https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
+
+ *) Fixed X.400 address type confusion in X.509 GeneralName.
+
+ There is a type confusion vulnerability relating to X.400 address processing
+ inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
+ but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
+ vulnerability may allow an attacker who can provide a certificate chain and
+ CRL (neither of which need have a valid signature) to pass arbitrary
+ pointers to a memcmp call, creating a possible read primitive, subject to
+ some constraints. Refer to the advisory for more information. Thanks to
+ David Benjamin for discovering this issue. (CVE-2023-0286)
+
+ This issue has been fixed by changing the public header file definition of
+ GENERAL_NAME so that x400Address reflects the implementation. It was not
+ possible for any existing application to successfully use the existing
+ definition; however, if any application references the x400Address field
+ (e.g. in dead code), note that the type of this field has changed. There is
+ no ABI change.
+ [Hugo Landau]
+
+ *) Fixed Use-after-free following BIO_new_NDEF.
+
+ The public API function BIO_new_NDEF is a helper function used for
+ streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
+ to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
+ be called directly by end user applications.
+
+ The function receives a BIO from the caller, prepends a new BIO_f_asn1
+ filter BIO onto the front of it to form a BIO chain, and then returns
+ the new head of the BIO chain to the caller. Under certain conditions,
+ for example if a CMS recipient public key is invalid, the new filter BIO
+ is freed and the function returns a NULL result indicating a failure.
+ However, in this case, the BIO chain is not properly cleaned up and the
+ BIO passed by the caller still retains internal pointers to the previously
+ freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
+ then a use-after-free will occur. This will most likely result in a crash.
+ (CVE-2023-0215)
+ [Viktor Dukhovni, Matt Caswell]
+
+ *) Fixed Double free after calling PEM_read_bio_ex.
+
+ The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
+ decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
+ data. If the function succeeds then the "name_out", "header" and "data"
+ arguments are populated with pointers to buffers containing the relevant
+ decoded data. The caller is responsible for freeing those buffers. It is
+ possible to construct a PEM file that results in 0 bytes of payload data.
+ In this case PEM_read_bio_ex() will return a failure code but will populate
+ the header argument with a pointer to a buffer that has already been freed.
+ If the caller also frees this buffer then a double free will occur. This
+ will most likely lead to a crash.
+
+ The functions PEM_read_bio() and PEM_read() are simple wrappers around
+ PEM_read_bio_ex() and therefore these functions are also directly affected.
+
+ These functions are also called indirectly by a number of other OpenSSL
+ functions including PEM_X509_INFO_read_bio_ex() and
+ SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
+ internal uses of these functions are not vulnerable because the caller does
+ not free the header argument if PEM_read_bio_ex() returns a failure code.
+ (CVE-2022-4450)
+ [Kurt Roeckx, Matt Caswell]
+
+ *) Fixed Timing Oracle in RSA Decryption.
+
+ A timing based side channel exists in the OpenSSL RSA Decryption
+ implementation which could be sufficient to recover a plaintext across
+ a network in a Bleichenbacher style attack. To achieve a successful
+ decryption an attacker would have to be able to send a very large number
+ of trial messages for decryption. The vulnerability affects all RSA padding
+ modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
+ (CVE-2022-4304)
+ [Dmitry Belyavsky, Hubert Kario]
+
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
-
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
-foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
+foreach my $checker (($builder_platform."-".$config{build_file}."-checker.pm",
$builder_platform."-checker.pm")) {
my $checker_path = catfile($srcdir, "Configurations", $checker);
if (-f $checker_path) {
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
my @build_file_template_names =
- ( $builder_platform."-".$target{build_file}.".tmpl",
- $target{build_file}.".tmpl" );
+ ( $builder_platform."-".$config{build_file}.".tmpl",
+ $config{build_file}.".tmpl" );
my @build_file_templates = ();
# First, look in the user provided directory, if given
}
next if @skip && $skip[$#skip] <= 0;
push @rawlines, $_
- if ($target_kind eq $target{build_file}
- || $target_kind eq $target{build_file}."(".$builder_platform.")");
+ if ($target_kind eq $config{build_file}
+ || $target_kind eq $config{build_file}."(".$builder_platform.")");
}
},
qr/^\s*(?:#.*)?$/ => sub { },
my %builders = (
unified => sub {
- print 'Creating ',$target{build_file},"\n";
- run_dofile(catfile($blddir, $target{build_file}),
+ print 'Creating ',$config{build_file},"\n";
+ run_dofile(catfile($blddir, $config{build_file}),
@{$config{build_file_templates}});
},
);
#
sub death_handler {
die @_ if $^S; # To prevent the added message in eval blocks
- my $build_file = $target{build_file} // "build file";
+ my $build_file = $config{build_file} // "build file";
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
+
+ o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
+ o Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
+ o Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450)
+ o Fixed Timing Oracle in RSA Decryption (CVE-2022-4304)
+
Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022]
o Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the
- OpenSSL 1.1.1s 1 Nov 2022
+ OpenSSL 1.1.1t 7 Feb 2023
Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
char eol;
int len;
char linebuf[MAX_SMLEN];
+ int ret;
/*
* Buffer output so we don't write one line at a time. This is useful
* when streaming as we don't end up with one OCTET STRING per line.
BIO_write(out, "\r\n", 2);
}
}
- (void)BIO_flush(out);
+ ret = BIO_flush(out);
BIO_pop(out);
BIO_free(bf);
+ if (ret <= 0)
+ return 0;
+
return 1;
}
case ASN1_STATE_START:
if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
- return 0;
+ return -1;
break;
/* Copy any pre data first */
case ASN1_STATE_HEADER:
ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
if (!ossl_assert(ctx->buflen <= ctx->bufsize))
- return 0;
+ return -1;
p = ctx->buf;
ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class);
ctx->copylen = inl;
/*
- * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
void *parg);
+/*
+ * On success, the returned BIO owns the input BIO as part of its BIO chain.
+ * On failure, NULL is returned and the input BIO is owned by the caller.
+ *
+ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
+ */
BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
{
NDEF_SUPPORT *ndef_aux = NULL;
BIO *asn_bio = NULL;
const ASN1_AUX *aux = it->funcs;
ASN1_STREAM_ARG sarg;
+ BIO *pop_bio = NULL;
if (!aux || !aux->asn1_cb) {
ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
out = BIO_push(asn_bio, out);
if (out == NULL)
goto err;
+ pop_bio = asn_bio;
- BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
- BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
+ if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0
+ || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0
+ || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
+ goto err;
/*
- * Now let callback prepends any digest, cipher etc BIOs ASN1 structure
- * needs.
+ * Now let the callback prepend any digest, cipher, etc., that the BIO's
+ * ASN1 structure needs.
*/
sarg.out = out;
sarg.ndef_bio = NULL;
sarg.boundary = NULL;
- if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
+ /*
+ * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
+ * middle of some partially built, but not returned BIO chain.
+ */
+ if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) {
+ /*
+ * ndef_aux is now owned by asn_bio so we must not free it in the err
+ * clean up block
+ */
+ ndef_aux = NULL;
goto err;
+ }
+
+ /*
+ * We must not fail now because the callback has prepended additional
+ * BIOs to the chain
+ */
ndef_aux->val = val;
ndef_aux->it = it;
ndef_aux->boundary = sarg.boundary;
ndef_aux->out = out;
- BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
-
return sarg.ndef_bio;
err:
+ /* BIO_pop() is NULL safe */
+ (void)BIO_pop(pop_bio);
BIO_free(asn_bio);
OPENSSL_free(ndef_aux);
return NULL;
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "crypto/ctype.h"
#include "internal/numbers.h"
#include <openssl/bio.h>
+#include <openssl/opensslconf.h>
/*
* Copyright Patrick Powell 1995
const char *, int, int, int);
static int fmtint(char **, char **, size_t *, size_t *,
int64_t, int, int, int, int);
+#ifndef OPENSSL_SYS_UEFI
static int fmtfp(char **, char **, size_t *, size_t *,
LDOUBLE, int, int, int, int);
+#endif
static int doapr_outch(char **, char **, size_t *, size_t *, int);
static int _dopr(char **sbuffer, char **buffer,
size_t *maxlen, size_t *retlen, int *truncated,
{
char ch;
int64_t value;
+#ifndef OPENSSL_SYS_UEFI
LDOUBLE fvalue;
+#endif
char *strvalue;
int min;
int max;
min, max, flags))
return 0;
break;
+#ifndef OPENSSL_SYS_UEFI
case 'f':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, LDOUBLE);
flags, G_FORMAT))
return 0;
break;
+#else
+ case 'f':
+ case 'E':
+ case 'e':
+ case 'G':
+ case 'g':
+ /* not implemented for UEFI */
+ ERR_raise(ERR_LIB_BIO, ERR_R_UNSUPPORTED);
+ return 0;
+#endif
case 'c':
if (!doapr_outch(sbuffer, buffer, &currlen, maxlen,
va_arg(args, int)))
return 1;
}
+#ifndef OPENSSL_SYS_UEFI
+
static LDOUBLE abs_val(LDOUBLE value)
{
LDOUBLE result = value;
return 1;
}
+#endif /* OPENSSL_SYS_UEFI */
+
#define BUFFER_INC 1024
static int
/*
- * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#define BN_BLINDING_COUNTER 32
-struct bn_blinding_st {
- BIGNUM *A;
- BIGNUM *Ai;
- BIGNUM *e;
- BIGNUM *mod; /* just a reference */
- CRYPTO_THREAD_ID tid;
- int counter;
- unsigned long flags;
- BN_MONT_CTX *m_ctx;
- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
- CRYPTO_RWLOCK *lock;
-};
-
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
{
BN_BLINDING *ret = NULL;
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
{ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"},
+ {ERR_PACK(ERR_LIB_BN, BN_F_OSSL_BN_RSA_DO_UNBLIND, 0),
+ "ossl_bn_rsa_do_unblind"},
{0, NULL}
};
/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
+/*
+ * Beyond this limit the constant time code is disabled due to
+ * the possible overflow in the computation of powerbufLen in
+ * BN_mod_exp_mont_consttime.
+ * When this limit is exceeded, the computation will be done using
+ * non-constant time code, but it will take very long.
+ */
+#define BN_CONSTTIME_SIZE_LIMIT (INT_MAX / BN_BYTES / 256)
+
/* this one works - simple but works */
int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
BIGNUM *val[TABLE_SIZE];
BN_MONT_CTX *mont = NULL;
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
- || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
- || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
- return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
- }
-
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
return 0;
}
+
+ if (m->top <= BN_CONSTTIME_SIZE_LIMIT
+ && (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+ || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+ || BN_get_flags(m, BN_FLG_CONSTTIME) != 0)) {
+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+ }
+
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
top = m->top;
+ if (top > BN_CONSTTIME_SIZE_LIMIT) {
+ /* Prevent overflowing the powerbufLen computation below */
+ return BN_mod_exp_mont(rr, a, p, m, ctx, in_mont);
+ }
+
/*
* Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
* whether the top bits are zero.
else
#endif
#if defined(OPENSSL_BN_ASM_MONT5)
- if (window >= 5) {
+ if (window >= 5 && top <= BN_SOFT_LIMIT) {
window = 5; /* ~5% improvement for RSA2048 sign, and even
* for RSA4096 */
/* reserve space for mont->N.d[] copy */
if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
goto err;
+ if (top > BN_SOFT_LIMIT)
+ goto fallback;
+
#if defined(SPARC_T4_MONT)
if (t4) {
typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np,
} else
#endif
{
+ fallback:
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
/* #define BN_DEBUG */
/* #define BN_DEBUG_RAND */
+/*
+ * This should limit the stack usage due to alloca to about 4K.
+ * BN_SOFT_LIMIT is a soft limit equivalent to 2*OPENSSL_RSA_MAX_MODULUS_BITS.
+ * Beyond that size bn_mul_mont is no longer used, and the constant time
+ * assembler code is disabled, due to the blatant alloca and bn_mul_mont usage.
+ * Note that bn_mul_mont does an alloca that is hidden away in assembly.
+ * It is not recommended to do computations with numbers exceeding this limit,
+ * since the result will be highly version dependent:
+ * While the current OpenSSL version will use non-optimized, but safe code,
+ * previous versions will use optimized code, that may crash due to unexpected
+ * stack overflow, and future versions may very well turn this into a hard
+ * limit.
+ * Note however, that it is possible to override the size limit using
+ * "./config -DBN_SOFT_LIMIT=<limit>" if necessary, and the O/S specific
+ * stack limit is known and taken into consideration.
+ */
+# ifndef BN_SOFT_LIMIT
+# define BN_SOFT_LIMIT (4096 / BN_BYTES)
+# endif
+
# ifndef OPENSSL_SMALL_FOOTPRINT
# define BN_MUL_COMBA
# define BN_SQR_COMBA
} cb;
};
+struct bn_blinding_st {
+ BIGNUM *A;
+ BIGNUM *Ai;
+ BIGNUM *e;
+ BIGNUM *mod; /* just a reference */
+ CRYPTO_THREAD_ID tid;
+ int counter;
+ unsigned long flags;
+ BN_MONT_CTX *m_ctx;
+ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ CRYPTO_RWLOCK *lock;
+};
+
/*-
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
*
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
int num = mont->N.top;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
- if (num > 1 && a->top == num && b->top == num) {
+ if (num > 1 && num <= BN_SOFT_LIMIT && a->top == num && b->top == num) {
if (bn_wexpand(r, num) == NULL)
return 0;
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c \
{- $target{bn_asm_src} -} \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
- bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
+ bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c \
+ rsa_sup_mul.c
INCLUDE[bn_exp.o]=..
--- /dev/null
+#include <openssl/e_os2.h>
+#include <stddef.h>
+#include <sys/types.h>
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/rsaerr.h>
+#include "internal/numbers.h"
+#include "internal/constant_time.h"
+#include "bn_local.h"
+
+# if BN_BYTES == 8
+typedef uint64_t limb_t;
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16
+/* nonstandard; implemented by gcc on 64-bit platforms */
+typedef __uint128_t limb2_t;
+# define HAVE_LIMB2_T
+# endif
+# define LIMB_BIT_SIZE 64
+# define LIMB_BYTE_SIZE 8
+# elif BN_BYTES == 4
+typedef uint32_t limb_t;
+typedef uint64_t limb2_t;
+# define LIMB_BIT_SIZE 32
+# define LIMB_BYTE_SIZE 4
+# define HAVE_LIMB2_T
+# else
+# error "Not supported"
+# endif
+
+/*
+ * For multiplication we're using schoolbook multiplication,
+ * so if we have two numbers, each with 6 "digits" (words)
+ * the multiplication is calculated as follows:
+ * A B C D E F
+ * x I J K L M N
+ * --------------
+ * N*F
+ * N*E
+ * N*D
+ * N*C
+ * N*B
+ * N*A
+ * M*F
+ * M*E
+ * M*D
+ * M*C
+ * M*B
+ * M*A
+ * L*F
+ * L*E
+ * L*D
+ * L*C
+ * L*B
+ * L*A
+ * K*F
+ * K*E
+ * K*D
+ * K*C
+ * K*B
+ * K*A
+ * J*F
+ * J*E
+ * J*D
+ * J*C
+ * J*B
+ * J*A
+ * I*F
+ * I*E
+ * I*D
+ * I*C
+ * I*B
+ * + I*A
+ * ==========================
+ * N*B N*D N*F
+ * + N*A N*C N*E
+ * + M*B M*D M*F
+ * + M*A M*C M*E
+ * + L*B L*D L*F
+ * + L*A L*C L*E
+ * + K*B K*D K*F
+ * + K*A K*C K*E
+ * + J*B J*D J*F
+ * + J*A J*C J*E
+ * + I*B I*D I*F
+ * + I*A I*C I*E
+ *
+ * 1+1 1+3 1+5
+ * 1+0 1+2 1+4
+ * 0+1 0+3 0+5
+ * 0+0 0+2 0+4
+ *
+ * 0 1 2 3 4 5 6
+ * which requires n^2 multiplications and 2n full length additions
+ * as we can keep every other result of limb multiplication in two separate
+ * limbs
+ */
+
+#if defined HAVE_LIMB2_T
+static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
+{
+ limb2_t t;
+ /*
+ * this is idiomatic code to tell compiler to use the native mul
+ * those three lines will actually compile to single instruction
+ */
+
+ t = (limb2_t)a * b;
+ *hi = t >> LIMB_BIT_SIZE;
+ *lo = (limb_t)t;
+}
+#elif (BN_BYTES == 8) && (defined _MSC_VER)
+/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */
+#pragma intrinsic(_umul128)
+static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
+{
+ *lo = _umul128(a, b, hi);
+}
+#else
+/*
+ * if the compiler doesn't have either a 128bit data type nor a "return
+ * high 64 bits of multiplication"
+ */
+static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
+{
+ limb_t a_low = (limb_t)(uint32_t)a;
+ limb_t a_hi = a >> 32;
+ limb_t b_low = (limb_t)(uint32_t)b;
+ limb_t b_hi = b >> 32;
+
+ limb_t p0 = a_low * b_low;
+ limb_t p1 = a_low * b_hi;
+ limb_t p2 = a_hi * b_low;
+ limb_t p3 = a_hi * b_hi;
+
+ uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32);
+
+ *lo = p0 + (p1 << 32) + (p2 << 32);
+ *hi = p3 + (p1 >> 32) + (p2 >> 32) + cy;
+}
+#endif
+
+/* add two limbs with carry in, return carry out */
+static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry)
+{
+ limb_t carry1, carry2, t;
+ /*
+ * `c = a + b; if (c < a)` is idiomatic code that makes compilers
+ * use add with carry on assembly level
+ */
+
+ *ret = a + carry;
+ if (*ret < a)
+ carry1 = 1;
+ else
+ carry1 = 0;
+
+ t = *ret;
+ *ret = t + b;
+ if (*ret < t)
+ carry2 = 1;
+ else
+ carry2 = 0;
+
+ return carry1 + carry2;
+}
+
+/*
+ * add two numbers of the same size, return overflow
+ *
+ * add a to b, place result in ret; all arrays need to be n limbs long
+ * return overflow from addition (0 or 1)
+ */
+static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n)
+{
+ limb_t c = 0;
+ ossl_ssize_t i;
+
+ for(i = n - 1; i > -1; i--)
+ c = _add_limb(&ret[i], a[i], b[i], c);
+
+ return c;
+}
+
+/*
+ * return number of limbs necessary for temporary values
+ * when multiplying numbers n limbs large
+ */
+static ossl_inline size_t mul_limb_numb(size_t n)
+{
+ return 2 * n * 2;
+}
+
+/*
+ * multiply two numbers of the same size
+ *
+ * multiply a by b, place result in ret; a and b need to be n limbs long
+ * ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs
+ * long
+ */
+static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp)
+{
+ limb_t *r_odd, *r_even;
+ size_t i, j, k;
+
+ r_odd = tmp;
+ r_even = &tmp[2 * n];
+
+ memset(ret, 0, 2 * n * sizeof(limb_t));
+
+ for (i = 0; i < n; i++) {
+ for (k = 0; k < i + n + 1; k++) {
+ r_even[k] = 0;
+ r_odd[k] = 0;
+ }
+ for (j = 0; j < n; j++) {
+ /*
+ * place results from even and odd limbs in separate arrays so that
+ * we don't have to calculate overflow every time we get individual
+ * limb multiplication result
+ */
+ if (j % 2 == 0)
+ _mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]);
+ else
+ _mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]);
+ }
+ /*
+ * skip the least significant limbs when adding multiples of
+ * more significant limbs (they're zero anyway)
+ */
+ add(ret, ret, r_even, n + i + 1);
+ add(ret, ret, r_odd, n + i + 1);
+ }
+}
+
+/* modifies the value in place by performing a right shift by one bit */
+static ossl_inline void rshift1(limb_t *val, size_t n)
+{
+ limb_t shift_in = 0, shift_out = 0;
+ size_t i;
+
+ for (i = 0; i < n; i++) {
+ shift_out = val[i] & 1;
+ val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1);
+ shift_in = shift_out;
+ }
+}
+
+/* extend the LSB of flag to all bits of limb */
+static ossl_inline limb_t mk_mask(limb_t flag)
+{
+ flag |= flag << 1;
+ flag |= flag << 2;
+ flag |= flag << 4;
+ flag |= flag << 8;
+ flag |= flag << 16;
+#if (LIMB_BYTE_SIZE == 8)
+ flag |= flag << 32;
+#endif
+ return flag;
+}
+
+/*
+ * copy from either a or b to ret based on flag
+ * when flag == 0, then copies from b
+ * when flag == 1, then copies from a
+ */
+static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n)
+{
+ /*
+ * would be more efficient with non volatile mask, but then gcc
+ * generates code with jumps
+ */
+ volatile limb_t mask;
+ size_t i;
+
+ mask = mk_mask(flag);
+ for (i = 0; i < n; i++) {
+#if (LIMB_BYTE_SIZE == 8)
+ ret[i] = constant_time_select_64(mask, a[i], b[i]);
+#else
+ ret[i] = constant_time_select_32(mask, a[i], b[i]);
+#endif
+ }
+}
+
+static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow)
+{
+ limb_t borrow1, borrow2, t;
+ /*
+ * while it doesn't look constant-time, this is idiomatic code
+ * to tell compilers to use the carry bit from subtraction
+ */
+
+ *ret = a - borrow;
+ if (*ret > a)
+ borrow1 = 1;
+ else
+ borrow1 = 0;
+
+ t = *ret;
+ *ret = t - b;
+ if (*ret > t)
+ borrow2 = 1;
+ else
+ borrow2 = 0;
+
+ return borrow1 + borrow2;
+}
+
+/*
+ * place the result of a - b into ret, return the borrow bit.
+ * All arrays need to be n limbs long
+ */
+static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n)
+{
+ limb_t borrow = 0;
+ ossl_ssize_t i;
+
+ for (i = n - 1; i > -1; i--)
+ borrow = _sub_limb(&ret[i], a[i], b[i], borrow);
+
+ return borrow;
+}
+
+/* return the number of limbs necessary to allocate for the mod() tmp operand */
+static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum)
+{
+ return (anum + modnum) * 3;
+}
+
+/*
+ * calculate a % mod, place the result in ret
+ * size of a is defined by anum, size of ret and mod is modnum,
+ * size of tmp is returned by mod_limb_numb()
+ */
+static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
+ size_t modnum, limb_t *tmp)
+{
+ limb_t *atmp, *modtmp, *rettmp;
+ limb_t res;
+ size_t i;
+
+ memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE);
+
+ atmp = tmp;
+ modtmp = &tmp[anum + modnum];
+ rettmp = &tmp[(anum + modnum) * 2];
+
+ for (i = modnum; i <modnum + anum; i++)
+ atmp[i] = a[i-modnum];
+
+ for (i = 0; i < modnum; i++)
+ modtmp[i] = mod[i];
+
+ for (i = 0; i < anum * LIMB_BIT_SIZE; i++) {
+ rshift1(modtmp, anum + modnum);
+ res = sub(rettmp, atmp, modtmp, anum+modnum);
+ cselect(res, atmp, atmp, rettmp, anum+modnum);
+ }
+
+ memcpy(ret, &atmp[anum], sizeof(limb_t) * modnum);
+}
+
+/* necessary size of tmp for a _mul_add_limb() call with provided anum */
+static ossl_inline size_t _mul_add_limb_numb(size_t anum)
+{
+ return 2 * (anum + 1);
+}
+
+/* multiply a by m, add to ret, return carry */
+static limb_t _mul_add_limb(limb_t *ret, limb_t *a, size_t anum,
+ limb_t m, limb_t *tmp)
+{
+ limb_t carry = 0;
+ limb_t *r_odd, *r_even;
+ size_t i;
+
+ memset(tmp, 0, sizeof(limb_t) * (anum + 1) * 2);
+
+ r_odd = tmp;
+ r_even = &tmp[anum + 1];
+
+ for (i = 0; i < anum; i++) {
+ /*
+ * place the results from even and odd limbs in separate arrays
+ * so that we have to worry about carry just once
+ */
+ if (i % 2 == 0)
+ _mul_limb(&r_even[i], &r_even[i + 1], a[i], m);
+ else
+ _mul_limb(&r_odd[i], &r_odd[i + 1], a[i], m);
+ }
+ /* assert: add() carry here will be equal zero */
+ add(r_even, r_even, r_odd, anum + 1);
+ /*
+ * while here it will not overflow as the max value from multiplication
+ * is -2 while max overflow from addition is 1, so the max value of
+ * carry is -1 (i.e. max int)
+ */
+ carry = add(ret, ret, &r_even[1], anum) + r_even[0];
+
+ return carry;
+}
+
+static ossl_inline size_t mod_montgomery_limb_numb(size_t modnum)
+{
+ return modnum * 2 + _mul_add_limb_numb(modnum);
+}
+
+/*
+ * calculate a % mod, place result in ret
+ * assumes that a is in Montgomery form with the R (Montgomery modulus) being
+ * smallest power of two big enough to fit mod and that's also a power
+ * of the count of number of bits in limb_t (B).
+ * For calculation, we also need n', such that mod * n' == -1 mod B.
+ * anum must be <= 2 * modnum
+ * ret needs to be modnum words long
+ * tmp needs to be mod_montgomery_limb_numb(modnum) limbs long
+ */
+static void mod_montgomery(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
+ size_t modnum, limb_t ni0, limb_t *tmp)
+{
+ limb_t carry, v;
+ limb_t *res, *rp, *tmp2;
+ ossl_ssize_t i;
+
+ res = tmp;
+ /*
+ * for intermediate result we need an integer twice as long as modulus
+ * but keep the input in the least significant limbs
+ */
+ memset(res, 0, sizeof(limb_t) * (modnum * 2));
+ memcpy(&res[modnum * 2 - anum], a, sizeof(limb_t) * anum);
+ rp = &res[modnum];
+ tmp2 = &res[modnum * 2];
+
+ carry = 0;
+
+ /* add multiples of the modulus to the value until R divides it cleanly */
+ for (i = modnum; i > 0; i--, rp--) {
+ v = _mul_add_limb(rp, mod, modnum, rp[modnum - 1] * ni0, tmp2);
+ v = v + carry + rp[-1];
+ carry |= (v != rp[-1]);
+ carry &= (v <= rp[-1]);
+ rp[-1] = v;
+ }
+
+ /* perform the final reduction by mod... */
+ carry -= sub(ret, rp, mod, modnum);
+
+ /* ...conditionally */
+ cselect(carry, ret, rp, ret, modnum);
+}
+
+/* allocated buffer should be freed afterwards */
+static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs)
+{
+ int i;
+ int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
+ limb_t *ptr = buf + (limbs - real_limbs);
+
+ for (i = 0; i < real_limbs; i++)
+ ptr[i] = bn->d[real_limbs - i - 1];
+}
+
+#if LIMB_BYTE_SIZE == 8
+static ossl_inline uint64_t be64(uint64_t host)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ uint64_t big = 0;
+
+ big |= (host & 0xff00000000000000) >> 56;
+ big |= (host & 0x00ff000000000000) >> 40;
+ big |= (host & 0x0000ff0000000000) >> 24;
+ big |= (host & 0x000000ff00000000) >> 8;
+ big |= (host & 0x00000000ff000000) << 8;
+ big |= (host & 0x0000000000ff0000) << 24;
+ big |= (host & 0x000000000000ff00) << 40;
+ big |= (host & 0x00000000000000ff) << 56;
+ return big;
+ } else {
+ return host;
+ }
+}
+
+#else
+/* Not all platforms have htobe32(). */
+static ossl_inline uint32_t be32(uint32_t host)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = { 1 };
+
+ if (is_endian.little) {
+ uint32_t big = 0;
+
+ big |= (host & 0xff000000) >> 24;
+ big |= (host & 0x00ff0000) >> 8;
+ big |= (host & 0x0000ff00) << 8;
+ big |= (host & 0x000000ff) << 24;
+ return big;
+ } else {
+ return host;
+ }
+}
+#endif
+
+/*
+ * We assume that intermediate, possible_arg2, blinding, and ctx are used
+ * similar to BN_BLINDING_invert_ex() arguments.
+ * to_mod is RSA modulus.
+ * buf and num is the serialization buffer and its length.
+ *
+ * Here we use classic/Montgomery multiplication and modulo. After the calculation finished
+ * we serialize the new structure instead of BIGNUMs taking endianness into account.
+ */
+int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
+ const BN_BLINDING *blinding,
+ const BIGNUM *possible_arg2,
+ const BIGNUM *to_mod, BN_CTX *ctx,
+ unsigned char *buf, int num)
+{
+ limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL;
+ limb_t *l_ret = NULL, *l_tmp = NULL, l_buf;
+ size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0;
+ size_t l_tmp_count = 0;
+ int ret = 0;
+ size_t i;
+ unsigned char *tmp;
+ const BIGNUM *arg1 = intermediate;
+ const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2;
+
+ l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
+ l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
+ l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
+
+ l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count;
+ l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
+ l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
+ l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE);
+
+ if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL))
+ goto err;
+
+ BN_to_limb(arg1, l_im, l_size);
+ BN_to_limb(arg2, l_mul, l_size);
+ BN_to_limb(to_mod, l_mod, l_mod_count);
+
+ l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE);
+
+ if (blinding->m_ctx != NULL) {
+ l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ?
+ mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count);
+ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
+ } else {
+ l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ?
+ mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count);
+ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
+ }
+
+ if ((l_ret == NULL) || (l_tmp == NULL))
+ goto err;
+
+ if (blinding->m_ctx != NULL) {
+ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
+ mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count,
+ blinding->m_ctx->n0[0], l_tmp);
+ } else {
+ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
+ mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp);
+ }
+
+ /* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */
+ if (num < BN_num_bytes(to_mod)) {
+ BNerr(BN_F_OSSL_BN_RSA_DO_UNBLIND, ERR_R_PASSED_INVALID_ARGUMENT);
+ goto err;
+ }
+
+ memset(buf, 0, num);
+ tmp = buf + num - BN_num_bytes(to_mod);
+ for (i = 0; i < l_mod_count; i++) {
+#if LIMB_BYTE_SIZE == 8
+ l_buf = be64(l_ret[i]);
+#else
+ l_buf = be32(l_ret[i]);
+#endif
+ if (i == 0) {
+ int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num);
+
+ memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta);
+ tmp += delta;
+ } else {
+ memcpy(tmp, &l_buf, LIMB_BYTE_SIZE);
+ tmp += LIMB_BYTE_SIZE;
+ }
+ }
+ ret = num;
+
+ err:
+ OPENSSL_free(l_im);
+ OPENSSL_free(l_mul);
+ OPENSSL_free(l_mod);
+ OPENSSL_free(l_tmp);
+ OPENSSL_free(l_ret);
+
+ return ret;
+}
if (enc) {
int ivlen;
+
calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+ if (calg->algorithm == NULL) {
+ CMSerr(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
+ goto err;
+ }
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
"unsupported compression algorithm"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM),
+ "unsupported content encryption algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
"unsupported content type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM),
-# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
BN_F_BN_SET_WORDS:144:bn_set_words
BN_F_BN_STACK_PUSH:148:BN_STACK_push
BN_F_BN_USUB:115:BN_usub
+BN_F_OSSL_BN_RSA_DO_UNBLIND:151:ossl_bn_rsa_do_unblind
BUF_F_BUF_MEM_GROW:100:BUF_MEM_grow
BUF_F_BUF_MEM_GROW_CLEAN:105:BUF_MEM_grow_clean
BUF_F_BUF_MEM_NEW:101:BUF_MEM_new
CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm
CMS_R_UNKNOWN_ID:150:unknown id
CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm
+CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM:194:\
+ unsupported content encryption algorithm
CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type
CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm
CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\
int i;
EVP_CIPHER_CTX **c_ctx;
BIO *next;
+ int pend;
ctx = BIO_get_data(b);
next = BIO_next(b);
/* do a final write */
again:
while (ctx->buf_len != ctx->buf_off) {
+ pend = ctx->buf_len - ctx->buf_off;
i = enc_write(b, NULL, 0);
- if (i < 0)
+ /*
+ * i should never be > 0 here because we didn't ask to write any
+ * new data. We stop if we get an error or we failed to make any
+ * progress writing pending data.
+ */
+ if (i < 0 || (ctx->buf_len - ctx->buf_off) == pend)
return i;
}
/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
{
BIO *tmp = *header;
char *linebuf, *p;
- int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
+ int len, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
/* 0 if not seen (yet), 1 if reading header, 2 if finished header */
enum header_status got_header = MAYBE_HEADER;
unsigned int flags_mask;
return 0;
}
- for (line = 0; ; line++) {
+ for (;;) {
flags_mask = ~0u;
len = BIO_gets(bp, linebuf, LINESIZE);
if (len <= 0) {
*data = pem_malloc(len, flags);
if (*header == NULL || *data == NULL) {
pem_free(*header, flags, 0);
+ *header = NULL;
pem_free(*data, flags, 0);
+ *data = NULL;
goto end;
}
BIO_read(headerB, *header, headerlen);
strtype, str, rk, rklen)) {
RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(str);
+ OPENSSL_clear_free(rk, rklen);
return 0;
}
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
BN_free(d);
}
- if (blinding)
- if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+ if (blinding) {
+ /*
+ * ossl_bn_rsa_do_unblind() combines blinding inversion and
+ * 0-padded BN BE serialization
+ */
+ j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx,
+ buf, num);
+ if (j == 0)
goto err;
-
- j = BN_bn2binpad(ret, buf, num);
+ } else {
+ j = BN_bn2binpad(ret, buf, num);
+ if (j < 0)
+ goto err;
+ }
switch (padding) {
case RSA_PKCS1_PADDING:
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
{
TXT_DB *ret = NULL;
int esc = 0;
- long ln = 0;
int i, add, n;
int size = BUFSIZE;
int offset = 0;
}
buf->data[offset] = '\0';
BIO_gets(in, &(buf->data[offset]), size - offset);
- ln++;
if (buf->data[offset] == '\0')
break;
if ((offset == 0) && (buf->data[0] == '#'))
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
X509_STORE_unlock(xl->store_ctx);
- /* If a CRL, update the last file suffix added for this */
-
- if (type == X509_LU_CRL) {
+ /*
+ * If a CRL, update the last file suffix added for this.
+ * We don't need to add an entry if k is 0 as this is the initial value.
+ * This avoids the need for a write lock and sort operation in the
+ * simple case where no CRL is present for a hash.
+ */
+ if (type == X509_LU_CRL && k > 0) {
CRYPTO_THREAD_write_lock(ctx->lock);
/*
* Look for entry again in case another thread added an entry
ok = 0;
goto finish;
}
+
+ /*
+ * Ensure stack is sorted so that subsequent sk_BY_DIR_HASH_find
+ * will not mutate the stack and therefore require a write lock.
+ */
+ sk_BY_DIR_HASH_sort(ent->hashes);
} else if (hent->suffix < k) {
hent->suffix = k;
}
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
{
char *s, *c, *b;
- int l, i;
-
- l = 80 - 2 - obase;
+ int i;
b = X509_NAME_oneline(name, NULL, 0);
if (!b)
if (BIO_write(bp, ", ", 2) != 2)
goto err;
}
- l--;
}
if (*s == '\0')
break;
s++;
- l--;
}
OPENSSL_free(b);
/*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return -1;
switch (a->type) {
case GEN_X400:
- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+ result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
break;
case GEN_EDIPARTY:
#! /usr/bin/env perl
-# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
&function_begin_B("padlock_key_bswap");
&mov ("edx",&wparam(0));
&mov ("ecx",&DWP(240,"edx"));
+ &inc ("ecx");
+ &shl ("ecx",2);
&set_label("bswap_loop");
&mov ("eax",&DWP(0,"edx"));
&bswap ("eax");
#! /usr/bin/env perl
-# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
.align 16
padlock_key_bswap:
mov 240($arg1),%edx
+ inc %edx
+ shl \$2,%edx
.Lbswap_loop:
mov ($arg1),%eax
bswap %eax
/*
- * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
const BIGNUM *d, BN_CTX *ctx);
+int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
+ const BN_BLINDING *blinding,
+ const BIGNUM *possible_arg2,
+ const BIGNUM *to_mod, BN_CTX *ctx,
+ unsigned char *buf, int num);
#endif
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
# define BN_F_BN_SET_WORDS 144
# define BN_F_BN_STACK_PUSH 148
# define BN_F_BN_USUB 115
+# define BN_F_OSSL_BN_RSA_DO_UNBLIND 151
/*
* BN reason codes.
# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149
# define CMS_R_UNKNOWN_ID 150
# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
+# define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194
# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1010113fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1s 1 Nov 2022"
+# define OPENSSL_VERSION_NUMBER 0x1010114fL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
/*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
OTHERNAME *otherName; /* otherName */
ASN1_IA5STRING *rfc822Name;
ASN1_IA5STRING *dNSName;
- ASN1_TYPE *x400Address;
+ ASN1_STRING *x400Address;
X509_NAME *directoryName;
EDIPARTYNAME *ediPartyName;
ASN1_IA5STRING *uniformResourceIdentifier;
#include <openssl/rand.h>
#include "record_local.h"
#include "../packet_local.h"
+#include "internal/cryptlib.h"
#if defined(OPENSSL_SMALL_FOOTPRINT) || \
!( defined(AESNI_ASM) && ( \
}
/*
- * Reserve some bytes for any growth that may occur during encryption.
- * This will be at most one cipher block or the tag length if using
- * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case.
- */
- if (!WPACKET_reserve_bytes(thispkt, SSL_RT_MAX_CIPHER_BLOCK_SIZE,
+ * Reserve some bytes for any growth that may occur during encryption. If
+ * we are adding the MAC independently of the cipher algorithm, then the
+ * max encrypted overhead does not need to include an allocation for that
+ * MAC
+ */
+ if (!WPACKET_reserve_bytes(thispkt,
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ - mac_size,
NULL)
/*
* We also need next the amount of bytes written to this
/* Allocate bytes for the encryption overhead */
if (!WPACKET_get_length(thispkt, &origlen)
+ /* Check we allowed enough room for the encryption growth */
+ || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ - mac_size >= thiswr->length)
/* Encryption should never shrink the data! */
|| origlen > thiswr->length
|| (thiswr->length > origlen
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#endif
len = ssl_get_max_send_fragment(s)
- + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+ + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align
+ + SSL_RT_MAX_CIPHER_BLOCK_SIZE /* Explicit IV allowance */;
#ifndef OPENSSL_NO_COMP
if (ssl_allow_compression(s))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
+ /*
+ * We don't need to add an allowance for eivlen here since empty
+ * fragments only occur when we don't have an explicit IV
+ */
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
}
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 6197312946105598768 (0x5601474a2a8dc330)
+ Signature Algorithm: ED25519
+ Issuer: CN = IETF Test Demo
+ Validity
+ Not Before: Aug 1 12:19:24 2016 GMT
+ Not After : Nov 11 16:34:03 2121 GMT
+ Subject: CN = IETF Test Demo
+ Subject Public Key Info:
+ Public Key Algorithm: X25519
+ X25519 Public-Key:
+ pub:
+ 85:20:f0:09:89:30:a7:54:74:8b:7d:dc:b4:3e:f7:
+ 5a:0d:bf:3a:0d:26:38:1a:f4:eb:a4:a9:8e:aa:9b:
+ 4e:6a
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:FALSE
+ X509v3 Key Usage:
+ Key Agreement
+ X509v3 Subject Key Identifier:
+ 9B:1F:5E:ED:ED:04:33:85:E4:F7:BC:62:3C:59:75:B9:0B:C8:BB:3B
+ Signature Algorithm: ED25519
+ 72:b4:22:9c:d5:7b:85:10:ff:7c:28:59:e5:bb:1e:e8:b6:5f:
+ 74:39:94:dd:2f:8a:3d:6c:f3:23:28:d1:5e:3c:d1:56:e7:0a:
+ ea:99:ff:62:5c:48:0f:1c:24:24:35:98:1a:bb:ae:96:b9:93:
+ b3:cb:8e:45:e3:c0:ef:2e:5c:07
-----BEGIN CERTIFICATE-----
-MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX
-N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD
-DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj
-ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg
-BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v
-/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg
-w1AH9efZBw==
+MIIBLjCB4aADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBU
+ZXN0IERlbW8wIBcNMTYwODAxMTIxOTI0WhgPMjEyMTExMTExNjM0MDNaMBkxFzAV
+BgNVBAMMDklFVEYgVGVzdCBEZW1vMCowBQYDK2VuAyEAhSDwCYkwp1R0i33ctD73
+Wg2/Og0mOBr066SpjqqbTmqjRTBDMA8GA1UdEwEB/wQFMAMBAQAwDgYDVR0PAQEA
+BAQDAgMIMCAGA1UdDgEBAAQWBBSbH17t7QQzheT3vGI8WXW5C8i7OzAFBgMrZXAD
+QQBytCKc1XuFEP98KFnlux7otl90OZTdL4o9bPMjKNFePNFW5wrqmf9iXEgPHCQk
+NZgau66WuZOzy45F48DvLlwH
-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 84:f1:08:3d:1c:e3:2d:95
+ Signature Algorithm: ED25519
+ Issuer: CN = IETF Test Demo
+ Validity
+ Not Before: Apr 19 21:36:39 2017 GMT
+ Not After : Nov 11 15:37:05 2122 GMT
+ Subject: CN = IETF Test Demo
+ Subject Public Key Info:
+ Public Key Algorithm: ED25519
+ ED25519 Public-Key:
+ pub:
+ 19:bf:44:09:69:84:cd:fe:85:41:ba:c1:67:dc:3b:
+ 96:c8:50:86:aa:30:b6:b6:cb:0c:5c:38:ad:70:31:
+ 66:e1
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ A2:8C:C1:F8:6E:59:60:D3:E0:3A:E7:5C:96:2C:97:A8:D4:48:29:3C
+ X509v3 Authority Key Identifier:
+ keyid:A2:8C:C1:F8:6E:59:60:D3:E0:3A:E7:5C:96:2C:97:A8:D4:48:29:3C
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: ED25519
+ 08:f9:fc:49:37:0c:03:64:ed:90:70:89:eb:f1:69:ca:75:3b:
+ 71:15:8f:eb:80:45:00:db:88:9b:66:46:9c:a4:e1:50:c5:59:
+ 43:98:66:37:6d:b7:59:51:5d:b4:9d:1d:89:25:b4:f6:87:43:
+ b7:d3:3b:85:b9:8e:e1:a8:46:04
-----BEGIN CERTIFICATE-----
-MIIBODCB66ADAgECAgkAhPEIPRzjLZUwBQYDK2VwMBkxFzAVBgNVBAMMDklFVEYg
-VGVzdCBEZW1vMB4XDTE3MDQxOTIxMzYzOVoXDTQxMDIxMjIxMzYzOVowGTEXMBUG
-A1UEAwwOSUVURiBUZXN0IERlbW8wKjAFBgMrZXADIQAZv0QJaYTN/oVBusFn3DuW
-yFCGqjC2tssMXDitcDFm4aNQME4wHQYDVR0OBBYEFKKMwfhuWWDT4DrnXJYsl6jU
-SCk8MB8GA1UdIwQYMBaAFKKMwfhuWWDT4DrnXJYsl6jUSCk8MAwGA1UdEwQFMAMB
-Af8wBQYDK2VwA0EAa6iEoQZBWB1MhCzASv5HuFM7fR5Nz2/KM7GxYjQWsfvK2Ds1
-jaPSG7Lx4uywIndMafp5CoPoFr6yLBkt+NZLAg==
+MIIBOjCB7aADAgECAgkAhPEIPRzjLZUwBQYDK2VwMBkxFzAVBgNVBAMMDklFVEYg
+VGVzdCBEZW1vMCAXDTE3MDQxOTIxMzYzOVoYDzIxMjIxMTExMTUzNzA1WjAZMRcw
+FQYDVQQDDA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlcAMhABm/RAlphM3+hUG6wWfc
+O5bIUIaqMLa2ywxcOK1wMWbho1AwTjAdBgNVHQ4EFgQUoozB+G5ZYNPgOudcliyX
+qNRIKTwwHwYDVR0jBBgwFoAUoozB+G5ZYNPgOudcliyXqNRIKTwwDAYDVR0TBAUw
+AwEB/zAFBgMrZXADQQAI+fxJNwwDZO2QcInr8WnKdTtxFY/rgEUA24ibZkacpOFQ
+xVlDmGY3bbdZUV20nR2JJbT2h0O30zuFuY7hqEYE
-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 88:43:29:cb:c2:eb:15:9a
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootCA
+ Validity
+ Not Before: Jul 2 13:15:11 2015 GMT
+ Not After : Jul 2 17:50:05 2122 GMT
+ Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootCA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (2048 bit)
+ Modulus:
+ 00:c0:f1:6b:77:88:ac:35:df:fb:73:53:2f:92:80:
+ 2f:74:16:32:4d:f5:10:20:6f:6c:3a:8e:d1:dc:6b:
+ e1:2e:3e:c3:04:0f:bf:9b:c4:c9:12:d1:e4:0b:45:
+ 97:e5:06:cd:66:3a:e1:e0:e2:2b:df:a2:c4:ec:7b:
+ d3:3d:3c:8a:ff:5e:74:a0:ab:a7:03:6a:16:5b:5e:
+ 92:c4:7e:5b:79:8a:69:d4:bc:83:5e:ae:42:92:74:
+ a5:2b:e7:00:c1:a9:dc:d5:b1:53:07:0f:73:f7:8e:
+ ad:14:3e:25:9e:e5:1e:e6:cc:91:cd:95:0c:80:44:
+ 20:c3:fd:17:cf:91:3d:63:10:1c:14:5b:fb:c3:a8:
+ c1:88:b2:77:ff:9c:db:fc:6a:44:44:44:f7:85:ec:
+ 08:2c:d4:df:81:a3:79:c9:fe:1e:9b:93:16:53:b7:
+ 97:ab:be:4f:1a:a5:e2:fa:46:05:e4:0d:9c:2a:a4:
+ cc:b9:1e:21:a0:6c:c4:ab:59:b0:40:39:bb:f9:88:
+ ad:fd:df:8d:b4:0b:af:7e:41:e0:21:3c:c8:33:45:
+ 49:84:2f:93:06:ee:fd:4f:ed:4f:f3:bc:9b:de:fc:
+ 25:5e:55:d5:75:d4:c5:7b:3a:40:35:06:9f:c4:84:
+ b4:6c:93:0c:af:37:5a:af:b6:41:4d:26:23:1c:b8:
+ 02:b3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 85:56:89:35:E2:9F:00:1A:E1:86:03:0B:4B:AF:76:12:6B:33:6D:FD
+ X509v3 Authority Key Identifier:
+ keyid:85:56:89:35:E2:9F:00:1A:E1:86:03:0B:4B:AF:76:12:6B:33:6D:FD
+
+ Signature Algorithm: sha256WithRSAEncryption
+ b9:5c:c3:39:31:e9:c1:63:f9:f1:29:2c:c6:84:80:ed:33:e5:
+ 72:3c:2c:e8:93:1f:07:03:65:cd:bb:04:ed:10:29:00:5f:ea:
+ 91:08:19:df:10:88:e9:00:5c:2e:eb:b5:af:98:70:c8:c4:8b:
+ 53:c4:26:c5:a1:d8:46:b9:9f:7d:48:e0:26:74:2c:61:b8:c1:
+ 89:06:b6:e5:b5:ba:6b:75:2b:16:ad:ca:88:26:25:73:9b:15:
+ 22:59:6a:94:dc:61:34:88:28:58:9f:de:fd:71:1e:37:af:90:
+ 74:7b:cf:bb:93:1c:73:24:15:26:7a:33:8c:5d:5b:81:97:14:
+ 62:01:7e:17:76:fb:aa:7a:4d:ed:81:2b:bd:d9:f3:12:69:86:
+ 01:b3:91:0a:8d:6b:bd:71:41:a9:93:63:c2:a1:ab:0d:48:05:
+ 99:7d:9e:a2:a4:ac:9f:73:0d:5b:5c:05:3a:52:64:fe:17:79:
+ 2a:27:51:d7:5b:af:dc:10:d5:23:6b:2c:62:51:00:c9:67:17:
+ 2d:29:a3:21:88:fd:14:48:0d:99:8c:d8:f8:c8:c7:ec:d2:83:
+ 3d:ba:d4:94:7b:df:39:61:4b:e3:7c:b9:ea:77:09:01:bc:ec:
+ db:1c:fa:42:1b:6d:1d:b1:51:5f:e4:87:dd:41:24:00:a2:52:
+ e0:1a:c0:1c
-----BEGIN CERTIFICATE-----
-MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
+MIIDgTCCAmmgAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa
-Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
-YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM
-BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf
-+3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i
-xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO
-rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU
-34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL
-r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2
-QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf
-ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w
-DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0
-mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ
-WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI
-qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0
-GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT
-JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ=
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAgFw0xNTA3MDIxMzE1MTFa
+GA8yMTIyMDcwMjE3NTAwNVowVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUt
+U3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UE
+AwwGcm9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPFrd4is
+Nd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/m8TJEtHkC0WX5QbNZjrh4OIr
+36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyDXq5CknSlK+cAwanc1bFTBw9z
+946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7w6jBiLJ3/5zb/GpERET3hewI
+LNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTMuR4hoGzEq1mwQDm7+Yit/d+N
+tAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXVddTFezpANQafxIS0bJMMrzda
+r7ZBTSYjHLgCswIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSFVok1
+4p8AGuGGAwtLr3YSazNt/TAfBgNVHSMEGDAWgBSFVok14p8AGuGGAwtLr3YSazNt
+/TANBgkqhkiG9w0BAQsFAAOCAQEAuVzDOTHpwWP58SksxoSA7TPlcjws6JMfBwNl
+zbsE7RApAF/qkQgZ3xCI6QBcLuu1r5hwyMSLU8QmxaHYRrmffUjgJnQsYbjBiQa2
+5bW6a3UrFq3KiCYlc5sVIllqlNxhNIgoWJ/e/XEeN6+QdHvPu5MccyQVJnozjF1b
+gZcUYgF+F3b7qnpN7YErvdnzEmmGAbORCo1rvXFBqZNjwqGrDUgFmX2eoqSsn3MN
+W1wFOlJk/hd5KidR11uv3BDVI2ssYlEAyWcXLSmjIYj9FEgNmYzY+MjH7NKDPbrU
+lHvfOWFL43y56ncJAbzs2xz6QhttHbFRX+SH3UEkAKJS4BrAHA==
-----END CERTIFICATE-----
/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
BIGNUM *r = NULL;
BN_ULONG one_word = 1;
BN_CTX *ctx = BN_CTX_new();
- int ret = 1, failed = 0;
+ int ret = 0, failed = 0;
+ BN_MONT_CTX *mont = NULL;
if (!TEST_ptr(m = BN_new())
|| !TEST_ptr(a = BN_new())
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
failed = 1;
+ if (!TEST_ptr(mont = BN_MONT_CTX_new()))
+ goto err;
+
+ ERR_set_mark();
+ /* mont is not set but passed in */
+ if (!TEST_false(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont)))
+ goto err;
+ if (!TEST_false(BN_mod_exp_mont(r, p, a, m, ctx, mont)))
+ goto err;
+ ERR_pop_to_mark();
+
+ if (!TEST_true(BN_MONT_CTX_set(mont, m, ctx)))
+ goto err;
+
+ /* we compute 0 ** a mod 1 here, to execute code that uses mont */
+ if (!TEST_true(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont)))
+ goto err;
+
+ if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
+ failed = 1;
+
+ if (!TEST_true(BN_mod_exp_mont(r, p, a, m, ctx, mont)))
+ goto err;
+
+ if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont", r, a)))
+ failed = 1;
+
/*
* A different codepath exists for single word multiplication
* in non-constant-time only.
BN_free(a);
BN_free(p);
BN_free(m);
+ BN_MONT_CTX_free(mont);
BN_CTX_free(ctx);
return ret;
/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return 1;
}
+static int test_empty_payload(void)
+{
+ BIO *b;
+ static char *emptypay =
+ "-----BEGIN CERTIFICATE-----\n"
+ "-\n" /* Base64 EOF character */
+ "-----END CERTIFICATE-----";
+ char *name = NULL, *header = NULL;
+ unsigned char *data = NULL;
+ long len;
+ int ret = 0;
+
+ b = BIO_new_mem_buf(emptypay, strlen(emptypay));
+ if (!TEST_ptr(b))
+ return 0;
+
+ /* Expected to fail because the payload is empty */
+ if (!TEST_false(PEM_read_bio_ex(b, &name, &header, &data, &len, 0)))
+ goto err;
+
+ ret = 1;
+ err:
+ OPENSSL_free(name);
+ OPENSSL_free(header);
+ OPENSSL_free(data);
+ BIO_free(b);
+ return ret;
+}
+
int setup_tests(void)
{
ADD_ALL_TESTS(test_b64, OSSL_NELEM(b64_pem_data));
ADD_TEST(test_invalid);
+ ADD_TEST(test_empty_payload);
return 1;
}
#! /usr/bin/env perl
-# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
use POSIX;
use File::Spec::Functions qw/catfile/;
use File::Compare qw/compare_text/;
-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file with/;
use OpenSSL::Test::Utils;
setup("test_cms");
my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
= disabled qw/des dh dsa ec ec2m rc2 zlib/;
-plan tests => 6;
+plan tests => 7;
my @smime_pkcs7_tests = (
return "";
}
+
+# Check that we get the expected failure return code
+with({ exit_checker => sub { return shift == 6; } },
+ sub {
+ ok(run(app(['openssl', 'cms', '-encrypt',
+ '-in', srctop_file("test", "smcont.txt"),
+ '-stream', '-recip',
+ srctop_file("test/smime-certs", "badrsa.pem"),
+ ])),
+ "Check failure during BIO setup with -stream is handled correctly");
+ });
#!/bin/sh
#
-# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
cd pyca-cryptography
-pip install .[test]
-pip install -e vectors
-
echo "------------------------------------------------------------------"
echo "Building cryptography"
echo "------------------------------------------------------------------"
-CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pip install .
+LDFLAGS="-L$O_LIB" CFLAGS="-I$O_BINC -I$O_SINC" pip install .[test]
+pip install -e vectors
echo "------------------------------------------------------------------"
echo "Running tests"
echo "------------------------------------------------------------------"
-CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pytest -n auto tests --wycheproof-root=../wycheproof
+pytest -n auto tests --wycheproof-root=../wycheproof
cd ../
deactivate
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIToTV4Z0iuK08vZP20oTh//hC8BDANBgkqhkiG9w0BAQ0FADAtMSswKQYD
+VfcDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY
+DzIwNTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw
+I2juwdRrjFBmXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A
+/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s
+yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0
+zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSxgCAwEAAaOBlzCB
+lDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
+CgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwfAADAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
+ZnMwHwYDVR0jBBgwFoAUeF8OWnjYa+RUcD2z3ez38fL6wEcwDQYJKoZIhvcNAQENBQADggEBABbW
+eonR6TMTckehDKNOabwaCIcekahAIL6l9tTzUX5ew6ufiAPlC6I/zQlmUaU0iSyFDG1NW14kNbFt
+5CAokyLhMtE4ASHBIHbiOp/ZSbUBTVYJZB61ot7w1/ol5QECSs08b8zrxIncf+t2DHGuVEy/Qq1d
+rBz8d4ay8zpqAE1tUyL5Da6ZiKUfWwZQXSI/JlbjQFzYQqTRDnzHWrg1xPeMTO1P2/cplFaseTiv
+yk4cYwOp/W9UAWymOZXF8WcJYCIUXkdcG/nEZxr057KlScrJmFXOoh7Y+8ON4iWYYcAfiNgpUFo/
+j8BAwrKKaFvdlZS9k1Ypb2+UQY75mKJE9Bg=
+-----END CERTIFICATE-----
/*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
}
#endif
+/*
+ * Test we can successfully send the maximum amount of application data. We
+ * test each protocol version individually, each with and without EtM enabled.
+ * TLSv1.3 doesn't use EtM so technically it is redundant to test both but it is
+ * simpler this way. We also test all combinations with and without the
+ * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option which affects the size of the
+ * underlying buffer.
+ */
+static int test_large_app_data(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0, prot;
+ unsigned char *msg, *buf = NULL;
+ size_t written, readbytes;
+ const SSL_METHOD *smeth = TLS_server_method();
+ const SSL_METHOD *cmeth = TLS_client_method();
+
+ switch (tst >> 2) {
+ case 0:
+#ifndef OPENSSL_NO_TLS1_3
+ prot = TLS1_3_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 1:
+#ifndef OPENSSL_NO_TLS1_2
+ prot = TLS1_2_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 2:
+#ifndef OPENSSL_NO_TLS1_1
+ prot = TLS1_1_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 3:
+#ifndef OPENSSL_NO_TLS1
+ prot = TLS1_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 4:
+#ifndef OPENSSL_NO_SSL3
+ prot = SSL3_VERSION;
+ break;
+#else
+ return 1;
+#endif
+
+ case 5:
+#ifndef OPENSSL_NO_DTLS1_2
+ prot = DTLS1_2_VERSION;
+ smeth = DTLS_server_method();
+ cmeth = DTLS_client_method();
+ break;
+#else
+ return 1;
+#endif
+
+ case 6:
+#ifndef OPENSSL_NO_DTLS1
+ prot = DTLS1_VERSION;
+ smeth = DTLS_server_method();
+ cmeth = DTLS_client_method();
+ break;
+#else
+ return 1;
+#endif
+
+ default:
+ /* Shouldn't happen */
+ return 0;
+ }
+
+ /* Maximal sized message of zeros */
+ msg = OPENSSL_zalloc(SSL3_RT_MAX_PLAIN_LENGTH);
+ if (!TEST_ptr(msg))
+ goto end;
+
+ buf = OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH + 1);
+ if (!TEST_ptr(buf))
+ goto end;
+ /* Set whole buffer to all bits set */
+ memset(buf, 0xff, SSL3_RT_MAX_PLAIN_LENGTH + 1);
+
+ if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, prot, prot, &sctx, &cctx,
+ cert, privkey)))
+ goto end;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+ &clientssl, NULL, NULL)))
+ goto end;
+
+ if ((tst & 1) != 0) {
+ /* Setting this option gives us a minimally sized underlying buffer */
+ if (!TEST_true(SSL_set_options(serverssl,
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+ || !TEST_true(SSL_set_options(clientssl,
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)))
+ goto end;
+ }
+
+ if ((tst & 2) != 0) {
+ /*
+ * Setting this option means the MAC is added before encryption
+ * giving us a larger record for the encryption process
+ */
+ if (!TEST_true(SSL_set_options(serverssl, SSL_OP_NO_ENCRYPT_THEN_MAC))
+ || !TEST_true(SSL_set_options(clientssl,
+ SSL_OP_NO_ENCRYPT_THEN_MAC)))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_true(SSL_write_ex(clientssl, msg, SSL3_RT_MAX_PLAIN_LENGTH,
+ &written))
+ || !TEST_size_t_eq(written, SSL3_RT_MAX_PLAIN_LENGTH))
+ goto end;
+
+ /* We provide a buffer slightly larger than what we are actually expecting */
+ if (!TEST_true(SSL_read_ex(serverssl, buf, SSL3_RT_MAX_PLAIN_LENGTH + 1,
+ &readbytes)))
+ goto end;
+
+ if (!TEST_mem_eq(msg, written, buf, readbytes))
+ goto end;
+
+ testresult = 1;
+end:
+ OPENSSL_free(msg);
+ OPENSSL_free(buf);
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ return testresult;
+}
+
+
#ifndef OPENSSL_NO_OCSP
static int ocsp_server_cb(SSL *s, void *arg)
{
#ifndef OPENSSL_NO_DTLS
ADD_TEST(test_large_message_dtls);
#endif
+ ADD_ALL_TESTS(test_large_app_data, 28);
#ifndef OPENSSL_NO_OCSP
ADD_TEST(test_tlsext_status_type);
#endif
/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
static int test_int(void)
{
if (!TEST(1, TEST_int_eq(1, 1))
- | !TEST(0, TEST_int_eq(1, -1))
- | !TEST(1, TEST_int_ne(1, 2))
- | !TEST(0, TEST_int_ne(3, 3))
- | !TEST(1, TEST_int_lt(4, 9))
- | !TEST(0, TEST_int_lt(9, 4))
- | !TEST(1, TEST_int_le(4, 9))
- | !TEST(1, TEST_int_le(5, 5))
- | !TEST(0, TEST_int_le(9, 4))
- | !TEST(1, TEST_int_gt(8, 5))
- | !TEST(0, TEST_int_gt(5, 8))
- | !TEST(1, TEST_int_ge(8, 5))
- | !TEST(1, TEST_int_ge(6, 6))
- | !TEST(0, TEST_int_ge(5, 8)))
+ || !TEST(0, TEST_int_eq(1, -1))
+ || !TEST(1, TEST_int_ne(1, 2))
+ || !TEST(0, TEST_int_ne(3, 3))
+ || !TEST(1, TEST_int_lt(4, 9))
+ || !TEST(0, TEST_int_lt(9, 4))
+ || !TEST(1, TEST_int_le(4, 9))
+ || !TEST(1, TEST_int_le(5, 5))
+ || !TEST(0, TEST_int_le(9, 4))
+ || !TEST(1, TEST_int_gt(8, 5))
+ || !TEST(0, TEST_int_gt(5, 8))
+ || !TEST(1, TEST_int_ge(8, 5))
+ || !TEST(1, TEST_int_ge(6, 6))
+ || !TEST(0, TEST_int_ge(5, 8)))
goto err;
return 1;
static int test_uint(void)
{
if (!TEST(1, TEST_uint_eq(3u, 3u))
- | !TEST(0, TEST_uint_eq(3u, 5u))
- | !TEST(1, TEST_uint_ne(4u, 2u))
- | !TEST(0, TEST_uint_ne(6u, 6u))
- | !TEST(1, TEST_uint_lt(5u, 9u))
- | !TEST(0, TEST_uint_lt(9u, 5u))
- | !TEST(1, TEST_uint_le(5u, 9u))
- | !TEST(1, TEST_uint_le(7u, 7u))
- | !TEST(0, TEST_uint_le(9u, 5u))
- | !TEST(1, TEST_uint_gt(11u, 1u))
- | !TEST(0, TEST_uint_gt(1u, 11u))
- | !TEST(1, TEST_uint_ge(11u, 1u))
- | !TEST(1, TEST_uint_ge(6u, 6u))
- | !TEST(0, TEST_uint_ge(1u, 11u)))
+ || !TEST(0, TEST_uint_eq(3u, 5u))
+ || !TEST(1, TEST_uint_ne(4u, 2u))
+ || !TEST(0, TEST_uint_ne(6u, 6u))
+ || !TEST(1, TEST_uint_lt(5u, 9u))
+ || !TEST(0, TEST_uint_lt(9u, 5u))
+ || !TEST(1, TEST_uint_le(5u, 9u))
+ || !TEST(1, TEST_uint_le(7u, 7u))
+ || !TEST(0, TEST_uint_le(9u, 5u))
+ || !TEST(1, TEST_uint_gt(11u, 1u))
+ || !TEST(0, TEST_uint_gt(1u, 11u))
+ || !TEST(1, TEST_uint_ge(11u, 1u))
+ || !TEST(1, TEST_uint_ge(6u, 6u))
+ || !TEST(0, TEST_uint_ge(1u, 11u)))
goto err;
return 1;
static int test_char(void)
{
if (!TEST(1, TEST_char_eq('a', 'a'))
- | !TEST(0, TEST_char_eq('a', 'A'))
- | !TEST(1, TEST_char_ne('a', 'c'))
- | !TEST(0, TEST_char_ne('e', 'e'))
- | !TEST(1, TEST_char_lt('i', 'x'))
- | !TEST(0, TEST_char_lt('x', 'i'))
- | !TEST(1, TEST_char_le('i', 'x'))
- | !TEST(1, TEST_char_le('n', 'n'))
- | !TEST(0, TEST_char_le('x', 'i'))
- | !TEST(1, TEST_char_gt('w', 'n'))
- | !TEST(0, TEST_char_gt('n', 'w'))
- | !TEST(1, TEST_char_ge('w', 'n'))
- | !TEST(1, TEST_char_ge('p', 'p'))
- | !TEST(0, TEST_char_ge('n', 'w')))
+ || !TEST(0, TEST_char_eq('a', 'A'))
+ || !TEST(1, TEST_char_ne('a', 'c'))
+ || !TEST(0, TEST_char_ne('e', 'e'))
+ || !TEST(1, TEST_char_lt('i', 'x'))
+ || !TEST(0, TEST_char_lt('x', 'i'))
+ || !TEST(1, TEST_char_le('i', 'x'))
+ || !TEST(1, TEST_char_le('n', 'n'))
+ || !TEST(0, TEST_char_le('x', 'i'))
+ || !TEST(1, TEST_char_gt('w', 'n'))
+ || !TEST(0, TEST_char_gt('n', 'w'))
+ || !TEST(1, TEST_char_ge('w', 'n'))
+ || !TEST(1, TEST_char_ge('p', 'p'))
+ || !TEST(0, TEST_char_ge('n', 'w')))
goto err;
return 1;
static int test_uchar(void)
{
if (!TEST(1, TEST_uchar_eq(49, 49))
- | !TEST(0, TEST_uchar_eq(49, 60))
- | !TEST(1, TEST_uchar_ne(50, 2))
- | !TEST(0, TEST_uchar_ne(66, 66))
- | !TEST(1, TEST_uchar_lt(60, 80))
- | !TEST(0, TEST_uchar_lt(80, 60))
- | !TEST(1, TEST_uchar_le(60, 80))
- | !TEST(1, TEST_uchar_le(78, 78))
- | !TEST(0, TEST_uchar_le(80, 60))
- | !TEST(1, TEST_uchar_gt(88, 37))
- | !TEST(0, TEST_uchar_gt(37, 88))
- | !TEST(1, TEST_uchar_ge(88, 37))
- | !TEST(1, TEST_uchar_ge(66, 66))
- | !TEST(0, TEST_uchar_ge(37, 88)))
+ || !TEST(0, TEST_uchar_eq(49, 60))
+ || !TEST(1, TEST_uchar_ne(50, 2))
+ || !TEST(0, TEST_uchar_ne(66, 66))
+ || !TEST(1, TEST_uchar_lt(60, 80))
+ || !TEST(0, TEST_uchar_lt(80, 60))
+ || !TEST(1, TEST_uchar_le(60, 80))
+ || !TEST(1, TEST_uchar_le(78, 78))
+ || !TEST(0, TEST_uchar_le(80, 60))
+ || !TEST(1, TEST_uchar_gt(88, 37))
+ || !TEST(0, TEST_uchar_gt(37, 88))
+ || !TEST(1, TEST_uchar_ge(88, 37))
+ || !TEST(1, TEST_uchar_ge(66, 66))
+ || !TEST(0, TEST_uchar_ge(37, 88)))
goto err;
return 1;
static int test_long(void)
{
if (!TEST(1, TEST_long_eq(123l, 123l))
- | !TEST(0, TEST_long_eq(123l, -123l))
- | !TEST(1, TEST_long_ne(123l, 500l))
- | !TEST(0, TEST_long_ne(1000l, 1000l))
- | !TEST(1, TEST_long_lt(-8923l, 102934563l))
- | !TEST(0, TEST_long_lt(102934563l, -8923l))
- | !TEST(1, TEST_long_le(-8923l, 102934563l))
- | !TEST(1, TEST_long_le(12345l, 12345l))
- | !TEST(0, TEST_long_le(102934563l, -8923l))
- | !TEST(1, TEST_long_gt(84325677l, 12345l))
- | !TEST(0, TEST_long_gt(12345l, 84325677l))
- | !TEST(1, TEST_long_ge(84325677l, 12345l))
- | !TEST(1, TEST_long_ge(465869l, 465869l))
- | !TEST(0, TEST_long_ge(12345l, 84325677l)))
+ || !TEST(0, TEST_long_eq(123l, -123l))
+ || !TEST(1, TEST_long_ne(123l, 500l))
+ || !TEST(0, TEST_long_ne(1000l, 1000l))
+ || !TEST(1, TEST_long_lt(-8923l, 102934563l))
+ || !TEST(0, TEST_long_lt(102934563l, -8923l))
+ || !TEST(1, TEST_long_le(-8923l, 102934563l))
+ || !TEST(1, TEST_long_le(12345l, 12345l))
+ || !TEST(0, TEST_long_le(102934563l, -8923l))
+ || !TEST(1, TEST_long_gt(84325677l, 12345l))
+ || !TEST(0, TEST_long_gt(12345l, 84325677l))
+ || !TEST(1, TEST_long_ge(84325677l, 12345l))
+ || !TEST(1, TEST_long_ge(465869l, 465869l))
+ || !TEST(0, TEST_long_ge(12345l, 84325677l)))
goto err;
return 1;
static int test_ulong(void)
{
if (!TEST(1, TEST_ulong_eq(919ul, 919ul))
- | !TEST(0, TEST_ulong_eq(919ul, 10234ul))
- | !TEST(1, TEST_ulong_ne(8190ul, 66ul))
- | !TEST(0, TEST_ulong_ne(10555ul, 10555ul))
- | !TEST(1, TEST_ulong_lt(10234ul, 1000000ul))
- | !TEST(0, TEST_ulong_lt(1000000ul, 10234ul))
- | !TEST(1, TEST_ulong_le(10234ul, 1000000ul))
- | !TEST(1, TEST_ulong_le(100000ul, 100000ul))
- | !TEST(0, TEST_ulong_le(1000000ul, 10234ul))
- | !TEST(1, TEST_ulong_gt(100000000ul, 22ul))
- | !TEST(0, TEST_ulong_gt(22ul, 100000000ul))
- | !TEST(1, TEST_ulong_ge(100000000ul, 22ul))
- | !TEST(1, TEST_ulong_ge(10555ul, 10555ul))
- | !TEST(0, TEST_ulong_ge(22ul, 100000000ul)))
+ || !TEST(0, TEST_ulong_eq(919ul, 10234ul))
+ || !TEST(1, TEST_ulong_ne(8190ul, 66ul))
+ || !TEST(0, TEST_ulong_ne(10555ul, 10555ul))
+ || !TEST(1, TEST_ulong_lt(10234ul, 1000000ul))
+ || !TEST(0, TEST_ulong_lt(1000000ul, 10234ul))
+ || !TEST(1, TEST_ulong_le(10234ul, 1000000ul))
+ || !TEST(1, TEST_ulong_le(100000ul, 100000ul))
+ || !TEST(0, TEST_ulong_le(1000000ul, 10234ul))
+ || !TEST(1, TEST_ulong_gt(100000000ul, 22ul))
+ || !TEST(0, TEST_ulong_gt(22ul, 100000000ul))
+ || !TEST(1, TEST_ulong_ge(100000000ul, 22ul))
+ || !TEST(1, TEST_ulong_ge(10555ul, 10555ul))
+ || !TEST(0, TEST_ulong_ge(22ul, 100000000ul)))
goto err;
return 1;
static int test_size_t(void)
{
if (!TEST(1, TEST_size_t_eq((size_t)10, (size_t)10))
- | !TEST(0, TEST_size_t_eq((size_t)10, (size_t)12))
- | !TEST(1, TEST_size_t_ne((size_t)10, (size_t)12))
- | !TEST(0, TEST_size_t_ne((size_t)24, (size_t)24))
- | !TEST(1, TEST_size_t_lt((size_t)30, (size_t)88))
- | !TEST(0, TEST_size_t_lt((size_t)88, (size_t)30))
- | !TEST(1, TEST_size_t_le((size_t)30, (size_t)88))
- | !TEST(1, TEST_size_t_le((size_t)33, (size_t)33))
- | !TEST(0, TEST_size_t_le((size_t)88, (size_t)30))
- | !TEST(1, TEST_size_t_gt((size_t)52, (size_t)33))
- | !TEST(0, TEST_size_t_gt((size_t)33, (size_t)52))
- | !TEST(1, TEST_size_t_ge((size_t)52, (size_t)33))
- | !TEST(1, TEST_size_t_ge((size_t)38, (size_t)38))
- | !TEST(0, TEST_size_t_ge((size_t)33, (size_t)52)))
+ || !TEST(0, TEST_size_t_eq((size_t)10, (size_t)12))
+ || !TEST(1, TEST_size_t_ne((size_t)10, (size_t)12))
+ || !TEST(0, TEST_size_t_ne((size_t)24, (size_t)24))
+ || !TEST(1, TEST_size_t_lt((size_t)30, (size_t)88))
+ || !TEST(0, TEST_size_t_lt((size_t)88, (size_t)30))
+ || !TEST(1, TEST_size_t_le((size_t)30, (size_t)88))
+ || !TEST(1, TEST_size_t_le((size_t)33, (size_t)33))
+ || !TEST(0, TEST_size_t_le((size_t)88, (size_t)30))
+ || !TEST(1, TEST_size_t_gt((size_t)52, (size_t)33))
+ || !TEST(0, TEST_size_t_gt((size_t)33, (size_t)52))
+ || !TEST(1, TEST_size_t_ge((size_t)52, (size_t)33))
+ || !TEST(1, TEST_size_t_ge((size_t)38, (size_t)38))
+ || !TEST(0, TEST_size_t_ge((size_t)33, (size_t)52)))
goto err;
return 1;
static int test_time_t(void)
{
if (!TEST(1, TEST_time_t_eq((time_t)10, (time_t)10))
- | !TEST(0, TEST_time_t_eq((time_t)10, (time_t)12))
- | !TEST(1, TEST_time_t_ne((time_t)10, (time_t)12))
- | !TEST(0, TEST_time_t_ne((time_t)24, (time_t)24))
- | !TEST(1, TEST_time_t_lt((time_t)30, (time_t)88))
- | !TEST(0, TEST_time_t_lt((time_t)88, (time_t)30))
- | !TEST(1, TEST_time_t_le((time_t)30, (time_t)88))
- | !TEST(1, TEST_time_t_le((time_t)33, (time_t)33))
- | !TEST(0, TEST_time_t_le((time_t)88, (time_t)30))
- | !TEST(1, TEST_time_t_gt((time_t)52, (time_t)33))
- | !TEST(0, TEST_time_t_gt((time_t)33, (time_t)52))
- | !TEST(1, TEST_time_t_ge((time_t)52, (time_t)33))
- | !TEST(1, TEST_time_t_ge((time_t)38, (time_t)38))
- | !TEST(0, TEST_time_t_ge((time_t)33, (time_t)52)))
+ || !TEST(0, TEST_time_t_eq((time_t)10, (time_t)12))
+ || !TEST(1, TEST_time_t_ne((time_t)10, (time_t)12))
+ || !TEST(0, TEST_time_t_ne((time_t)24, (time_t)24))
+ || !TEST(1, TEST_time_t_lt((time_t)30, (time_t)88))
+ || !TEST(0, TEST_time_t_lt((time_t)88, (time_t)30))
+ || !TEST(1, TEST_time_t_le((time_t)30, (time_t)88))
+ || !TEST(1, TEST_time_t_le((time_t)33, (time_t)33))
+ || !TEST(0, TEST_time_t_le((time_t)88, (time_t)30))
+ || !TEST(1, TEST_time_t_gt((time_t)52, (time_t)33))
+ || !TEST(0, TEST_time_t_gt((time_t)33, (time_t)52))
+ || !TEST(1, TEST_time_t_ge((time_t)52, (time_t)33))
+ || !TEST(1, TEST_time_t_ge((time_t)38, (time_t)38))
+ || !TEST(0, TEST_time_t_ge((time_t)33, (time_t)52)))
goto err;
return 1;
char y = 1;
if (!TEST(1, TEST_ptr(&y))
- | !TEST(0, TEST_ptr(NULL))
- | !TEST(0, TEST_ptr_null(&y))
- | !TEST(1, TEST_ptr_null(NULL))
- | !TEST(1, TEST_ptr_eq(NULL, NULL))
- | !TEST(0, TEST_ptr_eq(NULL, &y))
- | !TEST(0, TEST_ptr_eq(&y, NULL))
- | !TEST(0, TEST_ptr_eq(&y, &x))
- | !TEST(1, TEST_ptr_eq(&x, &x))
- | !TEST(0, TEST_ptr_ne(NULL, NULL))
- | !TEST(1, TEST_ptr_ne(NULL, &y))
- | !TEST(1, TEST_ptr_ne(&y, NULL))
- | !TEST(1, TEST_ptr_ne(&y, &x))
- | !TEST(0, TEST_ptr_ne(&x, &x)))
+ || !TEST(0, TEST_ptr(NULL))
+ || !TEST(0, TEST_ptr_null(&y))
+ || !TEST(1, TEST_ptr_null(NULL))
+ || !TEST(1, TEST_ptr_eq(NULL, NULL))
+ || !TEST(0, TEST_ptr_eq(NULL, &y))
+ || !TEST(0, TEST_ptr_eq(&y, NULL))
+ || !TEST(0, TEST_ptr_eq(&y, &x))
+ || !TEST(1, TEST_ptr_eq(&x, &x))
+ || !TEST(0, TEST_ptr_ne(NULL, NULL))
+ || !TEST(1, TEST_ptr_ne(NULL, &y))
+ || !TEST(1, TEST_ptr_ne(&y, NULL))
+ || !TEST(1, TEST_ptr_ne(&y, &x))
+ || !TEST(0, TEST_ptr_ne(&x, &x)))
goto err;
return 1;
static int test_bool(void)
{
if (!TEST(0, TEST_true(0))
- | !TEST(1, TEST_true(1))
- | !TEST(1, TEST_false(0))
- | !TEST(0, TEST_false(1)))
+ || !TEST(1, TEST_true(1))
+ || !TEST(1, TEST_false(0))
+ || !TEST(0, TEST_false(1)))
goto err;
return 1;
static char buf[] = "abc";
if (!TEST(1, TEST_str_eq(NULL, NULL))
- | !TEST(1, TEST_str_eq("abc", buf))
- | !TEST(0, TEST_str_eq("abc", NULL))
- | !TEST(0, TEST_str_eq("abc", ""))
- | !TEST(0, TEST_str_eq(NULL, buf))
- | !TEST(0, TEST_str_ne(NULL, NULL))
- | !TEST(0, TEST_str_eq("", NULL))
- | !TEST(0, TEST_str_eq(NULL, ""))
- | !TEST(0, TEST_str_ne("", ""))
- | !TEST(0, TEST_str_eq("\1\2\3\4\5", "\1x\3\6\5"))
- | !TEST(0, TEST_str_ne("abc", buf))
- | !TEST(1, TEST_str_ne("abc", NULL))
- | !TEST(1, TEST_str_ne(NULL, buf))
- | !TEST(0, TEST_str_eq("abcdef", "abcdefghijk")))
+ || !TEST(1, TEST_str_eq("abc", buf))
+ || !TEST(0, TEST_str_eq("abc", NULL))
+ || !TEST(0, TEST_str_eq("abc", ""))
+ || !TEST(0, TEST_str_eq(NULL, buf))
+ || !TEST(0, TEST_str_ne(NULL, NULL))
+ || !TEST(0, TEST_str_eq("", NULL))
+ || !TEST(0, TEST_str_eq(NULL, ""))
+ || !TEST(0, TEST_str_ne("", ""))
+ || !TEST(0, TEST_str_eq("\1\2\3\4\5", "\1x\3\6\5"))
+ || !TEST(0, TEST_str_ne("abc", buf))
+ || !TEST(1, TEST_str_ne("abc", NULL))
+ || !TEST(1, TEST_str_ne(NULL, buf))
+ || !TEST(0, TEST_str_eq("abcdef", "abcdefghijk")))
goto err;
return 1;
static char buf[] = "xyz";
if (!TEST(1, TEST_mem_eq(NULL, 0, NULL, 0))
- | !TEST(1, TEST_mem_eq(NULL, 1, NULL, 2))
- | !TEST(0, TEST_mem_eq(NULL, 0, "xyz", 3))
- | !TEST(0, TEST_mem_eq(NULL, 7, "abc", 3))
- | !TEST(0, TEST_mem_ne(NULL, 0, NULL, 0))
- | !TEST(0, TEST_mem_eq(NULL, 0, "", 0))
- | !TEST(0, TEST_mem_eq("", 0, NULL, 0))
- | !TEST(0, TEST_mem_ne("", 0, "", 0))
- | !TEST(0, TEST_mem_eq("xyz", 3, NULL, 0))
- | !TEST(0, TEST_mem_eq("xyz", 3, buf, sizeof(buf)))
- | !TEST(1, TEST_mem_eq("xyz", 4, buf, sizeof(buf))))
+ || !TEST(1, TEST_mem_eq(NULL, 1, NULL, 2))
+ || !TEST(0, TEST_mem_eq(NULL, 0, "xyz", 3))
+ || !TEST(0, TEST_mem_eq(NULL, 7, "abc", 3))
+ || !TEST(0, TEST_mem_ne(NULL, 0, NULL, 0))
+ || !TEST(0, TEST_mem_eq(NULL, 0, "", 0))
+ || !TEST(0, TEST_mem_eq("", 0, NULL, 0))
+ || !TEST(0, TEST_mem_ne("", 0, "", 0))
+ || !TEST(0, TEST_mem_eq("xyz", 3, NULL, 0))
+ || !TEST(0, TEST_mem_eq("xyz", 3, buf, sizeof(buf)))
+ || !TEST(1, TEST_mem_eq("xyz", 4, buf, sizeof(buf))))
goto err;
return 1;
int r = 0;
if (!TEST(1, TEST_int_eq(BN_dec2bn(&a, "0"), 1))
- | !TEST(1, TEST_BN_eq_word(a, 0))
- | !TEST(0, TEST_BN_eq_word(a, 30))
- | !TEST(1, TEST_BN_abs_eq_word(a, 0))
- | !TEST(0, TEST_BN_eq_one(a))
- | !TEST(1, TEST_BN_eq_zero(a))
- | !TEST(0, TEST_BN_ne_zero(a))
- | !TEST(1, TEST_BN_le_zero(a))
- | !TEST(0, TEST_BN_lt_zero(a))
- | !TEST(1, TEST_BN_ge_zero(a))
- | !TEST(0, TEST_BN_gt_zero(a))
- | !TEST(1, TEST_BN_even(a))
- | !TEST(0, TEST_BN_odd(a))
- | !TEST(1, TEST_BN_eq(b, c))
- | !TEST(0, TEST_BN_eq(a, b))
- | !TEST(0, TEST_BN_ne(NULL, c))
- | !TEST(1, TEST_int_eq(BN_dec2bn(&b, "1"), 1))
- | !TEST(1, TEST_BN_eq_word(b, 1))
- | !TEST(1, TEST_BN_eq_one(b))
- | !TEST(0, TEST_BN_abs_eq_word(b, 0))
- | !TEST(1, TEST_BN_abs_eq_word(b, 1))
- | !TEST(0, TEST_BN_eq_zero(b))
- | !TEST(1, TEST_BN_ne_zero(b))
- | !TEST(0, TEST_BN_le_zero(b))
- | !TEST(0, TEST_BN_lt_zero(b))
- | !TEST(1, TEST_BN_ge_zero(b))
- | !TEST(1, TEST_BN_gt_zero(b))
- | !TEST(0, TEST_BN_even(b))
- | !TEST(1, TEST_BN_odd(b))
- | !TEST(1, TEST_int_eq(BN_dec2bn(&c, "-334739439"), 10))
- | !TEST(0, TEST_BN_eq_word(c, 334739439))
- | !TEST(1, TEST_BN_abs_eq_word(c, 334739439))
- | !TEST(0, TEST_BN_eq_zero(c))
- | !TEST(1, TEST_BN_ne_zero(c))
- | !TEST(1, TEST_BN_le_zero(c))
- | !TEST(1, TEST_BN_lt_zero(c))
- | !TEST(0, TEST_BN_ge_zero(c))
- | !TEST(0, TEST_BN_gt_zero(c))
- | !TEST(0, TEST_BN_even(c))
- | !TEST(1, TEST_BN_odd(c))
- | !TEST(1, TEST_BN_eq(a, a))
- | !TEST(0, TEST_BN_ne(a, a))
- | !TEST(0, TEST_BN_eq(a, b))
- | !TEST(1, TEST_BN_ne(a, b))
- | !TEST(0, TEST_BN_lt(a, c))
- | !TEST(1, TEST_BN_lt(c, b))
- | !TEST(0, TEST_BN_lt(b, c))
- | !TEST(0, TEST_BN_le(a, c))
- | !TEST(1, TEST_BN_le(c, b))
- | !TEST(0, TEST_BN_le(b, c))
- | !TEST(1, TEST_BN_gt(a, c))
- | !TEST(0, TEST_BN_gt(c, b))
- | !TEST(1, TEST_BN_gt(b, c))
- | !TEST(1, TEST_BN_ge(a, c))
- | !TEST(0, TEST_BN_ge(c, b))
- | !TEST(1, TEST_BN_ge(b, c)))
+ || !TEST(1, TEST_BN_eq_word(a, 0))
+ || !TEST(0, TEST_BN_eq_word(a, 30))
+ || !TEST(1, TEST_BN_abs_eq_word(a, 0))
+ || !TEST(0, TEST_BN_eq_one(a))
+ || !TEST(1, TEST_BN_eq_zero(a))
+ || !TEST(0, TEST_BN_ne_zero(a))
+ || !TEST(1, TEST_BN_le_zero(a))
+ || !TEST(0, TEST_BN_lt_zero(a))
+ || !TEST(1, TEST_BN_ge_zero(a))
+ || !TEST(0, TEST_BN_gt_zero(a))
+ || !TEST(1, TEST_BN_even(a))
+ || !TEST(0, TEST_BN_odd(a))
+ || !TEST(1, TEST_BN_eq(b, c))
+ || !TEST(0, TEST_BN_eq(a, b))
+ || !TEST(0, TEST_BN_ne(NULL, c))
+ || !TEST(1, TEST_int_eq(BN_dec2bn(&b, "1"), 1))
+ || !TEST(1, TEST_BN_eq_word(b, 1))
+ || !TEST(1, TEST_BN_eq_one(b))
+ || !TEST(0, TEST_BN_abs_eq_word(b, 0))
+ || !TEST(1, TEST_BN_abs_eq_word(b, 1))
+ || !TEST(0, TEST_BN_eq_zero(b))
+ || !TEST(1, TEST_BN_ne_zero(b))
+ || !TEST(0, TEST_BN_le_zero(b))
+ || !TEST(0, TEST_BN_lt_zero(b))
+ || !TEST(1, TEST_BN_ge_zero(b))
+ || !TEST(1, TEST_BN_gt_zero(b))
+ || !TEST(0, TEST_BN_even(b))
+ || !TEST(1, TEST_BN_odd(b))
+ || !TEST(1, TEST_int_eq(BN_dec2bn(&c, "-334739439"), 10))
+ || !TEST(0, TEST_BN_eq_word(c, 334739439))
+ || !TEST(1, TEST_BN_abs_eq_word(c, 334739439))
+ || !TEST(0, TEST_BN_eq_zero(c))
+ || !TEST(1, TEST_BN_ne_zero(c))
+ || !TEST(1, TEST_BN_le_zero(c))
+ || !TEST(1, TEST_BN_lt_zero(c))
+ || !TEST(0, TEST_BN_ge_zero(c))
+ || !TEST(0, TEST_BN_gt_zero(c))
+ || !TEST(0, TEST_BN_even(c))
+ || !TEST(1, TEST_BN_odd(c))
+ || !TEST(1, TEST_BN_eq(a, a))
+ || !TEST(0, TEST_BN_ne(a, a))
+ || !TEST(0, TEST_BN_eq(a, b))
+ || !TEST(1, TEST_BN_ne(a, b))
+ || !TEST(0, TEST_BN_lt(a, c))
+ || !TEST(1, TEST_BN_lt(c, b))
+ || !TEST(0, TEST_BN_lt(b, c))
+ || !TEST(0, TEST_BN_le(a, c))
+ || !TEST(1, TEST_BN_le(c, b))
+ || !TEST(0, TEST_BN_le(b, c))
+ || !TEST(1, TEST_BN_gt(a, c))
+ || !TEST(0, TEST_BN_gt(c, b))
+ || !TEST(1, TEST_BN_gt(b, c))
+ || !TEST(1, TEST_BN_ge(a, c))
+ || !TEST(0, TEST_BN_ge(c, b))
+ || !TEST(1, TEST_BN_ge(b, c)))
goto err;
r = 1;
/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return a;
}
-void setup_test_framework()
+void setup_test_framework(void)
{
char *TAP_levels = getenv("HARNESS_OSSL_LEVEL");
char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER");
/*
- * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
0xb7, 0x09, 0x02, 0x02
},
15
+ }, {
+ /*
+ * Regression test for CVE-2023-0286.
+ */
+ {
+ 0xa3, 0x00
+ },
+ 2
}
};