diff options
| author | Dan Willemsen <dwillemsen@google.com> | 2022-03-23 14:54:21 -0700 |
|---|---|---|
| committer | Dan Willemsen <dwillemsen@google.com> | 2022-03-23 14:57:35 -0700 |
| commit | 67fafa35d4f5b5a1dd6f79511873cb4fb25dde76 (patch) | |
| tree | 3b05e4ca945bb76437e239033298a7a7a4c20306 | |
| parent | 32dbb0983dea978fac838b8c8c469a6dca6dbd20 (diff) | |
| parent | d82e959e621a3d597f1e0d50ff8c2d8b96915fd7 (diff) | |
| download | openssl-67fafa35d4f5b5a1dd6f79511873cb4fb25dde76.tar.gz | |
Merge tag 'upstream-OpenSSL_1_1_1n' into build-tools
OpenSSL 1.1.1n release tag
Change-Id: I82073b7fc2ea07ead213de38c7b3344c6eeefa4b
138 files changed, 1979 insertions, 533 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6b61af9c03..367b8cf41f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -113,7 +113,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: config - run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 && perl configdata.pm --dump + run: ./config --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index 7a171bff9d..a999492207 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -20,8 +20,7 @@ jobs: no-tests, no-threads, no-tls, -# no-tls1_3 temporarily disabled due to failures to be investigated separately -# no-tls1_3, + no-tls1_3, no-ts, no-ui, ] diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index c1b0327ae3..e335b87b31 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -50,8 +50,7 @@ jobs: no-egd, no-engine, no-external-tests, -# no-tls1_3 temporarily disabled due to failures to be investigated separately -# no-tls1_3, + no-tls1_3, no-fuzz-afl, no-fuzz-libfuzzer, no-gost, diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index 29419a2396..ff2d666b6d 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -16,8 +16,7 @@ jobs: no-engine no-shared, no-err, no-filenames, -# ubsan build is temporarily disabled, due to failures to be investigated separately -# enable-ubsan no-asm -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment, + enable-ubsan no-asm -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment, no-unit-test, enable-weak-ssl-ciphers, enable-zlib, diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index c11242a56f..6f1b50552e 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -9,8 +9,8 @@ jobs: strategy: matrix: os: - - windows-latest - - windows-2016 + - windows-2019 + - windows-2022 platform: - arch: win64 config: VC-WIN64A @@ -25,6 +25,7 @@ jobs: - uses: ilammy/setup-nasm@v1 with: platform: ${{ matrix.platform.arch }} + - uses: shogo82148/actions-setup-perl@v1 - name: prepare the build directory run: mkdir _build - name: config @@ -49,12 +50,13 @@ jobs: strategy: matrix: os: - - windows-latest - - windows-2016 + - windows-2019 + - windows-2022 runs-on: ${{matrix.os}} steps: - uses: actions/checkout@v2 - uses: ilammy/msvc-dev-cmd@v1 + - uses: shogo82148/actions-setup-perl@v1 - name: prepare the build directory run: mkdir _build - name: config @@ -72,12 +74,13 @@ jobs: strategy: matrix: os: - - windows-latest - - windows-2016 + - windows-2019 + - windows-2022 runs-on: ${{matrix.os}} steps: - uses: actions/checkout@v2 - uses: ilammy/msvc-dev-cmd@v1 + - uses: shogo82148/actions-setup-perl@v1 - name: prepare the build directory run: mkdir _build - name: config @@ -7,6 +7,63 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1m and 1.1.1n [15 Mar 2022] + + *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever + for non-prime moduli. + + Internally this function is used when parsing certificates that contain + elliptic curve public keys in compressed form or explicit elliptic curve + parameters with a base point encoded in compressed form. + + It is possible to trigger the infinite loop by crafting a certificate that + has invalid explicit curve parameters. + + Since certificate parsing happens prior to verification of the certificate + signature, any process that parses an externally supplied certificate may + thus be subject to a denial of service attack. The infinite loop can also + be reached when parsing crafted private keys as they can contain explicit + elliptic curve parameters. + + Thus vulnerable situations include: + + - TLS clients consuming server certificates + - TLS servers consuming client certificates + - Hosting providers taking certificates or private keys from customers + - Certificate authorities parsing certification requests from subscribers + - Anything else which parses ASN.1 elliptic curve parameters + + Also any other applications that use the BN_mod_sqrt() where the attacker + can control the parameter values are vulnerable to this DoS issue. + (CVE-2022-0778) + [Tomáš Mráz] + + *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) + to the list of ciphersuites providing Perfect Forward Secrecy as + required by SECLEVEL >= 3. + + [Dmitry Belyavskiy, Nicola Tuveri] + + Changes between 1.1.1l and 1.1.1m [14 Dec 2021] + + *) Avoid loading of a dynamic engine twice. + + [Bernd Edlinger] + + *) Fixed building on Debian with kfreebsd kernels + + [Mattias Ellert] + + *) Prioritise DANE TLSA issuer certs over peer certs + + [Viktor Dukhovni] + + *) Fixed random API for MacOS prior to 10.12 + + These MacOS versions don't support the CommonCrypto APIs + + [Lenny Primak] + Changes between 1.1.1k and 1.1.1l [24 Aug 2021] *) Fixed an SM2 Decryption Buffer Overflow. diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 61c6689a0c..8ca8235ed5 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -988,6 +988,13 @@ my %targets = ( perlasm_scheme => "elf", }, + # riscv64 below refers to contemporary RISCV Architecture + # specifications, + "BSD-riscv64" => { + inherit_from => [ "BSD-generic64"], + perlasm_scheme => "linux64", + }, + "bsdi-elf-gcc" => { inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], CC => "gcc", @@ -1765,7 +1772,7 @@ my %targets = ( disable => add('pinshared'), - apps_aux_src => "vms_term_sock.c", + apps_aux_src => "vms_term_sock.c vms_decc_argv.c", apps_init_src => "vms_decc_init.c", }, diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 04c93222cc..e1aecfafbc 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -438,7 +438,8 @@ test : tests DEFINE SRCTOP {- sourcedir() -} DEFINE BLDTOP {- builddir() -} DEFINE RESULT_D {- builddir(qw(test test-runs)) -} - DEFINE OPENSSL_ENGINES {- builddir("engines") -} + engines = F$PARSE("{- builddir("engines") -}","A.;",,,"syntax_only") - "A.;" + DEFINE OPENSSL_ENGINES 'engines' DEFINE OPENSSL_DEBUG_MEMORY "on" IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)" $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS) @@ -1304,16 +1304,19 @@ if ($disabled{"dynamic-engine"}) { unless ($disabled{asan}) { push @{$config{cflags}}, "-fsanitize=address"; + push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX}; } unless ($disabled{ubsan}) { # -DPEDANTIC or -fnosanitize=alignment may also be required on some # platforms. push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all"; + push @{$config{cxxflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all" if $config{CXX}; } unless ($disabled{msan}) { push @{$config{cflags}}, "-fsanitize=memory"; + push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX}; } unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"} @@ -3158,25 +3161,25 @@ sub resolve_config { } } - foreach (sort keys %all_keys) { - my $previous = $combined_inheritance{$_}; + foreach my $key (sort keys %all_keys) { + my $previous = $combined_inheritance{$key}; # Current target doesn't have a value for the current key? # Assign it the default combiner, the rest of this loop body # will handle it just like any other coderef. - if (!exists $table{$target}->{$_}) { - $table{$target}->{$_} = $default_combiner; + if (!exists $table{$target}->{$key}) { + $table{$target}->{$key} = $default_combiner; } - $table{$target}->{$_} = process_values($table{$target}->{$_}, - $combined_inheritance{$_}, - $target, $_); - unless(defined($table{$target}->{$_})) { - delete $table{$target}->{$_}; + $table{$target}->{$key} = process_values($table{$target}->{$key}, + $combined_inheritance{$key}, + $target, $key); + unless(defined($table{$target}->{$key})) { + delete $table{$target}->{$key}; } # if ($extra_checks && -# $previous && !($add_called || $previous ~~ $table{$target}->{$_})) { -# warn "$_ got replaced in $target\n"; +# $previous && !($add_called || $previous ~~ $table{$target}->{$key})) { +# warn "$key got replaced in $target\n"; # } } @@ -9,11 +9,11 @@ third_party { type: GIT value: "https://github.com/openssl/openssl" } - version: "OpenSSL_1_1_1l" + version: "OpenSSL_1_1_1n" license_type: NOTICE last_upgrade_date { - year: 2021 - month: 8 - day: 27 + year: 2022 + month: 3 + day: 23 } } @@ -5,6 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022] + + o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop + forever for non-prime moduli ([CVE-2022-0778]) + + Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021] + + o None + Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711) @@ -1,5 +1,5 @@ - OpenSSL 1.1.1l 24 Aug 2021 + OpenSSL 1.1.1n 15 Mar 2022 Copyright (c) 1998-2021 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/apps/apps.c b/apps/apps.c index c06241abb9..1a92271595 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) int ui_flags = 0; const char *prompt_info = NULL; char *prompt; + int pw_min_len = PW_MIN_LENGTH; if (cb_data != NULL && cb_data->prompt_info != NULL) prompt_info = cb_data->prompt_info; + if (cb_data != NULL && cb_data->password != NULL + && *(const char*)cb_data->password != '\0') + pw_min_len = 1; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); if (!prompt) { BIO_printf(bio_err, "Out of memory\n"); @@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) (void)UI_add_user_data(ui, cb_data); ok = UI_add_input_string(ui, prompt, ui_flags, buf, - PW_MIN_LENGTH, bufsiz - 1); + pw_min_len, bufsiz - 1); if (ok >= 0 && verify) { buff = app_malloc(bufsiz, "password buffer"); ok = UI_add_verify_string(ui, prompt, ui_flags, buff, - PW_MIN_LENGTH, bufsiz - 1, buf); + pw_min_len, bufsiz - 1, buf); } if (ok >= 0) do { diff --git a/apps/ciphers.c b/apps/ciphers.c index 0bb33a4aca..aade3fbf56 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -172,6 +172,7 @@ int ciphers_main(int argc, char **argv) if (convert != NULL) { BIO_printf(bio_out, "OpenSSL cipher name: %s\n", OPENSSL_cipher_name(convert)); + ret = 0; goto end; } diff --git a/apps/dgst.c b/apps/dgst.c index e595f7d818..f9b184be4c 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -316,7 +316,7 @@ int dgst_main(int argc, char **argv) EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pctx = NULL; int r; - if (!BIO_get_md_ctx(bmd, &mctx)) { + if (BIO_get_md_ctx(bmd, &mctx) <= 0) { BIO_printf(bio_err, "Error getting context\n"); ERR_print_errors(bio_err); goto end; @@ -345,7 +345,7 @@ int dgst_main(int argc, char **argv) /* we use md as a filter, reading from 'in' */ else { EVP_MD_CTX *mctx = NULL; - if (!BIO_get_md_ctx(bmd, &mctx)) { + if (BIO_get_md_ctx(bmd, &mctx) <= 0) { BIO_printf(bio_err, "Error getting context\n"); ERR_print_errors(bio_err); goto end; diff --git a/apps/openssl.c b/apps/openssl.c index ff7b759a40..f35d57f264 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -120,7 +120,6 @@ int main(int argc, char *argv[]) { FUNCTION f, *fp; LHASH_OF(FUNCTION) *prog = NULL; - char **copied_argv = NULL; char *p, *pname; char buf[1024]; const char *prompt; @@ -137,7 +136,7 @@ int main(int argc, char *argv[]) bio_err = dup_bio_err(FORMAT_TEXT); #if defined(OPENSSL_SYS_VMS) && defined(__DECC) - copied_argv = argv = copy_argv(&argc, argv); + argv = copy_argv(&argc, argv); #elif defined(_WIN32) /* * Replace argv[] with UTF-8 encoded strings. @@ -258,7 +257,6 @@ int main(int argc, char *argv[]) } ret = 1; end: - OPENSSL_free(copied_argv); OPENSSL_free(default_config_file); lh_FUNCTION_free(prog); OPENSSL_free(arg.argv); diff --git a/apps/passwd.c b/apps/passwd.c index d741d05335..af08ccd4ac 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -407,7 +407,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) n >>= 1; } if (!EVP_DigestFinal_ex(md, buf, NULL)) - return NULL; + goto err; for (i = 0; i < 1000; i++) { if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) @@ -633,7 +633,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) n >>= 1; } if (!EVP_DigestFinal_ex(md, buf, NULL)) - return NULL; + goto err; /* P sequence */ if (!EVP_DigestInit_ex(md2, sha, NULL)) @@ -644,7 +644,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) goto err; if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) - return NULL; + goto err; if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL) goto err; @@ -661,7 +661,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) goto err; if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) - return NULL; + goto err; if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL) goto err; diff --git a/apps/s_cb.c b/apps/s_cb.c index dee1b2e5b4..d066a423de 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -819,7 +819,9 @@ int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, { unsigned int temp; int res = generate_cookie_callback(ssl, cookie, &temp); - *cookie_len = temp; + + if (res != 0) + *cookie_len = temp; return res; } diff --git a/apps/s_client.c b/apps/s_client.c index 83b3fc9c7f..00effc8037 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -938,6 +938,7 @@ int s_client_main(int argc, char **argv) struct timeval tv; #endif const char *servername = NULL; + char *sname_alloc = NULL; int noservername = 0; const char *alpn_in = NULL; tlsextctx tlsextcbp = { NULL, 0 }; @@ -1588,6 +1589,15 @@ int s_client_main(int argc, char **argv) "%s: -proxy argument malformed or ambiguous\n", prog); goto end; } + if (servername == NULL && !noservername) { + res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST); + if (!res) { + BIO_printf(bio_err, + "%s: -connect argument malformed or ambiguous\n", prog); + goto end; + } + servername = sname_alloc; + } } else { int res = 1; char *tmp_host = host, *tmp_port = port; @@ -3149,8 +3159,11 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_SRP OPENSSL_free(srp_arg.srppassin); #endif + OPENSSL_free(sname_alloc); OPENSSL_free(connectstr); OPENSSL_free(bindstr); + OPENSSL_free(bindhost); + OPENSSL_free(bindport); OPENSSL_free(host); OPENSSL_free(port); X509_VERIFY_PARAM_free(vpm); diff --git a/apps/s_server.c b/apps/s_server.c index 938e244222..64d53e68d0 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -134,12 +134,12 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, if (s_debug) BIO_printf(bio_s_out, "psk_server_cb\n"); - if (SSL_version(ssl) >= TLS1_3_VERSION) { + if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) { /* - * This callback is designed for use in TLSv1.2. It is possible to use - * a single callback for all protocol versions - but it is preferred to - * use a dedicated callback for TLSv1.3. For TLSv1.3 we have - * psk_find_session_cb. + * This callback is designed for use in (D)TLSv1.2 (or below). It is + * possible to use a single callback for all protocol versions - but it + * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we + * have psk_find_session_cb. */ return 0; } diff --git a/apps/s_socket.c b/apps/s_socket.c index aee366d5f4..96f16d2931 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port, #endif if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), - protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { + BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { BIO_closesocket(*sock); *sock = INVALID_SOCKET; continue; diff --git a/apps/speed.c b/apps/speed.c index d4ae7ab7bf..89bf18480f 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -1590,6 +1590,10 @@ int speed_main(int argc, char **argv) case OPT_MULTI: #ifndef NO_FORK multi = atoi(opt_arg()); + if (multi >= INT_MAX / (int)sizeof(int)) { + BIO_printf(bio_err, "%s: multi argument too large\n", prog); + return 0; + } #endif break; case OPT_ASYNCJOBS: @@ -3490,7 +3494,7 @@ static int do_multi(int multi, int size_num) close(fd[1]); mr = 1; usertime = 0; - free(fds); + OPENSSL_free(fds); return 0; } printf("Forked child %d\n", n); @@ -3603,7 +3607,7 @@ static int do_multi(int multi, int size_num) fclose(f); } - free(fds); + OPENSSL_free(fds); return 1; } #endif diff --git a/apps/vms_decc_argv.c b/apps/vms_decc_argv.c new file mode 100644 index 0000000000..1771246a2e --- /dev/null +++ b/apps/vms_decc_argv.c @@ -0,0 +1,66 @@ +/* + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdlib.h> +#include <openssl/crypto.h> +#include "apps.h" /* for app_malloc() and copy_argv() */ + +char **newargv = NULL; + +static void cleanup_argv(void) +{ + OPENSSL_free(newargv); + newargv = NULL; +} + +char **copy_argv(int *argc, char *argv[]) +{ + /*- + * The note below is for historical purpose. On VMS now we always + * copy argv "safely." + * + * 2011-03-22 SMS. + * If we have 32-bit pointers everywhere, then we're safe, and + * we bypass this mess, as on non-VMS systems. + * Problem 1: Compaq/HP C before V7.3 always used 32-bit + * pointers for argv[]. + * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers + * everywhere else, we always allocate and use a 64-bit + * duplicate of argv[]. + * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed + * to NULL-terminate a 64-bit argv[]. (As this was written, the + * compiler ECO was available only on IA64.) + * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a + * 64-bit argv[argc] for NULL, and, if necessary, use a + * (properly) NULL-terminated (64-bit) duplicate of argv[]. + * The same code is used in either case to duplicate argv[]. + * Some of these decisions could be handled in preprocessing, + * but the code tends to get even uglier, and the penalty for + * deciding at compile- or run-time is tiny. + */ + + int i, count = *argc; + char **p = newargv; + + cleanup_argv(); + + newargv = app_malloc(sizeof(*newargv) * (count + 1), "argv copy"); + if (newargv == NULL) + return NULL; + + /* Register automatic cleanup on first use */ + if (p == NULL) + OPENSSL_atexit(cleanup_argv); + + for (i = 0; i < count; i++) + newargv[i] = argv[i]; + newargv[i] = NULL; + *argc = i; + return newargv; +} diff --git a/apps/vms_decc_init.c b/apps/vms_decc_init.c index f83f7168ef..a2dc268cb2 100644 --- a/apps/vms_decc_init.c +++ b/apps/vms_decc_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,8 +25,6 @@ # include <stdlib.h> # include <unixlib.h> -# include "apps.h" - /* Global storage. */ /* Flag to sense if decc_init() was called. */ @@ -63,42 +61,6 @@ decc_feat_t decc_feat_array[] = { }; -char **copy_argv(int *argc, char *argv[]) -{ - /*- - * The note below is for historical purpose. On VMS now we always - * copy argv "safely." - * - * 2011-03-22 SMS. - * If we have 32-bit pointers everywhere, then we're safe, and - * we bypass this mess, as on non-VMS systems. - * Problem 1: Compaq/HP C before V7.3 always used 32-bit - * pointers for argv[]. - * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers - * everywhere else, we always allocate and use a 64-bit - * duplicate of argv[]. - * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed - * to NULL-terminate a 64-bit argv[]. (As this was written, the - * compiler ECO was available only on IA64.) - * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a - * 64-bit argv[argc] for NULL, and, if necessary, use a - * (properly) NULL-terminated (64-bit) duplicate of argv[]. - * The same code is used in either case to duplicate argv[]. - * Some of these decisions could be handled in preprocessing, - * but the code tends to get even uglier, and the penalty for - * deciding at compile- or run-time is tiny. - */ - - int i, count = *argc; - char **newargv = app_malloc(sizeof(*newargv) * (count + 1), "argv copy"); - - for (i = 0; i < count; i++) - newargv[i] = argv[i]; - newargv[i] = NULL; - *argc = i; - return newargv; -} - /* LIB$INITIALIZE initialization function. */ static void decc_init(void) @@ -704,6 +704,7 @@ case "$GUESSOS" in __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DL_ENDIAN" ;; powerpc64-*-*bsd*) OUT="BSD-generic64"; __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;; + riscv64-*-*bsd*) OUT="BSD-riscv64" ;; sparc64-*-*bsd*) OUT="BSD-sparc64" ;; ia64-*-*bsd*) OUT="BSD-ia64" ;; x86_64-*-dragonfly*) OUT="BSD-x86_64" ;; diff --git a/crypto/armcap.c b/crypto/armcap.c index c5685bde58..48c5d4d64e 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -106,20 +106,23 @@ static unsigned long getauxval(unsigned long key) * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas * AArch64 used AT_HWCAP. */ +# ifndef AT_HWCAP +# define AT_HWCAP 16 +# endif +# ifndef AT_HWCAP2 +# define AT_HWCAP2 26 +# endif # if defined(__arm__) || defined (__arm) -# define HWCAP 16 - /* AT_HWCAP */ +# define HWCAP AT_HWCAP # define HWCAP_NEON (1 << 12) -# define HWCAP_CE 26 - /* AT_HWCAP2 */ +# define HWCAP_CE AT_HWCAP2 # define HWCAP_CE_AES (1 << 0) # define HWCAP_CE_PMULL (1 << 1) # define HWCAP_CE_SHA1 (1 << 2) # define HWCAP_CE_SHA256 (1 << 3) # elif defined(__aarch64__) -# define HWCAP 16 - /* AT_HWCAP */ +# define HWCAP AT_HWCAP # define HWCAP_NEON (1 << 1) # define HWCAP_CE HWCAP diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index 85a631a27a..3790e82bb1 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,12 +18,13 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len) int ia5 = 0; int t61 = 0; - if (len <= 0) - len = -1; if (s == NULL) return V_ASN1_PRINTABLESTRING; - while ((*s) && (len-- != 0)) { + if (len < 0) + len = strlen((const char *)s); + + while (len-- > 0) { c = *(s++); if (!ossl_isasn1print(c)) ia5 = 1; diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 3d99d1383d..b9b7ad8e9e 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -294,7 +294,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) c = str->data; #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* No NUL terminator in fuzzing builds */ - str->data = OPENSSL_realloc(c, len); + str->data = OPENSSL_realloc(c, len != 0 ? len : 1); #else str->data = OPENSSL_realloc(c, len + 1); #endif @@ -307,7 +307,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) str->length = len; if (data != NULL) { memcpy(str->data, data, len); -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* Set the unused byte to something non NUL and printable. */ + if (len == 0) + str->data[len] = '~'; +#else /* * Add a NUL terminator. This should not be necessary - but we add it as * a safety precaution @@ -375,7 +379,8 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) i = (a->length - b->length); if (i == 0) { - i = memcmp(a->data, b->data, a->length); + if (a->length != 0) + i = memcmp(a->data, b->data, a->length); if (i == 0) return a->type - b->type; else diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index e234c9e615..5630291bd5 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index 8ea32bce40..0af7a330bc 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -744,7 +744,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, # pragma pointer_size 32 #endif /* Windows doesn't seem to have in_addr_t */ -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) static uint32_t he_fallback_address; static const char *he_fallback_addresses[] = { (char *)&he_fallback_address, NULL }; diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 942fd8b514..c87ba4d265 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + #include <stdio.h> #include <errno.h> diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 7cb4a57813..2420b26553 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -280,7 +280,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) ret = (long)bm->length; if (ptr != NULL) { pptr = (char **)ptr; - *pptr = (char *)&(bm->data[0]); + *pptr = (char *)bm->data; } break; case BIO_C_SET_BUF_MEM: diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index 8ad715bda4..76fe82334f 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1984,6 +1984,8 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at mflo ($t_1,$a_2,$a_0) mfhi ($t_2,$a_2,$a_0) ___ @@ -2194,6 +2196,8 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at mflo ($t_1,$a_2,$a_0) mfhi ($t_2,$a_2,$a_0) ___ diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index e542abe46f..eac0896e68 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, bn_check_top(p2); bn_check_top(m); - if (!(m->d[0] & 1)) { + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index 1a25c28577..8f2d7e995a 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 69749a9fa7..17ac6e7cac 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -142,7 +142,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a) continue; if (i == 0 || i > INT_MAX / 4) - goto err; + return 0; num = i + neg; if (bn == NULL) diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 1723d5ded5..6a42ce8a94 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number - * Theory", algorithm 1.5.1). 'p' must be prime! + * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or + * an incorrect "result" will be returned. */ { BIGNUM *ret = in; @@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto vrfy; } - /* find smallest i such that b^(2^i) = 1 */ - i = 1; - if (!BN_mod_sqr(t, b, p, ctx)) - goto end; - while (!BN_is_one(t)) { - i++; - if (i == e) { - BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); - goto end; + /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ + for (i = 1; i < e; i++) { + if (i == 1) { + if (!BN_mod_sqr(t, b, p, ctx)) + goto end; + + } else { + if (!BN_mod_mul(t, t, t, p, ctx)) + goto end; } - if (!BN_mod_mul(t, t, t, p, ctx)) - goto end; + if (BN_is_one(t)) + break; + } + /* If not found, a is not a square or p is not prime. */ + if (i >= e) { + BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); + goto end; } /* t := y^2^(e - i - 1) */ diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 04940146fd..962a013754 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -737,6 +737,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, goto err; } + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = ukey; ec->keylen = ukeylen; diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h index 1e4a03e10b..0490236287 100644 --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index d53004080d..576409ccb5 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -629,16 +629,18 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, goto err; pk = EVP_PKEY_CTX_get0_pkey(pctx); - if (!pk) - goto err; - if (pk->type != EVP_PKEY_DHX) + if (pk == NULL || pk->type != EVP_PKEY_DHX) goto err; + /* Get parameters from parent key */ dhpeer = DHparams_dup(pk->pkey.dh); + if (dhpeer == NULL) + goto err; + /* We have parameters now set public key */ plen = ASN1_STRING_length(pubkey); p = ASN1_STRING_get0_data(pubkey); - if (!p || !plen) + if (p == NULL || plen == 0) goto err; if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) { @@ -655,6 +657,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, pkpeer = EVP_PKEY_new(); if (pkpeer == NULL) goto err; + EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer); dhpeer = NULL; if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) diff --git a/crypto/ec/curve448/field.h b/crypto/ec/curve448/field.h index ccd04482d2..4e4eda664f 100644 --- a/crypto/ec/curve448/field.h +++ b/crypto/ec/curve448/field.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2014 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -62,7 +62,7 @@ mask_t gf_eq(const gf x, const gf y); mask_t gf_lobit(const gf x); mask_t gf_hibit(const gf x); -void gf_serialize(uint8_t *serial, const gf x, int with_highbit); +void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_highbit); mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, uint8_t hi_nmask); diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index c8ee1e6f17..4335b3da1a 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -548,7 +548,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPARAMETERS_free(ret->value.parameters); } - if (EC_GROUP_get_asn1_flag(group)) { + if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { /* * use the asn1 OID to describe the elliptic curve parameters */ diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 8de486cbd7..b4c14e91e1 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -12,6 +12,7 @@ #include "ec_local.h" #include <openssl/err.h> #include <openssl/obj_mac.h> +#include <openssl/objects.h> #include <openssl/opensslconf.h> #include "internal/nelem.h" @@ -3097,6 +3098,32 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) goto err; } } + + if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { + /* + * Some curves don't have an associated OID: for those we should not + * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and + * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. + * + * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on + * `EC_GROUP_new()`, when we don't have enough elements to determine if + * an OID for the curve name actually exists. + * We could implement this check on `EC_GROUP_set_curve_name()` but + * overloading the simple setter with this lookup could have a negative + * performance impact and unexpected consequences. + */ + ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid); + + if (asn1obj == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_OBJ_LIB); + goto err; + } + if (OBJ_length(asn1obj) == 0) + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); + + ASN1_OBJECT_free(asn1obj); + } + ok = 1; err: if (!ok) { diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index b675ed7892..474a60c9bf 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,9 +12,6 @@ void ENGINE_load_builtin_engines(void) { - /* Some ENGINEs need this */ - OPENSSL_cpuid_setup(); - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 06e677290a..6a0ddc162d 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -443,8 +443,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) * We fail if the version checker veto'd the load *or* if it is * deferring to us (by returning its version) and we think it is too * old. + * Unfortunately the version checker does not distinguish between + * engines built for openssl 1.1.x and openssl 3.x, but loading + * an engine that is built for openssl 3.x will cause a fatal + * error. Detect such engines, since EVP_PKEY_get_base_id is exported + * as a function in openssl 3.x, while it is named EVP_PKEY_base_id + * in openssl 1.1.x. Therefore we take the presence of that symbol + * as an indication that the engine will be incompatible. */ - if (vcheck_res < OSSL_DYNAMIC_OLDEST) { + if (vcheck_res < OSSL_DYNAMIC_OLDEST + || DSO_bind_func(ctx->dynamic_dso, + "EVP_PKEY_get_base_id") != NULL) { /* Fail */ ctx->bind_engine = NULL; ctx->v_check = NULL; @@ -477,7 +486,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) engine_set_all_null(e); /* Try to bind the ENGINE onto our own ENGINE structure */ - if (!ctx->bind_engine(e, ctx->engine_id, &fns)) { + if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1) + || !ctx->bind_engine(e, ctx->engine_id, &fns)) { + engine_remove_dynamic_id(e, 1); ctx->bind_engine = NULL; ctx->v_check = NULL; DSO_free(ctx->dynamic_dso); diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 5bd584c599..fb727b7877 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,7 @@ void engine_set_all_null(ENGINE *e) e->load_pubkey = NULL; e->cmd_defns = NULL; e->flags = 0; + e->dynamic_id = NULL; } int engine_free_util(ENGINE *e, int not_locked) @@ -92,6 +93,7 @@ int engine_free_util(ENGINE *e, int not_locked) */ if (e->destroy) e->destroy(e); + engine_remove_dynamic_id(e, not_locked); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); OPENSSL_free(e); return 1; diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 1352fb7c96..e2e91d297b 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -25,6 +25,12 @@ static ENGINE *engine_list_head = NULL; static ENGINE *engine_list_tail = NULL; /* + * The linked list of currently loaded dynamic engines. + */ +static ENGINE *engine_dyn_list_head = NULL; +static ENGINE *engine_dyn_list_tail = NULL; + +/* * This cleanup function is only needed internally. If it should be called, * we register it with the "engine_cleanup_int()" stack to be called during * cleanup. @@ -126,6 +132,85 @@ static int engine_list_remove(ENGINE *e) return 1; } +/* Add engine to dynamic engine list. */ +int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, + int not_locked) +{ + int result = 0; + ENGINE *iterator = NULL; + + if (e == NULL) + return 0; + + if (e->dynamic_id == NULL && dynamic_id == NULL) + return 0; + + if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) + return 0; + + if (dynamic_id != NULL) { + iterator = engine_dyn_list_head; + while (iterator != NULL) { + if (iterator->dynamic_id == dynamic_id) + goto err; + iterator = iterator->next; + } + if (e->dynamic_id != NULL) + goto err; + e->dynamic_id = dynamic_id; + } + + if (engine_dyn_list_head == NULL) { + /* We are adding to an empty list. */ + if (engine_dyn_list_tail != NULL) + goto err; + engine_dyn_list_head = e; + e->prev_dyn = NULL; + } else { + /* We are adding to the tail of an existing list. */ + if (engine_dyn_list_tail == NULL + || engine_dyn_list_tail->next_dyn != NULL) + goto err; + engine_dyn_list_tail->next_dyn = e; + e->prev_dyn = engine_dyn_list_tail; + } + + engine_dyn_list_tail = e; + e->next_dyn = NULL; + result = 1; + + err: + if (not_locked) + CRYPTO_THREAD_unlock(global_engine_lock); + return result; +} + +/* Remove engine from dynamic engine list. */ +void engine_remove_dynamic_id(ENGINE *e, int not_locked) +{ + if (e == NULL || e->dynamic_id == NULL) + return; + + if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) + return; + + e->dynamic_id = NULL; + + /* un-link e from the chain. */ + if (e->next_dyn != NULL) + e->next_dyn->prev_dyn = e->prev_dyn; + if (e->prev_dyn != NULL) + e->prev_dyn->next_dyn = e->next_dyn; + /* Correct our head/tail if necessary. */ + if (engine_dyn_list_head == e) + engine_dyn_list_head = e->next_dyn; + if (engine_dyn_list_tail == e) + engine_dyn_list_tail = e->prev_dyn; + + if (not_locked) + CRYPTO_THREAD_unlock(global_engine_lock); +} + /* Get the first/last "ENGINE" type available. */ ENGINE *ENGINE_get_first(void) { @@ -272,6 +357,8 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) dest->load_pubkey = src->load_pubkey; dest->cmd_defns = src->cmd_defns; dest->flags = src->flags; + dest->dynamic_id = src->dynamic_id; + engine_add_dynamic_id(dest, NULL, 0); } ENGINE *ENGINE_by_id(const char *id) diff --git a/crypto/engine/eng_local.h b/crypto/engine/eng_local.h index 8ef7172b9f..e271222d76 100644 --- a/crypto/engine/eng_local.h +++ b/crypto/engine/eng_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -118,6 +118,11 @@ void engine_pkey_asn1_meths_free(ENGINE *e); extern CRYPTO_ONCE engine_lock_init; DECLARE_RUN_ONCE(do_engine_lock_init) +typedef void (*ENGINE_DYNAMIC_ID)(void); +int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, + int not_locked); +void engine_remove_dynamic_id(ENGINE *e, int not_locked); + /* * This is a structure for storing implementations of various crypto * algorithms and functions. @@ -162,6 +167,10 @@ struct engine_st { /* Used to maintain the linked-list of engines. */ struct engine_st *prev; struct engine_st *next; + /* Used to maintain the linked-list of dynamic engines. */ + struct engine_st *prev_dyn; + struct engine_st *next_dyn; + ENGINE_DYNAMIC_ID dynamic_id; }; typedef struct st_engine_pile ENGINE_PILE; diff --git a/crypto/err/err.c b/crypto/err/err.c index 1372d52f80..bd116e249a 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -129,6 +129,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_INTERNAL_ERROR, "internal error"}, {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, {ERR_R_INIT_FAIL, "init fail"}, + {ERR_R_PASSED_INVALID_ARGUMENT, "passed invalid argument"}, {ERR_R_OPERATION_FAIL, "operation fail"}, {0, NULL}, diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index d1bfa274ca..01a6f251f5 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,22 @@ #include "crypto/evp.h" #include "evp_local.h" + +static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force) +{ + if (ctx->digest != NULL) { + if (ctx->digest->cleanup != NULL + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->md_data != NULL && ctx->digest->ctx_size > 0 + && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) + || force)) { + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + ctx->md_data = NULL; + } + } +} + /* This call frees resources associated with the context */ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) { @@ -25,13 +41,8 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because * sometimes only copies of the context are ever finalised. */ - if (ctx->digest && ctx->digest->cleanup - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) - ctx->digest->cleanup(ctx); - if (ctx->digest && ctx->digest->ctx_size && ctx->md_data - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - } + cleanup_old_md_data(ctx, 0); + /* * pctx should be freed by the user of EVP_MD_CTX * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set @@ -76,6 +87,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (ctx->engine && ctx->digest && (type == NULL || (type->type == ctx->digest->type))) goto skip_to_init; + if (type) { /* * Ensure an ENGINE left lying around from last time is cleared (the @@ -119,10 +131,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } #endif if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - ctx->md_data = NULL; - } + cleanup_old_md_data(ctx, 1); + ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update; diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index e3c165d48e..d835968f25 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -85,7 +85,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, * previous check attempted to avoid this if the same ENGINE and * EVP_CIPHER could be used). */ - if (ctx->cipher) { + if (ctx->cipher +#ifndef OPENSSL_NO_ENGINE + || ctx->engine +#endif + || ctx->cipher_data) { unsigned long flags = ctx->flags; EVP_CIPHER_CTX_reset(ctx); /* Restore encrypt and flags */ @@ -105,11 +109,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, /* There's an ENGINE for this job ... (apparently) */ const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); if (!c) { - /* - * One positive side-effect of US's export control history, - * is that we should at least be able to avoid using US - * misspellings of "initialisation"? - */ + ENGINE_finish(impl); EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 9f1a485a5b..1f36cb2164 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -212,10 +212,15 @@ static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, } if (pkey) { pkey->ameth = ameth; - pkey->engine = e; - pkey->type = pkey->ameth->pkey_id; pkey->save_type = type; +# ifndef OPENSSL_NO_ENGINE + if (eptr == NULL && e != NULL && !ENGINE_init(e)) { + EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_INITIALIZATION_ERROR); + return 0; + } +# endif + pkey->engine = e; } return 1; } @@ -520,7 +525,7 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { - if (pkey->type != EVP_PKEY_EC) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); return NULL; } diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 9dc887d91e..603224975c 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -343,7 +343,8 @@ unsigned long OPENSSL_LH_strhash(const char *c) v = n | (*c); n += 0x100; r = (int)((v >> 2) ^ v) & 0x0f; - ret = (ret << r) | (ret >> (32 - r)); + /* cast to uint64_t to avoid 32 bit shift of 32 bit value */ + ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r)); ret &= 0xFFFFFFFFL; ret ^= v * v; c++; @@ -364,7 +365,8 @@ unsigned long openssl_lh_strcasehash(const char *c) for (n = 0x100; *c != '\0'; n += 0x100) { v = n | ossl_tolower(*c); r = (int)((v >> 2) ^ v) & 0x0f; - ret = (ret << r) | (ret >> (32 - r)); + /* cast to uint64_t to avoid 32 bit shift of 32 bit value */ + ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r)); ret &= 0xFFFFFFFFL; ret ^= v * v; c++; diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index 979d83577c..872676ba22 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,8 +67,14 @@ static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(o_names_init) { CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); + names_lh = NULL; obj_lock = CRYPTO_THREAD_lock_new(); + if (obj_lock != NULL) + names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); + if (names_lh == NULL) { + CRYPTO_THREAD_lock_free(obj_lock); + obj_lock = NULL; + } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); return names_lh != NULL && obj_lock != NULL; } @@ -217,10 +223,8 @@ int OBJ_NAME_add(const char *name, int type, const char *data) type &= ~OBJ_NAME_ALIAS; onp = OPENSSL_malloc(sizeof(*onp)); - if (onp == NULL) { - /* ERROR */ - goto unlock; - } + if (onp == NULL) + return 0; onp->name = name; onp->alias = alias; diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 46006fe6cf..7e8de727f3 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -228,9 +228,10 @@ ASN1_OBJECT *OBJ_nid2obj(int n) return NULL; } return (ASN1_OBJECT *)&(nid_objs[n]); - } else if (added == NULL) + } else if (added == NULL) { + OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); return NULL; - else { + } else { ad.type = ADDED_NID; ad.obj = &ob; ob.nid = n; diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 24b49a2df2..63bf69e443 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 5c3561ab7d..5ef094bbfd 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index a26322119a..2de093595d 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -899,18 +899,13 @@ err: int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, unsigned char **data, long *len_out, unsigned int flags) { - EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); + EVP_ENCODE_CTX *ctx = NULL; const BIO_METHOD *bmeth; BIO *headerB = NULL, *dataB = NULL; char *name = NULL; int len, taillen, headerlen, ret = 0; BUF_MEM * buf_mem; - if (ctx == NULL) { - PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE); - return 0; - } - *len_out = 0; *name_out = *header = NULL; *data = NULL; @@ -933,9 +928,20 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, if (!get_header_and_data(bp, &headerB, &dataB, name, flags)) goto end; - EVP_DecodeInit(ctx); BIO_get_mem_ptr(dataB, &buf_mem); len = buf_mem->length; + + /* There was no data in the PEM file */ + if (len == 0) + goto end; + + ctx = EVP_ENCODE_CTX_new(); + if (ctx == NULL) { + PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE); + goto end; + } + + EVP_DecodeInit(ctx); if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len, (unsigned char*)buf_mem->data, len) < 0 || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]), @@ -946,9 +952,6 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header, len += taillen; buf_mem->length = len; - /* There was no data in the PEM file; avoid malloc(0). */ - if (len == 0) - goto end; headerlen = BIO_get_mem_data(headerB, NULL); *header = pem_malloc(headerlen + 1, flags); *data = pem_malloc(len, flags); diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c index 61c2f10299..a00f83bcc4 100644 --- a/crypto/rand/rand_vms.c +++ b/crypto/rand/rand_vms.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -484,7 +484,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool) struct { pid_t pid; CRYPTO_THREAD_ID tid; - uint64_t time; + unsigned __int64 time; } data = { 0 }; /* @@ -582,7 +582,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool) { struct { CRYPTO_THREAD_ID tid; - uint64_t time; + unsigned __int64 time; } data = { 0 }; /* diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 32cd2f542b..b504649a41 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -70,6 +70,7 @@ STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *hexstr, long len) { + OPENSSL_free(ctx->imprint); ctx->imprint = hexstr; ctx->imprint_len = len; return ctx->imprint; diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 9526c16536..0f630a5bd9 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -572,6 +572,8 @@ static int echo_console(UI *ui) static int close_console(UI *ui) { + int ret = 1; + if (tty_in != stdin) fclose(tty_in); if (tty_out != stderr) @@ -584,12 +586,12 @@ static int close_console(UI *ui) BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status); UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR); ERR_add_error_data(2, "status=", tmp_num); - return 0; + ret = 0; } # endif CRYPTO_THREAD_unlock(ui->lock); - return 1; + return ret; } # if !defined(OPENSSL_SYS_WINCE) diff --git a/crypto/uid.c b/crypto/uid.c index 5e3315eeb2..a9eae36818 100644 --- a/crypto/uid.c +++ b/crypto/uid.c @@ -17,7 +17,7 @@ int OPENSSL_issetugid(void) return 0; } -#elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) +#elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) || (defined(__GLIBC__) && defined(__FreeBSD_kernel__)) # include OPENSSL_UNISTD diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 20a36e763c..b18489f67f 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2201,6 +2201,12 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, /* If purpose not set use default */ if (!purpose) purpose = def_purpose; + /* + * If purpose is set but we don't have a default then set the default to + * the current purpose + */ + else if (def_purpose == 0) + def_purpose = purpose; /* If we have a purpose then check it is valid */ if (purpose) { X509_PURPOSE *ptmp; @@ -2213,11 +2219,6 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, ptmp = X509_PURPOSE_get0(idx); if (ptmp->trust == X509_TRUST_DEFAULT) { idx = X509_PURPOSE_get_by_id(def_purpose); - /* - * XXX: In the two callers above def_purpose is always 0, which is - * not a known value, so idx will always be -1. How is the - * X509_TRUST_DEFAULT case actually supposed to be handled? - */ if (idx == -1) { X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, X509_R_UNKNOWN_PURPOSE_ID); @@ -2924,6 +2925,26 @@ static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert) return ok; } +static int augment_stack(STACK_OF(X509) *src, STACK_OF(X509) **dstPtr) +{ + if (src) { + STACK_OF(X509) *dst; + int i; + + if (*dstPtr == NULL) + return ((*dstPtr = sk_X509_dup(src)) != NULL); + + for (dst = *dstPtr, i = 0; i < sk_X509_num(src); ++i) { + if (!sk_X509_push(dst, sk_X509_value(src, i))) { + sk_X509_free(dst); + *dstPtr = NULL; + return 0; + } + } + } + return 1; +} + static int build_chain(X509_STORE_CTX *ctx) { SSL_DANE *dane = ctx->dane; @@ -2967,18 +2988,7 @@ static int build_chain(X509_STORE_CTX *ctx) } /* - * Shallow-copy the stack of untrusted certificates (with TLS, this is - * typically the content of the peer's certificate message) so can make - * multiple passes over it, while free to remove elements as we go. - */ - if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { - X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; - } - - /* - * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add + * If we got any "Cert(0) Full(0)" issuer certificates from DNS, *prepend* * them to our working copy of the untrusted certificate stack. Since the * caller of X509_STORE_CTX_init() may have provided only a leaf cert with * no corresponding stack of untrusted certificates, we may need to create @@ -2987,20 +2997,21 @@ static int build_chain(X509_STORE_CTX *ctx) * containing at least the leaf certificate, but we must be prepared for * this to change. ] */ - if (DANETLS_ENABLED(dane) && dane->certs != NULL) { - if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) { - X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; - } - for (i = 0; i < sk_X509_num(dane->certs); ++i) { - if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) { - sk_X509_free(sktmp); - X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); - ctx->error = X509_V_ERR_OUT_OF_MEM; - return 0; - } - } + if (DANETLS_ENABLED(dane) && !augment_stack(dane->certs, &sktmp)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + return 0; + } + + /* + * Shallow-copy the stack of untrusted certificates (with TLS, this is + * typically the content of the peer's certificate message) so can make + * multiple passes over it, while free to remove elements as we go. + */ + if (!augment_stack(ctx->untrusted, &sktmp)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + return 0; } /* diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index aa7f4722b6..59ac6895bc 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -217,8 +217,8 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, if (ret < 0) return ret; ret = x509_name_canon(a); - if (ret < 0) - return ret; + if (!ret) + return -1; } ret = a->bytes->length; if (out != NULL) { diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index d985aa91da..60cb4ceaa8 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -602,6 +602,9 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) if (baseat != baseptr) { if ((baseat - baseptr) != (emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; + if (memchr(baseptr, 0, baseat - baseptr) || + memchr(emlptr, 0, emlat - emlptr)) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; /* Case sensitive match of local part */ if (strncmp(baseptr, emlptr, emlat - emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index f41c699b5a..a7ff4b4fb4 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -538,8 +538,11 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email return 0; emtmp = OPENSSL_strndup((char *)email->data, email->length); - if (emtmp == NULL) + if (emtmp == NULL) { + X509_email_free(*sk); + *sk = NULL; return 0; + } /* Don't add duplicates */ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { @@ -828,8 +831,11 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, rv = equal(a->data, a->length, (unsigned char *)b, blen, flags); else if (a->length == (int)blen && !memcmp(a->data, b, blen)) rv = 1; - if (rv > 0 && peername) + if (rv > 0 && peername != NULL) { *peername = OPENSSL_strndup((char *)a->data, a->length); + if (*peername == NULL) + return -1; + } } else { int astrlen; unsigned char *astr; @@ -842,8 +848,13 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, return -1; } rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); - if (rv > 0 && peername) + if (rv > 0 && peername != NULL) { *peername = OPENSSL_strndup((char *)astr, astrlen); + if (*peername == NULL) { + OPENSSL_free(astr); + return -1; + } + } OPENSSL_free(astr); } return rv; diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod index 2caf3ef4d1..c30e834cfa 100644 --- a/doc/man1/cms.pod +++ b/doc/man1/cms.pod @@ -719,6 +719,9 @@ the list of permitted ciphers in a database and only use those. No revocation checking is done on the signer's certificate. +The B<-binary> option does not work correctly when processing text input which +(contrary to the S/MIME specification) uses LF rather than CRLF line endings. + =head1 HISTORY The use of multiple B<-signer> options and the B<-resign> command were first @@ -735,7 +738,7 @@ The -no_alt_chains option was added in OpenSSL 1.0.2b. =head1 COPYRIGHT -Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/passwd.pod b/doc/man1/passwd.pod index c5760fe76e..26eb2ad35e 100644 --- a/doc/man1/passwd.pod +++ b/doc/man1/passwd.pod @@ -31,8 +31,6 @@ The B<passwd> command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for option B<-in file>, from stdin for option B<-stdin>, or from the command line, or from the terminal otherwise. -The Unix standard algorithm B<crypt> and the MD5-based BSD password -algorithm B<1>, its Apache variant B<apr1>, and its AIX variant are available. =head1 OPTIONS @@ -122,7 +120,7 @@ This can be used with a subsequent B<-rand> flag. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod index 3b350efadd..f6fd48d5b5 100644 --- a/doc/man1/pkeyutl.pod +++ b/doc/man1/pkeyutl.pod @@ -246,6 +246,11 @@ B<PSS> block structure. For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not explicitly set in PSS mode then the signing digest is used. +=item B<rsa_oaep_md:>I<digest> + +Sets the digest used for the OAEP hash function. If not explicitly set then +SHA1 is used. + =back =head1 RSA-PSS ALGORITHM @@ -319,6 +324,11 @@ seed consisting of the single byte 0xFF: openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \ -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump +Decrypt some data using a private key with OAEP padding using SHA256: + + openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \ + -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 + =head1 SEE ALSO L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)> diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod index 2e438c3ce9..cf6ba135df 100644 --- a/doc/man3/BIO_ctrl.pod +++ b/doc/man3/BIO_ctrl.pod @@ -16,7 +16,7 @@ BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); - char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); + void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); int BIO_reset(BIO *b); @@ -126,7 +126,7 @@ the case of BIO_seek() on a file BIO for a successful operation. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_f_base64.pod b/doc/man3/BIO_f_base64.pod index 5097c2849b..c2c5309a60 100644 --- a/doc/man3/BIO_f_base64.pod +++ b/doc/man3/BIO_f_base64.pod @@ -21,13 +21,26 @@ any data read through it. Base64 BIOs do not support BIO_gets() or BIO_puts(). +For writing, output is by default divided to lines of length 64 +characters and there is always a newline at the end of output. + +For reading, first line should be at most 1024 +characters long. If it is longer then it is ignored completely. +Other input lines can be of any length. There must be a newline +at the end of input. + +This behavior can be changed with BIO_FLAGS_BASE64_NO_NL flag. + BIO_flush() on a base64 BIO that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the BIO. -The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags() -to encode the data all on one line or expect the data to be all -on one line. +The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags(). +For writing, it causes all data to be written on one line without +newline at the end. +For reading, it forces the decoder to process the data regardless +of newlines. All newlines are ignored and the input does not need +to contain any newline at all. =head1 NOTES @@ -81,7 +94,7 @@ to reliably determine EOF (for example a MIME boundary). =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod index 641ee2329e..8866785cfe 100644 --- a/doc/man3/BIO_f_ssl.pod +++ b/doc/man3/BIO_f_ssl.pod @@ -54,26 +54,26 @@ The SSL BIO is then reset to the initial accept or connect state. If the close flag is set when an SSL BIO is freed then the internal SSL structure is also freed using SSL_free(). -BIO_set_ssl() sets the internal SSL pointer of BIO B<b> to B<ssl> using +BIO_set_ssl() sets the internal SSL pointer of SSL BIO B<b> to B<ssl> using the close flag B<c>. -BIO_get_ssl() retrieves the SSL pointer of BIO B<b>, it can then be +BIO_get_ssl() retrieves the SSL pointer of SSL BIO B<b>, it can then be manipulated using the standard SSL library functions. BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client> is 1 client mode is set. If B<client> is 0 server mode is set. -BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count +BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count of SSL BIO B<b> to B<num>. When set after every B<num> bytes of I/O (read and write) the SSL session is automatically renegotiated. B<num> must be at least 512 bytes. -BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to -B<seconds>. When the renegotiate timeout elapses the session is -automatically renegotiated. +BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout of SSL BIO B<b> +to B<seconds>. +When the renegotiate timeout elapses the session is automatically renegotiated. BIO_get_num_renegotiates() returns the total number of session -renegotiations due to I/O or timeout. +renegotiations due to I/O or timeout of SSL BIO B<b>. BIO_new_ssl() allocates an SSL BIO using SSL_CTX B<ctx> and using client mode if B<client> is non zero. @@ -82,8 +82,7 @@ BIO_new_ssl_connect() creates a new BIO chain consisting of an SSL BIO (using B<ctx>) followed by a connect BIO. BIO_new_buffer_ssl_connect() creates a new BIO chain consisting -of a buffering BIO, an SSL BIO (using B<ctx>) and a connect -BIO. +of a buffering BIO, an SSL BIO (using B<ctx>), and a connect BIO. BIO_ssl_copy_session_id() copies an SSL session id between BIO chains B<from> and B<to>. It does this by locating the diff --git a/doc/man3/BIO_push.pod b/doc/man3/BIO_push.pod index 8b98bee498..e16daafe88 100644 --- a/doc/man3/BIO_push.pod +++ b/doc/man3/BIO_push.pod @@ -8,22 +8,27 @@ BIO_push, BIO_pop, BIO_set_next - add and remove BIOs from a chain #include <openssl/bio.h> - BIO *BIO_push(BIO *b, BIO *append); + BIO *BIO_push(BIO *b, BIO *next); BIO *BIO_pop(BIO *b); void BIO_set_next(BIO *b, BIO *next); =head1 DESCRIPTION -The BIO_push() function appends the BIO B<append> to B<b>, it returns -B<b>. +BIO_push() pushes I<b> on I<next>. +If I<b> is NULL the function does nothing and returns I<next>. +Otherwise it prepends I<b>, which may be a single BIO or a chain of BIOs, +to I<next> (unless I<next> is NULL). +It then makes a control call on I<b> and returns I<b>. -BIO_pop() removes the BIO B<b> from a chain and returns the next BIO -in the chain, or NULL if there is no next BIO. The removed BIO then -becomes a single BIO with no association with the original chain, -it can thus be freed or attached to a different chain. +BIO_pop() removes the BIO I<b> from any chain is is part of. +If I<b> is NULL the function does nothing and returns NULL. +Otherwise it makes a control call on I<b> and +returns the next BIO in the chain, or NULL if there is no next BIO. +The removed BIO becomes a single BIO with no association with +the original chain, it can thus be freed or be made part of a different chain. BIO_set_next() replaces the existing next BIO in a chain with the BIO pointed to -by B<next>. The new chain may include some of the same BIOs from the old chain +by I<next>. The new chain may include some of the same BIOs from the old chain or it may be completely different. =head1 NOTES @@ -33,41 +38,45 @@ joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain, the deleted BIO does not need to be at the end of a chain. The process of calling BIO_push() and BIO_pop() on a BIO may have additional -consequences (a control call is made to the affected BIOs) any effects will -be noted in the descriptions of individual BIOs. +consequences (a control call is made to the affected BIOs). +Any effects will be noted in the descriptions of individual BIOs. =head1 RETURN VALUES -BIO_push() returns the end of the chain, B<b>. +BIO_push() returns the head of the chain, +which usually is I<b>, or I<next> if I<b> is NULL. -BIO_pop() returns the next BIO in the chain, or NULL if there is no next -BIO. +BIO_pop() returns the next BIO in the chain, +or NULL if there is no next BIO. =head1 EXAMPLES -For these examples suppose B<md1> and B<md2> are digest BIOs, B<b64> is -a base64 BIO and B<f> is a file BIO. +For these examples suppose I<md1> and I<md2> are digest BIOs, +I<b64> is a base64 BIO and I<f> is a file BIO. If the call: BIO_push(b64, f); -is made then the new chain will be B<b64-f>. After making the calls +is made then the new chain will be I<b64-f>. After making the calls BIO_push(md2, b64); BIO_push(md1, md2); -the new chain is B<md1-md2-b64-f>. Data written to B<md1> will be digested -by B<md1> and B<md2>, B<base64> encoded and written to B<f>. +the new chain is I<md1-md2-b64-f>. Data written to I<md1> will be digested +by I<md1> and I<md2>, base64 encoded, and finally written to I<f>. It should be noted that reading causes data to pass in the reverse -direction, that is data is read from B<f>, B<base64> decoded and digested -by B<md2> and B<md1>. If the call: +direction, that is data is read from I<f>, base64 decoded, +and digested by I<md2> and then I<md1>. + +The call: BIO_pop(md2); -The call will return B<b64> and the new chain will be B<md1-b64-f> data can -be written to B<md1> as before. +will return I<b64> and the new chain will be I<md1-b64-f>. +Data can be written to and read from I<md1> as before, +except that I<md2> will no more be applied. =head1 SEE ALSO diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod index dccd4790ed..a4912fbab1 100644 --- a/doc/man3/BN_add.pod +++ b/doc/man3/BN_add.pod @@ -3,7 +3,7 @@ =head1 NAME BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, -BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs =head1 SYNOPSIS @@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, @@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>. BN_mod_sqr() takes the square of I<a> modulo B<m> and places the result in I<r>. +BN_mod_sqrt() returns the modular square root of I<a> such that +C<in^2 = a (mod p)>. The modulus I<p> must be a +prime, otherwise an error or an incorrect "result" will be returned. +The result is stored into I<in> which can be NULL. The result will be +newly allocated in that case. + BN_exp() raises I<a> to the I<p>-th power and places the result in I<r> (C<r=a^p>). This function is faster than repeated applications of BN_mul(). @@ -108,7 +116,10 @@ the arguments. =head1 RETURN VALUES -For all functions, 1 is returned for success, 0 on error. The return +The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is +not a prime), or NULL. + +For all remaining functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>). The error codes can be obtained by L<ERR_get_error(3)>. @@ -119,7 +130,7 @@ L<BN_add_word(3)>, L<BN_set_bit(3)> =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index d57348e62b..5ed14a926f 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -38,7 +38,7 @@ the number will be set to 1, so that the product of two such random numbers will always have 2*B<bits> length. If B<bottom> is B<BN_RAND_BOTTOM_ODD>, the number will be odd; if it is B<BN_RAND_BOTTOM_ANY> it can be odd or even. -If B<bits> is 1 then B<top> cannot also be B<BN_RAND_FLG_TOPTWO>. +If B<bits> is 1 then B<top> cannot also be B<BN_RAND_TOP_TWO>. BN_rand_range() generates a cryptographically strong pseudo-random number B<rnd> in the range 0 E<lt>= B<rnd> E<lt> B<range>. @@ -89,7 +89,7 @@ BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod index 43a3214d58..6f4ac7ec0e 100644 --- a/doc/man3/DEFINE_STACK_OF.pod +++ b/doc/man3/DEFINE_STACK_OF.pod @@ -238,7 +238,8 @@ sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and sk_TYPE_delete_ptr() return a pointer to the deleted element or B<NULL> on error. sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return the total -number of elements in the stack and 0 if an error occurred. +number of elements in the stack and 0 if an error occurred. sk_TYPE_push() +further returns -1 if B<sk> is B<NULL>. sk_TYPE_set() returns a pointer to the replacement element or B<NULL> on error. diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index 369900c248..34a640d205 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -597,8 +597,7 @@ B<ENGINE> implementations. All ENGINE_register_TYPE() functions return 1 on success or 0 on error. -ENGINE_register_complete() and ENGINE_register_all_complete() return 1 on success -or 0 on error. +ENGINE_register_complete() and ENGINE_register_all_complete() always return 1. ENGINE_ctrl() returns a positive value on success or others on error. @@ -609,7 +608,7 @@ ENGINE_ctrl_cmd() and ENGINE_ctrl_cmd_string() return 1 on success or 0 on error ENGINE_new() returns a valid B<ENGINE> structure on success or NULL if an error occurred. -ENGINE_free() returns 1 on success or 0 on error. +ENGINE_free() always returns 1. ENGINE_up_ref() returns 1 on success or 0 on error. @@ -657,7 +656,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_load_strings.pod b/doc/man3/ERR_load_strings.pod index 3167f27150..2b21a3bc6d 100644 --- a/doc/man3/ERR_load_strings.pod +++ b/doc/man3/ERR_load_strings.pod @@ -9,7 +9,7 @@ arbitrary error strings #include <openssl/err.h> - void ERR_load_strings(int lib, ERR_STRING_DATA str[]); + int ERR_load_strings(int lib, ERR_STRING_DATA *str); int ERR_get_next_error_library(void); @@ -38,7 +38,7 @@ to user libraries at runtime. =head1 RETURN VALUES -ERR_load_strings() returns no value. ERR_PACK() return the error code. +ERR_load_strings() returns 1 for success and 0 for failure. ERR_PACK() returns the error code. ERR_get_next_error_library() returns zero on failure, otherwise a new library number. @@ -48,7 +48,7 @@ L<ERR_load_strings(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 0d8a780bb7..392ce5dbc5 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -380,18 +380,20 @@ B<EVP_CTRL_AEAD_SET_TAG>. =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag) -Sets the expected tag to C<taglen> bytes from C<tag>. -The tag length can only be set before specifying an IV. +When decrypting, this call sets the expected tag to C<taglen> bytes from C<tag>. C<taglen> must be between 1 and 16 inclusive. +The tag must be set prior to any call to EVP_DecryptFinal() or +EVP_DecryptFinal_ex(). For GCM, this call is only valid when decrypting data. For OCB, this call is valid when decrypting data to set the expected tag, -and before encryption to set the desired tag length. +and when encrypting to set the desired tag length. -In OCB mode, calling this before encryption with C<tag> set to C<NULL> sets the -tag length. If this is not called prior to encryption, a default tag length is -used. +In OCB mode, calling this when encrypting with C<tag> set to C<NULL> sets the +tag length. The tag length can only be set before specifying an IV. If this is +not called prior to setting the IV during encryption, then a default tag length +is used. For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the maximum tag length for OCB. @@ -659,7 +661,7 @@ EVP_CIPHER_CTX_reset(). =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod index f84d5b1eb3..b37d992307 100644 --- a/doc/man3/OBJ_nid2obj.pod +++ b/doc/man3/OBJ_nid2obj.pod @@ -46,50 +46,52 @@ Deprecated: The ASN1 object utility functions process ASN1_OBJECT structures which are a representation of the ASN1 OBJECT IDENTIFIER (OID) type. For convenience, OIDs are usually represented in source code as numeric -identifiers, or B<NID>s. OpenSSL has an internal table of OIDs that +identifiers, or I<NID>s. OpenSSL has an internal table of OIDs that are generated when the library is built, and their corresponding NIDs are available as defined constants. For the functions below, application code should treat all returned values -- OIDs, NIDs, or names -- as constants. -OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to +OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID I<n> to an ASN1_OBJECT structure, its long name and its short name respectively, or B<NULL> if an error occurred. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID -for the object B<o>, the long name <ln> or the short name <sn> respectively +for the object I<o>, the long name <ln> or the short name <sn> respectively or NID_undef if an error occurred. -OBJ_txt2nid() returns NID corresponding to text string <s>. B<s> can be +OBJ_txt2nid() returns NID corresponding to text string I<s>. I<s> can be a long name, a short name or the numerical representation of an object. -OBJ_txt2obj() converts the text string B<s> into an ASN1_OBJECT structure. -If B<no_name> is 0 then long names and short names will be interpreted -as well as numerical forms. If B<no_name> is 1 only the numerical form +OBJ_txt2obj() converts the text string I<s> into an ASN1_OBJECT structure. +If I<no_name> is 0 then long names and short names will be interpreted +as well as numerical forms. If I<no_name> is 1 only the numerical form is acceptable. -OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation. -The representation is written as a null terminated string to B<buf> -at most B<buf_len> bytes are written, truncating the result if necessary. -The total amount of space required is returned. If B<no_name> is 0 then -if the object has a long or short name then that will be used, otherwise -the numerical form will be used. If B<no_name> is 1 then the numerical -form will always be used. +OBJ_obj2txt() converts the B<ASN1_OBJECT> I<a> into a textual representation. +Unless I<buf> is NULL, +the representation is written as a NUL-terminated string to I<buf>, where +at most I<buf_len> bytes are written, truncating the result if necessary. +In any case it returns the total string length, excluding the NUL character, +required for non-truncated representation, or -1 on error. +If I<no_name> is 0 then if the object has a long or short name +then that will be used, otherwise the numerical form will be used. +If I<no_name> is 1 then the numerical form will always be used. -i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the B<no_name> set to zero. +i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the I<no_name> set to zero. -OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned. +OBJ_cmp() compares I<a> to I<b>. If the two are identical 0 is returned. -OBJ_dup() returns a copy of B<o>. +OBJ_dup() returns a copy of I<o>. -OBJ_create() adds a new object to the internal table. B<oid> is the -numerical form of the object, B<sn> the short name and B<ln> the +OBJ_create() adds a new object to the internal table. I<oid> is the +numerical form of the object, I<sn> the short name and I<ln> the long name. A new NID is returned for the created object in case of success and NID_undef in case of failure. -OBJ_length() returns the size of the content octets of B<obj>. +OBJ_length() returns the size of the content octets of I<obj>. -OBJ_get0_data() returns a pointer to the content octets of B<obj>. +OBJ_get0_data() returns a pointer to the content octets of I<obj>. The returned pointer is an internal pointer which B<must not> be freed. OBJ_cleanup() releases any resources allocated by creating new objects. @@ -141,6 +143,13 @@ on error. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return a NID or B<NID_undef> on error. +OBJ_add_sigid() returns 1 on success or 0 on error. + +i2t_ASN1_OBJECT() an OBJ_obj2txt() return -1 on error. +On success, they return the length of the string written to I<buf> if I<buf> is +not NULL and I<buf_len> is big enough, otherwise the total string length. +Note that this does not count the trailing NUL character. + =head1 EXAMPLES Create an object for B<commonName>: @@ -161,15 +170,6 @@ Create a new object directly: obj = OBJ_txt2obj("1.2.3.4", 1); -=head1 BUGS - -OBJ_obj2txt() is awkward and messy to use: it doesn't follow the -convention of other OpenSSL functions where the buffer can be set -to B<NULL> to determine the amount of data that should be written. -Instead B<buf> must point to a valid buffer and B<buf_len> should -be set to a positive value. A buffer length of 80 should be more -than enough to handle any OID encountered in practice. - =head1 SEE ALSO L<ERR_get_error(3)> @@ -181,7 +181,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 900c4f3a56..7f0e088687 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -434,7 +434,7 @@ B<SessionTicket>: session ticket support, enabled by default. Inverse of B<SSL_OP_NO_TICKET>: that is B<-SessionTicket> is the same as setting B<SSL_OP_NO_TICKET>. -B<Compression>: SSL/TLS compression support, enabled by default. Inverse +B<Compression>: SSL/TLS compression support, disabled by default. Inverse of B<SSL_OP_NO_COMPRESSION>. B<EmptyFragments>: use empty fragments as a countermeasure against a @@ -694,7 +694,7 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod index ad13ed15f4..bc031008f2 100644 --- a/doc/man3/SSL_CTX_set_num_tickets.pod +++ b/doc/man3/SSL_CTX_set_num_tickets.pod @@ -25,10 +25,10 @@ the client after a full handshake. Set the desired value (which could be 0) in the B<num_tickets> argument. Typically these functions should be called before the start of the handshake. -The default number of tickets is 2; the default number of tickets sent following -a resumption handshake is 1 but this cannot be changed using these functions. -The number of tickets following a resumption handshake can be reduced to 0 using -custom session ticket callbacks (see L<SSL_CTX_set_session_ticket_cb(3)>). +The default number of tickets is 2. Following a resumption the number of tickets +issued will never be more than 1 regardless of the value set via +SSL_set_num_tickets() or SSL_CTX_set_num_tickets(). If B<num_tickets> is set to +0 then no tickets will be issued for either a normal connection or a resumption. Tickets are also issued on receipt of a post-handshake certificate from the client following a request by the server using @@ -58,7 +58,7 @@ These functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index b2637efc1a..15642f48f1 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -123,7 +123,7 @@ enable an attacker to obtain the session keys. =head1 RETURN VALUES -returns 0 to indicate the callback function was set. +Returns 1 to indicate the callback function was set and 0 otherwise. =head1 EXAMPLES @@ -193,7 +193,7 @@ L<SSL_CTX_set_session_id_context(3)>, =head1 COPYRIGHT -Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_session.pod b/doc/man3/SSL_get_session.pod index 7c04570635..b7472bd608 100644 --- a/doc/man3/SSL_get_session.pod +++ b/doc/man3/SSL_get_session.pod @@ -37,8 +37,11 @@ L<SSL_SESSION_is_resumable(3)> for information on how to determine whether an SSL_SESSION object can be used for resumption or not. Additionally, in TLSv1.3, a server can send multiple messages that establish a -session for a single connection. In that case the above functions will only -return information on the last session that was received. +session for a single connection. In that case, on the client side, the above +functions will only return information on the last session that was received. On +the server side they will only return information on the last session that was +sent, or if no session tickets were sent then the session for the current +connection. The preferred way for applications to obtain a resumable SSL_SESSION object is to use a new session callback as described in L<SSL_CTX_sess_set_new_cb(3)>. @@ -100,7 +103,7 @@ L<SSL_SESSION_free(3)> =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set_fd.pod b/doc/man3/SSL_set_fd.pod index 6780d515f9..3195a4ece9 100644 --- a/doc/man3/SSL_set_fd.pod +++ b/doc/man3/SSL_set_fd.pod @@ -45,6 +45,17 @@ The operation succeeded. =back +=head1 NOTES + +On Windows, a socket handle is a 64-bit data type (UINT_PTR), which leads to a +compiler warning (conversion from 'SOCKET' to 'int', possible loss of data) when +passing the socket handle to SSL_set_*fd(). For the time being, this warning can +safely be ignored, because although the Microsoft documentation claims that the +upper limit is INVALID_SOCKET-1 (2^64 - 2), in practice the current socket() +implementation returns an index into the kernel handle table, the size of which +is limited to 2^24. + + =head1 SEE ALSO L<SSL_get_fd(3)>, L<SSL_set_bio(3)>, @@ -53,7 +64,7 @@ L<SSL_shutdown(3)>, L<ssl(7)> , L<bio(7)> =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index aba7fff781..b8024dc4af 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -11,7 +11,10 @@ X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, -X509_STORE_CTX_verify_fn +X509_STORE_CTX_verify_fn, +X509_STORE_CTX_set_purpose, +X509_STORE_CTX_set_trust, +X509_STORE_CTX_purpose_inherit - X509_STORE_CTX initialisation =head1 SYNOPSIS @@ -44,6 +47,11 @@ X509_STORE_CTX_verify_fn typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); + int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); + int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); + int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); + =head1 DESCRIPTION These functions initialise an B<X509_STORE_CTX> structure for subsequent use @@ -120,6 +128,65 @@ following signature: This function should receive the current X509_STORE_CTX as a parameter and return 1 on success or 0 on failure. +X509 certificates may contain information about what purposes keys contained +within them can be used for. For example "TLS WWW Server Authentication" or +"Email Protection". This "key usage" information is held internally to the +certificate itself. In addition the trust store containing trusted certificates +can declare what purposes we trust different certificates for. This "trust" +information is not held within the certificate itself but is "meta" information +held alongside it. This "meta" information is associated with the certificate +after it is issued and could be determined by a system administrator. For +example a certificate might declare that it is suitable for use for both +"TLS WWW Server Authentication" and "TLS Client Authentication", but a system +administrator might only trust it for the former. An X.509 certificate extension +exists that can record extended key usage information to supplement the purpose +information described above. This extended mechanism is arbitrarily extensible +and not well suited for a generic library API; applications that need to +validate extended key usage information in certifiates will need to define a +custom "purpose" (see below) or supply a nondefault verification callback +(L<X509_STORE_set_verify_cb_func(3)>). + +X509_STORE_CTX_set_purpose() sets the purpose for the target certificate being +verified in the I<ctx>. Built-in available values for the I<purpose> argument +are B<X509_PURPOSE_SSL_CLIENT>, B<X509_PURPOSE_SSL_SERVER>, +B<X509_PURPOSE_NS_SSL_SERVER>, B<X509_PURPOSE_SMIME_SIGN>, +B<X509_PURPOSE_SMIME_ENCRYPT>, B<X509_PURPOSE_CRL_SIGN>, B<X509_PURPOSE_ANY>, +B<X509_PURPOSE_OCSP_HELPER> and B<X509_PURPOSE_TIMESTAMP_SIGN>. It is also +possible to create a custom purpose value. Setting a purpose will ensure that +the key usage declared within certificates in the chain being verified is +consistent with that purpose as well as, potentially, other checks. Every +purpose also has an associated default trust value which will also be set at the +same time. During verification this trust setting will be verified to check it +is consistent with the trust set by the system administrator for certificates in +the chain. + +X509_STORE_CTX_set_trust() sets the trust value for the target certificate +being verified in the I<ctx>. Built-in available values for the I<trust> +argument are B<X509_TRUST_COMPAT>, B<X509_TRUST_SSL_CLIENT>, +B<X509_TRUST_SSL_SERVER>, B<X509_TRUST_EMAIL>, B<X509_TRUST_OBJECT_SIGN>, +B<X509_TRUST_OCSP_SIGN>, B<X509_TRUST_OCSP_REQUEST> and B<X509_TRUST_TSA>. It is +also possible to create a custom trust value. Since X509_STORE_CTX_set_purpose() +also sets the trust value it is normally sufficient to only call that function. +If both are called then X509_STORE_CTX_set_trust() should be called after +X509_STORE_CTX_set_purpose() since the trust setting of the last call will be +used. + +It should not normally be necessary for end user applications to call +X509_STORE_CTX_purpose_inherit() directly. Typically applications should call +X509_STORE_CTX_set_purpose() or X509_STORE_CTX_set_trust() instead. Using this +function it is possible to set the purpose and trust values for the I<ctx> at +the same time. The I<def_purpose> and I<purpose> arguments can have the same +purpose values as described for X509_STORE_CTX_set_purpose() above. The I<trust> +argument can have the same trust values as described in +X509_STORE_CTX_set_trust() above. Any of the I<def_purpose>, I<purpose> or +I<trust> values may also have the value 0 to indicate that the supplied +parameter should be ignored. After calling this function the purpose to be used +for verification is set from the I<purpose> argument, and the trust is set from +the I<trust> argument. If I<trust> is 0 then the trust value will be set from +the default trust value for I<purpose>. If the default trust value for the +purpose is I<X509_TRUST_DEFAULT> and I<trust> is 0 then the default trust value +associated with the I<def_purpose> value is used for the trust setting instead. + =head1 NOTES The certificates and CRLs in a store are used internally and should B<not> @@ -164,7 +231,7 @@ The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index e42049d2ba..30b419c512 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -158,6 +158,8 @@ d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, +d2i_X509_bio, +d2i_X509_fp, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, @@ -338,6 +340,8 @@ i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, +i2d_X509_bio, +i2d_X509_fp, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, @@ -612,7 +616,7 @@ efficiency reasons. =head1 COPYRIGHT -Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/ossl_store.pod b/doc/man7/ossl_store.pod index b706196851..19e15a65f8 100644 --- a/doc/man7/ossl_store.pod +++ b/doc/man7/ossl_store.pod @@ -58,7 +58,7 @@ other encoding is undefined. * here just one example */ switch (OSSL_STORE_INFO_get_type(info)) { - case OSSL_STORE_INFO_X509: + case OSSL_STORE_INFO_CERT: /* Print the X.509 certificate text */ X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info)); /* Print the X.509 certificate PEM output */ @@ -77,7 +77,7 @@ L<OSSL_STORE_SEARCH(3)> =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 4b17228461..2d16c13834 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -624,11 +624,8 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx) } actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx); - if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) { - ALG_WARN("%s afalg ctx passed\n", - ctx == NULL ? "NULL" : "Uninitialised"); - return 0; - } + if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) + return 1; close(actx->sfd); close(actx->bfd); diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 5cdacb66a0..9ad043b1bd 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -182,8 +182,8 @@ static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); static int dasync_cipher_nids[] = { - NID_aes_128_cbc, NID_aes_128_cbc_hmac_sha1, + NID_aes_128_cbc, 0 }; @@ -244,7 +244,8 @@ static int bind_dasync(ENGINE *e) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE - | EVP_CIPH_FLAG_PIPELINE) + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, dasync_aes128_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, @@ -264,12 +265,14 @@ static int bind_dasync(ENGINE *e) 16 /* block size */, 16 /* key len */); if (_hidden_aes_128_cbc_hmac_sha1 == NULL + || EVP_aes_128_cbc_hmac_sha1() == NULL || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER - | EVP_CIPH_FLAG_PIPELINE) + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, dasync_aes128_cbc_hmac_sha1_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, @@ -371,6 +374,10 @@ static int dasync_ciphers(ENGINE *e, const EVP_CIPHER **cipher, int ok = 1; if (cipher == NULL) { /* We are returning a list of supported nids */ + if (dasync_aes_128_cbc_hmac_sha1() == NULL) { + *nids = dasync_cipher_nids + 1; + return 1; + } *nids = dasync_cipher_nids; return (sizeof(dasync_cipher_nids) - 1) / sizeof(dasync_cipher_nids[0]); @@ -624,6 +631,21 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, } } + case EVP_CTRL_COPY: + { + const EVP_CIPHER *cipher = aeadcapable + ? EVP_aes_128_cbc_hmac_sha1() + : EVP_aes_128_cbc(); + size_t data_size = EVP_CIPHER_impl_ctx_size(cipher); + void *cipher_data = OPENSSL_malloc(data_size); + + if (cipher_data == NULL) + return 0; + memcpy(cipher_data, pipe_ctx->inner_cipher_data, data_size); + pipe_ctx->inner_cipher_data = cipher_data; + return 1; + } + default: return 0; } diff --git a/include/crypto/rand.h b/include/crypto/rand.h index 674f840fd1..9e02bb0e50 100644 --- a/include/crypto/rand.h +++ b/include/crypto/rand.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,7 @@ # if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM) # include <Availability.h> -# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101000) || \ +# if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \ (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000) # define OPENSSL_APPLE_CRYPTO_RANDOM 1 # include <CommonCrypto/CommonCryptoError.h> diff --git a/include/internal/sockets.h b/include/internal/sockets.h index 39186efef2..4fc1aecdbb 100644 --- a/include/internal/sockets.h +++ b/include/internal/sockets.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,6 +30,8 @@ # include <sys/un.h> # include <tcp.h> # include <netdb.h> +# include <arpa/inet.h> +# include <netinet/tcp.h> # elif defined(_WIN32_WCE) && _WIN32_WCE<410 # define getservbyname _masked_declaration_getservbyname # endif diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 44cc139966..24baf53c34 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -793,12 +793,15 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); -# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) -# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) -# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ - (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) -# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ - (unsigned char *)(x)) +# define d2i_ECPKParameters_bio(bp,x) \ + ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x) +# define i2d_ECPKParameters_bio(bp,x) \ + ASN1_i2d_bio_of_const(EC_GROUP, i2d_ECPKParameters, bp, x) +# define d2i_ECPKParameters_fp(fp,x) \ + (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \ + (void **)(x)) +# define i2d_ECPKParameters_fp(fp,x) \ + ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x)) int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); # ifndef OPENSSL_NO_STDIO diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 0780f0fb5f..d707eaeb6e 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -722,6 +722,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ fns->mem_fns.realloc_fn, \ fns->mem_fns.free_fn); \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ skip_cbs: \ if (!fn(e, id)) return 0; \ return 1; } diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index eb812ed18d..53516a06c6 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index cbbfab12b3..c486264470 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101010cfL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021" +# define OPENSSL_VERSION_NUMBER 0x101010efL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n 15 Mar 2022" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index c4239345b6..67097d5cca 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -76,13 +76,12 @@ static int ssl_free(BIO *a) if (a == NULL) return 0; bs = BIO_get_data(a); - if (bs->ssl != NULL) - SSL_shutdown(bs->ssl); if (BIO_get_shutdown(a)) { + if (bs->ssl != NULL) + SSL_shutdown(bs->ssl); if (BIO_get_init(a)) SSL_free(bs->ssl); - /* Clear all flags */ - BIO_clear_flags(a, ~0); + BIO_clear_flags(a, ~0); /* Clear all flags */ BIO_set_init(a, 0); } OPENSSL_free(bs); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index e6a8bbd710..f158544789 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1039,7 +1039,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) if (SSL_IS_DTLS(s)) { /* DTLS does not support pipelining */ - unsigned char dtlsseq[9], *p = dtlsseq; + unsigned char dtlsseq[8], *p = dtlsseq; s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) : DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p); diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index aa7d63f84a..c95dcd9fde 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -128,7 +128,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t *md_out_size, - const unsigned char header[13], + const unsigned char *header, const unsigned char *data, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index b256a4b935..e4cf007f82 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2171,7 +2171,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA128, SSL_SHA256, @@ -2187,7 +2187,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA128, SSL_SHA256, @@ -2203,7 +2203,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA128, SSL_SHA256, @@ -2235,7 +2235,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA256, SSL_SHA256, @@ -2251,7 +2251,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA256, SSL_SHA256, @@ -2267,7 +2267,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA256, SSL_SHA256, diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 799fee771b..9264364100 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -225,7 +225,7 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen, ASN1_OCTET_STRING *src, size_t maxlen) { - if (src == NULL) { + if (src == NULL || src->length == 0) { *pdstlen = 0; return 1; } diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index e7feda81d0..eba96b207e 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -901,7 +901,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) { - int level, minbits; + int level, minbits, pfs_mask; minbits = ssl_get_security_level_bits(s, ctx, &level); @@ -936,8 +936,9 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, if (level >= 2 && c->algorithm_enc == SSL_RC4) return 0; /* Level 3: forward secure ciphersuites only */ + pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK; if (level >= 3 && c->min_tls != TLS1_3_VERSION && - !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) + !(c->algorithm_mkey & pfs_mask)) return 0; break; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 735a483c64..55f919fcd5 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1601,6 +1601,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { if (!sk_SSL_CIPHER_push(cipherstack, sk_SSL_CIPHER_value(tls13_ciphersuites, i))) { + OPENSSL_free(co_list); sk_SSL_CIPHER_free(cipherstack); return NULL; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ffd0a0bc6d..9c411a3293 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1684,6 +1684,8 @@ static int ssl_start_async_job(SSL *s, struct ssl_async_args *args, if (s->waitctx == NULL) return -1; } + + s->rwstate = SSL_NOTHING; switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args, sizeof(struct ssl_async_args))) { case ASYNC_ERR: diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index f92472117a..9f346e30e8 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2622,7 +2622,7 @@ __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); __owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out, size_t *md_out_size, - const unsigned char header[13], + const unsigned char *header, const unsigned char *data, size_t data_plus_mac_size, size_t data_plus_mac_plus_padding_size, diff --git a/ssl/statem/README b/ssl/statem/README index 86cc066372..bafe33060c 100644 --- a/ssl/statem/README +++ b/ssl/statem/README @@ -55,7 +55,7 @@ Conceptually the state machine component is designed as follows: | | | | ____________V_______V________ ________V______V_______________ | | | | - | statem_both.c | | statem_dtls.c | + | statem_lib.c | | statem_dtls.c | | | | | | Non core functions common | | Non core functions common to | | to both servers and clients | | both DTLS servers and clients | diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index ce8a75794c..9d38ac23b5 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1741,7 +1741,9 @@ int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Ignore if inappropriate ciphersuite */ if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC) && s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD - && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4) + && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4 + && s->s3->tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT + && s->s3->tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12) s->ext.use_etm = 1; return 1; @@ -1872,6 +1874,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_MALLOC_FAILURE); + EVP_PKEY_free(skey); return 0; } if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt), diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index a0ba18efa7..1fe226f9f2 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,11 +146,12 @@ int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type, } /* - * Extensions received in the ClientHello are marked with the - * SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent - * extensions in the ServerHello/EncryptedExtensions message + * Extensions received in the ClientHello or CertificateRequest are marked + * with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent + * extensions in the response messages */ - if ((context & SSL_EXT_CLIENT_HELLO) != 0) + if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)) + != 0) meth->ext_flags |= SSL_EXT_FLAG_RECEIVED; /* If no parse function set return success */ @@ -192,7 +193,7 @@ int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx, | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) { - /* Only send extensions present in ClientHello. */ + /* Only send extensions present in ClientHello/CertificateRequest */ if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED)) continue; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index c3b6f8f456..695caab3d6 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -2410,6 +2410,8 @@ int tls13_save_handshake_digest_for_pha(SSL *s) SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, ERR_R_INTERNAL_ERROR); + EVP_MD_CTX_free(s->pha_dgst); + s->pha_dgst = NULL; return 0; } } diff --git a/test/afalgtest.c b/test/afalgtest.c index adb2977f30..724afb4d83 100644 --- a/test/afalgtest.c +++ b/test/afalgtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,26 +21,7 @@ #ifndef OPENSSL_NO_ENGINE static ENGINE *e; -#endif - -#ifndef OPENSSL_NO_AFALGENG -# include <linux/version.h> -# define K_MAJ 4 -# define K_MIN1 1 -# define K_MIN2 0 -# if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) -/* - * If we get here then it looks like there is a mismatch between the linux - * headers and the actual kernel version, so we have tried to compile with - * afalg support, but then skipped it in e_afalg.c. As far as this test is - * concerned we behave as if we had been configured without support - */ -# define OPENSSL_NO_AFALGENG -# endif -#endif - -#ifndef OPENSSL_NO_AFALGENG static int test_afalg_aes_cbc(int keysize_idx) { EVP_CIPHER_CTX *ctx; @@ -112,9 +93,25 @@ static int test_afalg_aes_cbc(int keysize_idx) EVP_CIPHER_CTX_free(ctx); return ret; } -#endif -#ifndef OPENSSL_NO_ENGINE +static int test_pr16743(void) +{ + int ret = 0; + const EVP_CIPHER * cipher; + EVP_CIPHER_CTX *ctx; + + if (!TEST_true(ENGINE_init(e))) + return 0; + cipher = ENGINE_get_cipher(e, NID_aes_128_cbc); + ctx = EVP_CIPHER_CTX_new(); + if (cipher != NULL && ctx != NULL) + ret = EVP_EncryptInit_ex(ctx, cipher, e, NULL, NULL); + TEST_true(ret); + EVP_CIPHER_CTX_free(ctx); + ENGINE_finish(e); + return ret; +} + int global_init(void) { ENGINE_load_builtin_engines(); @@ -132,9 +129,8 @@ int setup_tests(void) /* Probably a platform env issue, not a test failure. */ TEST_info("Can't load AFALG engine"); } else { -# ifndef OPENSSL_NO_AFALGENG ADD_ALL_TESTS(test_afalg_aes_cbc, 3); -# endif + ADD_TEST(test_pr16743); } #endif diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c index 865e058421..7414a4442c 100644 --- a/test/asn1_internal_test.c +++ b/test/asn1_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -107,9 +107,36 @@ static int test_standard_methods(void) return 0; } +/********************************************************************** + * + * Regression test for issue where OBJ_nid2obj does not raise + * an error when a NID is not registered. + * + ***/ +static int test_nid2obj_nonexist(void) +{ + ASN1_OBJECT *obj; + unsigned long err; + + obj = OBJ_nid2obj(INT_MAX); + if (!TEST_true(obj == NULL)) + return 0; + + err = ERR_get_error(); + + if (!TEST_int_eq(ERR_GET_FUNC(err), OBJ_F_OBJ_NID2OBJ)) + return 0; + + if (!TEST_int_eq(ERR_GET_REASON(err), OBJ_R_UNKNOWN_NID)) + return 0; + + return 1; +} + int setup_tests(void) { ADD_TEST(test_tbl_standard); ADD_TEST(test_standard_methods); + ADD_TEST(test_nid2obj_nonexist); return 1; } diff --git a/test/bntest.c b/test/bntest.c index 236501e679..9273e86566 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,6 @@ /* * Things in boring, not in openssl. TODO we should add them. */ -#define HAVE_BN_PADDED 0 #define HAVE_BN_SQRT 0 typedef struct filetest_st { @@ -628,6 +627,51 @@ static int test_modexp_mont5(void) if (!TEST_BN_eq(c, d)) goto err; + /* + * Regression test for overflow bug in bn_sqr_comba4/8 for + * mips-linux-gnu and mipsel-linux-gnu 32bit targets. + */ + { + static const char *ehex[] = { + "95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee", + "38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5", + "8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a", + "5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985", + "2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1", + "a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680", + "b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e", + "da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465", + NULL}; + static const char *phex[] = { + "f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241", + "a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31", + "2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053", + "c776d3982d391b6d04d642dda5cc6d1640174c09875addb70595658f89efb439", + "dc6fbd55f903aadd307982d3f659207f265e1ec6271b274521b7a5e28e8fd7a5", + "5df089292820477802a43cf5b6b94e999e8c9944ddebb0d0e95a60f88cb7e813", + "ba110d20e1024774107dd02949031864923b3cb8c3f7250d6d1287b0a40db6a4", + "7bd5a469518eb65aa207ddc47d8c6e5fc8e0c105be8fc1d4b57b2e27540471d5", + NULL}; + static const char *mhex[] = { + "fef15d5ce4625f1bccfbba49fc8439c72bf8202af039a2259678941b60bb4a8f", + "2987e965d58fd8cf86a856674d519763d0e1211cc9f8596971050d56d9b35db3", + "785866cfbca17cfdbed6060be3629d894f924a89fdc1efc624f80d41a22f1900", + "9503fcc3824ef62ccb9208430c26f2d8ceb2c63488ec4c07437aa4c96c43dd8b", + "9289ed00a712ff66ee195dc71f5e4ead02172b63c543d69baf495f5fd63ba7bc", + "c633bd309c016e37736da92129d0b053d4ab28d21ad7d8b6fab2a8bbdc8ee647", + "d2fbcf2cf426cf892e6f5639e0252993965dfb73ccd277407014ea784aaa280c", + "b7b03972bc8b0baa72360bdb44b82415b86b2f260f877791cd33ba8f2d65229b", + NULL}; + + if (!TEST_true(parse_bigBN(&e, ehex)) + || !TEST_true(parse_bigBN(&p, phex)) + || !TEST_true(parse_bigBN(&m, mhex)) + || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) + || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) + || !TEST_BN_eq(a, d)) + goto err; + } + /* Zero input */ if (!TEST_true(BN_bntest_rand(p, 1024, 0, 0))) goto err; @@ -1685,8 +1729,17 @@ static int file_modsqrt(STANZA *s) || !TEST_ptr(ret2 = BN_new())) goto err; + if (BN_is_negative(mod_sqrt)) { + /* A negative testcase */ + if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) + goto err; + + st = 1; + goto err; + } + /* There are two possible answers. */ - if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) + if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) || !TEST_true(BN_sub(ret2, p, ret))) goto err; @@ -1731,52 +1784,52 @@ static int file_gcd(STANZA *s) static int test_bn2padded(void) { -#if HAVE_BN_PADDED uint8_t zeros[256], out[256], reference[128]; - BIGNUM *n = BN_new(); + size_t bytes; + BIGNUM *n; int st = 0; /* Test edge case at 0. */ - if (n == NULL) + if (!TEST_ptr((n = BN_new()))) goto err; - if (!TEST_true(BN_bn2bin_padded(NULL, 0, n))) + if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), 0)) goto err; memset(out, -1, sizeof(out)); - if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n)) + if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out))) goto err; memset(zeros, 0, sizeof(zeros)); if (!TEST_mem_eq(zeros, sizeof(zeros), out, sizeof(out))) goto err; /* Test a random numbers at various byte lengths. */ - for (size_t bytes = 128 - 7; bytes <= 128; bytes++) { + for (bytes = 128 - 7; bytes <= 128; bytes++) { # define TOP_BIT_ON 0 # define BOTTOM_BIT_NOTOUCH 0 if (!TEST_true(BN_rand(n, bytes * 8, TOP_BIT_ON, BOTTOM_BIT_NOTOUCH))) goto err; - if (!TEST_int_eq(BN_num_bytes(n),A) bytes - || TEST_int_eq(BN_bn2bin(n, reference), bytes)) + if (!TEST_int_eq(BN_num_bytes(n), bytes) + || !TEST_int_eq(BN_bn2bin(n, reference), bytes)) goto err; /* Empty buffer should fail. */ - if (!TEST_int_eq(BN_bn2bin_padded(NULL, 0, n)), 0) + if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), -1)) goto err; /* One byte short should fail. */ - if (BN_bn2bin_padded(out, bytes - 1, n)) + if (!TEST_int_eq(BN_bn2binpad(n, out, bytes - 1), -1)) goto err; /* Exactly right size should encode. */ - if (!TEST_true(BN_bn2bin_padded(out, bytes, n)) - || TEST_mem_eq(out, bytes, reference, bytes)) + if (!TEST_int_eq(BN_bn2binpad(n, out, bytes), bytes) + || !TEST_mem_eq(out, bytes, reference, bytes)) goto err; /* Pad up one byte extra. */ - if (!TEST_true(BN_bn2bin_padded(out, bytes + 1, n)) + if (!TEST_int_eq(BN_bn2binpad(n, out, bytes + 1), bytes + 1) || !TEST_mem_eq(out + 1, bytes, reference, bytes) || !TEST_mem_eq(out, 1, zeros, 1)) goto err; /* Pad up to 256. */ - if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n) + if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out)) || !TEST_mem_eq(out + sizeof(out) - bytes, bytes, reference, bytes) - || !TEST_mem_eq(out, sizseof(out) - bytes, + || !TEST_mem_eq(out, sizeof(out) - bytes, zeros, sizeof(out) - bytes)) goto err; } @@ -1785,9 +1838,6 @@ static int test_bn2padded(void) err: BN_free(n); return st; -#else - return ctx != NULL; -#endif } static int test_dec2bn(void) @@ -2757,6 +2807,50 @@ static int test_mod_exp_consttime(int i) return res; } +/* + * Regression test to ensure BN_mod_exp2_mont fails safely if argument m is + * zero. + */ +static int test_mod_exp2_mont(void) +{ + int res = 0; + BIGNUM *exp_result = NULL; + BIGNUM *exp_a1 = NULL, *exp_p1 = NULL, *exp_a2 = NULL, *exp_p2 = NULL, + *exp_m = NULL; + + if (!TEST_ptr(exp_result = BN_new()) + || !TEST_ptr(exp_a1 = BN_new()) + || !TEST_ptr(exp_p1 = BN_new()) + || !TEST_ptr(exp_a2 = BN_new()) + || !TEST_ptr(exp_p2 = BN_new()) + || !TEST_ptr(exp_m = BN_new())) + goto err; + + if (!TEST_true(BN_one(exp_a1)) + || !TEST_true(BN_one(exp_p1)) + || !TEST_true(BN_one(exp_a2)) + || !TEST_true(BN_one(exp_p2))) + goto err; + + BN_zero(exp_m); + + /* input of 0 is even, so must fail */ + if (!TEST_int_eq(BN_mod_exp2_mont(exp_result, exp_a1, exp_p1, exp_a2, + exp_p2, exp_m, ctx, NULL), 0)) + goto err; + + res = 1; + +err: + BN_free(exp_result); + BN_free(exp_a1); + BN_free(exp_p1); + BN_free(exp_a2); + BN_free(exp_p2); + BN_free(exp_m); + return res; +} + static int file_test_run(STANZA *s) { static const FILETEST filetests[] = { @@ -2865,6 +2959,7 @@ int setup_tests(void) ADD_TEST(test_gcd_prime); ADD_ALL_TESTS(test_mod_exp, (int)OSSL_NELEM(ModExpTests)); ADD_ALL_TESTS(test_mod_exp_consttime, (int)OSSL_NELEM(ModExpTests)); + ADD_TEST(test_mod_exp2_mont); } else { ADD_ALL_TESTS(run_file_tests, n); } diff --git a/test/build.info b/test/build.info index bc3dae81f9..6357a7f2fe 100644 --- a/test/build.info +++ b/test/build.info @@ -515,7 +515,9 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[sm4_internal_test]=.. ../include DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a - SOURCE[ec_internal_test]=ec_internal_test.c + SOURCE[ec_internal_test]=ec_internal_test.c \ + {- rebase_files("../apps", + split(/\s+/, $target{apps_init_src})) -} INCLUDE[ec_internal_test]=../include ../crypto/ec DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a diff --git a/test/certs/cross-key.pem b/test/certs/cross-key.pem new file mode 100644 index 0000000000..93cd467ac7 --- /dev/null +++ b/test/certs/cross-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCSkfwkYXTJFL4I +ICRQFXji6eX9I1NI97GBu2Yk8ejwctMttcJTlBLYpYRFQnZgsLwVEhA25KKlSNPz +PPrEVipT5Ll5J6uhWEBGLHETh8Qx4sI508B2zUP+2tnDapYtk5MNSVdQZXVt6wJu +sXY8vd58nHPLo4zr61MTwrj3Ld0lU18YHtxnGSMMYPPTxecE0mjYU038ELxZMdlT ++VSC0KOBJddj64+kXRdiDtQGVWE58MtX5/18LgSY3J/hvNhmcWuY611pgXcmwDPr +Sn1fDeRqG87Qs8KniS1dtWHDCVW/5KZOQeLcK6VTaEdnwdPYQ7BiJp4+3ypKmErd +T9TYBs8XAgMBAAECggEABIxdeGpm8DjGRgSQLjLg88CNPWG89sBrQk0SbvQ1HJfq +dJXRDxgMFtBsFTfX6kla3xfyHpQ/dY4qJZvmQNBXIQ/oiqumw9Ah153qlGJJmXdG +PEQDEz7+2lExawwmjgk6Uvs58LMHmCNUibUdzHgsdZcwudq8R6FWZ8lvIIo6GOJg +1gOoPbeAQtNAx8LPr+eDvpXoWJrCKJKuZCSRLV2CDmEH/+KH123cD4Lg+MsPNBJd +DsOitnVczlqnKDf5gSUXy3cwQlKFtOBa/0pN9wZvZDEWa30RmJmXI2bLo/h6GxGB +JXK57mTJG3UboWFIgNBU9IudPOdzDfJE1ul/Jon/AQKBgQC7/mmZg31a/8zlPLji +oWoEEutyNu0O28BCbBrw9t1SqtPFLm53AzIzB4RFVjn9i5dnxljh618KQiY4FbKM +mz1Yuzf7zCV7n8c1NakGwmW9Ezl8ZoLE44Nu7Pccukorl6uEY7kZa2vGa7krmIcI +6kFbvVbl4scbXlDL88hGHezhoQKBgQDHl3O8kOvOhIwfVH6qIjIO+0oR57Tqtwaw +A3oq6Ppdp65GK9G4f+/5L0z/Ay69MyauBLRA6+9LlW6SmAACSK69juvPMK6gd5uS +yWQ8imh6l304BAryjOHiNXHtpnmiaPAGNgFZKPsPbWlOo4ZexTEBq23i4JM1TUph +xpCmGY1ltwKBgEuYyPo0iAo55zkfq/Fmm2079nYdZEKfV7beJg9UFjgR/crDGyS8 +okkm8qe3PuaYZbATcNaYgcVsSFYxU3V7T7YIw0B8HW6TF9Zr16aiMatQucMurdNi +8g1/OPfSadURzqUUPPDd458M3o+LbHHHUbUEdJdJFGwLB06cn6KikglBAoGAMz8M +xV7EXOsleynbt9090yDsPLqsdhN2UR0jcf8NwZw7H+NCXsfimq1tbJCpoISQqt+k +VIL/lv2QPW1vmyaET0FyBGmwfJ0ZQdAZv32eI9Pfn9FR6kMIAGfOj8FNu8iL0Fxv +bjAafjSOdFWCO7UPxyj39ufIhEgLEB3GqA8pgfMCgYEAn/1Ov1Lu4MWq+72LygqG +78rxk6rIGGET64grG1CSjkylQ9mo14jG6O1lM4fwTjlbGQrKGtzQtL785dW+t5uH +zC2lDRDp8of+ErC31e+N4YDMdUHWeRBgHDYgsx4EgI0jNb02/UlziL1eARBpnfz6 +tw1erVdMmlA3LRBR5Mj+xso= +-----END PRIVATE KEY----- diff --git a/test/certs/cross-root.pem b/test/certs/cross-root.pem new file mode 100644 index 0000000000..dca5b10b91 --- /dev/null +++ b/test/certs/cross-root.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApDcm9z +cyBSb290MCAXDTIxMDgzMDE4MzMyNloYDzIxMjEwODMxMTgzMzI2WjAVMRMwEQYD +VQQDDApDcm9zcyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +kpH8JGF0yRS+CCAkUBV44unl/SNTSPexgbtmJPHo8HLTLbXCU5QS2KWERUJ2YLC8 +FRIQNuSipUjT8zz6xFYqU+S5eSeroVhARixxE4fEMeLCOdPAds1D/trZw2qWLZOT +DUlXUGV1besCbrF2PL3efJxzy6OM6+tTE8K49y3dJVNfGB7cZxkjDGDz08XnBNJo +2FNN/BC8WTHZU/lUgtCjgSXXY+uPpF0XYg7UBlVhOfDLV+f9fC4EmNyf4bzYZnFr +mOtdaYF3JsAz60p9Xw3kahvO0LPCp4ktXbVhwwlVv+SmTkHi3CulU2hHZ8HT2EOw +YiaePt8qSphK3U/U2AbPFwIDAQABo1MwUTAdBgNVHQ4EFgQUL16/ihJvr2w9I5k6 +3jjZ13SPW20wHwYDVR0jBBgwFoAUL16/ihJvr2w9I5k63jjZ13SPW20wDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUiqf8oQaPX3aW6I+dcRhsq5g +bpYF0X5jePk6UqWu86YcmpoRtGLH7e5aHGJYqrVrkOoo0q4eTL3Pm1/sB3omPRMb +ey/i7Z70wwd5yI8iz/WBmQDahYxq5wSDsUSdZDL0kSyoU2jCwXUPtuC6F1kMZBFI +uUeaFcF8oKVGuOHvZgj/FMBpT7tyjdPpDG4uo6AT04AKGhf5xO5UY2N+uqmEsXHK +HsKAEMrVhdeU5mbrfifvSkMYcYgJOX1KFP+t4U+ogqCHy1/Nfhq+WG1XN5GwhtuO +ze25NqI6ZvA2og4AoeIzvJ/+Nfl5PNtClm0IjbGvR77oOBMs71lO4GjUYj9eiw== +-----END CERTIFICATE----- diff --git a/test/certs/root-cross-cert.pem b/test/certs/root-cross-cert.pem new file mode 100644 index 0000000000..1339c32873 --- /dev/null +++ b/test/certs/root-cross-cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApDcm9z +cyBSb290MCAXDTIxMDgzMDE4MzYzOFoYDzIxMjEwODMxMTgzNjM4WjASMRAwDgYD +VQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA +9Qa8oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25 +ZyjSfeMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3 +ngfNwCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6L +fi7gMUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7O +Jb3uaa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2F +f3fftWgiQ35mJCOvxQIDAQABo1MwUTAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOc +TXL3o1IwHwYDVR0jBBgwFoAUL16/ihJvr2w9I5k63jjZ13SPW20wDwYDVR0TAQH/ +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHi+qdZF/jJrR/F3L60JVLOOUhTpi +LxFFBksZPVaiVf+6R8pSMy0WtDEkzGT430ji6V4i8O/70HXIG9n9pCye8sLsOl6D +exXj/MkwwSd3J0Y58zd8ZwMrK9m/jyFrk9TlWokfIFL/eC8VFsu7qmSSRLIjMuxc +YPPisgR5+WPcus7Jf8auqcYw8eW0GPc1ugJobwucs5e/TinksMfwQrzEydmOPoWI +Pfur7MjPr5IQXROtQv+CihMigPIHvi73YzSe5zdPCw8JcuZ5vBi2pwquvzvGLtMM +Btln/SwonyQMks5WV4dOk6NOB73mCMywCir4ybp9ElJMaUGEF9nLO+h8Fg== +-----END CERTIFICATE----- diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 49aab7118f..020f6ce973 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -9,6 +9,8 @@ DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired ./mkcert.sh genss "Root CA" root-key root-nonca ./mkcert.sh genroot "Root CA" root-key2 root-cert2 ./mkcert.sh genroot "Root Cert 2" root-key root-name2 +./mkcert.sh genroot "Cross Root" cross-key cross-root +./mkcert.sh genca "Root CA" root-key root-cross-cert cross-key cross-root # openssl x509 -in root-cert.pem -trustout \ -addtrust serverAuth -out root+serverAuth.pem diff --git a/test/dane-cross.in b/test/dane-cross.in new file mode 100644 index 0000000000..81252a110e --- /dev/null +++ b/test/dane-cross.in @@ -0,0 +1,113 @@ +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# Blank and comment lines ignored. +# +# The first line in each block takes the form: +# +# <TLSA-count> <cert-count> <nonamechecks> <desired-verify-result> <desired-match-depth> +# +# It is followed by <TLSA-count> lines of the form: +# +# <usage> <selector> <mtype> <hex-data> +# +# and finally, by <cert-count> certificates. + +# 1 +# Ensure TLSA with direct root works when peer chain provides a +# cross-cert. +1 4 0 0 2 +2 0 0 308202f1308201d9a003020102020101300d06092a864886f70d01010b050030123110300e06035504030c07526f6f742043413020170d3136303131353038313934395a180f32313136303131363038313934395a30123110300e06035504030c07526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e1e600f506bca04638790f3f1e7119136d02df2b9b766bfcacb021edd69108423ba56335ec525ba0a24ac5d6009403975a3db96728d27de3215ca4edc63c8d8e84d19d54c33dd974a296766771f9c61a5077b3fd78ee5be0e38c8923c29a22ec3ed4379e07cdc02b5511173a34421c690d3a18b0ed15945ec6fd9e87c61ce7941a92c05f05c17343e503de0991c924ced88e8b7e2ee03148d1862a6a55267ae80b364e97b1e0a4c9da5c694b0380085683a31fb22ab8c14cfec5b14dd4c001aaedbece25bdee69adf607cd6e2ba18954f568eb9809edc96066cb33624a03b068d60eab5fc135557efd46eebaebdcb6a2a3ed857f77dfb56822437e662423afc50203010001a350304e301d0603551d0e041604148ef525af1e9b6b843d7c809ac9539c4d72f7a352301f0603551d230418301680148ef525af1e9b6b843d7c809ac9539c4d72f7a352300c0603551d13040530030101ff300d06092a864886f70d01010b05000382010100c91449c76ed660ea203d76693df00cb7ca6d6a9affba02d618b9706f32b24a8c8ba68576fd8340bd300607dd2216aeb1fee8e3acae35fc44b4a77bf7f3f41fbb1a36e2071981cfe860b57652a47eb860b1ebca763962d872d06c011b5858e1203e11c56fd695c5c3902b2647b62bc35f4c0b197fa7a99a075fd21899cd2c6e944144ccf146c0a16f30f9adef6467936b8248c0e8327b8d88761a2b4e33aa085370ddf7ea64ddb084905520472f6a37f93e0327aa1f541c6f92d4f8c4e6970f1b9b2ce630e05981d7a0b4ee07b2170130ed39e0a481dd649f04f0ce6c4859d2f9bf970eb74c68bcf3220cb65926714da0d112a979023de86e907aa1f2285de9f0 +subject=CN = server.example +issuer=CN = CA +notBefore=Jan 15 08:19:49 2016 GMT +notAfter=Jan 16 08:19:49 2116 GMT +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0xNjAxMTUwODE5NDlaGA8yMTE2MDExNjA4MTk0OVowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjfTB7MB0GA1UdDgQWBBTnm+IqrYpsOst2UeWOB5gi +l+FzojAfBgNVHSMEGDAWgBS0ETPx1+Je91OeICIQT4YGvx/JXjAJBgNVHRMEAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBkGA1UdEQQSMBCCDnNlcnZlci5leGFtcGxl +MA0GCSqGSIb3DQEBCwUAA4IBAQBBtDxPYULl5b7VFC7/U0NgV8vTJk4zpPnUMMQ4 +QF2AWDFAek8oLKrz18KQ8M/DEhDxgkaoeXEMLT6BJUEVNYuFEYHEDGarl0nMDRXL +xOgAExfz3Tf/pjsLaha5aWH7NyCSKWC+lYkIOJ/Kb/m/6QsDJoXsEC8AhrPfqJhz +UzsCoxIlaDWqawH4+S8bdeX0tvs2VtJk/WOJHxMqXra6kgI4fAgyvr2kIZHinQ3y +cgX40uAC38bwpE95kJ7FhSfQlE1Rt7sOspUj098Dd0RNDn2uKyOTxEqIELHfw4AX +O3XAzt8qDyho8nEd/xiQ6qgsQnvXa+hSRJw42g3/czVskxRx +-----END CERTIFICATE----- +subject=CN = CA +issuer=CN = Root CA +notBefore=Jan 15 08:19:49 2016 GMT +notAfter=Jan 16 08:19:49 2116 GMT +-----BEGIN CERTIFICATE----- +MIIC7DCCAdSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjANMQswCQYDVQQD +DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd +j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz +n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W +l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l +YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc +ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 +CLNNsUcCAwEAAaNQME4wHQYDVR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8G +A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBADnZ9uXGAdwfNC3xuERIlBwgLROeBRGgcfHWdXZB/tWk +IM9ox88wYKWynanPbra4n0zhepooKt+naeY2HLR8UgwT6sTi0Yfld9mjytA8/DP6 +AcqtIDDf60vNI00sgxjgZqofVayA9KShzIPzjBec4zI1sg5YzoSNyH28VXFstEpi +8CVtmRYQHhc2gDI9MGge4sHRYwaIFkegzpwcEUnp6tTVe9ZvHawgsXF/rCGfH4M6 +uNO0D+9Md1bdW7382yOtWbkyibsugqnfBYCUH6hAhDlfYzpba2Smb0roc6Crq7HR +5HpEYY6qEir9wFMkD5MZsWrNRGRuzd5am82J+aaHz/4= +-----END CERTIFICATE----- +subject=CN = Root CA +issuer=CN = Cross Root +notBefore=Aug 30 18:36:38 2021 GMT +notAfter=Aug 31 18:36:38 2121 GMT +-----BEGIN CERTIFICATE----- +MIIC9zCCAd+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApDcm9z +cyBSb290MCAXDTIxMDgzMDE4MzYzOFoYDzIxMjEwODMxMTgzNjM4WjASMRAwDgYD +VQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA +9Qa8oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25 +ZyjSfeMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3 +ngfNwCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6L +fi7gMUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7O +Jb3uaa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2F +f3fftWgiQ35mJCOvxQIDAQABo1MwUTAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOc +TXL3o1IwHwYDVR0jBBgwFoAUL16/ihJvr2w9I5k63jjZ13SPW20wDwYDVR0TAQH/ +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHi+qdZF/jJrR/F3L60JVLOOUhTpi +LxFFBksZPVaiVf+6R8pSMy0WtDEkzGT430ji6V4i8O/70HXIG9n9pCye8sLsOl6D +exXj/MkwwSd3J0Y58zd8ZwMrK9m/jyFrk9TlWokfIFL/eC8VFsu7qmSSRLIjMuxc +YPPisgR5+WPcus7Jf8auqcYw8eW0GPc1ugJobwucs5e/TinksMfwQrzEydmOPoWI +Pfur7MjPr5IQXROtQv+CihMigPIHvi73YzSe5zdPCw8JcuZ5vBi2pwquvzvGLtMM +Btln/SwonyQMks5WV4dOk6NOB73mCMywCir4ybp9ElJMaUGEF9nLO+h8Fg== +-----END CERTIFICATE----- +subject=CN = Cross Root +issuer=CN = Cross Root +notBefore=Aug 30 18:33:26 2021 GMT +notAfter=Aug 31 18:33:26 2121 GMT +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApDcm9z +cyBSb290MCAXDTIxMDgzMDE4MzMyNloYDzIxMjEwODMxMTgzMzI2WjAVMRMwEQYD +VQQDDApDcm9zcyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +kpH8JGF0yRS+CCAkUBV44unl/SNTSPexgbtmJPHo8HLTLbXCU5QS2KWERUJ2YLC8 +FRIQNuSipUjT8zz6xFYqU+S5eSeroVhARixxE4fEMeLCOdPAds1D/trZw2qWLZOT +DUlXUGV1besCbrF2PL3efJxzy6OM6+tTE8K49y3dJVNfGB7cZxkjDGDz08XnBNJo +2FNN/BC8WTHZU/lUgtCjgSXXY+uPpF0XYg7UBlVhOfDLV+f9fC4EmNyf4bzYZnFr +mOtdaYF3JsAz60p9Xw3kahvO0LPCp4ktXbVhwwlVv+SmTkHi3CulU2hHZ8HT2EOw +YiaePt8qSphK3U/U2AbPFwIDAQABo1MwUTAdBgNVHQ4EFgQUL16/ihJvr2w9I5k6 +3jjZ13SPW20wHwYDVR0jBBgwFoAUL16/ihJvr2w9I5k63jjZ13SPW20wDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUiqf8oQaPX3aW6I+dcRhsq5g +bpYF0X5jePk6UqWu86YcmpoRtGLH7e5aHGJYqrVrkOoo0q4eTL3Pm1/sB3omPRMb +ey/i7Z70wwd5yI8iz/WBmQDahYxq5wSDsUSdZDL0kSyoU2jCwXUPtuC6F1kMZBFI +uUeaFcF8oKVGuOHvZgj/FMBpT7tyjdPpDG4uo6AT04AKGhf5xO5UY2N+uqmEsXHK +HsKAEMrVhdeU5mbrfifvSkMYcYgJOX1KFP+t4U+ogqCHy1/Nfhq+WG1XN5GwhtuO +ze25NqI6ZvA2og4AoeIzvJ/+Nfl5PNtClm0IjbGvR77oOBMs71lO4GjUYj9eiw== +-----END CERTIFICATE----- diff --git a/test/danetest.c b/test/danetest.c index 54a79ab51f..3cd3c95c69 100644 --- a/test/danetest.c +++ b/test/danetest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -152,7 +152,7 @@ err: static char *read_to_eol(BIO *f) { - static char buf[1024]; + static char buf[4096]; int n; if (!BIO_gets(f, buf, sizeof(buf))) diff --git a/test/data.bin b/test/data.bin new file mode 100644 index 0000000000..3442255280 --- /dev/null +++ b/test/data.bin @@ -0,0 +1,4 @@ +TEST DATA + +Please note that if a test involves a new testing executable, +you will need to do some additions in test/build.info. diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c index 5b708e201c..45a36ab94a 100644 --- a/test/ec_internal_test.c +++ b/test/ec_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -283,6 +283,47 @@ static int decoded_flag_test(void) return testresult; } +static +int ecpkparams_i2d2i_test(int n) +{ + EC_GROUP *g1 = NULL, *g2 = NULL; + FILE *fp = NULL; + int nid = curves[n].nid; + int testresult = 0; + + /* create group */ + if (!TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) + goto end; + + /* encode params to file */ + if (!TEST_ptr(fp = fopen("params.der", "wb")) + || !TEST_true(i2d_ECPKParameters_fp(fp, g1))) + goto end; + + /* flush and close file */ + if (!TEST_int_eq(fclose(fp), 0)) { + fp = NULL; + goto end; + } + fp = NULL; + + /* decode params from file */ + if (!TEST_ptr(fp = fopen("params.der", "rb")) + || !TEST_ptr(g2 = d2i_ECPKParameters_fp(fp, NULL))) + goto end; + + testresult = 1; /* PASS */ + +end: + if (fp != NULL) + fclose(fp); + + EC_GROUP_free(g1); + EC_GROUP_free(g2); + + return testresult; +} + int setup_tests(void) { crv_len = EC_get_builtin_curves(NULL, 0); @@ -297,6 +338,8 @@ int setup_tests(void) #endif ADD_ALL_TESTS(field_tests_default, crv_len); ADD_TEST(decoded_flag_test); + ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len); + return 1; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 3eea4b0fba..a0d1de94a2 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <openssl/aes.h> #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/err.h> @@ -19,6 +20,7 @@ #include <openssl/pem.h> #include <openssl/kdf.h> #include <openssl/dh.h> +#include <openssl/engine.h> #include "testutil.h" #include "internal/nelem.h" #include "crypto/evp.h" @@ -1758,10 +1760,249 @@ static int test_EVP_PKEY_set1_DH(void) return ret; } -#endif +#endif /* OPENSSL_NO_DH */ + +typedef struct { + int data; +} custom_dgst_ctx; + +static int custom_md_init_called = 0; +static int custom_md_cleanup_called = 0; + +static int custom_md_init(EVP_MD_CTX *ctx) +{ + custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); + + if (p == NULL) + return 0; + + custom_md_init_called++; + return 1; +} + +static int custom_md_cleanup(EVP_MD_CTX *ctx) +{ + custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); + + if (p == NULL) + /* Nothing to do */ + return 1; + + custom_md_cleanup_called++; + return 1; +} + +static int test_custom_md_meth(void) +{ + EVP_MD_CTX *mdctx = NULL; + EVP_MD *tmp = NULL; + char mess[] = "Test Message\n"; + unsigned char md_value[EVP_MAX_MD_SIZE]; + unsigned int md_len; + int testresult = 0; + int nid; + + custom_md_init_called = custom_md_cleanup_called = 0; + + nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); + if (!TEST_int_ne(nid, NID_undef)) + goto err; + tmp = EVP_MD_meth_new(nid, NID_undef); + if (!TEST_ptr(tmp)) + goto err; + + if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) + || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) + || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, + sizeof(custom_dgst_ctx)))) + goto err; + + mdctx = EVP_MD_CTX_new(); + if (!TEST_ptr(mdctx) + /* + * Initing our custom md and then initing another md should + * result in the init and cleanup functions of the custom md + * from being called. + */ + || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) + || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) + || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) + || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) + || !TEST_int_eq(custom_md_init_called, 1) + || !TEST_int_eq(custom_md_cleanup_called, 1)) + goto err; + + testresult = 1; + err: + EVP_MD_CTX_free(mdctx); + EVP_MD_meth_free(tmp); + return testresult; +} + +#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) +/* Test we can create a signature keys with an associated ENGINE */ +static int test_signatures_with_engine(int tst) +{ + ENGINE *e; + const char *engine_id = "dasync"; + EVP_PKEY *pkey = NULL; + const unsigned char badcmackey[] = { 0x00, 0x01 }; + const unsigned char cmackey[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f + }; + const unsigned char ed25519key[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }; + const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; + int testresult = 0; + EVP_MD_CTX *ctx = NULL; + unsigned char *mac = NULL; + size_t maclen = 0; + int ret; + +# ifdef OPENSSL_NO_CMAC + /* Skip CMAC tests in a no-cmac build */ + if (tst <= 1) + return 1; +# endif + + if (!TEST_ptr(e = ENGINE_by_id(engine_id))) + return 0; + + if (!TEST_true(ENGINE_init(e))) { + ENGINE_free(e); + return 0; + } + + switch (tst) { + case 0: + pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), + EVP_aes_128_cbc()); + break; + case 1: + pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), + EVP_aes_128_cbc()); + break; + case 2: + pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, + sizeof(ed25519key)); + break; + default: + TEST_error("Invalid test case"); + goto err; + } + if (tst == 1) { + /* + * In 1.1.1 CMAC keys will fail to during EVP_PKEY_new_CMAC_key() if the + * key is bad. In later versions this isn't detected until later. + */ + if (!TEST_ptr_null(pkey)) + goto err; + } else { + if (!TEST_ptr(pkey)) + goto err; + } + + if (tst == 0 || tst == 1) { + /* + * We stop the test here for tests 0 and 1. The dasync engine doesn't + * actually support CMAC in 1.1.1. + */ + testresult = 1; + goto err; + } + + if (!TEST_ptr(ctx = EVP_MD_CTX_new())) + goto err; + + ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, + pkey); + if (tst == 0) { + if (!TEST_true(ret)) + goto err; + + if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) + || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) + goto err; + + if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) + goto err; + + if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) + goto err; + } else { + /* We used a bad key. We expect a failure here */ + if (!TEST_false(ret)) + goto err; + } + + testresult = 1; + err: + EVP_MD_CTX_free(ctx); + OPENSSL_free(mac); + EVP_PKEY_free(pkey); + ENGINE_finish(e); + ENGINE_free(e); + + return testresult; +} + +static int test_cipher_with_engine(void) +{ + ENGINE *e; + const char *engine_id = "dasync"; + const unsigned char keyiv[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f + }; + const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; + int testresult = 0; + EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; + unsigned char buf[AES_BLOCK_SIZE]; + int len = 0; + + if (!TEST_ptr(e = ENGINE_by_id(engine_id))) + return 0; + + if (!TEST_true(ENGINE_init(e))) { + ENGINE_free(e); + return 0; + } + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) + goto err; + + if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) + goto err; + + /* Copy the ctx, and complete the operation with the new ctx */ + if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) + goto err; + + if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) + || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) + goto err; + + testresult = 1; + err: + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_free(ctx2); + ENGINE_finish(e); + ENGINE_free(e); + + return testresult; +} +#endif /* !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */ int setup_tests(void) { +#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) + ENGINE_load_builtin_engines(); +#endif ADD_TEST(test_EVP_DigestSignInit); ADD_TEST(test_EVP_DigestVerifyInit); ADD_TEST(test_EVP_Enveloped); @@ -1801,5 +2042,15 @@ int setup_tests(void) ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); + ADD_TEST(test_custom_md_meth); +#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) +# ifndef OPENSSL_NO_EC + ADD_ALL_TESTS(test_signatures_with_engine, 3); +# else + ADD_ALL_TESTS(test_signatures_with_engine, 2); +# endif + ADD_TEST(test_cipher_with_engine); +#endif + return 1; } diff --git a/test/evp_test.c b/test/evp_test.c index abb51384e8..62f20ece37 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1777,7 +1777,7 @@ static int kdf_test_run(EVP_TEST *t) unsigned char *got = NULL; size_t got_len = expected->output_len; - if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { t->err = "INTERNAL_ERROR"; goto err; } diff --git a/test/packettest.c b/test/packettest.c index 6c82d04414..5816158a33 100644 --- a/test/packettest.c +++ b/test/packettest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -302,7 +302,7 @@ static int test_PACKET_forward(void) static int test_PACKET_buf_init(void) { - unsigned char buf1[BUF_LEN]; + unsigned char buf1[BUF_LEN] = { 0 }; PACKET pkt; /* Also tests PACKET_remaining() */ diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t index 7f2a2d75b8..16395eeaf1 100644 --- a/test/recipes/01-test_symbol_presence.t +++ b/test/recipes/01-test_symbol_presence.t @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: Perl -*- -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -37,12 +37,12 @@ foreach my $libname (@libnames) { *OSTDOUT = *STDOUT; open STDERR, ">", devnull(); open STDOUT, ">", devnull(); - my @nm_lines = map { s|\R$||; $_ } `nm -Pg $shlibpath 2> /dev/null`; + my @nm_lines = map { s|\R$||; $_ } `nm -DPg $shlibpath 2> /dev/null`; close STDERR; close STDOUT; *STDERR = *OSTDERR; *STDOUT = *OSTDOUT; - skip "Can't run 'nm -Pg $shlibpath' => $?... ignoring", 2 + skip "Can't run 'nm -DPg $shlibpath' => $?... ignoring", 2 unless $? == 0; my $bldtop = bldtop_dir(); @@ -57,7 +57,17 @@ foreach my $libname (@libnames) { note "Number of lines in \@def_lines before massaging: ", scalar @def_lines; # Massage the nm output to only contain defined symbols - @nm_lines = sort map { s| .*||; $_ } grep(m|.* [BCDST] .*|, @nm_lines); + @nm_lines = + sort + map { + # Drop the first space and everything following it + s| .*||; + # Drop OpenSSL dynamic version information if there is any + s|\@\@OPENSSL_[0-9._]+[a-z]?$||; + # Return the result + $_ + } + grep(m|.* [BCDST] .*|, @nm_lines); # Massage the mkdef.pl output to only contain global symbols # The output we got is in Unix .map format, which has a global diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt index 5ea4d031f2..6c94a0f025 100644 --- a/test/recipes/10-test_bn_data/bnmod.txt +++ b/test/recipes/10-test_bn_data/bnmod.txt @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + +# Negative testcases for BN_mod_sqrt() + +# This one triggers an infinite loop with unfixed implementation +# It should just fail. +ModSqrt = -1 +A = 20a7ee +P = 460201 + +ModSqrt = -1 +A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed +P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index e16a9a4042..71d6836c12 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; setup("test_genrsa"); -plan tests => 5; +plan tests => 7; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); @@ -52,3 +52,8 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), "genrsa -f4 $good"); ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), "rsa -check"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', + '-aes256', '-passout', 'pass:x' ])), + "rsa encrypt"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), + "rsa decrypt"); diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t index 13c2b3af4b..f96ff118b1 100644 --- a/test/recipes/20-test_dgst.t +++ b/test/recipes/20-test_dgst.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,12 +11,12 @@ use strict; use warnings; use File::Spec; -use OpenSSL::Test qw/:DEFAULT with srctop_file/; +use OpenSSL::Test qw/:DEFAULT with srctop_file bldtop_dir/; use OpenSSL::Test::Utils; setup("test_dgst"); -plan tests => 5; +plan tests => 6; sub tsignverify { my $testtext = shift; @@ -102,3 +102,22 @@ SKIP: { srctop_file("test","tested448pub.pem")); }; } + +SKIP: { + skip "dgst with engine is not supported by this OpenSSL build", 1 + if disabled("engine") || disabled("dynamic-engine"); + + subtest "SHA1 generation by engine with `dgst` CLI" => sub { + plan tests => 1; + + my $testdata = srctop_file('test', 'data.bin'); + # intentionally using -engine twice, please do not remove the duplicate line + my @macdata = run(app(['openssl', 'dgst', '-sha1', + '-engine', "ossltest", + '-engine', "ossltest", + $testdata]), capture => 1); + chomp(@macdata); + my $expected = qr/SHA1\(\Q$testdata\E\)= 000102030405060708090a0b0c0d0e0f10111213/; + ok($macdata[0] =~ $expected, "SHA1: Check HASH value is as expected ($macdata[0]) vs ($expected)"); + } +} diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt index 9a6cc28385..7ff67718e8 100644 --- a/test/recipes/30-test_evp_data/evpkdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -294,12 +294,12 @@ Ctrl.r = r:8 Ctrl.p = p:1 Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887 -# Out of memory +# Out of memory - request > 2 GB of memory KDF = scrypt Ctrl.pass = pass:pleaseletmein Ctrl.salt = salt:SodiumChloride -Ctrl.N = N:1048576 +Ctrl.N = N:2097152 Ctrl.r = r:8 Ctrl.p = p:1 -Result = INTERNAL_ERROR +Result = KDF_DERIVE_ERROR diff --git a/test/recipes/70-test_verify_extra.t b/test/recipes/70-test_verify_extra.t index 8c7c9576ce..91aecc56ee 100644 --- a/test/recipes/70-test_verify_extra.t +++ b/test/recipes/70-test_verify_extra.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -7,14 +7,11 @@ # https://www.openssl.org/source/license.html -use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_dir/; setup("test_verify_extra"); plan tests => 1; ok(run(test(["verify_extra_test", - srctop_file("test", "certs", "roots.pem"), - srctop_file("test", "certs", "untrusted.pem"), - srctop_file("test", "certs", "bad.pem"), - srctop_file("test", "certs", "rootCA.pem")]))); + srctop_dir("test", "certs")]))); diff --git a/test/recipes/80-test_dane.t b/test/recipes/80-test_dane.t index 527e663459..e26a66551c 100644 --- a/test/recipes/80-test_dane.t +++ b/test/recipes/80-test_dane.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -17,8 +17,12 @@ setup("test_dane"); plan skip_all => "test_dane uses ec which is not supported by this OpenSSL build" if disabled("ec"); -plan tests => 1; # The number of tests being performed +plan tests => 2; # The number of tests being performed ok(run(test(["danetest", "example.com", srctop_file("test", "danetest.pem"), srctop_file("test", "danetest.in")])), "dane tests"); + +ok(run(test(["danetest", "server.example", + srctop_file("test", "certs", "cross-root.pem"), + srctop_file("test", "dane-cross.in")])), "dane cross CA test"); diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 6f5fdb7669..19772f61ef 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -476,7 +476,7 @@ sub testssl { subtest 'RSA/(EC)DHE/PSK tests' => sub { ###################################################################### - plan tests => 6; + plan tests => 10; SKIP: { skip "TLSv1.0 is not supported by this OpenSSL build", 6 @@ -519,11 +519,48 @@ sub testssl { skip "skipping auto PSK tests", 1 if ($no_dh || $no_psk || $no_ec); - ok(run(test(['ssltest_old', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])), + ok(run(test(['ssltest_old', '-dhe2048', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])), 'test auto DH meets security strength'); } } + SKIP: { + skip "TLSv1.1 is not supported by this OpenSSL build", 4 + if $no_tls1_1; + + SKIP: { + skip "skipping auto DHE PSK test at SECLEVEL 3", 1 + if ($no_dh || $no_psk); + + ok(run(test(['ssltest_old', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), + 'test auto DHE PSK meets security strength'); + } + + SKIP: { + skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1 + if ($no_ec || $no_psk); + + ok(run(test(['ssltest_old', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), + 'test auto ECDHE PSK meets security strength'); + } + + SKIP: { + skip "skipping no RSA PSK at SECLEVEL 3 test", 1 + if ($no_rsa || $no_psk); + + ok(!run(test(['ssltest_old', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), + 'test auto RSA PSK does not meet security level 3 requirements (PFS)'); + } + + SKIP: { + skip "skipping no PSK at SECLEVEL 3 test", 1 + if ($no_psk); + + ok(!run(test(['ssltest_old', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), + 'test auto PSK does not meet security level 3 requirements (PFS)'); + } + } + }; subtest 'Custom Extension tests' => sub { diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index 18b1407c97..4951cd3e30 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -210,6 +210,7 @@ static int test_sm2_crypt(const EC_GROUP *group, static int sm2_crypt_test(void) { int testresult = 0; + EC_GROUP *gm_group = NULL; EC_GROUP *test_group = create_EC_group ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", @@ -252,9 +253,49 @@ static int sm2_crypt_test(void) "88E3C5AAFC0413229E6C9AEE2BB92CAD649FE2C035689785DA33")) goto done; + /* From Annex C in both GM/T0003.5-2012 and GB/T 32918.5-2016.*/ + gm_group = create_EC_group( + "fffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff", + "fffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc", + "28e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e93", + "32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7", + "bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0", + "fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123", + "1"); + + if (!TEST_ptr(gm_group)) + goto done; + + if (!test_sm2_crypt( + gm_group, + EVP_sm3(), + /* privkey (from which the encrypting public key is derived) */ + "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8", + /* plaintext message */ + "encryption standard", + /* ephemeral nonce k */ + "59276E27D506861A16680F3AD9C02DCCEF3CC1FA3CDBE4CE6D54B80DEAC1BC21", + /* + * expected ciphertext, the field values are from GM/T 0003.5-2012 + * (Annex C), but serialized following the ASN.1 format specified + * in GM/T 0009-2012 (Sec. 7.2). + */ + "307C" /* SEQUENCE, 0x7c bytes */ + "0220" /* INTEGER, 0x20 bytes */ + "04EBFC718E8D1798620432268E77FEB6415E2EDE0E073C0F4F640ECD2E149A73" + "0221" /* INTEGER, 0x21 bytes */ + "00" /* leading 00 due to DER for pos. int with topmost bit set */ + "E858F9D81E5430A57B36DAAB8F950A3C64E6EE6A63094D99283AFF767E124DF0" + "0420" /* OCTET STRING, 0x20 bytes */ + "59983C18F809E262923C53AEC295D30383B54E39D609D160AFCB1908D0BD8766" + "0413" /* OCTET STRING, 0x13 bytes */ + "21886CA989CA9C7D58087307CA93092D651EFA")) + goto done; + testresult = 1; done: EC_GROUP_free(test_group); + EC_GROUP_free(gm_group); return testresult; } diff --git a/test/sslapitest.c b/test/sslapitest.c index d311bb2ad3..21322ceec5 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4110,6 +4110,11 @@ static int sni_cb(SSL *s, int *al, void *arg) return SSL_TLSEXT_ERR_OK; } +static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + return 1; +} + /* * Custom call back tests. * Test 0: Old style callbacks in TLSv1.2 @@ -4117,6 +4122,7 @@ static int sni_cb(SSL *s, int *al, void *arg) * Test 2: New style callbacks in TLSv1.2 with SNI * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST + * Test 5: New style callbacks in TLSv1.3. Extensions in CR + Client Cert */ static int test_custom_exts(int tst) { @@ -4158,7 +4164,19 @@ static int test_custom_exts(int tst) SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3); } - if (tst == 4) { + if (tst == 5) { + context = SSL_EXT_TLS1_3_CERTIFICATE_REQUEST + | SSL_EXT_TLS1_3_CERTIFICATE; + SSL_CTX_set_verify(sctx, + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verify_cb); + if (!TEST_int_eq(SSL_CTX_use_certificate_file(cctx, cert, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(cctx, privkey, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(cctx), 1)) + goto end; + } else if (tst == 4) { context = SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO @@ -4254,6 +4272,12 @@ static int test_custom_exts(int tst) || (tst != 2 && snicb != 0) || (tst == 2 && snicb != 1)) goto end; + } else if (tst == 5) { + if (clntaddnewcb != 1 + || clntparsenewcb != 1 + || srvaddnewcb != 1 + || srvparsenewcb != 1) + goto end; } else { /* In this case there 2 NewSessionTicket messages created */ if (clntaddnewcb != 1 @@ -4270,8 +4294,8 @@ static int test_custom_exts(int tst) SSL_free(clientssl); serverssl = clientssl = NULL; - if (tst == 3) { - /* We don't bother with the resumption aspects for this test */ + if (tst == 3 || tst == 5) { + /* We don't bother with the resumption aspects for these tests */ testresult = 1; goto end; } @@ -6250,11 +6274,6 @@ static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) return 1; } -static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) -{ - return 1; -} - static int test_client_cert_cb(int tst) { SSL_CTX *cctx = NULL, *sctx = NULL; @@ -6922,7 +6941,7 @@ int setup_tests(void) #else ADD_ALL_TESTS(test_tls13_psk, 4); #endif /* OPENSSL_NO_PSK */ - ADD_ALL_TESTS(test_custom_exts, 5); + ADD_ALL_TESTS(test_custom_exts, 6); ADD_TEST(test_stateless); ADD_TEST(test_pha_key_update); #else diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 36e6031f3a..3601066b50 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -95,6 +95,8 @@ struct app_verify_arg { static DH *get_dh512(void); static DH *get_dh1024(void); static DH *get_dh1024dsa(void); +static DH *get_dh2048(void); +static DH *get_dh4096(void); #endif static char *psk_key = NULL; /* by default PSK is not used */ @@ -641,6 +643,10 @@ static void sv_usage(void) " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); + fprintf(stderr, + " -dhe2048 - use 2048 bit key (rfc3526 prime) for DHE\n"); + fprintf(stderr, + " -dhe4096 - use 4096 bit key (rfc3526 prime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); #endif #ifndef OPENSSL_NO_EC @@ -655,6 +661,12 @@ static void sv_usage(void) #ifndef OPENSSL_NO_TLS1 fprintf(stderr, " -tls1 - use TLSv1\n"); #endif +#ifndef OPENSSL_NO_TLS1_1 + fprintf(stderr, " -tls1_1 - use TLSv1.1\n"); +#endif +#ifndef OPENSSL_NO_TLS1_2 + fprintf(stderr, " -tls1_2 - use TLSv1.2\n"); +#endif #ifndef OPENSSL_NO_DTLS fprintf(stderr, " -dtls - use DTLS\n"); #ifndef OPENSSL_NO_DTLS1 @@ -838,12 +850,14 @@ static SSL_SESSION *read_session(const char *filename) static int write_session(const char *filename, SSL_SESSION *sess) { - BIO *f = BIO_new_file(filename, "w"); + BIO *f; if (sess == NULL) { BIO_printf(bio_err, "No session information\n"); return 0; } + + f = BIO_new_file(filename, "w"); if (f == NULL) { BIO_printf(bio_err, "Can't open session file %s\n", filename); ERR_print_errors(bio_err); @@ -878,7 +892,7 @@ int main(int argc, char *argv[]) int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0, ssl3 = 0; int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; @@ -895,6 +909,7 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_DH DH *dh; int dhe512 = 0, dhe1024dsa = 0; + int dhe2048 = 0, dhe4096 = 0; #endif int no_dhe = 0; int no_psk = 0; @@ -990,6 +1005,20 @@ int main(int argc, char *argv[]) fprintf(stderr, "ignoring -dhe512, since I'm compiled without DH\n"); #endif + } else if (strcmp(*argv, "-dhe4096") == 0) { +#ifndef OPENSSL_NO_DH + dhe4096 = 1; +#else + fprintf(stderr, + "ignoring -dhe4096, since I'm compiled without DH\n"); +#endif + } else if (strcmp(*argv, "-dhe2048") == 0) { +#ifndef OPENSSL_NO_DH + dhe2048 = 1; +#else + fprintf(stderr, + "ignoring -dhe2048, since I'm compiled without DH\n"); +#endif } else if (strcmp(*argv, "-dhe1024dsa") == 0) { #ifndef OPENSSL_NO_DH dhe1024dsa = 1; @@ -1016,6 +1045,8 @@ int main(int argc, char *argv[]) } else if (strcmp(*argv, "-tls1_2") == 0) { tls1_2 = 1; + } else if (strcmp(*argv, "-tls1_1") == 0) { + tls1_1 = 1; } else if (strcmp(*argv, "-tls1") == 0) { tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { @@ -1226,8 +1257,8 @@ int main(int argc, char *argv[]) goto end; } - if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should " + if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); EXIT(1); } @@ -1242,6 +1273,11 @@ int main(int argc, char *argv[]) no_protocol = 1; else #endif +#ifdef OPENSSL_NO_TLS1_1 + if (tls1_1) + no_protocol = 1; + else +#endif #ifdef OPENSSL_NO_TLS1_2 if (tls1_2) no_protocol = 1; @@ -1271,11 +1307,11 @@ int main(int argc, char *argv[]) goto end; } - if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 + if (!ssl3 && !tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" + "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1327,6 +1363,9 @@ int main(int argc, char *argv[]) } else if (tls1) { min_version = TLS1_VERSION; max_version = TLS1_VERSION; + } else if (tls1_1) { + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; } else if (tls1_2) { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; @@ -1482,6 +1521,10 @@ int main(int argc, char *argv[]) dh = get_dh1024dsa(); } else if (dhe512) dh = get_dh512(); + else if (dhe2048) + dh = get_dh2048(); + else if (dhe4096) + dh = get_dh4096(); else dh = get_dh1024(); SSL_CTX_set_tmp_dh(s_ctx, dh); @@ -3019,6 +3062,62 @@ static DH *get_dh1024dsa(void) DH_set_length(dh, 160); return dh; } + +static DH *get_dh2048(void) +{ + BIGNUM *p = NULL, *g = NULL; + DH *dh = NULL; + + if ((dh = DH_new()) == NULL) + return NULL; + + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) + goto err; + + p = BN_get_rfc3526_prime_2048(NULL); + if (p == NULL) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + + return dh; + + err: + DH_free(dh); + BN_free(p); + BN_free(g); + return NULL; +} + +static DH *get_dh4096(void) +{ + BIGNUM *p = NULL, *g = NULL; + DH *dh = NULL; + + if ((dh = DH_new()) == NULL) + return NULL; + + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) + goto err; + + p = BN_get_rfc3526_prime_4096(NULL); + if (p == NULL) + goto err; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto err; + + return dh; + + err: + DH_free(dh); + BN_free(p); + BN_free(g); + return NULL; +} #endif #ifndef OPENSSL_NO_PSK diff --git a/test/testutil/format_output.c b/test/testutil/format_output.c index 6ee2a1d266..4fa967dc05 100644 --- a/test/testutil/format_output.c +++ b/test/testutil/format_output.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -107,8 +107,10 @@ static void test_fail_string_common(const char *prefix, const char *file, if (diff && i > 0) test_printf_stderr("% 4s %s\n", "", bdiff); } - m1 += n1; - m2 += n2; + if (m1 != NULL) + m1 += n1; + if (m2 != NULL) + m2 += n2; l1 -= n1; l2 -= n2; cnt += width; @@ -495,8 +497,10 @@ static void test_fail_memory_common(const char *prefix, const char *file, if (diff && i > 0) test_printf_stderr("% 4s %s\n", "", bdiff); } - m1 += n1; - m2 += n2; + if (m1 != NULL) + m1 += n1; + if (m2 != NULL) + m2 += n2; l1 -= n1; l2 -= n2; cnt += bytes; diff --git a/test/testutil/tests.c b/test/testutil/tests.c index a60af0764f..f12bcf1ff3 100644 --- a/test/testutil/tests.c +++ b/test/testutil/tests.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -393,8 +393,8 @@ int test_BN_eq_word(const char *file, int line, const char *bns, const char *ws, if (a != NULL && BN_is_word(a, w)) return 1; - bw = BN_new(); - BN_set_word(bw, w); + if ((bw = BN_new()) != NULL) + BN_set_word(bw, w); test_fail_bignum_message(NULL, file, line, "BIGNUM", bns, ws, "==", a, bw); BN_free(bw); return 0; @@ -407,10 +407,10 @@ int test_BN_abs_eq_word(const char *file, int line, const char *bns, if (a != NULL && BN_abs_is_word(a, w)) return 1; - bw = BN_new(); - aa = BN_dup(a); - BN_set_negative(aa, 0); - BN_set_word(bw, w); + if ((aa = BN_dup(a)) != NULL) + BN_set_negative(aa, 0); + if ((bw = BN_new()) != NULL) + BN_set_word(bw, w); test_fail_bignum_message(NULL, file, line, "BIGNUM", bns, ws, "abs==", aa, bw); BN_free(bw); diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index b9959e0c66..b6bffde91e 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,14 +11,19 @@ #include <openssl/crypto.h> #include <openssl/bio.h> #include <openssl/x509.h> +#include <openssl/x509v3.h> #include <openssl/pem.h> #include <openssl/err.h> #include "testutil.h" -static const char *roots_f; -static const char *untrusted_f; -static const char *bad_f; -static const char *good_f; +static const char *certs_dir; +static char *roots_f = NULL; +static char *untrusted_f = NULL; +static char *bad_f = NULL; +static char *good_f = NULL; +static char *sroot_cert = NULL; +static char *ca_cert = NULL; +static char *ee_cert = NULL; static X509 *load_cert_pem(const char *file) { @@ -231,19 +236,110 @@ static int test_self_signed_bad(void) return test_self_signed(bad_f, 0); } +static int do_test_purpose(int purpose, int expected) +{ + X509 *eecert = load_cert_pem(ee_cert); /* may result in NULL */ + X509 *untrcert = load_cert_pem(ca_cert); + X509 *trcert = load_cert_pem(sroot_cert); + STACK_OF(X509) *trusted = sk_X509_new_null(); + STACK_OF(X509) *untrusted = sk_X509_new_null(); + X509_STORE_CTX *ctx = X509_STORE_CTX_new(); + int testresult = 0; + + if (!TEST_ptr(eecert) + || !TEST_ptr(untrcert) + || !TEST_ptr(trcert) + || !TEST_ptr(trusted) + || !TEST_ptr(untrusted) + || !TEST_ptr(ctx)) + goto err; + + + if (!TEST_true(sk_X509_push(trusted, trcert))) + goto err; + trcert = NULL; + if (!TEST_true(sk_X509_push(untrusted, untrcert))) + goto err; + untrcert = NULL; + + if (!TEST_true(X509_STORE_CTX_init(ctx, NULL, eecert, untrusted))) + goto err; + + if (!TEST_true(X509_STORE_CTX_set_purpose(ctx, purpose))) + goto err; + + /* + * X509_STORE_CTX_set0_trusted_stack() is bady named. Despite the set0 name + * we are still responsible for freeing trusted after we have finished with + * it. + */ + X509_STORE_CTX_set0_trusted_stack(ctx, trusted); + + if (!TEST_int_eq(X509_verify_cert(ctx), expected)) + goto err; + + testresult = 1; + err: + sk_X509_pop_free(trusted, X509_free); + sk_X509_pop_free(untrusted, X509_free); + X509_STORE_CTX_free(ctx); + X509_free(eecert); + X509_free(untrcert); + X509_free(trcert); + return testresult; +} + +static int test_purpose_ssl_client(void) +{ + return do_test_purpose(X509_PURPOSE_SSL_CLIENT, 0); +} + +static int test_purpose_ssl_server(void) +{ + return do_test_purpose(X509_PURPOSE_SSL_SERVER, 1); +} + +static int test_purpose_any(void) +{ + return do_test_purpose(X509_PURPOSE_ANY, 1); +} + int setup_tests(void) { - if (!TEST_ptr(roots_f = test_get_argument(0)) - || !TEST_ptr(untrusted_f = test_get_argument(1)) - || !TEST_ptr(bad_f = test_get_argument(2)) - || !TEST_ptr(good_f = test_get_argument(3))) { - TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem good.pem\n"); + if (!TEST_ptr(certs_dir = test_get_argument(0))) { + TEST_error("usage: verify_extra_test certs-dir\n"); return 0; } + if (!TEST_ptr(roots_f = test_mk_file_path(certs_dir, "roots.pem")) + || !TEST_ptr(untrusted_f = test_mk_file_path(certs_dir, "untrusted.pem")) + || !TEST_ptr(bad_f = test_mk_file_path(certs_dir, "bad.pem")) + || !TEST_ptr(good_f = test_mk_file_path(certs_dir, "rootCA.pem")) + || !TEST_ptr(sroot_cert = test_mk_file_path(certs_dir, "sroot-cert.pem")) + || !TEST_ptr(ca_cert = test_mk_file_path(certs_dir, "ca-cert.pem")) + || !TEST_ptr(ee_cert = test_mk_file_path(certs_dir, "ee-cert.pem"))) + goto err; + ADD_TEST(test_alt_chains_cert_forgery); ADD_TEST(test_store_ctx); ADD_TEST(test_self_signed_good); ADD_TEST(test_self_signed_bad); + ADD_TEST(test_purpose_ssl_client); + ADD_TEST(test_purpose_ssl_server); + ADD_TEST(test_purpose_any); return 1; + err: + cleanup_tests(); + return 0; +} + +void cleanup_tests(void) +{ + OPENSSL_free(roots_f); + OPENSSL_free(untrusted_f); + OPENSSL_free(bad_f); + OPENSSL_free(good_f); + OPENSSL_free(sroot_cert); + OPENSSL_free(ca_cert); + OPENSSL_free(ee_cert); } |