construction state according to RFC5077 Section 4 such that per session state is unnecessary and a small set of cryptographic variables needs to be maintained by the callback function implementation. -In order to reuse a session, a TLS client must send the a session ticket -extension to the server. The client can only send exactly one session ticket. +In order to reuse a session, a TLS client must send the session ticket +extension to the server. The client must send exactly one session ticket. The server, through the callback function, either agrees to reuse the session ticket information or it starts a full TLS handshake to create a new session ticket. diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index c0d69f6f6ae99f..a14f334cfca8c0 100644 --- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -55,7 +55,7 @@ As generating DH parameters is extremely time consuming, an application should not generate the parameters on the fly. DH parameters can be reused, as the actual key is newly generated during the negotiation. -Typically applications should use well know DH parameters that have built-in +Typically applications should use well known DH parameters that have built-in support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto() configure OpenSSL to use the default built-in DH parameters for the B and B objects respectively. Passing a value of 1 in the I parameter diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index 27dd584687f307..a205d2ae1a8d93 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -32,7 +32,9 @@ Some TLS implementations do not send a close_notify alert on shutdown. On an unexpected EOF, versions before OpenSSL 3.0 returned B, nothing was added to the error stack, and errno was 0. Since OpenSSL 3.0 the returned error is B with a meaningful -error on the error stack. +error on the error stack (SSL_R_UNEXPECTED_EOF_WHILE_READING). This error reason +code may be used for control flow decisions (see the man page for +L for further details on this). =head1 RETURN VALUES @@ -73,7 +75,7 @@ for a blocking B. See L for more information. For non-QUIC SSL objects, B is returned when the last -operation was a write to a nonblocking B and it was unable to sent all data +operation was a write to a nonblocking B and it was unable to send all data to the B. When the B is writable again, the same function can be called again. diff --git a/doc/man3/SSL_get_peer_certificate.pod b/doc/man3/SSL_get_peer_certificate.pod index b695edc689fa8e..7885188eedb264 100644 --- a/doc/man3/SSL_get_peer_certificate.pod +++ b/doc/man3/SSL_get_peer_certificate.pod @@ -10,10 +10,15 @@ SSL_get1_peer_certificate - get the X509 certificate of the peer #include - X509 *SSL_get_peer_certificate(const SSL *ssl); X509 *SSL_get0_peer_certificate(const SSL *ssl); X509 *SSL_get1_peer_certificate(const SSL *ssl); +The following function has been deprecated since OpenSSL 3.0, +and can be hidden entirely by defining B with a suitable +version value, see L: + + X509 *SSL_get_peer_certificate(const SSL *ssl); + =head1 DESCRIPTION These functions return a pointer to the X509 certificate the diff --git a/doc/man3/X509_ATTRIBUTE.pod b/doc/man3/X509_ATTRIBUTE.pod new file mode 100644 index 00000000000000..1eacf3ee3d9279 --- /dev/null +++ b/doc/man3/X509_ATTRIBUTE.pod @@ -0,0 +1,263 @@ +=pod + +=head1 NAME + +X509_ATTRIBUTE, X509at_get_attr, +X509at_get_attr_count, X509at_get_attr_by_NID, X509at_get_attr_by_OBJ, +X509at_delete_attr, +X509at_add1_attr, +X509at_add1_attr_by_OBJ, X509at_add1_attr_by_NID, X509at_add1_attr_by_txt, +X509at_get0_data_by_OBJ, +X509_ATTRIBUTE_create, X509_ATTRIBUTE_create_by_NID, +X509_ATTRIBUTE_create_by_OBJ, X509_ATTRIBUTE_create_by_txt, +X509_ATTRIBUTE_set1_object, X509_ATTRIBUTE_set1_data, +X509_ATTRIBUTE_count, +X509_ATTRIBUTE_get0_data, X509_ATTRIBUTE_get0_object, X509_ATTRIBUTE_get0_type +- X509 attribute functions + +=head1 SYNOPSIS + + #include + + typedef struct x509_attributes_st X509_ATTRIBUTE; + + int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); + int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); + int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); + X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); + X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); + void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); + X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); + int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); + int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); + void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); + int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); + ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); + ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +=head1 DESCRIPTION + +B objects are used by many standards including X509, X509_REQ, +PKCS12, PKCS8, PKCS7 and CMS. + +The B object is used to represent the ASN.1 Attribute as defined +in RFC 5280, i.e. + + Attribute ::= SEQUENCE { + type AttributeType, + values SET OF AttributeValue } + + AttributeType ::= OBJECT IDENTIFIER + AttributeValue ::= ANY -- DEFINED BY AttributeType + +For example CMS defines the signing-time attribute as: + + id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 } + + SigningTime ::= Time + + Time ::= CHOICE { + utcTime UTCTime, + generalizedTime GeneralizedTime } + +In OpenSSL B maps to an B object +and B maps to a list of B objects. + +The following functions are used for B objects. + +X509at_get_attr_by_OBJ() finds the location of the first matching object I +in a list of attributes I. The search starts at the position after I. +If the returned value is positive then it can be used on the next call to +X509at_get_attr_by_OBJ() as the value of I in order to iterate through +the remaining attributes. I can be set to any negative value on the +first call, in order to start searching from the start of the list. + +X509at_get_attr_by_NID() is similar to X509at_get_attr_by_OBJ() except that it +passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +X509at_get_attr() returns the B object at index I in the +list of attributes I. I should be in the range from 0 to +X509at_get_attr_count() - 1. + +X509at_delete_attr() removes the B object at index I in +the list of attributes I. + +X509at_add1_attr() pushes a copy of the passed in B object +to the list I. +Both I and I must be non NULL or an error will occur. +If I<*x> is NULL then a new list is created, otherwise it uses the +passed in list. An error will occur if an existing attribute (with the same +attribute type) already exists in the attribute list. + +X509at_add1_attr_by_OBJ() creates a new B using +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new +I with type I and data I of length I and then pushes it +to the attribute list I. Both I and I must be non NULL or an error +will occur. If I<*x> is NULL then a new attribute list is created. If I +already exists in the attribute list then an error occurs. + +X509at_add1_attr_by_NID() is similar to X509at_add1_attr_by_OBJ() except that it +passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +X509at_add1_attr_by_txt() is similar to X509at_add1_attr_by_OBJ() except that it +passes a name I associated with the object. +See for a list of SN_* names. + +X509_ATTRIBUTE_set1_object() assigns a B I +to the attribute I. If I contained an existing B then +it is freed. An error occurs if either I or I are NULL, or if +the passed in I cannot be duplicated. + +X509_ATTRIBUTE_set1_data() pushes a new B object onto the I +attributes list. The new object is assigned a copy of the data in I of +size I. +If I has flag I set then a table lookup using the +I attributes NID is used to set an B using +ASN1_STRING_set_by_NID(), and the passed in I must be in the format +required for that object type or an error will occur. +If I is not -1 then internally ASN1_STRING_type_new() is +used with the passed in I. +If I is 0 the call does nothing except return 1. + +X509_ATTRIBUTE_create() creates a new B using the I +to set the B OID and the I and I to set the +B. + +X509_ATTRIBUTE_create_by_OBJ() uses X509_ATTRIBUTE_set1_object() and +X509_ATTRIBUTE_set1_data() to assign a new I with type I and +data I of length I. If the passed in attribute I OR I<*attr> is +NULL then a new B will be returned, otherwise the passed in +B is used. Note that the ASN1_OBJECT I is pushed onto the +attributes existing list of objects, which could be an issue if the attributes + was different. + +X509_ATTRIBUTE_create_by_NID() is similar to X509_ATTRIBUTE_create_by_OBJ() +except that it passes the numerical identifier (NID) I associated with the +object. See for a list of NID_*. + +X509_ATTRIBUTE_create_by_txt() is similar to X509_ATTRIBUTE_create_by_OBJ() +except that it passes a name I associated with the +object. See for a list of SN_* names. + +X509_ATTRIBUTE_count() returns the number of B objects in an +attribute I. + +X509_ATTRIBUTE_get0_type() returns the B object at index I in +the attribute list I. I should be in the +range of 0 to X509_ATTRIBUTE_count() - 1 or an error will occur. + +X509_ATTRIBUTE_get0_data() returns the data of an B object at +index I in the attribute I. I is unused and can be set to NULL. +An error will occur if the attribute type I does not match the type of +the B object at index I OR if I is either +B or B OR if the I is not in the +range 0 to X509_ATTRIBUTE_count() - 1. + +X509at_get0_data_by_OBJ() finds the first attribute in an attribute list I +that matches the I starting at index I and returns the data +retrieved from the found attributes first B object. An error will +occur if the attribute type I does not match the type of the B +object OR if I is either B or B OR the +attribute is not found. +If I is less than -1 then an error will occur if there are multiple +objects in the list I that match I. +If I is less than -2 then an error will occur if there is more than +one B object in the found attribute. + +=head1 RETURN VALUES + +X509at_get_attr_count() returns the number of attributes in the list I or -1 +if I is NULL. + +X509at_get_attr_by_OBJ() returns -1 if either the list is empty OR the object +is not found, otherwise it returns the location of the object in the list. + +X509at_get_attr_by_NID() is similar to X509at_get_attr_by_OBJ(), except that +it returns -2 if the I is not known by OpenSSL. + +X509at_get_attr() returns either an B or NULL if there is a error. + +X509at_delete_attr() returns either the removed B or NULL if +there is a error. + +X509_ATTRIBUTE_count() returns -1 on error, otherwise it returns the number +of B elements. + +X509_ATTRIBUTE_get0_type() returns NULL on error, otherwise it returns a +B object. + +X509_ATTRIBUTE_get0_data() returns NULL if an error occurs, +otherwise it returns the data associated with an B object. + +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() returns 1 on +success, or 0 otherwise. + +X509_ATTRIBUTE_create(), X509_ATTRIBUTE_create_by_OBJ(), +X509_ATTRIBUTE_create_by_NID() and X509_ATTRIBUTE_create_by_txt() return either +a B on success, or NULL if there is a error. + +X509at_add1_attr(), X509at_add1_attr_by_OBJ(), X509at_add1_attr_by_NID() and +X509at_add1_attr_by_txt() return NULL on error, otherwise they return a list +of B. + +X509at_get0_data_by_OBJ() returns the data retrieved from the found attributes +first B object, or NULL if an error occurs. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/X509_REQ_get_attr.pod b/doc/man3/X509_REQ_get_attr.pod new file mode 100644 index 00000000000000..a85d8399b0dafc --- /dev/null +++ b/doc/man3/X509_REQ_get_attr.pod @@ -0,0 +1,111 @@ +=pod + +=head1 NAME + +X509_REQ_get_attr_count, +X509_REQ_get_attr_by_NID, X509_REQ_get_attr_by_OBJ, X509_REQ_get_attr, +X509_REQ_delete_attr, +X509_REQ_add1_attr, X509_REQ_add1_attr_by_OBJ, X509_REQ_add1_attr_by_NID, +X509_REQ_add1_attr_by_txt +- B support for signed certificate requests + +=head1 SYNOPSIS + + #include + + int X509_REQ_get_attr_count(const X509_REQ *req); + int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); + int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); + X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); + X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); + int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); + int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); + int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); + int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +=head1 DESCRIPTION + +X509_REQ_get_attr_by_OBJ() finds the location of the first matching object I +in the I attribute list. The search starts at the position after I. +If the returned value is positive then it can be used on the next call to +X509_REQ_get_attr_by_OBJ() as the value of I in order to iterate through +the remaining attributes. I can be set to any negative value on the +first call, in order to start searching from the start of the attribute list. + +X509_REQ_get_attr_by_NID() is similar to X509_REQ_get_attr_by_OBJ() except that +it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +X509_REQ_get_attr() returns the B object at index I in the +I attribute list. I should be in the range from 0 to +X509_REQ_get_attr_count() - 1. + +X509_REQ_delete_attr() removes the B object at index I in +the I objects list of attributes. An error occurs if I is NULL. + +X509_REQ_add1_attr() pushes a copy of the passed in B I<>attr> +to the I object's attribute list. An error will occur if either the +attribute list is NULL or the attribute already exists. + +X509_REQ_add1_attr_by_OBJ() creates a new B using +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new +I with type I and data I of length I and then pushes it +to the I object's attribute list. I must be non NULL or an error +will occur. If I already exists in the attribute list then an error occurs. + +X509_REQ_add1_attr_by_NID() is similar to X509_REQ_add1_attr_by_OBJ() except +that it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +X509_REQ_add1_attr_by_txt() is similar to X509_REQ_add1_attr_by_OBJ() except +that it passes a name I associated with the object. +See for a list of SN_* names. + +Refer to L for information related to attributes. + +=head1 RETURN VALUES + +X509_REQ_get_attr_count() returns the number of attributes in the I object +attribute list or -1 if the attribute list is NULL. + +X509_REQ_get_attr_by_OBJ() returns -1 if either the I object's attribute +list is empty OR I is not found, otherwise it returns the location of the +I in the attribute list. + +X509_REQ_get_attr_by_NID() is similar to X509_REQ_get_attr_by_OBJ(), except that +it returns -2 if the I is not known by OpenSSL. + +X509_REQ_get_attr() returns either an B or NULL on error. + +X509_REQ_delete_attr() returns either the removed B or NULL if +there is a error. + +X509_REQ_add1_attr(), X509_REQ_add1_attr_by_OBJ(), X509_REQ_add1_attr_by_NID() +and X509_REQ_add1_attr_by_txt() return 1 on success or 0 on error. + +=head1 NOTES + +Any functions that modify the attributes (add or delete) internally set a flag +to indicate the ASN.1 encoding has been modified. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 9e70ffea13c60a..c6206e1759093f 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -359,6 +359,15 @@ algorithms from providers. This created object can then be used when loading binary data using B>(). B_dup>() copies an existing object, leaving it untouched. +Note, however, that the internal representation of the object +may contain (besides the ASN.1 structure) further data, which is not copied. +For instance, an B object usually is augmented by cached information +on X.509v3 extensions, etc., and losing it can lead to wrong validation results. +To avoid such situations, better use B_up_ref>() if available. +For the case of B objects, an alternative to using L +may be to still call B_dup>(), e.g., I, +followed by I, +which re-builds the cached data. B_free>() releases the object and all pointers and sub-objects within it. @@ -376,6 +385,10 @@ the object or NULL on failure. B_print_ctx>() returns 1 on success or zero on failure. +=head1 SEE ALSO + +L + =head1 HISTORY The functions X509_REQ_new_ex(), X509_CRL_new_ex(), PKCS7_new_ex() and diff --git a/doc/man7/EVP_CIPHER-AES.pod b/doc/man7/EVP_CIPHER-AES.pod index fa1eaa843be20f..7bd3746c9ba278 100644 --- a/doc/man7/EVP_CIPHER-AES.pod +++ b/doc/man7/EVP_CIPHER-AES.pod @@ -63,6 +63,19 @@ FIPS provider: This implementation supports the parameters described in L. +=head1 NOTES + +The AES-SIV and AES-WRAP mode implementations do not support streaming. That +means to obtain correct results there can be only one L +or L call after the initialization of the context. + +The AES-XTS implementations allow streaming to be performed, but each +L or L call requires each input +to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or +EVP_DecryptUpdate() call can optionally have an input that is not a multiple +of the blocksize but is larger than one block. In that case ciphertext +stealing (CTS) is used to fill the block. + =head1 SEE ALSO L, L, L diff --git a/doc/man7/EVP_CIPHER-SM4.pod b/doc/man7/EVP_CIPHER-SM4.pod index b0c292757e77f1..a446fafb6d4b18 100644 --- a/doc/man7/EVP_CIPHER-SM4.pod +++ b/doc/man7/EVP_CIPHER-SM4.pod @@ -37,6 +37,15 @@ The following algorithms are available in the default provider: This implementation supports the parameters described in L. +=head1 NOTES + +The SM4-XTS implementation allows streaming to be performed, but each +L or L call requires each input +to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or +EVP_DecryptUpdate() call can optionally have an input that is not a multiple +of the blocksize but is larger than one block. In that case ciphertext +stealing (CTS) is used to fill the block. + =head1 SEE ALSO L, L diff --git a/doc/man7/EVP_KDF-ARGON2.pod b/doc/man7/EVP_KDF-ARGON2.pod index e2dfb6edbf7830..d41a3179b53b32 100644 --- a/doc/man7/EVP_KDF-ARGON2.pod +++ b/doc/man7/EVP_KDF-ARGON2.pod @@ -21,7 +21,7 @@ primary seek to address trade-off (side-channel) attacks. Argon2id is a hybrid construction which, in the first two slices of the first pass, generates reference addresses data-independently as in Argon2i, whereas -in later slices and next passess it generates them data-dependently as in +in later slices and next passes it generates them data-dependently as in Argon2d. Sbox-hardened version Argon2ds is not supported. diff --git a/doc/man7/EVP_MD-SHAKE.pod b/doc/man7/EVP_MD-SHAKE.pod index 157d2bb283203f..6adf4b7bebb13f 100644 --- a/doc/man7/EVP_MD-SHAKE.pod +++ b/doc/man7/EVP_MD-SHAKE.pod @@ -25,14 +25,14 @@ provider, and includes the following varieties: Known names are "KECCAK-KMAC-128" and "KECCAK-KMAC128". This is used by L. Using the notation from NIST FIPS 202 -(Section 6.2), we have KECCAK-KMAC-128(M, d) = KECCAK[256](M || 00, d) +(Section 6.2), we have S = S (see the description of KMAC128 in Appendix A of NIST SP 800-185). =item KECCAK-KMAC-256 Known names are "KECCAK-KMAC-256" and "KECCAK-KMAC256". This is used by L. Using the notation from NIST FIPS 202 -(Section 6.2), we have KECCAK-KMAC-256(M, d) = KECCAK[512](M || 00, d) +(Section 6.2), we have S = S (see the description of KMAC256 in Appendix A of NIST SP 800-185). =item SHAKE-128 diff --git a/doc/man7/EVP_PKEY-RSA.pod b/doc/man7/EVP_PKEY-RSA.pod index 161e9d4d71d16d..dcd38fcee85bb8 100644 --- a/doc/man7/EVP_PKEY-RSA.pod +++ b/doc/man7/EVP_PKEY-RSA.pod @@ -80,7 +80,7 @@ Up to eight additional "r_i" prime factors are supported. =item "rsa-exponent10" (B) RSA CRT (Chinese Remainder Theorem) exponents. The exponents are known -as "dP", "dQ" and "d_i in RFC8017". +as "dP", "dQ" and "d_i" in RFC8017. Up to eight additional "d_i" exponents are supported. =item "rsa-coefficient1" (B) diff --git a/doc/man7/EVP_RAND-SEED-SRC.pod b/doc/man7/EVP_RAND-SEED-SRC.pod index 8bbd5794720e0d..a00ed328d52906 100644 --- a/doc/man7/EVP_RAND-SEED-SRC.pod +++ b/doc/man7/EVP_RAND-SEED-SRC.pod @@ -49,9 +49,10 @@ A context for the seed source can be obtained by calling: OSSL_PARAM params[2], *p = params; unsigned int strength = 128; - /* Create a seed source */ + /* Create and instantiate a seed source */ rand = EVP_RAND_fetch(NULL, "SEED-SRC", NULL); seed = EVP_RAND_CTX_new(rand, NULL); + EVP_RAND_instantiate(seed, strength, 0, NULL, 0, NULL); EVP_RAND_free(rand); /* Feed this into a DRBG */ diff --git a/doc/man7/ossl-guide-libcrypto-introduction.pod b/doc/man7/ossl-guide-libcrypto-introduction.pod index 719f947487610c..33451b48733707 100644 --- a/doc/man7/ossl-guide-libcrypto-introduction.pod +++ b/doc/man7/ossl-guide-libcrypto-introduction.pod @@ -88,6 +88,10 @@ L, L and L. +Note, while providers may register algorithms against a list of names using a +string with a colon separated list of names, fetching algorithms using that +format is currently unsupported. + =item A property query string The property query string used to guide selection of the algorithm diff --git a/doc/man7/ossl-guide-tls-client-block.pod b/doc/man7/ossl-guide-tls-client-block.pod index ba59bd4ab3c813..8f72fe3a1c034e 100644 --- a/doc/man7/ossl-guide-tls-client-block.pod +++ b/doc/man7/ossl-guide-tls-client-block.pod @@ -348,7 +348,7 @@ connection. To send data to the server we use the L function and to receive data from the server we use the L function. In HTTP 1.0 the client always writes data first. Our HTTP request will include the hostname that -we are connecting to. For simplicitly, we write the HTTP request in three +we are connecting to. For simplicity, we write the HTTP request in three chunks. First we write the start of the request. Secondly we write the hostname we are sending the request to. Finally we send the end of the request. diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index 14ff581c72c492..eaad3cf2ff021a 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -148,9 +148,13 @@ It is the responsibility of the cipher implementation to handle input lengths that are not multiples of the block length. In such cases a cipher implementation will typically cache partial blocks of input data until a complete block is obtained. -I may be the same location as I but it should not partially overlap. -The same expectations apply to I as documented for -L and L. +The pointers I and I may point to the same location, in which +case the encryption must be done in-place. If I and I point to different +locations, the requirements of L and L +guarantee that the two buffers are disjoint. +Similarly, the requirements of L and L +ensure that the buffer pointed to by I contains sufficient room for the +operation being performed. OSSL_FUNC_cipher_final() completes an encryption or decryption started through previous OSSL_FUNC_cipher_encrypt_init() or OSSL_FUNC_cipher_decrypt_init(), and OSSL_FUNC_cipher_update() diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index f8d04bfd0b3744..cbbf8c8547629c 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -376,7 +376,7 @@ length is specific to the key cryptosystem. The value should be the maximum size that a caller should allocate to safely store a signature (called I in L), -the result of asymmmetric encryption / decryption (I in +the result of asymmetric encryption / decryption (I in L, a derived secret (I in L, and similar data). diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod index 3e900677d319f3..38d3320d18c887 100644 --- a/doc/man7/provider-signature.pod +++ b/doc/man7/provider-signature.pod @@ -365,12 +365,15 @@ signature algorithm and digest algorithm for the signature operation. =item "nonce-type" (B) -Set this to 1 to use a deterministic ECDSA or DSA digital signature as -defined in RFC #6979 (See Section 3.2 "Generation of k"). -The default value of 0 uses a random value for the nonce B as defined in -FIPS 186-4 Section 6.3 "Secret Number Generation". -Before using deterministic digital signature please read -RFC #6979 Section 4 "Security Considerations". +Set this to 1 to use deterministic digital signature generation with +ECDSA or DSA, as defined in RFC 6979 (see Section 3.2 "Generation of +k"). In this case, the "digest" parameter must be explicitly set +(otherwise, deterministic nonce generation will fail). Before using +deterministic digital signature generation, please read RFC 6979 +Section 4 "Security Considerations". The default value for +"nonce-type" is 0 and results in a random value being used for the +nonce B as defined in FIPS 186-4 Section 6.3 "Secret Number +Generation". =item "kat" (B) diff --git a/doc/man7/provider-storemgmt.pod b/doc/man7/provider-storemgmt.pod index 81d407a4b8b910..221060021721be 100644 --- a/doc/man7/provider-storemgmt.pod +++ b/doc/man7/provider-storemgmt.pod @@ -184,12 +184,12 @@ fingerprint, computed with the given digest. Indicates that the caller wants to search for an object with the given alias (some call it a "friendly name"). -=item "properties" (B +=item "properties" (B) Property string to use when querying for algorithms such as the B decoder implementations. -=item "input-type" (B +=item "input-type" (B) Type of the input format as a hint to use when decoding the objects in the store. diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h index e641450b15dfc8..4abda35d555d92 100644 --- a/include/crypto/aes_platform.h +++ b/include/crypto/aes_platform.h @@ -65,16 +65,16 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, # ifdef VPAES_ASM # define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) # endif -# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) -# define HWAES_set_encrypt_key aes_p8_set_encrypt_key -# define HWAES_set_decrypt_key aes_p8_set_decrypt_key -# define HWAES_encrypt aes_p8_encrypt -# define HWAES_decrypt aes_p8_decrypt -# define HWAES_cbc_encrypt aes_p8_cbc_encrypt -# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks -# define HWAES_xts_encrypt aes_p8_xts_encrypt -# define HWAES_xts_decrypt aes_p8_xts_decrypt # if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX) +# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) +# define HWAES_set_encrypt_key aes_p8_set_encrypt_key +# define HWAES_set_decrypt_key aes_p8_set_decrypt_key +# define HWAES_encrypt aes_p8_encrypt +# define HWAES_decrypt aes_p8_decrypt +# define HWAES_cbc_encrypt aes_p8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks +# define HWAES_xts_encrypt aes_p8_xts_encrypt +# define HWAES_xts_decrypt aes_p8_xts_decrypt # define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300) # define AES_GCM_ENC_BYTES 128 # define AES_GCM_DEC_BYTES 128 diff --git a/include/crypto/conferr.h b/include/crypto/conferr.h index cb367e4f32a04d..fc9645127d12d4 100644 --- a/include/crypto/conferr.h +++ b/include/crypto/conferr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/x509.h b/include/crypto/x509.h index 5765b9f7197afb..eb34a3f9a761e0 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -371,4 +371,21 @@ int ossl_x509_check_private_key(const EVP_PKEY *k, const EVP_PKEY *pkey); int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, size_t vallen, STACK_OF(CONF_VALUE) **extlist); +/* Attribute addition functions not checking for duplicate attributes */ +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, + int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, + const char *attrname, + int type, + const unsigned char *bytes, + int len); #endif /* OSSL_CRYPTO_X509_H */ diff --git a/include/internal/ktls.h b/include/internal/ktls.h index af27a32569713e..80f2cfec54e29a 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -80,6 +80,12 @@ static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx) # endif } +/* Not supported on FreeBSD */ +static ossl_inline int ktls_enable_tx_zerocopy_sendfile(int fd) +{ + return 0; +} + /* * Send a TLS record using the tls_en provided in ktls_start and use * record_type instead of the default SSL3_RT_APPLICATION_DATA. diff --git a/include/openssl/conferr.h b/include/openssl/conferr.h index 496e2e1efd66a4..a8798e792412ba 100644 --- a/include/openssl/conferr.h +++ b/include/openssl/conferr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,6 +38,7 @@ # define CONF_R_NUMBER_TOO_LARGE 121 # define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION 124 # define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_RECURSIVE_SECTION_REFERENCE 126 # define CONF_R_RELATIVE_PATH 125 # define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 # define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 diff --git a/include/openssl/e_ostime.h b/include/openssl/e_ostime.h index 8a7cc9880fa797..0e17487504992a 100644 --- a/include/openssl/e_ostime.h +++ b/include/openssl/e_ostime.h @@ -22,7 +22,15 @@ */ # if defined(OPENSSL_SYS_WINDOWS) -# include +# if !defined(_WINSOCKAPI_) + /* + * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define + * _WINSOCKAPI_. Both of these provide struct timeval. Don't include + * winsock2.h if either header has been included to avoid breakage with + * applications that prefer to use over . + */ +# include +# endif # else # include # endif diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index ffee5a4e3faa87..9f91039f8a121c 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -2687,11 +2687,6 @@ __owur int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *le __owur int SSL_CTX_get0_client_cert_type(const SSL_CTX *ctx, unsigned char **t, size_t *len); __owur int SSL_CTX_get0_server_cert_type(const SSL_CTX *s, unsigned char **t, size_t *len); -#ifndef OPENSSL_NO_VCAUTHTLS -__owur int SSL_CTX_use_VC(SSL_CTX *ctx, EVP_PKEY *vc); -__owur int SSL_CTX_use_DID(SSL_CTX *ctx, EVP_PKEY *did); -#endif - # ifdef __cplusplus } # endif diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 8f4a28ac99dc59..7e3d1a725b82e0 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -168,10 +168,6 @@ extern "C" { # define TLSEXT_TYPE_next_proto_neg 13172 # endif -#ifndef OPENSSL_NO_VCAUTHTLS -# define TLSEXT_TYPE_did_methods 65282 -#endif - /* NameType value from RFC3546 */ # define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC3546 */ @@ -244,9 +240,6 @@ extern "C" { # define TLSEXT_cert_type_pgp 1 /* recognized, but not supported */ # define TLSEXT_cert_type_rpk 2 # define TLSEXT_cert_type_1609dot2 3 /* recognized, but not supported */ -#ifndef OPENSSL_NO_VCAUTHTLS -# define TLSEXT_cert_type_vc 224 -#endif int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 497d69edd47c5f..71bfa344d4864a 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -572,6 +572,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS, NULL, 0), OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0), OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS, NULL, 0), diff --git a/providers/implementations/ciphers/cipher_aes.h b/providers/implementations/ciphers/cipher_aes.h index 7eaf76c8c47db5..86a30ab145fc32 100644 --- a/providers/implementations/ciphers/cipher_aes.h +++ b/providers/implementations/ciphers/cipher_aes.h @@ -44,7 +44,6 @@ typedef struct prov_aes_ctx_st { /* KMO-AES/KMF-AES parameter block - end */ } param; unsigned int fc; - int res; } s390x; #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */ } plat; diff --git a/providers/implementations/ciphers/cipher_aes_ccm_hw.c b/providers/implementations/ciphers/cipher_aes_ccm_hw.c index 575a8ba88d8e34..b050cf3edd8868 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm_hw.c +++ b/providers/implementations/ciphers/cipher_aes_ccm_hw.c @@ -61,9 +61,9 @@ static const PROV_CCM_HW aes_ccm = { # include "cipher_aes_ccm_hw_aesni.inc" #elif defined(SPARC_AES_CAPABLE) # include "cipher_aes_ccm_hw_t4.inc" -#elif defined(__riscv) && __riscv_xlen == 64 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 # include "cipher_aes_ccm_hw_rv64i.inc" -#elif defined(__riscv) && __riscv_xlen == 32 +#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 # include "cipher_aes_ccm_hw_rv32i.inc" #else const PROV_CCM_HW *ossl_prov_aes_hw_ccm(size_t keybits) diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc index c8282dbd08a9cd..0939b147e64cb4 100644 --- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc +++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc @@ -58,7 +58,6 @@ static int s390x_aes_ofb128_initkey(PROV_CIPHER_CTX *dat, memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); adat->plat.s390x.fc = S390X_AES_FC(keylen); - adat->plat.s390x.res = 0; return 1; } @@ -66,7 +65,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, const unsigned char *in, size_t len) { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; - int n = adat->plat.s390x.res; + int n = dat->num; int rem; memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen); @@ -102,7 +101,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, } memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen); - adat->plat.s390x.res = n; + dat->num = n; return 1; } @@ -113,7 +112,6 @@ static int s390x_aes_cfb128_initkey(PROV_CIPHER_CTX *dat, adat->plat.s390x.fc = S390X_AES_FC(keylen); adat->plat.s390x.fc |= 16 << 24; /* 16 bytes cipher feedback */ - adat->plat.s390x.res = 0; memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); return 1; } @@ -123,7 +121,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; unsigned int modifier = adat->base.enc ? 0 : S390X_DECRYPT; - int n = adat->plat.s390x.res; + int n = dat->num; int rem; unsigned char tmp; @@ -164,7 +162,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, } memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen); - adat->plat.s390x.res = n; + dat->num = n; return 1; } diff --git a/providers/implementations/ciphers/cipher_aes_xts_hw.c b/providers/implementations/ciphers/cipher_aes_xts_hw.c index 564d6d67645e03..4cf1361f9c4895 100644 --- a/providers/implementations/ciphers/cipher_aes_xts_hw.c +++ b/providers/implementations/ciphers/cipher_aes_xts_hw.c @@ -225,7 +225,7 @@ static const PROV_CIPHER_HW aes_xts_rv32i_zbkb_zknd_zkne = { \ # define PROV_CIPHER_HW_select_xts() \ if (RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE()) \ return &aes_xts_rv32i_zbkb_zknd_zkne; \ -if (RISCV_HAS_ZKND_ZKNE()) \ +if (RISCV_HAS_ZKND_AND_ZKNE()) \ return &aes_xts_rv32i_zknd_zkne; # else /* The generic case */ diff --git a/providers/implementations/digests/blake2b_prov.c b/providers/implementations/digests/blake2b_prov.c index 1917990c446a67..32cae0c294e2b3 100644 --- a/providers/implementations/digests/blake2b_prov.c +++ b/providers/implementations/digests/blake2b_prov.c @@ -395,8 +395,10 @@ int ossl_blake2b_final(unsigned char *md, BLAKE2B_CTX *c) for (i = 0; i < iter; ++i) store64(target + sizeof(c->h[i]) * i, c->h[i]); - if (target != md) + if (target != md) { memcpy(md, target, c->outlen); + OPENSSL_cleanse(target, sizeof(outbuffer)); + } OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX)); return 1; diff --git a/providers/implementations/digests/blake2s_prov.c b/providers/implementations/digests/blake2s_prov.c index a9a8f9d048a233..e43f78aaa73819 100644 --- a/providers/implementations/digests/blake2s_prov.c +++ b/providers/implementations/digests/blake2s_prov.c @@ -314,8 +314,10 @@ int ossl_blake2s_final(unsigned char *md, BLAKE2S_CTX *c) for (i = 0; i < iter; ++i) store32(target + sizeof(c->h[i]) * i, c->h[i]); - if (target != md) + if (target != md) { memcpy(md, target, c->outlen); + OPENSSL_cleanse(target, sizeof(outbuffer)); + } OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX)); return 1; diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index ae6d7d0a681d30..83a57ebe12db19 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -740,7 +740,15 @@ static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder) # define ec_pem_type "EC" # ifndef OPENSSL_NO_SM2 -# define sm2_evp_type EVP_PKEY_SM2 +/* + * Albeit SM2 is a slightly different algorithm than ECDSA, the key type + * encoding (in all places where an AlgorithmIdentifier is produced, such + * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys + * according to the example in GM/T 0015-2012, appendix D.2. + * This leaves the distinction of SM2 keys to the EC group (which is found + * in AlgorithmIdentified.params). + */ +# define sm2_evp_type ec_evp_type # define sm2_input_type "SM2" # define sm2_pem_type "SM2" # endif diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c index 6f95df071b3599..33e0ee6009ed0a 100644 --- a/providers/implementations/kdfs/pbkdf1.c +++ b/providers/implementations/kdfs/pbkdf1.c @@ -72,6 +72,11 @@ static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen, mdsize = EVP_MD_size(md_type); if (mdsize < 0) goto err; + if (n > (size_t)mdsize) { + ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE); + goto err; + } + for (i = 1; i < iter; i++) { if (!EVP_DigestInit_ex(ctx, md_type, NULL)) goto err; @@ -84,6 +89,7 @@ static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen, memcpy(out, md_tmp, n); ret = 1; err: + OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); EVP_MD_CTX_free(ctx); return ret; } diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 1b3893598d888b..fa0b576b97123d 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -101,8 +101,12 @@ static void *cmac_dup(void *vsrc) static size_t cmac_size(void *vmacctx) { struct cmac_data_st *macctx = vmacctx; + const EVP_CIPHER_CTX *cipherctx = CMAC_CTX_get0_cipher_ctx(macctx->ctx); - return EVP_CIPHER_CTX_get_block_size(CMAC_CTX_get0_cipher_ctx(macctx->ctx)); + if (EVP_CIPHER_CTX_get0_cipher(cipherctx) == NULL) + return 0; + + return EVP_CIPHER_CTX_get_block_size(cipherctx); } static int cmac_setkey(struct cmac_data_st *macctx, diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index b8648b54bf6062..76db37dd02c24d 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -1006,6 +1006,7 @@ static void *rsa_dupctx(void *vprsactx) *dstctx = *srcctx; dstctx->rsa = NULL; dstctx->md = NULL; + dstctx->mgf1_md = NULL; dstctx->mdctx = NULL; dstctx->tbuf = NULL; dstctx->propq = NULL; diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c index a61fd0864f1416..479e4eebe8eff0 100644 --- a/providers/implementations/signature/sm2_sig.c +++ b/providers/implementations/signature/sm2_sig.c @@ -329,6 +329,7 @@ static void sm2sig_freectx(void *vpsm2ctx) free_md(ctx); EC_KEY_free(ctx->ec); + OPENSSL_free(ctx->propq); OPENSSL_free(ctx->id); OPENSSL_free(ctx); } @@ -344,13 +345,21 @@ static void *sm2sig_dupctx(void *vpsm2ctx) *dstctx = *srcctx; dstctx->ec = NULL; + dstctx->propq = NULL; dstctx->md = NULL; dstctx->mdctx = NULL; + dstctx->id = NULL; if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec)) goto err; dstctx->ec = srcctx->ec; + if (srcctx->propq != NULL) { + dstctx->propq = OPENSSL_strdup(srcctx->propq); + if (dstctx->propq == NULL) + goto err; + } + if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) goto err; dstctx->md = srcctx->md; diff --git a/ssl/build.info b/ssl/build.info index c2d648d81fbbbc..00e9e8fd7d4908 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -20,8 +20,7 @@ SOURCE[../libssl]=\ bio_ssl.c ssl_err.c ssl_err_legacy.c tls_srp.c t1_trce.c ssl_utst.c \ statem/statem.c \ ssl_cert_comp.c \ - tls_depr.c \ - ssl_ssi.c + tls_depr.c # For shared builds we need to include the libcrypto packet.c and quic_vlint.c # in libssl as well. diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c index 76a108e44328fb..810dc0716bc9ec 100644 --- a/ssl/record/methods/ssl3_meth.c +++ b/ssl/record/methods/ssl3_meth.c @@ -64,7 +64,11 @@ static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level, return OSSL_RECORD_RETURN_FATAL; } - if (EVP_CIPHER_get0_provider(ciph) != NULL + /* + * The cipher we actually ended up using in the EVP_CIPHER_CTX may be + * different to that in ciph if we have an ENGINE in use + */ + if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(ciph_ctx)) != NULL && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) { /* ERR_raise already called */ return OSSL_RECORD_RETURN_FATAL; diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c index 46a83ad8f42aa2..f13d530a05d9c3 100644 --- a/ssl/record/methods/tls1_meth.c +++ b/ssl/record/methods/tls1_meth.c @@ -117,9 +117,16 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level, ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return OSSL_RECORD_RETURN_FATAL; } - if (EVP_CIPHER_get0_provider(ciph) != NULL - && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) + + /* + * The cipher we actually ended up using in the EVP_CIPHER_CTX may be + * different to that in ciph if we have an ENGINE in use + */ + if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(ciph_ctx)) != NULL + && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) { + /* ERR_raise already called */ return OSSL_RECORD_RETURN_FATAL; + } /* Calculate the explicit IV length */ if (RLAYER_USE_EXPLICIT_IV(rl)) { diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 423777c18dd40f..be7f34753880cb 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -147,6 +147,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, TLS_BUFFER *wb; size_t currpipe; size_t defltlen = 0; + size_t contenttypelen = 0; if (firstlen == 0 || (numwpipes > 1 && nextlen == 0)) { if (rl->isdtls) @@ -154,21 +155,26 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, else headerlen = SSL3_RT_HEADER_LENGTH; + /* TLSv1.3 adds an extra content type byte after payload data */ + if (rl->version == TLS1_3_VERSION) + contenttypelen = 1; + #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 align = SSL3_ALIGN_PAYLOAD - 1; #endif - defltlen = rl->max_frag_len + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - + headerlen + align + rl->eivlen; + defltlen = align + headerlen + rl->eivlen + rl->max_frag_len + + contenttypelen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; #ifndef OPENSSL_NO_COMP if (tls_allow_compression(rl)) defltlen += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif /* * We don't need to add eivlen here since empty fragments only occur - * when we don't have an explicit IV + * when we don't have an explicit IV. The contenttype byte will also + * always be 0 in these protocol versions */ - if (!(rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + if ((rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) == 0) defltlen += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; } @@ -910,11 +916,17 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl) } /* - * Check if the received packet overflows the current - * Max Fragment Length setting. - * Note: rl->max_frag_len > 0 and KTLS are mutually exclusive. + * Record overflow checking (e.g. checking if + * thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) is the responsibility of + * the post_process_record() function above. However we check here if + * the received packet overflows the current Max Fragment Length setting + * if there is one. + * Note: rl->max_frag_len != SSL3_RT_MAX_PLAIN_LENGTH and KTLS are + * mutually exclusive. Also note that with KTLS thisrr->length can + * be > SSL3_RT_MAX_PLAIN_LENGTH (and rl->max_frag_len must be ignored) */ - if (thisrr->length > rl->max_frag_len) { + if (rl->max_frag_len != SSL3_RT_MAX_PLAIN_LENGTH + && thisrr->length > rl->max_frag_len) { RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 845eff9848e5b8..dd401e670fcbb8 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -468,6 +468,10 @@ int ossl_tls_handle_rlayer_return(SSL_CONNECTION *s, int writing, int ret, } else { ERR_new(); ERR_set_debug(file, line, 0); + /* + * This reason code is part of the API and may be used by + * applications for control flow decisions. + */ ossl_statem_fatal(s, SSL_AD_DECODE_ERROR, SSL_R_UNEXPECTED_EOF_WHILE_READING, NULL); } diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 3142370016846e..8b07a14664e71f 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -898,9 +898,12 @@ static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl *cmd) /* Find index of command in table */ size_t idx = cmd - ssl_conf_cmds; const ssl_switch_tbl *scmd; + /* Sanity check index */ - if (idx >= OSSL_NELEM(ssl_cmd_switches)) + if (idx >= OSSL_NELEM(ssl_cmd_switches)) { + ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; + } /* Obtain switches entry with same index */ scmd = ssl_cmd_switches + idx; ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1); @@ -916,28 +919,33 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value) } if (!ssl_conf_cmd_skip_prefix(cctx, &cmd)) - return -2; + goto unknown_cmd; runcmd = ssl_conf_cmd_lookup(cctx, cmd); if (runcmd) { - int rv; + int rv = -3; + if (runcmd->value_type == SSL_CONF_TYPE_NONE) { return ctrl_switch_option(cctx, runcmd); } if (value == NULL) - return -3; + goto bad_value; rv = runcmd->cmd(cctx, value); if (rv > 0) return 2; - if (rv == -2) - return -2; + if (rv != -2) + rv = 0; + + bad_value: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_BAD_VALUE, - "cmd=%s, value=%s", cmd, value); - return 0; + "cmd=%s, value=%s", cmd, + value != NULL ? value : ""); + return rv; } + unknown_cmd: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME, "cmd=%s", cmd); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0b85cbf924c318..cf59d2dfa57268 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -340,8 +340,19 @@ static int dane_tlsa_add(SSL_DANE *dane, } if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) { + /* + * The Full(0) certificate decodes to a seemingly valid X.509 + * object with a plausible key, so the TLSA record is well + * formed. However, we don't actually need the certifiate for + * usages PKIX-EE(1) or DANE-EE(3), because at least the EE + * certificate is always presented by the peer. We discard the + * certificate, and just use the TLSA data as an opaque blob + * for matching the raw presented DER octets. + * + * DO NOT FREE `t` here, it will be added to the TLSA record + * list below! + */ X509_free(cert); - tlsa_free(t); break; } @@ -792,12 +803,6 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method) if (s->cert == NULL) goto sslerr; -#ifndef OPENSSL_NO_VCAUTHTLS - s->vc = ssl_vc_dup(ctx->vc); - if (s->vc == NULL) - goto sslerr; -#endif - RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead); s->msg_callback = ctx->msg_callback; s->msg_callback_arg = ctx->msg_callback_arg; @@ -860,19 +865,7 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method) } s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; } -#ifndef OPENSSL_NO_VCAUTHTLS - if (ctx->ext.didmethods) { - s->ext.didmethods = - OPENSSL_memdup(ctx->ext.didmethods, - ctx->ext.didmethods_len - * sizeof(*ctx->ext.didmethods)); - if (!s->ext.didmethods) { - s->ext.didmethods_len = 0; - goto err; - } - s->ext.didmethods_len = ctx->ext.didmethods_len; - } -#endif + #ifndef OPENSSL_NO_NEXTPROTONEG s->ext.npn = NULL; #endif @@ -3960,12 +3953,6 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, goto err; } - /* initialise did methods */ - if(!ssl_setup_didmethods(ret)) { - ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB); - goto err; - } - if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) { ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB); goto err; @@ -3976,13 +3963,6 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, goto err; } -#ifndef OPENSSL_NO_VCAUTHTLS - if ((ret->vc = ssl_vc_new(SSL_PKEY_NUM + ret->sigalg_list_len)) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB); - goto err; - } -#endif - if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, @@ -6043,6 +6023,7 @@ uint64_t SSL_set_options(SSL *s, uint64_t op) /* Ignore return value */ sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options); + sc->rlayer.wrlmethod->set_options(sc->rlayer.wrl, options); return sc->options; } @@ -6055,6 +6036,7 @@ uint64_t SSL_CTX_clear_options(SSL_CTX *ctx, uint64_t op) uint64_t SSL_clear_options(SSL *s, uint64_t op) { SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + OSSL_PARAM options[2], *opts = options; #ifndef OPENSSL_NO_QUIC if (IS_QUIC(s)) @@ -6064,7 +6046,17 @@ uint64_t SSL_clear_options(SSL *s, uint64_t op) if (sc == NULL) return 0; - return sc->options &= ~op; + sc->options &= ~op; + + *opts++ = OSSL_PARAM_construct_uint64(OSSL_LIBSSL_RECORD_LAYER_PARAM_OPTIONS, + &sc->options); + *opts = OSSL_PARAM_construct_end(); + + /* Ignore return value */ + sc->rlayer.rrlmethod->set_options(sc->rlayer.rrl, options); + sc->rlayer.wrlmethod->set_options(sc->rlayer.wrl, options); + + return sc->options; } STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s) @@ -6087,6 +6079,8 @@ IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); * If |dst| points to a NULL pointer, a new stack will be created and owned by * the caller. * Returns the number of SCTs moved, or a negative integer if an error occurs. + * The |dst| stack is created and possibly partially populated even in case + * of error, likewise the |src| stack may be left in an intermediate state. */ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t origin) @@ -6106,15 +6100,14 @@ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, if (SCT_set_source(sct, origin) != 1) goto err; - if (sk_SCT_push(*dst, sct) <= 0) + if (!sk_SCT_push(*dst, sct)) goto err; scts_moved += 1; } return scts_moved; err: - if (sct != NULL) - sk_SCT_push(src, sct); /* Put the SCT back */ + SCT_free(sct); return -1; } @@ -7716,9 +7709,6 @@ static int validate_cert_type(const unsigned char *val, size_t len) size_t i; int saw_rpk = 0; int saw_x509 = 0; -#ifndef OPENSSL_NO_VCAUTHTLS - int saw_vc = 0; -#endif if (val == NULL && len == 0) return 1; @@ -7738,13 +7728,6 @@ static int validate_cert_type(const unsigned char *val, size_t len) return 0; saw_x509 = 1; break; -#ifndef OPENSSL_NO_VCAUTHTLS - case TLSEXT_cert_type_vc: - if(saw_vc) - return 0; - saw_vc =1; - break; -#endif case TLSEXT_cert_type_pgp: case TLSEXT_cert_type_1609dot2: default: diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 42d63a66ab126c..0d3acfbe66f35c 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -521,8 +521,6 @@ struct ssl_session_st { * to disable session caching and tickets. */ int not_resumable; - /* Peer VC, if available */ - EVP_PKEY *peer_vc; /* Peer raw public key, if available */ EVP_PKEY *peer_rpk; /* This is the cert and type for the other end. */ @@ -700,7 +698,6 @@ typedef enum tlsext_index_en { TLSEXT_IDX_post_handshake_auth, TLSEXT_IDX_client_cert_type, TLSEXT_IDX_server_cert_type, - TLSEXT_IDX_server_did_methods, TLSEXT_IDX_signature_algorithms, TLSEXT_IDX_supported_versions, TLSEXT_IDX_psk_kex_modes, @@ -807,10 +804,6 @@ typedef struct { # define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE|TLS_GROUP_ONLY_FOR_TLS1_3) -#ifndef OPENSSL_NO_VCAUTHTLS -typedef struct vc_pkey_st VC_PKEY; -#endif - struct ssl_ctx_st { OSSL_LIB_CTX *libctx; @@ -949,9 +942,6 @@ struct ssl_ctx_st { struct cert_st /* CERT */ *cert; SSL_CERT_LOOKUP *ssl_cert_info; int read_ahead; -#ifndef OPENSSL_NO_VCAUTHTLS - VC_PKEY *vc; -#endif /* callback that allows applications to peek at protocol messages */ ossl_msg_cb msg_callback; @@ -1045,11 +1035,6 @@ struct ssl_ctx_st { uint16_t *supported_groups_default; size_t supported_groups_default_len; - -#ifndef OPENSSL_NO_VCAUTHTLS - size_t didmethods_len; - uint16_t *didmethods; -#endif /* * ALPN information (we are in the process of transitioning from NPN to * ALPN.) @@ -1362,10 +1347,6 @@ struct ssl_connection_st { const struct sigalg_lookup_st *sigalg; /* Pointer to certificate we use */ CERT_PKEY *cert; - /* Pointer to the VC we use */ -#ifndef OPENSSL_NO_VCAUTHTLS - VC_PKEY *vc; -#endif /* * signature algorithms peer reports: e.g. supported signature * algorithms extension for server or as part of a certificate @@ -1493,9 +1474,6 @@ struct ssl_connection_st { /* client cert? */ /* This is used to hold the server certificate used */ struct cert_st /* CERT */ *cert; -#ifndef OPENSSL_NO_VCAUTHTLS - struct vc_pkey_st *vc; -#endif /* * The hash of all messages prior to the CertificateVerify, and the length @@ -1632,16 +1610,6 @@ struct ssl_connection_st { /* peer's list */ uint16_t *peer_supportedgroups; -#ifndef OPENSSL_NO_VCAUTHTLS - size_t didmethods_len; - /* our list */ - uint16_t *didmethods; - - size_t peer_didmethods_len; - /* peer's list */ - uint16_t *peer_didmethods; -#endif - /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *session_ticket; /* TLS Session Ticket extension callback */ @@ -1826,13 +1794,6 @@ struct ssl_connection_st { const struct sigalg_lookup_st **shared_sigalgs; size_t shared_sigalgslen; - /* - * DID methods shared by client and server: cached because these - * are used most often. - */ - const uint16_t *shared_didmethods; - size_t shared_didmethodslen; - #ifndef OPENSSL_NO_COMP_ALG /* certificate compression preferences */ int cert_comp_prefs[TLSEXT_comp_cert_limit]; @@ -2036,13 +1997,6 @@ struct cert_pkey_st { int cert_comp_used; # endif }; - -#ifndef OPENSSL_NO_VCAUTHTLS -struct vc_pkey_st { - EVP_PKEY *vc; - EVP_PKEY *did; -}; -#endif /* Retrieve Suite B flags */ # define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) /* Uses to check strict mode: suite B modes are always strict */ @@ -2224,13 +2178,6 @@ typedef enum downgrade_en { */ #define TLSEXT_STATUSTYPE_nothing -1 -/* DID Methods values */ -#ifndef OPENSSL_NO_VCAUTHTLS -#define TLSEXT_DIDMETH_btcr 0x0000 -#define TLSEXT_DIDMETH_ethr 0x0001 -#define TLSEXT_DIDMETH_iota 0x0002 -#endif - /* Sigalgs values */ #define TLSEXT_SIGALG_ecdsa_secp256r1_sha256 0x0403 #define TLSEXT_SIGALG_ecdsa_secp384r1_sha384 0x0503 @@ -2980,10 +2927,6 @@ const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, int ssl_evp_md_up_ref(const EVP_MD *md); void ssl_evp_md_free(const EVP_MD *md); -int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *ciph, - const EVP_MD *md); - void tls_engine_finish(ENGINE *e); const EVP_CIPHER *tls_get_cipher_from_engine(int nid); const EVP_MD *tls_get_digest_from_engine(int nid); @@ -3121,12 +3064,3 @@ long ossl_ctrl_internal(SSL *s, int cmd, long larg, void *parg, int no_quic); OSSL_QUIC_PERMITTED_OPTIONS_STREAM) #endif - -#ifndef OPENSSL_NO_VCAUTHTLS -__owur VC_PKEY *ssl_vc_new(size_t ssl_pkey_num); -__owur VC_PKEY *ssl_vc_dup(VC_PKEY *vc); -__owur int ssl_has_vc(const SSL_CONNECTION *s); -__owur int ssl_setup_didmethods(SSL_CTX *ctx); -__owur int set_server_didmethods(SSL_CONNECTION *s); -__owur int process_didmethods(SSL_CONNECTION *s); -#endif \ No newline at end of file diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c index c2366e41e365db..8bccce84d465db 100644 --- a/ssl/ssl_mcnf.c +++ b/ssl/ssl_mcnf.c @@ -24,7 +24,7 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) { SSL_CONF_CTX *cctx = NULL; size_t i, idx, cmd_count; - int rv = 0; + int err = 1; unsigned int flags; const SSL_METHOD *meth; const SSL_CONF_CMD *cmds; @@ -66,24 +66,22 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) flags |= SSL_CONF_FLAG_CLIENT; SSL_CONF_CTX_set_flags(cctx, flags); prev_libctx = OSSL_LIB_CTX_set0_default(libctx); + err = 0; for (i = 0; i < cmd_count; i++) { char *cmdstr, *arg; + int rv; conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); rv = SSL_CONF_cmd(cctx, cmdstr, arg); - if (rv <= 0) { - int errcode = rv == -2 ? SSL_R_UNKNOWN_COMMAND : SSL_R_BAD_VALUE; - - ERR_raise_data(ERR_LIB_SSL, errcode, - "section=%s, cmd=%s, arg=%s", name, cmdstr, arg); - goto err; - } + if (rv <= 0) + ++err; } - rv = SSL_CONF_CTX_finish(cctx); + if (!SSL_CONF_CTX_finish(cctx)) + ++err; err: OSSL_LIB_CTX_set0_default(prev_libctx); SSL_CONF_CTX_free(cctx); - return rv <= 0 ? 0 : 1; + return err == 0; } int SSL_config(SSL *s, const char *name) diff --git a/ssl/ssl_ssi.c b/ssl/ssl_ssi.c deleted file mode 100644 index f9cf870059cc74..00000000000000 --- a/ssl/ssl_ssi.c +++ /dev/null @@ -1,126 +0,0 @@ -#include -#include "ssl_local.h" - -#ifndef OPENSSL_NO_VCAUTHTLS -/* Default did methods schemes */ -static const uint16_t didmethods[] = { - TLSEXT_DIDMETH_btcr, - TLSEXT_DIDMETH_ethr, - TLSEXT_DIDMETH_iota, -}; -#endif - -#ifndef OPENSSL_NO_VCAUTHTLS -int SSL_CTX_use_VC(SSL_CTX *ctx, EVP_PKEY *vc) -{ - ctx->vc->vc = vc; - return 1; -} -#endif - -#ifndef OPENSSL_NO_VCAUTHTLS -int SSL_CTX_use_DID(SSL_CTX *ctx, EVP_PKEY *did) -{ - ctx->vc->did = did; - return 1; -} -#endif - -#ifndef OPENSSL_NO_VCAUTHTLS -VC_PKEY *ssl_vc_new(size_t ssl_pkey_num) { - - VC_PKEY *ret = NULL; - - /* Should never happen */ - /* if (!ossl_assert(ssl_pkey_num >= SSL_PKEY_NUM)) - return NULL; */ - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) - return NULL; - - return ret; -} -#endif - -#ifndef OPENSSL_NO_VCAUTHTLS -VC_PKEY *ssl_vc_dup(VC_PKEY *vc) -{ - VC_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); - /* size_t i; */ - - if (ret == NULL) - return NULL; - - if(vc->did != NULL) { - ret->did = vc->did; - EVP_PKEY_up_ref(vc->did); - } - - if(vc->vc != NULL) { - ret->vc = vc->vc; - EVP_PKEY_up_ref(vc->vc); - } - - return ret; -} -#endif - -#ifndef OPENSSL_NO_VCAUTHTLS -/* Returns true if VC and DID are present */ -int ssl_has_vc(const SSL_CONNECTION *s) -{ - if (ssl_has_cert_type(s, TLSEXT_cert_type_vc)) - return s->vc->vc != NULL && s->vc->did != NULL; - - return 0; -} -#endif - -#ifndef OPENSSL_NO_VCAUTHTLS -int ssl_setup_didmethods(SSL_CTX *ctx) { - - size_t i, didmethods_len; - uint16_t *didmethods_list = NULL; - int ret = 0; - - if (ctx == NULL) - goto err; - - didmethods_len = OSSL_NELEM(didmethods); - - didmethods_list = OPENSSL_malloc(sizeof(uint16_t) * didmethods_len); - if (didmethods_list == NULL) - goto err; - - for (i = 0; i < didmethods_len; i ++) { - didmethods_list[i] = didmethods[i]; - } - - ctx->ext.didmethods = didmethods_list; - ctx->ext.didmethods_len = didmethods_len; - didmethods_list = NULL; - - ret = 1; -err: - OPENSSL_free(didmethods_list); - return ret; -} -#endif - -#ifndef OPENSSL_NO_VCAUTHTLS -int set_server_didmethods(SSL_CONNECTION *s) { - - /* The server checks if the client sent the did_methods extension and set the - did_methods they have in common */ - - return 1; -} -#endif - -#ifndef OPENSSL_NO_VCAUTHTLS -int process_didmethods(SSL_CONNECTION *s) { - - return 1; -} -#endif \ No newline at end of file diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index e165c2480a02aa..0a64ca2246987e 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -329,17 +329,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_server_cert_type, tls_construct_ctos_server_cert_type, NULL }, -#ifndef OPENSSL_NO_VCAUTHTLS - { - /* Must be after server_cert_type */ - TLSEXT_TYPE_did_methods, - SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST - | SSL_EXT_TLS1_3_ONLY, - NULL, tls_parse_ctos_did_methods, tls_parse_ctos_did_methods, tls_construct_stoc_did_methods, tls_construct_ctos_did_methods, NULL - }, -#else - INVALID_EXTENSION, -#endif { TLSEXT_TYPE_signature_algorithms, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 2c6c5eae489447..381a6c9d7b9099 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -2135,25 +2135,3 @@ int tls_parse_stoc_server_cert_type(SSL_CONNECTION *sc, PACKET *pkt, sc->ext.server_cert_type = type; return 1; } - -#ifndef OPENSSL_NO_VCAUTHTLS -EXT_RETURN tls_construct_ctos_did_methods(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) -{ - if(sc->ext.didmethods == NULL) - return EXT_RETURN_NOT_SENT; - - if(!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_did_methods) - || !WPACKET_start_sub_packet_u16(pkt) - /* || !WPACKET_start_sub_packet_u16(pkt) */ - || !WPACKET_sub_memcpy_u16(pkt, sc->ext.didmethods, sc->ext.didmethods_len*2) - || !WPACKET_close(pkt) - /* || !WPACKET_close(pkt) */) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - return EXT_RETURN_SENT; -} -#endif \ No newline at end of file diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 919365be7d1487..64ccb3ed6d1bef 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -2109,66 +2109,3 @@ int tls_parse_ctos_server_cert_type(SSL_CONNECTION *sc, PACKET *pkt, SSLfatal(sc, SSL_AD_UNSUPPORTED_CERTIFICATE, SSL_R_BAD_EXTENSION); return 0; } - -#ifndef OPENSSL_NO_VCAUTHTLS -int tls_parse_ctos_did_methods(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) -{ - PACKET did_methods; - - if(!PACKET_as_length_prefixed_2(pkt, &did_methods) - || PACKET_remaining(&did_methods) == 0) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); - return 0; - } - - OPENSSL_free(sc->ext.peer_didmethods); - sc->ext.peer_didmethods = NULL; - sc->ext.peer_didmethods_len = 0; - if (!tls1_save_u16(&did_methods, &sc->ext.peer_didmethods, - &sc->ext.peer_didmethods_len)) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - - return 1; -} -#endif - -#ifndef OPENSSL_NO_VCAUTHTLS -EXT_RETURN tls_construct_stoc_did_methods (SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx) -{ - const uint16_t *didmethods; - size_t didmethodslen; - - if(sc->ext.client_cert_type != TLSEXT_cert_type_vc - || sc->ext.didmethods == NULL) - return EXT_RETURN_NOT_SENT; - - if (sc->shared_didmethods != NULL) - { - didmethods = sc->shared_didmethods; - didmethodslen = sc->shared_didmethodslen; - } - else - { - didmethods = sc->ext.didmethods; - didmethodslen = sc->ext.didmethods_len; - } - - if(!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_did_methods) - || !WPACKET_start_sub_packet_u16(pkt) - /* || !WPACKET_start_sub_packet_u16(pkt) */ - || !WPACKET_sub_memcpy_u16(pkt, didmethods, didmethodslen*2) - /* || !WPACKET_close(pkt) */ - || !WPACKET_close(pkt)) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - return EXT_RETURN_SENT; -} -#endif diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 61b334534bb5df..921d7cfb1e05df 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -288,7 +288,7 @@ void ossl_statem_set_hello_verify_done(SSL_CONNECTION *s) } int ossl_statem_connect(SSL *s) -{ +{ SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); if (sc == NULL) @@ -298,7 +298,7 @@ int ossl_statem_connect(SSL *s) } int ossl_statem_accept(SSL *s) -{ +{ SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); if (sc == NULL) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 242a96c140b4b6..cbf5a57bebf47c 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1883,28 +1883,6 @@ static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL_CONNECTION *s, return MSG_PROCESS_ERROR; } -#ifndef OPENSSL_NO_VCAUTHTLS -MSG_PROCESS_RETURN tls_process_server_vc(SSL_CONNECTION *sc, PACKET *pkt) -{ - EVP_PKEY *peer_vc; - - if(!tls_process_vc(sc, pkt, &peer_vc)) { - /* SSLfatal() already called */ - return MSG_PROCESS_ERROR; - } - - if (peer_vc == NULL) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_CERTIFICATE); - return MSG_PROCESS_ERROR; - } - - EVP_PKEY_free(sc->session->peer_vc); - sc->session->peer_vc = peer_vc; - - return MSG_PROCESS_CONTINUE_READING; -} -#endif - MSG_PROCESS_RETURN tls_process_server_rpk(SSL_CONNECTION *sc, PACKET *pkt) { EVP_PKEY *peer_rpk; @@ -1991,10 +1969,6 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, unsigned int context = 0; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); -#ifndef OPENSSL_NO_VCAUTHTLS - if (s->ext.server_cert_type == TLSEXT_cert_type_vc) - return tls_process_server_vc(s, pkt); -#endif if (s->ext.server_cert_type == TLSEXT_cert_type_rpk) return tls_process_server_rpk(s, pkt); if (s->ext.server_cert_type != TLSEXT_cert_type_x509) { @@ -2639,12 +2613,6 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_LENGTH); return MSG_PROCESS_ERROR; } -#ifndef OPENSSL_NO_VCAUTHTLS - if (!process_didmethods(s)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_LENGTH); - return MSG_PROCESS_ERROR; - } -#endif } else { PACKET ctypes; @@ -3785,10 +3753,7 @@ WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, WORK_STATE wst) CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt) -{ -#ifndef OPENSSL_NO_VCAUTHTLS - VC_PKEY *vcpk = NULL; -#endif +{ CERT_PKEY *cpk = NULL; SSL *ssl = SSL_CONNECTION_GET_SSL(s); @@ -3804,21 +3769,9 @@ CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s, return CON_FUNC_ERROR; } } - if (s->s3.tmp.cert_req != 2) { -#ifndef OPENSSL_NO_VCAUTHTLS - vcpk = s->vc; -#endif + if (s->s3.tmp.cert_req != 2) cpk = s->cert->key; - } switch (s->ext.client_cert_type) { -#ifndef OPENSSL_NO_VCAUTHTLS - case TLSEXT_cert_type_vc: - if (!tls_output_vc(s, pkt, vcpk)) { - /* SSLfatal() already called */ - return CON_FUNC_ERROR; - } - break; -#endif case TLSEXT_cert_type_rpk: if (!tls_output_rpk(s, pkt, cpk)) { /* SSLfatal() already called */ diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 00f4aebc6335d1..5693a1269df2c7 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -21,7 +21,6 @@ #include #include #include -#include /* * Map error codes to TLS/SSL alart types. @@ -327,24 +326,11 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) const SIGALG_LOOKUP *lu = s->s3.tmp.sigalg; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); -#ifndef OPENSSL_NO_VCAUTHTLS - if(s->ext.server_cert_type == TLSEXT_cert_type_vc) { - if (lu == NULL || s->s3.tmp.vc == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - pkey = s->s3.tmp.vc->did; - } - else if (s->ext.server_cert_type == TLSEXT_cert_type_rpk || s->ext.server_cert_type == TLSEXT_cert_type_x509) { -#endif - if (lu == NULL || s->s3.tmp.cert == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - pkey = s->s3.tmp.cert->privatekey; -#ifndef OPENSSL_NO_VCAUTHTLS + if (lu == NULL || s->s3.tmp.cert == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; } -#endif + pkey = s->s3.tmp.cert->privatekey; if (pkey == NULL || !tls1_lookup_md(sctx, lu, &md)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -481,11 +467,11 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) goto err; } - /* if (ssl_cert_lookup_by_pkey(pkey, NULL, sctx) == NULL) { + if (ssl_cert_lookup_by_pkey(pkey, NULL, sctx) == NULL) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); goto err; - } */ + } if (SSL_USE_SIGALGS(s)) { unsigned int sigalg; @@ -1116,10 +1102,6 @@ static int ssl_add_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk, i EVP_PKEY* tls_get_peer_pkey(const SSL_CONNECTION *sc) { -#ifndef OPENSSL_NO_VCAUTHTLS - if(sc->session->peer_vc != NULL) - return sc->session->peer_vc; -#endif if (sc->session->peer_rpk != NULL) return sc->session->peer_rpk; if (sc->session->peer != NULL) @@ -1127,153 +1109,6 @@ EVP_PKEY* tls_get_peer_pkey(const SSL_CONNECTION *sc) return NULL; } -#ifndef OPENSSL_NO_VCAUTHTLS -int tls_process_vc(SSL_CONNECTION *sc, PACKET *pkt, EVP_PKEY **peer_rpk) -{ - EVP_PKEY *pkey = NULL; - int ret = 0; - RAW_EXTENSION *rawexts = NULL; - PACKET extensions; - PACKET context; - unsigned long cert_len = 0, spki_len = 0; - const unsigned char *spki, *spkistart; - SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(sc); - - if (SSL_CONNECTION_IS_TLS13(sc)) { - if (!PACKET_get_length_prefixed_1(pkt, &context)) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_INVALID_CONTEXT); - goto err; - } - if (sc->server) { - if (sc->pha_context == NULL) { - if (PACKET_remaining(&context) != 0) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_INVALID_CONTEXT); - goto err; - } - } else { - if (!PACKET_equal(&context, sc->pha_context, sc->pha_context_len)) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_INVALID_CONTEXT); - goto err; - } - } - } else { - if (PACKET_remaining(&context) != 0) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_INVALID_CONTEXT); - goto err; - } - } - } - - if (!PACKET_get_net_3(pkt, &cert_len) - || PACKET_remaining(pkt) != cert_len) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); - goto err; - } - - /* - * The list length may be zero when there is no RPK. In the case of TLS - * 1.2 this is actually the RPK length, which cannot be zero as specified, - * but that breaks the ability of the client to decline client auth. We - * overload the 0 RPK length to mean "no RPK". This interpretation is - * also used some other (reference?) implementations, but is not supported - * by the verbatim RFC7250 text. - */ - if (cert_len == 0) - return 1; - - if (SSL_CONNECTION_IS_TLS13(sc)) { - /* - * With TLS 1.3, a non-empty explicit-length RPK octet-string followed - * by a possibly empty extension block. - */ - if (!PACKET_get_net_3(pkt, &spki_len)) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); - goto err; - } - if (spki_len == 0) { - /* empty RPK */ - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_EMPTY_RAW_PUBLIC_KEY); - goto err; - } - } else { - spki_len = cert_len; - } - - if (!PACKET_get_bytes(pkt, &spki, spki_len)) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); - goto err; - } - /* spkistart = spki; - if ((pkey = d2i_PUBKEY_ex(NULL, &spki, spki_len, sctx->libctx, sctx->propq)) == NULL - || spki != (spkistart + spki_len)) { - SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); - goto err; - } */ - OSSL_DECODER_CTX *ctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, - "DER", "SubjectPublicKeyInfo", NULL, EVP_PKEY_PUBLIC_KEY, sctx->libctx, sctx->propq); - if(ctx == NULL){ - //WRITE ERROR - goto err; - } - if(!OSSL_DECODER_from_data(ctx, &spki, &spki_len)) - goto err; - - //oppure - //EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length); - - // EVP_PKEY_CTX *pkey_ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pkey, sctx->propq); - // if(pkey_ctx == NULL){ - // //WRITE ERROR - // goto err; - // } - // if(!EVP_PKEY_check(pkey_ctx)) { - // //WRTIE ERROR - // goto err; - // } - - if (EVP_PKEY_missing_parameters(pkey)) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, - SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); - goto err; - } - - /* Process the Extensions block */ - // if (SSL_CONNECTION_IS_TLS13(sc)) { - // if (PACKET_remaining(pkt) != (cert_len - 3 - spki_len)) { - // SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_LENGTH); - // goto err; - // } - // if (!PACKET_as_length_prefixed_2(pkt, &extensions) - // || PACKET_remaining(pkt) != 0) { - // SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH); - // goto err; - // } - // if (!tls_collect_extensions(sc, &extensions, SSL_EXT_TLS1_3_RAW_PUBLIC_KEY, - // &rawexts, NULL, 1)) { - // /* SSLfatal already called */ - // goto err; - // } - // /* chain index is always zero and fin always 1 for RPK */ - // if (!tls_parse_all_extensions(sc, SSL_EXT_TLS1_3_RAW_PUBLIC_KEY, - // rawexts, NULL, 0, 1)) { - // /* SSLfatal already called */ - // goto err; - // } - // } - ret = 1; - if (peer_rpk != NULL) { - *peer_rpk = pkey; - pkey = NULL; - } - - err: - OSSL_DECODER_CTX_free(ctx); - OPENSSL_free(rawexts); - EVP_PKEY_free(pkey); - return ret; -} -#endif - int tls_process_rpk(SSL_CONNECTION *sc, PACKET *pkt, EVP_PKEY **peer_rpk) { EVP_PKEY *pkey = NULL; @@ -1550,76 +1385,6 @@ unsigned long tls_output_rpk(SSL_CONNECTION *sc, WPACKET *pkt, CERT_PKEY *cpk) return ret; } -#ifndef OPENSSL_NO_VCAUTHTLS -unsigned long tls_output_vc(SSL_CONNECTION *sc, WPACKET *pkt, - VC_PKEY *vcpk) { - - int pdata_len = 0; - unsigned char *pdata = NULL; - unsigned long ret = 0; - - if (vcpk != NULL && vcpk->vc != NULL) { - /* Get the VC as the public key */ - pdata_len = i2d_PUBKEY(vcpk->vc, &pdata); - } else { - /* The server VC is not optional */ - if (sc->server) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - /* The client can send a zero length certificate list */ - if (!WPACKET_sub_memcpy_u24(pkt, pdata, pdata_len)) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - return 1; - } - - if (pdata_len <= 0) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - - /* - * TLSv1.2 is _just_ the raw public key - * TLSv1.3 includes extensions, so there's a length wrapper - */ - if (SSL_CONNECTION_IS_TLS13(sc)) { - if (!WPACKET_start_sub_packet_u24(pkt)) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - if (!WPACKET_sub_memcpy_u24(pkt, pdata, pdata_len)) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - - // if (SSL_CONNECTION_IS_TLS13(sc)) { - // /* - // * Only send extensions relevant to raw public keys. Until such - // * extensions are defined, this will be an empty set of extensions. - // * |x509| may be NULL, which raw public-key extensions need to handle. - // */ - // if (!tls_construct_extensions(sc, pkt, SSL_EXT_TLS1_3_RAW_PUBLIC_KEY, - // x509, 0)) { - // /* SSLfatal() already called */ - // goto err; - // } - if (!WPACKET_close(pkt)) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - // } - - ret = 1; - err: - OPENSSL_free(pdata); - return ret; -} -#endif - unsigned long ssl3_output_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk, int for_comp) { @@ -2154,11 +1919,6 @@ static int is_tls13_capable(const SSL_CONNECTION *s) if (s->psk_find_session_cb != NULL || s->cert->cert_cb != NULL) return 1; -#ifndef OPENSSL_NO_VCAUTHTLS - if(ssl_has_vc(s)) - return 1; -#endif - /* All provider-based sig algs are required to support at least TLS1.3 */ for (i = 0; i < s->ssl_pkey_num; i++) { /* Skip over certs disallowed for TLSv1.3 */ diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index a85ad69eadd40d..04114b1e27d7f0 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -570,23 +570,3 @@ int tls_parse_ctos_server_cert_type(SSL_CONNECTION *sc, PACKET *pkt, int tls_parse_stoc_server_cert_type(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); - -#ifndef OPENSSL_NO_VCAUTHTLS -__owur unsigned long tls_output_vc(SSL_CONNECTION *sc, WPACKET *pkt, - VC_PKEY *vcpk); -__owur MSG_PROCESS_RETURN tls_process_server_vc(SSL_CONNECTION *sc, - PACKET *pkt); -__owur MSG_PROCESS_RETURN tls_process_client_vc(SSL_CONNECTION *sc, PACKET *pkt); -__owur int tls_process_vc(SSL_CONNECTION *sc, PACKET *pkt, EVP_PKEY **peer_vc); -__owur EXT_RETURN tls_construct_ctos_did_methods(SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); -__owur int tls_parse_ctos_did_methods(SSL_CONNECTION *sc, PACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); -__owur EXT_RETURN tls_construct_stoc_did_methods (SSL_CONNECTION *sc, WPACKET *pkt, - unsigned int context, - X509 *x, size_t chainidx); -#endif - - diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 06604a8e64304b..853af8c0aa9f93 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -48,12 +48,8 @@ static CON_FUNC_RETURN tls_construct_encrypted_extensions(SSL_CONNECTION *s, WPACKET *pkt); static ossl_inline int received_client_cert(const SSL_CONNECTION *sc) -{ - return -#ifndef OPENSSL_NO_VCAUTHTLS - sc->session->peer_vc != NULL || -#endif - sc->session->peer_rpk != NULL || sc->session->peer != NULL; +{ + return sc->session->peer_rpk != NULL || sc->session->peer != NULL; } /* @@ -2138,13 +2134,6 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) /* SSLfatal() already called */ goto err; } - -#ifndef OPENSSL_NO_VCAUTHTLS - if (!set_server_didmethods(s)) { - /* SSLfatal() already called */ - goto err; - } -#endif } sk_SSL_CIPHER_free(ciphers); @@ -3537,89 +3526,6 @@ WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, return WORK_FINISHED_CONTINUE; } -#ifndef OPENSSL_NO_VCAUTHTLS -MSG_PROCESS_RETURN tls_process_client_vc(SSL_CONNECTION *sc, PACKET *pkt) -{ - MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; - SSL_SESSION *new_sess = NULL; - EVP_PKEY *peer_vc = NULL; - - if (!tls_process_vc(sc, pkt, &peer_vc)) { - /* SSLfatal already called */ - goto err; - } - - if (peer_vc == NULL) { - if ((sc->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - && (sc->verify_mode & SSL_VERIFY_PEER)) { - SSLfatal(sc, SSL_AD_CERTIFICATE_REQUIRED, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - goto err; - } - } else { - /* if (ssl_verify_rpk(sc, peer_vc) <= 0) { - SSLfatal(sc, ssl_x509err2alert(sc->verify_result), - SSL_R_CERTIFICATE_VERIFY_FAILED); - goto err; - } */ - } - - /* - * Sessions must be immutable once they go into the session cache. Otherwise - * we can get multi-thread problems. Therefore we don't "update" sessions, - * we replace them with a duplicate. Here, we need to do this every time - * a new VC (RPK or certificate) is received via post-handshake authentication, - * as the session may have already gone into the session cache. - */ - - if (sc->post_handshake_auth == SSL_PHA_REQUESTED) { - if ((new_sess = ssl_session_dup(sc->session, 0)) == NULL) { - SSLfatal(sc, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); - goto err; - } - - SSL_SESSION_free(sc->session); - sc->session = new_sess; - } - - /* Save VC */ - EVP_PKEY_free(sc->session->peer_vc); - sc->session->peer_vc = peer_vc; - peer_vc = NULL; - - sc->session->verify_result = sc->verify_result; - - /* - * Freeze the handshake buffer. For cert_verify_hash, - sizeof(sc->cert_verify_hash), - &sc->cert_verify_hash_len)) { - /* SSLfatal() already called */; - goto err; - } - - /* resend session tickets */ - sc->sent_tickets = 0; - } - - ret = MSG_PROCESS_CONTINUE_READING; - - err: - EVP_PKEY_free(peer_vc); - return ret; - -} -#endif - MSG_PROCESS_RETURN tls_process_client_rpk(SSL_CONNECTION *sc, PACKET *pkt) { MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR; @@ -3726,11 +3632,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, if (s->rlayer.rrlmethod->set_plain_alerts != NULL) s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0); -#ifndef OPENSSL_NO_VCAUTHTLS - if(s->ext.client_cert_type == TLSEXT_cert_type_vc) - return tls_process_client_vc(s, pkt); -#endif - if (s->ext.client_cert_type == TLSEXT_cert_type_rpk) return tls_process_client_rpk(s, pkt); @@ -3928,15 +3829,8 @@ MSG_PROCESS_RETURN tls_process_client_compressed_certificate(SSL_CONNECTION *sc, CON_FUNC_RETURN tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt) { CERT_PKEY *cpk = s->s3.tmp.cert; -#ifndef OPENSSL_NO_VCAUTHTLS - VC_PKEY *vcpk = s->s3.tmp.vc; -#endif - if (cpk == NULL -#ifndef OPENSSL_NO_VCAUTHTLS - && vcpk == NULL -#endif - ) { + if (cpk == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return CON_FUNC_ERROR; } @@ -3950,14 +3844,6 @@ CON_FUNC_RETURN tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt return CON_FUNC_ERROR; } switch (s->ext.server_cert_type) { -#ifndef OPENSSL_NO_VCAUTHTLS - case TLSEXT_cert_type_vc: - if (!tls_output_vc(s, pkt, vcpk)) { - /* SSLfatal() already called */ - return 0; - } - break; -#endif case TLSEXT_cert_type_rpk: if (!tls_output_rpk(s, pkt, cpk)) { /* SSLfatal() already called */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 673a53ad36a4bb..94f68eb999782d 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -101,44 +101,6 @@ static int tls1_generate_key_block(SSL_CONNECTION *s, unsigned char *km, return ret; } -int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *ciph, - const EVP_MD *md) -{ - /* - * Provided cipher, the TLS padding/MAC removal is performed provider - * side so we need to tell the ctx about our TLS version and mac size - */ - OSSL_PARAM params[3], *pprm = params; - size_t macsize = 0; - int imacsize = -1; - - if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0 - /* - * We look at s->ext.use_etm instead of SSL_READ_ETM() or - * SSL_WRITE_ETM() because this test applies to both reading - * and writing. - */ - && !s->ext.use_etm) - imacsize = EVP_MD_get_size(md); - if (imacsize >= 0) - macsize = (size_t)imacsize; - - *pprm++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, - &s->version); - *pprm++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, - &macsize); - *pprm = OSSL_PARAM_construct_end(); - - if (!EVP_CIPHER_CTX_set_params(ctx, params)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - - return 1; -} - - static int tls_iv_length_within_key_block(const EVP_CIPHER *c) { /* If GCM/CCM mode only part of IV comes from PRF */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c2eea517886ac5..631e1fdef93cef 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3718,33 +3718,6 @@ int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs) s->s3.tmp.sigalg = NULL; if (SSL_CONNECTION_IS_TLS13(s)) { -#ifndef OPENSSL_NO_VCAUTHTLS - switch (s->ext.server_cert_type) { - case TLSEXT_cert_type_x509: - case TLSEXT_cert_type_rpk: - lu = find_sig_alg(s, NULL, NULL); - if (lu == NULL) { - if (!fatalerrs) - return 1; - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); - return 0; - } - break; - case TLSEXT_cert_type_vc: - lu = &sigalg_lookup_tbl[3]; - s->s3.tmp.vc = OPENSSL_zalloc(sizeof(VC_PKEY)); - if (s->s3.tmp.vc == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - break; - default: - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return 0; - } -#else lu = find_sig_alg(s, NULL, NULL); if (lu == NULL) { if (!fatalerrs) @@ -3753,7 +3726,6 @@ int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs) SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } -#endif } else { /* If ciphersuite doesn't require a cert nothing to do */ if (!(s->s3.tmp.new_cipher->algorithm_auth & SSL_aCERT)) @@ -3870,35 +3842,12 @@ int tls_choose_sigalg(SSL_CONNECTION *s, int fatalerrs) } } } -#ifndef OPENSSL_NO_VCAUTHTLS - switch (s->ext.server_cert_type) - { - case TLSEXT_cert_type_x509: - case TLSEXT_cert_type_rpk: - if (sig_idx == -1) - sig_idx = lu->sig_idx; - s->s3.tmp.cert = &s->cert->pkeys[sig_idx]; - s->cert->key = s->s3.tmp.cert; - s->s3.tmp.sigalg = lu; - return 1; - case TLSEXT_cert_type_vc: - s->s3.tmp.vc->vc = s->vc->vc; - s->s3.tmp.vc->did = s->vc->did; - s->s3.tmp.sigalg = lu; - return 1; - default: - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); - return 0; - } -#else if (sig_idx == -1) sig_idx = lu->sig_idx; s->s3.tmp.cert = &s->cert->pkeys[sig_idx]; s->cert->key = s->s3.tmp.cert; s->s3.tmp.sigalg = lu; return 1; -#endif } int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode) diff --git a/test/README.md b/test/README.md index fe25bd8b4ecbf1..746a0156ceeaef 100644 --- a/test/README.md +++ b/test/README.md @@ -42,7 +42,7 @@ the make variable TESTS to specify them, like this: $ make TESTS='test_rsa test_dsa' test # Unix $ mms/macro="TESTS=test_rsa test_dsa" test ! OpenVMS - $ nmake TESTS='test_rsa test_dsa' test # Windows + $ nmake TESTS="test_rsa test_dsa" test # Windows And of course, you can combine (Unix examples shown): diff --git a/test/asn1_stable_parse_test.c b/test/asn1_stable_parse_test.c new file mode 100644 index 00000000000000..491e575edd2a05 --- /dev/null +++ b/test/asn1_stable_parse_test.c @@ -0,0 +1,81 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "testutil.h" + +static char *config_file = NULL; + +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_CONFIG_FILE, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "config", OPT_CONFIG_FILE, '<', + "The configuration file to use for the libctx" }, + { NULL } + }; + return options; +} + + +/* + * Test that parsing a config file with incorrect stable settings aren't parsed + * and appropriate errors are raised + */ +static int test_asn1_stable_parse(void) +{ + int testret = 0; + unsigned long errcode; + OSSL_LIB_CTX *newctx = OSSL_LIB_CTX_new(); + + if (!TEST_ptr(newctx)) + goto out; + + if (!TEST_int_eq(OSSL_LIB_CTX_load_config(newctx, config_file), 0)) + goto err; + + errcode = ERR_peek_error(); + if (ERR_GET_LIB(errcode) != ERR_LIB_ASN1) + goto err; + if (ERR_GET_REASON(errcode) != ASN1_R_INVALID_STRING_TABLE_VALUE) + goto err; + + ERR_clear_error(); + + testret = 1; +err: + OSSL_LIB_CTX_free(newctx); +out: + return testret; +} + +int setup_tests(void) +{ + OPTION_CHOICE o; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_CONFIG_FILE: + config_file = opt_arg(); + break; + default: + return 0; + } + } + + ADD_TEST(test_asn1_stable_parse); + return 1; +} diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c index 3344b76eae673c..aa1aa79ebbbca3 100644 --- a/test/asn1_time_test.c +++ b/test/asn1_time_test.c @@ -9,6 +9,7 @@ /* Time tests for the asn1 module */ +#include #include #include @@ -443,6 +444,30 @@ static int convert_asn1_to_time_t(int idx) return 1; } +/* + * this test is here to exercise ossl_asn1_time_from_tm + * with an integer year close to INT_MAX. + */ +static int convert_tm_to_asn1_time(void) +{ + /* we need 64 bit time_t */ +#if ((ULONG_MAX >> 31) >> 31) >= 1 + time_t t; + ASN1_TIME *at; + + if (sizeof(time_t) * CHAR_BIT >= 64) { + t = 67768011791126057ULL; + at = ASN1_TIME_set(NULL, t); + /* + * If ASN1_TIME_set returns NULL, it means it could not handle the input + * which is fine for this edge case. + */ + ASN1_STRING_free(at); + } +#endif + return 1; +} + int setup_tests(void) { /* @@ -479,5 +504,6 @@ int setup_tests(void) ADD_ALL_TESTS(test_table_compare, OSSL_NELEM(tbl_compare_testdata)); ADD_TEST(test_time_dup); ADD_ALL_TESTS(convert_asn1_to_time_t, OSSL_NELEM(asn1_to_utc)); + ADD_TEST(convert_tm_to_asn1_time); return 1; } diff --git a/test/bntest.c b/test/bntest.c index 2ffff10ef1c29f..20020cac42feea 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -910,6 +910,14 @@ static int test_gf2m_modinv(void) || !TEST_ptr(d = BN_new())) goto err; + /* Test that a non-sensical, too small value causes a failure */ + if (!TEST_true(BN_one(b[0]))) + goto err; + if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) + goto err; + if (!TEST_false(BN_GF2m_mod_inv(c, a, b[0], ctx))) + goto err; + if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) goto err; diff --git a/test/build.info b/test/build.info index 1784a41d8d22c1..78619a85c55281 100644 --- a/test/build.info +++ b/test/build.info @@ -51,7 +51,7 @@ IF[{- !$disabled{tests} -}] bioprinttest sslapitest ssl_handshake_rtt_test dtlstest sslcorrupttest \ bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ cipherbytes_test threadstest_fips threadpool_test \ - asn1_encode_test asn1_decode_test asn1_string_table_test \ + asn1_encode_test asn1_decode_test asn1_string_table_test asn1_stable_parse_test \ x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ recordlentest drbgtest rand_status_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ @@ -62,7 +62,8 @@ IF[{- !$disabled{tests} -}] bio_readbuffer_test user_property_test pkcs7_test upcallstest \ provfetchtest prov_config_test rand_test ca_internals_test \ bio_tfo_test membio_test bio_dgram_test list_test fips_version_test \ - x509_test hpke_test pairwise_fail_test nodefltctxtest + x509_test hpke_test pairwise_fail_test nodefltctxtest \ + x509_load_cert_file_test IF[{- !$disabled{'rpk'} -}] PROGRAMS{noinst}=rpktest @@ -190,6 +191,14 @@ IF[{- !$disabled{tests} -}] SOURCE[evp_extra_test]=evp_extra_test.c fake_rsaprov.c INCLUDE[evp_extra_test]=../include ../apps/include DEPEND[evp_extra_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{module} && !$disabled{legacy} -}] + DEFINE[evp_extra_test]=STATIC_LEGACY + SOURCE[evp_extra_test]=../providers/legacyprov.c + INCLUDE[evp_extra_test]=../providers/common/include \ + ../providers/implementations/include + DEPEND[evp_extra_test]=../providers/liblegacy.a \ + ../providers/libcommon.a + ENDIF SOURCE[hpke_test]=hpke_test.c INCLUDE[hpke_test]=../include ../apps/include @@ -586,6 +595,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[x509_dup_cert_test]=../include ../apps/include DEPEND[x509_dup_cert_test]=../libcrypto libtestutil.a + SOURCE[x509_load_cert_file_test]=x509_load_cert_file_test.c + INCLUDE[x509_load_cert_file_test]=../include ../apps/include + DEPEND[x509_load_cert_file_test]=../libcrypto libtestutil.a + SOURCE[x509_check_cert_pkey_test]=x509_check_cert_pkey_test.c INCLUDE[x509_check_cert_pkey_test]=../include ../apps/include DEPEND[x509_check_cert_pkey_test]=../libcrypto libtestutil.a @@ -657,6 +670,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[asn1_string_table_test]=../include ../apps/include DEPEND[asn1_string_table_test]=../libcrypto libtestutil.a + SOURCE[asn1_stable_parse_test]=asn1_stable_parse_test.c + INCLUDE[asn1_stable_parse_test]=../include ../apps/include + DEPEND[asn1_stable_parse_test]=../libcrypto libtestutil.a + SOURCE[time_offset_test]=time_offset_test.c INCLUDE[time_offset_test]=../include ../apps/include DEPEND[time_offset_test]=../libcrypto libtestutil.a @@ -1025,6 +1042,13 @@ IF[{- !$disabled{tests} -}] SOURCE[p_test]=p_test.ld GENERATE[p_test.ld]=../util/providers.num ENDIF + MODULES{noinst}=p_minimal + SOURCE[p_minimal]=p_minimal.c + INCLUDE[p_minimal]=../include .. + IF[{- defined $target{shared_defflag} -}] + SOURCE[p_minimal]=p_minimal.ld + GENERATE[p_minimal.ld]=../util/providers.num + ENDIF ENDIF IF[{- $disabled{module} || !$target{dso_scheme} -}] DEFINE[provider_test]=NO_PROVIDER_MODULE diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index 137f67331b0683..f38493b33445c5 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -405,6 +405,7 @@ execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ } else { \ if (DUP && val1_read == val1) { \ TEST_error("first set did not dup the value"); \ + val1_read = 0; \ res = 0; \ } \ if (DEFAULT(val1_read)) { \ @@ -433,6 +434,7 @@ execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ } else { \ if (DUP && val2_read == val2) { \ TEST_error("second set did not dup the value"); \ + val2_read = 0; \ res = 0; \ } \ if (val2 == val1) { \ @@ -462,6 +464,7 @@ execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \ } else { \ if (DUP && val3_read == val2_read) { \ TEST_error("third get did not create a new dup"); \ + val3_read = 0; \ res = 0; \ } \ } \ diff --git a/test/danetest.in b/test/danetest.in index 118da21e75c3ee..8b51e005bf6d04 100644 --- a/test/danetest.in +++ b/test/danetest.in @@ -50,7 +50,7 @@ # 1 1 1 1 0 0 -3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365 +3 0 0 3081ec308193a003020102020101300a06082a8648ce3d0403023000301e170d3135313231343030313033345a170d3135313231333030313033345a30003059301306072a8648ce3d020106082a8648ce3d03010703420004c5a4ffa008eebc0369b974799f9479cb47360544fafc02c4204fb3df31e88a1a4f18c85831e93f985c5b231094541b4316b5cb1c9c0c950886fe1143f39f6109300a06082a8648ce3d040302034800304502206ae7b7a870df21081e9a9896020aaf8560984875c812b36d671631abc879f872022100b0889ad2b3814ee64bddd5a7f6a98dea43cb435049469cb50a4404cbdeee1fd6 subject= issuer= notBefore=Dec 14 00:10:34 2015 GMT @@ -65,7 +65,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= # 2 1 1 1 0 0 -3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E +3 1 0 3059301306072a8648ce3d020106082a8648ce3d03010703420004c5a4ffa008eebc0369b974799f9479cb47360544fafc02c4204fb3df31e88a1a4f18c85831e93f985c5b231094541b4316b5cb1c9c0c950886fe1143f39f6109 subject= issuer= notBefore=Dec 14 00:10:34 2015 GMT @@ -80,7 +80,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= # 3 1 1 1 0 0 -3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1 +3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365 subject= issuer= notBefore=Dec 14 00:10:34 2015 GMT @@ -95,7 +95,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= # 4 1 1 1 0 0 -3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3 +3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E subject= issuer= notBefore=Dec 14 00:10:34 2015 GMT @@ -109,6 +109,36 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= -----END CERTIFICATE----- # 5 +1 1 1 0 0 +3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 6 +1 1 1 0 0 +3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 7 1 1 1 65 -1 3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1366 subject= @@ -123,7 +153,7 @@ CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= -----END CERTIFICATE----- -# 6 +# 8 1 1 1 65 -1 3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33F subject= @@ -138,7 +168,7 @@ CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= -----END CERTIFICATE----- -# 7 +# 9 1 1 1 65 -1 3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E2 subject= @@ -153,7 +183,7 @@ CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= -----END CERTIFICATE----- -# 8 +# 10 1 1 1 65 -1 3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A4 subject= @@ -170,7 +200,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= ## -- DANE-?? chain tests -- -# 9 +# 11 1 3 0 0 0 3 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F subject= /CN=example.com @@ -217,7 +247,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 10 +# 12 1 3 0 0 0 3 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 subject= /CN=example.com @@ -264,7 +294,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 11 +# 13 1 3 0 0 0 3 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923 subject= /CN=example.com @@ -311,7 +341,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 12 +# 14 1 3 0 0 0 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 subject= /CN=example.com @@ -358,7 +388,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 13 +# 15 1 3 0 0 1 2 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD subject= /CN=example.com @@ -405,7 +435,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 14 +# 16 1 3 0 0 1 2 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3 subject= /CN=example.com @@ -452,7 +482,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 15 +# 17 1 3 0 0 1 2 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C subject= /CN=example.com @@ -499,7 +529,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 16 +# 18 1 3 0 0 1 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 subject= /CN=example.com @@ -546,7 +576,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 17 +# 19 1 3 0 0 2 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C subject= /CN=example.com @@ -593,7 +623,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 18 +# 20 1 3 0 0 2 2 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C subject= /CN=example.com @@ -640,7 +670,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 19 +# 21 1 3 0 0 2 2 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E subject= /CN=example.com @@ -687,7 +717,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 20 +# 22 1 3 0 0 2 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E subject= /CN=example.com @@ -736,7 +766,73 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF ## -- PKIX-?? chain tests -- -# 21 +# 23 +1 2 0 0 0 +1 0 0 308201943082013ba003020102020102300a06082a8648ce3d04030230143112301006035504030c094973737565722043413020170d3135313231333233323335325a180f33303135303431353233323335325a30163114301206035504030c0b6578616d706c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004664995f47bde35e7b4de48b258e9e8a07adebbdb863b3d06f481a1946c83da9f56cff4d9389b855d2f364b1585b0c734fcfa263026964ff5a4308b3fc879bdb8a37a3078301d0603551d0e041604145b20ca417d9088c7a4c017cb6c0c1c739bb07d8a301f0603551d230418301680147ab75a3cd295ca5df7c5150916e18ff5cc376a1530090603551d130402300030130603551d25040c300a06082b0601050507030130160603551d11040f300d820b6578616d706c652e636f6d300a06082a8648ce3d0403020347003044021f21c9032a5c8a93872d3f4aef321a9574dd956d43bd93c369944c72d6902858022100c8b3290d7af37e571a84d704dbad339d2987d41852dc5936f212947063911181 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 24 +1 2 0 0 0 +1 1 0 3059301306072a8648ce3d020106082a8648ce3d03010703420004664995f47bde35e7b4de48b258e9e8a07adebbdb863b3d06f481a1946c83da9f56cff4d9389b855d2f364b1585b0c734fcfa263026964ff5a4308b3fc879bdb8 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 25 1 2 0 0 0 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F subject= /CN=example.com @@ -769,7 +865,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 22 +# 26 1 2 0 0 0 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 subject= /CN=example.com @@ -802,7 +898,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 23 +# 27 1 3 0 0 0 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923 subject= /CN=example.com @@ -849,7 +945,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 24 +# 28 1 3 0 0 0 1 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 subject= /CN=example.com @@ -896,7 +992,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 25 +# 29 1 2 0 0 1 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD subject= /CN=example.com @@ -929,9 +1025,9 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 26 +# 30 1 2 0 0 1 -0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3 +0 1 0 3059301306072a8648ce3d020106082a8648ce3d030107034200047d4bae18b49f5dc69d0a3c85c66a3e2119de92cfad081fad55c12d510ec97b6c00e13695a8d9713548fe60df15573390433e2a1bd92db4b7aa016ec6185dc5af subject= /CN=example.com issuer= /CN=Issuer CA notBefore=Dec 13 23:23:52 2015 GMT @@ -962,7 +1058,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 27 +# 31 1 3 0 0 1 0 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C subject= /CN=example.com @@ -1009,7 +1105,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 28 +# 32 1 3 0 0 1 0 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 subject= /CN=example.com @@ -1056,7 +1152,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 29 +# 33 1 2 0 0 2 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C subject= /CN=example.com @@ -1089,7 +1185,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 30 +# 34 1 2 0 0 2 0 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C subject= /CN=example.com @@ -1122,7 +1218,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 31 +# 35 1 3 0 0 2 0 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E subject= /CN=example.com @@ -1169,7 +1265,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 32 +# 36 1 3 0 0 2 0 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E subject= /CN=example.com @@ -1218,7 +1314,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF ## -- PKIX-?? chain failures -- -# 33 +# 37 # Missing intermediate CA 1 1 0 20 0 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F @@ -1238,7 +1334,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 34 +# 38 # Missing PKIX intermediate, provided via DNS 2 1 0 0 0 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 @@ -1259,7 +1355,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 35 +# 39 # Wrong leaf digest 1 3 0 65 -1 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9924 @@ -1307,7 +1403,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 36 +# 40 # Wrong intermediate digest 1 2 0 65 -1 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBE @@ -1341,7 +1437,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 37 +# 41 # Wrong root digest 1 2 0 65 -1 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3D @@ -1377,7 +1473,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== ## -- Mixed usage cases -# 38 +# 42 # DANE-EE(3) beats DANE-TA(2) 1 3 0 0 0 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 @@ -1426,7 +1522,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 39 +# 43 # DANE-TA(2) depth 1 beats DANE-TA(2) depth 2 1 3 0 0 1 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 @@ -1475,7 +1571,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 40 +# 44 # DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1 1 3 0 0 2 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C @@ -1524,7 +1620,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 41 +# 45 # DANE-TA(2) depth 2 beats PKIX-EE depth 0 1 3 0 0 2 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C @@ -1573,7 +1669,7 @@ RwAwRAIgaGnmqp+bTUvzCAkaWnqyww42GbDXXlKIGUaOS7km9MkCIBfxuEWGEZZv vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 42 +# 46 # DANE-TA(2) Full(0) root "from DNS": 1 2 0 0 2 2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5 @@ -1607,7 +1703,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 43 +# 47 # DANE-TA(2) Full(0) intermediate "from DNS": 1 1 0 0 1 2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308 @@ -1627,7 +1723,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 44 +# 48 # DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS": 1 1 0 0 0 2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF @@ -1647,7 +1743,7 @@ RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 45 +# 49 # DANE-TA(2) SPKI(1) Full(0) root "from DNS": 1 2 0 0 1 2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C @@ -1681,7 +1777,7 @@ AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 46 +# 50 # Mismatched name "example.org", should still succeed given a # DANE-EE(3) match. 1 3 1 0 0 @@ -1730,7 +1826,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== -----END CERTIFICATE----- -# 47 +# 51 # Mismatched name "example.org", should fail despite a DANE-TA(2) # match for the intermediate CA. 1 3 0 62 1 @@ -1779,7 +1875,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== -----END CERTIFICATE----- -# 48 +# 52 # Mismatched name "example.org", should fail despite a DANE-TA(2) # match for the root CA. 1 3 0 62 2 @@ -1828,7 +1924,7 @@ AgNJADBGAiEAumhPWZ37swl10awM/amX+jv0UlUyJBf8RGA6QMG5bwICIQDbinER fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== -----END CERTIFICATE----- -# 49 +# 53 # Mismatched name "example.org", should fail when name checks # are not disabled for DANE-EE(3). 1 3 0 62 0 diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 42506303274a64..c032a89aea3370 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -38,6 +38,10 @@ #include "crypto/evp.h" #include "fake_rsaprov.h" +#ifdef STATIC_LEGACY +OSSL_provider_init_fn ossl_legacy_provider_init; +#endif + static OSSL_LIB_CTX *testctx = NULL; static char *testpropq = NULL; @@ -489,6 +493,10 @@ static const unsigned char cfbPlaintext[] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }; +static const unsigned char cfbPlaintext_partial[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, + 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, +}; static const unsigned char gcmDefaultPlaintext[16] = { 0 }; @@ -505,6 +513,16 @@ static const unsigned char cfbCiphertext[] = { 0xE8, 0x3C, 0xFB, 0x4A }; +static const unsigned char cfbCiphertext_partial[] = { + 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, + 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35 +}; + +static const unsigned char ofbCiphertext_partial[] = { + 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, + 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09 +}; + static const unsigned char gcmDefaultCiphertext[] = { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 @@ -3874,6 +3892,30 @@ static const EVP_INIT_TEST_st evp_init_tests[] = { } }; +/* use same key, iv and plaintext for cfb and ofb */ +static const EVP_INIT_TEST_st evp_reinit_tests[] = { + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, + cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), + sizeof(cfbCiphertext_partial), 0, 0, 1, 0 + }, + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, + cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), + sizeof(cfbPlaintext_partial), 0, 0, 0, 0 + }, + { + "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, + ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), + sizeof(ofbCiphertext_partial), 0, 0, 1, 0 + }, + { + "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, + cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), + sizeof(cfbPlaintext_partial), 0, 0, 0, 0 + }, +}; + static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) { int res = 0; @@ -3978,6 +4020,44 @@ static int test_evp_init_seq(int idx) return testresult; } +/* + * Test re-initialization of cipher context without changing key or iv. + * The result of both iteration should be the same. + */ +static int test_evp_reinit_seq(int idx) +{ + int outlen1, outlen2, outlen_final; + int testresult = 0; + unsigned char outbuf1[1024]; + unsigned char outbuf2[1024]; + const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx]; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *type = NULL; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) + /* setup cipher context */ + || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) + /* first iteration */ + || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) + || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) + /* check test results iteration 1 */ + || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) + /* now re-init the context (same cipher, key and iv) */ + || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) + /* second iteration */ + || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) + || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) + /* check test results iteration 2 */ + || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) + goto err; + testresult = 1; + err: + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(type); + return testresult; +} + typedef struct { const unsigned char *input; const unsigned char *expected; @@ -5437,6 +5517,15 @@ int setup_tests(void) testctx = OSSL_LIB_CTX_new(); if (!TEST_ptr(testctx)) return 0; +#ifdef STATIC_LEGACY + /* + * This test is always statically linked against libcrypto. We must not + * attempt to load legacy.so that might be dynamically linked against + * libcrypto. Instead we use a built-in version of the legacy provider. + */ + if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) + return 0; +#endif /* Swap the libctx to test non-default context only */ nullprov = OSSL_PROVIDER_load(NULL, "null"); deflprov = OSSL_PROVIDER_load(testctx, "default"); @@ -5545,6 +5634,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); + ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests)); ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c index a06bd697941e89..32ca15bc9a8ab4 100644 --- a/test/evp_extra_test2.c +++ b/test/evp_extra_test2.c @@ -1326,6 +1326,24 @@ static int test_evp_pbe_alg_add(void) } #endif +/* + * Currently, EVP__fetch doesn't support + * colon separated alternative names for lookup + * so add a test here to ensure that when one is provided + * libcrypto returns an error + */ +static int evp_test_name_parsing(void) +{ + EVP_MD *md; + + if (!TEST_ptr_null(md = EVP_MD_fetch(mainctx, "SHA256:BogusName", NULL))) { + EVP_MD_free(md); + return 0; + } + + return 1; +} + int setup_tests(void) { if (!test_get_libctx(&mainctx, &nullprov, NULL, NULL, NULL)) { @@ -1334,6 +1352,7 @@ int setup_tests(void) return 0; } + ADD_TEST(evp_test_name_parsing); ADD_TEST(test_alternative_default); ADD_ALL_TESTS(test_d2i_AutoPrivateKey_ex, OSSL_NELEM(keydata)); #ifndef OPENSSL_NO_EC diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 85bae39988b306..a3dd4a5b032887 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -544,6 +544,55 @@ static int test_kdf_pbkdf1(void) return ret; } +static int test_kdf_pbkdf1_key_too_long(void) +{ + int ret = 0; + EVP_KDF_CTX *kctx = NULL; + unsigned char out[EVP_MAX_MD_SIZE + 1]; + unsigned int iterations = 4096; + OSSL_LIB_CTX *libctx = NULL; + OSSL_PARAM *params = NULL; + OSSL_PROVIDER *legacyprov = NULL; + OSSL_PROVIDER *defprov = NULL; + + if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) + goto err; + + /* PBKDF1 only available in the legacy provider */ + legacyprov = OSSL_PROVIDER_load(libctx, "legacy"); + if (legacyprov == NULL) { + OSSL_LIB_CTX_free(libctx); + return TEST_skip("PBKDF1 only available in legacy provider"); + } + + if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default"))) + goto err; + + params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256", + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations); + + /* + * This is the same test sequence as test_kdf_pbkdf1, but we expect + * failure here as the requested key size is longer than the digest + * can provide + */ + if (!TEST_ptr(params) + || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1)) + || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)) + goto err; + + ret = 1; +err: + EVP_KDF_CTX_free(kctx); + OPENSSL_free(params); + OSSL_PROVIDER_unload(defprov); + OSSL_PROVIDER_unload(legacyprov); + OSSL_LIB_CTX_free(libctx); + return ret; +} + static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt, unsigned int *iter, int *mode) { @@ -1920,6 +1969,7 @@ static int test_kdf_hmac_drbg_gettables(void) int setup_tests(void) { ADD_TEST(test_kdf_pbkdf1); + ADD_TEST(test_kdf_pbkdf1_key_too_long); #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) ADD_TEST(test_kdf_kbkdf_6803_128); ADD_TEST(test_kdf_kbkdf_6803_256); diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 02e7aa727c6ab4..60ce71eda7f9b2 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -1131,6 +1131,12 @@ static int test_fromdata_ecx(int tst) /* This should succeed because there are no parameters to copy */ || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk))) goto err; + if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL)) + /* This should fail because copy_pk has no pubkey */ + || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0)) + goto err; + EVP_PKEY_CTX_free(ctx2); + ctx2 = NULL; EVP_PKEY_free(copy_pk); copy_pk = NULL; diff --git a/test/evp_test.c b/test/evp_test.c index d74da09616c502..ecc7f7fe209c2f 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1514,6 +1514,7 @@ static int mac_test_run_mac(EVP_TEST *t) EVP_MAC_CTX *ctx = NULL; unsigned char *got = NULL; size_t got_len = 0, size = 0; + size_t size_before_init = 0, size_after_init, size_val = 0; int i, block_size = -1, output_size = -1; OSSL_PARAM params[21], sizes[3], *psizes = sizes; size_t params_n = 0; @@ -1610,6 +1611,9 @@ static int mac_test_run_mac(EVP_TEST *t) } params_n++; + if (strcmp(tmpkey, "size") == 0) + size_val = (size_t)strtoul(tmpval, NULL, 0); + OPENSSL_free(tmpkey); } params[params_n] = OSSL_PARAM_construct_end(); @@ -1618,11 +1622,29 @@ static int mac_test_run_mac(EVP_TEST *t) t->err = "MAC_CREATE_ERROR"; goto err; } - + if (fips_provider_version_gt(libctx, 3, 2, 0)) + size_before_init = EVP_MAC_CTX_get_mac_size(ctx); if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) { t->err = "MAC_INIT_ERROR"; goto err; } + size_after_init = EVP_MAC_CTX_get_mac_size(ctx); + if (!TEST_false(size_before_init == 0 && size_after_init == 0)) { + t->err = "MAC SIZE not set"; + goto err; + } + if (size_before_init != 0) { + /* mac-size not modified by init params */ + if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) { + t->err = "MAC SIZE check failed"; + goto err; + } + /* mac-size modified by init params */ + if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) { + t->err = "MAC SIZE check failed"; + goto err; + } + } if (expected->output_size >= 0) *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE, &output_size); diff --git a/test/http_test.c b/test/http_test.c index 49e770cd886bcc..3f70f6223ac876 100644 --- a/test/http_test.c +++ b/test/http_test.c @@ -347,7 +347,8 @@ static int test_http_url_invalid_prefix(void) static int test_http_url_invalid_port(void) { - return test_http_url_invalid("https://1.2.3.4:65536/pkix"); + return test_http_url_invalid("https://1.2.3.4:65536/pkix") + && test_http_url_invalid("https://1.2.3.4:"); } static int test_http_url_invalid_path(void) diff --git a/test/invalid-x509.cnf b/test/invalid-x509.cnf new file mode 100644 index 00000000000000..f982edb979750b --- /dev/null +++ b/test/invalid-x509.cnf @@ -0,0 +1,6 @@ +[ext] +issuerSignTool = signTool +sbgp-autonomousSysNum = AS +issuingDistributionPoint = fullname +sbgp-ipAddrBlock = IPv4-SAFI + diff --git a/test/p_minimal.c b/test/p_minimal.c new file mode 100644 index 00000000000000..0bff9823f824a2 --- /dev/null +++ b/test/p_minimal.c @@ -0,0 +1,24 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This is the most minimal provider imaginable. It can be loaded, and does + * absolutely nothing else. + */ + +#include + +OSSL_provider_init_fn OSSL_provider_init; /* Check the function signature */ +int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *oin, + const OSSL_DISPATCH **out, + void **provctx) +{ + return 1; +} diff --git a/test/params_api_test.c b/test/params_api_test.c index f4227b0012fa5c..941b05c4d38dc8 100644 --- a/test/params_api_test.c +++ b/test/params_api_test.c @@ -70,6 +70,49 @@ static const struct { 0x89, 0x67, 0xf2, 0x68, 0x33, 0xa0, 0x14, 0xb0 } }, }; +static int test_param_type_null(OSSL_PARAM *param) +{ + int rc = 0; + uint64_t intval; + double dval; + BIGNUM *bn; + + switch(param->data_type) { + case OSSL_PARAM_INTEGER: + if (param->data_size == sizeof(int32_t)) + rc = OSSL_PARAM_get_int32(param, (int32_t *)&intval); + else if (param->data_size == sizeof(uint64_t)) + rc = OSSL_PARAM_get_int64(param, (int64_t *)&intval); + else + return 1; + break; + case OSSL_PARAM_UNSIGNED_INTEGER: + if (param->data_size == sizeof(uint32_t)) + rc = OSSL_PARAM_get_uint32(param, (uint32_t *)&intval); + else if (param->data_size == sizeof(uint64_t)) + rc = OSSL_PARAM_get_uint64(param, &intval); + else + rc = OSSL_PARAM_get_BN(param, &bn); + break; + case OSSL_PARAM_REAL: + rc = OSSL_PARAM_get_double(param, &dval); + break; + case OSSL_PARAM_UTF8_STRING: + case OSSL_PARAM_OCTET_STRING: + case OSSL_PARAM_UTF8_PTR: + case OSSL_PARAM_OCTET_PTR: + /* these are allowed to be null */ + return 1; + break; + } + + /* + * we expect the various OSSL_PARAM_get functions above + * to return failure when the data is set to NULL + */ + return rc == 0; +} + static int test_param_type_extra(OSSL_PARAM *param, const unsigned char *cmp, size_t width) { @@ -157,6 +200,9 @@ static int test_param_int(int n) sizeof(int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -184,6 +230,9 @@ static int test_param_long(int n) ? sizeof(long int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_long("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -210,6 +259,9 @@ static int test_param_uint(int n) const size_t len = raw_values[n].len >= sizeof(unsigned int) ? sizeof(unsigned int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -237,6 +289,9 @@ static int test_param_ulong(int n) ? sizeof(unsigned long int) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_ulong("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -264,6 +319,9 @@ static int test_param_int32(int n) ? sizeof(int32_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int32("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -291,6 +349,9 @@ static int test_param_uint32(int n) ? sizeof(uint32_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint32("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -318,6 +379,9 @@ static int test_param_int64(int n) ? sizeof(int64_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_int64("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -345,6 +409,9 @@ static int test_param_uint64(int n) ? sizeof(uint64_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_uint64("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -372,6 +439,9 @@ static int test_param_size_t(int n) ? sizeof(size_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_size_t("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -399,6 +469,9 @@ static int test_param_time_t(int n) ? sizeof(time_t) : raw_values[n].len; OSSL_PARAM param = OSSL_PARAM_time_t("a", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + memset(buf, 0, sizeof(buf)); le_copy(buf, sizeof(in), raw_values[n].value, sizeof(in)); memcpy(&in, buf, sizeof(in)); @@ -427,6 +500,9 @@ static int test_param_bignum(int n) NULL, 0); int ret = 0; + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + param.data = bnbuf; param.data_size = sizeof(bnbuf); @@ -458,6 +534,9 @@ static int test_param_signed_bignum(int n) OSSL_PARAM param = OSSL_PARAM_DEFN("bn", OSSL_PARAM_INTEGER, NULL, 0); int ret = 0; + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + param.data = bnbuf; param.data_size = sizeof(bnbuf); @@ -491,6 +570,9 @@ static int test_param_real(void) double p; OSSL_PARAM param = OSSL_PARAM_double("r", NULL); + if (!TEST_int_eq(test_param_type_null(¶m), 1)) + return 0; + param.data = &p; return TEST_true(OSSL_PARAM_set_double(¶m, 3.14159)) && TEST_double_eq(p, 3.14159); diff --git a/test/params_test.c b/test/params_test.c index 614c8debb70ae9..a4b17ddf8f6572 100644 --- a/test/params_test.c +++ b/test/params_test.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include "internal/numbers.h" #include "internal/nelem.h" @@ -558,6 +559,7 @@ static const OSSL_PARAM params_from_text[] = { /* Arbitrary size buffer. Make sure the result fits in a long */ OSSL_PARAM_DEFN("num", OSSL_PARAM_INTEGER, NULL, 0), OSSL_PARAM_DEFN("unum", OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0), + OSSL_PARAM_DEFN("octets", OSSL_PARAM_OCTET_STRING, NULL, 0), OSSL_PARAM_END, }; @@ -655,14 +657,56 @@ static int check_int_from_text(const struct int_from_text_test_st a) return a.expected_res; } +static int check_octetstr_from_hexstr(void) +{ + OSSL_PARAM param; + static const char *values[] = { "", "F", "FF", "FFF", "FFFF", NULL }; + int i; + int errcnt = 0; + + /* Test odd vs even number of hex digits */ + for (i = 0; values[i] != NULL; i++) { + int expected = (strlen(values[i]) % 2) != 1; + int result; + + ERR_clear_error(); + memset(¶m, 0, sizeof(param)); + if (expected) + result = + TEST_true(OSSL_PARAM_allocate_from_text(¶m, + params_from_text, + "hexoctets", values[i], 0, + NULL)); + else + result = + TEST_false(OSSL_PARAM_allocate_from_text(¶m, + params_from_text, + "hexoctets", values[i], 0, + NULL)); + if (!result) { + TEST_error("unexpected OSSL_PARAM_allocate_from_text() %s for 'octets' \"%s\"", + (expected ? "failure" : "success"), values[i]); + errcnt++; + } + OPENSSL_free(param.data); + } + return errcnt == 0; +} + static int test_allocate_from_text(int i) { return check_int_from_text(int_from_text_test_cases[i]); } +static int test_more_allocate_from_text(void) +{ + return check_octetstr_from_hexstr(); +} + int setup_tests(void) { ADD_ALL_TESTS(test_case, OSSL_NELEM(test_cases)); ADD_ALL_TESTS(test_allocate_from_text, OSSL_NELEM(int_from_text_test_cases)); + ADD_TEST(test_more_allocate_from_text); return 1; } diff --git a/test/property_test.c b/test/property_test.c index bba96fac0a0191..18f8cc8740e0d3 100644 --- a/test/property_test.c +++ b/test/property_test.c @@ -136,6 +136,10 @@ static const struct { { "n=0x3", "n=3", 1 }, { "n=0x3", "n=-3", -1 }, { "n=0x33", "n=51", 1 }, + { "n=0x123456789abcdef", "n=0x123456789abcdef", 1 }, + { "n=0x7fffffffffffffff", "n=0x7fffffffffffffff", 1 }, /* INT64_MAX */ + { "n=9223372036854775807", "n=9223372036854775807", 1 }, /* INT64_MAX */ + { "n=0777777777777777777777", "n=0777777777777777777777", 1 }, /* INT64_MAX */ { "n=033", "n=27", 1 }, { "n=0", "n=00", 1 }, { "n=0x0", "n=0", 1 }, @@ -198,6 +202,9 @@ static const struct { { 1, "a=2, n=012345678" }, /* Bad octal digit */ { 0, "n=0x28FG, a=3" }, /* Bad hex digit */ { 0, "n=145d, a=2" }, /* Bad decimal digit */ + { 0, "n=0x8000000000000000, a=3" }, /* Hex overflow */ + { 0, "n=922337203000000000d, a=2" }, /* Decimal overflow */ + { 0, "a=2, n=1000000000000000000000" }, /* Octal overflow */ { 1, "@='hello'" }, /* Invalid name */ { 1, "n0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789" diff --git a/test/prov_config_test.c b/test/prov_config_test.c index 4b04211fa47ef3..b44ec78d8d24b4 100644 --- a/test/prov_config_test.c +++ b/test/prov_config_test.c @@ -8,9 +8,11 @@ */ #include +#include #include "testutil.h" static char *configfile = NULL; +static char *recurseconfigfile = NULL; /* * Test to make sure there are no leaks or failures from loading the config @@ -44,6 +46,30 @@ static int test_double_config(void) return testresult; } +static int test_recursive_config(void) +{ + OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); + int testresult = 0; + unsigned long err; + + if (!TEST_ptr(recurseconfigfile)) + goto err; + + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_false(OSSL_LIB_CTX_load_config(ctx, recurseconfigfile))) + goto err; + + err = ERR_peek_error(); + /* We expect to get a recursion error here */ + if (ERR_GET_REASON(err) == CONF_R_RECURSIVE_SECTION_REFERENCE) + testresult = 1; + err: + OSSL_LIB_CTX_free(ctx); + return testresult; +} + OPT_TEST_DECLARE_USAGE("configfile\n") int setup_tests(void) @@ -56,6 +82,10 @@ int setup_tests(void) if (!TEST_ptr(configfile = test_get_argument(0))) return 0; + if (!TEST_ptr(recurseconfigfile = test_get_argument(1))) + return 0; + + ADD_TEST(test_recursive_config); ADD_TEST(test_double_config); return 1; } diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t index 9efa9f8d2d6eb7..222b1886aec01f 100644 --- a/test/recipes/01-test_symbol_presence.t +++ b/test/recipes/01-test_symbol_presence.t @@ -114,17 +114,34 @@ foreach (sort keys %stlibname) { my @arrays = ( \@stlib_lines ); push @arrays, \@shlib_lines unless disabled('shared'); foreach (@arrays) { + my %commons; + foreach (@$_) { + if (m|^(.*) C .*|) { + $commons{$1}++; + } + } + foreach (sort keys %commons) { + note "Common symbol: $_"; + } + @$_ = sort - map { - # Drop the first space and everything following it - s| .*||; - # Drop OpenSSL dynamic version information if there is any - s|\@\@.+$||; - # Return the result - $_ - } - grep(m|.* [BCDST] .*|, @$_); + ( map { + # Drop the first space and everything following it + s| .*||; + # Drop OpenSSL dynamic version information if there is any + s|\@\@.+$||; + # Return the result + $_ + } + # Drop any symbol starting with a double underscore, they + # are reserved for the compiler / system ABI and are none + # of our business + grep !m|^__|, + # Only look at external definitions + grep m|.* [BDST] .*|, + @$_ ), + keys %commons; } # Massage the mkdef.pl output to only contain global symbols diff --git a/test/recipes/04-test_asn1_parse.t b/test/recipes/04-test_asn1_parse.t new file mode 100644 index 00000000000000..f3af4365920ac3 --- /dev/null +++ b/test/recipes/04-test_asn1_parse.t @@ -0,0 +1,26 @@ +#! /usr/bin/env perl +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw(:DEFAULT srctop_file); +use OpenSSL::Test::Utils; + +setup("test_asn1_parse"); + +plan tests => 3; + +$ENV{OPENSSL_CONF} = srctop_file("test", "test_asn1_parse.cnf"); + +ok(run(app(([ 'openssl', 'asn1parse', + '-genstr', 'OID:1.2.3.4.1'])))); + +ok(run(app(([ 'openssl', 'asn1parse', + '-genstr', 'OID:1.2.3.4.2'])))); + +ok(run(app(([ 'openssl', 'asn1parse', + '-genstr', 'OID:1.2.3.4.3'])))); diff --git a/test/recipes/04-test_asn1_stable_parse.t b/test/recipes/04-test_asn1_stable_parse.t new file mode 100644 index 00000000000000..a6fe6a3d8fe42c --- /dev/null +++ b/test/recipes/04-test_asn1_stable_parse.t @@ -0,0 +1,24 @@ +#! /usr/bin/env perl +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; +use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file data_dir/; +use OpenSSL::Test::Utils; +use Cwd qw(abs_path); + +BEGIN { +setup("test_asn1_stable_parse"); +} +my $config_path = srctop_file("test", "recipes", "04-test_asn1_stable_parse_data", "asn1_stable_parse.cnf"); + +plan tests => 1; + +ok(run(test(["asn1_stable_parse_test", "-config", $config_path])), + "Confirm that malformed entries in stable section are not parsed"); + diff --git a/test/recipes/04-test_asn1_stable_parse_data/asn1_stable_parse.cnf b/test/recipes/04-test_asn1_stable_parse_data/asn1_stable_parse.cnf new file mode 100644 index 00000000000000..28381a083b0a23 --- /dev/null +++ b/test/recipes/04-test_asn1_stable_parse_data/asn1_stable_parse.cnf @@ -0,0 +1,16 @@ +openssl_conf = openssl_init +config_diagnostics = 1 + +[openssl_init] +s = mstbl + +[mstbl] +id-tc26 = min +id-tc27 = :::::: +id-tc28 = ,,,,,, +id-tc29 = :,:,:, +id-tc30 = n1:min +id-tc31 = n2:max +id-tc32 = n3: +id-tc33 = :0 + diff --git a/test/recipes/04-test_provider.t b/test/recipes/04-test_provider.t index 312def77578402..1233cc4f93a137 100644 --- a/test/recipes/04-test_provider.t +++ b/test/recipes/04-test_provider.t @@ -12,10 +12,17 @@ use OpenSSL::Test::Utils; setup("test_provider"); -plan tests => 2; +plan tests => 3; ok(run(test(['provider_test'])), "provider_test"); $ENV{"OPENSSL_MODULES"} = bldtop_dir("test"); ok(run(test(['provider_test', '-loaded'])), "provider_test -loaded"); + + SKIP: { + skip "no module support", 1 if disabled("module"); + + ok(run(app(['openssl', 'list', '-provider', 'p_minimal', + '-providers', '-verbose']))); +} diff --git a/test/recipes/15-test_gensm2.t b/test/recipes/15-test_gensm2.t new file mode 100644 index 00000000000000..1c4c01a248894b --- /dev/null +++ b/test/recipes/15-test_gensm2.t @@ -0,0 +1,61 @@ +#! /usr/bin/env perl +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw(:DEFAULT pipe); +use OpenSSL::Test::Utils; + +# These are special key generation tests for SM2 keys specifically, +# as they could be said to be a bit special in their encoding. +# This is an auxilliary test to 15-test_genec.t + +setup("test_gensm2"); + +plan skip_all => "This test is unsupported in a no-sm2 build" + if disabled("sm2"); + +plan tests => 2; + +# According to the example in GM/T 0015-2012, appendix D.2, +# generating an EC key with the named SM2 curve or generating +# an SM2 key should end up with the same encoding (apart from +# key private key field itself). This regular expressions +# shows us what 'openssl asn1parse' should display. + +my $sm2_re = qr| + ^ + .*?\Qcons: SEQUENCE\E\s+?\R + .*?\Qprim: INTEGER :00\E\R + .*?\Qcons: SEQUENCE\E\s+?\R + .*?\Qprim: OBJECT :id-ecPublicKey\E\R + .*?\Qprim: OBJECT :sm2\E\R + .*?\Qprim: OCTET STRING [HEX DUMP]:\E + |mx; + +my $cmd_genec = app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:SM2', + '-pkeyopt', 'ec_param_enc:named_curve' ]); +my $cmd_gensm2 = app([ 'openssl', 'genpkey', '-algorithm', 'SM2' ]); +my $cmd_asn1parse = app([ 'openssl', 'asn1parse', '-i' ]); + +my $result_ec = join("", run(pipe($cmd_genec, $cmd_asn1parse), + capture => 1)); + +like($result_ec, $sm2_re, + "Check that 'genpkey -algorithm EC' resulted in a correctly encoded SM2 key"); + +my $result_sm2 = join("", run(pipe($cmd_gensm2, $cmd_asn1parse), + capture => 1)); + +like($result_sm2, $sm2_re, + "Check that 'genpkey -algorithm SM2' resulted in a correctly encoded SM2 key"); diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 32dc4ded8c8996..50188cbae588cb 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 104; +plan tests => 107; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); @@ -40,14 +40,19 @@ my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", "-key", srctop_file(@certs, "ee-key.pem"), "-config", srctop_file("test", "test.cnf"), @req_new ); my $val = "subjectAltName=DNS:example.com"; +my $val1 = "subjectAltName=otherName:1.2.3.4;UTF8:test,email:info\@example.com"; my $val2 = " " . $val; my $val3 = $val; $val3 =~ s/=/ =/; ok( run(app([@addext_args, "-addext", $val]))); +ok( run(app([@addext_args, "-addext", $val1]))); +$val1 =~ s/UTF8/XXXX/; # execute the error handling in do_othername +ok(!run(app([@addext_args, "-addext", $val1]))); ok(!run(app([@addext_args, "-addext", $val, "-addext", $val]))); ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); +ok(run(app([@addext_args, "-addext", "SXNetID=1:one, 2:two, 3:three"]))); # If a CSR is provided with neither of -key or -CA/-CAkey, this should fail. ok(!run(app(["openssl", "req", "-x509", diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 9bf011c1885cd4..9b11169a98269a 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_x509"); -plan tests => 43; +plan tests => 44; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -217,6 +217,14 @@ ok(run(app(["openssl", "x509", "-in", $a_cert, "-CA", $ca_cert, # verify issuer is CA ok (get_issuer($a2_cert) =~ /CN=ca.example.com/); +my $in_csr = srctop_file('test', 'certs', 'x509-check.csr'); +my $in_key = srctop_file('test', 'certs', 'x509-check-key.pem'); +my $invextfile = srctop_file('test', 'invalid-x509.cnf'); +# Test that invalid extensions settings fail +ok(!run(app(["openssl", "x509", "-req", "-in", $in_csr, "-signkey", $in_key, + "-out", "/dev/null", "-days", "3650" , "-extensions", "ext", + "-extfile", $invextfile]))); + # Tests for issue #16080 (fixed in 1.1.1o) my $b_key = "b-key.pem"; my $b_csr = "b-cert.csr"; diff --git a/test/recipes/30-test_prov_config.t b/test/recipes/30-test_prov_config.t index f97a26dbe9543c..7f6350fd84e116 100644 --- a/test/recipes/30-test_prov_config.t +++ b/test/recipes/30-test_prov_config.t @@ -22,11 +22,14 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => 2; -ok(run(test(["prov_config_test", srctop_file("test", "default.cnf")])), +ok(run(test(["prov_config_test", srctop_file("test", "default.cnf"), + srctop_file("test", "recursive.cnf")])), "running prov_config_test default.cnf"); + SKIP: { skip "Skipping FIPS test in this build", 1 if $no_fips; - ok(run(test(["prov_config_test", srctop_file("test", "fips.cnf")])), + ok(run(test(["prov_config_test", srctop_file("test", "fips.cnf"), + srctop_file("test", "recursive.cnf")])), "running prov_config_test fips.cnf"); } diff --git a/test/recipes/60-test_x509_load_cert_file.t b/test/recipes/60-test_x509_load_cert_file.t new file mode 100644 index 00000000000000..75aeac362c2c26 --- /dev/null +++ b/test/recipes/60-test_x509_load_cert_file.t @@ -0,0 +1,15 @@ +#! /usr/bin/env perl +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_load_cert_file"); + +plan tests => 1; + +ok(run(test(["x509_load_cert_file_test", srctop_file("test", "certs", "leaf-chain.pem")]))); diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 0e1ebc50cd9048..6a9792128be15f 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -50,7 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) $no_rc2 = 1 if disabled("legacy"); -plan tests => 22; +plan tests => 23; ok(run(test(["pkcs7_test"])), "test pkcs7"); @@ -222,13 +222,15 @@ my @smime_pkcs7_tests = ( \&final_compare ], - [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used", + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, cert and key files used", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", $smrsa1, catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "{cmd2}", @defaultprov, "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), + catfile($smdir, "smrsa3-cert.pem") ], + [ "{cmd2}", @defaultprov, "-decrypt", + "-recip", catfile($smdir, "smrsa3-cert.pem"), + "-inkey", catfile($smdir, "smrsa3-key.pem"), "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ], @@ -1165,3 +1167,51 @@ with({ exit_checker => sub { return shift == 3; } }, ])), "Check for failure when cipher does not have an assigned OID (issue#22225)"); }); + +# Test encrypt to three recipients, and decrypt using key-only; +# i.e. do not follow the recommended practice of providing the +# recipient cert in the decrypt op. +# +# Use RSAES-OAEP for key-transport, not RSAES-PKCS-v1_5. +# +# Because the cert is not provided during decrypt, all RSA ciphertexts +# are decrypted in turn, and when/if there is a valid decryption, it +# is assumed the correct content-key has been recovered. +# +# That process may fail with RSAES-PKCS-v1_5 b/c there is a +# non-negligible chance that decrypting a random input using +# RSAES-PKCS-v1_5 can result in a valid plaintext (so two content-keys +# could be recovered and the wrong one might be used). +# +# See https://github.com/openssl/project/issues/380 +subtest "encrypt to three recipients with RSA-OAEP, key only decrypt" => sub { + plan tests => 3; + + my $pt = srctop_file("test", "smcont.txt"); + my $ct = "smtst.cms"; + my $ptpt = "smtst.txt"; + + ok(run(app(['openssl', 'cms', + @defaultprov, + '-encrypt', '-aes128', + '-in', $pt, + '-out', $ct, + '-stream', + '-recip', catfile($smdir, "smrsa1.pem"), + '-keyopt', 'rsa_padding_mode:oaep', + '-recip', catfile($smdir, "smrsa2.pem"), + '-keyopt', 'rsa_padding_mode:oaep', + '-recip', catfile($smdir, "smrsa3-cert.pem"), + '-keyopt', 'rsa_padding_mode:oaep', + ])), + "encrypt to three recipients with RSA-OAEP (avoid openssl/project issue#380)"); + ok(run(app(['openssl', 'cms', + @defaultprov, + '-decrypt', '-aes128', + '-in', $ct, + '-out', $ptpt, + '-inkey', catfile($smdir, "smrsa3-key.pem"), + ])), + "decrypt with key only"); + is(compare($pt, $ptpt), 0, "compare original message with decrypted ciphertext"); +}; diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t index 7970e3225bbdcc..f1d5efd741de5c 100644 --- a/test/recipes/80-test_pkcs12.t +++ b/test/recipes/80-test_pkcs12.t @@ -9,7 +9,7 @@ use strict; use warnings; -use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_file with/; use OpenSSL::Test::Utils; use Encode; @@ -54,7 +54,7 @@ if (eval { require Win32::API; 1; }) { } $ENV{OPENSSL_WIN32_UTF8}=1; -plan tests => 24; +plan tests => 28; # Test different PKCS#12 formats ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); @@ -170,6 +170,27 @@ ok(grep(/Trusted key usage (Oracle)/, @pkcs12info) == 0, ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_outerr6_empty"); } +# Test some bad pkcs12 files +my $bad1 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad1.p12"); +my $bad2 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad2.p12"); +my $bad3 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad3.p12"); + +with({ exit_checker => sub { return shift == 1; } }, + sub { + ok(run(app(["openssl", "pkcs12", "-in", $bad1, "-password", "pass:"])), + "test bad pkcs12 file 1"); + + ok(run(app(["openssl", "pkcs12", "-in", $bad1, "-password", "pass:", + "-nomacver"])), + "test bad pkcs12 file 1 (nomacver)"); + + ok(run(app(["openssl", "pkcs12", "-in", $bad2, "-password", "pass:"])), + "test bad pkcs12 file 2"); + + ok(run(app(["openssl", "pkcs12", "-in", $bad3, "-password", "pass:"])), + "test bad pkcs12 file 3"); + }); + # Test with Oracle Trusted Key Usage specified in openssl.cnf { ok(run(app(["openssl", "pkcs12", "-export", "-out", $outfile7, diff --git a/test/recipes/80-test_pkcs12_data/bad1.p12 b/test/recipes/80-test_pkcs12_data/bad1.p12 new file mode 100644 index 00000000000000..8f3387c7e356e4 Binary files /dev/null and b/test/recipes/80-test_pkcs12_data/bad1.p12 differ diff --git a/test/recipes/80-test_pkcs12_data/bad2.p12 b/test/recipes/80-test_pkcs12_data/bad2.p12 new file mode 100644 index 00000000000000..113cb6f1cd523e Binary files /dev/null and b/test/recipes/80-test_pkcs12_data/bad2.p12 differ diff --git a/test/recipes/80-test_pkcs12_data/bad3.p12 b/test/recipes/80-test_pkcs12_data/bad3.p12 new file mode 100644 index 00000000000000..ef86a1d86fb0bc Binary files /dev/null and b/test/recipes/80-test_pkcs12_data/bad3.p12 differ diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t index dc7cc64533af26..f8088df14d36c8 100644 --- a/test/recipes/91-test_pkey_check.t +++ b/test/recipes/91-test_pkey_check.t @@ -70,7 +70,7 @@ push(@positive_tests, ( "dhpkey.pem" )) unless disabled("dh"); -my @negative_pubtests = (); +my @negative_pubtests = ("rsapub_17k.pem"); # Too big RSA public key push(@negative_pubtests, ( "dsapub_noparam.der" diff --git a/test/recipes/91-test_pkey_check_data/rsapub_17k.pem b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem new file mode 100644 index 00000000000000..9a2eaedaf1b22f --- /dev/null +++ b/test/recipes/91-test_pkey_check_data/rsapub_17k.pem @@ -0,0 +1,48 @@ +-----BEGIN PUBLIC KEY----- +MIIIbzANBgkqhkiG9w0BAQEFAAOCCFwAMIIIVwKCCE4Ang+cE5H+hg3RbapDAHqR +B9lUnp2MlAwsZxQ/FhYepaR60bFQeumbu7817Eo5YLMObVI99hF1C4u/qcpD4Jph +gZt87/JAYDbP+DIh/5gUXCL9m5Fp4u7mvZaZdnlcftBvR1uKUTCAwc9pZ/Cfr8W2 +GzrRODzsNYnk2DcZMfe2vRDuDZRopE+Y+I72rom2SZLxoN547N1daM/M/CL9KVQ/ +XMI/YOpJrBI0jI3brMRhLkvLckwies9joufydlGbJkeil9H7/grj3fQZtFkZ2Pkj +b87XDzRVX7wsEpAgPJxskL3jApokCp1kQYKG+Uc3dKM9Ade6IAPK7VKcmbAQTYw2 +gZxsc28dtstazmfGz0ACCTSMrmbgWAM3oPL7RRzhrXDWgmYQ0jHefGh8SNTIgtPq +TuHxPYkDMQNaf0LmDGCxqlnf4b5ld3YaU8zZ/RqIRx5v/+w0rJUvU53qY1bYSnL1 +vbqKSnN2mip0GYyQ4AUgkS1NBV4rGYU/VTvzEjLfkg02KOtHKandvEoUjmZPzCT0 +V2ZhGc8K1UJNGYlIiHqCdwCBoghvly/pYajTkDXyd6BsukzA5H3IkZB1xDgl035j +/0Cr7QeZLEOdi9fPdSSaBT6OmD0WFuZfJF0wMr7ucRhWzPXvSensD9v7MBE7tNfH +SLeTSx8tLt8UeWriiM+0CnkPR1IOqMOxubOyf1eV8NQqEWm5wEQG/0IskbOKnaHa +PqLFJZn/bvyL3XK5OxVIJG3z6bnRDOMS9SzkjqgPdIO8tkySEHVSi/6iuGUltx3Y +Fmq6ye/r34ekyHPbfn6UuTON7joM6SIXb5bHM64x4iMVWx4hMvDjfy0UqfywAUyu +C1o7BExSMxxFG8GJcqR0K8akpPp7EM588PC+YuItoxzXgfUJnP3BQ1Beev2Ve7/J +xeGZH0N4ntfr+cuaLAakAER9zDglwChWflw3NNFgIdAgSxXv3XXx5xDXpdP4lxUo +F5zAN4Mero3yV90FaJl7Vhq/UFVidbwFc15jUDwaE0mKRcsBeVd3GOhoECAgE0id +aIPT20z8oVY0FyTJlRk7QSjo8WjJSrHY/Fn14gctX07ZdfkufyL6w+NijBdYluvB +nIrgHEvpkDEWoIa8qcx0EppoIcmqgMV2mTShfFYSybsO33Pm8WXec2FXjwhzs1Pi +R/BuIW8rHPI67xqWm0h8dEw11vtfi9a/BBBikFHe59KBjMTG+lW/gADNvRoTzGh7 +kN4+UVDS3jlSisRZZOn1XoeQtpubNYWgUsecjKy45IwIj8h1SHgn3wkmUesY0woN +mOdoNtq+NezN4RFtbCOHhxFVpKKDi/HQP2ro0ykkXMDjwEIVf2Lii1Mg9UP8m+Ux +AOqkTrIkdogkRx+70h7/wUOfDIFUq2JbKzqxJYamyEphcdAko7/B8efQKc61Z93O +f2SHa4++4WI7wIIx18v5KV4M/cRmrfc8w9WRkQN3gBT5AJMuqwcSHVXBWvNQeGmi +ScMh7X6cCZ0daEujqb8svq4WgsJ8UT4GaGBRIYtt7QUKEh+JQwNJzneRYZ3pzpaH +UJeeoYobMlkp3rM9cYzdq90nBQiI9Jsbim9m9ggb2dMOS5CsI9S/IuG2O5uTjfxx +wkwsd5nLDFtNXHYZ7W6XlVJ1Rc6zShnEmdCn3mmibb6OaMUmun2yl9ryEjVSoXLP +fSA8W9K9yNhKTRkzdXJfqlC+s/ovX2xBGxsuOoUDaXhRVz0qmpKIHeSFjIP4iXq4 +y8gDiwvM3HbZfvVonbg6siPwpn4uvw3hesojk1DKAENS52i6U3uK2fs1ALVxsFNS +Yh914rDu0Q3e4RXVhURaYzoEbLCot6WGYeCCfQOK0rkETMv+sTYYscC8/THuW7SL +HG5zy9Ed95N1Xmf8J+My7gM7ZFodGdHsWvdzEmqsdOFh6IVx/VfHFX0MDBq0t6lZ +eRvVgVCfu3gkYLwPScn/04E02vOom51ISKHsF/I11erC66jjNYV9BSpH8O7sAHxZ +EmPT2ZVVRSgivOHdQW/FZ3UZQQhVaVSympo2Eb4yWEMFn84Q8T+9Honj6gnB5PXz +chmeCsOMlcg1mwWwhn0k+OAWEZy7VRUk5Ahp0fBAGJgwBdqrZ3kM356DjUkVBiYq +4eHyvafNKmjf2mnFsI3g2NKRNyl1Lh63wyCFx60yYvBUfXF/W9PFJbD9CiP83kEW +gV36gxTsbOSfhpO1OXR90ODy0kx06XzWmJCUugK8u9bx4F/CjV+LIHExuNJiethC +A8sIup/MT0fWp4RO/SsVblGqfoqJTaPnhptQzeH2N07pbWkxeMuL6ppPuwFmfVjK +FJndqCVrAukcPEOQ16iVURuloJMudqYRc9QKkJFsnv0W/iMNbqQGmXe8Q/5qFiys +26NIQBiE2ad9hNLnoccEnmYSRgnW3ZPSKuq5TDdYyDqTZH2r8cam65pr3beKw2XC +xw4cc7VaxiwGC2Mg2wRmwwPaTjrcEt6sMa3RjwFEVBxBFyM26wnTEZsTBquCxV0J +pgERaeplkixP2Q0m7XAdlDaob973SM2vOoUgypzDchWmpx7u775bnOfU5CihwXl+ +k0i09WZuT8bPmhEAiGCw5sNzMkz1BC2cCZFfJIkE2vc/wXYOrGxBTJo0EKaUFswa +2dnP/u0bn+VksBUM7ywW9LJSXh4mN+tpzdeJtxEObKwX1I0dQxSPWmjd2++wMr9q +Unre5fCrDToy2H7C2VKSpuOCT2/Kv4JDQRWwI4KxQOpn0UknAGNmfBoTtpIZ3LEb +77oBUJdMQD7tQBBLL0a6f1TdK0dHVprWWawJ+gGFMiMQXqAqblHcxFKWuHv9bQID +AQAB +-----END PUBLIC KEY----- diff --git a/test/recipes/95-test_external_gost_engine_data/gost_engine.sh b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh index 4fd434f29ad25d..1a72a4bc2e72e8 100755 --- a/test/recipes/95-test_external_gost_engine_data/gost_engine.sh +++ b/test/recipes/95-test_external_gost_engine_data/gost_engine.sh @@ -45,7 +45,7 @@ echo " OPENSSL_ROOT_DIR: $OPENSSL_ROOT_DIR" echo " OpenSSL version: $OPENSSL_VERSION" echo "------------------------------------------------------------------" -cmake $SRCTOP/gost-engine -DOPENSSL_ROOT_DIR="$OPENSSL_ROOT_DIR" +cmake $SRCTOP/gost-engine -DOPENSSL_ROOT_DIR="$OPENSSL_ROOT_DIR" -DOPENSSL_ENGINES_DIR="$OPENSSL_ROOT_DIR/engines" make export CTEST_OUTPUT_ON_FAILURE=1 export HARNESS_OSSL_PREFIX='' diff --git a/test/recipes/95-test_external_tlsfuzzer_data/tlsfuzzer.sh b/test/recipes/95-test_external_tlsfuzzer_data/tlsfuzzer.sh index a9f781de333925..be27dc7169d12a 100644 --- a/test/recipes/95-test_external_tlsfuzzer_data/tlsfuzzer.sh +++ b/test/recipes/95-test_external_tlsfuzzer_data/tlsfuzzer.sh @@ -11,6 +11,7 @@ # OpenSSL external testing using the TLSFuzzer test suite # set -e +set -x PWD="$(pwd)" @@ -31,16 +32,17 @@ export PATH="$O_EXE:$PATH" export LD_LIBRARY_PATH="$O_LIB:$LD_LIBRARY_PATH" export OPENSSL_ROOT_DIR="$O_LIB" -# Check/Set openssl version -OPENSSL_VERSION=`openssl version | cut -f 2 -d ' '` CLI="${O_EXE}/openssl" SERV="${O_EXE}/openssl" +# Check/Set openssl version +OPENSSL_VERSION=$($CLI version | cut -f 2 -d ' ') + TMPFILE="${PWD}/tls-fuzzer.$$.tmp" PSKFILE="${PWD}/tls-fuzzer.psk.$$.tmp" -PYTHON=`which python` +PYTHON=`which python3` PORT=4433 echo "------------------------------------------------------------------" @@ -51,6 +53,7 @@ echo " BLDTOP: $BLDTOP" echo " OPENSSL_ROOT_DIR: $OPENSSL_ROOT_DIR" echo " Python: $PYTHON" echo " TESTDATADIR: $TESTDATADIR" +echo " OPENSSL_VERSION: $OPENSSL_VERSION" echo "------------------------------------------------------------------" cd "${SRCTOP}/tlsfuzzer" diff --git a/test/recursive.cnf b/test/recursive.cnf new file mode 100644 index 00000000000000..505733ae45658d --- /dev/null +++ b/test/recursive.cnf @@ -0,0 +1,8 @@ +openssl_conf = openssl_init +config_diagnostics = yes + +[openssl_init] +providers = provider_sect + +[provider_sect] + = provider_sect diff --git a/test/siphash_internal_test.c b/test/siphash_internal_test.c index 76ae5ecabcb69c..3ab1677d2d0abd 100644 --- a/test/siphash_internal_test.c +++ b/test/siphash_internal_test.c @@ -257,7 +257,7 @@ static int test_siphash(int idx) static int test_siphash_basic(void) { SIPHASH siphash = { 0, }; - unsigned char key[SIPHASH_KEY_SIZE]; + static const unsigned char key[SIPHASH_KEY_SIZE] = {0}; unsigned char output[SIPHASH_MAX_DIGEST_SIZE]; /* Use invalid hash size */ diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh index ab7e22a136e286..0edf1d789e3f48 100644 --- a/test/smime-certs/mksmime-certs.sh +++ b/test/smime-certs/mksmime-certs.sh @@ -30,6 +30,9 @@ gen smrsa2.pem "/CN=Test SMIME EE RSA #2" usr_rsa_cert >>smrsa2.pem cp ../certs/ee-key-4096.pem smrsa3.pem gen smrsa3.pem "/CN=Test SMIME EE RSA #3" usr_rsa_cert >>smrsa3.pem +$OPENSSL x509 -in smrsa3.pem > smrsa3-cert.pem +$OPENSSL pkey -in smrsa3.pem > smrsa3-key.pem + # Create DSA certificates with respective extensions cp ../certs/server-dsa-key.pem smdsa1.pem diff --git a/test/smime-certs/smrsa3-cert.pem b/test/smime-certs/smrsa3-cert.pem new file mode 100644 index 00000000000000..70004acb86988e --- /dev/null +++ b/test/smime-certs/smrsa3-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgIUIDyc//j/LoNDesZTGbPBoVarv4EwDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMzMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA+QP7d56K4/9eu7aChtWILYNxvqWeDcJeWvX5Z5vC +XUjFuUxBD9U0rw1SBLgFYu8aqAJ+oXsqaGjJARifgKEqPUe7pnYYatr55lhTbHR+ +qA88p1V4sclEaPNWKzd7J/V3eeYr04kqWV5XYhAq9k9AWLzsNIePe2z7OoGPS6oK +wRzWFRd5RYXTpmFr/tqknbYvtYFd7duKb9QqytgHV+RKXXeY0fnjZ7frLmaqDwtI +U3DY7MyS3Hw2BVx72vQXBNA364HGEpqEgVOdzI7et0wpSumaFXDye714xUR53L7N +f3fp3PQXS/RbBiNXs7KUsHCR6nsdsIKO+sg66gxOLNt6zwIDAQABo2AwXjAMBgNV +HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUN9pGq/UFS3o50rTi +V+AYgAk+3R4wHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI +hvcNAQELBQADggEBAGcOh380/6aJqMpYBssuf2CB3DX/hGKdvEF7fF8iNSfl5HHq +112kHl3MhbL9Th/safJq9sLDJqjXRNdVCUJJbU4YI2P2gsi04paC0qxWxMLtzQLd +CE7ki2xH94Fuu/dThbpzZBABROO1RrdI24GDGt9t4Gf0WVkobmT/zNlwGppKTIB2 +iV/Ug30iKr/C49UzwUIa+XXXujkjPTmGSnrKwVQNxQh81rb+iTL7GEnNuqDsatHW +ZyLS2SaVdG5tMqDkITPMDGjehUzJcAbVc8Bv4m8Ukuov3uDj2Doc6MxlvrVkV0AE +BcSCb/bWQJJ/X4LQZlx9cMk4NINxV9UeFPZOefg= +-----END CERTIFICATE----- diff --git a/test/smime-certs/smrsa3-key.pem b/test/smime-certs/smrsa3-key.pem new file mode 100644 index 00000000000000..216d70b61b74c2 --- /dev/null +++ b/test/smime-certs/smrsa3-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD5A/t3norj/167 +toKG1Ygtg3G+pZ4Nwl5a9flnm8JdSMW5TEEP1TSvDVIEuAVi7xqoAn6heypoaMkB +GJ+AoSo9R7umdhhq2vnmWFNsdH6oDzynVXixyURo81YrN3sn9Xd55ivTiSpZXldi +ECr2T0BYvOw0h497bPs6gY9LqgrBHNYVF3lFhdOmYWv+2qSdti+1gV3t24pv1CrK +2AdX5Epdd5jR+eNnt+suZqoPC0hTcNjszJLcfDYFXHva9BcE0DfrgcYSmoSBU53M +jt63TClK6ZoVcPJ7vXjFRHncvs1/d+nc9BdL9FsGI1ezspSwcJHqex2wgo76yDrq +DE4s23rPAgMBAAECggEAEDi+VWD5VUpjD5zWOoPQiRDGBJBhtMAKkl6okxEmXvWb +Xz3STFnjHgA1JFHW3bRU9BHI9k8vSHmnlnkfKb3V/ZX5IHNcKCHb/x9NBak+QLVQ +0zLtfE9vxiTC0B/oac+MPaiD4hYFQ81pFwK6VS0Poi8ZCBJtOkRqfUvsyV8zZrgh +/6cs4mwOVyZPFRgF9eWXYv7PJz8pNRizhII0iv9H/r2I3DzsZLPCg7c29mP+I/SG +A7Pl82UXjtOc0KurGY2M5VheZjxJT/k/FLMkWY2GS5n6dfcyzsVSKb25HoeuvQsI +vs1mKs+Onbobdc17hCcKVJzbi3DwXs5XDhrEzfHccQKBgQD88uBxVCRV31PsCN6I +pKxQDGgz+1BqPqe7KMRiZI7HgDUK0eCM3/oG089/jsBtJcSxnScLSVNBjQ+xGiFi +YCD4icQoJSzpqJyR6gDq5lTHASAe+9LWRW771MrtyACQWNXowYEyu8AjekrZkCUS +wIKVpw57oWykzIoS7ixZsJ8gxwKBgQD8BPWqJEsLiQvOlS5E/g88eV1KTpxm9Xs+ +BbwsDXZ7m4Iw5lYaUu5CwBB/2jkGGRl8Q/EfAdUT7gXv3t6x5b1qMXaIczmRGYto +NuI3AH2MPxAa7lg5TgBgie1r7PKwyPMfG3CtDx6n8W5sexgJpbIy5u7E+U6d8s1o +c7EcsefduQKBgCkHJAx9v18GWFBip+W2ABUDzisQSlzRSNd8p03mTZpiWzgkDq4K +7j0JQhDIkMGjbKH6gYi9Hfn17WOmf1+7g92MSvrP/NbxeGPadsejEIEu14zu/6Wt +oXDLdRbYZ+8B2cBlEpWuCl42yck8Lic6fnPTou++oSah3otvglYR5d2lAoGACd8L +3FE1m0sP6lSPjmZBJIZAcDOqDqJY5HIHD9arKGZL8CxlfPx4lqa9PrTGfQWoqORk +YmmI9hHhq6aYJHGyPKGZWfjhbVyJyFg1/h+Hy2GA+P0S+ZOjkiR050BNtTz5wOMr +Q6wO8FcVkywzIdWaqEHBYne9a5RiFVBKxKv3QAkCgYBxmCBKajFkMVb4Uc55WqJs +Add0mctGgmZ1l5vq81eWe3wjM8wgfJgaD3Q3gwx2ABUX/R+OsVWSh4o5ZR86sYoz +TviknBHF8GeDLjpT49+04fEaz336J2JOptF9zIpz7ZK1nrOEjzaZGtumReVjUP7X +fNcb5iDYqZRzD8ixBbLxUw== +-----END PRIVATE KEY----- diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index b0f4ae3ac523f7..430e1801e79204 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -56,6 +56,7 @@ #endif #include #include "testutil.h" +#include "testutil/output.h" /* * Or gethostname won't be declared properly @@ -945,7 +946,8 @@ int main(int argc, char *argv[]) verbose = 0; debug = 0; - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + test_open_streams(); + bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); s_cctx = SSL_CONF_CTX_new(); @@ -990,7 +992,8 @@ int main(int argc, char *argv[]) if (strcmp(*argv, "-F") == 0) { fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n"); - EXIT(0); + ret = EXIT_SUCCESS; + goto end; } else if (strcmp(*argv, "-server_auth") == 0) server_auth = 1; else if (strcmp(*argv, "-client_auth") == 0) @@ -1257,7 +1260,7 @@ int main(int argc, char *argv[]) if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); - EXIT(1); + goto end; } #ifdef OPENSSL_NO_SSL3 @@ -1310,7 +1313,7 @@ int main(int argc, char *argv[]) "the test anyway (and\n-d to see what happens), " "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); - EXIT(1); + goto end; } if (print_time) { @@ -1922,7 +1925,8 @@ int main(int argc, char *argv[]) OSSL_PROVIDER_unload(thisprov); OSSL_LIB_CTX_free(libctx); - BIO_free(bio_err); + test_close_streams(); + EXIT(ret); } diff --git a/test/sslapitest.c b/test/sslapitest.c index 88294af16a2d7f..92e44e6cb108f5 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1135,6 +1135,10 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, int cfd = -1, sfd = -1; int rx_supported; SSL_CONNECTION *clientsc, *serversc; + unsigned char *buf = NULL; + const size_t bufsz = SSL3_RT_MAX_PLAIN_LENGTH + 16; + int ret; + size_t offset = 0, i; if (!TEST_true(create_test_sockets(&cfd, &sfd, SOCK_STREAM, NULL))) goto end; @@ -1240,8 +1244,39 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, if (!TEST_true(ping_pong_query(clientssl, serverssl))) goto end; + buf = OPENSSL_zalloc(bufsz); + if (!TEST_ptr(buf)) + goto end; + + /* + * Write some data that exceeds the maximum record length. KTLS may choose + * to coalesce this data into a single buffer when we read it again. + */ + while ((ret = SSL_write(clientssl, buf, bufsz)) != (int)bufsz) { + if (!TEST_true(SSL_get_error(clientssl, ret) == SSL_ERROR_WANT_WRITE)) + goto end; + } + + /* Now check that we can read all the data we wrote */ + do { + ret = SSL_read(serverssl, buf + offset, bufsz - offset); + if (ret <= 0) { + if (!TEST_true(SSL_get_error(serverssl, ret) == SSL_ERROR_WANT_READ)) + goto end; + } else { + offset += ret; + } + } while (offset < bufsz); + + if (!TEST_true(offset == bufsz)) + goto end; + for (i = 0; i < bufsz; i++) + if (!TEST_true(buf[i] == 0)) + goto end; + testresult = 1; end: + OPENSSL_free(buf); if (clientssl) { SSL_shutdown(clientssl); SSL_free(clientssl); @@ -10586,6 +10621,27 @@ static int test_tls13_record_padding(int idx) #endif /* OSSL_NO_USABLE_TLS1_3 */ #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) + +static ENGINE *load_dasync(void) +{ + ENGINE *e; + + if (!TEST_ptr(e = ENGINE_by_id("dasync"))) + return NULL; + + if (!TEST_true(ENGINE_init(e))) { + ENGINE_free(e); + return NULL; + } + + if (!TEST_true(ENGINE_register_ciphers(e))) { + ENGINE_free(e); + return NULL; + } + + return e; +} + /* * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not * support this yet. The only pipeline capable cipher that we have is in the @@ -10601,6 +10657,8 @@ static int test_tls13_record_padding(int idx) * Test 4: Client has pipelining enabled, server does not: more data than all * the available pipelines can take * Test 5: Client has pipelining enabled, server does not: Maximum size pipeline + * Test 6: Repeat of test 0, but the engine is loaded late (after the SSL_CTX + * is created) */ static int test_pipelining(int idx) { @@ -10613,25 +10671,28 @@ static int test_pipelining(int idx) size_t written, readbytes, offset, msglen, fragsize = 10, numpipes = 5; size_t expectedreads; unsigned char *buf = NULL; - ENGINE *e; - - if (!TEST_ptr(e = ENGINE_by_id("dasync"))) - return 0; + ENGINE *e = NULL; - if (!TEST_true(ENGINE_init(e))) { - ENGINE_free(e); - return 0; + if (idx != 6) { + e = load_dasync(); + if (e == NULL) + return 0; } - if (!TEST_true(ENGINE_register_ciphers(e))) - goto end; - if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), 0, TLS1_2_VERSION, &sctx, &cctx, cert, privkey))) goto end; + if (idx == 6) { + e = load_dasync(); + if (e == NULL) + goto end; + /* Now act like test 0 */ + idx = 0; + } + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL))) goto end; @@ -10767,9 +10828,11 @@ static int test_pipelining(int idx) SSL_free(clientssl); SSL_CTX_free(sctx); SSL_CTX_free(cctx); - ENGINE_unregister_ciphers(e); - ENGINE_finish(e); - ENGINE_free(e); + if (e != NULL) { + ENGINE_unregister_ciphers(e); + ENGINE_finish(e); + ENGINE_free(e); + } OPENSSL_free(buf); if (fragsize == SSL3_RT_MAX_PLAIN_LENGTH) OPENSSL_free(msg); @@ -11489,7 +11552,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_serverinfo_custom, 4); #endif #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) - ADD_ALL_TESTS(test_pipelining, 6); + ADD_ALL_TESTS(test_pipelining, 7); #endif ADD_ALL_TESTS(test_version, 6); ADD_TEST(test_rstate_string); diff --git a/test/sysdefault.cnf b/test/sysdefault.cnf index 20712b5bda40cd..1c8915074a7829 100644 --- a/test/sysdefault.cnf +++ b/test/sysdefault.cnf @@ -18,5 +18,6 @@ new-sig-oid = 1.1.1.1.1.1.1.1.1.1.1.1.1.1 system_default = ssl_default_sect [ssl_default_sect] +SignatureAlgorithms = RSA+SHA256:nonex MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 diff --git a/test/test_asn1_parse.cnf b/test/test_asn1_parse.cnf new file mode 100644 index 00000000000000..5f0305657e83d1 --- /dev/null +++ b/test/test_asn1_parse.cnf @@ -0,0 +1,12 @@ +openssl_conf = openssl_init + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + +[openssl_init] +oid_section = oids + +[oids] +testoid1 = 1.2.3.4.1 +testoid2 = A Very Long OID Name, 1.2.3.4.2 +testoid3 = ,1.2.3.4.3 diff --git a/test/x509_load_cert_file_test.c b/test/x509_load_cert_file_test.c new file mode 100644 index 00000000000000..4a736071ae61e5 --- /dev/null +++ b/test/x509_load_cert_file_test.c @@ -0,0 +1,50 @@ +/* + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "testutil.h" + +static const char *chain; + +static int test_load_cert_file(void) +{ + int ret = 0; + X509_STORE *store = NULL; + X509_LOOKUP *lookup = NULL; + STACK_OF(X509) *certs = NULL; + + if (TEST_ptr(store = X509_STORE_new()) + && TEST_ptr(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) + && TEST_true(X509_load_cert_file(lookup, chain, X509_FILETYPE_PEM)) + && TEST_ptr(certs = X509_STORE_get1_all_certs(store)) + && TEST_int_eq(sk_X509_num(certs), 4)) + ret = 1; + + OSSL_STACK_OF_X509_free(certs); + X509_STORE_free(store); + return ret; +} + +OPT_TEST_DECLARE_USAGE("cert.pem...\n") + +int setup_tests(void) +{ + if (!test_skip_common_options()) { + TEST_error("Error parsing test options\n"); + return 0; + } + + chain = test_get_argument(0); + if (chain == NULL) + return 0; + + ADD_TEST(test_load_cert_file); + return 1; +} diff --git a/util/build.info b/util/build.info index cf06f15ae4f0e6..e4aab44b38038e 100644 --- a/util/build.info +++ b/util/build.info @@ -6,9 +6,9 @@ SCRIPTS{noinst}=wrap.pl SOURCE[wrap.pl]=wrap.pl.in DEPEND[wrap.pl]=../configdata.pm -IF[{- !$disabled{quic} && !$disabled{stdio} -}] +IF[{- !$disabled{quic} && !$disabled{stdio} && !$disabled{apps} -}] PROGRAMS{noinst}=quicserver SOURCE[quicserver]=quicserver.c -INCLUDE[quicserver]=../include ../apps/include -DEPEND[quicserver]=../libcrypto.a ../libssl.a + INCLUDE[quicserver]=../include ../apps/include + DEPEND[quicserver]=../libcrypto.a ../libssl.a ENDIF diff --git a/util/libssl.num b/util/libssl.num index feaad6060709fc..22b31fb012a87c 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -577,5 +577,3 @@ SSL_handle_events 577 3_2_0 EXIST::FUNCTION: SSL_get_event_timeout 578 3_2_0 EXIST::FUNCTION: SSL_get0_group_name 579 3_2_0 EXIST::FUNCTION: SSL_is_stream_local 580 3_2_0 EXIST::FUNCTION: -SSL_CTX_use_VC ? 3_2_1 EXIST::FUNCTION:VCAUTHTLS -SSL_CTX_use_DID ? 3_2_1 EXIST::FUNCTION:VCAUTHTLS diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 3f1d205bcadb74..08231eddce41d9 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -326,27 +326,7 @@ CMS_digest_verify(3) CMS_is_detached(3) CMS_set1_signers_certs(3) CMS_set_detached(3) -CMS_signed_add1_attr(3) -CMS_signed_add1_attr_by_NID(3) -CMS_signed_add1_attr_by_OBJ(3) -CMS_signed_add1_attr_by_txt(3) -CMS_signed_delete_attr(3) -CMS_signed_get0_data_by_OBJ(3) -CMS_signed_get_attr(3) -CMS_signed_get_attr_by_NID(3) -CMS_signed_get_attr_by_OBJ(3) -CMS_signed_get_attr_count(3) CMS_stream(3) -CMS_unsigned_add1_attr(3) -CMS_unsigned_add1_attr_by_NID(3) -CMS_unsigned_add1_attr_by_OBJ(3) -CMS_unsigned_add1_attr_by_txt(3) -CMS_unsigned_delete_attr(3) -CMS_unsigned_get0_data_by_OBJ(3) -CMS_unsigned_get_attr(3) -CMS_unsigned_get_attr_by_NID(3) -CMS_unsigned_get_attr_by_OBJ(3) -CMS_unsigned_get_attr_count(3) CONF_dump_bio(3) CONF_dump_fp(3) CONF_free(3) @@ -588,18 +568,9 @@ EVP_PKEY_CTX_hex2ctrl(3) EVP_PKEY_CTX_set0_keygen_info(3) EVP_PKEY_CTX_set_data(3) EVP_PKEY_CTX_str2ctrl(3) -EVP_PKEY_add1_attr(3) -EVP_PKEY_add1_attr_by_NID(3) -EVP_PKEY_add1_attr_by_OBJ(3) -EVP_PKEY_add1_attr_by_txt(3) EVP_PKEY_assign(3) EVP_PKEY_decrypt_old(3) -EVP_PKEY_delete_attr(3) EVP_PKEY_encrypt_old(3) -EVP_PKEY_get_attr(3) -EVP_PKEY_get_attr_by_NID(3) -EVP_PKEY_get_attr_by_OBJ(3) -EVP_PKEY_get_attr_count(3) EVP_PKEY_save_parameters(3) EVP_add_alg_module(3) EVP_add_cipher(3) @@ -745,9 +716,6 @@ OCSP_response_status_str(3) OCSP_url_svcloc_new(3) OPENSSL_DIR_end(3) OPENSSL_DIR_read(3) -OPENSSL_LH_get_down_load(3) -OPENSSL_LH_num_items(3) -OPENSSL_LH_set_down_load(3) OPENSSL_LH_strhash(3) OPENSSL_asc2uni(3) OPENSSL_die(3) @@ -1110,17 +1078,7 @@ X509V3_set_conf_lhash(3) X509V3_set_nconf(3) X509V3_string_free(3) X509_ALGORS_it(3) -X509_ATTRIBUTE_count(3) -X509_ATTRIBUTE_create(3) -X509_ATTRIBUTE_create_by_NID(3) -X509_ATTRIBUTE_create_by_OBJ(3) -X509_ATTRIBUTE_create_by_txt(3) -X509_ATTRIBUTE_get0_data(3) -X509_ATTRIBUTE_get0_object(3) -X509_ATTRIBUTE_get0_type(3) X509_ATTRIBUTE_it(3) -X509_ATTRIBUTE_set1_data(3) -X509_ATTRIBUTE_set1_object(3) X509_CERT_AUX_it(3) X509_CINF_it(3) X509_CRL_INFO_it(3) @@ -1172,17 +1130,8 @@ X509_PURPOSE_get_id(3) X509_PURPOSE_get_trust(3) X509_PURPOSE_set(3) X509_REQ_INFO_it(3) -X509_REQ_add1_attr(3) -X509_REQ_add1_attr_by_NID(3) -X509_REQ_add1_attr_by_OBJ(3) -X509_REQ_add1_attr_by_txt(3) -X509_REQ_delete_attr(3) X509_REQ_extension_nid(3) X509_REQ_get1_email(3) -X509_REQ_get_attr(3) -X509_REQ_get_attr_by_NID(3) -X509_REQ_get_attr_by_OBJ(3) -X509_REQ_get_attr_count(3) X509_REQ_get_extension_nids(3) X509_REQ_it(3) X509_REQ_print(3) @@ -1278,16 +1227,6 @@ X509_supported_extension(3) X509_to_X509_REQ(3) X509_trust_clear(3) X509_trusted(3) -X509at_add1_attr(3) -X509at_add1_attr_by_NID(3) -X509at_add1_attr_by_OBJ(3) -X509at_add1_attr_by_txt(3) -X509at_delete_attr(3) -X509at_get0_data_by_OBJ(3) -X509at_get_attr(3) -X509at_get_attr_by_NID(3) -X509at_get_attr_by_OBJ(3) -X509at_get_attr_count(3) X509v3_addr_add_inherit(3) X509v3_addr_add_prefix(3) X509v3_addr_add_range(3) diff --git a/util/other.syms b/util/other.syms index fa7a59d6a88357..9794fde7142465 100644 --- a/util/other.syms +++ b/util/other.syms @@ -113,6 +113,7 @@ UI_METHOD datatype UI_STRING datatype UI_string_types datatype UI_string_types datatype +X509_ATTRIBUTE datatype X509_STORE_CTX_cert_crl_fn datatype X509_STORE_CTX_check_crl_fn datatype X509_STORE_CTX_check_issued_fn datatype diff --git a/util/perl/OpenSSL/config.pm b/util/perl/OpenSSL/config.pm index 791b19847ad85d..047902cd1f355f 100755 --- a/util/perl/OpenSSL/config.pm +++ b/util/perl/OpenSSL/config.pm @@ -82,7 +82,7 @@ my $guess_patterns = [ [ 'HP-UX:.*', sub { my $HPUXVER = $RELEASE; - $HPUXVER = s/[^.]*.[0B]*//; + $HPUXVER =~ s/[^.]*.[0B]*//; # HPUX 10 and 11 targets are unified return "${MACHINE}-hp-hpux1x" if $HPUXVER =~ m@1[0-9]@; return "${MACHINE}-hp-hpux"; @@ -322,6 +322,7 @@ sub determine_compiler_settings { # If we got a version number, process it if ($v) { + $v =~ s/[^.]*.0*// if $SYSTEM eq 'HP-UX'; $CCVENDOR = $k; # The returned version is expected to be one of @@ -359,8 +360,15 @@ sub determine_compiler_settings { # However, other letters have been seen as well (for example X), # and it's documented that HP (now VSI) reserve the letter W, X, # Y and Z for their own uses. - my ($vendor, $version) = - ( $v =~ m/^([A-Z]+) C [VWXYZ]([0-9\.-]+)(:? +\(.*?\))? on / ); + my ($vendor, $arch, $version, $extra) = + ( $v =~ m/^ + ([A-Z]+) # Usually VSI + \s+ C + (?:\s+(.*?))? # Possible build arch + \s+ [VWXYZ]([0-9\.-]+) # Version + (?:\s+\((.*?)\))? # Possible extra data + \s+ on + /x ); my ($major, $minor, $patch) = ( $version =~ m/^([0-9]+)\.([0-9]+)-0*?(0|[1-9][0-9]*)$/ ); $CC = 'CC';