/test/v3ext
/test/versions
/test/ossl_shim/ossl_shim
+/test/rsa_complex
# Certain files that get created by tests on the fly
/test/test-runs
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
+
+ *) Timing vulnerability in DSA signature generation
+
+ The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+ (CVE-2018-0734)
+ [Paul Dale]
+
+ *) Timing vulnerability in ECDSA signature generation
+
+ The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+ (CVE-2018-0735)
+ [Paul Dale]
+
+ *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
+ the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
+ are retained for backwards compatibility.
+ [Antoine Salon]
+
+ *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
+ if its length exceeds 4096 bytes. The limit has been raised to a buffer size
+ of two gigabytes and the error handling improved.
+
+ This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
+ categorized as a normal bug, not a security issue, because the DRBG reseeds
+ automatically and is fully functional even without additional randomness
+ provided by the application.
+
Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
*) Add a new ClientHello callback. Provides a callback interface that gives
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
bytes sent in the client random.
[Edward Bishop <ebishop@spyglass.com>]
-
shared_extension => "",
#### Defaults for the benefit of the config targets who don't inherit
- #### a BASE and assume Unixly defaults
+ #### a BASE and assume Unix defaults
#### THESE WILL DISAPPEAR IN OpenSSL 1.2
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
? "ranlib" : "" },
RC => "windres",
+ shared_extension => ".so",
+
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
},
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
+ shared_extension => ".dll",
+
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
},
return [ @incs ];
}),
+ shared_extension => ".exe",
+
build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
},
my $ndk = $ENV{ANDROID_NDK};
die "\$ANDROID_NDK is not defined" if (!$ndk);
- die "\$ANDROID_NDK=$ndk is invalid" if (!-d "$ndk/platforms");
+ if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
+ # $ndk/platforms is traditional "all-inclusive" NDK, while
+ # $ndk/AndroidVersion.txt is so-called standalone toolchain
+ # tailored for specific target down to API level.
+ die "\$ANDROID_NDK=$ndk is invalid";
+ }
$ndk = canonpath($ndk);
my $ndkver = undef;
close $fh;
}
- my $sysroot;
+ my ($sysroot, $api, $arch);
+
+ $config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
+ $arch = $1;
- if (!($sysroot = $ENV{CROSS_SYSROOT})) {
- my $api = "*";
+ if ($sysroot = $ENV{CROSS_SYSROOT}) {
+ $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
+ ($api, $arch) = ($1, $2);
+ } elsif (-f "$ndk/AndroidVersion.txt") {
+ $sysroot = "$ndk/sysroot";
+ } else {
+ $api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
- $config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
- $sysroot = "@platforms[$#platforms]/arch-$1";
+ $sysroot = "@platforms[$#platforms]/arch-$arch";
+ $sysroot =~ m|/android-([0-9]+)/arch-$arch|;
+ $api = $1;
}
die "no sysroot=$sysroot" if (!-d $sysroot);
- $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
- my ($api, $arch) = ($1, $2);
-
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
- # see if there is NDK clang on $PATH
+ # see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
$user{CROSS_COMPILE} = undef;
+ if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
+ $user{AR} = "llvm-ar";
+ $user{ARFLAGS} = [ "rs" ];
+ $user{RANLIB} = ":";
+ }
+ } elsif (-f "$ndk/AndroidVersion.txt") { #"standalone toolchain"
+ my $cc = $user{CC} // "clang";
+ # One can probably argue that both clang and gcc should be
+ # probed, but support for "standalone toolchain" was added
+ # *after* announcement that gcc is being phased out, so
+ # favouring clang is considered adequate. Those who insist
+ # have option to enforce test for gcc with CC=gcc.
+ if (which("$triarch-$cc") !~ m|^$ndk|) {
+ die "no NDK $triarch-$cc on \$PATH";
+ }
+ $user{CC} = $cc;
+ $user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
# work...
#
my %targets = (
+ "ios-common" => {
+ template => 1,
+ inherit_from => [ "darwin-common" ],
+ sys_id => "iOS",
+ disable => [ "engine", "async" ],
+ },
"ios-xcrun" => {
- inherit_from => [ "darwin-common", asm("armv4_asm") ],
+ inherit_from => [ "ios-common", asm("armv4_asm") ],
# It should be possible to go below iOS 6 and even add -arch armv6,
# thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
# at this point.
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
- sys_id => "iOS",
perlasm_scheme => "ios32",
- disable => [ "engine" ],
},
"ios64-xcrun" => {
- inherit_from => [ "darwin-common", asm("aarch64_asm") ],
+ inherit_from => [ "ios-common", asm("aarch64_asm") ],
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
- sys_id => "iOS",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
perlasm_scheme => "ios64",
- disable => [ "engine" ],
},
"iossimulator-xcrun" => {
- inherit_from => [ "darwin-common" ],
+ inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
- sys_id => "iOS",
- disable => [ "engine" ],
},
# It takes three prior-set environment variables to make it work:
#
# CROSS_SDK=iPhoneOS.sdk
#
"iphoneos-cross" => {
- inherit_from => [ "darwin-common" ],
+ inherit_from => [ "ios-common" ],
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
- sys_id => "iOS",
- disable => [ "engine" ],
},
"ios-cross" => {
inherit_from => [ "ios-xcrun" ],
apps, as needed by the target. This code
cannot be placed in a library, as the rest
of the code isn't expected to link to it
- explicitely.
+ explicitly.
cpuid_asm_src => assembler implementation of cpuid code as
well as OPENSSL_cleanse().
Default to mem_clr.c
# Start with populating the cache with all the overrides
%cache = map { $_ => 1 } @{$unified_info{overrides}};
- # For convenience collect information regarding directories where
- # files are generated, those generated files and the end product
- # they end up in where applicable. Then, add build rules for those
- # directories
- if (exists &generatedir) {
- my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ],
- "lib" => [ @{$unified_info{libraries}} ],
- "bin" => [ @{$unified_info{programs}} ],
- "script" => [ @{$unified_info{scripts}} ] );
- foreach my $type (keys %loopinfo) {
- foreach my $product (@{$loopinfo{$type}}) {
- my %dirs = ();
- my $pd = dirname($product);
-
- # We already have a "test" target, and the current directory
- # is just silly to make a target for
- $dirs{$pd} = 1 unless $pd eq "test" || $pd eq ".";
-
- foreach (@{$unified_info{sources}->{$product}}) {
- my $d = dirname($_);
-
- # We don't want to create targets for source directories
- # when building out of source
- next if ($config{sourcedir} ne $config{builddir}
- && $d =~ m|^\Q$config{sourcedir}\E|);
- # We already have a "test" target, and the current directory
- # is just silly to make a target for
- next if $d eq "test" || $d eq ".";
-
- $dirs{$d} = 1;
- push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
- if $d ne $pd;
- }
- foreach (keys %dirs) {
- push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
- $product;
- }
- }
- }
- }
-
# Build mandatory generated headers
foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
? ()
: ( map { @{$unified_info{shared_sources}->{$_}} }
keys %{$unified_info{shared_sources}} ),
- # Things we explicitely depend on are usually generated
+ # Things we explicitly depend on are usually generated
( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
keys %{$unified_info{depends}} ));
our @generated =
# Install helper targets #############################################
-install_sw : all install_shared _install_dev_ns -
- install_engines _install_runtime_ns -
+install_sw : install_dev install_engines install_runtime -
install_startup install_ivp
-uninstall_sw : uninstall_shared _uninstall_dev_ns -
- uninstall_engines _uninstall_runtime_ns -
+uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime -
uninstall_startup uninstall_ivp
install_docs : install_html_docs
COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} -
ossl_dataroot:[000000]ct_log_list.cnf
-install_shared : check_INSTALLTOP
- @ {- output_off() if $disabled{shared}; "" -} !
- @ WRITE SYS$OUTPUT "*** Installing shareable images"
- @ ! Install shared (runtime) libraries
- - CREATE/DIR ossl_installroot:[LIB.'arch']
- {- join("\n ",
- map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
- @install_shlibs) -}
- @ {- output_on() if $disabled{shared}; "" -} !
-
-_install_dev_ns : check_INSTALLTOP
+install_dev : check_INSTALLTOP install_runtime_libs
@ WRITE SYS$OUTPUT "*** Installing development files"
@ ! Install header files
- CREATE/DIR ossl_installroot:[include.openssl]
map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
@install_libs) -}
-install_dev : install_shared _install_dev_ns
+install_engines : check_INSTALLTOP install_runtime_libs build_engines
+ @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
+ @ WRITE SYS$OUTPUT "*** Installing engines"
+ - CREATE/DIR ossl_installroot:[ENGINES{- $sover_dirname.$target{pointer_size} -}.'arch']
+ {- join("\n ",
+ map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover_dirname$target{pointer_size}.'arch']" }
+ @{$unified_info{install}->{engines}}) -}
+ @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
-_install_runtime_ns : check_INSTALLTOP
+install_runtime : install_programs
+
+install_runtime_libs : check_INSTALLTOP build_libs
+ @ {- output_off() if $disabled{shared}; "" -} !
+ @ WRITE SYS$OUTPUT "*** Installing shareable images"
+ @ ! Install shared (runtime) libraries
+ - CREATE/DIR ossl_installroot:[LIB.'arch']
+ {- join("\n ",
+ map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
+ @install_shlibs) -}
+ @ {- output_on() if $disabled{shared}; "" -} !
+
+install_programs : check_INSTALLTOP install_runtime_libs build_programs
+ @ {- output_off() if $disabled{apps}; "" -} !
@ ! Install the main program
- CREATE/DIR ossl_installroot:[EXE.'arch']
COPY/PROT=W:RE [.APPS]openssl.EXE -
COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
@ ! {- output_on() if $disabled{apps}; "" -}
-install_runtime : install_shared _install_runtime_ns
-
-install_engines : check_INSTALLTOP
- @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
- @ WRITE SYS$OUTPUT "*** Installing engines"
- - CREATE/DIR ossl_installroot:[ENGINES{- $sover_dirname.$target{pointer_size} -}.'arch']
- {- join("\n ",
- map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover_dirname$target{pointer_size}.'arch']" }
- @{$unified_info{install}->{engines}}) -}
- @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
-
install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
[.VMS]openssl_utils.com, check_INSTALLTOP
- CREATE/DIR ossl_installroot:[SYS$STARTUP]
# Install helper targets #############################################
-install_sw: all install_dev install_engines install_runtime
+install_sw: install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
fi
-install_dev:
+install_dev: install_runtime_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(ECHO) "*** Installing development files"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
- @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+ @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
@chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
- @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+ @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
$(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
fn1=`basename $$s1`; \
fn2=`basename $$s2`; \
: {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \
- $(ECHO) "install $$s1 -> $(DESTDIR)$(libdir)/$$fn1"; \
- cp $$s1 $(DESTDIR)$(libdir)/$$fn1.new; \
- chmod 755 $(DESTDIR)$(libdir)/$$fn1.new; \
- mv -f $(DESTDIR)$(libdir)/$$fn1.new \
- $(DESTDIR)$(libdir)/$$fn1; \
if [ "$$fn1" != "$$fn2" ]; then \
$(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \
ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \
@cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig
@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc
-uninstall_dev:
+uninstall_dev: uninstall_runtime_libs
@$(ECHO) "*** Uninstalling development files"
- @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+ @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
- @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+ @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
$(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
-$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig
-$(RMDIR) $(DESTDIR)$(libdir)
-install_engines:
+install_engines: install_runtime_libs build_engines
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
@$(ECHO) "*** Installing engines"
done
-$(RMDIR) $(DESTDIR)$(ENGINESDIR)
-install_runtime:
+install_runtime: install_programs
+
+install_runtime_libs: build_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
@ : {- output_off() if windowsdll(); "" -}
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)
- @ : {- output_on() if windowsdll(); "" -}
- @$(ECHO) "*** Installing runtime files"
+ @ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -}
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
+ @ : {- output_on() unless windowsdll(); "" -}
+ @$(ECHO) "*** Installing runtime libraries"
@set -e; for s in dummy $(INSTALL_SHLIBS); do \
if [ "$$s" = "dummy" ]; then continue; fi; \
fn=`basename $$s`; \
$(DESTDIR)$(libdir)/$$fn; \
: {- output_on() if windowsdll(); "" -}; \
done
+
+install_programs: install_runtime_libs build_programs
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
+ @$(ECHO) "*** Installing runtime programs"
@set -e; for x in dummy $(INSTALL_PROGRAMS); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done
-uninstall_runtime:
- @$(ECHO) "*** Uninstalling runtime files"
+uninstall_runtime: uninstall_programs uninstall_runtime_libs
+
+uninstall_programs:
+ @$(ECHO) "*** Uninstalling runtime programs"
@set -e; for x in dummy $(INSTALL_PROGRAMS); \
do \
if [ "$$x" = "dummy" ]; then continue; fi; \
$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done
+ -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
+
+uninstall_runtime_libs:
+ @$(ECHO) "*** Uninstalling runtime libraries"
@ : {- output_off() unless windowsdll(); "" -}
@set -e; for s in dummy $(INSTALL_SHLIBS); do \
if [ "$$s" = "dummy" ]; then continue; fi; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
done
@ : {- output_on() unless windowsdll(); "" -}
- -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
install_man_docs:
}
return $recipe;
}
- # On Unix, we build shlibs from static libs, so we're ignoring the
- # object file array. We *know* this routine is only called when we've
- # configure 'shared'.
+ # We *know* this routine is only called when we've configure 'shared'.
sub libobj2shlib {
my %args = @_;
my $lib = $args{lib};
die "More than one exported symbol map" if scalar @defs > 1;
my $objs = join(" ", @objs);
my $deps = join(" ", @objs, @defs, @deps);
- my $target = shlib_simple($lib);
- my $target_full = shlib($lib);
+ my $simple = shlib_simple($lib);
+ my $full = shlib($lib);
+ my $target = "$simple $full";
my $shared_soname = "";
- $shared_soname .= ' '.$target{shared_sonameflag}.basename($target_full)
+ $shared_soname .= ' '.$target{shared_sonameflag}.basename($full)
if defined $target{shared_sonameflag};
my $shared_imp = "";
- $shared_imp .= ' '.$target{shared_impflag}.basename($target)
+ $shared_imp .= ' '.$target{shared_impflag}.basename($simple)
if defined $target{shared_impflag};
my $shared_def = join("", map { ' '.$target{shared_defflag}.$_ } @defs);
my $recipe = <<"EOF";
-# When building on a Windows POSIX layer (Cygwin or Mingw), we know for a fact
-# that two files get produced, {shlibname}.dll and {libname}.dll.a.
-# With all other Unix platforms, we often build a shared library with the
-# SO version built into the file name and a symlink without the SO version
-# It's not necessary to have both as targets. The choice falls on the
-# simplest, {libname}\$(SHLIB_EXT_IMPORT) for Windows POSIX layers and
-# {libname}\$(SHLIB_EXT_SIMPLE) for the Unix platforms.
$target: $deps
\$(CC) \$(LIB_CFLAGS) $linkflags\$(LIB_LDFLAGS)$shared_soname$shared_imp \\
- -o $target_full$shared_def $objs \\
+ -o $full$shared_def $objs \\
$linklibs \$(LIB_EX_LIBS)
EOF
if (windowsdll()) {
EOF
} elsif (sharedaix()) {
$recipe .= <<"EOF";
- rm -f $target && \\
- \$(AR) r $target $target_full
+ rm -f $simple && \\
+ \$(AR) r $simple $full
EOF
} else {
$recipe .= <<"EOF";
- if [ '$target' != '$target_full' ]; then \\
- rm -f $target; \\
- ln -s $target_full $target; \\
+ if [ '$simple' != '$full' ]; then \\
+ rm -f $simple; \\
+ ln -s $full $simple; \\
fi
EOF
}
lib => $libext,
bin => $exeext );
+ # We already have a 'test' target, and the top directory is just plain
+ # silly
+ return if $dir eq "test" || $dir eq ".";
+
foreach my $type (("dso", "lib", "bin", "script")) {
next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
# For lib object files, we could update the library. However, it
my $deps = join(" ", @deps);
my $actions = join("\n", "", @actions);
return <<"EOF";
-$args{dir} $args{dir}/: $deps$actions
+$dir $dir/: $deps$actions
EOF
}
"" # Important! This becomes part of the template result.
sub lib {
(my $lib = shift) =~ s/\.a$//;
+ $lib .= '_static'
+ if (defined $unified_info{sharednames}->{$lib});
return $lib . $libext;
}
SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
-LIBS={- join(" ", map { lib($_) } @{$unified_info{libraries}}) -}
+LIBS={- join(" ", map { ( shlib_import($_), lib($_) ) } @{$unified_info{libraries}}) -}
SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
join(" ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; $x }
@generated) -}
-INSTALL_LIBS={- join(" ", map { quotify1(lib($_)) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_LIBS={- join(" ", map { quotify1(shlib_import($_) or lib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
# Install helper targets #############################################
-install_sw: all install_dev install_engines install_runtime
+install_sw: install_dev install_engines install_runtime
uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
"$(OPENSSLDIR)\ct_log_list.cnf"
-install_dev:
+install_dev: install_runtime_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing development files"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
- @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$config{defines}}; "" -}
+ @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
"$(INSTALLTOP)\include\openssl"
- @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$config{defines}}; "" -}
+ @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
"$(SRCDIR)\include\openssl\*.h" \
"$(INSTALLTOP)\include\openssl"
uninstall_dev:
-install_engines:
+install_engines: install_runtime_libs build_engines
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
@$(ECHO) "*** Installing engines"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
uninstall_engines:
-install_runtime:
+install_runtime: install_programs
+
+install_runtime_libs: build_libs
@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
- @$(ECHO) "*** Installing runtime files"
+ @$(ECHO) "*** Installing runtime libraries"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
@if not "$(SHLIBS)"=="" \
"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
"$(INSTALLTOP)\bin"
+
+install_programs: install_runtime_libs build_programs
+ @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
+ @$(ECHO) "*** Installing runtime programs"
+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
"$(INSTALLTOP)\bin"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
if ($disabled{shared}) {
return map { lib($_) } @_;
}
- foreach (@_) {
- (my $l = $_) =~ s/\.a$//;
- die "Linking with static variants of shared libraries is not supported in this configuration\n"
- if $l ne $_ && shlib($l);
- }
return map { shlib_import($_) or lib($_) } @_;
}
\$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm
EOF
}
- return <<"EOF" if (!$disabled{makedepend});
-$obj$depext: $deps
- \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
-$obj$objext: $obj$depext
- \$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
-EOF
- return <<"EOF" if ($disabled{makedepend});
+ my $recipe = <<"EOF";
$obj$objext: $deps
\$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
EOF
+ $recipe .= <<"EOF" unless $disabled{makedepend};
+ \$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
+EOF
+ return $recipe;
}
- # On Unix, we build shlibs from static libs, so we're ignoring the
- # object file array. We *know* this routine is only called when we've
- # configure 'shared'.
+ # We *know* this routine is only called when we've configure 'shared'.
+ # Also, note that even though the import library built here looks like
+ # a static library, it really isn't.
sub libobj2shlib {
my %args = @_;
my $lib = $args{lib};
- my $shlib = $args{shlib};
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x }
grep { $_ =~ m/\.(?:o|res)$/ }
@{$args{objs}};
my $linklibs = join("", map { "$_\n" } @deps);
my $objs = join("\n", @objs);
my $deps = join(" ", @objs, @defs, @deps);
- my $target = shlib_import($lib);
+ my $import = shlib_import($lib);
+ my $dll = shlib($lib);
my $shared_def = join("", map { " /def:$_" } @defs);
return <<"EOF"
-$target: $deps
- IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest
+# The import library may look like a static library, but it is not.
+# We MUST make the import library depend on the DLL, in case someone
+# mistakenly removes the latter.
+$import: $dll
+$dll: $deps
+ IF EXIST $full.manifest DEL /F /Q $full.manifest
IF EXIST \$@ DEL /F /Q \$@
\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
- /implib:\$@ \$(LDOUTFLAG)$shlib$shlibext$shared_def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1)
+ /implib:$import \$(LDOUTFLAG)$dll$shared_def @<< || (DEL /Q \$(\@B).* $import && EXIT 1)
$objs
$linklibs\$(LIB_EX_LIBS)
<<
- IF EXIST $shlib$shlibext.manifest \\
- \$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
- IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
- IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
- IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext
- COPY $shlib$shlibext apps
- COPY $shlib$shlibext test
- COPY $shlib$shlibext fuzz
+ IF EXIST $dll.manifest \\
+ \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dll.manifest \$(MTOUTFLAG)$dll
+ IF EXIST apps\\$dll DEL /Q /F apps\\$dll
+ IF EXIST test\\$dll DEL /Q /F test\\$dll
+ IF EXIST fuzz\\$dll DEL /Q /F fuzz\\$dll
+ COPY $dll apps
+ COPY $dll test
+ COPY $dll fuzz
EOF
}
sub obj2dso {
}
sub obj2lib {
my %args = @_;
- my $lib = $args{lib};
-
- # Because static libs and import libs are both named the same in native
- # Windows, we can't have both. We skip the static lib in that case,
- # as the shared libs are what we use anyway.
- return "" unless $disabled{"shared"} || $lib =~ /\.a$/;
-
- $lib =~ s/\.a$//;
+ my $lib = lib($args{lib});
my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
my $objs = join("\n", @objs);
my $deps = join(" ", @objs);
return <<"EOF";
-$lib$libext: $deps
- \$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
+$lib: $deps
+ \$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib @<<
$objs
<<
EOF
lib => $libext,
bin => $exeext );
+ # We already have a 'test' target, and the top directory is just plain
+ # silly
+ return if $dir eq "test" || $dir eq ".";
+
foreach my $type (("dso", "lib", "bin", "script")) {
next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
# For lib object files, we could update the library. However,
my $deps = join(" ", @deps);
my $actions = join("\n", "", @actions);
return <<"EOF";
-$args{dir} $args{dir}\\ : $deps$actions
+$dir $dir\\ : $deps$actions
EOF
}
"" # Important! This becomes part of the template result.
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
warn <<_____ if scalar(@seed_sources) == 1;
-You have selected the --with-rand-seed=none option, which effectively disables
-automatic reseeding of the OpenSSL random generator. All operations depending
-on the random generator such as creating keys will not work unless the random
-generator is seeded manually by the application.
-Please read the 'Note on random number generation' section in the INSTALL
-instructions and the RAND_DRBG(7) manual page for more details.
+============================== WARNING ===============================
+You have selected the --with-rand-seed=none option, which effectively
+disables automatic reseeding of the OpenSSL random generator.
+All operations depending on the random generator such as creating keys
+will not work unless the random generator is seeded manually by the
+application.
+
+Please read the 'Note on random number generation' section in the
+INSTALL instructions and the RAND_DRBG(7) manual page for more details.
+============================== WARNING ===============================
+
_____
}
push @{$config{openssl_other_defines}},
# Massage the result
+ # If the user configured no-shared, we allow no shared sources
+ if ($disabled{shared}) {
+ foreach (keys %{$unified_info{shared_sources}}) {
+ foreach (keys %{$unified_info{shared_sources}->{$_}}) {
+ delete $unified_info{sources}->{$_};
+ }
+ }
+ $unified_info{shared_sources} = {};
+ }
+
# If we depend on a header file or a perl module, add an inclusion of
# its directory to allow smoothe inclusion
foreach my $dest (keys %{$unified_info{depends}}) {
next unless defined($unified_info{includes}->{$dest}->{$k});
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
foreach my $obj (grep /\.o$/,
- (keys %{$unified_info{sources}->{$dest}},
- keys %{$unified_info{shared_sources}->{$dest}})) {
+ (keys %{$unified_info{sources}->{$dest} // {}},
+ keys %{$unified_info{shared_sources}->{$dest} // {}})) {
foreach my $inc (@incs) {
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
[ @{$unified_info{includes}->{$dest}->{source}} ];
}
}
+
+ # For convenience collect information regarding directories where
+ # files are generated, those generated files and the end product
+ # they end up in where applicable. Then, add build rules for those
+ # directories
+ my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ],
+ "dso" => [ @{$unified_info{engines}} ],
+ "bin" => [ @{$unified_info{programs}} ],
+ "script" => [ @{$unified_info{scripts}} ] );
+ foreach my $type (keys %loopinfo) {
+ foreach my $product (@{$loopinfo{$type}}) {
+ my %dirs = ();
+ my $pd = dirname($product);
+
+ foreach (@{$unified_info{sources}->{$product} // []},
+ @{$unified_info{shared_sources}->{$product} // []}) {
+ my $d = dirname($_);
+
+ # We don't want to create targets for source directories
+ # when building out of source
+ next if ($config{sourcedir} ne $config{builddir}
+ && $d =~ m|^\Q$config{sourcedir}\E|);
+ # We already have a "test" target, and the current directory
+ # is just silly to make a target for
+ next if $d eq "test" || $d eq ".";
+
+ $dirs{$d} = 1;
+ push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
+ if $d ne $pd;
+ }
+ foreach (keys %dirs) {
+ push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
+ $product;
+ }
+ }
+ }
}
# For the schemes that need it, we provide the old *_obj configs
**********************************************************************
*** ***
-*** If you want to report a building issue, please include the ***
-*** output from this command: ***
+*** OpenSSL has been successfully configured ***
+*** ***
+*** If you encounter a problem while building, please open an ***
+*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
+*** and include the output from the following command: ***
+*** ***
+*** perl configdata.pm --dump ***
*** ***
-*** perl configdata.pm --dump ***
+*** (If you are new to OpenSSL, you might want to consult the ***
+*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
EOF
Windows, and as a comma separated list of
libraries on VMS.
RANLIB The library archive indexer.
- RC The Windows resources manipulator.
- RCFLAGS Flags for the Windows reources manipulator.
+ RC The Windows resource compiler.
+ RCFLAGS Flags for the Windows resource compiler.
RM The command to remove files and directories.
These cannot be mixed with compiling / linking flags given
BUILDFILE
Use a different build file name than the platform default
- ("Makefile" on Unixly platforms, "makefile" on native Windows,
+ ("Makefile" on Unix-like platforms, "makefile" on native Windows,
"descrip.mms" on OpenVMS). This requires that there is a
corresponding build file template. See Configurations/README
for further information.
part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
the name.
- On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
+ On most POSIX platforms, shared libraries are named libcrypto.so.1.1
and libssl.so.1.1.
on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
The seeding method can be configured using the --with-rand-seed option,
which can be used to specify a comma separated list of seed methods.
However in most cases OpenSSL will choose a suitable default method,
- so it is not necessary to explicitely provide this option. Note also
+ so it is not necessary to explicitly provide this option. Note also
that not all methods are available on all platforms.
I) On operating systems which provide a suitable randomness source (in
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
+
+ o Timing vulnerability in DSA signature generation (CVE-2018-0734)
+ o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
in order to invoke $(CROSS_COMPILE)gcc and company. (Configure will fail
and give you a hint if you get it wrong.) Apart from PATH adjustment
you need to set ANDROID_NDK environment to point at NDK directory
- as /some/where/android-ndk-<ver>. NDK customarily supports multiple
+ as /some/where/android-ndk-<ver>. Both variables are significant at both
+ configuration and compilation times. NDK customarily supports multiple
Android API levels, e.g. android-14, android-21, etc. By default latest
one available is chosen. If you need to target older platform, pass
additional -D__ANDROID_API__=N to Configure. N is numeric value of the
target platform version. For example, to compile for ICS on ARM with
NDK 10d:
- ANDROID_NDK=/some/where/android-ndk-10d
+ export ANDROID_NDK=/some/where/android-ndk-10d
PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
./Configure android-arm -D__ANDROID_API__=14
+ make
Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT
variable set to $ANDROID_NDK/platforms/android-<api>/arch-<arch> to
conflict, and mixing the two is therefore not supported. Migration to
CROSS_SYSROOT-less setup is recommended.
- One can engage clang by adjusting PATH to cover NDK's clang. Just keep
- in mind that if you miss it, Configure will try to use gcc... Also,
- PATH would need even further adjustment to cover unprefixed, yet
+ One can engage clang by adjusting PATH to cover same NDK's clang. Just
+ keep in mind that if you miss it, Configure will try to use gcc...
+ Also, PATH would need even further adjustment to cover unprefixed, yet
target-specific, ar and ranlib. It's possible that you don't need to
bother, if binutils-multiarch is installed on your Linux system.
+ Another option is to create so called "standalone toolchain" tailored
+ for single specific platform including Android API level, and assign its
+ location to ANDROID_NDK. In such case you have to pass matching target
+ name to Configure and shouldn't use -D__ANDROID_API__=N. PATH adjusment
+ becomes simpler, $ANDROID_NDK/bin:$PATH suffices.
+
Running tests (on Linux)
------------------------
- OpenSSL 1.1.1 11 Sep 2018
+ OpenSSL 1.1.1a 20 Nov 2018
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
if (RAND_load_file(randfile, -1) < 0) {
BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
ERR_print_errors(bio_err);
- return;
}
if (save_rand_file == NULL)
save_rand_file = OPENSSL_strdup(randfile);
opt_getprog(), typestr);
continue;
}
+ if (*valstr == '\0') {
+ BIO_printf(bio_err,
+ "%s: No value provided for Subject Attribute %s, skipped\n",
+ opt_getprog(), typestr);
+ continue;
+ }
if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
valstr, strlen((char *)valstr),
-1, ismulti ? -1 : 0))
# define OPT_FMT_SMIME (1L << 3)
# define OPT_FMT_ENGINE (1L << 4)
# define OPT_FMT_MSBLOB (1L << 5)
-# define OPT_FMT_NETSCAPE (1L << 6)
+/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
# define OPT_FMT_NSS (1L << 7)
# define OPT_FMT_TEXT (1L << 8)
# define OPT_FMT_HTTP (1L << 9)
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
- OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
- OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+ OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
+ OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
char *opt_progname(const char *argv0);
char *opt_getprog(void);
/*
* outdir is a directory spec, but access() for VMS demands a
* filename. We could use the DEC C routine to convert the
- * directory syntax to Unixly, and give that to app_isdir,
+ * directory syntax to Unix, and give that to app_isdir,
* but for now the fopen will catch the error if it's not a
* directory
*/
BIO_printf(bio_err, "Write out database with %d new entries\n",
sk_X509_num(cert_sk));
- if (!rand_ser
+ if (serialfile != NULL
&& !save_serial(serialfile, "new", serial, NULL))
goto end;
if (sk_X509_num(cert_sk)) {
/* Rename the database and the serial file */
- if (!rotate_serial(serialfile, "new", "old"))
+ if (serialfile != NULL
+ && !rotate_serial(serialfile, "new", "old"))
goto end;
if (!rotate_index(dbfile, "new", "old"))
}
/* we have a CRL number that need updating */
- if (crlnumberfile != NULL)
- if (!rand_ser
- && !save_serial(crlnumberfile, "new", crlnumber, NULL))
- goto end;
+ if (crlnumberfile != NULL
+ && !save_serial(crlnumberfile, "new", crlnumber, NULL))
+ goto end;
BN_free(crlnumber);
crlnumber = NULL;
PEM_write_bio_X509_CRL(Sout, crl);
- if (crlnumberfile != NULL) /* Rename the crlnumber file */
- if (!rotate_serial(crlnumberfile, "new", "old"))
- goto end;
+ /* Rename the crlnumber file */
+ if (crlnumberfile != NULL
+ && !rotate_serial(crlnumberfile, "new", "old"))
+ goto end;
}
/*****************************************************************/
sleep(30);
break;
case 0: /* child */
+ OPENSSL_free(kidpids);
signal(SIGINT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
if (termsig)
}
/* The loop above can only break on termsig */
+ OPENSSL_free(kidpids);
syslog(LOG_INFO, "terminating on signal: %d", termsig);
killall(0, kidpids);
}
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
-RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
# must be commented out to leave a V1 CRL
crl = $dir]crl.pem # The current CRL
private_key = $dir.private]cakey.pem# The private key
-RANDFILE = $dir.private].rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
-RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
{"smime", OPT_FMT_SMIME},
{"engine", OPT_FMT_ENGINE},
{"msblob", OPT_FMT_MSBLOB},
- {"netscape", OPT_FMT_NETSCAPE},
{"nss", OPT_FMT_NSS},
{"text", OPT_FMT_TEXT},
{"http", OPT_FMT_HTTP},
/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
const OPTIONS rsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
- {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},
- {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},
+ {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
+ {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
{"in", OPT_IN, 's', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
+ if (pk == NULL)
+ goto end;
+
EVP_PKEY_set1_RSA(pk, rsa);
if (outformat == FORMAT_PVK) {
if (pubin) {
int ssl_print_tmp_key(BIO *out, SSL *s)
{
EVP_PKEY *key;
- if (!SSL_get_server_tmp_key(s, &key))
+
+ if (!SSL_get_peer_tmp_key(s, &key))
return 1;
BIO_puts(out, "Server Temp Key: ");
switch (EVP_PKEY_id(key)) {
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
- BIO_printf(bio_s_out,
- "PSK warning: client identity not what we expected"
- " (got '%s' expected '%s')\n", identity, psk_identity);
+ *sess = NULL;
+ return 1;
}
if (psksess != NULL) {
goto end;
}
#endif
+ if (early_data && (www > 0 || rev)) {
+ BIO_printf(bio_err,
+ "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
+ goto end;
+ }
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
- for (testnum++; testnum < EC_NUM; testnum++)
+ for (testnum++; testnum < ECDSA_NUM; testnum++)
ecdsa_doit[testnum] = 0;
}
}
const OPTIONS x509_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'f',
- "Input format - default PEM (one of DER, NET or PEM)"},
+ "Input format - default PEM (one of DER or PEM)"},
{"in", OPT_IN, '<', "Input file - default stdin"},
{"outform", OPT_OUTFORM, 'f',
- "Output format - default PEM (one of DER, NET or PEM)"},
+ "Output format - default PEM (one of DER or PEM)"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
{"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
#endif
/*
- * The POSIXly macro for the maximum number of characters in a file path is
+ * The POSIX macro for the maximum number of characters in a file path is
* NAME_MAX. However, some operating systems use PATH_MAX instead.
* Therefore, it seems natural to first check for PATH_MAX and use that, and
* if it doesn't exist, use NAME_MAX.
# include <unistd.h>
-# if _POSIX_VERSION >= 200112L
+# if _POSIX_VERSION >= 200112L \
+ && (_POSIX_VERSION < 200809L || defined(__GLIBC__))
# include <pthread.h>
*/
int BIO_bind(int sock, const BIO_ADDR *addr, int options)
{
+# ifndef OPENSSL_SYS_WINDOWS
int on = 1;
+# endif
if (sock == -1) {
BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET);
argi = (int)len;
}
- if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+ if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
if (*processed > INT_MAX)
return -1;
inret = *processed;
ret = b->callback(b, oper, argp, argi, argl, inret);
- if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+ if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
*processed = (size_t)ret;
ret = 1;
}
# endif /* Unix */
+#else /* NO_SYSLOG */
+const BIO_METHOD *BIO_s_log(void)
+{
+ return NULL;
+}
#endif /* NO_SYSLOG */
/*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* machine.
*/
-# if defined(_WIN64) || !defined(__LP64__)
-# define BN_ULONG unsigned long long
-# else
-# define BN_ULONG unsigned long
-# endif
-
# undef mul
# undef mul_add
* is not only slower but also makes each bit vulnerable to
* EM (and likely other) side-channel attacks like One&Done
* (for details see "One&Done: A Single-Decryption EM-Based
- * Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam,
+ * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
* H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
* M. Prvulovic, in USENIX Security'18)
*/
b->neg ^= t;
/*-
- * Idea behind BN_FLG_STATIC_DATA is actually to
- * indicate that data may not be written to.
- * Intention is actually to treat it as it's
- * read-only data, and some (if not most) of it does
- * reside in read-only segment. In other words
- * observation of BN_FLG_STATIC_DATA in
- * BN_consttime_swap should be treated as fatal
- * condition. It would either cause SEGV or
- * effectively cause data corruption.
- * BN_FLG_MALLOCED refers to BN structure itself,
- * and hence must be preserved. Remaining flags are
- * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be
- * preserved, because it determines how x->d was
- * allocated and hence how to free it. This leaves
- * BN_FLG_CONSTTIME that one can do something about.
- * To summarize it's sufficient to mask and swap
- * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should
- * be treated as fatal.
+ * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
+ * is actually to treat it as it's read-only data, and some (if not most)
+ * of it does reside in read-only segment. In other words observation of
+ * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
+ * condition. It would either cause SEGV or effectively cause data
+ * corruption.
+ *
+ * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
+ * preserved.
+ *
+ * BN_FLG_SECURE: must be preserved, because it determines how x->d was
+ * allocated and hence how to free it.
+ *
+ * BN_FLG_CONSTTIME: sufficient to mask and swap
+ *
+ * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
+ * the data, so the d array may be padded with additional 0 values (i.e.
+ * top could be greater than the minimal value that it could be). We should
+ * be swapping it
*/
- t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition;
+
+#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
+
+ t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
a->flags ^= t;
b->flags ^= t;
SOURCE[../libcrypto]=\
cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
- threads_pthread.c threads_win.c threads_none.c \
+ threads_pthread.c threads_win.c threads_none.c getenv.c \
o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
{- $target{uplink_aux_src} -}
EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
/* Part of the code in here was originally in conf.c, which is now removed */
#include "e_os.h"
+#include "internal/cryptlib.h"
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
if (v != NULL)
return v->value;
if (strcmp(section, "ENV") == 0) {
- p = getenv(name);
+ p = ossl_safe_getenv(name);
if (p != NULL)
return p;
}
else
return NULL;
} else
- return getenv(name);
+ return ossl_safe_getenv(name);
}
static unsigned long conf_value_hash(const CONF_VALUE *v)
char *file, *sep = "";
int len;
- if (!OPENSSL_issetugid()) {
- file = getenv("OPENSSL_CONF");
- if (file)
- return OPENSSL_strdup(file);
- }
+ if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
+ return OPENSSL_strdup(file);
len = strlen(X509_get_default_cert_area());
#ifndef OPENSSL_SYS_VMS
if (_OPENSSL_isservice.p == NULL) {
HANDLE mod = GetModuleHandle(NULL);
- FARPROC f;
+ FARPROC f = NULL;
if (mod != NULL)
f = GetProcAddress(mod, "_OPENSSL_isservice");
int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
{
- const char *fpath = getenv(CTLOG_FILE_EVP);
+ const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
if (fpath == NULL)
fpath = CTLOG_FILE;
if (mctx == NULL)
goto err;
+ /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+ if (L <= N) {
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+ goto err;
+ }
+
if (evpmd == NULL) {
if (N == 160)
evpmd = EVP_sha1();
#include <stdio.h>
#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
#include <openssl/bn.h>
#include <openssl/sha.h>
#include "dsa_locl.h"
DSA_SIG *sig, DSA *dsa);
static int dsa_init(DSA *dsa);
static int dsa_finish(DSA *dsa);
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+ BN_CTX *ctx);
static DSA_METHOD openssl_dsa_meth = {
"OpenSSL DSA method",
{
BN_CTX *ctx = NULL;
BIGNUM *k, *kinv = NULL, *r = *rp;
- BIGNUM *l, *m;
+ BIGNUM *l;
int ret = 0;
- int q_bits;
+ int q_bits, q_words;
if (!dsa->p || !dsa->q || !dsa->g) {
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
k = BN_new();
l = BN_new();
- m = BN_new();
- if (k == NULL || l == NULL || m == NULL)
+ if (k == NULL || l == NULL)
goto err;
if (ctx_in == NULL) {
/* Preallocate space */
q_bits = BN_num_bits(dsa->q);
- if (!BN_set_bit(k, q_bits)
- || !BN_set_bit(l, q_bits)
- || !BN_set_bit(m, q_bits))
+ q_words = bn_get_top(dsa->q);
+ if (!bn_wexpand(k, q_words + 2)
+ || !bn_wexpand(l, q_words + 2))
goto err;
/* Get random k */
} while (BN_is_zero(k));
BN_set_flags(k, BN_FLG_CONSTTIME);
+ BN_set_flags(l, BN_FLG_CONSTTIME);
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
* small timing information leakage. We then choose the sum that is
* one bit longer than the modulus.
*
- * TODO: revisit the BN_copy aiming for a memory access agnostic
- * conditional copy.
+ * There are some concerns about the efficacy of doing this. More
+ * specificly refer to the discussion starting with:
+ * https://github.com/openssl/openssl/pull/7486#discussion_r228323705
+ * The fix is to rework BN so these gymnastics aren't required.
*/
if (!BN_add(l, k, dsa->q)
- || !BN_add(m, l, dsa->q)
- || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
+ || !BN_add(k, l, dsa->q))
goto err;
+ BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
+
if ((dsa)->meth->bn_mod_exp != NULL) {
if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
dsa->method_mont_p))
if (!BN_mod(r, r, dsa->q, ctx))
goto err;
- /* Compute part of 's = inv(k) (m + xr) mod q' */
- if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
+ /* Compute part of 's = inv(k) (m + xr) mod q' */
+ if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
goto err;
BN_clear_free(*kinvp);
BN_CTX_free(ctx);
BN_clear_free(k);
BN_clear_free(l);
- BN_clear_free(m);
return ret;
}
BN_MONT_CTX_free(dsa->method_mont_p);
return 1;
}
+
+/*
+ * Compute the inverse of k modulo q.
+ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
+ * mod-exp operation. Both the exponent and modulus are public information
+ * so a mod-exp that doesn't leak the base is sufficient. A newly allocated
+ * BIGNUM is returned which the caller must free.
+ */
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+ BN_CTX *ctx)
+{
+ BIGNUM *res = NULL;
+ BIGNUM *r, *e;
+
+ if ((r = BN_new()) == NULL)
+ return NULL;
+
+ BN_CTX_start(ctx);
+ if ((e = BN_CTX_get(ctx)) != NULL
+ && BN_set_word(r, 2)
+ && BN_sub(e, q, r)
+ && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
+ res = r;
+ else
+ BN_free(r);
+ BN_CTX_end(ctx);
+ return res;
+}
if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
return 0;
- if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
+ if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
return 0;
kdf_md = EVP_get_digestbynid(kdfmd_nid);
ecdh_nid = NID_dh_cofactor_kdf;
if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
- kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
+ kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
goto err;
} else
*/
cardinality_bits = BN_num_bits(cardinality);
group_top = bn_get_top(cardinality);
- if ((bn_wexpand(k, group_top + 1) == NULL)
- || (bn_wexpand(lambda, group_top + 1) == NULL)) {
+ if ((bn_wexpand(k, group_top + 2) == NULL)
+ || (bn_wexpand(lambda, group_top + 2) == NULL)) {
ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
goto err;
}
* k := scalar + 2*cardinality
*/
kbit = BN_is_bit_set(lambda, cardinality_bits);
- BN_consttime_swap(kbit, k, lambda, group_top + 1);
+ BN_consttime_swap(kbit, k, lambda, group_top + 2);
group_top = bn_get_top(group->field);
if ((bn_wexpand(s->X, group_top) == NULL)
if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
goto err;
/* Do KDF stuff */
- if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,
+ if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
goto err;
rv = 1;
case EVP_PKEY_CTRL_EC_KDF_TYPE:
if (p1 == -2)
return dctx->kdf_type;
- if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
+ if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
return -2;
dctx->kdf_type = p1;
return 1;
/*
- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <string.h>
#include <openssl/ec.h>
#include <openssl/evp.h>
+#include "ec_lcl.h"
-/* Key derivation function from X9.62/SECG */
+/* Key derivation function from X9.63/SECG */
/* Way more than we will ever need */
#define ECDH_KDF_MAX (1 << 30)
-int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
const EVP_MD *md)
EVP_MD_CTX_free(mctx);
return rv;
}
+
+/*-
+ * The old name for ecdh_KDF_X9_63
+ * Retained for ABI compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo, size_t sinfolen,
+ const EVP_MD *md)
+{
+ return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
+}
# define CHECK_BSD_STYLE_MACROS
#endif
+/*
+ * ONE global file descriptor for all sessions. This allows operations
+ * such as digest session data copying (see digest_copy()), but is also
+ * saner... why re-open /dev/crypto for every session?
+ */
+static int cfd;
+
/******************************************************************************
*
* Ciphers
*****/
struct cipher_ctx {
- int cfd;
struct session_op sess;
/* to pass from init to do_cipher */
{ NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
{ NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
#ifndef OPENSSL_NO_RC4
- { NID_rc4, 1, 16, 0, CRYPTO_ARC4 },
+ { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 },
#endif
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR)
{ NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
const struct cipher_data_st *cipher_d =
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
- if ((cipher_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
- SYSerr(SYS_F_OPEN, errno);
- return 0;
- }
-
memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
cipher_ctx->sess.keylen = cipher_d->keylen;
cipher_ctx->sess.key = (void *)key;
cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
- if (ioctl(cipher_ctx->cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
- close(cipher_ctx->cfd);
return 0;
}
cryp.flags = COP_FLAG_WRITE_IV;
#endif
- if (ioctl(cipher_ctx->cfd, CIOCCRYPT, &cryp) < 0) {
+ if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
struct cipher_ctx *cipher_ctx =
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- if (ioctl(cipher_ctx->cfd, CIOCFSESSION, &cipher_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
- if (close(cipher_ctx->cfd) < 0) {
- SYSerr(SYS_F_CLOSE, errno);
- return 0;
- }
return 1;
}
static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
-static void prepare_cipher_methods()
+static void prepare_cipher_methods(void)
{
size_t i;
struct session_op sess;
- int cfd;
-
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
- return;
memset(&sess, 0, sizeof(sess));
sess.key = (void *)"01234567890123456789012345678901234567890123456789";
sess.cipher = cipher_data[i].devcryptoid;
sess.keylen = cipher_data[i].keylen;
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
- || ioctl(cfd, CIOCFSESSION, &sess) < 0)
+ || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
continue;
if ((known_cipher_methods[i] =
cipher_data[i].nid;
}
}
-
- close(cfd);
}
static const EVP_CIPHER *get_cipher_method(int nid)
known_cipher_methods[i] = NULL;
}
-static void destroy_all_cipher_methods()
+static void destroy_all_cipher_methods(void)
{
size_t i;
/*
* We only support digests if the cryptodev implementation supports multiple
- * data updates. Otherwise, we would be forced to maintain a cache, which is
- * perilous if there's a lot of data coming in (if someone wants to checksum
- * an OpenSSL tarball, for example).
+ * data updates and session copying. Otherwise, we would be forced to maintain
+ * a cache, which is perilous if there's a lot of data coming in (if someone
+ * wants to checksum an OpenSSL tarball, for example).
*/
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#define IMPLEMENT_DIGEST
/******************************************************************************
*
*****/
struct digest_ctx {
- int cfd;
struct session_op sess;
int init;
};
const struct digest_data_st *digest_d =
get_digest_data(EVP_MD_CTX_type(ctx));
- if (digest_ctx->init == 0
- && (digest_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
- SYSerr(SYS_F_OPEN, errno);
- return 0;
- }
-
digest_ctx->init = 1;
memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
digest_ctx->sess.mac = digest_d->devcryptoid;
- if (ioctl(digest_ctx->cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
- close(digest_ctx->cfd);
return 0;
}
cryp.dst = NULL;
cryp.mac = res;
cryp.flags = flags;
- return ioctl(ctx->cfd, CIOCCRYPT, &cryp);
+ return ioctl(cfd, CIOCCRYPT, &cryp);
}
static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
- if (ioctl(digest_ctx->cfd, CIOCFSESSION, &digest_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
return 1;
}
-static int digest_cleanup(EVP_MD_CTX *ctx)
+static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{
- struct digest_ctx *digest_ctx =
- (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+ struct digest_ctx *digest_from =
+ (struct digest_ctx *)EVP_MD_CTX_md_data(from);
+ struct digest_ctx *digest_to =
+ (struct digest_ctx *)EVP_MD_CTX_md_data(to);
+ struct cphash_op cphash;
+
+ if (digest_from == NULL)
+ return 1;
- if (close(digest_ctx->cfd) < 0) {
- SYSerr(SYS_F_CLOSE, errno);
+ if (digest_from->init != 1) {
+ SYSerr(SYS_F_IOCTL, EINVAL);
return 0;
}
+ if (!digest_init(to)) {
+ SYSerr(SYS_F_IOCTL, errno);
+ return 0;
+ }
+
+ cphash.src_ses = digest_from->sess.ses;
+ cphash.dst_ses = digest_to->sess.ses;
+ if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) {
+ SYSerr(SYS_F_IOCTL, errno);
+ return 0;
+ }
+ return 1;
+}
+
+static int digest_cleanup(EVP_MD_CTX *ctx)
+{
return 1;
}
static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */
static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, };
-static void prepare_digest_methods()
+static void prepare_digest_methods(void)
{
size_t i;
struct session_op sess;
- int cfd;
-
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
- return;
memset(&sess, 0, sizeof(sess));
*/
sess.mac = digest_data[i].devcryptoid;
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
- || ioctl(cfd, CIOCFSESSION, &sess) < 0)
+ || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
continue;
if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
|| !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
|| !EVP_MD_meth_set_update(known_digest_methods[i], digest_update)
|| !EVP_MD_meth_set_final(known_digest_methods[i], digest_final)
+ || !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy)
|| !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup)
|| !EVP_MD_meth_set_app_datasize(known_digest_methods[i],
sizeof(struct digest_ctx))) {
known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid;
}
}
-
- close(cfd);
}
static const EVP_MD *get_digest_method(int nid)
known_digest_methods[i] = NULL;
}
-static void destroy_all_digest_methods()
+static void destroy_all_digest_methods(void)
{
size_t i;
static int devcrypto_unload(ENGINE *e)
{
destroy_all_cipher_methods();
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#ifdef IMPLEMENT_DIGEST
destroy_all_digest_methods();
#endif
+
+ close(cfd);
+
return 1;
}
/*
{
ENGINE *e = NULL;
- if (access("/dev/crypto", R_OK | W_OK) < 0) {
- fprintf(stderr,
- "/dev/crypto not present, not enabling devcrypto engine\n");
+ if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+ fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
return;
}
prepare_cipher_methods();
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#ifdef IMPLEMENT_DIGEST
prepare_digest_methods();
#endif
- if ((e = ENGINE_new()) == NULL)
+ if ((e = ENGINE_new()) == NULL
+ || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
+ ENGINE_free(e);
+ /*
+ * We know that devcrypto_unload() won't be called when one of the
+ * above two calls have failed, so we close cfd explicitly here to
+ * avoid leaking resources.
+ */
+ close(cfd);
return;
+ }
if (!ENGINE_set_id(e, "devcrypto")
|| !ENGINE_set_name(e, "/dev/crypto engine")
- || !ENGINE_set_destroy_function(e, devcrypto_unload)
/*
* Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD
# endif
#endif
|| !ENGINE_set_ciphers(e, devcrypto_ciphers)
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#ifdef IMPLEMENT_DIGEST
|| !ENGINE_set_digests(e, devcrypto_digests)
#endif
) {
* Prevent infinite recursion if we're looking for the dynamic engine.
*/
if (strcmp(id, "dynamic")) {
- if (OPENSSL_issetugid()
- || (load_dir = getenv("OPENSSL_ENGINES")) == NULL)
+ if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
load_dir = ENGINESDIR;
iterator = ENGINE_by_id("dynamic");
if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
RAND_F_RAND_POOL_ADD:103:rand_pool_add
RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
+RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach
RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
RAND_F_RAND_POOL_NEW:116:rand_pool_new
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
if (!cctx->aes.ccm.len_set) {
/*-
- * In case message length was not previously set explicitely via
+ * In case message length was not previously set explicitly via
* Update(), set it now.
*/
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
{
int i;
- EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+ if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0)
+ return 0;
if (i == 128)
return RC2_128_MAGIC;
else if (i == 64)
return -1;
if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
return -1;
- EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
- if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
+ if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits,
+ NULL) <= 0
+ || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
return -1;
}
return i;
void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
int (**pcheck) (EVP_PKEY *pkey))
{
- if (*pcheck)
+ if (pcheck != NULL)
*pcheck = pmeth->check;
}
void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
int (**pcheck) (EVP_PKEY *pkey))
{
- if (*pcheck)
+ if (pcheck != NULL)
*pcheck = pmeth->public_check;
}
void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
int (**pcheck) (EVP_PKEY *pkey))
{
- if (*pcheck)
+ if (pcheck != NULL)
*pcheck = pmeth->param_check;
}
--- /dev/null
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+
+char *ossl_safe_getenv(const char *name)
+{
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 17)
+# define SECURE_GETENV
+ return secure_getenv(name);
+# endif
+#endif
+
+#ifndef SECURE_GETENV
+ if (OPENSSL_issetugid())
+ return NULL;
+ return getenv(name);
+#endif
+}
__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
const BIGNUM *x, BN_CTX *ctx);
+/*-
+ * ECDH Key Derivation Function as defined in ANSI X9.63
+ */
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+ const unsigned char *Z, size_t Zlen,
+ const unsigned char *sinfo, size_t sinfolen,
+ const EVP_MD *md);
+
# endif /* OPENSSL_NO_EC */
#endif
void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
unsigned char *out, size_t outlen);
-size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
-void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen);
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
/*
* RAND_POOL functions
*/
RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+ size_t entropy);
void rand_pool_free(RAND_POOL *pool);
const unsigned char *rand_pool_buffer(RAND_POOL *pool);
unsigned char *rand_pool_detach(RAND_POOL *pool);
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
size_t rand_pool_entropy(RAND_POOL *pool);
size_t rand_pool_length(RAND_POOL *pool);
return -2;
}
+static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
+{
+ HKDF_PKEY_CTX *kctx = ctx->data;
+
+ OPENSSL_clear_free(kctx->key, kctx->key_len);
+ OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+ OPENSSL_cleanse(kctx->info, kctx->info_len);
+ memset(kctx, 0, sizeof(*kctx));
+
+ return 1;
+}
+
static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
0, 0,
- 0,
+ pkey_hkdf_derive_init,
pkey_hkdf_derive,
pkey_hkdf_ctrl,
pkey_hkdf_ctrl_str
#include <string.h>
-/* e_os.h includes unistd.h, which defines _POSIX_VERSION */
-#if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
- && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
- || defined(__sun) || defined(__hpux) || defined(__sgi) \
- || defined(__osf__) )
-# define IMPLEMENTED
+/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
+#ifdef OPENSSL_SECURE_MEMORY
# include <stdlib.h>
# include <assert.h>
# include <unistd.h>
# define MAP_ANON MAP_ANONYMOUS
#endif
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
static size_t secure_mem_used;
static int secure_mem_initialized;
int CRYPTO_secure_malloc_init(size_t size, int minsize)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
int ret = 0;
if (!secure_mem_initialized) {
return ret;
#else
return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
int CRYPTO_secure_malloc_done(void)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
if (secure_mem_used == 0) {
sh_done();
secure_mem_initialized = 0;
sec_malloc_lock = NULL;
return 1;
}
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
return 0;
}
int CRYPTO_secure_malloc_initialized(void)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
return secure_mem_initialized;
#else
return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
void *ret;
size_t actual_size;
return ret;
#else
return CRYPTO_malloc(num, file, line);
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
if (secure_mem_initialized)
/* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
return CRYPTO_secure_malloc(num, file, line);
void CRYPTO_secure_free(void *ptr, const char *file, int line)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
size_t actual_size;
if (ptr == NULL)
CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
CRYPTO_free(ptr, file, line);
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
void CRYPTO_secure_clear_free(void *ptr, size_t num,
const char *file, int line)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
size_t actual_size;
if (ptr == NULL)
return;
OPENSSL_cleanse(ptr, num);
CRYPTO_free(ptr, file, line);
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
int CRYPTO_secure_allocated(const void *ptr)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
int ret;
if (!secure_mem_initialized)
return ret;
#else
return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
size_t CRYPTO_secure_used(void)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
return secure_mem_used;
#else
return 0;
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
}
size_t CRYPTO_secure_actual_size(void *ptr)
{
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
size_t actual_size;
CRYPTO_THREAD_write_lock(sec_malloc_lock);
/*
* SECURE HEAP IMPLEMENTATION
*/
-#ifdef IMPLEMENTED
+#ifdef OPENSSL_SECURE_MEMORY
/*
OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
return sh.arena_size / (ONE << list);
}
-#endif /* IMPLEMENTED */
+#endif /* OPENSSL_SECURE_MEMORY */
# endif
# endif
+#include "e_os.h"
#include "internal/cryptlib.h"
#if !defined(OPENSSL_NO_STDIO)
# include <stdio.h>
-# ifdef _WIN32
-# include <windows.h>
-# endif
# ifdef __DJGPP__
# include <unistd.h>
# endif
* https://www.openssl.org/source/license.html
*/
-# include <stdio.h>
-# include "internal/cryptlib.h"
-# include <openssl/crypto.h>
-# include <openssl/hmac.h>
-# include <openssl/rand.h>
-# include <openssl/pkcs12.h>
-# include "p12_lcl.h"
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/pkcs12.h>
+#include "p12_lcl.h"
int PKCS12_mac_present(const PKCS12 *p12)
{
}
}
-# define TK26_MAC_KEY_LEN 32
+#define TK26_MAC_KEY_LEN 32
static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
const unsigned char *salt, int saltlen,
if ((md_type_nid == NID_id_GostR3411_94
|| md_type_nid == NID_id_GostR3411_2012_256
|| md_type_nid == NID_id_GostR3411_2012_512)
- && !getenv("LEGACY_GOST_PKCS12")) {
+ && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) {
md_size = TK26_MAC_KEY_LEN;
if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
md_size, key, md_type)) {
/*
- * Copyright 2016-20018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
/* df initialisation */
static const unsigned char df_key[32] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
- 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
- 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
if (ctr->ctx_df == NULL)
return 0;
drbg->min_entropylen = ctr->keylen;
- drbg->max_entropylen = DRBG_MINMAX_FACTOR * drbg->min_entropylen;
+ drbg->max_entropylen = DRBG_MAX_LENGTH;
drbg->min_noncelen = drbg->min_entropylen / 2;
- drbg->max_noncelen = DRBG_MINMAX_FACTOR * drbg->min_noncelen;
+ drbg->max_noncelen = DRBG_MAX_LENGTH;
drbg->max_perslen = DRBG_MAX_LENGTH;
drbg->max_adinlen = DRBG_MAX_LENGTH;
} else {
static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL;
+/* A logical OR of all used DRBG flag bits (currently there is only one) */
+static const unsigned int rand_drbg_used_flags =
+ RAND_DRBG_FLAG_CTR_NO_DF;
+
static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
static RAND_DRBG *rand_drbg_new(int secure,
flags = rand_drbg_flags;
}
+ /* If set is called multiple times - clear the old one */
+ if (drbg->type != 0 && (type != drbg->type || flags != drbg->flags)) {
+ drbg->meth->uninstantiate(drbg);
+ rand_pool_free(drbg->adin_pool);
+ drbg->adin_pool = NULL;
+ }
+
drbg->state = DRBG_UNINITIALISED;
drbg->flags = flags;
drbg->type = type;
switch (type) {
default:
+ drbg->type = 0;
+ drbg->flags = 0;
+ drbg->meth = NULL;
RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE);
return 0;
case 0:
/* Uninitialized; that's okay. */
+ drbg->meth = NULL;
return 1;
case NID_aes_128_ctr:
case NID_aes_192_ctr:
break;
}
- if (ret == 0)
+ if (ret == 0) {
+ drbg->state = DRBG_ERROR;
RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG);
+ }
return ret;
}
break;
}
- if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) {
+ if ((flags & ~rand_drbg_used_flags) != 0) {
RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
return 0;
}
return drbg;
-err:
- if (drbg->secure)
- OPENSSL_secure_free(drbg);
- else
- OPENSSL_free(drbg);
+ err:
+ RAND_DRBG_free(drbg);
return NULL;
}
if (drbg->meth != NULL)
drbg->meth->uninstantiate(drbg);
+ rand_pool_free(drbg->adin_pool);
CRYPTO_THREAD_lock_free(drbg->lock);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
max_entropylen += drbg->max_noncelen;
}
+ drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
+ if (drbg->reseed_next_counter) {
+ drbg->reseed_next_counter++;
+ if(!drbg->reseed_next_counter)
+ drbg->reseed_next_counter = 1;
+ }
+
if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, &entropy, min_entropy,
min_entropylen, max_entropylen, 0);
if (entropylen < min_entropylen
- || entropylen > max_entropylen) {
+ || entropylen > max_entropylen) {
RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
goto end;
}
}
drbg->state = DRBG_READY;
- drbg->generate_counter = 0;
+ drbg->reseed_gen_counter = 1;
drbg->reseed_time = time(NULL);
- if (drbg->reseed_counter > 0) {
- if (drbg->parent == NULL)
- drbg->reseed_counter++;
- else
- drbg->reseed_counter = drbg->parent->reseed_counter;
- }
+ tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter);
-end:
+ end:
if (entropy != NULL && drbg->cleanup_entropy != NULL)
drbg->cleanup_entropy(drbg, entropy, entropylen);
- if (nonce != NULL && drbg->cleanup_nonce!= NULL )
+ if (nonce != NULL && drbg->cleanup_nonce != NULL)
drbg->cleanup_nonce(drbg, nonce, noncelen);
- if (drbg->pool != NULL) {
- if (drbg->state == DRBG_READY) {
- RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
- RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED);
- drbg->state = DRBG_ERROR;
- }
- rand_pool_free(drbg->pool);
- drbg->pool = NULL;
- }
if (drbg->state == DRBG_READY)
return 1;
return 0;
int RAND_DRBG_uninstantiate(RAND_DRBG *drbg)
{
if (drbg->meth == NULL) {
+ drbg->state = DRBG_ERROR;
RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE,
RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
return 0;
}
drbg->state = DRBG_ERROR;
+
+ drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
+ if (drbg->reseed_next_counter) {
+ drbg->reseed_next_counter++;
+ if(!drbg->reseed_next_counter)
+ drbg->reseed_next_counter = 1;
+ }
+
if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen,
drbg->max_entropylen,
prediction_resistance);
if (entropylen < drbg->min_entropylen
- || entropylen > drbg->max_entropylen) {
+ || entropylen > drbg->max_entropylen) {
RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY);
goto end;
}
goto end;
drbg->state = DRBG_READY;
- drbg->generate_counter = 0;
+ drbg->reseed_gen_counter = 1;
drbg->reseed_time = time(NULL);
- if (drbg->reseed_counter > 0) {
- if (drbg->parent == NULL)
- drbg->reseed_counter++;
- else
- drbg->reseed_counter = drbg->parent->reseed_counter;
- }
+ tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter);
-end:
+ end:
if (entropy != NULL && drbg->cleanup_entropy != NULL)
drbg->cleanup_entropy(drbg, entropy, entropylen);
if (drbg->state == DRBG_READY)
const unsigned char *adin = NULL;
size_t adinlen = 0;
- if (drbg->pool != NULL) {
+ if (drbg->seed_pool != NULL) {
RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
- rand_pool_free(drbg->pool);
- drbg->pool = NULL;
+ drbg->state = DRBG_ERROR;
+ rand_pool_free(drbg->seed_pool);
+ drbg->seed_pool = NULL;
+ return 0;
}
if (buffer != NULL) {
if (drbg->max_entropylen < len) {
RANDerr(RAND_F_RAND_DRBG_RESTART,
RAND_R_ENTROPY_INPUT_TOO_LONG);
+ drbg->state = DRBG_ERROR;
return 0;
}
if (entropy > 8 * len) {
RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE);
+ drbg->state = DRBG_ERROR;
return 0;
}
/* will be picked up by the rand_drbg_get_entropy() callback */
- drbg->pool = rand_pool_new(entropy, len, len);
- if (drbg->pool == NULL)
+ drbg->seed_pool = rand_pool_attach(buffer, len, entropy);
+ if (drbg->seed_pool == NULL)
return 0;
-
- rand_pool_add(drbg->pool, buffer, len, entropy);
} else {
if (drbg->max_adinlen < len) {
RANDerr(RAND_F_RAND_DRBG_RESTART,
RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+ drbg->state = DRBG_ERROR;
return 0;
}
adin = buffer;
}
}
- /* check whether a given entropy pool was cleared properly during reseed */
- if (drbg->pool != NULL) {
- drbg->state = DRBG_ERROR;
- RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
- rand_pool_free(drbg->pool);
- drbg->pool = NULL;
- return 0;
- }
+ rand_pool_free(drbg->seed_pool);
+ drbg->seed_pool = NULL;
return drbg->state == DRBG_READY;
}
}
if (drbg->reseed_interval > 0) {
- if (drbg->generate_counter >= drbg->reseed_interval)
+ if (drbg->reseed_gen_counter >= drbg->reseed_interval)
reseed_required = 1;
}
if (drbg->reseed_time_interval > 0) {
|| now - drbg->reseed_time >= drbg->reseed_time_interval)
reseed_required = 1;
}
- if (drbg->reseed_counter > 0 && drbg->parent != NULL) {
- if (drbg->reseed_counter != drbg->parent->reseed_counter)
+ if (drbg->parent != NULL) {
+ unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter);
+ if (reseed_counter > 0
+ && tsan_load(&drbg->parent->reseed_prop_counter)
+ != reseed_counter)
reseed_required = 1;
}
return 0;
}
- drbg->generate_counter++;
+ drbg->reseed_gen_counter++;
return 1;
}
unsigned char *additional = NULL;
size_t additional_len;
size_t chunk;
- size_t ret;
+ size_t ret = 0;
+
+ if (drbg->adin_pool == NULL) {
+ if (drbg->type == 0)
+ goto err;
+ drbg->adin_pool = rand_pool_new(0, 0, drbg->max_adinlen);
+ if (drbg->adin_pool == NULL)
+ goto err;
+ }
- additional_len = rand_drbg_get_additional_data(&additional, drbg->max_adinlen);
+ additional_len = rand_drbg_get_additional_data(drbg->adin_pool,
+ &additional);
for ( ; outlen > 0; outlen -= chunk, out += chunk) {
chunk = outlen;
}
ret = 1;
-err:
- if (additional_len != 0)
- OPENSSL_secure_clear_free(additional, additional_len);
+ err:
+ if (additional != NULL)
+ rand_drbg_cleanup_additional_data(drbg->adin_pool, additional);
return ret;
}
RAND_DRBG_get_nonce_fn get_nonce,
RAND_DRBG_cleanup_nonce_fn cleanup_nonce)
{
- if (drbg->state != DRBG_UNINITIALISED)
+ if (drbg->state != DRBG_UNINITIALISED
+ || drbg->parent != NULL)
return 0;
drbg->get_entropy = get_entropy;
drbg->cleanup_entropy = cleanup_entropy;
goto err;
/* enable seed propagation */
- drbg->reseed_counter = 1;
+ tsan_store(&drbg->reseed_prop_counter, 1);
/*
* Ignore instantiation error to support just-in-time instantiation.
return ret;
}
+/*
+ * Calculates the minimum length of a full entropy buffer
+ * which is necessary to seed (i.e. instantiate) the DRBG
+ * successfully.
+ */
+size_t rand_drbg_seedlen(RAND_DRBG *drbg)
+{
+ /*
+ * If no os entropy source is available then RAND_seed(buffer, bufsize)
+ * is expected to succeed if and only if the buffer length satisfies
+ * the following requirements, which follow from the calculations
+ * in RAND_DRBG_instantiate().
+ */
+ size_t min_entropy = drbg->strength;
+ size_t min_entropylen = drbg->min_entropylen;
+
+ /*
+ * Extra entropy for the random nonce in the absence of a
+ * get_nonce callback, see comment in RAND_DRBG_instantiate().
+ */
+ if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+ min_entropy += drbg->strength / 2;
+ min_entropylen += drbg->min_noncelen;
+ }
+
+ /*
+ * Convert entropy requirement from bits to bytes
+ * (dividing by 8 without rounding upwards, because
+ * all entropy requirements are divisible by 8).
+ */
+ min_entropy >>= 3;
+
+ /* Return a value that satisfies both requirements */
+ return min_entropy > min_entropylen ? min_entropy : min_entropylen;
+}
+
/* Implements the default OpenSSL RAND_add() method */
static int drbg_add(const void *buf, int num, double randomness)
{
int ret = 0;
RAND_DRBG *drbg = RAND_DRBG_get0_master();
+ size_t buflen;
+ size_t seedlen;
if (drbg == NULL)
return 0;
if (num < 0 || randomness < 0.0)
return 0;
- if (randomness > (double)drbg->max_entropylen) {
+ rand_drbg_lock(drbg);
+ seedlen = rand_drbg_seedlen(drbg);
+
+ buflen = (size_t)num;
+
+ if (buflen < seedlen || randomness < (double) seedlen) {
+#if defined(OPENSSL_RAND_SEED_NONE)
+ /*
+ * If no os entropy source is available, a reseeding will fail
+ * inevitably. So we use a trick to mix the buffer contents into
+ * the DRBG state without forcing a reseeding: we generate a
+ * dummy random byte, using the buffer content as additional data.
+ * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF.
+ */
+ unsigned char dummy[1];
+
+ ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen);
+ rand_drbg_unlock(drbg);
+ return ret;
+#else
+ /*
+ * If an os entropy source is avaible then we declare the buffer content
+ * as additional data by setting randomness to zero and trigger a regular
+ * reseeding.
+ */
+ randomness = 0.0;
+#endif
+ }
+
+
+ if (randomness > (double)seedlen) {
/*
* The purpose of this check is to bound |randomness| by a
* relatively small value in order to prevent an integer
* overflow when multiplying by 8 in the rand_drbg_restart()
- * call below.
+ * call below. Note that randomness is measured in bytes,
+ * not bits, so this value corresponds to eight times the
+ * security strength.
*/
- return 0;
+ randomness = (double)seedlen;
}
- rand_drbg_lock(drbg);
- ret = rand_drbg_restart(drbg, buf,
- (size_t)(unsigned int)num,
- (size_t)(8*randomness));
+ ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness));
rand_drbg_unlock(drbg);
return ret;
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
"rand_pool_add_begin"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
+ {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
"rand_pool_bytes_needed"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
# include <openssl/hmac.h>
# include <openssl/ec.h>
# include <openssl/rand_drbg.h>
+# include "internal/tsan_assist.h"
+
+# include "internal/numbers.h"
/* How many times to read the TSC as a randomness source. */
# define TSC_READ_COUNT 4
-/* Max size of additional input and personalization string. */
-# define DRBG_MAX_LENGTH 4096
+/*
+ * Maximum input size for the DRBG (entropy, nonce, personalization string)
+ *
+ * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes.
+ *
+ * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes.
+ */
+# define DRBG_MAX_LENGTH INT32_MAX
+
+
/*
- * The quotient between max_{entropy,nonce}len and min_{entropy,nonce}len
+ * Maximum allocation size for RANDOM_POOL buffers
+ *
+ * The max_len value for the buffer provided to the rand_drbg_get_entropy()
+ * callback is currently 2^31 bytes (2 gigabytes), if a derivation function
+ * is used. Since this is much too large to be allocated, the rand_pool_new()
+ * function chooses more modest values as default pool length, bounded
+ * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH
*
- * The current factor is large enough that the RAND_POOL can store a
- * random input which has a lousy entropy rate of 0.0625 bits per byte.
- * This input will be sent through the derivation function which 'compresses'
- * the low quality input into a high quality output.
+ * The choice of the RAND_POOL_FACTOR is large enough such that the
+ * RAND_POOL can store a random input which has a lousy entropy rate of
+ * 8/256 (= 0.03125) bits per byte. This input will be sent through the
+ * derivation function which 'compresses' the low quality input into a
+ * high quality output.
+ *
+ * The factor 1.5 below is the pessimistic estimate for the extra amount
+ * of entropy required when no get_nonce() callback is defined.
+ */
+# define RAND_POOL_FACTOR 256
+# define RAND_POOL_MAX_LENGTH (RAND_POOL_FACTOR * \
+ 3 * (RAND_DRBG_STRENGTH / 16))
+/*
+ * = (RAND_POOL_FACTOR * \
+ * 1.5 * (RAND_DRBG_STRENGTH / 8))
*/
-# define DRBG_MINMAX_FACTOR 128
/* DRBG status values */
} DRBG_STATUS;
-/* intantiate */
+/* instantiate */
typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx,
const unsigned char *ent,
size_t entlen,
size_t entlen,
const unsigned char *adin,
size_t adinlen);
-/* generat output */
+/* generate output */
typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx,
unsigned char *out,
size_t outlen,
unsigned char *buffer; /* points to the beginning of the random pool */
size_t len; /* current number of random bytes contained in the pool */
+ int attached; /* true pool was attached to existing buffer */
+
size_t min_len; /* minimum number of random bytes requested */
size_t max_len; /* maximum number of random bytes (allocated buffer size) */
size_t entropy; /* current entropy count in bits */
- size_t requested_entropy; /* requested entropy count in bits */
+ size_t entropy_requested; /* requested entropy count in bits */
};
/*
int type; /* the nid of the underlying algorithm */
/*
* Stores the value of the rand_fork_count global as of when we last
- * reseeded. The DRG reseeds automatically whenever drbg->fork_count !=
+ * reseeded. The DRBG reseeds automatically whenever drbg->fork_count !=
* rand_fork_count. Used to provide fork-safety and reseed this DRBG in
* the child process.
*/
unsigned short flags; /* various external flags */
/*
- * The random pool is used by RAND_add()/drbg_add() to attach random
+ * The random_data is used by RAND_add()/drbg_add() to attach random
* data to the global drbg, such that the rand_drbg_get_entropy() callback
* can pull it during instantiation and reseeding. This is necessary to
* reconcile the different philosophies of the RAND and the RAND_DRBG
* with respect to how randomness is added to the RNG during reseeding
* (see PR #4328).
*/
- struct rand_pool_st *pool;
+ struct rand_pool_st *seed_pool;
+
+ /*
+ * Auxiliary pool for additional data.
+ */
+ struct rand_pool_st *adin_pool;
/*
* The following parameters are setup by the per-type "init" function.
size_t max_perslen, max_adinlen;
/* Counts the number of generate requests since the last reseed. */
- unsigned int generate_counter;
+ unsigned int reseed_gen_counter;
/*
* Maximum number of generate requests until a reseed is required.
* This value is ignored if it is zero.
* is added by RAND_add() or RAND_seed() will have an immediate effect on
* the output of RAND_bytes() resp. RAND_priv_bytes().
*/
- unsigned int reseed_counter;
+ TSAN_QUALIFIER unsigned int reseed_prop_counter;
+ unsigned int reseed_next_counter;
size_t seedlen;
DRBG_STATUS state;
/* DRBG helpers */
int rand_drbg_restart(RAND_DRBG *drbg,
const unsigned char *buffer, size_t len, size_t entropy);
-
+size_t rand_drbg_seedlen(RAND_DRBG *drbg);
/* locking api */
int rand_drbg_lock(RAND_DRBG *drbg);
int rand_drbg_unlock(RAND_DRBG *drbg);
static CRYPTO_RWLOCK *rand_nonce_lock;
static int rand_nonce_count;
-static int rand_cleaning_up = 0;
+static int rand_inited = 0;
#ifdef OPENSSL_RAND_SEED_RDTSC
/*
return 0;
}
- pool = rand_pool_new(entropy, min_len, max_len);
- if (pool == NULL)
- return 0;
-
- if (drbg->pool) {
- rand_pool_add(pool,
- rand_pool_buffer(drbg->pool),
- rand_pool_length(drbg->pool),
- rand_pool_entropy(drbg->pool));
- rand_pool_free(drbg->pool);
- drbg->pool = NULL;
+ if (drbg->seed_pool != NULL) {
+ pool = drbg->seed_pool;
+ pool->entropy_requested = entropy;
+ } else {
+ pool = rand_pool_new(entropy, min_len, max_len);
+ if (pool == NULL)
+ return 0;
}
if (drbg->parent) {
prediction_resistance,
NULL, 0) != 0)
bytes = bytes_needed;
+ drbg->reseed_next_counter
+ = tsan_load(&drbg->parent->reseed_prop_counter);
rand_drbg_unlock(drbg->parent);
rand_pool_add_end(pool, bytes, 8 * bytes);
}
err:
- rand_pool_free(pool);
+ if (drbg->seed_pool == NULL)
+ rand_pool_free(pool);
return ret;
}
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
- OPENSSL_secure_clear_free(out, outlen);
+ if (drbg->seed_pool == NULL)
+ OPENSSL_secure_clear_free(out, outlen);
}
* On success it allocates a buffer at |*pout| and returns the length of
* the data. The buffer should get freed using OPENSSL_secure_clear_free().
*/
-size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout)
{
size_t ret = 0;
- RAND_POOL *pool;
-
- pool = rand_pool_new(0, 0, max_len);
- if (pool == NULL)
- return 0;
if (rand_pool_add_additional_data(pool) == 0)
goto err;
*pout = rand_pool_detach(pool);
err:
- rand_pool_free(pool);
-
return ret;
}
-void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen)
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out)
{
- OPENSSL_secure_clear_free(out, outlen);
+ rand_pool_reattach(pool, out);
}
void rand_fork(void)
if (rand_nonce_lock == NULL)
goto err2;
- if (!rand_cleaning_up && !rand_pool_init())
+ if (!rand_pool_init())
goto err3;
+ rand_inited = 1;
return 1;
err3:
- rand_pool_cleanup();
+ CRYPTO_THREAD_lock_free(rand_nonce_lock);
+ rand_nonce_lock = NULL;
err2:
CRYPTO_THREAD_lock_free(rand_meth_lock);
rand_meth_lock = NULL;
{
const RAND_METHOD *meth = default_RAND_meth;
- rand_cleaning_up = 1;
+ if (!rand_inited)
+ return;
if (meth != NULL && meth->cleanup != NULL)
meth->cleanup();
rand_meth_lock = NULL;
CRYPTO_THREAD_lock_free(rand_nonce_lock);
rand_nonce_lock = NULL;
+ rand_inited = 0;
}
/*
*/
void RAND_keep_random_devices_open(int keep)
{
- rand_pool_keep_random_devices_open(keep);
+ if (RUN_ONCE(&rand_init, do_rand_init))
+ rand_pool_keep_random_devices_open(keep);
}
/*
/* fill random pool and seed the current legacy RNG */
pool = rand_pool_new(RAND_DRBG_STRENGTH,
RAND_DRBG_STRENGTH / 8,
- DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8));
+ RAND_POOL_MAX_LENGTH);
if (pool == NULL)
return 0;
* Allocate memory and initialize a new random pool
*/
-RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len)
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
{
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
- goto err;
+ return NULL;
}
pool->min_len = min_len;
- pool->max_len = max_len;
+ pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
+ RAND_POOL_MAX_LENGTH : max_len;
pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
if (pool->buffer == NULL) {
goto err;
}
- pool->requested_entropy = entropy;
+ pool->entropy_requested = entropy_requested;
return pool;
}
/*
+ * Attach new random pool to the given buffer
+ *
+ * This function is intended to be used only for feeding random data
+ * provided by RAND_add() and RAND_seed() into the <master> DRBG.
+ */
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+ size_t entropy)
+{
+ RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+
+ if (pool == NULL) {
+ RANDerr(RAND_F_RAND_POOL_ATTACH, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ /*
+ * The const needs to be cast away, but attached buffers will not be
+ * modified (in contrary to allocated buffers which are zeroed and
+ * freed in the end).
+ */
+ pool->buffer = (unsigned char *) buffer;
+ pool->len = len;
+
+ pool->attached = 1;
+
+ pool->min_len = pool->max_len = pool->len;
+ pool->entropy = entropy;
+
+ return pool;
+}
+
+/*
* Free |pool|, securely erasing its buffer.
*/
void rand_pool_free(RAND_POOL *pool)
if (pool == NULL)
return;
- OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
+ /*
+ * Although it would be advisable from a cryptographical viewpoint,
+ * we are not allowed to clear attached buffers, since they are passed
+ * to rand_pool_attach() as `const unsigned char*`.
+ * (see corresponding comment in rand_pool_attach()).
+ */
+ if (!pool->attached)
+ OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
OPENSSL_free(pool);
}
/*
* Detach the |pool| buffer and return it to the caller.
* It's the responsibility of the caller to free the buffer
- * using OPENSSL_secure_clear_free().
+ * using OPENSSL_secure_clear_free() or to re-attach it
+ * again to the pool using rand_pool_reattach().
*/
unsigned char *rand_pool_detach(RAND_POOL *pool)
{
unsigned char *ret = pool->buffer;
pool->buffer = NULL;
+ pool->entropy = 0;
return ret;
}
+/*
+ * Re-attach the |pool| buffer. It is only allowed to pass
+ * the |buffer| which was previously detached from the same pool.
+ */
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
+{
+ pool->buffer = buffer;
+ OPENSSL_cleanse(pool->buffer, pool->len);
+ pool->len = 0;
+}
/*
* If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one
*/
size_t rand_pool_entropy_available(RAND_POOL *pool)
{
- if (pool->entropy < pool->requested_entropy)
+ if (pool->entropy < pool->entropy_requested)
return 0;
if (pool->len < pool->min_len)
size_t rand_pool_entropy_needed(RAND_POOL *pool)
{
- if (pool->entropy < pool->requested_entropy)
- return pool->requested_entropy - pool->entropy;
+ if (pool->entropy < pool->entropy_requested)
+ return pool->entropy_requested - pool->entropy;
return 0;
}
return 0;
}
+ if (pool->buffer == NULL) {
+ RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
if (len > 0) {
memcpy(pool->buffer + pool->len, buffer, len);
pool->len += len;
return NULL;
}
+ if (pool->buffer == NULL) {
+ RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
return pool->buffer + pool->len;
}
# endif
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+#if defined(OPENSSL_RAND_SEED_NONE)
+/* none means none. this simplifies the following logic */
+# undef OPENSSL_RAND_SEED_OS
+# undef OPENSSL_RAND_SEED_GETRANDOM
+# undef OPENSSL_RAND_SEED_LIBRANDOM
+# undef OPENSSL_RAND_SEED_DEVRANDOM
+# undef OPENSSL_RAND_SEED_RDTSC
+# undef OPENSSL_RAND_SEED_RDCPU
+# undef OPENSSL_RAND_SEED_EGD
+#endif
+
#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
!defined(OPENSSL_RAND_SEED_NONE)
# error "UEFI and VXWorks only support seeding NONE"
|| defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
|| defined(OPENSSL_SYS_UEFI))
-static ssize_t syscall_random(void *buf, size_t buflen);
-
# if defined(OPENSSL_SYS_VOS)
# ifndef OPENSSL_RAND_SEED_OS
}
# endif
+# if defined(OPENSSL_RAND_SEED_GETRANDOM)
/*
* syscall_random(): Try to get random data using a system call
* returns the number of bytes returned in buf, or < 0 on error.
* Note: 'buflen' equals the size of the buffer which is used by the
* get_entropy() callback of the RAND_DRBG. It is roughly bounded by
*
- * 2 * DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^13
+ * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
*
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check.
return -1;
# endif
}
+# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
-#if !defined(OPENSSL_RAND_SEED_NONE) && defined(OPENSSL_RAND_SEED_DEVRANDOM)
+# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
static const char *random_device_paths[] = { DEVRANDOM };
static struct random_device {
int fd;
rd->fd = -1;
}
-static void open_random_devices(void)
-{
- size_t i;
-
- for (i = 0; i < OSSL_NELEM(random_devices); i++)
- (void)get_random_device(i);
-}
-
int rand_pool_init(void)
{
size_t i;
for (i = 0; i < OSSL_NELEM(random_devices); i++)
random_devices[i].fd = -1;
- open_random_devices();
+
return 1;
}
void rand_pool_keep_random_devices_open(int keep)
{
- if (keep)
- open_random_devices();
- else
+ if (!keep)
rand_pool_cleanup();
+
keep_random_devices_open = keep;
}
-# else /* defined(OPENSSL_RAND_SEED_NONE)
- * || !defined(OPENSSL_RAND_SEED_DEVRANDOM)
- */
+# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
int rand_pool_init(void)
{
{
}
-# endif /* !defined(OPENSSL_RAND_SEED_NONE)
- * && defined(OPENSSL_RAND_SEED_DEVRANDOM)
- */
+# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
/*
* Try the various seeding methods in turn, exit when successful.
*/
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
-# ifdef OPENSSL_RAND_SEED_NONE
+# if defined(OPENSSL_RAND_SEED_NONE)
return rand_pool_entropy_available(pool);
# else
size_t bytes_needed;
size_t entropy_available = 0;
unsigned char *buffer;
-# ifdef OPENSSL_RAND_SEED_GETRANDOM
+# if defined(OPENSSL_RAND_SEED_GETRANDOM)
{
ssize_t bytes;
/* Maximum allowed number of consecutive unsuccessful attempts */
}
# endif
-# ifdef OPENSSL_RAND_SEED_DEVRANDOM
+# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
{
size_t i;
}
# endif
-# ifdef OPENSSL_RAND_SEED_RDTSC
+# if defined(OPENSSL_RAND_SEED_RDTSC)
entropy_available = rand_acquire_entropy_from_tsc(pool);
if (entropy_available > 0)
return entropy_available;
# endif
-# ifdef OPENSSL_RAND_SEED_RDCPU
+# if defined(OPENSSL_RAND_SEED_RDCPU)
entropy_available = rand_acquire_entropy_from_cpu(pool);
if (entropy_available > 0)
return entropy_available;
# endif
-# ifdef OPENSSL_RAND_SEED_EGD
+# if defined(OPENSSL_RAND_SEED_EGD)
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
if (bytes_needed > 0) {
static const char *paths[] = { DEVRANDOM_EGD, NULL };
/*
* Add process id, thread id, and a high resolution timestamp to
- * ensure that the nonce is unique whith high probability for
+ * ensure that the nonce is unique with high probability for
* different process instances.
*/
data.pid = getpid();
} data = { 0 };
/*
- * Add process id, thread id, and a high resolution timestamp to
- * ensure that the nonce is unique whith high probability for
- * different process instances.
+ * Add process id, thread id, and a high resolution timestamp
+ * (where available, which is OpenVMS v8.4 and up) to ensure that
+ * the nonce is unique whith high probability for different process
+ * instances.
*/
data.pid = getpid();
data.tid = CRYPTO_THREAD_get_current_id();
+#if __CRTL_VER >= 80400000
sys$gettim_prec(&data.time);
+#else
+ sys$gettim((void*)&data.time);
+#endif
return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
}
if (buffer != NULL) {
size_t bytes = 0;
if (BCryptGenRandom(NULL, buffer, bytes_needed,
- BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
+ BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
bytes = bytes_needed;
rand_pool_add_end(pool, bytes, 8 * bytes);
size_t bytes = 0;
/* poll the CryptoAPI PRNG */
if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
+ CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
bytes = bytes_needed;
#include <openssl/crypto.h>
#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
#include <openssl/buffer.h>
#ifdef OPENSSL_SYS_VMS
# define S_ISREG(m) ((m) & S_IFREG)
# endif
-#define RAND_FILE_SIZE 1024
+#define RAND_BUF_SIZE 1024
#define RFILE ".rnd"
#ifdef OPENSSL_SYS_VMS
*/
int RAND_load_file(const char *file, long bytes)
{
- unsigned char buf[RAND_FILE_SIZE];
+ /*
+ * The load buffer size exceeds the chunk size by the comfortable amount
+ * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose
+ * to avoid calling RAND_add() with a small final chunk. Instead, such
+ * a small final chunk will be added together with the previous chunk
+ * (unless it's the only one).
+ */
+#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)
+ unsigned char buf[RAND_LOAD_BUF_SIZE];
+
#ifndef OPENSSL_NO_POSIX_IO
struct stat sb;
#endif
return -1;
}
- if (!S_ISREG(sb.st_mode) && bytes < 0)
- bytes = 256;
+ if (bytes < 0) {
+ if (S_ISREG(sb.st_mode))
+ bytes = sb.st_size;
+ else
+ bytes = RAND_DRBG_STRENGTH;
+ }
#endif
/*
* On VMS, setbuf() will only take 32-bit pointers, and a compilation
for ( ; ; ) {
if (bytes > 0)
- n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE;
+ n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
else
- n = RAND_FILE_SIZE;
+ n = RAND_LOAD_BUF_SIZE;
i = fread(buf, 1, n, in);
#ifdef EINTR
if (ferror(in) && errno == EINTR){
OPENSSL_cleanse(buf, sizeof(buf));
fclose(in);
+ if (!RAND_status()) {
+ RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
+ ERR_add_error_data(2, "Filename=", file);
+ return -1;
+ }
+
return ret;
}
int RAND_write_file(const char *file)
{
- unsigned char buf[RAND_FILE_SIZE];
+ unsigned char buf[RAND_BUF_SIZE];
int ret = -1;
FILE *out = NULL;
#ifndef OPENSSL_NO_POSIX_IO
chmod(file, 0600);
#endif
- ret = fwrite(buf, 1, RAND_FILE_SIZE, out);
+ ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
fclose(out);
- OPENSSL_cleanse(buf, RAND_FILE_SIZE);
+ OPENSSL_cleanse(buf, RAND_BUF_SIZE);
return ret;
}
}
}
#else
- if (OPENSSL_issetugid() != 0) {
- use_randfile = 0;
- } else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') {
+ if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
use_randfile = 0;
- s = getenv("HOME");
+ s = ossl_safe_getenv("HOME");
}
#endif
CRYPTO_THREAD_lock_free(r->lock);
- BN_clear_free(r->n);
- BN_clear_free(r->e);
+ BN_free(r->n);
+ BN_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
r->e = e;
}
if (d != NULL) {
- BN_free(r->d);
+ BN_clear_free(r->d);
r->d = d;
}
return 0;
if (p != NULL) {
- BN_free(r->p);
+ BN_clear_free(r->p);
r->p = p;
}
if (q != NULL) {
- BN_free(r->q);
+ BN_clear_free(r->q);
r->q = q;
}
return 0;
if (dmp1 != NULL) {
- BN_free(r->dmp1);
+ BN_clear_free(r->dmp1);
r->dmp1 = dmp1;
}
if (dmq1 != NULL) {
- BN_free(r->dmq1);
+ BN_clear_free(r->dmq1);
r->dmq1 = dmq1;
}
if (iqmp != NULL) {
- BN_free(r->iqmp);
+ BN_clear_free(r->iqmp);
r->iqmp = iqmp;
}
/* Can be null */
int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+ (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)
{
return meth->rsa_mod_exp;
}
int RSA_meth_set_mod_exp(RSA_METHOD *meth,
- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
BN_CTX *ctx))
{
meth->rsa_mod_exp = mod_exp;
*/
|| !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p)
- /* r0 = r0 * iqmp mod p */
+ /* r1 = r1 * iqmp mod p */
|| !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
|| !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p,
ctx)
+ /* r0 = r1 * q + m1 */
|| !bn_mul_fixed_top(r0, r1, rsa->q, ctx)
|| !bn_mod_add_fixed_top(r0, r0, m1, rsa->n))
goto err;
lrvg %r0,0($inp)
la $inp,8($inp)
xg %r0,0(%r1)
- la %r1,8(%r1)
a${g}hi $len,-8
- stg %r0,-8(%r1)
+ stg %r0,0(%r1)
+ la %r1,8(%r1)
brct $bsz,.Lblock_absorb
stm${g} $inp,$len,$frame+3*$SIZE_T($sp)
addi r11,r11,32
stvx v30,r10,$sp
stvx v31,r11,$sp
- li r11,-4096+255
- stw $vrsave,`$FRAME+6*$SIZE_T-4`($sp) # save vrsave
+ li r11,-4096+255 # 0xfffff0ff
+ stw $vrsave,`$FRAME-6*$SIZE_T-4`($sp) # save vrsave
li $x10,0x10
$PUSH r26,`$FRAME-6*$SIZE_T`($sp)
li $x20,0x20
stvx_u $G,$x30,$ctx
___
$code.=<<___;
- li r10,`$LOCALS+15`
+ addi $offload,$sp,`$LOCALS+15`
mtlr $lrsave
- li r11,`$LOCALS+31`
mtspr 256,$vrsave
- lvx v24,r10,$sp # ABI says so
- addi r10,r10,32
- lvx v25,r11,$sp
- addi r11,r11,32
- lvx v26,r10,$sp
- addi r10,r10,32
- lvx v27,r11,$sp
- addi r11,r11,32
- lvx v28,r10,$sp
- addi r10,r10,32
- lvx v29,r11,$sp
- addi r11,r11,32
- lvx v30,r10,$sp
- lvx v31,r11,$sp
+ lvx v24,$x00,$offload # ABI says so
+ lvx v25,$x10,$offload
+ lvx v26,$x20,$offload
+ lvx v27,$x30,$offload
+ lvx v28,$x40,$offload
+ lvx v29,$x50,$offload
+ lvx v30,$x60,$offload
+ lvx v31,$x70,$offload
$POP r26,`$FRAME-6*$SIZE_T`($sp)
$POP r27,`$FRAME-5*$SIZE_T`($sp)
$POP r28,`$FRAME-4*$SIZE_T`($sp)
&& hash_size != SIPHASH_MAX_DIGEST_SIZE)
return 0;
- ctx->hash_size = hash_size;
+ /*
+ * It's possible that the key was set first. If the hash size changes,
+ * we need to adjust v1 (see SipHash_Init().
+ */
+
+ /* Start by adjusting the stored size, to make things easier */
+ ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+ /* Now, adjust ctx->v1 if the old and the new size differ */
+ if ((size_t)ctx->hash_size != hash_size) {
+ ctx->v1 ^= 0xee;
+ ctx->hash_size = hash_size;
+ }
return 1;
}
#include "internal/sm2.h"
#include "internal/sm2err.h"
+#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
}
/* X9.63 with no salt happens to match the KDF used in SM2 */
- if (!ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+ if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
digest)) {
SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
goto done;
if (BN_bn2binpad(x2, x2y2, field_size) < 0
|| BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
- || !ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+ || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
digest)) {
SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
goto done;
#include "internal/sm2.h"
#include "internal/sm2err.h"
#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */
+#include "internal/numbers.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/err.h>
is_a_tty = 0;
else
# endif
+# ifdef ENXIO
+ /*
+ * Solaris can return ENXIO.
+ * This should be ok
+ */
+ if (errno == ENXIO)
+ is_a_tty = 0;
+ else
+# endif
+# ifdef EIO
+ /*
+ * Linux can return EIO.
+ * This should be ok
+ */
+ if (errno == EIO)
+ is_a_tty = 0;
+ else
+# endif
# ifdef ENODEV
/*
* MacOS X returns ENODEV (Operation not supported by device),
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
- const char *dir = getenv(X509_get_default_cert_dir_env());
+ const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env());
if (dir)
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = getenv(X509_get_default_cert_file_env());
+ file = ossl_safe_getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
/* check_purpose() makes the callback as needed */
if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
return 0;
- /* Check pathlen if not self issued */
- if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
- && (x->ex_pathlen != -1)
- && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+ /* Check pathlen */
+ if ((i > 1) && (x->ex_pathlen != -1)
+ && (plen > (x->ex_pathlen + proxy_path_length))) {
if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
return 0;
}
- /* Increment path length if not self issued */
- if (!(x->ex_flags & EXFLAG_SI))
+ /* Increment path length if not a self issued intermediate CA */
+ if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
plen++;
/*
* If this certificate is a proxy certificate, the next certificate
=item B<-subj arg>
Supersedes subject name given in the request.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>.
+Keyword characters may be escaped by \ (backslash), and whitespace is retained.
+Empty values are permitted, but the corresponding type will not be included
+in the resulting certificate.
=item B<-utf8>
The B<enc> program does not support authenticated encryption modes
like CCM and GCM, and will not support such modes in the future.
The B<enc> interface by necessity must begin streaming output (e.g.,
-to standard output when B<-out> is not used before the authentication
+to standard output when B<-out> is not used) before the authentication
tag could be validated, leading to the usage of B<enc> in pipelines
that begin processing untrusted data and are not capable of rolling
back upon authentication failure. The AEAD modes currently in common
bf-cbc Blowfish in CBC mode
bf Alias for bf-cbc
+ blowfish Alias for bf-cbc
bf-cfb Blowfish in CFB mode
bf-ecb Blowfish in ECB mode
bf-ofb Blowfish in OFB mode
cast5-ecb CAST5 in ECB mode
cast5-ofb CAST5 in OFB mode
+ chacha20 ChaCha20 algorithm
+
des-cbc DES in CBC mode
des Alias for des-cbc
des-cfb DES in CFB mode
rc5-ecb RC5 cipher in ECB mode
rc5-ofb RC5 cipher in OFB mode
+ seed-cbc SEED cipher in CBC mode
+ seed Alias for seed-cbc
+ seed-cfb SEED cipher in CFB mode
+ seed-ecb SEED cipher in ECB mode
+ seed-ofb SEED cipher in OFB mode
+
+ sm4-cbc SM4 cipher in CBC mode
+ sm4 Alias for sm4-cbc
+ sm4-cfb SM4 cipher in CFB mode
+ sm4-ctr SM4 cipher in CTR mode
+ sm4-ecb SM4 cipher in ECB mode
+ sm4-ofb SM4 cipher in OFB mode
+
aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
aes[128|192|256] Alias for aes-[128|192|256]-cbc
aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
+ aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode
+ aria[128|192|256] Alias for aria-[128|192|256]-cbc
+ aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode
+ aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
+ aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
+ aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode
+ aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode
+ aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode
+
camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode
camellia[128|192|256] Alias for camellia-[128|192|256]-cbc
camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode
openssl base64 -d -in file.b64 -out file.bin
-Encrypt a file using triple DES in CBC mode using a prompted password:
+Encrypt a file using AES-128 using a prompted password
+and PBKDF2 key derivation:
- openssl des3 -salt -in file.txt -out file.des3
+ openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
Decrypt a file using a supplied password:
- openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
+ openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
+ -pass pass:<password>
Encrypt a file then base64 encode it (so it can be sent via mail for example)
-using Blowfish in CBC mode:
-
- openssl bf -a -salt -in file.txt -out file.bf
-
-Base64 decode a file then decrypt it:
+using AES-256 in CTR mode and PBKDF2 key derivation:
- openssl bf -d -salt -a -in file.bf -out file.txt
+ openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
-Decrypt some data using a supplied 40 bit RC4 key:
+Base64 decode a file then decrypt it using a password supplied in a file:
- openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
+ openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
+ -pass file:<passfile>
=head1 BUGS
SYNOPSIS above), each of which often has a wealth of options and arguments
(I<command_opts> and I<command_args> in the SYNOPSIS).
+Detailed documentation and use cases for most standard subcommands are available
+(e.g., L<x509(1)> or L<openssl-x509(1)>).
+
Many commands use an external configuration file for some or all of their
arguments and have a B<-config> option to specify that file.
The environment variable B<OPENSSL_CONF> can be used to specify
=head2 Encoding and Cipher Commands
+The following aliases provide convenient access to the most used encodings
+and ciphers.
+
+Depending on how OpenSSL was configured and built, not all ciphers listed
+here may be present. See L<enc(1)> for more information and command usage.
+
=over 4
+=item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb>
+
+AES-128 Cipher
+
+=item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb>
+
+AES-192 Cipher
+
+=item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb>
+
+AES-256 Cipher
+
+=item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb>
+
+Aria-128 Cipher
+
+=item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb>
+
+Aria-192 Cipher
+
+=item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb>
+
+Aria-256 Cipher
+
=item B<base64>
Base64 Encoding
Blowfish Cipher
+=item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb>
+
+Camellia-128 Cipher
+
+=item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb>
+
+Camellia-192 Cipher
+
+=item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb>
+
+Camellia-256 Cipher
+
=item B<cast>, B<cast-cbc>
CAST Cipher
CAST5 Cipher
+=item B<chacha20>
+
+Chacha20 Cipher
+
=item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb>
DES Cipher
RC5 Cipher
+=item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb>
+
+SEED Cipher
+
+=item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb>
+
+SM4 Cipher
+
=back
=head1 OPTIONS
Sets subject name for new request or supersedes the subject name
when processing a request.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>.
+Keyword characters may be escaped by \ (backslash), and whitespace is retained.
+Empty values are permitted, but the corresponding type will not be included
+in the request.
=item B<-multivalue-rdn>
B<openssl> B<rsa>
[B<-help>]
-[B<-inform PEM|NET|DER>]
-[B<-outform PEM|NET|DER>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin arg>]
[B<-out filename>]
Print out a usage message.
-=item B<-inform DER|NET|PEM>
+=item B<-inform DER|PEM>
This specifies the input format. The B<DER> option uses an ASN1 DER encoded
form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
The B<PEM> form is the default format: it consists of the B<DER> format base64
encoded with additional header and footer lines. On input PKCS#8 format private
-keys are also accepted. The B<NET> form is a format is described in the B<NOTES>
-section.
+keys are also accepted.
-=item B<-outform DER|NET|PEM>
+=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning and default
as the B<-inform> option.
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
-The B<NET> form is a format compatible with older Netscape servers
-and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
-It is not very secure and so should only be used when necessary.
-
-Some newer version of IIS have additional data in the exported .key
-files. To use these with the utility, view the file with a binary editor
-and look for the string "private-key", then trace back to the byte
-sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
-from this point onwards to another file and use that as the input
-to the B<rsa> utility with the B<-inform NET> option.
-
=head1 EXAMPLES
To remove the pass phrase on an RSA private key:
=head1 BUGS
-The command line password arguments don't currently work with
-B<NET> format.
-
There should be an option that automatically handles .key files,
without having to manually edit them.
Sends a status message back to the client when it connects. This includes
information about the ciphers used and various session parameters.
The output is in HTML format so this option will normally be used with a
-web browser.
+web browser. Cannot be used in conjunction with B<-early_data>.
=item B<-WWW>
Emulates a simple web server. Pages will be resolved relative to the
current directory, for example if the URL https://myhost/page.html is
-requested the file ./page.html will be loaded.
+requested the file ./page.html will be loaded. Cannot be used in conjunction
+with B<-early_data>.
=item B<-tlsextdebug>
current directory, for example if the URL https://myhost/page.html is
requested the file ./page.html will be loaded. The files loaded are
assumed to contain a complete and correct HTTP response (lines that
-are part of the HTTP response line and headers must end with CRLF).
+are part of the HTTP response line and headers must end with CRLF). Cannot be
+used in conjunction with B<-early_data>.
=item B<-id_prefix val>
=item B<-rev>
Simple test server which just reverses the text received from the client
-and sends it back to the server. Also sets B<-brief>.
+and sends it back to the server. Also sets B<-brief>. Cannot be used in
+conjunction with B<-early_data>.
=item B<-async>
=item B<-early_data>
-Accept early data where possible.
+Accept early data where possible. Cannot be used in conjunction with B<-www>,
+B<-WWW>, B<-HTTP> or B<-rev>.
=item B<-anti_replay>, B<-no_anti_replay>
=item B<-subject arg>
Search for an object having the subject name B<arg>.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>.
+Keyword characters may be escaped by \ (backslash), and whitespace is retained.
+Empty values are permitted but are ignored for the search. That is,
+a search with an empty value will have the same effect as not specifying
+the type at all.
=item B<-issuer arg>
B<openssl> B<x509>
[B<-help>]
-[B<-inform DER|PEM|NET>]
-[B<-outform DER|PEM|NET>]
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
[B<-keyform DER|PEM>]
[B<-CAform DER|PEM>]
[B<-CAkeyform DER|PEM>]
Print out a usage message.
-=item B<-inform DER|PEM|NET>
+=item B<-inform DER|PEM>
This specifies the input format normally the command will expect an X509
certificate but this can change if other options such as B<-req> are
present. The DER format is the DER encoding of the certificate and PEM
is the base64 encoding of the DER encoding with header and footer lines
-added. The NET option is an obscure Netscape server format that is now
-obsolete. The default format is PEM.
+added. The default format is PEM.
-=item B<-outform DER|PEM|NET>
+=item B<-outform DER|PEM>
This specifies the output format, the options have the same meaning and default
as the B<-inform> option.
There are two phases to the use of DES encryption. The first is the
generation of a I<DES_key_schedule> from a key, the second is the
-actual encryption. A DES key is of type I<DES_cblock>. This type is
+actual encryption. A DES key is of type I<DES_cblock>. This type
consists of 8 bytes with odd parity. The least significant bit in
each byte is the parity bit. The key schedule is an expanded form of
the key; it is used to speed the encryption process.
DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
three keys. This means that each DES operation inside the CBC mode is
-an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
+C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
This form of Triple-DES is used by the RSAREF library.
-DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
+DES_pcbc_encrypt() encrypts/decrypts using the propagating cipher block
chaining mode used by Kerberos v4. Its parameters are the same as
DES_ncbc_encrypt().
-DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This
-method takes an array of characters as input and outputs and array of
+DES_cfb_encrypt() encrypts/decrypts using cipher feedback mode. This
+method takes an array of characters as input and outputs an array of
characters. It does not require any padding to 8 character groups.
Note: the I<ivec> variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
a complete DES ECB encryption per I<numbits>, this function is only
-suggested for use when sending small numbers of characters.
+suggested for use when sending a small number of characters.
DES_cfb64_encrypt()
-implements CFB mode of DES with 64bit feedback. Why is this
+implements CFB mode of DES with 64-bit feedback. Why is this
useful you ask? Because this routine will allow you to encrypt an
-arbitrary number of bytes, no 8 byte padding. Each call to this
+arbitrary number of bytes, without 8 byte padding. Each call to this
routine will encrypt the input bytes to output and then update ivec
and num. num contains 'how far' we are though ivec. If this does
-not make much sense, read more about cfb mode of DES :-).
+not make much sense, read more about CFB mode of DES.
DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
DES_cfb64_encrypt() except that Triple-DES is used.
DES_ofb_encrypt() encrypts using output feedback mode. This method
-takes an array of characters as input and outputs and array of
+takes an array of characters as input and outputs an array of
characters. It does not require any padding to 8 character groups.
Note: the I<ivec> variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
-a complete DES ECB encryption per numbits, this function is only
-suggested for use when sending small numbers of characters.
+a complete DES ECB encryption per I<numbits>, this function is only
+suggested for use when sending a small number of characters.
DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
Feed Back mode.
DES_fcrypt() is a fast version of the Unix crypt(3) function. This
version takes only a small amount of space relative to other fast
-crypt() implementations. This is different to the normal crypt in
+crypt() implementations. This is different to the normal crypt() in
that the third parameter is the buffer that the return value is
written into. It needs to be at least 14 bytes long. This function
-is thread safe, unlike the normal crypt.
+is thread safe, unlike the normal crypt().
DES_crypt() is a faster replacement for the normal system crypt().
This function calls DES_fcrypt() with a static array passed as the
digest name passed on the command line.
#include <stdio.h>
+ #include <string.h>
#include <openssl/evp.h>
- main(int argc, char *argv[])
+ int main(int argc, char *argv[])
{
EVP_MD_CTX *mdctx;
const EVP_MD *md;
char mess1[] = "Test Message\n";
char mess2[] = "Hello World\n";
unsigned char md_value[EVP_MAX_MD_SIZE];
- int md_len, i;
+ unsigned int md_len, i;
if (argv[1] == NULL) {
printf("Usage: mdtest digestname\n");
EVP_PKEY_CTX_ctrl,
EVP_PKEY_CTX_ctrl_str,
+EVP_PKEY_CTX_ctrl_uint64,
+EVP_PKEY_CTX_md,
EVP_PKEY_CTX_set_signature_md,
EVP_PKEY_CTX_get_signature_md,
EVP_PKEY_CTX_set_mac_key,
EVP_PKEY_CTX_set_rsa_padding,
+EVP_PKEY_CTX_get_rsa_padding,
EVP_PKEY_CTX_set_rsa_pss_saltlen,
+EVP_PKEY_CTX_get_rsa_pss_saltlen,
EVP_PKEY_CTX_set_rsa_keygen_bits,
EVP_PKEY_CTX_set_rsa_keygen_pubexp,
+EVP_PKEY_CTX_set_rsa_keygen_primes,
+EVP_PKEY_CTX_set_rsa_mgf1_md,
+EVP_PKEY_CTX_get_rsa_mgf1_md,
+EVP_PKEY_CTX_set_rsa_oaep_md,
+EVP_PKEY_CTX_get_rsa_oaep_md,
+EVP_PKEY_CTX_set0_rsa_oaep_label,
+EVP_PKEY_CTX_get0_rsa_oaep_label,
EVP_PKEY_CTX_set_dsa_paramgen_bits,
EVP_PKEY_CTX_set_dh_paramgen_prime_len,
+EVP_PKEY_CTX_set_dh_paramgen_subprime_len,
EVP_PKEY_CTX_set_dh_paramgen_generator,
+EVP_PKEY_CTX_set_dh_paramgen_type,
+EVP_PKEY_CTX_set_dh_rfc5114,
+EVP_PKEY_CTX_set_dhx_rfc5114,
EVP_PKEY_CTX_set_dh_pad,
EVP_PKEY_CTX_set_dh_nid,
+EVP_PKEY_CTX_set_dh_kdf_type,
+EVP_PKEY_CTX_get_dh_kdf_type,
+EVP_PKEY_CTX_set0_dh_kdf_oid,
+EVP_PKEY_CTX_get0_dh_kdf_oid,
+EVP_PKEY_CTX_set_dh_kdf_md,
+EVP_PKEY_CTX_get_dh_kdf_md,
+EVP_PKEY_CTX_set_dh_kdf_outlen,
+EVP_PKEY_CTX_get_dh_kdf_outlen,
+EVP_PKEY_CTX_set0_dh_kdf_ukm,
+EVP_PKEY_CTX_get0_dh_kdf_ukm,
EVP_PKEY_CTX_set_ec_paramgen_curve_nid,
EVP_PKEY_CTX_set_ec_param_enc,
+EVP_PKEY_CTX_set_ecdh_cofactor_mode,
+EVP_PKEY_CTX_get_ecdh_cofactor_mode,
+EVP_PKEY_CTX_set_ecdh_kdf_type,
+EVP_PKEY_CTX_get_ecdh_kdf_type,
+EVP_PKEY_CTX_set_ecdh_kdf_md,
+EVP_PKEY_CTX_get_ecdh_kdf_md,
+EVP_PKEY_CTX_set_ecdh_kdf_outlen,
+EVP_PKEY_CTX_get_ecdh_kdf_outlen,
+EVP_PKEY_CTX_set0_ecdh_kdf_ukm,
+EVP_PKEY_CTX_get0_ecdh_kdf_ukm,
EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
- algorithm specific control operations
int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
int cmd, int p1, void *p2);
+ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+ int cmd, uint64_t value);
int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value);
+ int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
+
int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd);
#include <openssl/rsa.h>
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
+ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad);
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len);
int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
+ int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
+ int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len);
+ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
#include <openssl/dsa.h>
+
int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
#include <openssl/dh.h>
+
int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len);
int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen);
+ int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type);
int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad);
int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid);
+ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114);
+ int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+ int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid);
+ int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid);
+ int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+ int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
#include <openssl/ec.h>
+
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
+ int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
+ int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
+ int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
+ int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
+ int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
+ int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
+ int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
+ int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len);
+ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len);
int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id);
Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will
instead call one of the algorithm specific macros below.
+The function EVP_PKEY_CTX_ctrl_uint64() is a wrapper that directly passes a
+uint64 value as B<p2> to EVP_PKEY_CTX_ctrl().
+
The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm
specific control operation to a context B<ctx> in string form. This is
intended to be used for options specified on the command line or in text
command line pages for the option B<-pkeyopt> which is supported by the
B<pkeyutl>, B<genpkey> and B<req> commands.
+The function EVP_PKEY_CTX_md() sends a message digest control operation
+to the context B<ctx>. The message digest is specified by its name B<md>.
+
All the remaining "functions" are implemented as macros.
The EVP_PKEY_CTX_set_signature_md() macro sets the message digest type used
The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms
supported by the L<EVP_PKEY_new_raw_private_key(3)> function.
-The macro EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for B<ctx>.
-The B<pad> parameter can take the value RSA_PKCS1_PADDING for PKCS#1 padding,
-RSA_SSLV23_PADDING for SSLv23 padding, RSA_NO_PADDING for no padding,
-RSA_PKCS1_OAEP_PADDING for OAEP padding (encrypt and decrypt only),
-RSA_X931_PADDING for X9.31 padding (signature operations only) and
-RSA_PKCS1_PSS_PADDING (sign and verify only).
+=head2 RSA parameters
+
+The EVP_PKEY_CTX_set_rsa_padding() macro sets the RSA padding mode for B<ctx>.
+The B<pad> parameter can take the value B<RSA_PKCS1_PADDING> for PKCS#1
+padding, B<RSA_SSLV23_PADDING> for SSLv23 padding, B<RSA_NO_PADDING> for
+no padding, B<RSA_PKCS1_OAEP_PADDING> for OAEP padding (encrypt and
+decrypt only), B<RSA_X931_PADDING> for X9.31 padding (signature operations
+only) and B<RSA_PKCS1_PSS_PADDING> (sign and verify only).
Two RSA padding modes behave differently if EVP_PKEY_CTX_set_signature_md()
is used. If this macro is called for PKCS#1 padding the plaintext buffer is
if this control is called. If it is not called then the first byte of the plaintext
buffer is expected to be the algorithm identifier byte.
+The EVP_PKEY_CTX_get_rsa_padding() macro gets the RSA padding mode for B<ctx>.
+
The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to
-B<len> as its name implies it is only supported for PSS padding. Three special
-values are supported: RSA_PSS_SALTLEN_DIGEST sets the salt length to the
-digest length, RSA_PSS_SALTLEN_MAX sets the salt length to the maximum
-permissible value. When verifying RSA_PSS_SALTLEN_AUTO causes the salt length
+B<len>. As its name implies it is only supported for PSS padding. Three special
+values are supported: B<RSA_PSS_SALTLEN_DIGEST> sets the salt length to the
+digest length, B<RSA_PSS_SALTLEN_MAX> sets the salt length to the maximum
+permissible value. When verifying B<RSA_PSS_SALTLEN_AUTO> causes the salt length
to be automatically determined based on the B<PSS> block structure. If this
macro is not called maximum salt length is used when signing and auto detection
when verifying is used by default.
+The EVP_PKEY_CTX_get_rsa_pss_saltlen() macro gets the RSA PSS salt length
+for B<ctx>. The padding mode must have been set to B<RSA_PKCS1_PSS_PADDING>.
+
The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for
RSA key generation to B<bits>. If not specified 1024 bits is used.
The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
-for RSA key generation to B<pubexp> currently it should be an odd integer. The
+for RSA key generation to B<pubexp>. Currently it should be an odd integer. The
B<pubexp> pointer is used internally by this function so it should not be
-modified or free after the call. If this macro is not called then 65537 is used.
+modified or freed after the call. If not specified 65537 is used.
+
+The EVP_PKEY_CTX_set_rsa_keygen_primes() macro sets the number of primes for
+RSA key generation to B<primes>. If not specified 2 is used.
+
+The EVP_PKEY_CTX_set_rsa_mgf1_md() macro sets the MGF1 digest for RSA padding
+schemes to B<md>. If not explicitly set the signing digest is used. The
+padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING>
+or B<RSA_PKCS1_PSS_PADDING>.
+
+The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for B<ctx>.
+If not explicitly set the signing digest is used. The padding mode must have
+been set to B<RSA_PKCS1_OAEP_PADDING> or B<RSA_PKCS1_PSS_PADDING>.
+
+The EVP_PKEY_CTX_set_rsa_oaep_md() macro sets the message digest type used
+in RSA OAEP to B<md>. The padding mode must have been set to
+B<RSA_PKCS1_OAEP_PADDING>.
+
+The EVP_PKEY_CTX_get_rsa_oaep_md() macro gets the message digest type used
+in RSA OAEP to B<md>. The padding mode must have been set to
+B<RSA_PKCS1_OAEP_PADDING>.
+
+The EVP_PKEY_CTX_set0_rsa_oaep_label() macro sets the RSA OAEP label to
+B<label> and its length to B<len>. If B<label> is NULL or B<len> is 0,
+the label is cleared. The library takes ownership of the label so the
+caller should not free the original memory pointed to by B<label>.
+The padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING>.
+
+The EVP_PKEY_CTX_get0_rsa_oaep_label() macro gets the RSA OAEP label to
+B<label>. The return value is the label length. The padding mode
+must have been set to B<RSA_PKCS1_OAEP_PADDING>. The resulting pointer is owned
+by the library and should not be freed by the caller.
+
+=head2 DSA parameters
-The macro EVP_PKEY_CTX_set_dsa_paramgen_bits() sets the number of bits used
+The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used
for DSA parameter generation to B<bits>. If not specified 1024 is used.
-The macro EVP_PKEY_CTX_set_dh_paramgen_prime_len() sets the length of the DH
+=head2 DH parameters
+
+The EVP_PKEY_CTX_set_dh_paramgen_prime_len() macro sets the length of the DH
prime parameter B<p> for DH parameter generation. If this macro is not called
-then 1024 is used.
+then 1024 is used. Only accepts lengths greater than or equal to 256.
+
+The EVP_PKEY_CTX_set_dh_paramgen_subprime_len() macro sets the length of the DH
+optional subprime parameter B<q> for DH parameter generation. The default is
+256 if the prime is at least 2048 bits long or 160 otherwise. The DH
+paramgen type must have been set to x9.42.
The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B<gen>
for DH parameter generation. If not specified 2 is used.
+The EVP_PKEY_CTX_set_dh_paramgen_type() macro sets the key type for DH
+parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH.
+The default is 0.
+
The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B<pad> is
1 the shared secret is padded with zeroes up to the size of the DH prime B<p>.
If B<pad> is zero (the default) then no padding is performed.
EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to
-B<nid>. The B<nid> parameter must be B<NID_ffdhe2048>, B<NID_ffdhe3072>,
-B<NID_ffdhe4096>, B<NID_ffdhe6144> or B<NID_ffdhe8192>. This macro can be
-called during parameter or key generation.
+B<nid> as defined in RFC7919. The B<nid> parameter must be B<NID_ffdhe2048>,
+B<NID_ffdhe3072>, B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192>
+or B<NID_undef> to clear the stored value. This macro can be called during
+parameter or key generation.
+The nid parameter and the rfc5114 parameter are mutually exclusive.
+
+The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
+synonymous. They set the DH parameters to the values defined in RFC5114. The
+B<rfc5114> parameter must be 1, 2 or 3 corresponding to RFC5114 sections
+2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called
+during parameter generation. The B<ctx> must have a key type of
+B<EVP_PKEY_DHX>.
+The rfc5114 parameter and the nid parameter are mutually exclusive.
+
+=head2 DH key derivation function parameters
+
+Note that all of the following functions require that the B<ctx> parameter has
+a private key type of B<EVP_PKEY_DHX>. When using key derivation, the output of
+EVP_PKEY_derive() is the output of the KDF instead of the DH shared secret.
+The KDF output is typically used as a Key Encryption Key (KEK) that in turn
+encrypts a Content Encryption Key (CEK).
+
+The EVP_PKEY_CTX_set_dh_kdf_type() macro sets the key derivation function type
+to B<kdf> for DH key derivation. Possible values are B<EVP_PKEY_DH_KDF_NONE>
+and B<EVP_PKEY_DH_KDF_X9_42> which uses the key derivation specified in RFC2631
+(based on the keying algorithm described in X9.42). When using key derivation,
+the B<kdf_oid>, B<kdf_md> and B<kdf_outlen> parameters must also be specified.
+
+The EVP_PKEY_CTX_get_dh_kdf_type() macro gets the key derivation function type
+for B<ctx> used for DH key derivation. Possible values are B<EVP_PKEY_DH_KDF_NONE>
+and B<EVP_PKEY_DH_KDF_X9_42>.
+
+The EVP_PKEY_CTX_set0_dh_kdf_oid() macro sets the key derivation function
+object identifier to B<oid> for DH key derivation. This OID should identify
+the algorithm to be used with the Content Encryption Key.
+The library takes ownership of the object identifier so the caller should not
+free the original memory pointed to by B<oid>.
+
+The EVP_PKEY_CTX_get0_dh_kdf_oid() macro gets the key derivation function oid
+for B<ctx> used for DH key derivation. The resulting pointer is owned by the
+library and should not be freed by the caller.
+
+The EVP_PKEY_CTX_set_dh_kdf_md() macro sets the key derivation function
+message digest to B<md> for DH key derivation. Note that RFC2631 specifies
+that this digest should be SHA1 but OpenSSL tolerates other digests.
+
+The EVP_PKEY_CTX_get_dh_kdf_md() macro gets the key derivation function
+message digest for B<ctx> used for DH key derivation.
+
+The EVP_PKEY_CTX_set_dh_kdf_outlen() macro sets the key derivation function
+output length to B<len> for DH key derivation.
+
+The EVP_PKEY_CTX_get_dh_kdf_outlen() macro gets the key derivation function
+output length for B<ctx> used for DH key derivation.
+
+The EVP_PKEY_CTX_set0_dh_kdf_ukm() macro sets the user key material to
+B<ukm> and its length to B<len> for DH key derivation. This parameter is optional
+and corresponds to the partyAInfo field in RFC2631 terms. The specification
+requires that it is 512 bits long but this is not enforced by OpenSSL.
+The library takes ownership of the user key material so the caller should not
+free the original memory pointed to by B<ukm>.
+
+The EVP_PKEY_CTX_get0_dh_kdf_ukm() macro gets the user key material for B<ctx>.
+The return value is the user key material length. The resulting pointer is owned
+by the library and should not be freed by the caller.
+
+=head2 EC parameters
The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter
generation to B<nid>. For EC parameter generation this macro must be called
This function can also be called to set the curve explicitly when
generating an EC key.
-The EVP_PKEY_CTX_set_ec_param_enc() sets the EC parameter encoding to
+The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to
B<param_enc> when generating EC parameters or an EC key. The encoding can be
B<OPENSSL_EC_EXPLICIT_CURVE> for explicit parameters (the default in versions
of OpenSSL before 1.1.0) or B<OPENSSL_EC_NAMED_CURVE> to use named curve form.
B<OPENSSL_EC_NAMED_CURVE> value was only added to OpenSSL 1.1.0; previous
versions should use 0 instead.
+=head2 ECDH parameters
+
+The EVP_PKEY_CTX_set_ecdh_cofactor_mode() macro sets the cofactor mode to
+B<cofactor_mode> for ECDH key derivation. Possible values are 1 to enable
+cofactor key derivation, 0 to disable it and -1 to clear the stored cofactor
+mode and fallback to the private key cofactor mode.
+
+The EVP_PKEY_CTX_get_ecdh_cofactor_mode() macro returns the cofactor mode for
+B<ctx> used for ECDH key derivation. Possible values are 1 when cofactor key
+derivation is enabled and 0 otherwise.
+
+=head2 ECDH key derivation function parameters
+
+The EVP_PKEY_CTX_set_ecdh_kdf_type() macro sets the key derivation function type
+to B<kdf> for ECDH key derivation. Possible values are B<EVP_PKEY_ECDH_KDF_NONE>
+and B<EVP_PKEY_ECDH_KDF_X9_63> which uses the key derivation specified in X9.63.
+When using key derivation, the B<kdf_md> and B<kdf_outlen> parameters must
+also be specified.
+
+The EVP_PKEY_CTX_get_ecdh_kdf_type() macro returns the key derivation function
+type for B<ctx> used for ECDH key derivation. Possible values are
+B<EVP_PKEY_ECDH_KDF_NONE> and B<EVP_PKEY_ECDH_KDF_X9_63>.
+
+The EVP_PKEY_CTX_set_ecdh_kdf_md() macro sets the key derivation function
+message digest to B<md> for ECDH key derivation. Note that X9.63 specifies
+that this digest should be SHA1 but OpenSSL tolerates other digests.
+
+The EVP_PKEY_CTX_get_ecdh_kdf_md() macro gets the key derivation function
+message digest for B<ctx> used for ECDH key derivation.
+
+The EVP_PKEY_CTX_set_ecdh_kdf_outlen() macro sets the key derivation function
+output length to B<len> for ECDH key derivation.
+
+The EVP_PKEY_CTX_get_ecdh_kdf_outlen() macro gets the key derivation function
+output length for B<ctx> used for ECDH key derivation.
+
+The EVP_PKEY_CTX_set0_ecdh_kdf_ukm() macro sets the user key material to B<ukm>
+for ECDH key derivation. This parameter is optional and corresponds to the
+shared info in X9.63 terms. The library takes ownership of the user key material
+so the caller should not free the original memory pointed to by B<ukm>.
+
+The EVP_PKEY_CTX_get0_ecdh_kdf_ukm() macro gets the user key material for B<ctx>.
+The return value is the user key material length. The resulting pointer is owned
+by the library and should not be freed by the caller.
+
+=head2 Other parameters
+
The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and EVP_PKEY_CTX_get1_id_len()
macros are used to manipulate the special identifier field for specific signature
algorithms such as SM2. The EVP_PKEY_CTX_set1_id() sets an ID pointed by B<id> with
L<EVP_PKEY_sign(3)>,
L<EVP_PKEY_verify(3)>,
L<EVP_PKEY_verify_recover(3)>,
-L<EVP_PKEY_derive(3)>
+L<EVP_PKEY_derive(3)>,
L<EVP_PKEY_keygen(3)>
=head1 HISTORY
=back
-EVP_PKEY_set_hkdf_md() sets the message digest associated with the HKDF.
+EVP_PKEY_CTX_set_hkdf_md() sets the message digest associated with the HKDF.
EVP_PKEY_CTX_set1_hkdf_salt() sets the salt to B<saltlen> bytes of the
buffer B<salt>. Any existing value is replaced.
-EVP_PKEY_CTX_set_hkdf_key() sets the key to B<keylen> bytes of the buffer
+EVP_PKEY_CTX_set1_hkdf_key() sets the key to B<keylen> bytes of the buffer
B<key>. Any existing value is replaced.
EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B<infolen> bytes of the
If the key has usage restrictions then an error is returned if an attempt is
made to set the salt length below the minimum value. It is otherwise similar
to the B<RSA> operation except detection of the salt length (using
-RSA_PSS_SALTLEN_AUTO is not supported for verification if the key has
+RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has
usage restrictions.
The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros
=head2 Key Generation
-As with RSA key generation the EVP_PKEY_CTX_set_rsa_rsa_keygen_bits()
+As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits()
and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS:
they have exactly the same meaning as for the RSA algorithm.
EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
-EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id,
-EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assignment functions
+EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
+EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
+EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type,
+EVP_PKEY_set1_engine - EVP_PKEY assignment functions
=head1 SYNOPSIS
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
+ int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
+ int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
int EVP_PKEY_id(const EVP_PKEY *pkey);
int EVP_PKEY_base_id(const EVP_PKEY *pkey);
EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
B<NULL> if the key is not of the correct type.
-EVP_PKEY_get0_hmac(), EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
-EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() also return the
-referenced key in B<pkey> or B<NULL> if the key is not of the
-correct type but the reference count of the returned key is
-B<not> incremented and so must not be freed up after use.
+EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
+EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH()
+and EVP_PKEY_get0_EC_KEY() also return the referenced key in B<pkey> or B<NULL>
+if the key is not of the correct type but the reference count of the
+returned key is B<not> incremented and so must not be freed up after use.
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and
+EVP_PKEY_assign_SIPHASH() also set the referenced key to B<key>
however these use the supplied B<key> internally and so B<key>
will be freed when the parent B<pkey> is freed.
from or assigned to the B<pkey> using the B<1> functions must be
freed as well as B<pkey>.
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() are implemented as macros.
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
+and EVP_PKEY_assign_SIPHASH() are implemented as macros.
Most applications wishing to know a key type will simply call
EVP_PKEY_base_id() and will not care about the actual type:
EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if
an error occurred.
-EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
+EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
+EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
+and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key
type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
EVP_aes_128_cfb8,
EVP_aes_192_cfb8,
EVP_aes_256_cfb8,
+EVP_aes_128_cfb128,
+EVP_aes_192_cfb128,
+EVP_aes_256_cfb128,
EVP_aes_128_ctr,
EVP_aes_192_ctr,
EVP_aes_256_ctr,
EVP_aes_128_cfb8(),
EVP_aes_192_cfb8(),
EVP_aes_256_cfb8(),
+EVP_aes_128_cfb128(),
+EVP_aes_192_cfb128(),
+EVP_aes_256_cfb128(),
EVP_aes_128_ctr(),
EVP_aes_192_ctr(),
EVP_aes_256_ctr(),
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
EVP_aria_128_cfb8,
EVP_aria_192_cfb8,
EVP_aria_256_cfb8,
+EVP_aria_128_cfb128,
+EVP_aria_192_cfb128,
+EVP_aria_256_cfb128,
EVP_aria_128_ctr,
EVP_aria_192_ctr,
EVP_aria_256_ctr,
EVP_aria_128_cfb8(),
EVP_aria_192_cfb8(),
EVP_aria_256_cfb8(),
+EVP_aria_128_cfb128(),
+EVP_aria_192_cfb128(),
+EVP_aria_256_cfb128(),
EVP_aria_128_ctr(),
EVP_aria_192_ctr(),
EVP_aria_256_ctr(),
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
EVP_bf_cbc,
EVP_bf_cfb,
+EVP_bf_cfb64,
EVP_bf_ecb,
EVP_bf_ofb
- EVP Blowfish cipher
const EVP_CIPHER *EVP_bf_cbc(void)
const EVP_CIPHER *EVP_bf_cfb(void)
+ const EVP_CIPHER *EVP_bf_cfb64(void)
const EVP_CIPHER *EVP_bf_ecb(void)
const EVP_CIPHER *EVP_bf_ofb(void)
=item EVP_bf_cbc(),
EVP_bf_cfb(),
+EVP_bf_cfb64(),
EVP_bf_ecb(),
EVP_bf_ofb()
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
EVP_camellia_128_cfb8,
EVP_camellia_192_cfb8,
EVP_camellia_256_cfb8,
+EVP_camellia_128_cfb128,
+EVP_camellia_192_cfb128,
+EVP_camellia_256_cfb128,
EVP_camellia_128_ctr,
EVP_camellia_192_ctr,
EVP_camellia_256_ctr,
EVP_camellia_128_cfb8(),
EVP_camellia_192_cfb8(),
EVP_camellia_256_cfb8(),
+EVP_camellia_128_cfb128(),
+EVP_camellia_192_cfb128(),
+EVP_camellia_256_cfb128(),
EVP_camellia_128_ctr(),
EVP_camellia_192_ctr(),
EVP_camellia_256_ctr(),
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
EVP_cast5_cbc,
EVP_cast5_cfb,
+EVP_cast5_cfb64,
EVP_cast5_ecb,
EVP_cast5_ofb
- EVP CAST cipher
const EVP_CIPHER *EVP_cast5_cbc(void)
const EVP_CIPHER *EVP_cast5_cfb(void)
+ const EVP_CIPHER *EVP_cast5_cfb64(void)
const EVP_CIPHER *EVP_cast5_ecb(void)
const EVP_CIPHER *EVP_cast5_ofb(void)
=item EVP_cast5_cbc(),
EVP_cast5_ecb(),
EVP_cast5_cfb(),
+EVP_cast5_cfb64(),
EVP_cast5_ofb()
CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
EVP_des_cfb,
EVP_des_cfb1,
EVP_des_cfb8,
+EVP_des_cfb64,
EVP_des_ecb,
+EVP_des_ofb,
EVP_des_ede,
+EVP_des_ede_cbc,
EVP_des_ede_cfb,
+EVP_des_ede_cfb64,
+EVP_des_ede_ecb,
EVP_des_ede_ofb,
-EVP_des_ofb,
EVP_des_ede3,
EVP_des_ede3_cbc,
EVP_des_ede3_cfb,
EVP_des_ede3_cfb1,
EVP_des_ede3_cfb8,
+EVP_des_ede3_cfb64,
+EVP_des_ede3_ecb,
EVP_des_ede3_ofb,
-EVP_des_ede3_wrap,
-EVP_des_ede_cbc
+EVP_des_ede3_wrap
- EVP DES cipher
=head1 SYNOPSIS
EVP_des_cfb(),
EVP_des_cfb1(),
EVP_des_cfb8(),
+EVP_des_cfb64(),
EVP_des_ofb()
-DES in CBC, ECB, CFB with 128-bit shift, CFB with 1-bit shift, CFB with 8-bit
-shift and OFB modes respectively.
+DES in CBC, ECB, CFB with 64-bit shift, CFB with 1-bit shift, CFB with 8-bit
+shift and OFB modes.
=item EVP_des_ede(),
EVP_des_ede_cbc(),
-EVP_des_ede_ofb(),
-EVP_des_ede_cfb()
+EVP_des_ede_cfb(),
+EVP_des_ede_cfb64(),
+EVP_des_ede_ecb(),
+EVP_des_ede_ofb()
-Two key triple DES in ECB, CBC, CFB and OFB modes respectively.
+Two key triple DES in ECB, CBC, CFB with 64-bit shift and OFB modes.
=item EVP_des_ede3(),
EVP_des_ede3_cbc(),
EVP_des_ede3_cfb(),
EVP_des_ede3_cfb1(),
EVP_des_ede3_cfb8(),
+EVP_des_ede3_cfb64(),
+EVP_des_ede3_ecb(),
EVP_des_ede3_ofb()
-Three-key triple DES in ECB, CBC, CFB with 128-bit shift, CFB with 1-bit shift,
-CFB with 8-bit shift and OFB modes respectively.
+Three-key triple DES in ECB, CBC, CFB with 64-bit shift, CFB with 1-bit shift,
+CFB with 8-bit shift and OFB modes.
=item EVP_des_ede3_wrap()
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
EVP_idea_cbc,
EVP_idea_cfb,
+EVP_idea_cfb64,
EVP_idea_ecb,
EVP_idea_ofb
- EVP IDEA cipher
const EVP_CIPHER *EVP_idea_cbc(void)
const EVP_CIPHER *EVP_idea_cfb(void)
+ const EVP_CIPHER *EVP_idea_cfb64(void)
const EVP_CIPHER *EVP_idea_ecb(void)
const EVP_CIPHER *EVP_idea_ofb(void)
=item EVP_idea_cbc(),
EVP_idea_cfb(),
+EVP_idea_cfb64(),
EVP_idea_ecb(),
EVP_idea_ofb()
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
=head1 NAME
-EVP_md5
+EVP_md5,
+EVP_md5_sha1
- MD5 For EVP
=head1 SYNOPSIS
#include <openssl/evp.h>
const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_md5_sha1(void);
=head1 DESCRIPTION
EVP_rc2_cbc,
EVP_rc2_cfb,
+EVP_rc2_cfb64,
EVP_rc2_ecb,
EVP_rc2_ofb,
EVP_rc2_40_cbc,
const EVP_CIPHER *EVP_rc2_cbc(void)
const EVP_CIPHER *EVP_rc2_cfb(void)
+ const EVP_CIPHER *EVP_rc2_cfb64(void)
const EVP_CIPHER *EVP_rc2_ecb(void)
const EVP_CIPHER *EVP_rc2_ofb(void)
const EVP_CIPHER *EVP_rc2_40_cbc(void)
=item EVP_rc2_cbc(),
EVP_rc2_cfb(),
+EVP_rc2_cfb64(),
EVP_rc2_ecb(),
EVP_rc2_ofb()
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
EVP_rc5_32_12_16_cbc,
EVP_rc5_32_12_16_cfb,
+EVP_rc5_32_12_16_cfb64,
EVP_rc5_32_12_16_ecb,
EVP_rc5_32_12_16_ofb
- EVP RC5 cipher
const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void)
const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
=item EVP_rc5_32_12_16_cbc(),
EVP_rc5_32_12_16_cfb(),
+EVP_rc5_32_12_16_cfb64(),
EVP_rc5_32_12_16_ecb(),
EVP_rc5_32_12_16_ofb()
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
EVP_seed_cbc,
EVP_seed_cfb,
+EVP_seed_cfb128,
EVP_seed_ecb,
EVP_seed_ofb
- EVP SEED cipher
const EVP_CIPHER *EVP_seed_cbc(void)
const EVP_CIPHER *EVP_seed_cfb(void)
+ const EVP_CIPHER *EVP_seed_cfb128(void)
const EVP_CIPHER *EVP_seed_ecb(void)
const EVP_CIPHER *EVP_seed_ofb(void)
=item EVP_seed_cbc(),
EVP_seed_cfb(),
+EVP_seed_cfb128(),
EVP_seed_ecb(),
EVP_seed_ofb()
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
EVP_sm4_cbc,
EVP_sm4_ecb,
EVP_sm4_cfb,
+EVP_sm4_cfb128,
EVP_sm4_ofb,
EVP_sm4_ctr
- EVP SM4 cipher
const EVP_CIPHER *EVP_sm4_cbc(void);
const EVP_CIPHER *EVP_sm4_ecb(void);
const EVP_CIPHER *EVP_sm4_cfb(void);
+ const EVP_CIPHER *EVP_sm4_cfb128(void);
const EVP_CIPHER *EVP_sm4_ofb(void);
const EVP_CIPHER *EVP_sm4_ctr(void);
=item EVP_sm4_cbc(),
EVP_sm4_ecb(),
EVP_sm4_cfb(),
+EVP_sm4_cfb128(),
EVP_sm4_ofb(),
EVP_sm4_ctr()
=head1 NAME
-OPENSSL_VERSION_NUMBER, OpenSSL_version,
+OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version,
OpenSSL_version_num - get OpenSSL version number
=head1 SYNOPSIS
#include <openssl/opensslv.h>
#define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+ #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
#include <openssl/crypto.h>
except the patch level got the highest bit set, to keep continuity. The
number was therefore 0x0090581f.
+OPENSSL_VERSION_TEXT is the text variant of the version number and the
+release date. For example,
+"OpenSSL 1.0.1a 15 Oct 2015".
+
OpenSSL_version_num() returns the version number.
OpenSSL_version() returns different strings depending on B<t>:
unsigned char *to, RSA *rsa, int padding));
/* Can be null */
- int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *I,
+ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
RSA *rsa, BN_CTX *ctx);
int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
- int (*mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
BN_CTX *ctx));
/* Can be null */
=head1 NAME
-SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list,
-SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list,
-SSL_get0_peer_CA_list - get or set CA list
+SSL_CTX_set_client_CA_list,
+SSL_set_client_CA_list,
+SSL_get_client_CA_list,
+SSL_CTX_get_client_CA_list,
+SSL_CTX_add_client_CA,
+SSL_add_client_CA,
+SSL_set0_CA_list,
+SSL_CTX_set0_CA_list,
+SSL_get0_CA_list,
+SSL_CTX_get0_CA_list,
+SSL_add1_to_CA_list,
+SSL_CTX_add1_to_CA_list,
+SSL_get0_peer_CA_list
+- get or set CA list
=head1 SYNOPSIS
#include <openssl/ssl.h>
+ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+ STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
+ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+ int SSL_add_client_CA(SSL *ssl, X509 *cacert);
+
void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
=head1 DESCRIPTION
+The functions described here set and manage the list of CA names that are sent
+between two communicating peers.
+
+For TLS versions 1.2 and earlier the list of CA names is only sent from the
+server to the client when requesting a client certificate. So any list of CA
+names set is never sent from client to server and the list of CA names retrieved
+by SSL_get0_peer_CA_list() is always B<NULL>.
+
+For TLS 1.3 the list of CA names is sent using the B<certificate_authorities>
+extension and may be sent by a client (in the ClientHello message) or by
+a server (when requesting a certificate).
+
+In most cases it is not necessary to set CA names on the client side. The list
+of CA names that are acceptable to the client will be sent in plaintext to the
+server. This has privacy implications and may also have performance implications
+if the list is large. This optional capability was introduced as part of TLSv1.3
+and therefore setting CA names on the client side will have no impact if that
+protocol version has been disabled. Most servers do not need this and so this
+should be avoided unless required.
+
+The "client CA list" functions below only have an effect when called on the
+server side.
+
+SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for B<ctx>. Ownership of B<list> is transferred
+to B<ctx> and it should not be freed by the caller.
+
+SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for the chosen B<ssl>, overriding the
+setting valid for B<ssl>'s SSL_CTX object. Ownership of B<list> is transferred
+to B<s> and it should not be freed by the caller.
+
+SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
+B<ctx> using SSL_CTX_set_client_CA_list(). The returned list should not be freed
+by the caller.
+
+SSL_get_client_CA_list() returns the list of client CAs explicitly
+set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
+SSL_CTX_set_client_CA_list(), when in server mode. In client mode,
+SSL_get_client_CA_list returns the list of client CAs sent from the server, if
+any. The returned list should not be freed by the caller.
+
+SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+B<ctx>.
+
+SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
+
+SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer
+has sent. This can be called on either the server or the client side. The
+returned list should not be freed by the caller.
+
+The "generic CA list" functions below are very similar to the "client CA
+list" functions except that they have an effect on both the server and client
+sides. The lists of CA names managed are separate - so you cannot (for example)
+set CA names using the "client CA list" functions and then get them using the
+"generic CA list" functions. Where a mix of the two types of functions has been
+used on the server side then the "client CA list" functions take precedence.
+Typically, on the server side, the "client CA list " functions should be used in
+preference. As noted above in most cases it is not necessary to set CA names on
+the client side.
+
SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to
B<name_list>. Ownership of B<name_list> is transferred to B<ctx> and
it should not be freed by the caller.
B<name_list> is transferred to B<s> and it should not be freed by the caller.
SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
-B<ctx>.
+B<ctx>. The returned list should not be freed by the caller.
-SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
-B<s> or if none are set the list from the parent B<SSL_CTX> is retrieved.
+SSL_get0_CA_list() retrieves any previously set list of CAs set for
+B<s> or if none are set the list from the parent B<SSL_CTX> is retrieved. The
+returned list should not be freed by the caller.
SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from B<x> to the
list of CAs sent to peer for B<ctx>.
list of CAs sent to the peer for B<s>, overriding the setting in the parent
B<SSL_CTX>.
-SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer
-has sent.
-
=head1 NOTES
-These functions are generalised versions of the client authentication
-CA list functions such as L<SSL_CTX_set_client_CA_list(3)>.
+When a TLS/SSL server requests a client certificate (see
+B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which it will accept
+certificates, to the client.
-For TLS versions before 1.3 the list of CA names is only sent from the server
-to client when requesting a client certificate. So any list of CA names set
-is never sent from client to server and the list of CA names retrieved by
-SSL_get0_peer_CA_list() is always B<NULL>.
+This list must explicitly be set using SSL_CTX_set_client_CA_list() or
+SSL_CTX_set0_CA_list() for B<ctx> and SSL_set_client_CA_list() or
+SSL_set0_CA_list() for the specific B<ssl>. The list specified
+overrides the previous setting. The CAs listed do not become trusted (B<list>
+only contains the names, not the complete certificates); use
+L<SSL_CTX_load_verify_locations(3)> to additionally load them for verification.
-For TLS 1.3 the list of CA names is sent using the B<certificate_authorities>
-extension and will be sent by a client (in the ClientHello message) or by
-a server (when requesting a certificate).
+If the list of acceptable CAs is compiled in a file, the
+L<SSL_load_client_CA_file(3)> function can be used to help to import the
+necessary data.
+
+SSL_CTX_add_client_CA(), SSL_CTX_add1_to_CA_list(), SSL_add_client_CA() and
+SSL_add1_to_CA_list() can be used to add additional items the list of CAs. If no
+list was specified before using SSL_CTX_set_client_CA_list(),
+SSL_CTX_set0_CA_list(), SSL_set_client_CA_list() or SSL_set0_CA_list(), a
+new CA list for B<ctx> or B<ssl> (as appropriate) is opened.
=head1 RETURN VALUES
-SSL_CTX_set0_CA_list() and SSL_set0_CA_list() do not return a value.
+SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(),
+SSL_CTX_set_client_CA_list(), SSL_set_client_CA_list(), SSL_CTX_set0_CA_list()
+and SSL_set0_CA_list() do not return a value.
-SSL_CTX_get0_CA_list() and SSL_get0_CA_list() return a stack of CA names
-or B<NULL> is no CA names are set.
+SSL_CTX_get_client_CA_list(), SSL_get_client_CA_list(), SSL_CTX_get0_CA_list()
+and SSL_get0_CA_list() return a stack of CA names or B<NULL> is no CA names are
+set.
-SSL_CTX_add1_to_CA_list() and SSL_add1_to_CA_list() return 1 for success and 0
-for failure.
+SSL_CTX_add_client_CA(),SSL_add_client_CA(), SSL_CTX_add1_to_CA_list() and
+SSL_add1_to_CA_list() return 1 for success and 0 for failure.
SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or
B<NULL> or an empty stack if no list was sent.
+=head1 EXAMPLES
+
+Scan all certificates in B<CAfile> and list them as acceptable CAs:
+
+ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+
=head1 SEE ALSO
L<ssl(7)>,
-L<SSL_CTX_set_client_CA_list(3)>,
-L<SSL_get_client_CA_list(3)>,
L<SSL_load_client_CA_file(3)>,
L<SSL_CTX_load_verify_locations(3)>
=head1 COPYRIGHT
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
=head1 DESCRIPTION
+For all of the functions below that set the supported groups there must be at
+least one group in the list.
+
SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen>
groups in the array B<glist>. The array consist of all NIDs of groups in
preference order. For a TLS client the groups are used directly in the
=head1 COPYRIGHT
-Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
+++ /dev/null
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
-SSL_add_client_CA - set list of CAs sent to the client when requesting a
-client certificate
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
- void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
- int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
- int SSL_add_client_CA(SSL *ssl, X509 *cacert);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
-requesting a client certificate for B<ctx>.
-
-SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
-requesting a client certificate for the chosen B<ssl>, overriding the
-setting valid for B<ssl>'s SSL_CTX object.
-
-SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
-list of CAs sent to the client when requesting a client certificate for
-B<ctx>.
-
-SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
-list of CAs sent to the client when requesting a client certificate for
-the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
-
-=head1 NOTES
-
-When a TLS/SSL server requests a client certificate (see
-B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which
-it will accept certificates, to the client.
-
-This list must explicitly be set using SSL_CTX_set_client_CA_list() for
-B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
-specified overrides the previous setting. The CAs listed do not become
-trusted (B<list> only contains the names, not the complete certificates); use
-L<SSL_CTX_load_verify_locations(3)>
-to additionally load them for verification.
-
-If the list of acceptable CAs is compiled in a file, the
-L<SSL_load_client_CA_file(3)>
-function can be used to help importing the necessary data.
-
-SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
-items the list of client CAs. If no list was specified before using
-SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
-CA list for B<ctx> or B<ssl> (as appropriate) is opened.
-
-These functions are only useful for TLS/SSL servers.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
-diagnostic information.
-
-SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
-values:
-
-=over 4
-
-=item Z<>0
-
-A failure while manipulating the STACK_OF(X509_NAME) object occurred or
-the X509_NAME could not be extracted from B<cacert>. Check the error stack
-to find out the reason.
-
-=item Z<>1
-
-The operation succeeded.
-
-=back
-
-=head1 EXAMPLES
-
-Scan all certificates in B<CAfile> and list them as acceptable CAs:
-
- SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
-
-=head1 SEE ALSO
-
-L<ssl(7)>,
-L<SSL_get_client_CA_list(3)>,
-L<SSL_load_client_CA_file(3)>,
-L<SSL_CTX_load_verify_locations(3)>
-
-=head1 COPYRIGHT
-
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
=head1 NOTES
Normally when a SSL connection is finished, the parties must send out
-"close notify" alert messages using L<SSL_shutdown(3)>
+close_notify alert messages using L<SSL_shutdown(3)>
for a clean shutdown.
When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)>
(L<SSL_shutdown(3)> then behaves like
L<SSL_set_shutdown(3)> called with
SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
-The session is thus considered to be shutdown, but no "close notify" alert
+The session is thus considered to be shutdown, but no close_notify alert
is sent to the peer. This behaviour violates the TLS standard.
The default is normal shutdown behaviour as described by the TLS standard.
=head1 COPYRIGHT
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
+++ /dev/null
-=pod
-
-=head1 NAME
-
-SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
- STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
-B<ctx> using L<SSL_CTX_set_client_CA_list(3)>.
-
-SSL_get_client_CA_list() returns the list of client CAs explicitly
-set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
-L<SSL_CTX_set_client_CA_list(3)>, when in
-server mode. In client mode, SSL_get_client_CA_list returns the list of
-client CAs sent from the server, if any.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
-diagnostic information.
-
-SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
-values:
-
-=over 4
-
-=item STACK_OF(X509_NAMES)
-
-List of CA names explicitly set (for B<ctx> or in server mode) or send
-by the server (client mode).
-
-=item NULL
-
-No client CA list was explicitly set (for B<ctx> or in server mode) or
-the server did not send a list of CAs (client mode).
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(7)>,
-L<SSL_CTX_set_client_CA_list(3)>,
-L<SSL_CTX_set_client_cert_cb(3)>
-
-=head1 COPYRIGHT
-
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
=item SSL_ERROR_ZERO_RETURN
The TLS/SSL peer has closed the connection for writing by sending the
-"close notify" alert.
+close_notify alert.
No more data can be read.
Note that B<SSL_ERROR_ZERO_RETURN> does not necessarily
indicate that the underlying transport has been closed.
=head1 NAME
-SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid - get TLS
-message signing types
+SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid,
+SSL_get_signature_nid, SSL_get_signature_type_nid - get TLS message signing
+types
=head1 SYNOPSIS
int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid);
int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid);
+ int SSL_get_signature_nid(SSL *ssl, int *psig_nid);
+ int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid);
=head1 DESCRIPTION
B<rsa_pss_rsae_*> and B<rsa_pss_pss_*> signatures, it's necessary to check
the type of public key in the peer's certificate.
+SSL_get_signature_nid() and SSL_get_signature_type_nid() return the equivalent
+information for the local end of the connection.
+
=head1 RETURN VALUES
These functions return 1 for success and 0 for failure. There are several
possible reasons for failure: the cipher suite has no signature (e.g. it
uses RSA key exchange or is anonymous), the TLS version is below 1.2 or
-the functions were called before the peer signed a message.
+the functions were called too early, e.g. before the peer signed a message.
=head1 SEE ALSO
--- /dev/null
+=pod
+
+=head1 NAME
+
+SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key - get information
+about temporary keys used during a handshake
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
+ long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key);
+
+=head1 DESCRIPTION
+
+SSL_get_peer_tmp_key() returns the temporary key provided by the peer and
+used during key exchange. For example, if ECDHE is in use, then this represents
+the peer's public ECDHE key. On success a pointer to the key is stored in
+B<*key>. It is the caller's responsibility to free this key after use using
+L<EVP_PKEY_free(3)>.
+
+SSL_get_server_tmp_key() is a backwards compatibility alias for
+SSL_get_peer_tmp_key().
+Under that name it worked just on the client side of the connection, its
+behaviour on the server end is release-dependent.
+
+SSL_get_tmp_key() returns the equivalent information for the local
+end of the connection.
+
+=head1 RETURN VALUES
+
+All these functions return 1 on success and 0 otherwise.
+
+=head1 NOTES
+
+This function is implemented as a macro.
+
+=head1 SEE ALSO
+
+L<ssl(7)>, L<EVP_PKEY_free(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
+++ /dev/null
-=pod
-
-=head1 NAME
-
-SSL_get_server_tmp_key - get information about the server's temporary key used
-during a handshake
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
-
-=head1 DESCRIPTION
-
-SSL_get_server_tmp_key() returns the temporary key provided by the server and
-used during key exchange. For example, if ECDHE is in use, then this represents
-the server's public ECDHE key. On success a pointer to the key is stored in
-B<*key>. It is the caller's responsibility to free this key after use using
-L<EVP_PKEY_free(3)>. This function may only be called by the client.
-
-=head1 RETURN VALUES
-
-SSL_get_server_tmp_key() returns 1 on success or 0 otherwise.
-
-=head1 NOTES
-
-This function is implemented as a macro.
-
-=head1 SEE ALSO
-
-L<ssl(7)>, L<EVP_PKEY_free(3)>
-
-=head1 COPYRIGHT
-
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the OpenSSL license (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
=head1 RETURN VALUES
-SSL_set_bio(), SSL_set_rbio() and SSL_set_wbio() cannot fail.
+SSL_set_bio(), SSL_set0_rbio() and SSL_set0_wbio() cannot fail.
=head1 SEE ALSO
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
=item SSL_SENT_SHUTDOWN
-A "close notify" shutdown alert was sent to the peer, the connection is being
+A close_notify shutdown alert was sent to the peer, the connection is being
considered closed and the session is closed and correct.
=item SSL_RECEIVED_SHUTDOWN
-A shutdown alert was received form the peer, either a normal "close notify"
+A shutdown alert was received form the peer, either a normal close_notify
or a fatal error.
=back
L<SSL_clear(3)> or L<SSL_free(3)> is called,
it is considered bad and removed according to RFC2246.
The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN
-(according to the TLS RFC, it is acceptable to only send the "close notify"
+(according to the TLS RFC, it is acceptable to only send the close_notify
alert but to not wait for the peer's answer, when the underlying connection
is closed).
SSL_set_shutdown() can be used to set this state without sending a
close alert to the peer (see L<SSL_shutdown(3)>).
-If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set,
+If a close_notify was received, SSL_RECEIVED_SHUTDOWN will be set,
for setting SSL_SENT_SHUTDOWN the application must however still call
L<SSL_shutdown(3)> or SSL_set_shutdown() itself.
=head1 COPYRIGHT
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
=head1 DESCRIPTION
SSL_shutdown() shuts down an active TLS/SSL connection. It sends the
-"close notify" shutdown alert to the peer.
+close_notify shutdown alert to the peer.
=head1 NOTES
-SSL_shutdown() tries to send the "close notify" shutdown alert to the peer.
+SSL_shutdown() tries to send the close_notify shutdown alert to the peer.
Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
a currently open session is considered closed and good and will be kept in the
session cache for further reuse.
-The shutdown procedure consists of 2 steps: the sending of the "close notify"
-shutdown alert and the reception of the peer's "close notify" shutdown
-alert. According to the TLS standard, it is acceptable for an application
-to only send its shutdown alert and then close the underlying connection
-without waiting for the peer's response (this way resources can be saved,
-as the process can already terminate or serve another connection).
-When the underlying connection shall be used for more communications, the
-complete shutdown procedure (bidirectional "close notify" alerts) must be
-performed, so that the peers stay synchronized.
+The shutdown procedure consists of two steps: sending of the close_notify
+shutdown alert, and reception of the peer's close_notify shutdown alert.
+The order of those two steps depends on the application.
+
+It is acceptable for an application to only send its shutdown alert and
+then close the underlying connection without waiting for the peer's response.
+This way resources can be saved, as the process can already terminate or
+serve another connection.
+This should only be done when it is known that the other side will not send more
+data, otherwise there is a risk of a truncation attack.
-SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
-behaviour.
+When a client only writes and never reads from the connection, and the server
+has sent a session ticket to establish a session, the client might not be able
+to resume the session because it did not received and process the session ticket
+from the server.
+In case the application wants to be able to resume the session, it is recommended to
+do a complete shutdown procedure (bidirectional close_notify alerts).
+
+When the underlying connection shall be used for more communications, the
+complete shutdown procedure must be performed, so that the peers stay
+synchronized.
SSL_shutdown() only closes the write direction.
It is not possible to call SSL_write() after calling SSL_shutdown().
=head2 First to close the connection
-When the application is the first party to send the "close notify"
+When the application is the first party to send the close_notify
alert, SSL_shutdown() will only send the alert and then set the
SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
be kept in the cache).
-SSL_shutdown() will then return with 0.
+If successful, SSL_shutdown() will return 0.
+
If a unidirectional shutdown is enough (the underlying connection shall be
-closed anyway), this first call to SSL_shutdown() is sufficient.
+closed anyway), this first successful call to SSL_shutdown() is sufficient.
In order to complete the bidirectional shutdown handshake, the peer needs
-to send back a "close notify" alert.
+to send back a close_notify alert.
The SSL_RECEIVED_SHUTDOWN flag will be set after receiving and processing
it.
-SSL_shutdown() will return 1 when it has been received.
-The peer is still allowed to send data after receiving the "close notify"
+The peer is still allowed to send data after receiving the close_notify
event.
-If the peer did send data it needs to be processed by calling SSL_read()
-before calling SSL_shutdown() a second time.
+When it is done sending data, it will send the close_notify alert.
+SSL_read() should be called until all data is received.
SSL_read() will indicate the end of the peer data by returning <= 0
and SSL_get_error() returning SSL_ERROR_ZERO_RETURN.
-It is recommended to call SSL_read() between SSL_shutdown() calls.
=head2 Peer closes the connection
-If the peer already sent the
"close notify" alert B<and> it was
+If the peer already sent the
close_notify alert B<and> it was
already processed implicitly inside another function
(L<SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
SSL_read() will return <= 0 in that case, and SSL_get_error() will return
SSL_ERROR_ZERO_RETURN.
-SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
-flag and will immediately return with 1.
+SSL_shutdown() will send the close_notify alert, set the SSL_SENT_SHUTDOWN
+flag.
+If successful, SSL_shutdown() will return 1.
+
Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
SSL_get_shutdown() (see also L<SSL_set_shutdown(3)> call.
=head1 NOTES
-It is recommended to do a bidirectional shutdown by checking the return value
-of SSL_shutdown() and call it again until it returns 1 or a fatal error.
-
The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
handshake step has been finished or an error occurred.
condition. When using a buffering BIO, like a BIO pair, data must be written
into or retrieved out of the BIO before being able to continue.
+After SSL_shutdown() returned 0, it is possible to call SSL_shutdown() again
+to wait for the peer's close_notify alert.
+SSL_shutdown() will return 1 in that case.
+However, it is recommended to wait for it using SSL_read() instead.
+
SSL_shutdown() can be modified to only set the connection to "shutdown"
-state but not actually send the "close notify" alert messages,
+state but not actually send the close_notify alert messages,
see L<SSL_CTX_set_quiet_shutdown(3)>.
When "quiet shutdown" is enabled, SSL_shutdown() will always succeed
and return 1.
=item Z<>0
-The shutdown is not yet finished: the "close notify" was send but the peer
+The shutdown is not yet finished: the close_notify was sent but the peer
did not send it back yet.
-Call SSL_shutdown() again to do a bidirectional shutdown.
+Call SSL_read() to do a bidirectional shutdown.
The output of L<SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
=item Z<>1
-The shutdown was successfully completed. The "close notify" alert was sent
-and the peer's "close notify" alert was received.
+The shutdown was successfully completed. The close_notify alert was sent
+and the peer's close_notify alert was received.
=item E<lt>0
reseeding of the DRBG with fresh entropy by setting the
I<prediction resistance> parameter to 1 when calling L<RAND_DRBG_generate(3)>.
-The dcoument [NIST SP 800-90C] describes prediction resistance requests
+The document [NIST SP 800-90C] describes prediction resistance requests
in detail and imposes strict conditions on the entropy sources that are
approved for providing prediction resistance.
Since the default DRBG implementation does not have access to such an approved
Finally, we add the VMS C facility code 0x35a000, because there are some
programs, such as Perl, that will reinterpret the code back to something
- POSIXly. 'man perlvms' explains it further.
+ POSIX. 'man perlvms' explains it further.
NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
codes (status type = 1). I couldn't disagree more. Fortunately, the
# endif
/* end vxworks */
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-# define CRYPTO_memcmp memcmp
-#endif
+# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+# define CRYPTO_memcmp memcmp
+# endif
+/* unistd.h defines _POSIX_VERSION */
+# if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
+ && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
+ || defined(__sun) || defined(__hpux) || defined(__sgi) \
+ || defined(__osf__) )
+# define OPENSSL_SECURE_MEMORY /* secure memory is implemented */
+# endif
#endif
$ CC=clang ./config enable-fuzz-libfuzzer \
--with-fuzzer-include=../../svn-work/Fuzzer \
- --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
+ --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer.a \
-DPEDANTIC enable-asan enable-ubsan no-shared \
-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
-fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp \
#!/usr/bin/python
#
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + sys.argv[2:]
+ ["-artifact_prefix=" + corpora[1] + "/"] + corpora)
- print " ".join(cmd)
+ print(" ".join(cmd))
subprocess.call(cmd)
if __name__ == "__main__":
void crypto_cleanup_all_ex_data_int(void);
int openssl_init_fork_handlers(void);
+char *ossl_safe_getenv(const char *name);
+
extern CRYPTO_RWLOCK *memdbg_lock;
int openssl_strerror_r(int errnum, char *buf, size_t buflen);
# if !defined(OPENSSL_NO_STDIO)
# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed)
# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed)
# define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed)
+# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed)
# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire)
# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release)
# endif
# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED)
# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED)
# define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED)
+# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED)
# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE)
# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE)
# endif
# pragma intrinsic(_InterlockedExchangeAdd64)
# define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \
: _InterlockedExchangeAdd((ptr), 1))
+# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \
+ : _InterlockedExchangeAdd((ptr), -1))
# else
# define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1)
+# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1)
# endif
# if !defined(_ISO_VOLATILE)
# define tsan_ld_acq(ptr) (*(ptr))
# define tsan_load(ptr) (*(ptr))
# define tsan_store(ptr, val) (*(ptr) = (val))
# define tsan_counter(ptr) ((*(ptr))++)
+# define tsan_decr(ptr) ((*(ptr))--)
/*
* Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not
* sophisticated enough to support them. Code that relies on them should be
# ifdef __cplusplus
extern "C"
# endif
+
+# include <openssl/symhacks.h>
+
int ERR_load_CRYPTO_strings(void);
/*
int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
EC_KEY *EC_KEY_new_method(ENGINE *engine);
+/** The old name for ecdh_KDF_X9_63
+ * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ * it is actually specified in ANSI X9.63.
+ * This identifier is retained for backwards compatibility
+ */
int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
const unsigned char *sinfo, size_t sinfolen,
# define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13)
/* KDF types */
# define EVP_PKEY_ECDH_KDF_NONE 1
-# define EVP_PKEY_ECDH_KDF_X9_62 2
+# define EVP_PKEY_ECDH_KDF_X9_63 2
+/** The old name for EVP_PKEY_ECDH_KDF_X9_63
+ * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ * it is actually specified in ANSI X9.63.
+ * This identifier is retained for backwards compatibility
+ */
+# define EVP_PKEY_ECDH_KDF_X9_62 EVP_PKEY_ECDH_KDF_X9_63
# ifdef __cplusplus
# define V_OCSP_RESPID_KEY 1
DEFINE_STACK_OF(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
const ASN1_ITEM *it);
BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
-int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
- ASN1_VALUE *val);
int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1010100fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 11 Sep 2018"
+# define OPENSSL_VERSION_NUMBER 0x1010101fL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1a 20 Nov 2018"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
# include <time.h>
# include <openssl/ossl_typ.h>
+# include <openssl/obj_mac.h>
+/*
+ * RAND_DRBG flags
+ *
+ * Note: if new flags are added, the constant `rand_drbg_used_flags`
+ * in drbg_lib.c needs to be updated accordingly.
+ */
/* In CTR mode, disable derivation function ctr_df */
# define RAND_DRBG_FLAG_CTR_NO_DF 0x1
-/* A logical OR of all used flag bits (currently there is only one) */
-# define RAND_DRBG_USED_FLAGS ( \
- RAND_DRBG_FLAG_CTR_NO_DF \
- )
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/* This #define was replaced by an internal constant and should not be used. */
+# define RAND_DRBG_USED_FLAGS (RAND_DRBG_FLAG_CTR_NO_DF)
+# endif
/*
* Default security strength (in the sense of [NIST SP 800-90Ar1])
*
* NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
- * of the cipher by collecting less entropy. The current DRBG implemantion does
- * not take RAND_DRBG_STRENGTH into account and sets the strength of the DRBG
- * to that of the cipher.
+ * of the cipher by collecting less entropy. The current DRBG implementation
+ * does not take RAND_DRBG_STRENGTH into account and sets the strength of the
+ * DRBG to that of the cipher.
*
* RAND_DRBG_STRENGTH is currently only used for the legacy RAND
* implementation.
* NID_aes_256_ctr
*/
# define RAND_DRBG_STRENGTH 256
+/* Default drbg type */
# define RAND_DRBG_TYPE NID_aes_256_ctr
+/* Default drbg flags */
# define RAND_DRBG_FLAGS 0
# define RAND_F_RAND_POOL_ADD 103
# define RAND_F_RAND_POOL_ADD_BEGIN 113
# define RAND_F_RAND_POOL_ADD_END 114
+# define RAND_F_RAND_POOL_ATTACH 124
# define RAND_F_RAND_POOL_BYTES_NEEDED 115
# define RAND_F_RAND_POOL_NEW 116
# define RAND_F_RAND_WRITE_FILE 112
# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \
- EVP_PKEY_OP_TYPE_KEYGEN, EVP_PKEY_CTRL_MD, \
+ EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \
0, (void *)(md))
# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
unsigned char *to, RSA *rsa,
int padding));
int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+ (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
BN_CTX *ctx));
int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
# define SSL_CTRL_SET_VERIFY_CERT_STORE 106
# define SSL_CTRL_SET_CHAIN_CERT_STORE 107
# define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
-# define SSL_CTRL_GET_SERVER_TMP_KEY 109
+# define SSL_CTRL_GET_PEER_TMP_KEY 109
# define SSL_CTRL_GET_RAW_CIPHERLIST 110
# define SSL_CTRL_GET_EC_POINT_FORMATS 111
# define SSL_CTRL_GET_CHAIN_CERTS 115
# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
# define SSL_CTRL_GET_MIN_PROTO_VERSION 130
# define SSL_CTRL_GET_MAX_PROTO_VERSION 131
+# define SSL_CTRL_GET_SIGNATURE_NID 132
+# define SSL_CTRL_GET_TMP_KEY 133
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
(char *)(clist))
# define SSL_set1_client_certificate_types(s, clist, clistlen) \
SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist))
+# define SSL_get_signature_nid(s, pn) \
+ SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn)
# define SSL_get_peer_signature_nid(s, pn) \
SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
-# define SSL_get_server_tmp_key(s, pk) \
- SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
+# define SSL_get_peer_tmp_key(s, pk) \
+ SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk)
+# define SSL_get_tmp_key(s, pk) \
+ SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk)
# define SSL_get0_raw_cipherlist(s, plst) \
SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
# define SSL_get0_ec_point_formats(s, plst) \
# define SSL_get_max_proto_version(s) \
SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+/* Backwards compatibility, original 1.1.0 names */
+# define SSL_CTRL_GET_SERVER_TMP_KEY \
+ SSL_CTRL_GET_PEER_TMP_KEY
+# define SSL_get_server_tmp_key(s, pk) \
+ SSL_get_peer_tmp_key(s, pk)
+
/*
* The following symbol names are old and obsolete. They are kept
* for compatibility reasons only and should not be used anymore.
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
# undef i2d_ECPKPARAMETERS
# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS
-/*
- * These functions do not seem to exist! However, I'm paranoid... Original
- * command in x509v3.h: These functions are being redefined in another
- * directory, and clash when the linker is case-insensitive, so let's hide
- * them a little, by giving them an extra 'o' at the beginning of the name...
- */
-# undef X509v3_cleanup_extensions
-# define X509v3_cleanup_extensions oX509v3_cleanup_extensions
-# undef X509v3_add_extension
-# define X509v3_add_extension oX509v3_add_extension
-# undef X509v3_add_netscape_extensions
-# define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
-# undef X509v3_add_standard_extensions
-# define X509v3_add_standard_extensions oX509v3_add_standard_extensions
-
/* This one clashes with CMS_data_create */
# undef cms_Data_create
# define cms_Data_create priv_cms_Data_create
size_t contextlen);
int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid);
+int SSL_get_signature_type_nid(const SSL *s, int *pnid);
int SSL_get_sigalgs(SSL *s, int idx,
int *psign, int *phash, int *psignandhash,
/*
- * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client)
{
- int next, n, ret = 0, clearpkt = 0;
+ int next, n, ret = 0;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char seq[SEQ_NUM_SIZE];
const unsigned char *data;
- unsigned char *buf;
- size_t fragoff, fraglen, msglen;
+ unsigned char *buf, *wbuf;
+ size_t fragoff, fraglen, msglen, reclen, align = 0;
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
BIO *rbio, *wbio;
- BUF_MEM *bufm;
BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
}
/*
- * We only peek at incoming ClientHello's until we're sure we are going to
- * to respond with a HelloVerifyRequest. If its a ClientHello with a valid
- * cookie then we leave it in the BIO for accept to handle.
- */
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
-
- /*
* Note: This check deliberately excludes DTLS1_BAD_VER because that version
* requires the MAC to be calculated *including* the first ClientHello
* (without the cookie). Since DTLSv1_listen is stateless that cannot be
return -1;
}
- if (s->init_buf == NULL) {
- if ((bufm = BUF_MEM_new()) == NULL) {
- SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
- return -1;
- }
-
- if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
- BUF_MEM_free(bufm);
- SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- s->init_buf = bufm;
+ if (!ssl3_setup_buffers(s)) {
+ /* SSLerr already called */
+ return -1;
}
- buf = (unsigned char *)s->init_buf->data;
+ buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+ wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
+#if defined(SSL3_ALIGN_PAYLOAD)
+# if SSL3_ALIGN_PAYLOAD != 0
+ /*
+ * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for
+ * consistency with ssl3_read_n. In practice it should make no difference
+ * for sensible values of SSL3_ALIGN_PAYLOAD because the difference between
+ * SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8
+ */
+ align = (size_t)buf + SSL3_RT_HEADER_LENGTH;
+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+# endif
+#endif
+ buf += align;
do {
/* Get a packet */
clear_sys_error();
- /*
- * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
- * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
- * the record header as well, but we do here. We've set up init_buf to
- * be the standard size for simplicity. In practice we shouldn't ever
- * receive a ClientHello as long as this. If we do it will get dropped
- * in the record length check below.
- */
- n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
-
+ n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH
+ + DTLS1_RT_HEADER_LENGTH);
if (n <= 0) {
if (BIO_should_retry(rbio)) {
/* Non-blocking IO */
return -1;
}
- /* If we hit any problems we need to clear this packet from the BIO */
- clearpkt = 1;
-
if (!PACKET_buf_init(&pkt, buf, n)) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
return -1;
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
goto end;
}
+ reclen = PACKET_remaining(&msgpkt);
/*
* We allow data remaining at the end of the packet because there could
* be a second record (but we ignore it)
* to resend, we just drop it.
*/
- /*
- * Dump the read packet, we don't need it any more. Ignore return
- * value
- */
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
- BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
-
/* Generate the cookie */
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
: s->version;
/* Construct the record and message headers */
- if (!WPACKET_init(&wpkt, s->init_buf)
+ if (!WPACKET_init_static_len(&wpkt,
+ wbuf,
+ ssl_get_max_send_fragment(s)
+ + DTLS1_RT_HEADER_LENGTH,
+ 0)
|| !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
|| !WPACKET_put_bytes_u16(&wpkt, version)
/*
* plus one byte for the message content type. The source is the
* last 3 bytes of the message header
*/
- memcpy(&buf[DTLS1_RT_HEADER_LENGTH + 1],
- &buf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
+ memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1],
+ &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
3);
if (s->msg_callback)
tmpclient = NULL;
/* TODO(size_t): convert this call */
- if (BIO_write(wbio, buf, wreclen) < (int)wreclen) {
+ if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
if (BIO_should_retry(wbio)) {
/*
* Non-blocking IO...but we're stateless, so we're just
if (BIO_dgram_get_peer(rbio, client) <= 0)
BIO_ADDR_clear(client);
+ /* Buffer the record in the processed_rcds queue */
+ if (!dtls_buffer_listen_record(s, reclen, seq, align))
+ return -1;
+
ret = 1;
- clearpkt = 0;
end:
BIO_ADDR_free(tmpclient);
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
- if (clearpkt) {
- /* Dump this packet. Ignore return value */
- BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
- }
return ret;
}
#endif
return -1;
}
- /* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD,
- ERR_R_INTERNAL_ERROR);
+ /* Must be a duplicate so ignore it */
OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
- return -1;
}
return 1;
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
((rl)->d->processed_rcds)
#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
((rl)->d->unprocessed_rcds)
+#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
+#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
void RECORD_LAYER_clear(RECORD_LAYER *rl);
int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
size_t len, int create_empty_fragment, size_t *written);
void dtls1_reset_seq_numbers(SSL *s, int rw);
+int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq,
+ size_t off);
/* Functions/macros provided by the RECORD_LAYER component */
-#define RECORD_LAYER_get_rbuf(rl) (&(rl)->rbuf)
-#define RECORD_LAYER_get_wbuf(rl) ((rl)->wbuf)
#define RECORD_LAYER_get_rrec(rl) ((rl)->rrec)
#define RECORD_LAYER_set_packet(rl, p) ((rl)->packet = (p))
#define RECORD_LAYER_reset_packet_length(rl) ((rl)->packet_length = 0)
return 1;
}
+
+int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off)
+{
+ SSL3_RECORD *rr;
+
+ rr = RECORD_LAYER_get_rrec(&s->rlayer);
+ memset(rr, 0, sizeof(SSL3_RECORD));
+
+ rr->length = len;
+ rr->type = SSL3_RT_HANDSHAKE;
+ memcpy(rr->seq_num, seq, sizeof(rr->seq_num));
+ rr->off = off;
+
+ s->rlayer.packet = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+ s->rlayer.packet_length = DTLS1_RT_HEADER_LENGTH + len;
+ rr->data = s->rlayer.packet + DTLS1_RT_HEADER_LENGTH;
+
+ if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
+ SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <= 0) {
+ /* SSLfatal() already called */
+ return 0;
+ }
+
+ return 1;
+}
/*
- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* of hash termination (0x80 + 64-bit length) don't fit in the final
* block, we say that the final two blocks can vary based on the padding.
* TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
- * required to be minimal. Therefore we say that the final six blocks can
+ * required to be minimal. Therefore we say that the final |variance_blocks|
+ * blocks can
* vary based on the padding. Later in the function, if the message is
* short and there obviously cannot be this many blocks then
* variance_blocks can be reduced.
*/
- variance_blocks = is_sslv3 ? 2 : 6;
+ variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1);
/*
* From now on we're dealing with the MAC, which conceptually has 13
* bytes of `header' before the start of the data (TLS) or 71/75 bytes
if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
- return 0;
+ ret = 0;
+ goto err;
}
ret = EVP_MD_CTX_size(ctx);
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
- EVP_MD_CTX_reset(ctx);
- return 0;
+ ret = 0;
+ goto err;
}
if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
ret = 0;
}
+ err:
EVP_MD_CTX_free(ctx);
return ret;
*(int *)parg = s->s3->tmp.peer_sigalg->hash;
return 1;
- case SSL_CTRL_GET_SERVER_TMP_KEY:
+ case SSL_CTRL_GET_SIGNATURE_NID:
+ if (s->s3->tmp.sigalg == NULL)
+ return 0;
+ *(int *)parg = s->s3->tmp.sigalg->hash;
+ return 1;
+
+ case SSL_CTRL_GET_PEER_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
- if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
+ if (s->session == NULL || s->s3->peer_tmp == NULL) {
return 0;
} else {
EVP_PKEY_up_ref(s->s3->peer_tmp);
#else
return 0;
#endif
+
+ case SSL_CTRL_GET_TMP_KEY:
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+ if (s->session == NULL || s->s3->tmp.pkey == NULL) {
+ return 0;
+ } else {
+ EVP_PKEY_up_ref(s->s3->tmp.pkey);
+ *(EVP_PKEY **)parg = s->s3->tmp.pkey;
+ return 1;
+ }
+#else
+ return 0;
+#endif
+
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
{
- SSL_CTX_set0_CA_list(ctx, name_list);
+ set0_CA_list(&ctx->client_ca_names, name_list);
}
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
{
- return ctx->ca_names;
+ return ctx->client_ca_names;
}
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
{
- SSL_set0_CA_list(s, name_list);
+ set0_CA_list(&s->client_ca_names, name_list);
}
const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
{
if (!s->server)
return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL;
- return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;
+ return s->client_ca_names != NULL ? s->client_ca_names
+ : s->ctx->client_ca_names;
}
static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
*/
int SSL_add_client_CA(SSL *ssl, X509 *x)
{
- return add_ca_name(&ssl->ca_names, x);
+ return add_ca_name(&ssl->client_ca_names, x);
}
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
{
- return add_ca_name(&ctx->ca_names, x);
+ return add_ca_name(&ctx->client_ca_names, x);
}
static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
if (level >= 2 && c->algorithm_enc == SSL_RC4)
return 0;
/* Level 3: forward secure ciphersuites only */
- if (level >= 3 && (c->min_tls != TLS1_3_VERSION ||
- !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))))
+ if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
+ !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
return 0;
break;
}
return 1;
}
-int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
+static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
{
STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();
ctx->method = meth;
+ if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
+ SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+ return 0;
+ }
sk = ssl_create_cipher_list(ctx->method,
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
EVP_MD_CTX_free(s->pha_dgst);
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
sk_X509_pop_free(s->verified_chain, X509_free);
if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
goto err;
+ if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
+ goto err;
+
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
goto err;
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
sk_X509_pop_free(a->extra_certs, X509_free);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
return ssl_protocol_to_string(s->version);
}
-SSL *SSL_dup(SSL *s)
+static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
{
STACK_OF(X509_NAME) *sk;
X509_NAME *xn;
+ int i;
+
+ if (src == NULL) {
+ *dst = NULL;
+ return 1;
+ }
+
+ if ((sk = sk_X509_NAME_new_null()) == NULL)
+ return 0;
+ for (i = 0; i < sk_X509_NAME_num(src); i++) {
+ xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
+ if (xn == NULL) {
+ sk_X509_NAME_pop_free(sk, X509_NAME_free);
+ return 0;
+ }
+ if (sk_X509_NAME_insert(sk, xn, i) == 0) {
+ X509_NAME_free(xn);
+ sk_X509_NAME_pop_free(sk, X509_NAME_free);
+ return 0;
+ }
+ }
+ *dst = sk;
+
+ return 1;
+}
+
+SSL *SSL_dup(SSL *s)
+{
SSL *ret;
int i;
goto err;
/* Dup the client_CA list */
- if (s->ca_names != NULL) {
- if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)
- goto err;
- ret->ca_names = sk;
- for (i = 0; i < sk_X509_NAME_num(sk); i++) {
- xn = sk_X509_NAME_value(sk, i);
- if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
- X509_NAME_free(xn);
- goto err;
- }
- }
- }
+ if (!dup_ca_names(&ret->ca_names, s->ca_names)
+ || !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
+ goto err;
+
return ret;
err:
size_t i;
size_t prefix_len;
- if (ssl->ctx->keylog_callback == NULL) return 1;
+ if (ssl->ctx->keylog_callback == NULL)
+ return 1;
/*
* Our output buffer will contain the following strings, rendered with
* hexadecimal, so we need a buffer that is twice their lengths.
*/
prefix_len = strlen(prefix);
- out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
+ out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
ERR_R_MALLOC_FAILURE);
*cursor = '\0';
ssl->ctx->keylog_callback(ssl, (const char *)out);
- OPENSSL_free(out);
+ OPENSSL_clear_free(out, out_len);
return 1;
}
long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
};
-# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64
+/*
+ * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
+ * consistency, even in the event of OPENSSL_NO_PSK being defined.
+ */
+# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256
/*-
* Lets make this into an ASN.1 type structure as follows
/*
* What we put in certificate_authorities extension for TLS 1.3
* (ClientHello and CertificateRequest) or just client cert requests for
- * earlier versions.
+ * earlier versions. If client_ca_names is populated then it is only used
+ * for client cert requests, and in preference to ca_names.
*/
STACK_OF(X509_NAME) *ca_names;
+ STACK_OF(X509_NAME) *client_ca_names;
/*
* Default values to use in SSL structures follow (these are copied by
long verify_result;
/* extra application data */
CRYPTO_EX_DATA ex_data;
- /* for server side, keep the list of CA_dn we can use */
+ /*
+ * What we put in certificate_authorities extension for TLS 1.3
+ * (ClientHello and CertificateRequest) or just client cert requests for
+ * earlier versions. If client_ca_names is populated then it is only used
+ * for client cert requests, and in preference to ca_names.
+ */
STACK_OF(X509_NAME) *ca_names;
+ STACK_OF(X509_NAME) *client_ca_names;
CRYPTO_REF_COUNT references;
/* protocol behaviour */
uint32_t options;
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
-__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+# ifndef OPENSSL_NO_EC
+__owur int tls_check_sigalg_curve(const SSL *s, int curve);
+# endif
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
__owur int ssl_set_client_disabled(SSL *s);
__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
*/
if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) {
tsan_counter(&s->ctx->stats.sess_accept);
- tsan_counter(&s->session_ctx->stats.sess_accept);
+ tsan_decr(&s->session_ctx->stats.sess_accept);
}
/*
X509 *x,
size_t chainidx)
{
- const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s);
+ const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s);
if (ca_sk == NULL || sk_X509_NAME_num(ca_sk) == 0)
return EXT_RETURN_NOT_SENT;
return EXT_RETURN_FAIL;
}
- if (!construct_ca_names(s, pkt)) {
+ if (!construct_ca_names(s, ca_sk, pkt)) {
/* SSLfatal() already called */
return EXT_RETURN_FAIL;
}
*/
if (s->hello_retry_request == SSL_HRR_PENDING) {
size_t hdatalen;
+ long hdatalen_l;
void *hdata;
- hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
- if (hdatalen <= 0) {
+ hdatalen = hdatalen_l =
+ BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+ if (hdatalen_l <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
SSL_R_BAD_HANDSHAKE_LENGTH);
goto err;
#ifndef OPENSSL_NO_EC
static int use_ecc(SSL *s)
{
- int i, end;
+ int i, end, ret = 0;
unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
if (s->version == SSL3_VERSION)
return 0;
- cipher_stack = SSL_get_ciphers(s);
+ cipher_stack = SSL_get1_supported_ciphers(s);
end = sk_SSL_CIPHER_num(cipher_stack);
for (i = 0; i < end; i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
alg_a = c->algorithm_auth;
if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
|| (alg_a & SSL_aECDSA)
- || c->min_tls >= TLS1_3_VERSION)
- return 1;
+ || c->min_tls >= TLS1_3_VERSION) {
+ ret = 1;
+ break;
+ }
}
- return 0;
+ sk_SSL_CIPHER_free(cipher_stack);
+ return ret;
}
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
int line)
{
+ ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
/* We shouldn't call SSLfatal() twice. Once is enough */
- assert(s->statem.state != MSG_FLOW_ERROR);
+ if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
+ return;
s->statem.in_init = 1;
s->statem.state = MSG_FLOW_ERROR;
- ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
if (al != SSL_AD_NO_ALERT
&& s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
ssl3_send_alert(s, SSL3_AL_FATAL, al);
ERR_R_INTERNAL_ERROR);
return WORK_ERROR;
+ case TLS_ST_CR_CERT_VRFY:
case TLS_ST_CR_CERT_REQ:
return tls_prepare_client_certificate(s, wst);
}
/* we should setup a certificate to return.... */
s->s3->tmp.cert_req = 1;
+ /*
+ * In TLSv1.3 we don't prepare the client certificate yet. We wait until
+ * after the CertificateVerify message has been received. This is because
+ * in TLSv1.3 the CertificateRequest arrives before the Certificate message
+ * but in TLSv1.2 it is the other way around. We want to make sure that
+ * SSL_get_peer_certificate() returns something sensible in
+ * client_cert_cb.
+ */
+ if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED)
+ return MSG_PROCESS_CONTINUE_READING;
+
return MSG_PROCESS_CONTINUE_PROCESSING;
}
*hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen;
} else {
size_t retlen;
+ long retlen_l;
- retlen = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
- if (retlen <= 0) {
+ retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
+ if (retlen_l <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA,
ERR_R_INTERNAL_ERROR);
return 0;
}
}
- ret = MSG_PROCESS_CONTINUE_READING;
+ /*
+ * In TLSv1.3 on the client side we make sure we prepare the client
+ * certificate after the CertVerify instead of when we get the
+ * CertificateRequest. This is because in TLSv1.3 the CertificateRequest
+ * comes *before* the Certificate message. In TLSv1.2 it comes after. We
+ * want to make sure that SSL_get_peer_certificate() will return the actual
+ * server certificate from the client_cert_cb callback.
+ */
+ if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1)
+ ret = MSG_PROCESS_CONTINUE_PROCESSING;
+ else
+ ret = MSG_PROCESS_CONTINUE_READING;
err:
BIO_free(s->s3->handshake_buffer);
s->s3->handshake_buffer = NULL;
static int is_tls13_capable(const SSL *s)
{
int i;
+#ifndef OPENSSL_NO_EC
+ int curve;
+ EC_KEY *eckey;
+#endif
#ifndef OPENSSL_NO_PSK
if (s->psk_server_callback != NULL)
default:
break;
}
- if (ssl_has_cert(s, i))
+ if (!ssl_has_cert(s, i))
+ continue;
+#ifndef OPENSSL_NO_EC
+ if (i != SSL_PKEY_ECC)
+ return 1;
+ /*
+ * Prior to TLSv1.3 sig algs allowed any curve to be used. TLSv1.3 is
+ * more restrictive so check that our sig algs are consistent with this
+ * EC cert. See section 4.2.3 of RFC8446.
+ */
+ eckey = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
+ if (eckey == NULL)
+ continue;
+ curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+ if (tls_check_sigalg_curve(s, curve))
return 1;
+#else
+ return 1;
+#endif
}
return 0;
return 0;
}
-int construct_ca_names(SSL *s, WPACKET *pkt)
+const STACK_OF(X509_NAME) *get_ca_names(SSL *s)
{
- const STACK_OF(X509_NAME) *ca_sk = SSL_get0_CA_list(s);
+ const STACK_OF(X509_NAME) *ca_sk = NULL;;
+
+ if (s->server) {
+ ca_sk = SSL_get_client_CA_list(s);
+ if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0)
+ ca_sk = NULL;
+ }
+
+ if (ca_sk == NULL)
+ ca_sk = SSL_get0_CA_list(s);
+ return ca_sk;
+}
+
+int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt)
+{
/* Start sub-packet for client CA list */
if (!WPACKET_start_sub_packet_u16(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
size_t hashlen, const unsigned char *hrr,
size_t hrrlen);
int parse_ca_names(SSL *s, PACKET *pkt);
-int construct_ca_names(SSL *s, WPACKET *pkt);
+const STACK_OF(X509_NAME) *get_ca_names(SSL *s);
+int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt);
size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
const void *param, size_t paramlen);
* So check cookie length...
*/
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
- if (clienthello->dtls_cookie_len == 0)
+ if (clienthello->dtls_cookie_len == 0) {
+ OPENSSL_free(clienthello);
return MSG_PROCESS_FINISHED_READING;
+ }
}
}
#else
s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
#endif
- if (!tls1_set_server_sigalgs(s)) {
- /* SSLfatal() already called */
- goto err;
- }
}
sk_SSL_CIPHER_free(ciphers);
if (wst == WORK_MORE_B) {
if (!s->hit || SSL_IS_TLS13(s)) {
/* Let cert callback update server certificates if required */
- if (!s->hit && s->cert->cert_cb != NULL) {
- int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
- if (rv == 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR,
- SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
- SSL_R_CERT_CB_ERROR);
- goto err;
+ if (!s->hit) {
+ if (s->cert->cert_cb != NULL) {
+ int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+ if (rv == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+ SSL_R_CERT_CB_ERROR);
+ goto err;
+ }
+ if (rv < 0) {
+ s->rwstate = SSL_X509_LOOKUP;
+ return WORK_MORE_B;
+ }
+ s->rwstate = SSL_NOTHING;
}
- if (rv < 0) {
- s->rwstate = SSL_X509_LOOKUP;
- return WORK_MORE_B;
+ if (!tls1_set_server_sigalgs(s)) {
+ /* SSLfatal already called */
+ goto err;
}
- s->rwstate = SSL_NOTHING;
}
/* In TLSv1.3 we selected the ciphersuite before resumption */
}
}
- if (!construct_ca_names(s, pkt)) {
+ if (!construct_ca_names(s, get_ca_names(s), pkt)) {
/* SSLfatal() already called */
return 0;
}
SSL_R_LENGTH_MISMATCH);
goto err;
}
+ if (skey == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+ SSL_R_MISSING_TMP_ECDH_KEY);
+ goto err;
+ }
+
ckey = EVP_PKEY_new();
if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
*/
unsigned long dup_list = 0;
+ if (ngroups == 0) {
+ SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH);
+ return 0;
+ }
if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
return 0;
}
}
+#ifndef OPENSSL_NO_EC
+/*
+ * Called by servers only. Checks that we have a sig alg that supports the
+ * specified EC curve.
+ */
+int tls_check_sigalg_curve(const SSL *s, int curve)
+{
+ const uint16_t *sigs;
+ size_t siglen, i;
+
+ if (s->cert->conf_sigalgs) {
+ sigs = s->cert->conf_sigalgs;
+ siglen = s->cert->conf_sigalgslen;
+ } else {
+ sigs = tls12_sigalgs;
+ siglen = OSSL_NELEM(tls12_sigalgs);
+ }
+
+ for (i = 0; i < siglen; i++) {
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]);
+
+ if (lu == NULL)
+ continue;
+ if (lu->sig == EVP_PKEY_EC
+ && lu->curve != NID_undef
+ && curve == lu->curve)
+ return 1;
+ }
+
+ return 0;
+}
+#endif
+
/*
* Check signature algorithm is consistent with sent supported signature
* algorithms and if so set relevant digest and signature scheme in
return 1;
}
+int SSL_get_signature_type_nid(const SSL *s, int *pnid)
+{
+ if (s->s3->tmp.sigalg == NULL)
+ return 0;
+ *pnid = s->s3->tmp.sigalg->sig;
+ return 1;
+}
+
/*
* Set a mask of disabled algorithms: an algorithm is disabled if it isn't
* supported, doesn't appear in supported signature algorithms, isn't supported
#include <openssl/evp.h>
#include <openssl/kdf.h>
-#define TLS13_MAX_LABEL_LEN 246
+/*
+ * RFC 8446, 7.1 Key Schedule, says:
+ * Note: With common hash functions, any label longer than 12 characters
+ * requires an additional iteration of the hash function to compute.
+ * The labels in this specification have all been chosen to fit within
+ * this limit.
+ */
+#define TLS13_MAX_LABEL_LEN 12
/* Always filled with zeros */
static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
const unsigned char *data, size_t datalen,
unsigned char *out, size_t outlen)
{
- const unsigned char label_prefix[] = "tls13 ";
+ static const unsigned char label_prefix[] = "tls13 ";
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
int ret;
size_t hkdflabellen;
size_t hashlen;
/*
- * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
- * prefix and label + bytes for the label itself + bytes for the hash
+ * 2 bytes for length of derived secret + 1 byte for length of combined
+ * prefix and label + bytes for the label itself + 1 byte length of hash
+ * + bytes for the hash itself
*/
unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
+ sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
int ok = 0;
BIO *bio;
int i;
- char *test1 = "test";
- char *test2 = "hello";
+ char test1[] = "test";
+ const int test1len = sizeof(test1) - 1;
+ char test2[] = "hello";
+ const int test2len = sizeof(test2) - 1;
+ char buf[16];
my_param_count = 0;
goto err;
BIO_set_callback(bio, my_bio_callback);
- i = BIO_write(bio, test1, 4);
- if (!TEST_int_eq(i, 4)
+ i = BIO_write(bio, test1, test1len);
+ if (!TEST_int_eq(i, test1len)
|| !TEST_int_eq(my_param_count, 2)
|| !TEST_ptr_eq(my_param_b[0], bio)
|| !TEST_int_eq(my_param_oper[0], BIO_CB_WRITE)
|| !TEST_ptr_eq(my_param_argp[0], test1)
- || !TEST_int_eq(my_param_argi[0], 4)
+ || !TEST_int_eq(my_param_argi[0], test1len)
|| !TEST_long_eq(my_param_argl[0], 0L)
|| !TEST_long_eq(my_param_ret[0], 1L)
|| !TEST_ptr_eq(my_param_b[1], bio)
|| !TEST_int_eq(my_param_oper[1], BIO_CB_WRITE | BIO_CB_RETURN)
|| !TEST_ptr_eq(my_param_argp[1], test1)
- || !TEST_int_eq(my_param_argi[1], 4)
+ || !TEST_int_eq(my_param_argi[1], test1len)
|| !TEST_long_eq(my_param_argl[1], 0L)
- || !TEST_long_eq(my_param_ret[1], 4L))
+ || !TEST_long_eq(my_param_ret[1], (long)test1len))
goto err;
+ my_param_count = 0;
+ i = BIO_read(bio, buf, sizeof(buf));
+ if (!TEST_mem_eq(buf, i, test1, test1len)
+ || !TEST_int_eq(my_param_count, 2)
+ || !TEST_ptr_eq(my_param_b[0], bio)
+ || !TEST_int_eq(my_param_oper[0], BIO_CB_READ)
+ || !TEST_ptr_eq(my_param_argp[0], buf)
+ || !TEST_int_eq(my_param_argi[0], sizeof(buf))
+ || !TEST_long_eq(my_param_argl[0], 0L)
+ || !TEST_long_eq(my_param_ret[0], 1L)
+ || !TEST_ptr_eq(my_param_b[1], bio)
+ || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN)
+ || !TEST_ptr_eq(my_param_argp[1], buf)
+ || !TEST_int_eq(my_param_argi[1], sizeof(buf))
+ || !TEST_long_eq(my_param_argl[1], 0L)
+ || !TEST_long_eq(my_param_ret[1], (long)test1len))
+ goto err;
+
+ /* By default a mem bio returns -1 if it has run out of data */
+ my_param_count = 0;
+ i = BIO_read(bio, buf, sizeof(buf));
+ if (!TEST_int_eq(i, -1)
+ || !TEST_int_eq(my_param_count, 2)
+ || !TEST_ptr_eq(my_param_b[0], bio)
+ || !TEST_int_eq(my_param_oper[0], BIO_CB_READ)
+ || !TEST_ptr_eq(my_param_argp[0], buf)
+ || !TEST_int_eq(my_param_argi[0], sizeof(buf))
+ || !TEST_long_eq(my_param_argl[0], 0L)
+ || !TEST_long_eq(my_param_ret[0], 1L)
+ || !TEST_ptr_eq(my_param_b[1], bio)
+ || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN)
+ || !TEST_ptr_eq(my_param_argp[1], buf)
+ || !TEST_int_eq(my_param_argi[1], sizeof(buf))
+ || !TEST_long_eq(my_param_argl[1], 0L)
+ || !TEST_long_eq(my_param_ret[1], -1L))
+ goto err;
+
+ /* Force the mem bio to return 0 if it has run out of data */
+ BIO_set_mem_eof_return(bio, 0);
+ my_param_count = 0;
+ i = BIO_read(bio, buf, sizeof(buf));
+ if (!TEST_int_eq(i, 0)
+ || !TEST_int_eq(my_param_count, 2)
+ || !TEST_ptr_eq(my_param_b[0], bio)
+ || !TEST_int_eq(my_param_oper[0], BIO_CB_READ)
+ || !TEST_ptr_eq(my_param_argp[0], buf)
+ || !TEST_int_eq(my_param_argi[0], sizeof(buf))
+ || !TEST_long_eq(my_param_argl[0], 0L)
+ || !TEST_long_eq(my_param_ret[0], 1L)
+ || !TEST_ptr_eq(my_param_b[1], bio)
+ || !TEST_int_eq(my_param_oper[1], BIO_CB_READ | BIO_CB_RETURN)
+ || !TEST_ptr_eq(my_param_argp[1], buf)
+ || !TEST_int_eq(my_param_argi[1], sizeof(buf))
+ || !TEST_long_eq(my_param_argl[1], 0L)
+ || !TEST_long_eq(my_param_ret[1], 0L))
+ goto err;
+
+ my_param_count = 0;
i = BIO_puts(bio, test2);
if (!TEST_int_eq(i, 5)
- || !TEST_int_eq(my_param_count, 4)
- || !TEST_ptr_eq(my_param_b[2], bio)
- || !TEST_int_eq(my_param_oper[2], BIO_CB_PUTS)
- || !TEST_ptr_eq(my_param_argp[2], test2)
- || !TEST_int_eq(my_param_argi[2], 0)
- || !TEST_long_eq(my_param_argl[2], 0L)
- || !TEST_long_eq(my_param_ret[2], 1L)
- || !TEST_ptr_eq(my_param_b[3], bio)
- || !TEST_int_eq(my_param_oper[3], BIO_CB_PUTS | BIO_CB_RETURN)
- || !TEST_ptr_eq(my_param_argp[3], test2)
- || !TEST_int_eq(my_param_argi[3], 0)
- || !TEST_long_eq(my_param_argl[3], 0L)
- || !TEST_long_eq(my_param_ret[3], 5L))
+ || !TEST_int_eq(my_param_count, 2)
+ || !TEST_ptr_eq(my_param_b[0], bio)
+ || !TEST_int_eq(my_param_oper[0], BIO_CB_PUTS)
+ || !TEST_ptr_eq(my_param_argp[0], test2)
+ || !TEST_int_eq(my_param_argi[0], 0)
+ || !TEST_long_eq(my_param_argl[0], 0L)
+ || !TEST_long_eq(my_param_ret[0], 1L)
+ || !TEST_ptr_eq(my_param_b[1], bio)
+ || !TEST_int_eq(my_param_oper[1], BIO_CB_PUTS | BIO_CB_RETURN)
+ || !TEST_ptr_eq(my_param_argp[1], test2)
+ || !TEST_int_eq(my_param_argi[1], 0)
+ || !TEST_long_eq(my_param_argl[1], 0L)
+ || !TEST_long_eq(my_param_ret[1], (long)test2len))
goto err;
+ my_param_count = 0;
i = BIO_free(bio);
-
if (!TEST_int_eq(i, 1)
- || !TEST_int_eq(my_param_count, 5)
- || !TEST_ptr_eq(my_param_b[4], bio)
- || !TEST_int_eq(my_param_oper[4], BIO_CB_FREE)
- || !TEST_ptr_eq(my_param_argp[4], NULL)
- || !TEST_int_eq(my_param_argi[4], 0)
- || !TEST_long_eq(my_param_argl[4], 0L)
- || !TEST_long_eq(my_param_ret[4], 1L))
+ || !TEST_int_eq(my_param_count, 1)
+ || !TEST_ptr_eq(my_param_b[0], bio)
+ || !TEST_int_eq(my_param_oper[0], BIO_CB_FREE)
+ || !TEST_ptr_eq(my_param_argp[0], NULL)
+ || !TEST_int_eq(my_param_argi[0], 0)
+ || !TEST_long_eq(my_param_argl[0], 0L)
+ || !TEST_long_eq(my_param_ret[0], 1L))
goto finish;
ok = 1;
PROGRAMS_NO_INST=\
versions \
aborttest test_test \
- sanitytest exdatatest bntest \
+ sanitytest rsa_complex exdatatest bntest \
ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \
md2test \
hmactest \
INCLUDE[sanitytest]=../include
DEPEND[sanitytest]=../libcrypto libtestutil.a
+ SOURCE[rsa_complex]=rsa_complex.c
+ INCLUDE[rsa_complex]=../include
+
SOURCE[test_test]=test_test.c
INCLUDE[test_test]=../include
DEPEND[test_test]=../libcrypto libtestutil.a
SOURCE[drbgtest]=drbgtest.c
INCLUDE[drbgtest]=../include
- DEPEND[drbgtest]=../libcrypto libtestutil.a
+ DEPEND[drbgtest]=../libcrypto.a libtestutil.a
SOURCE[drbg_cavs_test]=drbg_cavs_test.c drbg_cavs_data.c
INCLUDE[drbg_cavs_test]=../include . ..
# available through the shared library (at least on Linux, Solaris, Windows
# and VMS, where the exported symbols are those listed in util/*.num), these
# programs are forcibly linked with the static libraries, where all symbols
- # are always available. This excludes linking these programs natively on
- # Windows when building shared libraries, since the static libraries share
- # names with the DLL import libraries.
- IF[{- $disabled{shared} || $target{build_scheme}->[1] ne 'windows' -}]
+ # are always available.
+ IF[1]
PROGRAMS_NO_INST=asn1_internal_test modes_internal_test x509_internal_test \
tls13encryptiontest wpackettest ctype_internal_test \
rdrand_sanitytest
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICgzCCAWugAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE4MTAyNDEzNDUwOFoYDzIxMTgxMDI1MTM0NTA4WjAsMSowKAYDVQQD
+DCFTZXJ2ZXIgRUNEU0EgYnJhaW5wb29sUDI1NnIxIGNlcnQwWjAUBgcqhkjOPQIB
+BgkrJAMDAggBAQcDQgAETYDLIgpvvoxSBJxB5apcNrTZ0vYpVyG18hDEOplqkyln
+W7kekN9a83WtIwPRoSwhczgFg/MhvLZ/BHQJW2SU3qOBkTCBjjAdBgNVHQ4EFgQU
+it8K0UIpDYE264JfNmQ/44H1WMUwHwYDVR0jBBgwFoAUcH8uroNoWZgEIyrN6z4X
+zSTdAUkwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAsBgNVHREEJTAj
+giFTZXJ2ZXIgRUNEU0EgYnJhaW5wb29sUDI1NnIxIGNlcnQwDQYJKoZIhvcNAQEL
+BQADggEBAKCEUMQlB+M6crHe2zfGmQJnsEGzY4fJUFYdFfOM359dXR8Xs+JHF2XP
+0BHJ64BHLzy+3eoa9w/B+/i6OVJo3VhCoCChcP+gnGzQVQy5Maxq55DlsVdpellS
+Tml/BnLcqcZFAP63qEpcuZuC4CytZcHYCU+NLI/3JGzH1/xHxk4UgRTa2B7OhjXt
+Ptl3vLaSqJXEmVeCP0hibhhiszs0zR14fJqmVn0V5MKC7twmG8CBlW03ksLjzzvn
+m7WAy7q5WcFcAcrFR3zAPqcx4UQSS9FiwJ+OOZGqIasMk9i9zxqh0ic5M5ls7Qaf
+roudyLLkkvDFkcb88RwYGKrdVFGDgF0=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIGIAgEAMBQGByqGSM49AgEGCSskAwMCCAEBBwRtMGsCAQEEIKZSRhbD6lGhKbIm
+5JVgxnN8MHGB0whroUsSf0zmsAz+oUQDQgAETYDLIgpvvoxSBJxB5apcNrTZ0vYp
+VyG18hDEOplqkylnW7kekN9a83WtIwPRoSwhczgFg/MhvLZ/BHQJW2SU3g==
+-----END PRIVATE KEY-----
# SHA256
./mkcert.sh genee PSS-SHA256 ee-key ee-pss-sha256-cert ca-key ca-cert \
-sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest
+
+OPENSSL_KEYALG=ec OPENSSL_KEYBITS=brainpoolP256r1 ./mkcert.sh genee \
+ "Server ECDSA brainpoolP256r1 cert" server-ecdsa-brainpoolP256r1-key \
+ server-ecdsa-brainpoolP256r1-cert rootkey rootcert
{
int success = 0;
CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new();
- const time_t default_time = CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) /
- 1000;
+ const time_t default_time =
+ (time_t)(CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / 1000);
const time_t time_tolerance = 600; /* 10 minutes */
if (!TEST_time_t_le(abs((int)difftime(time(NULL), default_time)),
RAND_DRBG *drbg = NULL;
TEST_CTX t;
unsigned char buff[1024];
- unsigned int generate_counter_tmp;
+ unsigned int reseed_counter_tmp;
int ret = 0;
if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
* Entropy source tests
*/
- /* Test entropy source failure detecion: i.e. returns no data */
+ /* Test entropy source failure detection: i.e. returns no data */
t.entropylen = 0;
if (TEST_int_le(RAND_DRBG_instantiate(drbg, td->pers, td->perslen), 0))
goto err;
/* Instantiate again with valid data */
if (!instantiate(drbg, td, &t))
goto err;
- generate_counter_tmp = drbg->generate_counter;
- drbg->generate_counter = drbg->reseed_interval;
+ reseed_counter_tmp = drbg->reseed_gen_counter;
+ drbg->reseed_gen_counter = drbg->reseed_interval;
/* Generate output and check entropy has been requested for reseed */
t.entropycnt = 0;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, td->adinlen))
|| !TEST_int_eq(t.entropycnt, 1)
- || !TEST_int_eq(drbg->generate_counter, generate_counter_tmp + 1)
+ || !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1)
|| !uninstantiate(drbg))
goto err;
/* Test reseed counter works */
if (!instantiate(drbg, td, &t))
goto err;
- generate_counter_tmp = drbg->generate_counter;
- drbg->generate_counter = drbg->reseed_interval;
+ reseed_counter_tmp = drbg->reseed_gen_counter;
+ drbg->reseed_gen_counter = drbg->reseed_interval;
/* Generate output and check entropy has been requested for reseed */
t.entropycnt = 0;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, td->adinlen))
|| !TEST_int_eq(t.entropycnt, 1)
- || !TEST_int_eq(drbg->generate_counter, generate_counter_tmp + 1)
+ || !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1)
|| !uninstantiate(drbg))
goto err;
* 1: it is expected that the specified DRBG is reseeded
* 0: it is expected that the specified DRBG is not reseeded
* -1: don't check whether the specified DRBG was reseeded or not
+ * |reseed_time|: if nonzero, used instead of time(NULL) to set the
+ * |before_reseed| time.
*/
static int test_drbg_reseed(int expect_success,
RAND_DRBG *master,
RAND_DRBG *private,
int expect_master_reseed,
int expect_public_reseed,
- int expect_private_reseed
+ int expect_private_reseed,
+ time_t reseed_time
)
{
unsigned char buf[32];
*/
/* Test whether seed propagation is enabled */
- if (!TEST_int_ne(master->reseed_counter, 0)
- || !TEST_int_ne(public->reseed_counter, 0)
- || !TEST_int_ne(private->reseed_counter, 0))
+ if (!TEST_int_ne(master->reseed_prop_counter, 0)
+ || !TEST_int_ne(public->reseed_prop_counter, 0)
+ || !TEST_int_ne(private->reseed_prop_counter, 0))
return 0;
/* Check whether the master DRBG's reseed counter is the largest one */
- if (!TEST_int_le(public->reseed_counter, master->reseed_counter)
- || !TEST_int_le(private->reseed_counter, master->reseed_counter))
+ if (!TEST_int_le(public->reseed_prop_counter, master->reseed_prop_counter)
+ || !TEST_int_le(private->reseed_prop_counter, master->reseed_prop_counter))
return 0;
/*
* step 2: generate random output
*/
+ if (reseed_time == 0)
+ reseed_time = time(NULL);
+
/* Generate random output from the public and private DRBG */
- before_reseed = expect_master_reseed == 1 ? time(NULL) : 0;
+ before_reseed = expect_master_reseed == 1 ? reseed_time : 0;
if (!TEST_int_eq(RAND_bytes(buf, sizeof(buf)), expect_success)
|| !TEST_int_eq(RAND_priv_bytes(buf, sizeof(buf)), expect_success))
return 0;
if (expect_success == 1) {
/* Test whether all three reseed counters are synchronized */
- if (!TEST_int_eq(public->reseed_counter, master->reseed_counter)
- || !TEST_int_eq(private->reseed_counter, master->reseed_counter))
+ if (!TEST_int_eq(public->reseed_prop_counter, master->reseed_prop_counter)
+ || !TEST_int_eq(private->reseed_prop_counter, master->reseed_prop_counter))
return 0;
/* Test whether reseed time of master DRBG is set correctly */
* setup correctly, in particular whether reseeding works
* as designed.
*/
-static int test_rand_reseed(void)
+static int test_rand_drbg_reseed(void)
{
RAND_DRBG *master, *public, *private;
unsigned char rand_add_buf[256];
int rv=0;
+ time_t before_reseed;
/* Check whether RAND_OpenSSL() is the default method */
if (!TEST_ptr_eq(RAND_get_rand_method(), RAND_OpenSSL()))
/*
* Test initial seeding of shared DRBGs
*/
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1)))
+ if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0)))
goto error;
reset_drbg_hook_ctx();
/*
* Test initial state of shared DRBGs
*/
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0)))
+ if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0, 0)))
goto error;
reset_drbg_hook_ctx();
* Test whether the public and private DRBG are both reseeded when their
* reseed counters differ from the master's reseed counter.
*/
- master->reseed_counter++;
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1)))
+ master->reseed_prop_counter++;
+ if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1, 0)))
goto error;
reset_drbg_hook_ctx();
* Test whether the public DRBG is reseeded when its reseed counter differs
* from the master's reseed counter.
*/
- master->reseed_counter++;
- private->reseed_counter++;
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0)))
+ master->reseed_prop_counter++;
+ private->reseed_prop_counter++;
+ if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0, 0)))
goto error;
reset_drbg_hook_ctx();
* Test whether the private DRBG is reseeded when its reseed counter differs
* from the master's reseed counter.
*/
- master->reseed_counter++;
- public->reseed_counter++;
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1)))
+ master->reseed_prop_counter++;
+ public->reseed_prop_counter++;
+ if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1, 0)))
goto error;
reset_drbg_hook_ctx();
memset(rand_add_buf, 'r', sizeof(rand_add_buf));
/*
- * Test whether all three DRBGs are reseeded by RAND_add()
+ * Test whether all three DRBGs are reseeded by RAND_add().
+ * The before_reseed time has to be measured here and passed into the
+ * test_drbg_reseed() test, because the master DRBG gets already reseeded
+ * in RAND_add(), whence the check for the condition
+ * before_reseed <= master->reseed_time will fail if the time value happens
+ * to increase between the RAND_add() and the test_drbg_reseed() call.
*/
+ before_reseed = time(NULL);
RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
- if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1)))
+ if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1,
+ before_reseed)))
goto error;
reset_drbg_hook_ctx();
* Test whether none of the DRBGs is reseed if the master fails to reseed
*/
master_ctx.fail = 1;
- master->reseed_counter++;
+ master->reseed_prop_counter++;
RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
- if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0)))
+ if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0, 0)))
goto error;
reset_drbg_hook_ctx();
{
unsigned char buf[256];
time_t start = time(NULL);
- RAND_DRBG *public, *private;
+ RAND_DRBG *public = NULL, *private = NULL;
- public = RAND_DRBG_get0_public();
- private = RAND_DRBG_get0_private();
- RAND_DRBG_set_reseed_time_interval(public, 1);
+ if (!TEST_ptr(public = RAND_DRBG_get0_public())
+ || !TEST_ptr(private = RAND_DRBG_get0_private())) {
+ multi_thread_rand_bytes_succeeded = 0;
+ return;
+ }
RAND_DRBG_set_reseed_time_interval(private, 1);
+ RAND_DRBG_set_reseed_time_interval(public, 1);
do {
if (RAND_bytes(buf, sizeof(buf)) <= 0)
#endif
/*
- * This function only returns the entropy already added with RAND_add(),
- * and does not get entropy from the OS.
+ * Test that instantiation with RAND_seed() works as expected
*
- * Returns 0 on failure and the size of the buffer on success.
+ * If no os entropy source is available then RAND_seed(buffer, bufsize)
+ * is expected to succeed if and only if the buffer length is at least
+ * rand_drbg_seedlen(master) bytes.
+ *
+ * If an os entropy source is available then RAND_seed(buffer, bufsize)
+ * is expected to succeed always.
*/
-static size_t get_pool_entropy(RAND_DRBG *drbg,
- unsigned char **pout,
- int entropy, size_t min_len, size_t max_len,
- int prediction_resistance)
+static int test_rand_seed(void)
{
- if (drbg->pool == NULL)
- return 0;
+ RAND_DRBG *master = NULL;
+ unsigned char rand_buf[256];
+ size_t rand_buflen;
+ size_t required_seed_buflen = 0;
- if (drbg->pool->entropy < (size_t)entropy || drbg->pool->len < min_len
- || drbg->pool->len > max_len)
+ if (!TEST_ptr(master = RAND_DRBG_get0_master()))
return 0;
- *pout = drbg->pool->buffer;
- return drbg->pool->len;
-}
+#ifdef OPENSSL_RAND_SEED_NONE
+ required_seed_buflen = rand_drbg_seedlen(master);
+#endif
-/*
- * Clean up the entropy that get_pool_entropy() returned.
- */
-static void cleanup_pool_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
-{
- OPENSSL_secure_clear_free(drbg->pool->buffer, drbg->pool->max_len);
- OPENSSL_free(drbg->pool);
- drbg->pool = NULL;
+ memset(rand_buf, 0xCD, sizeof(rand_buf));
+
+ for ( rand_buflen = 256 ; rand_buflen > 0 ; --rand_buflen ) {
+ RAND_DRBG_uninstantiate(master);
+ RAND_seed(rand_buf, rand_buflen);
+
+ if (!TEST_int_eq(RAND_status(),
+ (rand_buflen >= required_seed_buflen)))
+ return 0;
+ }
+
+ return 1;
}
/*
- * Test that instantiating works when OS entropy is not available and that
- * RAND_add() is enough to reseed it.
+ * Test that adding additional data with RAND_add() works as expected
+ * when the master DRBG is instantiated (and below its reseed limit).
+ *
+ * This should succeed regardless of whether an os entropy source is
+ * available or not.
*/
static int test_rand_add(void)
{
- RAND_DRBG *master = RAND_DRBG_get0_master();
- RAND_DRBG_get_entropy_fn old_get_entropy = master->get_entropy;
- RAND_DRBG_cleanup_entropy_fn old_cleanup_entropy = master->cleanup_entropy;
- int rv = 0;
- unsigned char rand_add_buf[256];
+ unsigned char rand_buf[256];
+ size_t rand_buflen;
- master->get_entropy = get_pool_entropy;
- master->cleanup_entropy = cleanup_pool_entropy;
- master->reseed_counter++;
- RAND_DRBG_uninstantiate(master);
- memset(rand_add_buf, 0xCD, sizeof(rand_add_buf));
- RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
- if (!TEST_true(RAND_DRBG_instantiate(master, NULL, 0)))
- goto error;
+ memset(rand_buf, 0xCD, sizeof(rand_buf));
- rv = 1;
+ /* make sure it's instantiated */
+ RAND_seed(rand_buf, sizeof(rand_buf));
+ if (!TEST_true(RAND_status()))
+ return 0;
-error:
- master->get_entropy = old_get_entropy;
- master->cleanup_entropy = old_cleanup_entropy;
- return rv;
+ for ( rand_buflen = 256 ; rand_buflen > 0 ; --rand_buflen ) {
+ RAND_add(rand_buf, rand_buflen, 0.0);
+ if (!TEST_true(RAND_status()))
+ return 0;
+ }
+
+ return 1;
}
int setup_tests(void)
ADD_ALL_TESTS(test_kats, OSSL_NELEM(drbg_test));
ADD_ALL_TESTS(test_error_checks, OSSL_NELEM(drbg_test));
- ADD_TEST(test_rand_reseed);
+ ADD_TEST(test_rand_drbg_reseed);
+ ADD_TEST(test_rand_seed);
ADD_TEST(test_rand_add);
#if defined(OPENSSL_THREADS)
ADD_TEST(test_multi_thread);
* https://www.openssl.org/source/license.html
*/
+#include <string.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
return testresult;
}
+static const char dummy_cookie[] = "0123456";
+
+static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len)
+{
+ memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
+ *cookie_len = sizeof(dummy_cookie);
+ return 1;
+}
+
+static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
+ unsigned int cookie_len)
+{
+ return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
+}
+
+static int test_cookie(void)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ int testresult = 0;
+
+ if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
+ DTLS_client_method(),
+ DTLS1_VERSION, DTLS_MAX_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ return 0;
+
+ SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
+ SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
+ SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+static int test_dtls_duplicate_records(void)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ int testresult = 0;
+
+ if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
+ DTLS_client_method(),
+ DTLS1_VERSION, DTLS_MAX_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ return 0;
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ DTLS_set_timer_cb(clientssl, timer_cb);
+ DTLS_set_timer_cb(serverssl, timer_cb);
+
+ BIO_ctrl(SSL_get_wbio(clientssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
+ BIO_ctrl(SSL_get_wbio(serverssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
+ ADD_TEST(test_cookie);
+ ADD_TEST(test_dtls_duplicate_records);
return 1;
}
#include <string.h>
#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
-# include "testutil.h"
+#include "testutil.h"
#ifndef OPENSSL_NO_EC
# ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
# endif
+# include <openssl/sha.h>
# include <openssl/err.h>
# include <openssl/rand.h>
{
int ret = 0;
const char message[] = "abc";
- unsigned char digest[20];
+ unsigned char digest[SHA_DIGEST_LENGTH];
unsigned int dgst_len = 0;
EVP_MD_CTX *md_ctx;
EC_KEY *key = NULL;
/* Use ECDSA_sign_setup to avoid use of ECDSA nonces */
if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp)))
goto x962_int_err;
- if (!TEST_ptr(signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key)))
+ if (!TEST_ptr(signature =
+ ECDSA_do_sign_ex(digest, SHA_DIGEST_LENGTH, kinv, rp, key)))
goto x962_int_err;
/* compare the created signature with the expected signature */
goto x962_int_err;
/* verify the signature */
- if (!TEST_int_eq(ECDSA_do_verify(digest, 20, signature, key), 1))
+ if (!TEST_int_eq(ECDSA_do_verify(digest, SHA_DIGEST_LENGTH,
+ signature, key), 1))
goto x962_int_err;
ret = 1;
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group;
ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL;
- unsigned char digest[20], wrong_digest[20];
+ unsigned char digest[SHA512_DIGEST_LENGTH];
+ unsigned char wrong_digest[SHA512_DIGEST_LENGTH];
unsigned char *signature = NULL;
const unsigned char *sig_ptr;
unsigned char *sig_ptr2;
int nid, ret = 0;
/* fill digest values with some random data */
- if (!TEST_true(RAND_bytes(digest, 20))
- || !TEST_true(RAND_bytes(wrong_digest, 20)))
+ if (!TEST_true(RAND_bytes(digest, SHA512_DIGEST_LENGTH))
+ || !TEST_true(RAND_bytes(wrong_digest, SHA512_DIGEST_LENGTH)))
goto builtin_err;
/* create and verify a ecdsa signature with every available curve */
unsigned char dirt, offset;
nid = curves[n].nid;
- if (nid == NID_ipsec4)
+ if (nid == NID_ipsec4 || nid == NID_ipsec3)
continue;
/* create new ecdsa key (== EC_KEY) */
if (!TEST_ptr(eckey = EC_KEY_new())
goto builtin_err;
EC_GROUP_free(group);
degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
- if (degree < 160) {
- /* drop the curve */
- EC_KEY_free(eckey);
- eckey = NULL;
- continue;
- }
+
TEST_info("testing %s", OBJ_nid2sn(nid));
/* create key */
/* create signature */
sig_len = ECDSA_size(eckey);
if (!TEST_ptr(signature = OPENSSL_malloc(sig_len))
- || !TEST_true(ECDSA_sign(0, digest, 20, signature, &sig_len,
- eckey)))
+ || !TEST_true(ECDSA_sign(0, digest, SHA512_DIGEST_LENGTH,
+ signature, &sig_len, eckey)))
goto builtin_err;
/* verify signature */
- if (!TEST_int_eq(ECDSA_verify(0, digest, 20, signature, sig_len,
- eckey), 1))
+ if (!TEST_int_eq(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, eckey),
+ 1))
goto builtin_err;
/* verify signature with the wrong key */
- if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len,
- wrong_eckey), 1))
+ if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, wrong_eckey),
+ 1))
goto builtin_err;
/* wrong digest */
- if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, 20, signature,
- sig_len, eckey), 1))
+ if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, eckey),
+ 1))
goto builtin_err;
/* wrong length */
- if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature,
- sig_len - 1, eckey), 1))
+ if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len - 1, eckey),
+ 1))
goto builtin_err;
/*
}
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
- if (!TEST_false(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
+ if (!TEST_false(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, eckey)))
goto builtin_err;
/* Sanity check: undo the modification and verify signature. */
raw_buf[offset] ^= dirt;
if (!TEST_ptr(unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL))
|| !TEST_ptr(unmodified_s = BN_bin2bn(raw_buf + bn_len,
- bn_len, NULL))
+ bn_len, NULL))
|| !TEST_true(ECDSA_SIG_set0(modified_sig, unmodified_r,
unmodified_s))) {
BN_free(unmodified_r);
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
- if (!TEST_true(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
+ if (!TEST_true(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, eckey)))
goto builtin_err;
/* cleanup */
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/kdf.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "internal/evp_int.h"
return ret;
}
+static int test_HKDF(void)
+{
+ EVP_PKEY_CTX *pctx;
+ unsigned char out[20];
+ size_t outlen;
+ int i, ret = 0;
+ unsigned char salt[] = "0123456789";
+ unsigned char key[] = "012345678901234567890123456789";
+ unsigned char info[] = "infostring";
+ const unsigned char expected[] = {
+ 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
+ 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
+ };
+ size_t expectedlen = sizeof(expected);
+
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
+ goto done;
+
+ /* We do this twice to test reuse of the EVP_PKEY_CTX */
+ for (i = 0; i < 2; i++) {
+ outlen = sizeof(out);
+ memset(out, 0, outlen);
+
+ if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
+ sizeof(salt) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
+ sizeof(key) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
+ sizeof(info) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
+ || !TEST_mem_eq(out, outlen, expected, expectedlen))
+ goto done;
+ }
+
+ ret = 1;
+
+ done:
+ EVP_PKEY_CTX_free(pctx);
+
+ return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
return 0;
ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
+ ADD_TEST(test_HKDF);
return 1;
}
static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
-static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
- const char *value);
/*
* Compare two memory regions for equality, returning zero if they differ.
size_t plaintext_len;
unsigned char *ciphertext;
size_t ciphertext_len;
- /* GCM, CCM only */
+ /* GCM, CCM and OCB only */
unsigned char *aad;
size_t aad_len;
unsigned char *tag;
if (m == EVP_CIPH_GCM_MODE
|| m == EVP_CIPH_OCB_MODE
|| m == EVP_CIPH_CCM_MODE)
- cdat->aead = EVP_CIPHER_mode(cipher);
+ cdat->aead = m;
else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
cdat->aead = -1;
else
return 0;
}
+static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
+ const char *value)
+{
+ int rv;
+ char *p, *tmpval;
+
+ if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
+ return 0;
+ p = strchr(tmpval, ':');
+ if (p != NULL)
+ *p++ = '\0';
+ rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+ if (rv == -2)
+ t->err = "PKEY_CTRL_INVALID";
+ else if (rv <= 0)
+ t->err = "PKEY_CTRL_ERROR";
+ else
+ rv = 1;
+ OPENSSL_free(tmpval);
+ return rv > 0;
+}
+
static int mac_test_run(EVP_TEST *t)
{
MAC_DATA *expected = t->data;
goto err;
}
for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
- if (!pkey_test_ctrl(t, pctx,
- sk_OPENSSL_STRING_value(expected->controls, i))) {
+ if (!mac_test_ctrl_pkey(t, pctx,
+ sk_OPENSSL_STRING_value(expected->controls,
+ i))) {
t->err = "EVPPKEYCTXCTRL_ERROR";
goto err;
}
return 0;
}
if (rv < 0) {
- TEST_info("Line %d: error processing keyword %s\n",
- t->s.curr, pp->key);
+ TEST_info("Line %d: error processing keyword %s = %s\n",
+ t->s.curr, pp->key, pp->value);
return 0;
}
}
*serv_sess_out = SSL_SESSION_dup(tmp);
}
- if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) {
+ if (SSL_get_peer_tmp_key(client.ssl, &tmp_key)) {
ret->tmp_key_type = pkey_type(tmp_key);
EVP_PKEY_free(tmp_key);
}
#! /usr/bin/env perl
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
setup("test_internal_ctype");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_ctype", "ctype_internal_test");
#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
setup("test_internal_asn1");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_asn1", "asn1_internal_test");
#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
setup("test_internal_chacha");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_chacha", "chacha_internal_test", "chacha");
setup("test_internal_curve448");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
plan skip_all => "This test is unsupported in a no-ec build"
if disabled("ec");
#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
setup("test_internal_modes");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_modes", "modes_internal_test");
#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
setup("test_internal_poly1305");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_poly1305", "poly1305_internal_test", "poly1305");
#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
setup("test_internal_siphash");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_siphash", "siphash_internal_test", "siphash");
setup("test_internal_sm2");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_sm2", "sm2_internal_test", "sm2");
setup("test_internal_sm4");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_sm4", "sm4_internal_test", "sm4");
#! /usr/bin/env perl
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
setup("test_internal_ssl_cert_table");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_ssl_cert_table", "ssl_cert_table_internal_test");
#! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
setup("test_internal_x509");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
simple_test("test_internal_x509", "x509_internal_test");
setup("test_rdrand_sanity");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
# We also need static builds to be enabled even on linux
plan skip_all => "This test is unsupported if static builds are not enabled"
if disabled("static");
Ctrl = digestsize:8
Key = 000102030405060708090A0B0C0D0E0F
Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
-Output = B96AB0B9D449A78A
+Output = 724506EB4C328A95
# SIPHASH - default values: 2,4 rounds, explicit 16-byte mac
MAC = SipHash
Ctrl = digestsize:13
Key = 000102030405060708090A0B0C0D0E0F
-Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E
-Output = 5150d1772f50834a503e069a973fbd7c
+Result = EVPPKEYCTXCTRL_ERROR
Title = HMAC tests (from RFC2104 and others)
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
-plan tests => 27; # = scalar @conf_srcs
+plan tests => 28; # = scalar @conf_srcs
# Some test results depend on the configuration of enabled protocols. We only
# verify generated sources in the default configuration.
"22-compression.conf" => !$is_default_tls,
"25-cipher.conf" => disabled("poly1305") || disabled("chacha"),
"27-ticket-appdata.conf" => !$is_default_tls,
+ "28-seclevel.conf" => disabled("tls1_2") || $no_ec,
);
# Add your test here if it should be skipped for some compile-time
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
-
-use OpenSSL::Test qw/:DEFAULT bldtop_dir/;
+use OpenSSL::Test qw/:DEFAULT bldtop_dir bldtop_file/;
use OpenSSL::Test::Utils;
#Load configdata.pm
plan tests => 4;
-my $libcrypto_idx = $unified_info{rename}->{libcrypto} // "libcrypto";
-my $libssl_idx = $unified_info{rename}->{libssl} // "libssl";
-my $libcrypto =
- $unified_info{sharednames}->{$libcrypto_idx}.$target{shared_extension_simple};
-my $libssl =
- $unified_info{sharednames}->{$libssl_idx}.$target{shared_extension_simple};
+# When libssl and libcrypto are compiled on Linux with "-rpath", but not
+# "--enable-new-dtags", the RPATH takes precedence over LD_LIBRARY_PATH,
+# and we end up running with the wrong libraries. This is resolved by
+# using paths to the shared objects, not just the names.
+
+my $libcrypto = bldtop_file(shlib('libcrypto'));
+my $libssl = bldtop_file(shlib('libssl'));
ok(run(test(["shlibloadtest", "-crypto_first", $libcrypto, $libssl])),
"running shlibloadtest -crypto_first");
ok(run(test(["shlibloadtest", "-dso_ref", $libcrypto, $libssl])),
"running shlibloadtest -dso_ref");
+sub shlib {
+ my $lib = shift;
+ $lib = $unified_info{rename}->{$lib}
+ if defined $unified_info{rename}->{$lib};
+ $lib = $unified_info{sharednames}->{$lib}
+ . ($target{shlib_variant} || "")
+ . ($target{shared_extension} || ".so");
+ $lib =~ s|\.\$\(SHLIB_VERSION_NUMBER\)
+ |.$config{shlib_version_number}|x;
+ return $lib;
+}
plan skip_all => "$test_name is not supported in this build"
if disabled("tls1_3");
-plan skip_all => "This test is unsupported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
plan tests => 1;
ok(run(test(["tls13encryptiontest"])), "running tls13encryptiontest");
--- /dev/null
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Check to see if there is a conflict between complex.h and openssl/rsa.h.
+ * The former defines "I" as a macro and earlier versions of the latter use
+ * for function arguments.
+ */
+#if defined(__STDC_VERSION__)
+# if __STDC_VERSION__ >= 199901L
+# include <complex.h>
+# endif
+#endif
+#include <openssl/rsa.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[])
+{
+ /* There are explicitly no run time checks for this one */
+ return EXIT_SUCCESS;
+}
#include <openssl/crypto.h>
#include "testutil.h"
+#include "../e_os.h"
static int test_sec_mem(void)
{
-#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
+#ifdef OPENSSL_SECURE_MEMORY
int testresult = 0;
char *p = NULL, *q = NULL, *r = NULL, *s = NULL;
+ TEST_info("Secure memory is implemented.");
+
s = OPENSSL_secure_malloc(20);
/* s = non-secure 20 */
if (!TEST_ptr(s)
OPENSSL_secure_free(s);
return testresult;
#else
+ TEST_info("Secure memory is *not* implemented.");
/* Should fail. */
return TEST_false(CRYPTO_secure_malloc_init(4096, 32));
#endif
static int test_sec_mem_clear(void)
{
-#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
+#ifdef OPENSSL_SECURE_MEMORY
const int size = 64;
unsigned char *p = NULL;
int i, res = 0;
res = 1;
p = NULL;
-
err:
OPENSSL_secure_free(p);
CRYPTO_secure_malloc_done();
static int test_siphash(int idx)
{
- SIPHASH siphash;
+ SIPHASH siphash = { 0, };
TESTDATA test = tests[idx];
unsigned char key[SIPHASH_KEY_SIZE];
unsigned char in[64];
static int test_siphash_basic(void)
{
- SIPHASH siphash;
+ SIPHASH siphash = { 0, };
unsigned char key[SIPHASH_KEY_SIZE];
unsigned char output[SIPHASH_MAX_DIGEST_SIZE];
# Generated with generate_ssl_tests.pl
-num_tests = 49
+num_tests = 51
test-0 = 0-ECDSA CipherString Selection
test-1 = 1-ECDSA CipherString Selection
test-2 = 2-ECDSA CipherString Selection
test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection
test-4 = 4-Ed448 CipherString and Signature Algorithm Selection
-test-5 = 5-RSA CipherString Selection
-test-6 = 6-RSA-PSS Certificate CipherString Selection
-test-7 = 7-P-256 CipherString and Signature Algorithm Selection
-test-8 = 8-Ed25519 CipherString and Curves Selection
-test-9 = 9-Ed448 CipherString and Curves Selection
-test-10 = 10-ECDSA CipherString Selection, no ECDSA certificate
-test-11 = 11-ECDSA Signature Algorithm Selection
-test-12 = 12-ECDSA Signature Algorithm Selection SHA384
-test-13 = 13-ECDSA Signature Algorithm Selection SHA1
-test-14 = 14-ECDSA Signature Algorithm Selection compressed point
-test-15 = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate
-test-16 = 16-RSA Signature Algorithm Selection
-test-17 = 17-RSA-PSS Signature Algorithm Selection
-test-18 = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection
-test-19 = 19-RSA-PSS Certificate Unified Signature Algorithm Selection
-test-20 = 20-Only RSA-PSS Certificate
-test-21 = 21-RSA-PSS Certificate, no PSS signature algorithms
-test-22 = 22-RSA key exchange with all RSA certificate types
-test-23 = 23-RSA key exchange with only RSA-PSS certificate
-test-24 = 24-Suite B P-256 Hash Algorithm Selection
-test-25 = 25-Suite B P-384 Hash Algorithm Selection
-test-26 = 26-TLS 1.2 Ed25519 Client Auth
-test-27 = 27-TLS 1.2 Ed448 Client Auth
-test-28 = 28-Only RSA-PSS Certificate, TLS v1.1
-test-29 = 29-TLS 1.3 ECDSA Signature Algorithm Selection
-test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
-test-31 = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
-test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
-test-33 = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
-test-34 = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
-test-35 = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS
-test-36 = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection
-test-37 = 37-TLS 1.3 Ed25519 Signature Algorithm Selection
-test-38 = 38-TLS 1.3 Ed448 Signature Algorithm Selection
-test-39 = 39-TLS 1.3 Ed25519 CipherString and Groups Selection
-test-40 = 40-TLS 1.3 Ed448 CipherString and Groups Selection
-test-41 = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection
-test-42 = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
-test-43 = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
-test-44 = 44-TLS 1.3 Ed25519 Client Auth
-test-45 = 45-TLS 1.3 Ed448 Client Auth
-test-46 = 46-TLS 1.2 DSA Certificate Test
-test-47 = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
-test-48 = 48-TLS 1.3 DSA Certificate Test
+test-5 = 5-ECDSA with brainpool
+test-6 = 6-RSA CipherString Selection
+test-7 = 7-RSA-PSS Certificate CipherString Selection
+test-8 = 8-P-256 CipherString and Signature Algorithm Selection
+test-9 = 9-Ed25519 CipherString and Curves Selection
+test-10 = 10-Ed448 CipherString and Curves Selection
+test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate
+test-12 = 12-ECDSA Signature Algorithm Selection
+test-13 = 13-ECDSA Signature Algorithm Selection SHA384
+test-14 = 14-ECDSA Signature Algorithm Selection SHA1
+test-15 = 15-ECDSA Signature Algorithm Selection compressed point
+test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate
+test-17 = 17-RSA Signature Algorithm Selection
+test-18 = 18-RSA-PSS Signature Algorithm Selection
+test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection
+test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection
+test-21 = 21-Only RSA-PSS Certificate
+test-22 = 22-RSA-PSS Certificate, no PSS signature algorithms
+test-23 = 23-RSA key exchange with all RSA certificate types
+test-24 = 24-RSA key exchange with only RSA-PSS certificate
+test-25 = 25-Suite B P-256 Hash Algorithm Selection
+test-26 = 26-Suite B P-384 Hash Algorithm Selection
+test-27 = 27-TLS 1.2 Ed25519 Client Auth
+test-28 = 28-TLS 1.2 Ed448 Client Auth
+test-29 = 29-Only RSA-PSS Certificate, TLS v1.1
+test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection
+test-31 = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
+test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
+test-33 = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
+test-34 = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
+test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
+test-36 = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS
+test-37 = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection
+test-38 = 38-TLS 1.3 Ed25519 Signature Algorithm Selection
+test-39 = 39-TLS 1.3 Ed448 Signature Algorithm Selection
+test-40 = 40-TLS 1.3 Ed25519 CipherString and Groups Selection
+test-41 = 41-TLS 1.3 Ed448 CipherString and Groups Selection
+test-42 = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection
+test-43 = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
+test-44 = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
+test-45 = 45-TLS 1.3 Ed25519 Client Auth
+test-46 = 46-TLS 1.3 Ed448 Client Auth
+test-47 = 47-TLS 1.3 ECDSA with brainpool
+test-48 = 48-TLS 1.2 DSA Certificate Test
+test-49 = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
+test-50 = 50-TLS 1.3 DSA Certificate Test
# ===========================================================
[0-ECDSA CipherString Selection]
# ===========================================================
-[5-RSA CipherString Selection]
-ssl_conf = 5-RSA CipherString Selection-ssl
+[5-ECDSA with brainpool]
+ssl_conf = 5-ECDSA with brainpool-ssl
-[5-RSA CipherString Selection-ssl]
-server = 5-RSA CipherString Selection-server
-client = 5-RSA CipherString Selection-client
+[5-ECDSA with brainpool-ssl]
+server = 5-ECDSA with brainpool-server
+client = 5-ECDSA with brainpool-client
-[5-RSA CipherString Selection-server]
+[5-ECDSA with brainpool-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+CipherString = DEFAULT
+Groups = brainpoolP256r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+
+[5-ECDSA with brainpool-client]
+CipherString = aECDSA
+Groups = brainpoolP256r1
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = brainpoolP256r1
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[6-RSA CipherString Selection]
+ssl_conf = 6-RSA CipherString Selection-ssl
+
+[6-RSA CipherString Selection-ssl]
+server = 6-RSA CipherString Selection-server
+client = 6-RSA CipherString Selection-client
+
+[6-RSA CipherString Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[5-RSA CipherString Selection-client]
+[6-RSA CipherString Selection-client]
CipherString = aRSA
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-5]
+[test-6]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignType = RSA-PSS
# ===========================================================
-[6-RSA-PSS Certificate CipherString Selection]
-ssl_conf = 6-RSA-PSS Certificate CipherString Selection-ssl
+[7-RSA-PSS Certificate CipherString Selection]
+ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl
-[6-RSA-PSS Certificate CipherString Selection-ssl]
-server = 6-RSA-PSS Certificate CipherString Selection-server
-client = 6-RSA-PSS Certificate CipherString Selection-client
+[7-RSA-PSS Certificate CipherString Selection-ssl]
+server = 7-RSA-PSS Certificate CipherString Selection-server
+client = 7-RSA-PSS Certificate CipherString Selection-client
-[6-RSA-PSS Certificate CipherString Selection-server]
+[7-RSA-PSS Certificate CipherString Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[6-RSA-PSS Certificate CipherString Selection-client]
+[7-RSA-PSS Certificate CipherString Selection-client]
CipherString = aRSA
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-6]
+[test-7]
ExpectedResult = Success
ExpectedServerCertType = RSA-PSS
ExpectedServerSignType = RSA-PSS
# ===========================================================
-[7-P-256 CipherString and Signature Algorithm Selection]
-ssl_conf = 7-P-256 CipherString and Signature Algorithm Selection-ssl
+[8-P-256 CipherString and Signature Algorithm Selection]
+ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl
-[7-P-256 CipherString and Signature Algorithm Selection-ssl]
-server = 7-P-256 CipherString and Signature Algorithm Selection-server
-client = 7-P-256 CipherString and Signature Algorithm Selection-client
+[8-P-256 CipherString and Signature Algorithm Selection-ssl]
+server = 8-P-256 CipherString and Signature Algorithm Selection-server
+client = 8-P-256 CipherString and Signature Algorithm Selection-client
-[7-P-256 CipherString and Signature Algorithm Selection-server]
+[8-P-256 CipherString and Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[7-P-256 CipherString and Signature Algorithm Selection-client]
+[8-P-256 CipherString and Signature Algorithm Selection-client]
CipherString = aECDSA
MaxProtocol = TLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ed25519
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-7]
+[test-8]
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignHash = SHA256
# ===========================================================
-[8-Ed25519 CipherString and Curves Selection]
-ssl_conf = 8-Ed25519 CipherString and Curves Selection-ssl
+[9-Ed25519 CipherString and Curves Selection]
+ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl
-[8-Ed25519 CipherString and Curves Selection-ssl]
-server = 8-Ed25519 CipherString and Curves Selection-server
-client = 8-Ed25519 CipherString and Curves Selection-client
+[9-Ed25519 CipherString and Curves Selection-ssl]
+server = 9-Ed25519 CipherString and Curves Selection-server
+client = 9-Ed25519 CipherString and Curves Selection-client
-[8-Ed25519 CipherString and Curves Selection-server]
+[9-Ed25519 CipherString and Curves Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[8-Ed25519 CipherString and Curves Selection-client]
+[9-Ed25519 CipherString and Curves Selection-client]
CipherString = aECDSA
Curves = X25519
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-8]
+[test-9]
ExpectedResult = Success
ExpectedServerCertType = Ed25519
ExpectedServerSignType = Ed25519
# ===========================================================
-[9-Ed448 CipherString and Curves Selection]
-ssl_conf = 9-Ed448 CipherString and Curves Selection-ssl
+[10-Ed448 CipherString and Curves Selection]
+ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl
-[9-Ed448 CipherString and Curves Selection-ssl]
-server = 9-Ed448 CipherString and Curves Selection-server
-client = 9-Ed448 CipherString and Curves Selection-client
+[10-Ed448 CipherString and Curves Selection-ssl]
+server = 10-Ed448 CipherString and Curves Selection-server
+client = 10-Ed448 CipherString and Curves Selection-client
-[9-Ed448 CipherString and Curves Selection-server]
+[10-Ed448 CipherString and Curves Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[9-Ed448 CipherString and Curves Selection-client]
+[10-Ed448 CipherString and Curves Selection-client]
CipherString = aECDSA
Curves = X448
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-9]
+[test-10]
ExpectedResult = Success
ExpectedServerCertType = Ed448
ExpectedServerSignType = Ed448
# ===========================================================
-[10-ECDSA CipherString Selection, no ECDSA certificate]
-ssl_conf = 10-ECDSA CipherString Selection, no ECDSA certificate-ssl
+[11-ECDSA CipherString Selection, no ECDSA certificate]
+ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl
-[10-ECDSA CipherString Selection, no ECDSA certificate-ssl]
-server = 10-ECDSA CipherString Selection, no ECDSA certificate-server
-client = 10-ECDSA CipherString Selection, no ECDSA certificate-client
+[11-ECDSA CipherString Selection, no ECDSA certificate-ssl]
+server = 11-ECDSA CipherString Selection, no ECDSA certificate-server
+client = 11-ECDSA CipherString Selection, no ECDSA certificate-client
-[10-ECDSA CipherString Selection, no ECDSA certificate-server]
+[11-ECDSA CipherString Selection, no ECDSA certificate-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[10-ECDSA CipherString Selection, no ECDSA certificate-client]
+[11-ECDSA CipherString Selection, no ECDSA certificate-client]
CipherString = aECDSA
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-10]
+[test-11]
ExpectedResult = ServerFail
# ===========================================================
-[11-ECDSA Signature Algorithm Selection]
-ssl_conf = 11-ECDSA Signature Algorithm Selection-ssl
+[12-ECDSA Signature Algorithm Selection]
+ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl
-[11-ECDSA Signature Algorithm Selection-ssl]
-server = 11-ECDSA Signature Algorithm Selection-server
-client = 11-ECDSA Signature Algorithm Selection-client
+[12-ECDSA Signature Algorithm Selection-ssl]
+server = 12-ECDSA Signature Algorithm Selection-server
+client = 12-ECDSA Signature Algorithm Selection-client
-[11-ECDSA Signature Algorithm Selection-server]
+[12-ECDSA Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[11-ECDSA Signature Algorithm Selection-client]
+[12-ECDSA Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-11]
+[test-12]
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignHash = SHA256
# ===========================================================
-[12-ECDSA Signature Algorithm Selection SHA384]
-ssl_conf = 12-ECDSA Signature Algorithm Selection SHA384-ssl
+[13-ECDSA Signature Algorithm Selection SHA384]
+ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl
-[12-ECDSA Signature Algorithm Selection SHA384-ssl]
-server = 12-ECDSA Signature Algorithm Selection SHA384-server
-client = 12-ECDSA Signature Algorithm Selection SHA384-client
+[13-ECDSA Signature Algorithm Selection SHA384-ssl]
+server = 13-ECDSA Signature Algorithm Selection SHA384-server
+client = 13-ECDSA Signature Algorithm Selection SHA384-client
-[12-ECDSA Signature Algorithm Selection SHA384-server]
+[13-ECDSA Signature Algorithm Selection SHA384-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[12-ECDSA Signature Algorithm Selection SHA384-client]
+[13-ECDSA Signature Algorithm Selection SHA384-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA384
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-12]
+[test-13]
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignHash = SHA384
# ===========================================================
-[13-ECDSA Signature Algorithm Selection SHA1]
-ssl_conf = 13-ECDSA Signature Algorithm Selection SHA1-ssl
+[14-ECDSA Signature Algorithm Selection SHA1]
+ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl
-[13-ECDSA Signature Algorithm Selection SHA1-ssl]
-server = 13-ECDSA Signature Algorithm Selection SHA1-server
-client = 13-ECDSA Signature Algorithm Selection SHA1-client
+[14-ECDSA Signature Algorithm Selection SHA1-ssl]
+server = 14-ECDSA Signature Algorithm Selection SHA1-server
+client = 14-ECDSA Signature Algorithm Selection SHA1-client
-[13-ECDSA Signature Algorithm Selection SHA1-server]
+[14-ECDSA Signature Algorithm Selection SHA1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[13-ECDSA Signature Algorithm Selection SHA1-client]
+[14-ECDSA Signature Algorithm Selection SHA1-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-13]
+[test-14]
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignHash = SHA1
# ===========================================================
-[14-ECDSA Signature Algorithm Selection compressed point]
-ssl_conf = 14-ECDSA Signature Algorithm Selection compressed point-ssl
+[15-ECDSA Signature Algorithm Selection compressed point]
+ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl
-[14-ECDSA Signature Algorithm Selection compressed point-ssl]
-server = 14-ECDSA Signature Algorithm Selection compressed point-server
-client = 14-ECDSA Signature Algorithm Selection compressed point-client
+[15-ECDSA Signature Algorithm Selection compressed point-ssl]
+server = 15-ECDSA Signature Algorithm Selection compressed point-server
+client = 15-ECDSA Signature Algorithm Selection compressed point-client
-[14-ECDSA Signature Algorithm Selection compressed point-server]
+[15-ECDSA Signature Algorithm Selection compressed point-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[14-ECDSA Signature Algorithm Selection compressed point-client]
+[15-ECDSA Signature Algorithm Selection compressed point-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-14]
+[test-15]
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignHash = SHA256
# ===========================================================
-[15-ECDSA Signature Algorithm Selection, no ECDSA certificate]
-ssl_conf = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
+[16-ECDSA Signature Algorithm Selection, no ECDSA certificate]
+ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
-[15-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
-server = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
-client = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
+[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
+server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
+client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
-[15-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
+[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[15-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
+[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-15]
+[test-16]
ExpectedResult = ServerFail
# ===========================================================
-[16-RSA Signature Algorithm Selection]
-ssl_conf = 16-RSA Signature Algorithm Selection-ssl
+[17-RSA Signature Algorithm Selection]
+ssl_conf = 17-RSA Signature Algorithm Selection-ssl
-[16-RSA Signature Algorithm Selection-ssl]
-server = 16-RSA Signature Algorithm Selection-server
-client = 16-RSA Signature Algorithm Selection-client
+[17-RSA Signature Algorithm Selection-ssl]
+server = 17-RSA Signature Algorithm Selection-server
+client = 17-RSA Signature Algorithm Selection-client
-[16-RSA Signature Algorithm Selection-server]
+[17-RSA Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[16-RSA Signature Algorithm Selection-client]
+[17-RSA Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-16]
+[test-17]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256
# ===========================================================
-[17-RSA-PSS Signature Algorithm Selection]
-ssl_conf = 17-RSA-PSS Signature Algorithm Selection-ssl
+[18-RSA-PSS Signature Algorithm Selection]
+ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl
-[17-RSA-PSS Signature Algorithm Selection-ssl]
-server = 17-RSA-PSS Signature Algorithm Selection-server
-client = 17-RSA-PSS Signature Algorithm Selection-client
+[18-RSA-PSS Signature Algorithm Selection-ssl]
+server = 18-RSA-PSS Signature Algorithm Selection-server
+client = 18-RSA-PSS Signature Algorithm Selection-client
-[17-RSA-PSS Signature Algorithm Selection-server]
+[18-RSA-PSS Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[17-RSA-PSS Signature Algorithm Selection-client]
+[18-RSA-PSS Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA-PSS+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-17]
+[test-18]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256
# ===========================================================
-[18-RSA-PSS Certificate Legacy Signature Algorithm Selection]
-ssl_conf = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
+[19-RSA-PSS Certificate Legacy Signature Algorithm Selection]
+ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
-[18-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
-server = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
-client = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
+[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
+server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
+client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
-[18-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
+[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[18-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
+[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA-PSS+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-18]
+[test-19]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256
# ===========================================================
-[19-RSA-PSS Certificate Unified Signature Algorithm Selection]
-ssl_conf = 19-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
+[20-RSA-PSS Certificate Unified Signature Algorithm Selection]
+ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
-[19-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
-server = 19-RSA-PSS Certificate Unified Signature Algorithm Selection-server
-client = 19-RSA-PSS Certificate Unified Signature Algorithm Selection-client
+[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
+server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server
+client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client
-[19-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
+[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[19-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
+[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = rsa_pss_pss_sha256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-19]
+[test-20]
ExpectedResult = Success
ExpectedServerCertType = RSA-PSS
ExpectedServerSignHash = SHA256
# ===========================================================
-[20-Only RSA-PSS Certificate]
-ssl_conf = 20-Only RSA-PSS Certificate-ssl
+[21-Only RSA-PSS Certificate]
+ssl_conf = 21-Only RSA-PSS Certificate-ssl
-[20-Only RSA-PSS Certificate-ssl]
-server = 20-Only RSA-PSS Certificate-server
-client = 20-Only RSA-PSS Certificate-client
+[21-Only RSA-PSS Certificate-ssl]
+server = 21-Only RSA-PSS Certificate-server
+client = 21-Only RSA-PSS Certificate-client
-[20-Only RSA-PSS Certificate-server]
+[21-Only RSA-PSS Certificate-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-[20-Only RSA-PSS Certificate-client]
+[21-Only RSA-PSS Certificate-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-20]
+[test-21]
ExpectedResult = Success
ExpectedServerCertType = RSA-PSS
ExpectedServerSignHash = SHA256
# ===========================================================
-[21-RSA-PSS Certificate, no PSS signature algorithms]
-ssl_conf = 21-RSA-PSS Certificate, no PSS signature algorithms-ssl
+[22-RSA-PSS Certificate, no PSS signature algorithms]
+ssl_conf = 22-RSA-PSS Certificate, no PSS signature algorithms-ssl
-[21-RSA-PSS Certificate, no PSS signature algorithms-ssl]
-server = 21-RSA-PSS Certificate, no PSS signature algorithms-server
-client = 21-RSA-PSS Certificate, no PSS signature algorithms-client
+[22-RSA-PSS Certificate, no PSS signature algorithms-ssl]
+server = 22-RSA-PSS Certificate, no PSS signature algorithms-server
+client = 22-RSA-PSS Certificate, no PSS signature algorithms-client
-[21-RSA-PSS Certificate, no PSS signature algorithms-server]
+[22-RSA-PSS Certificate, no PSS signature algorithms-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-[21-RSA-PSS Certificate, no PSS signature algorithms-client]
+[22-RSA-PSS Certificate, no PSS signature algorithms-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-21]
+[test-22]
ExpectedResult = ServerFail
# ===========================================================
-[22-RSA key exchange with all RSA certificate types]
-ssl_conf = 22-RSA key exchange with all RSA certificate types-ssl
+[23-RSA key exchange with all RSA certificate types]
+ssl_conf = 23-RSA key exchange with all RSA certificate types-ssl
-[22-RSA key exchange with all RSA certificate types-ssl]
-server = 22-RSA key exchange with all RSA certificate types-server
-client = 22-RSA key exchange with all RSA certificate types-client
+[23-RSA key exchange with all RSA certificate types-ssl]
+server = 23-RSA key exchange with all RSA certificate types-server
+client = 23-RSA key exchange with all RSA certificate types-client
-[22-RSA key exchange with all RSA certificate types-server]
+[23-RSA key exchange with all RSA certificate types-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[22-RSA key exchange with all RSA certificate types-client]
+[23-RSA key exchange with all RSA certificate types-client]
CipherString = kRSA
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-22]
+[test-23]
ExpectedResult = Success
ExpectedServerCertType = RSA
# ===========================================================
-[23-RSA key exchange with only RSA-PSS certificate]
-ssl_conf = 23-RSA key exchange with only RSA-PSS certificate-ssl
+[24-RSA key exchange with only RSA-PSS certificate]
+ssl_conf = 24-RSA key exchange with only RSA-PSS certificate-ssl
-[23-RSA key exchange with only RSA-PSS certificate-ssl]
-server = 23-RSA key exchange with only RSA-PSS certificate-server
-client = 23-RSA key exchange with only RSA-PSS certificate-client
+[24-RSA key exchange with only RSA-PSS certificate-ssl]
+server = 24-RSA key exchange with only RSA-PSS certificate-server
+client = 24-RSA key exchange with only RSA-PSS certificate-client
-[23-RSA key exchange with only RSA-PSS certificate-server]
+[24-RSA key exchange with only RSA-PSS certificate-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-[23-RSA key exchange with only RSA-PSS certificate-client]
+[24-RSA key exchange with only RSA-PSS certificate-client]
CipherString = kRSA
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-23]
+[test-24]
ExpectedResult = ServerFail
# ===========================================================
-[24-Suite B P-256 Hash Algorithm Selection]
-ssl_conf = 24-Suite B P-256 Hash Algorithm Selection-ssl
+[25-Suite B P-256 Hash Algorithm Selection]
+ssl_conf = 25-Suite B P-256 Hash Algorithm Selection-ssl
-[24-Suite B P-256 Hash Algorithm Selection-ssl]
-server = 24-Suite B P-256 Hash Algorithm Selection-server
-client = 24-Suite B P-256 Hash Algorithm Selection-client
+[25-Suite B P-256 Hash Algorithm Selection-ssl]
+server = 25-Suite B P-256 Hash Algorithm Selection-server
+client = 25-Suite B P-256 Hash Algorithm Selection-client
-[24-Suite B P-256 Hash Algorithm Selection-server]
+[25-Suite B P-256 Hash Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = SUITEB128
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[24-Suite B P-256 Hash Algorithm Selection-client]
+[25-Suite B P-256 Hash Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
VerifyMode = Peer
-[test-24]
+[test-25]
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignHash = SHA256
# ===========================================================
-[25-Suite B P-384 Hash Algorithm Selection]
-ssl_conf = 25-Suite B P-384 Hash Algorithm Selection-ssl
+[26-Suite B P-384 Hash Algorithm Selection]
+ssl_conf = 26-Suite B P-384 Hash Algorithm Selection-ssl
-[25-Suite B P-384 Hash Algorithm Selection-ssl]
-server = 25-Suite B P-384 Hash Algorithm Selection-server
-client = 25-Suite B P-384 Hash Algorithm Selection-client
+[26-Suite B P-384 Hash Algorithm Selection-ssl]
+server = 26-Suite B P-384 Hash Algorithm Selection-server
+client = 26-Suite B P-384 Hash Algorithm Selection-client
-[25-Suite B P-384 Hash Algorithm Selection-server]
+[26-Suite B P-384 Hash Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = SUITEB128
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[25-Suite B P-384 Hash Algorithm Selection-client]
+[26-Suite B P-384 Hash Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
VerifyMode = Peer
-[test-25]
+[test-26]
ExpectedResult = Success
ExpectedServerCertType = P-384
ExpectedServerSignHash = SHA384
# ===========================================================
-[26-TLS 1.2 Ed25519 Client Auth]
-ssl_conf = 26-TLS 1.2 Ed25519 Client Auth-ssl
+[27-TLS 1.2 Ed25519 Client Auth]
+ssl_conf = 27-TLS 1.2 Ed25519 Client Auth-ssl
-[26-TLS 1.2 Ed25519 Client Auth-ssl]
-server = 26-TLS 1.2 Ed25519 Client Auth-server
-client = 26-TLS 1.2 Ed25519 Client Auth-client
+[27-TLS 1.2 Ed25519 Client Auth-ssl]
+server = 27-TLS 1.2 Ed25519 Client Auth-server
+client = 27-TLS 1.2 Ed25519 Client Auth-client
-[26-TLS 1.2 Ed25519 Client Auth-server]
+[27-TLS 1.2 Ed25519 Client Auth-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[26-TLS 1.2 Ed25519 Client Auth-client]
+[27-TLS 1.2 Ed25519 Client Auth-client]
CipherString = DEFAULT
Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-26]
+[test-27]
ExpectedClientCertType = Ed25519
ExpectedClientSignType = Ed25519
ExpectedResult = Success
# ===========================================================
-[27-TLS 1.2 Ed448 Client Auth]
-ssl_conf = 27-TLS 1.2 Ed448 Client Auth-ssl
+[28-TLS 1.2 Ed448 Client Auth]
+ssl_conf = 28-TLS 1.2 Ed448 Client Auth-ssl
-[27-TLS 1.2 Ed448 Client Auth-ssl]
-server = 27-TLS 1.2 Ed448 Client Auth-server
-client = 27-TLS 1.2 Ed448 Client Auth-client
+[28-TLS 1.2 Ed448 Client Auth-ssl]
+server = 28-TLS 1.2 Ed448 Client Auth-server
+client = 28-TLS 1.2 Ed448 Client Auth-client
-[27-TLS 1.2 Ed448 Client Auth-server]
+[28-TLS 1.2 Ed448 Client Auth-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[27-TLS 1.2 Ed448 Client Auth-client]
+[28-TLS 1.2 Ed448 Client Auth-client]
CipherString = DEFAULT
Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-27]
+[test-28]
ExpectedClientCertType = Ed448
ExpectedClientSignType = Ed448
ExpectedResult = Success
# ===========================================================
-[28-Only RSA-PSS Certificate, TLS v1.1]
-ssl_conf = 28-Only RSA-PSS Certificate, TLS v1.1-ssl
+[29-Only RSA-PSS Certificate, TLS v1.1]
+ssl_conf = 29-Only RSA-PSS Certificate, TLS v1.1-ssl
-[28-Only RSA-PSS Certificate, TLS v1.1-ssl]
-server = 28-Only RSA-PSS Certificate, TLS v1.1-server
-client = 28-Only RSA-PSS Certificate, TLS v1.1-client
+[29-Only RSA-PSS Certificate, TLS v1.1-ssl]
+server = 29-Only RSA-PSS Certificate, TLS v1.1-server
+client = 29-Only RSA-PSS Certificate, TLS v1.1-client
-[28-Only RSA-PSS Certificate, TLS v1.1-server]
+[29-Only RSA-PSS Certificate, TLS v1.1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-[28-Only RSA-PSS Certificate, TLS v1.1-client]
+[29-Only RSA-PSS Certificate, TLS v1.1-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-28]
+[test-29]
ExpectedResult = ServerFail
# ===========================================================
-[29-TLS 1.3 ECDSA Signature Algorithm Selection]
-ssl_conf = 29-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
+[30-TLS 1.3 ECDSA Signature Algorithm Selection]
+ssl_conf = 30-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
-[29-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
-server = 29-TLS 1.3 ECDSA Signature Algorithm Selection-server
-client = 29-TLS 1.3 ECDSA Signature Algorithm Selection-client
+[30-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
+server = 30-TLS 1.3 ECDSA Signature Algorithm Selection-server
+client = 30-TLS 1.3 ECDSA Signature Algorithm Selection-client
-[29-TLS 1.3 ECDSA Signature Algorithm Selection-server]
+[30-TLS 1.3 ECDSA Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[29-TLS 1.3 ECDSA Signature Algorithm Selection-client]
+[30-TLS 1.3 ECDSA Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-29]
+[test-30]
ExpectedResult = Success
ExpectedServerCANames = empty
ExpectedServerCertType = P-256
# ===========================================================
-[30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
-ssl_conf = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
+[31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
+ssl_conf = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
-[30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
-server = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
-client = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
+[31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
+server = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
+client = 31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
-[30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
+[31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
+[31-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-30]
+[test-31]
ExpectedResult = Success
ExpectedServerCANames = empty
ExpectedServerCertType = P-256
# ===========================================================
-[31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
-ssl_conf = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
+[32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
+ssl_conf = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
-[31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
-server = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
-client = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
+[32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
+server = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
+client = 32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
-[31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
+[32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
+[32-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-31]
+[test-32]
ExpectedResult = ServerFail
# ===========================================================
-[32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
-ssl_conf = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
+[33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
+ssl_conf = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
-[32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
-server = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
-client = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
+[33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
+server = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
+client = 33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
-[32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
+[33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
+[33-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
CipherString = DEFAULT
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-32]
+[test-33]
ExpectedResult = Success
ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
ExpectedServerCertType = P-256
# ===========================================================
-[33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
-ssl_conf = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
+[34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
+ssl_conf = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
-[33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
-server = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
-client = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
+[34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
+server = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
+client = 34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
-[33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
+[34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
+[34-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-33]
+[test-34]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA384
# ===========================================================
-[34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
-ssl_conf = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
+[35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
+ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
-[34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
-server = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
-client = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
+[35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
+server = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
+client = 35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
-[34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
+[35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
MaxProtocol = TLSv1.3
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
+[35-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
CipherString = DEFAULT
SignatureAlgorithms = ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-34]
+[test-35]
ExpectedResult = ServerFail
# ===========================================================
-[35-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
-ssl_conf = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
+[36-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
+ssl_conf = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
-[35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
-server = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
-client = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
+[36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
+server = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
+client = 36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
-[35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
+[36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
+[36-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-35]
+[test-36]
ExpectedResult = ServerFail
# ===========================================================
-[36-TLS 1.3 RSA-PSS Signature Algorithm Selection]
-ssl_conf = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
+[37-TLS 1.3 RSA-PSS Signature Algorithm Selection]
+ssl_conf = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
-[36-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
-server = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
-client = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
+[37-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
+server = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
+client = 37-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
-[36-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
+[37-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[36-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
+[37-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = RSA-PSS+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-36]
+[test-37]
ExpectedResult = Success
ExpectedServerCertType = RSA
ExpectedServerSignHash = SHA256
# ===========================================================
-[37-TLS 1.3 Ed25519 Signature Algorithm Selection]
-ssl_conf = 37-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
+[38-TLS 1.3 Ed25519 Signature Algorithm Selection]
+ssl_conf = 38-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
-[37-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
-server = 37-TLS 1.3 Ed25519 Signature Algorithm Selection-server
-client = 37-TLS 1.3 Ed25519 Signature Algorithm Selection-client
+[38-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
+server = 38-TLS 1.3 Ed25519 Signature Algorithm Selection-server
+client = 38-TLS 1.3 Ed25519 Signature Algorithm Selection-client
-[37-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
+[38-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[37-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
+[38-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ed25519
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-37]
+[test-38]
ExpectedResult = Success
ExpectedServerCertType = Ed25519
ExpectedServerSignType = Ed25519
# ===========================================================
-[38-TLS 1.3 Ed448 Signature Algorithm Selection]
-ssl_conf = 38-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
+[39-TLS 1.3 Ed448 Signature Algorithm Selection]
+ssl_conf = 39-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
-[38-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
-server = 38-TLS 1.3 Ed448 Signature Algorithm Selection-server
-client = 38-TLS 1.3 Ed448 Signature Algorithm Selection-client
+[39-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
+server = 39-TLS 1.3 Ed448 Signature Algorithm Selection-server
+client = 39-TLS 1.3 Ed448 Signature Algorithm Selection-client
-[38-TLS 1.3 Ed448 Signature Algorithm Selection-server]
+[39-TLS 1.3 Ed448 Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[38-TLS 1.3 Ed448 Signature Algorithm Selection-client]
+[39-TLS 1.3 Ed448 Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ed448
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-38]
+[test-39]
ExpectedResult = Success
ExpectedServerCertType = Ed448
ExpectedServerSignType = Ed448
# ===========================================================
-[39-TLS 1.3 Ed25519 CipherString and Groups Selection]
-ssl_conf = 39-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
+[40-TLS 1.3 Ed25519 CipherString and Groups Selection]
+ssl_conf = 40-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
-[39-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
-server = 39-TLS 1.3 Ed25519 CipherString and Groups Selection-server
-client = 39-TLS 1.3 Ed25519 CipherString and Groups Selection-client
+[40-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
+server = 40-TLS 1.3 Ed25519 CipherString and Groups Selection-server
+client = 40-TLS 1.3 Ed25519 CipherString and Groups Selection-client
-[39-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
+[40-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[39-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
+[40-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
CipherString = DEFAULT
Groups = X25519
SignatureAlgorithms = ECDSA+SHA256:ed25519
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-39]
+[test-40]
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignType = EC
# ===========================================================
-[40-TLS 1.3 Ed448 CipherString and Groups Selection]
-ssl_conf = 40-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
+[41-TLS 1.3 Ed448 CipherString and Groups Selection]
+ssl_conf = 41-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
-[40-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
-server = 40-TLS 1.3 Ed448 CipherString and Groups Selection-server
-client = 40-TLS 1.3 Ed448 CipherString and Groups Selection-client
+[41-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
+server = 41-TLS 1.3 Ed448 CipherString and Groups Selection-server
+client = 41-TLS 1.3 Ed448 CipherString and Groups Selection-client
-[40-TLS 1.3 Ed448 CipherString and Groups Selection-server]
+[41-TLS 1.3 Ed448 CipherString and Groups Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[40-TLS 1.3 Ed448 CipherString and Groups Selection-client]
+[41-TLS 1.3 Ed448 CipherString and Groups Selection-client]
CipherString = DEFAULT
Groups = X448
SignatureAlgorithms = ECDSA+SHA256:ed448
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-40]
+[test-41]
ExpectedResult = Success
ExpectedServerCertType = P-256
ExpectedServerSignType = EC
# ===========================================================
-[41-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
-ssl_conf = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
+[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
+ssl_conf = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
-[41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
-server = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
-client = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
+[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
+server = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
+client = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
-[41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
+[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ClientSignatureAlgorithms = PSS+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
+[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-41]
+[test-42]
ExpectedClientCANames = empty
ExpectedClientCertType = RSA
ExpectedClientSignHash = SHA256
# ===========================================================
-[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
-ssl_conf = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
+[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
+ssl_conf = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
-[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
-server = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
-client = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
+[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
+server = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
+client = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
-[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
+[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ClientSignatureAlgorithms = PSS+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
+[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-42]
+[test-43]
ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
ExpectedClientCertType = RSA
ExpectedClientSignHash = SHA256
# ===========================================================
-[43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
-ssl_conf = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
+[44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
+ssl_conf = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
-[43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
-server = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
-client = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
+[44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
+server = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
+client = 44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
-[43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
+[44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ClientSignatureAlgorithms = ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
+[44-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
CipherString = DEFAULT
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-43]
+[test-44]
ExpectedClientCertType = P-256
ExpectedClientSignHash = SHA256
ExpectedClientSignType = EC
# ===========================================================
-[44-TLS 1.3 Ed25519 Client Auth]
-ssl_conf = 44-TLS 1.3 Ed25519 Client Auth-ssl
+[45-TLS 1.3 Ed25519 Client Auth]
+ssl_conf = 45-TLS 1.3 Ed25519 Client Auth-ssl
-[44-TLS 1.3 Ed25519 Client Auth-ssl]
-server = 44-TLS 1.3 Ed25519 Client Auth-server
-client = 44-TLS 1.3 Ed25519 Client Auth-client
+[45-TLS 1.3 Ed25519 Client Auth-ssl]
+server = 45-TLS 1.3 Ed25519 Client Auth-server
+client = 45-TLS 1.3 Ed25519 Client Auth-client
-[44-TLS 1.3 Ed25519 Client Auth-server]
+[45-TLS 1.3 Ed25519 Client Auth-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[44-TLS 1.3 Ed25519 Client Auth-client]
+[45-TLS 1.3 Ed25519 Client Auth-client]
CipherString = DEFAULT
EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-44]
+[test-45]
ExpectedClientCertType = Ed25519
ExpectedClientSignType = Ed25519
ExpectedResult = Success
# ===========================================================
-[45-TLS 1.3 Ed448 Client Auth]
-ssl_conf = 45-TLS 1.3 Ed448 Client Auth-ssl
+[46-TLS 1.3 Ed448 Client Auth]
+ssl_conf = 46-TLS 1.3 Ed448 Client Auth-ssl
-[45-TLS 1.3 Ed448 Client Auth-ssl]
-server = 45-TLS 1.3 Ed448 Client Auth-server
-client = 45-TLS 1.3 Ed448 Client Auth-client
+[46-TLS 1.3 Ed448 Client Auth-ssl]
+server = 46-TLS 1.3 Ed448 Client Auth-server
+client = 46-TLS 1.3 Ed448 Client Auth-client
-[45-TLS 1.3 Ed448 Client Auth-server]
+[46-TLS 1.3 Ed448 Client Auth-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
-[45-TLS 1.3 Ed448 Client Auth-client]
+[46-TLS 1.3 Ed448 Client Auth-client]
CipherString = DEFAULT
EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-45]
+[test-46]
ExpectedClientCertType = Ed448
ExpectedClientSignType = Ed448
ExpectedResult = Success
# ===========================================================
-[46-TLS 1.2 DSA Certificate Test]
-ssl_conf = 46-TLS 1.2 DSA Certificate Test-ssl
+[47-TLS 1.3 ECDSA with brainpool]
+ssl_conf = 47-TLS 1.3 ECDSA with brainpool-ssl
+
+[47-TLS 1.3 ECDSA with brainpool-ssl]
+server = 47-TLS 1.3 ECDSA with brainpool-server
+client = 47-TLS 1.3 ECDSA with brainpool-client
+
+[47-TLS 1.3 ECDSA with brainpool-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+CipherString = DEFAULT
+Groups = brainpoolP256r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+
+[47-TLS 1.3 ECDSA with brainpool-client]
+CipherString = DEFAULT
+Groups = brainpoolP256r1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[48-TLS 1.2 DSA Certificate Test]
+ssl_conf = 48-TLS 1.2 DSA Certificate Test-ssl
-[46-TLS 1.2 DSA Certificate Test-ssl]
-server = 46-TLS 1.2 DSA Certificate Test-server
-client = 46-TLS 1.2 DSA Certificate Test-client
+[48-TLS 1.2 DSA Certificate Test-ssl]
+server = 48-TLS 1.2 DSA Certificate Test-server
+client = 48-TLS 1.2 DSA Certificate Test-client
-[46-TLS 1.2 DSA Certificate Test-server]
+[48-TLS 1.2 DSA Certificate Test-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = ALL
DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[46-TLS 1.2 DSA Certificate Test-client]
+[48-TLS 1.2 DSA Certificate Test-client]
CipherString = ALL
SignatureAlgorithms = DSA+SHA256:DSA+SHA1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-46]
+[test-48]
ExpectedResult = Success
# ===========================================================
-[47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
-ssl_conf = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
+[49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
+ssl_conf = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
-[47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
-server = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
-client = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
+[49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
+server = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
+client = 49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
-[47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
+[49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
-[47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
+[49-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-47]
+[test-49]
ExpectedResult = ServerFail
# ===========================================================
-[48-TLS 1.3 DSA Certificate Test]
-ssl_conf = 48-TLS 1.3 DSA Certificate Test-ssl
+[50-TLS 1.3 DSA Certificate Test]
+ssl_conf = 50-TLS 1.3 DSA Certificate Test-ssl
-[48-TLS 1.3 DSA Certificate Test-ssl]
-server = 48-TLS 1.3 DSA Certificate Test-server
-client = 48-TLS 1.3 DSA Certificate Test-client
+[50-TLS 1.3 DSA Certificate Test-ssl]
+server = 50-TLS 1.3 DSA Certificate Test-server
+client = 50-TLS 1.3 DSA Certificate Test-client
-[48-TLS 1.3 DSA Certificate Test-server]
+[50-TLS 1.3 DSA Certificate Test-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = ALL
DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[48-TLS 1.3 DSA Certificate Test-client]
+[50-TLS 1.3 DSA Certificate Test-client]
CipherString = ALL
SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-48]
+[test-50]
ExpectedResult = ServerFail
},
},
{
+ name => "ECDSA with brainpool",
+ server => {
+ "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+ "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+ "Groups" => "brainpoolP256r1",
+ },
+ client => {
+ #We don't restrict this to TLSv1.2, although use of brainpool
+ #should force this anyway so that this should succeed
+ "CipherString" => "aECDSA",
+ "RequestCAFile" => test_pem("root-cert.pem"),
+ "Groups" => "brainpoolP256r1",
+ },
+ test => {
+ "ExpectedServerCertType" =>, "brainpoolP256r1",
+ "ExpectedServerSignType" =>, "EC",
+ # Note: certificate_authorities not sent for TLS < 1.3
+ "ExpectedServerCANames" =>, "empty",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
name => "RSA CipherString Selection",
server => $server,
client => {
"ExpectedResult" => "Success"
},
},
+ {
+ name => "TLS 1.3 ECDSA with brainpool",
+ server => {
+ "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+ "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+ "Groups" => "brainpoolP256r1",
+ },
+ client => {
+ "RequestCAFile" => test_pem("root-cert.pem"),
+ "Groups" => "brainpoolP256r1",
+ "MinProtocol" => "TLSv1.3",
+ "MaxProtocol" => "TLSv1.3"
+ },
+ test => {
+ "ExpectedResult" => "ServerFail"
+ },
+ },
);
push @tests, @tests_tls_1_3 unless disabled("tls1_3");
--- /dev/null
+# Generated with generate_ssl_tests.pl
+
+num_tests = 4
+
+test-0 = 0-SECLEVEL 3 with default key
+test-1 = 1-SECLEVEL 3 with ED448 key
+test-2 = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE
+test-3 = 3-SECLEVEL 3 with ED448 key, TLSv1.2
+# ===========================================================
+
+[0-SECLEVEL 3 with default key]
+ssl_conf = 0-SECLEVEL 3 with default key-ssl
+
+[0-SECLEVEL 3 with default key-ssl]
+server = 0-SECLEVEL 3 with default key-server
+client = 0-SECLEVEL 3 with default key-client
+
+[0-SECLEVEL 3 with default key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-SECLEVEL 3 with default key-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[1-SECLEVEL 3 with ED448 key]
+ssl_conf = 1-SECLEVEL 3 with ED448 key-ssl
+
+[1-SECLEVEL 3 with ED448 key-ssl]
+server = 1-SECLEVEL 3 with ED448 key-server
+client = 1-SECLEVEL 3 with ED448 key-client
+
+[1-SECLEVEL 3 with ED448 key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[1-SECLEVEL 3 with ED448 key-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-SECLEVEL 3 with P-384 key, X25519 ECDHE]
+ssl_conf = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl
+
+[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]
+server = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server
+client = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client
+
+[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+Groups = X25519
+PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
+
+[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client]
+CipherString = ECDHE:@SECLEVEL=3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[3-SECLEVEL 3 with ED448 key, TLSv1.2]
+ssl_conf = 3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl
+
+[3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]
+server = 3-SECLEVEL 3 with ED448 key, TLSv1.2-server
+client = 3-SECLEVEL 3 with ED448 key, TLSv1.2-client
+
+[3-SECLEVEL 3 with ED448 key, TLSv1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[3-SECLEVEL 3 with ED448 key, TLSv1.2-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+
+
--- /dev/null
+# -*- mode: perl; -*-
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+ {
+ name => "SECLEVEL 3 with default key",
+ server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" },
+ client => { },
+ test => { "ExpectedResult" => "ServerFail" },
+ },
+);
+
+our @tests_ec = (
+ {
+ name => "SECLEVEL 3 with ED448 key",
+ server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
+ "Certificate" => test_pem("server-ed448-cert.pem"),
+ "PrivateKey" => test_pem("server-ed448-key.pem") },
+ client => { },
+ test => { "ExpectedResult" => "Success" },
+ },
+ {
+ name => "SECLEVEL 3 with P-384 key, X25519 ECDHE",
+ server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
+ "Certificate" => test_pem("p384-server-cert.pem"),
+ "PrivateKey" => test_pem("p384-server-key.pem"),
+ "Groups" => "X25519" },
+ client => { "CipherString" => "ECDHE:\@SECLEVEL=3",
+ "VerifyCAFile" => test_pem("p384-root.pem") },
+ test => { "ExpectedResult" => "Success" },
+ },
+);
+
+our @tests_tls1_2 = (
+ {
+ name => "SECLEVEL 3 with ED448 key, TLSv1.2",
+ server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
+ "Certificate" => test_pem("server-ed448-cert.pem"),
+ "PrivateKey" => test_pem("server-ed448-key.pem"),
+ "MaxProtocol" => "TLSv1.2" },
+ client => { },
+ test => { "ExpectedResult" => "Success" },
+ },
+);
+
+push @tests, @tests_ec unless disabled("ec");
+push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec");
return testresult;
}
+#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
+static int cert_cb_cnt;
+
+static int cert_cb(SSL *s, void *arg)
+{
+ SSL_CTX *ctx = (SSL_CTX *)arg;
+
+ if (cert_cb_cnt == 0) {
+ /* Suspend the handshake */
+ cert_cb_cnt++;
+ return -1;
+ } else if (cert_cb_cnt == 1) {
+ /*
+ * Update the SSL_CTX, set the certificate and private key and then
+ * continue the handshake normally.
+ */
+ if (ctx != NULL && !TEST_ptr(SSL_set_SSL_CTX(s, ctx)))
+ return 0;
+
+ if (!TEST_true(SSL_use_certificate_file(s, cert, SSL_FILETYPE_PEM))
+ || !TEST_true(SSL_use_PrivateKey_file(s, privkey,
+ SSL_FILETYPE_PEM))
+ || !TEST_true(SSL_check_private_key(s)))
+ return 0;
+ cert_cb_cnt++;
+ return 1;
+ }
+
+ /* Abort the handshake */
+ return 0;
+}
+
+/*
+ * Test the certificate callback.
+ * Test 0: Callback fails
+ * Test 1: Success - no SSL_set_SSL_CTX() in the callback
+ * Test 2: Success - SSL_set_SSL_CTX() in the callback
+ */
+static int test_cert_cb_int(int prot, int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL, *snictx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0, ret;
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ prot,
+ &sctx, &cctx, NULL, NULL)))
+ goto end;
+
+ if (tst == 0)
+ cert_cb_cnt = -1;
+ else
+ cert_cb_cnt = 0;
+ if (tst == 2)
+ snictx = SSL_CTX_new(TLS_server_method());
+ SSL_CTX_set_cert_cb(sctx, cert_cb, snictx);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL)))
+ goto end;
+
+ ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
+ if (!TEST_true(tst == 0 ? !ret : ret)
+ || (tst > 0 && !TEST_int_eq(cert_cb_cnt, 2))) {
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ SSL_CTX_free(snictx);
+
+ return testresult;
+}
+#endif
+
+static int test_cert_cb(int tst)
+{
+ int testresult = 1;
+
+#ifndef OPENSSL_NO_TLS1_2
+ testresult &= test_cert_cb_int(TLS1_2_VERSION, tst);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ testresult &= test_cert_cb_int(TLS1_3_VERSION, tst);
+#endif
+
+ return testresult;
+}
+
+static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
+{
+ X509 *xcert, *peer;
+ EVP_PKEY *privpkey;
+ BIO *in = NULL;
+
+ /* Check that SSL_get_peer_certificate() returns something sensible */
+ peer = SSL_get_peer_certificate(ssl);
+ if (!TEST_ptr(peer))
+ return 0;
+ X509_free(peer);
+
+ in = BIO_new_file(cert, "r");
+ if (!TEST_ptr(in))
+ return 0;
+
+ xcert = PEM_read_bio_X509(in, NULL, NULL, NULL);
+ BIO_free(in);
+ if (!TEST_ptr(xcert))
+ return 0;
+
+ in = BIO_new_file(privkey, "r");
+ if (!TEST_ptr(in)) {
+ X509_free(xcert);
+ return 0;
+ }
+
+ privpkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
+ BIO_free(in);
+ if (!TEST_ptr(privpkey)) {
+ X509_free(xcert);
+ return 0;
+ }
+
+ *x509 = xcert;
+ *pkey = privpkey;
+
+ return 1;
+}
+
+static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+ return 1;
+}
+
+static int test_client_cert_cb(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+
+#ifdef OPENSSL_NO_TLS1_2
+ if (tst == 0)
+ return 1;
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+ if (tst == 1)
+ return 1;
+#endif
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ tst == 0 ? TLS1_2_VERSION
+ : TLS1_3_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ /*
+ * Test that setting a client_cert_cb results in a client certificate being
+ * sent.
+ */
+ SSL_CTX_set_client_cert_cb(cctx, client_cert_cb);
+ SSL_CTX_set_verify(sctx,
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ verify_cb);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3)
+/*
+ * Test setting certificate authorities on both client and server.
+ *
+ * Test 0: SSL_CTX_set0_CA_list() only
+ * Test 1: Both SSL_CTX_set0_CA_list() and SSL_CTX_set_client_CA_list()
+ * Test 2: Only SSL_CTX_set_client_CA_list()
+ */
+static int test_ca_names_int(int prot, int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ size_t i;
+ X509_NAME *name[] = { NULL, NULL, NULL, NULL };
+ char *strnames[] = { "Jack", "Jill", "John", "Joanne" };
+ STACK_OF(X509_NAME) *sk1 = NULL, *sk2 = NULL;
+ const STACK_OF(X509_NAME) *sktmp = NULL;
+
+ for (i = 0; i < OSSL_NELEM(name); i++) {
+ name[i] = X509_NAME_new();
+ if (!TEST_ptr(name[i])
+ || !TEST_true(X509_NAME_add_entry_by_txt(name[i], "CN",
+ MBSTRING_ASC,
+ (unsigned char *)
+ strnames[i],
+ -1, -1, 0)))
+ goto end;
+ }
+
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION,
+ prot,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER, NULL);
+
+ if (tst == 0 || tst == 1) {
+ if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[0])))
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[1])))
+ || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[0])))
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[1]))))
+ goto end;
+
+ SSL_CTX_set0_CA_list(sctx, sk1);
+ SSL_CTX_set0_CA_list(cctx, sk2);
+ sk1 = sk2 = NULL;
+ }
+ if (tst == 1 || tst == 2) {
+ if (!TEST_ptr(sk1 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[2])))
+ || !TEST_true(sk_X509_NAME_push(sk1, X509_NAME_dup(name[3])))
+ || !TEST_ptr(sk2 = sk_X509_NAME_new_null())
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[2])))
+ || !TEST_true(sk_X509_NAME_push(sk2, X509_NAME_dup(name[3]))))
+ goto end;
+
+ SSL_CTX_set_client_CA_list(sctx, sk1);
+ SSL_CTX_set_client_CA_list(cctx, sk2);
+ sk1 = sk2 = NULL;
+ }
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ /*
+ * We only expect certificate authorities to have been sent to the server
+ * if we are using TLSv1.3 and SSL_set0_CA_list() was used
+ */
+ sktmp = SSL_get0_peer_CA_list(serverssl);
+ if (prot == TLS1_3_VERSION
+ && (tst == 0 || tst == 1)) {
+ if (!TEST_ptr(sktmp)
+ || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
+ name[0]), 0)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
+ name[1]), 0))
+ goto end;
+ } else if (!TEST_ptr_null(sktmp)) {
+ goto end;
+ }
+
+ /*
+ * In all tests we expect certificate authorities to have been sent to the
+ * client. However, SSL_set_client_CA_list() should override
+ * SSL_set0_CA_list()
+ */
+ sktmp = SSL_get0_peer_CA_list(clientssl);
+ if (!TEST_ptr(sktmp)
+ || !TEST_int_eq(sk_X509_NAME_num(sktmp), 2)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 0),
+ name[tst == 0 ? 0 : 2]), 0)
+ || !TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(sktmp, 1),
+ name[tst == 0 ? 1 : 3]), 0))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+ for (i = 0; i < OSSL_NELEM(name); i++)
+ X509_NAME_free(name[i]);
+ sk_X509_NAME_pop_free(sk1, X509_NAME_free);
+ sk_X509_NAME_pop_free(sk2, X509_NAME_free);
+
+ return testresult;
+}
+#endif
+
+static int test_ca_names(int tst)
+{
+ int testresult = 1;
+
+#ifndef OPENSSL_NO_TLS1_2
+ testresult &= test_ca_names_int(TLS1_2_VERSION, tst);
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+ testresult &= test_ca_names_int(TLS1_3_VERSION, tst);
+#endif
+
+ return testresult;
+}
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
ADD_ALL_TESTS(test_ticket_callbacks, 12);
ADD_ALL_TESTS(test_shutdown, 7);
+ ADD_ALL_TESTS(test_cert_cb, 3);
+ ADD_ALL_TESTS(test_client_cert_cb, 2);
+ ADD_ALL_TESTS(test_ca_names, 3);
return 1;
}
}
X509_free(cert);
}
- if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
+ if (SSL_get_peer_tmp_key(c_ssl, &pkey)) {
BIO_puts(bio_stdout, ", temp key: ");
print_key_details(bio_stdout, pkey);
EVP_PKEY_free(pkey);
unsigned int noinject;
unsigned int dropepoch;
int droprec;
+ int duprec;
} MEMPACKET_TEST_CTX;
static int mempacket_test_new(BIO *bi);
int type)
{
MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
- MEMPACKET *thispkt, *looppkt, *nextpkt;
- int i;
+ MEMPACKET *thispkt = NULL, *looppkt, *nextpkt, *allpkts[3];
+ int i, duprec = ctx->duprec > 0;
+ const unsigned char *inu = (const unsigned char *)in;
+ size_t len = ((inu[RECORD_LEN_HI] << 8) | inu[RECORD_LEN_LO])
+ + DTLS1_RT_HEADER_LENGTH;
if (ctx == NULL)
return -1;
+ if ((size_t)inl < len)
+ return -1;
+
+ if ((size_t)inl == len)
+ duprec = 0;
+
+ /* We don't support arbitrary injection when duplicating records */
+ if (duprec && pktnum != -1)
+ return -1;
+
/* We only allow injection before we've started writing any data */
if (pktnum >= 0) {
if (ctx->noinject)
ctx->noinject = 1;
}
- if (!TEST_ptr(thispkt = OPENSSL_malloc(sizeof(*thispkt))))
- return -1;
- if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) {
- mempacket_free(thispkt);
- return -1;
- }
+ for (i = 0; i < (duprec ? 3 : 1); i++) {
+ if (!TEST_ptr(allpkts[i] = OPENSSL_malloc(sizeof(*thispkt))))
+ goto err;
+ thispkt = allpkts[i];
- memcpy(thispkt->data, in, inl);
- thispkt->len = inl;
- thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt;
- thispkt->type = type;
+ if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl)))
+ goto err;
+ /*
+ * If we are duplicating the packet, we duplicate it three times. The
+ * first two times we drop the first record if there are more than one.
+ * In this way we know that libssl will not be able to make progress
+ * until it receives the last packet, and hence will be forced to
+ * buffer these records.
+ */
+ if (duprec && i != 2) {
+ memcpy(thispkt->data, in + len, inl - len);
+ thispkt->len = inl - len;
+ } else {
+ memcpy(thispkt->data, in, inl);
+ thispkt->len = inl;
+ }
+ thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt + i;
+ thispkt->type = type;
+ }
for(i = 0; (looppkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL; i++) {
/* Check if we found the right place to insert this packet */
if (looppkt->num > thispkt->num) {
- if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) {
- mempacket_free(thispkt);
- return -1;
- }
+ if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0)
+ goto err;
/* If we're doing up front injection then we're done */
if (pktnum >= 0)
return inl;
} else if (looppkt->num == thispkt->num) {
if (!ctx->noinject) {
/* We injected two packets with the same packet number! */
- return -1;
+ goto err;
}
ctx->lastpkt++;
thispkt->num++;
* We didn't find any packets with a packet number equal to or greater than
* this one, so we just add it onto the end
*/
- if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) {
- mempacket_free(thispkt);
- return -1;
- }
+ for (i = 0; i < (duprec ? 3 : 1); i++) {
+ thispkt = allpkts[i];
+ if (!sk_MEMPACKET_push(ctx->pkts, thispkt))
+ goto err;
- if (pktnum < 0)
- ctx->lastpkt++;
+ if (pktnum < 0)
+ ctx->lastpkt++;
+ }
return inl;
+
+ err:
+ for (i = 0; i < (ctx->duprec > 0 ? 3 : 1); i++)
+ mempacket_free(allpkts[i]);
+ return -1;
}
static int mempacket_test_write(BIO *bio, const char *in, int inl)
case MEMPACKET_CTRL_GET_DROP_REC:
ret = ctx->droprec;
break;
+ case MEMPACKET_CTRL_SET_DUPLICATE_REC:
+ ctx->duprec = (int)num;
+ break;
case BIO_CTRL_RESET:
case BIO_CTRL_DUP:
case BIO_CTRL_PUSH:
err = SSL_get_error(serverssl, rets);
}
- if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) {
+ if (!servererr && rets <= 0
+ && err != SSL_ERROR_WANT_READ
+ && err != SSL_ERROR_WANT_X509_LOOKUP) {
TEST_info("SSL_accept() failed %d, %d", rets, err);
servererr = 1;
}
* Mempacket BIO ctrls. We make them large enough to not clash with standard BIO
* ctrl codes.
*/
-#define MEMPACKET_CTRL_SET_DROP_EPOCH (1 << 15)
-#define MEMPACKET_CTRL_SET_DROP_REC (2 << 15)
-#define MEMPACKET_CTRL_GET_DROP_REC (3 << 15)
+#define MEMPACKET_CTRL_SET_DROP_EPOCH (1 << 15)
+#define MEMPACKET_CTRL_SET_DROP_REC (2 << 15)
+#define MEMPACKET_CTRL_GET_DROP_REC (3 << 15)
+#define MEMPACKET_CTRL_SET_DUPLICATE_REC (4 << 15)
int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
int type);
scalar @st > 0; # Determines the grep result
}
map { (my $x = $_) =~ s|\.o$|$depext|; $x; }
- grep { $unified_info{sources}->{$_}->[0] =~ /\.cc?$/ }
- keys %{$unified_info{sources}};
+ ( ( grep { $unified_info{sources}->{$_}->[0] =~ /\.cc?$/ }
+ keys %{$unified_info{sources}} ),
+ ( grep { $unified_info{shared_sources}->{$_}->[0] =~ /\.cc?$/ }
+ keys %{$unified_info{shared_sources}} ) );
exit 0 unless $rebuild;
# files we depend on in the same directory that only differ by character case,
# we're fine.
my %depconv_cache =
- map { lc catfile($abs_blddir, $_) => $_ }
+ map { catfile($abs_blddir, $_) => $_ }
keys %{$unified_info{generate}};
my %procedures = (
# VMS C gives us absolute paths, always. Let's see if we can
# make them relative instead.
- $line = lc canonpath($line);
+ $line = canonpath($line);
unless (defined $depconv_cache{$line}) {
my $dep = $line;
# VC gives us absolute paths for all include files, so to
# remove system header dependencies, we need to check that
# they don't match $abs_srcdir or $abs_blddir.
- $tail = lc canonpath($tail);
+ $tail = canonpath($tail);
unless (defined $depconv_cache{$tail}) {
my $dep = $tail;
-T ossl_uintmax_t
-T ossl_uintmax_t
-T CT_POLICY_EVAL_CTX
+-T RAND_DRBG
+-T RAND_DRBG_CTR
+-T RAND_POOL
+-T RAND_METHOD
PEM_read_DHparams 283 1_1_0 EXIST::FUNCTION:DH,STDIO
RSA_private_decrypt 284 1_1_0 EXIST::FUNCTION:RSA
X509V3_EXT_get_nid 285 1_1_0 EXIST::FUNCTION:
-BIO_s_log 286 1_1_0 EXIST:!WIN32,!macintosh:FUNCTION:
+BIO_s_log 286 1_1_0 EXIST::FUNCTION:
EC_POINT_set_to_infinity 287 1_1_0 EXIST::FUNCTION:EC
EVP_des_ede_ofb 288 1_1_0 EXIST::FUNCTION:DES
ECDH_KDF_X9_62 289 1_1_0 EXIST::FUNCTION:EC
SSL_CTX_get_recv_max_early_data 498 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_recv_max_early_data 499 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_post_handshake_auth 500 1_1_1 EXIST::FUNCTION:
+SSL_get_signature_type_nid 501 1_1_1a EXIST::FUNCTION:
$crypto.=" include/internal/err.h";
$crypto.=" include/internal/sslconf.h";
foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) {
- my $fn = "include/openssl/" . lc(basename($f));
+ my $fn = "include/openssl/" . basename($f);
$crypto .= " $fn" if !defined $skipthese{$fn};
}
}
}
- # Prune the returned symbols
-
- delete $syms{"bn_dump1"};
- $platform{"BIO_s_log"} .= ",!WIN32,!macintosh";
-
- $platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
- $platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
- $platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
- $platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
-
# Info we know about
push @ret, map { $_."\\".&info_string($_,"EXIST",
BLOCK "040904b0"
BEGIN
// Required:
- VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
+ VALUE "CompanyName", "The OpenSSL Project, https://www.openssl.org/\\0"
VALUE "FileDescription", "$description\\0"
VALUE "FileVersion", "$version\\0"
VALUE "InternalName", "$filename\\0"
the second representing the library version. See opensslv.h for more
information on those numbers.
-= back
+=back
=cut
EVP_OpenUpdate define
EVP_PKEY_CTX_add1_hkdf_info define
EVP_PKEY_CTX_add1_tls1_prf_seed define
+EVP_PKEY_CTX_get0_dh_kdf_oid define
+EVP_PKEY_CTX_get0_dh_kdf_ukm define
+EVP_PKEY_CTX_get0_ecdh_kdf_ukm define
+EVP_PKEY_CTX_get0_rsa_oaep_label define
+EVP_PKEY_CTX_get_dh_kdf_md define
+EVP_PKEY_CTX_get_dh_kdf_outlen define
+EVP_PKEY_CTX_get_dh_kdf_type define
+EVP_PKEY_CTX_get_ecdh_cofactor_mode define
+EVP_PKEY_CTX_get_ecdh_kdf_md define
+EVP_PKEY_CTX_get_ecdh_kdf_outlen define
+EVP_PKEY_CTX_get_ecdh_kdf_type define
+EVP_PKEY_CTX_get_rsa_mgf1_md define
+EVP_PKEY_CTX_get_rsa_oaep_md define
+EVP_PKEY_CTX_get_rsa_padding define
+EVP_PKEY_CTX_get_rsa_pss_saltlen define
EVP_PKEY_CTX_get_signature_md define
EVP_PKEY_CTX_hkdf_mode define
+EVP_PKEY_CTX_set0_dh_kdf_oid define
+EVP_PKEY_CTX_set0_dh_kdf_ukm define
+EVP_PKEY_CTX_set0_ecdh_kdf_ukm define
+EVP_PKEY_CTX_set0_rsa_oaep_label define
EVP_PKEY_CTX_set1_hkdf_key define
EVP_PKEY_CTX_set1_hkdf_salt define
EVP_PKEY_CTX_set1_pbe_pass define
EVP_PKEY_CTX_set1_tls1_prf_secret define
EVP_PKEY_CTX_set_dh_paramgen_generator define
EVP_PKEY_CTX_set_dh_paramgen_prime_len define
-EVP_PKEY_CTX_set_dh_pad define
+EVP_PKEY_CTX_set_dh_paramgen_subprime_len define
+EVP_PKEY_CTX_set_dh_paramgen_type define
+EVP_PKEY_CTX_set_dh_kdf_md define
+EVP_PKEY_CTX_set_dh_kdf_outlen define
+EVP_PKEY_CTX_set_dh_kdf_type define
EVP_PKEY_CTX_set_dh_nid define
+EVP_PKEY_CTX_set_dh_pad define
+EVP_PKEY_CTX_set_dh_rfc5114 define
+EVP_PKEY_CTX_set_dhx_rfc5114 define
EVP_PKEY_CTX_set_dsa_paramgen_bits define
EVP_PKEY_CTX_set_ec_param_enc define
EVP_PKEY_CTX_set_ec_paramgen_curve_nid define
+EVP_PKEY_CTX_set_ecdh_cofactor_mode define
+EVP_PKEY_CTX_set_ecdh_kdf_md define
+EVP_PKEY_CTX_set_ecdh_kdf_outlen define
+EVP_PKEY_CTX_set_ecdh_kdf_type define
EVP_PKEY_CTX_set_hkdf_md define
EVP_PKEY_CTX_set_mac_key define
+EVP_PKEY_CTX_set_rsa_keygen_bits define
EVP_PKEY_CTX_set_rsa_keygen_pubexp define
+EVP_PKEY_CTX_set_rsa_keygen_primes define
+EVP_PKEY_CTX_set_rsa_mgf1_md define
+EVP_PKEY_CTX_set_rsa_oaep_md define
EVP_PKEY_CTX_set_rsa_padding define
EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md define
EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen define
EVP_PKEY_assign_DH define
EVP_PKEY_assign_DSA define
EVP_PKEY_assign_EC_KEY define
+EVP_PKEY_assign_POLY1305 define
EVP_PKEY_assign_RSA define
+EVP_PKEY_assign_SIPHASH define
EVP_SealUpdate define
EVP_SignInit define
EVP_SignInit_ex define
EVP_sm4_cfb define
OBJ_cleanup define deprecated 1.1.0
OPENSSL_VERSION_NUMBER define
+OPENSSL_VERSION_TEXT define
OPENSSL_clear_free define
OPENSSL_clear_realloc define
OPENSSL_free define
PEM_FLAG_SECURE define
RAND_cleanup define deprecated 1.1.0
RAND_DRBG_get_ex_new_index define
-EVP_PKEY_CTX_set_rsa_keygen_bits define
SSL_COMP_free_compression_methods define deprecated 1.1.0
SSL_CTX_add0_chain_cert define
SSL_CTX_add1_chain_cert define
SSL_get_min_proto_version define
SSL_get_mode define
SSL_get_peer_signature_nid define
+SSL_get_peer_tmp_key define
SSL_get_secure_renegotiation_support define
SSL_get_server_tmp_key define
SSL_get_shared_curve define
SSL_get_shared_group define
+SSL_get_signature_nid define
SSL_get_time define
SSL_get_timeout define
SSL_get_tlsext_status_ocsp_resp define
SSL_get_tlsext_status_type define
+SSL_get_tmp_key define
SSL_in_accept_init define
SSL_in_connect_init define
SSL_library_init define
#!/bin/sh
+{-
+ use lib '.';
+ use configdata;
+ sub shlib {
+ my $lib = shift;
+ return "" if $disabled{shared};
+ $lib = $unified_info{rename}->{$lib}
+ if defined $unified_info{rename}->{$lib};
+ $lib = $unified_info{sharednames}->{$lib}
+ . ($target{shlib_variant} || "")
+ . ($target{shared_extension} || ".so");
+ $lib =~ s|\.\$\(SHLIB_VERSION_NUMBER\)
+ |.$config{shlib_version_number}|x;
+ return $lib;
+ }
+ ""; # Make sure no left over string sneaks its way into the script
+-}
# To test this OpenSSL version's applications against another version's
# shared libraries, simply set
#
THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
[ -d "${THERE}" ] || exec "$@" # should never happen...
-# Alternative to this is to parse ${THERE}/Makefile...
-LIBCRYPTOSO="${THERE}/libcrypto.so"
-if [ -f "$LIBCRYPTOSO" ]; then
- while [ -h "$LIBCRYPTOSO" ]; do
- LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`"
- done
- SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null`
- LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}"
-fi
+LIBCRYPTOSO="${THERE}/{- shlib('libcrypto') -}"
+LIBSSLSO="${THERE}/{- shlib('libssl') -}"
SYSNAME=`(uname -s) 2>/dev/null`;
case "$SYSNAME" in
projects / platform / upstream / openssl1.1.git / commitdiff