From matt at openssl.org Tue Dec 1 15:29:26 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 Dec 2015 15:29:26 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1448983766.624862.11732.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 94f98a9019e1c0a3be4ca904b2c27c7af3d937c0 (commit) from 301a6dcd4590fb2f69d08259577e215b4cc3caa3 (commit) - Log ----------------------------------------------------------------- commit 94f98a9019e1c0a3be4ca904b2c27c7af3d937c0 Author: Matt Caswell Date: Mon Nov 30 10:38:54 2015 +0000 Remove cookie validation return value trick In the DTLS ClientHello processing the return value is stored in |ret| which by default is -1. |ret| is only updated to a positive value once we are past all points where we could hit an error. We wish to return 1 on success or 2 on success *and* we have validated the DTLS cookie. Previously on successful validation of the cookie we were setting |ret| to -2, and then once we were past all error points we set |ret = -ret|. This is non-obvious behaviour and could be error prone. This commit tries to make this a bit more intuitive. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 424e50d..ee83105 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -901,7 +901,7 @@ int ssl3_send_hello_request(SSL *s) int ssl3_get_client_hello(SSL *s) { - int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1; + int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1, cookie_valid = 0; unsigned int cookie_len; long n; unsigned long id; @@ -1094,8 +1094,7 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } - /* Set to -2 so if successful we return 2 */ - ret = -2; + cookie_valid = 1; } p += cookie_len; @@ -1465,8 +1464,7 @@ int ssl3_get_client_hello(SSL *s) } } - if (ret < 0) - ret = -ret; + ret = cookie_valid ? 2 : 1; if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1476,7 +1474,7 @@ int ssl3_get_client_hello(SSL *s) if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); - return ret < 0 ? -1 : ret; + return ret; } int ssl3_send_server_hello(SSL *s) From matt at openssl.org Tue Dec 1 15:29:37 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 01 Dec 2015 15:29:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1448983777.867034.12001.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 41d049e1cda0e23ad45fbca94fc90cfe9cfee466 (commit) from 98b94544e5dcab065404de1892d2aeb726dd6491 (commit) - Log ----------------------------------------------------------------- commit 41d049e1cda0e23ad45fbca94fc90cfe9cfee466 Author: Matt Caswell Date: Mon Nov 30 10:38:54 2015 +0000 Return errors even if the cookie validation has succeeded In the DTLS ClientHello processing the return value is stored in |ret| which by default is -1. We wish to return 1 on success or 2 on success *and* we have validated the DTLS cookie. Previously on successful validation of the cookie we were setting |ret| to 2. Unfortunately if we later encounter an error then we can end up returning a successful (positive) return code from the function because we already set |ret| to a positive value. This does not appear to have a security consequence because the handshake just fails at a later point. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 5c5914e..e2beb40 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -966,7 +966,7 @@ int ssl3_check_client_hello(SSL *s) int ssl3_get_client_hello(SSL *s) { - int i, j, ok, al, ret = -1; + int i, j, ok, al, ret = -1, cookie_valid = 0;; unsigned int cookie_len; long n; unsigned long id; @@ -1154,8 +1154,7 @@ int ssl3_get_client_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } - - ret = 2; + cookie_valid = 1; } p += cookie_len; @@ -1491,8 +1490,7 @@ int ssl3_get_client_hello(SSL *s) } } - if (ret < 0) - ret = 1; + ret = cookie_valid ? 2 : 1; if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1502,7 +1500,7 @@ int ssl3_get_client_hello(SSL *s) if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); - return (ret); + return ret; } int ssl3_send_server_hello(SSL *s) From rsalz at openssl.org Tue Dec 1 16:52:35 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 01 Dec 2015 16:52:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1448988755.423136.15925.nullmailer@dev.openssl.org> The branch master has been updated via e6390acac925f952cfd06ccdbba0b273b8f71551 (commit) from d59c7c81e3850dc667d61047850c3b6936eb5fca (commit) - Log ----------------------------------------------------------------- commit e6390acac925f952cfd06ccdbba0b273b8f71551 Author: Rich Salz Date: Tue Jul 21 10:06:03 2015 -0400 ex_data part 2: doc fixes and CRYPTO_free_ex_index. Add CRYPTO_free_ex_index (for shared libraries) Unify and complete the documentation for all "ex_data" API's and objects. Replace xxx_get_ex_new_index functions with a macro. Added an exdata test. Renamed the ex_data internal datatypes. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 + crypto/bio/bio_lib.c | 7 -- crypto/cpt_err.c | 3 +- crypto/dh/dh_lib.c | 7 -- crypto/dsa/dsa_lib.c | 7 -- crypto/ecdh/ech_lib.c | 7 -- crypto/ecdsa/ecs_lib.c | 7 -- crypto/engine/eng_lib.c | 8 -- crypto/ex_data.c | 141 ++++++++++++++++-------- crypto/rsa/rsa_lib.c | 7 -- crypto/store/str_lib.c | 7 -- crypto/ui/ui_lib.c | 7 -- crypto/x509/x509_vfy.c | 13 --- crypto/x509/x_x509.c | 7 -- doc/crypto/BIO_get_ex_new_index.pod | 45 ++++++++ doc/crypto/CRYPTO_get_ex_new_index.pod | 145 +++++++++++++++++++++++++ doc/crypto/CRYPTO_set_ex_data.pod | 49 --------- doc/crypto/DH_get_ex_new_index.pod | 31 ------ doc/crypto/DSA_get_ex_new_index.pod | 31 ------ doc/crypto/RSA_get_ex_new_index.pod | 115 -------------------- doc/crypto/X509_STORE_CTX_get_ex_new_index.pod | 36 ------ doc/crypto/dh.pod | 5 - doc/crypto/dsa.pod | 5 - doc/crypto/ecdsa.pod | 7 -- doc/crypto/engine.pod | 6 - doc/crypto/rsa.pod | 5 - doc/ssl/SSL_CTX_get_ex_new_index.pod | 53 --------- doc/ssl/SSL_SESSION_get_ex_new_index.pod | 61 ----------- doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod | 61 ----------- doc/ssl/SSL_get_ex_new_index.pod | 59 ---------- include/openssl/bio.h | 7 +- include/openssl/crypto.h | 55 ++++++---- include/openssl/dh.h | 4 +- include/openssl/dsa.h | 4 +- include/openssl/ecdh.h | 5 +- include/openssl/ecdsa.h | 5 +- include/openssl/engine.h | 5 +- include/openssl/ossl_typ.h | 7 -- include/openssl/rsa.h | 4 +- include/openssl/safestack.h | 46 ++++---- include/openssl/ssl.h | 17 +-- include/openssl/store.h | 6 +- include/openssl/ui.h | 5 +- include/openssl/x509.h | 4 +- include/openssl/x509_vfy.h | 6 +- ssl/ssl_lib.c | 15 --- ssl/ssl_sess.c | 9 -- test/{nptest.c => exdatatest.c} | 94 +++++++++++++++- util/libeay.num | 21 ++-- util/ssleay.num | 6 +- 50 files changed, 477 insertions(+), 794 deletions(-) create mode 100644 doc/crypto/BIO_get_ex_new_index.pod create mode 100644 doc/crypto/CRYPTO_get_ex_new_index.pod delete mode 100644 doc/crypto/CRYPTO_set_ex_data.pod delete mode 100644 doc/crypto/DH_get_ex_new_index.pod delete mode 100644 doc/crypto/DSA_get_ex_new_index.pod delete mode 100644 doc/crypto/RSA_get_ex_new_index.pod delete mode 100644 doc/crypto/X509_STORE_CTX_get_ex_new_index.pod delete mode 100644 doc/ssl/SSL_CTX_get_ex_new_index.pod delete mode 100644 doc/ssl/SSL_SESSION_get_ex_new_index.pod delete mode 100644 doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod delete mode 100644 doc/ssl/SSL_get_ex_new_index.pod copy test/{nptest.c => exdatatest.c} (58%) diff --git a/CHANGES b/CHANGES index 6b501ee..55362fe 100644 --- a/CHANGES +++ b/CHANGES @@ -151,6 +151,10 @@ output file readable only by the owner. This behavior change might be noticeable when interacting with other software. + *) Documented all exdata functions. Added CRYPTO_free_ex_index. + Added a test. + [Rich Salz] + *) Added HTTP GET support to the ocsp command. [Rich Salz] diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 0e3469d..d8d01c7 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -561,13 +561,6 @@ void BIO_copy_next_retry(BIO *b) b->retry_reason = b->next_bio->retry_reason; } -int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, - new_func, dup_func, free_func); -} - int BIO_set_ex_data(BIO *bio, int idx, void *data) { return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data)); diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 9f029cc..b8d3fa4 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -78,8 +78,9 @@ static ERR_STRING_DATA CRYPTO_str_functs[] = { {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"}, {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, - {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "def_get_class"}, + {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"}, + {ERR_FUNC(CRYPTO_F_GET_AND_LOCK), "get_and_lock"}, {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 49f82d8..08aaa1d 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -205,13 +205,6 @@ int DH_up_ref(DH *r) return ((i > 1) ? 1 : 0); } -int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, - new_func, dup_func, free_func); -} - int DH_set_ex_data(DH *d, int idx, void *arg) { return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index b78a2bf..4b02d77 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -234,13 +234,6 @@ int DSA_size(const DSA *r) return (ret); } -int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, - new_func, dup_func, free_func); -} - int DSA_set_ex_data(DSA *d, int idx, void *arg) { return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index 363d2fe..f402caf 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -200,13 +200,6 @@ ECDH_DATA *ecdh_check(EC_KEY *key) return ecdh_data; } -int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, - new_func, dup_func, free_func); -} - int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) { ECDH_DATA *ecdh; diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 4e1c63a..ae516e7 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -222,13 +222,6 @@ int ECDSA_size(const EC_KEY *r) return (ret); } -int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, - new_func, dup_func, free_func); -} - int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) { ECDSA_DATA *ecdsa; diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 9ebb694..ed1034d 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -212,14 +212,6 @@ void ENGINE_cleanup(void) /* Now the "ex_data" support */ -int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, - new_func, dup_func, free_func); -} - int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) { return (CRYPTO_set_ex_data(&e->ex_data, idx, arg)); diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 29d8071..5bf8e1e 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -112,48 +112,53 @@ #include -typedef struct { + +/* + * Each structure type (sometimes called a class), that supports + * exdata has a stack of callbacks for each instance. + */ +typedef struct ex_callback_st { long argl; /* Arbitary long */ void *argp; /* Arbitary void * */ CRYPTO_EX_new *new_func; CRYPTO_EX_free *free_func; CRYPTO_EX_dup *dup_func; -} CRYPTO_EX_DATA_FUNCS; +} EX_CALLBACK; -DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) +DECLARE_STACK_OF(EX_CALLBACK) /* - * State for each class; could just be a typedef, but this allows future - * changes. + * The state for each class. This could just be a typedef, but + * a structure allows future changes. */ -typedef struct { - STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; -} EX_CLASS_ITEM; +typedef struct ex_callbacks_st { + STACK_OF(EX_CALLBACK) *meth; +} EX_CALLBACKS; -static EX_CLASS_ITEM ex_data[CRYPTO_EX_INDEX__COUNT]; +static EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT]; /* - * Return the EX_CLASS_ITEM from the "ex_data" array that corresponds to + * Return the EX_CALLBACKS from the |ex_data| array that corresponds to * a given class. On success, *holds the lock.* */ -static EX_CLASS_ITEM *def_get_class(int class_index) +static EX_CALLBACKS *get_and_lock(int class_index) { - EX_CLASS_ITEM *ip; + EX_CALLBACKS *ip; if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) { - CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE); + CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE); return NULL; } ip = &ex_data[class_index]; CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); if (ip->meth == NULL) { - ip->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); + ip->meth = sk_EX_CALLBACK_new_null(); /* We push an initial value on the stack because the SSL * "app_data" routines use ex_data index zero. See RT 3710. */ if (ip->meth == NULL - || !sk_CRYPTO_EX_DATA_FUNCS_push(ip->meth, NULL)) { - CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE); + || !sk_EX_CALLBACK_push(ip->meth, NULL)) { + CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE); CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); return NULL; } @@ -161,7 +166,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index) return ip; } -static void cleanup_cb(CRYPTO_EX_DATA_FUNCS *funcs) +static void cleanup_cb(EX_CALLBACK *funcs) { OPENSSL_free(funcs); } @@ -177,27 +182,71 @@ void CRYPTO_cleanup_all_ex_data(void) int i; for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) { - EX_CLASS_ITEM *ip = &ex_data[i]; + EX_CALLBACKS *ip = &ex_data[i]; - sk_CRYPTO_EX_DATA_FUNCS_pop_free(ip->meth, cleanup_cb); + sk_EX_CALLBACK_pop_free(ip->meth, cleanup_cb); ip->meth = NULL; } } + +/* + * Unregister a new index by replacing the callbacks with no-ops. + * Any in-use instances are leaked. + */ +static void dummy_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void *argp) +{ +} + +static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void *argp) +{ +} + +static int dummy_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, + void *from_d, int idx, + long argl, void *argp) +{ + return 0; +} + +int CRYPTO_free_ex_index(int class_index, int idx) +{ + EX_CALLBACKS *ip = get_and_lock(class_index); + EX_CALLBACK *a; + int toret = 0; + + if (ip == NULL) + return 0; + if (idx < 0 || idx >= sk_EX_CALLBACK_num(ip->meth)) + goto err; + a = sk_EX_CALLBACK_value(ip->meth, idx); + if (a == NULL) + goto err; + a->new_func = dummy_new; + a->dup_func = dummy_dup; + a->free_func = dummy_free; + toret = 1; +err: + CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); + return toret; +} + /* - * Inside an existing class, get/register a new index. + * Register a new index. */ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { int toret = -1; - CRYPTO_EX_DATA_FUNCS *a; - EX_CLASS_ITEM *ip = def_get_class(class_index); + EX_CALLBACK *a; + EX_CALLBACKS *ip = get_and_lock(class_index); - if (!ip) + if (ip == NULL) return -1; - a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(*a)); + a = (EX_CALLBACK *)OPENSSL_malloc(sizeof(*a)); if (a == NULL) { CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); goto err; @@ -208,13 +257,13 @@ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, a->dup_func = dup_func; a->free_func = free_func; - if (!sk_CRYPTO_EX_DATA_FUNCS_push(ip->meth, NULL)) { + if (!sk_EX_CALLBACK_push(ip->meth, NULL)) { CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); OPENSSL_free(a); goto err; } - toret = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth) - 1; - (void)sk_CRYPTO_EX_DATA_FUNCS_set(ip->meth, toret, a); + toret = sk_EX_CALLBACK_num(ip->meth) - 1; + (void)sk_EX_CALLBACK_set(ip->meth, toret, a); err: CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); @@ -224,7 +273,7 @@ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, /* * Initialise a new CRYPTO_EX_DATA for use in a particular class - including * calling new() callbacks for each index in the class used by this variable - * Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries + * Thread-safe by copying a class's array of "EX_CALLBACK" entries * in the lock, then using them outside the lock. Note this only applies * to the global "ex_data" state (ie. class definitions), not 'ad' itself. */ @@ -232,16 +281,16 @@ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) { int mx, i; void *ptr; - CRYPTO_EX_DATA_FUNCS **storage = NULL; - CRYPTO_EX_DATA_FUNCS *stack[10]; - EX_CLASS_ITEM *ip = def_get_class(class_index); + EX_CALLBACK **storage = NULL; + EX_CALLBACK *stack[10]; + EX_CALLBACKS *ip = get_and_lock(class_index); - if (!ip) + if (ip == NULL) return 0; ad->sk = NULL; - mx = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth); + mx = sk_EX_CALLBACK_num(ip->meth); if (mx > 0) { if (mx < (int)OSSL_NELEM(stack)) storage = stack; @@ -249,7 +298,7 @@ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) storage = OPENSSL_malloc(sizeof(*storage) * mx); if (storage != NULL) for (i = 0; i < mx; i++) - storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i); + storage[i] = sk_EX_CALLBACK_value(ip->meth, i); } CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); @@ -278,17 +327,17 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, { int mx, j, i; char *ptr; - CRYPTO_EX_DATA_FUNCS *stack[10]; - CRYPTO_EX_DATA_FUNCS **storage = NULL; - EX_CLASS_ITEM *ip; + EX_CALLBACK *stack[10]; + EX_CALLBACK **storage = NULL; + EX_CALLBACKS *ip; if (from->sk == NULL) /* Nothing to copy over */ return 1; - if ((ip = def_get_class(class_index)) == NULL) + if ((ip = get_and_lock(class_index)) == NULL) return 0; - mx = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth); + mx = sk_EX_CALLBACK_num(ip->meth); j = sk_void_num(from->sk); if (j < mx) mx = j; @@ -299,7 +348,7 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, storage = OPENSSL_malloc(sizeof(*storage) * mx); if (storage != NULL) for (i = 0; i < mx; i++) - storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i); + storage[i] = sk_EX_CALLBACK_value(ip->meth, i); } CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); @@ -328,15 +377,15 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) { int mx, i; - EX_CLASS_ITEM *ip; + EX_CALLBACKS *ip; void *ptr; - CRYPTO_EX_DATA_FUNCS *stack[10]; - CRYPTO_EX_DATA_FUNCS **storage = NULL; + EX_CALLBACK *stack[10]; + EX_CALLBACK **storage = NULL; - if ((ip = def_get_class(class_index)) == NULL) + if ((ip = get_and_lock(class_index)) == NULL) return; - mx = sk_CRYPTO_EX_DATA_FUNCS_num(ip->meth); + mx = sk_EX_CALLBACK_num(ip->meth); if (mx > 0) { if (mx < (int)OSSL_NELEM(stack)) storage = stack; @@ -344,7 +393,7 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) storage = OPENSSL_malloc(sizeof(*storage) * mx); if (storage != NULL) for (i = 0; i < mx; i++) - storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i); + storage[i] = sk_EX_CALLBACK_value(ip->meth, i); } CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 594722b..c9249ef 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -234,13 +234,6 @@ int RSA_up_ref(RSA *r) return ((i > 1) ? 1 : 0); } -int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, - new_func, dup_func, free_func); -} - int RSA_set_ex_data(RSA *r, int idx, void *arg) { return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index c2e6b8e..d5ecdbd 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -187,13 +187,6 @@ int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void)) return 0; } -int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, - new_func, dup_func, free_func); -} - int STORE_set_ex_data(STORE *r, int idx, void *arg) { return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 9440a85..d2ac28b 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -536,13 +536,6 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)) return -1; } -int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp, - new_func, dup_func, free_func); -} - int UI_set_ex_data(UI *r, int idx, void *arg) { return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 0a47d4d..3156e04 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2110,19 +2110,6 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, return NULL; } -int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) -{ - /* - * This function is (usually) called only once, by - * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). - */ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, - new_func, dup_func, free_func); -} - int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) { return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index cab17dd..4733321 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -142,13 +142,6 @@ IMPLEMENT_ASN1_FUNCTIONS(X509) IMPLEMENT_ASN1_DUP_FUNCTION(X509) -int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, - new_func, dup_func, free_func); -} - int X509_set_ex_data(X509 *r, int idx, void *arg) { return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); diff --git a/doc/crypto/BIO_get_ex_new_index.pod b/doc/crypto/BIO_get_ex_new_index.pod new file mode 100644 index 0000000..4824b5d --- /dev/null +++ b/doc/crypto/BIO_get_ex_new_index.pod @@ -0,0 +1,45 @@ +=pod + +=head1 NAME + +BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, +ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, +UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, +X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data, +X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, +X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, +DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, +DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, +ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, +ECDSA_get_ex_new_index, ECDSA_set_ex_data, ECDSA_get_ex_data, +RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data +- application-specific data + +=head1 SYNOPSIS + +The synopsis below is for the X509 structure, but is the same for all +crypto structures: + + #include + + int X509_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + + int X509_set_ex_data(X509 *d, int idx, void *arg); + + void *X509_get_ex_data(X509 *d, int idx); + +=head1 DESCRIPTION + +These functions handle application-specific data for OpenSSL crypto +structures. + +For details, see L. + +=head1 SEE ALSO + +L. + +=cut diff --git a/doc/crypto/CRYPTO_get_ex_new_index.pod b/doc/crypto/CRYPTO_get_ex_new_index.pod new file mode 100644 index 0000000..9d047a4 --- /dev/null +++ b/doc/crypto/CRYPTO_get_ex_new_index.pod @@ -0,0 +1,145 @@ +=pod + +=head1 NAME + +CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data, +CRYPTO_get_ex_data, CRYPTO_free_ex_data +- functions supporting application-specific data + +=head1 SYNOPSIS + + #include + + int CRYPTO_get_ex_new_index(int class_index, + long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + + typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); + + int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); + + void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); + + void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r); + + int CRYPTO_free_ex_index(int class_index, int idx); + +=head1 DESCRIPTION + +Several OpenSSL structures can have application-specific data attached to them, +known as "exdata." +The specific structures are: + + SSL + SSL_CTX + SSL_SESSION + X509 + X509_STORE + X509_STORE_CTX + DH + DSA + ECDH + ECDSA + RSA + ENGINE + UI + BIO + +Each is identified by an B define in the B +header file. In addition, B is reserved for +applications to use this facility for their own structures. + +The API described here is used by OpenSSL to manipulate exdata for specific +structures. Since the application data can be anything at all it is passed +and retrieved as a B type. + +Exdata types are identified by an B, an integer guaranteed to be +unique within structures for the lifetime of the program. Applications +using exdata typically call B at startup, and +store the result in a global variable, or write a wrapper function to +provide lazy evaluation. The B should be one of the +B values. The B and B parameters are saved +to be passed to the callbacks but are otherwise not used. In order to +transparently manipulate exdata, three callbacks must be provided. The +semantics of those callbacks are described below. + +When copying or releasing objects with exdata, the callback functions +are called in increasing order of their B value. + +If a dynamic library can be unloaded, it should call CRYPTO_free_ex_index() +when this is done. +This will replace the callbacks with no-ops +so that applications don't crash. Any existing exdata will be leaked. + +To set or get the exdata on an object, the appropriate type-specific +routine must be used. This is because the containing structure is opaque +and the B field is not accessible. In both API's, the +B parameter should be an already-created index value. + +When setting exdata, the pointer specified with a particular index is saved, +and returned on a subsequent "get" call. If the application is going to +release the data, it must make sure to set a B value at the index, +to avoid likely double-free crash. + +The function B is used to free all exdata attached +to a structure. The appropriate type-specific routine must be used. +The B identifies the structure type, the B is +be the pointer to the actual structure, and B is a pointer to the +structure's exdata field. + +=head2 Callback Functions + +This section describes how the callback functions are used. Applications +that are defining their own exdata using B must +call them as described here. + +When a structure is initially allocated (such as RSA_new()) then the +new_func() is called for every defined index. There is no requirement +that the entire parent, or containing, structure has been set up. +The new_func() is typically used only to allocate memory to store the +exdata, and perhaps an "initialized" flag within that memory. +The exdata value should be set by calling CRYPTO_set_ex_data(). + +When a structure is free'd (such as SSL_CTX_free()) then the +free_func() is called for every defined index. Again, the state of the +parent structure is not guaranteed. The free_func() may be called with a +NULL pointer. + +Both new_func() and free_func() take the same parameters. +The B is the pointer to the structure that contains the exdata. +The B is the current exdata item; for new_func() this will typically +be NULL. The B parameter is a pointer to the exdata field of the object. +The B is the index and is the value returned when the callbacks were +initially registered via CRYPTO_get_ex_new_index() and can be used if +the same callback handles different types of exdata. + +dup_func() is called when a structure is being copied. This is only done +for B and B objects. The B and B parameters +are pointers to the destination and source B structures, +respectively. The B parameter is a pointer to the source exdata. +When the dup_func() returns, the value in B is copied to the +destination ex_data. If the pointer contained in B is not modified, +then both B and B will point to the same data. The B, +B and B parameters are as described for the other two callbacks. + +=head1 RETURN VALUES + +CRYPTO_get_ex_new_index() returns a new index or -1 on failure; the +value B<0> is reserved for the legacy "app_data" API's. + +CRYPTO_free_ex_index() and +CRYPTO_set_ex_data() return 1 on success or 0 on failure. + +CRYPTO_get_ex_data() returns the application data or NULL on failure; +note that NULL may be a valid value. + +dup_func() should return 0 for failure and 1 for success. + +=cut diff --git a/doc/crypto/CRYPTO_set_ex_data.pod b/doc/crypto/CRYPTO_set_ex_data.pod deleted file mode 100644 index 68ac6fa..0000000 --- a/doc/crypto/CRYPTO_set_ex_data.pod +++ /dev/null @@ -1,49 +0,0 @@ -=pod - -=head1 NAME - -CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data functions - -=head1 SYNOPSIS - - #include - - int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); - - void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); - -=head1 DESCRIPTION - -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate application -specific data attached to a specific structure. - -These functions should only be used by applications to manipulate -B structures passed to the new_func(), free_func() and -dup_func() callbacks: as passed to RSA_get_ex_new_index() for example. - -CRYPTO_set_ex_data() is used to set application specific data, the data is -supplied in the B parameter and its precise meaning is up to the -application. - -CRYPTO_get_ex_data() is used to retrieve application specific data. The data -is returned to the application, this will be the same value as supplied to -a previous CRYPTO_set_ex_data() call. - -=head1 RETURN VALUES - -CRYPTO_set_ex_data() returns 1 on success or 0 on failure. - -CRYPTO_get_ex_data() returns the application data or 0 on failure. 0 may also -be valid application data but currently it can only fail if given an invalid B -parameter. - -On failure an error code can be obtained from L. - -=head1 SEE ALSO - -L, -L, -L - -=cut diff --git a/doc/crypto/DH_get_ex_new_index.pod b/doc/crypto/DH_get_ex_new_index.pod deleted file mode 100644 index 0c113c7..0000000 --- a/doc/crypto/DH_get_ex_new_index.pod +++ /dev/null @@ -1,31 +0,0 @@ -=pod - -=head1 NAME - -DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures - -=head1 SYNOPSIS - - #include - - int DH_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int DH_set_ex_data(DH *d, int idx, void *arg); - - char *DH_get_ex_data(DH *d, int idx); - -=head1 DESCRIPTION - -These functions handle application specific data in DH -structures. Their usage is identical to that of -RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() -as described in L. - -=head1 SEE ALSO - -L, L - -=cut diff --git a/doc/crypto/DSA_get_ex_new_index.pod b/doc/crypto/DSA_get_ex_new_index.pod deleted file mode 100644 index b9ed01b..0000000 --- a/doc/crypto/DSA_get_ex_new_index.pod +++ /dev/null @@ -1,31 +0,0 @@ -=pod - -=head1 NAME - -DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures - -=head1 SYNOPSIS - - #include - - int DSA_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int DSA_set_ex_data(DSA *d, int idx, void *arg); - - char *DSA_get_ex_data(DSA *d, int idx); - -=head1 DESCRIPTION - -These functions handle application specific data in DSA -structures. Their usage is identical to that of -RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() -as described in L. - -=head1 SEE ALSO - -L, L - -=cut diff --git a/doc/crypto/RSA_get_ex_new_index.pod b/doc/crypto/RSA_get_ex_new_index.pod deleted file mode 100644 index 7022459..0000000 --- a/doc/crypto/RSA_get_ex_new_index.pod +++ /dev/null @@ -1,115 +0,0 @@ -=pod - -=head1 NAME - -RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures - -=head1 SYNOPSIS - - #include - - int RSA_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int RSA_set_ex_data(RSA *r, int idx, void *arg); - - void *RSA_get_ex_data(RSA *r, int idx); - - typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); - -=head1 DESCRIPTION - -Several OpenSSL structures can have application specific data attached to them. -This has several potential uses, it can be used to cache data associated with -a structure (for example the hash of some part of the structure) or some -additional data (for example a handle to the data in an external library). - -Since the application data can be anything at all it is passed and retrieved -as a B type. - -The RSA_get_ex_new_index() function is initially called to "register" some -new application specific data. It takes three optional function pointers which -are called when the parent structure (in this case an RSA structure) is -initially created, when it is copied and when it is freed up. If any or all of -these function pointer arguments are not used they should be set to NULL. The -precise manner in which these function pointers are called is described in more -detail below. RSA_get_ex_new_index() also takes additional long and pointer -parameters which will be passed to the supplied functions but which otherwise -have no special meaning. It returns an B which should be stored -(typically in a static variable) and passed used in the B parameter in -the remaining functions. Each successful call to RSA_get_ex_new_index() -will return an index greater than any previously returned, this is important -because the optional functions are called in order of increasing index value. - -RSA_set_ex_data() is used to set application specific data, the data is -supplied in the B parameter and its precise meaning is up to the -application. - -RSA_get_ex_data() is used to retrieve application specific data. The data -is returned to the application, this will be the same value as supplied to -a previous RSA_set_ex_data() call. - -new_func() is called when a structure is initially allocated (for example -with RSA_new(). The parent structure members will not have any meaningful -values at this point. This function will typically be used to allocate any -application specific structure. - -free_func() is called when a structure is being freed up. The dynamic parent -structure members should not be accessed because they will be freed up when -this function is called. - -new_func() and free_func() take the same parameters. B is a -pointer to the parent RSA structure. B is a the application specific data -(this wont be of much use in new_func(). B is a pointer to the -B structure from the parent RSA structure: the functions -CRYPTO_get_ex_data() and CRYPTO_set_ex_data() can be called to manipulate -it. The B parameter is the index: this will be the same value returned by -RSA_get_ex_new_index() when the functions were initially registered. Finally -the B and B parameters are the values originally passed to the same -corresponding parameters when RSA_get_ex_new_index() was called. - -dup_func() is called when a structure is being copied. Pointers to the -destination and source B structures are passed in the B and -B parameters respectively. The B parameter is passed a pointer to -the source application data when the function is called, when the function returns -the value is copied to the destination: the application can thus modify the data -pointed to by B and have different values in the source and destination. -The B, B and B parameters are the same as those in new_func() -and free_func(). - -=head1 RETURN VALUES - -RSA_get_ex_new_index() returns a new index or -1 on failure (note 0 is a valid -index value). - -RSA_set_ex_data() returns 1 on success or 0 on failure. - -RSA_get_ex_data() returns the application data or 0 on failure. 0 may also -be valid application data but currently it can only fail if given an invalid B -parameter. - -new_func() and dup_func() should return 0 for failure and 1 for success. - -On failure an error code can be obtained from L. - -=head1 BUGS - -dup_func() is currently never called. - -The return value of new_func() is ignored. - -The new_func() function isn't very useful because no meaningful values are -present in the parent RSA structure when it is called. - -=head1 SEE ALSO - -L, L - -=cut diff --git a/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod b/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod deleted file mode 100644 index f708329..0000000 --- a/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod +++ /dev/null @@ -1,36 +0,0 @@ -=pod - -=head1 NAME - -X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data - add application specific data to X509_STORE_CTX structures - -=head1 SYNOPSIS - - #include - - int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg); - - void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx); - -=head1 DESCRIPTION - -These functions handle application specific data in X509_STORE_CTX structures. -Their usage is identical to that of RSA_get_ex_new_index(), RSA_set_ex_data() -and RSA_get_ex_data() as described in L. - -=head1 NOTES - -This mechanism is used internally by the B library to store the B -structure associated with a verification operation in an B -structure. - -=head1 SEE ALSO - -L - -=cut diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod index 6115e8c..ce6a110 100644 --- a/doc/crypto/dh.pod +++ b/doc/crypto/dh.pod @@ -25,11 +25,6 @@ dh - Diffie-Hellman key agreement DH *DH_new_method(ENGINE *engine); const DH_METHOD *DH_OpenSSL(void); - int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), - int (*dup_func)(), void (*free_func)()); - int DH_set_ex_data(DH *d, int idx, char *arg); - char *DH_get_ex_data(DH *d, int idx); - DH * d2i_DHparams(DH **a, unsigned char **pp, long length); int i2d_DHparams(const DH *a, unsigned char **pp); diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod index f0b74c1..9cf1c49 100644 --- a/doc/crypto/dsa.pod +++ b/doc/crypto/dsa.pod @@ -35,11 +35,6 @@ dsa - Digital Signature Algorithm DSA *DSA_new_method(ENGINE *engine); const DSA_METHOD *DSA_OpenSSL(void); - int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), - int (*dup_func)(), void (*free_func)()); - int DSA_set_ex_data(DSA *d, int idx, char *arg); - char *DSA_get_ex_data(DSA *d, int idx); - DSA_SIG *DSA_SIG_new(void); void DSA_SIG_free(DSA_SIG *a); int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod index 1af4feb..be0f482 100644 --- a/doc/crypto/ecdsa.pod +++ b/doc/crypto/ecdsa.pod @@ -40,13 +40,6 @@ ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size, ECDSA_s const ECDSA_METHOD* ECDSA_get_default_method(void); int ECDSA_set_method(EC_KEY *eckey,const ECDSA_METHOD *meth); - int ECDSA_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); - void* ECDSA_get_ex_data(EC_KEY *d, int idx); - =head1 DESCRIPTION The B structure consists of two BIGNUMs for the diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index 4d11b4a..7d2d5d8 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -94,12 +94,6 @@ engine - ENGINE cryptographic module support int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, int cmd_optional); - int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); - void *ENGINE_get_ex_data(const ENGINE *e, int idx); - - int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - ENGINE *ENGINE_new(void); int ENGINE_free(ENGINE *e); int ENGINE_up_ref(ENGINE *e); diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod index ac32415..9c42923 100644 --- a/doc/crypto/rsa.pod +++ b/doc/crypto/rsa.pod @@ -46,11 +46,6 @@ rsa - RSA public key cryptosystem int RSA_print(BIO *bp, RSA *x, int offset); int RSA_print_fp(FILE *fp, RSA *x, int offset); - int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), - int (*dup_func)(), void (*free_func)()); - int RSA_set_ex_data(RSA *r,int idx,char *arg); - char *RSA_get_ex_data(RSA *r, int idx); - int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, RSA *rsa); diff --git a/doc/ssl/SSL_CTX_get_ex_new_index.pod b/doc/ssl/SSL_CTX_get_ex_new_index.pod deleted file mode 100644 index fc72837..0000000 --- a/doc/ssl/SSL_CTX_get_ex_new_index.pod +++ /dev/null @@ -1,53 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal application specific data functions - -=head1 SYNOPSIS - - #include - - int SSL_CTX_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg); - - void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); - - typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); - -=head1 DESCRIPTION - -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate application -specific data attached to a specific structure. - -SSL_CTX_get_ex_new_index() is used to register a new index for application -specific data. - -SSL_CTX_set_ex_data() is used to store application data at B for B -into the B object. - -SSL_CTX_get_ex_data() is used to retrieve the information for B from -B. - -A detailed description for the B<*_get_ex_new_index()> functionality -can be found in L. -The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in -L. - -=head1 SEE ALSO - -L, -L, -L - -=cut diff --git a/doc/ssl/SSL_SESSION_get_ex_new_index.pod b/doc/ssl/SSL_SESSION_get_ex_new_index.pod deleted file mode 100644 index f5390c1..0000000 --- a/doc/ssl/SSL_SESSION_get_ex_new_index.pod +++ /dev/null @@ -1,61 +0,0 @@ -=pod - -=head1 NAME - -SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - internal application specific data functions - -=head1 SYNOPSIS - - #include - - int SSL_SESSION_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg); - - void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx); - - typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); - -=head1 DESCRIPTION - -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate application -specific data attached to a specific structure. - -SSL_SESSION_get_ex_new_index() is used to register a new index for application -specific data. - -SSL_SESSION_set_ex_data() is used to store application data at B for B -into the B object. - -SSL_SESSION_get_ex_data() is used to retrieve the information for B from -B. - -A detailed description for the B<*_get_ex_new_index()> functionality -can be found in L. -The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in -L. - -=head1 WARNINGS - -The application data is only maintained for sessions held in memory. The -application data is not included when dumping the session with -i2d_SSL_SESSION() (and all functions indirectly calling the dump functions -like PEM_write_SSL_SESSION() and PEM_write_bio_SSL_SESSION()) and can -therefore not be restored. - -=head1 SEE ALSO - -L, -L, -L - -=cut diff --git a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod deleted file mode 100644 index 2957a2a..0000000 --- a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod +++ /dev/null @@ -1,61 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_ex_data_X509_STORE_CTX_idx - get ex_data index to access SSL structure -from X509_STORE_CTX - -=head1 SYNOPSIS - - #include - - int SSL_get_ex_data_X509_STORE_CTX_idx(void); - -=head1 DESCRIPTION - -SSL_get_ex_data_X509_STORE_CTX_idx() returns the index number under which -the pointer to the SSL object is stored into the X509_STORE_CTX object. - -=head1 NOTES - -Whenever a X509_STORE_CTX object is created for the verification of the -peers certificate during a handshake, a pointer to the SSL object is -stored into the X509_STORE_CTX object to identify the connection affected. -To retrieve this pointer the X509_STORE_CTX_get_ex_data() function can -be used with the correct index. This index is globally the same for all -X509_STORE_CTX objects and can be retrieved using -SSL_get_ex_data_X509_STORE_CTX_idx(). The index value is set when -SSL_get_ex_data_X509_STORE_CTX_idx() is first called either by the application -program directly or indirectly during other SSL setup functions or during -the handshake. - -The value depends on other index values defined for X509_STORE_CTX objects -before the SSL index is created. - -=head1 RETURN VALUES - -=over 4 - -=item E=0 - -The index value to access the pointer. - -=item E0 - -An error occurred, check the error stack for a detailed error message. - -=back - -=head1 EXAMPLES - -The index returned from SSL_get_ex_data_X509_STORE_CTX_idx() allows to -access the SSL object for the connection to be accessed during the -verify_callback() when checking the peers certificate. Please check -the example in L, - -=head1 SEE ALSO - -L, L, -L - -=cut diff --git a/doc/ssl/SSL_get_ex_new_index.pod b/doc/ssl/SSL_get_ex_new_index.pod deleted file mode 100644 index 6c2e919..0000000 --- a/doc/ssl/SSL_get_ex_new_index.pod +++ /dev/null @@ -1,59 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application specific data functions - -=head1 SYNOPSIS - - #include - - int SSL_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int SSL_set_ex_data(SSL *ssl, int idx, void *arg); - - void *SSL_get_ex_data(const SSL *ssl, int idx); - - typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); - -=head1 DESCRIPTION - -Several OpenSSL structures can have application specific data attached to them. -These functions are used internally by OpenSSL to manipulate application -specific data attached to a specific structure. - -SSL_get_ex_new_index() is used to register a new index for application -specific data. - -SSL_set_ex_data() is used to store application data at B for B into -the B object. - -SSL_get_ex_data() is used to retrieve the information for B from -B. - -A detailed description for the B<*_get_ex_new_index()> functionality -can be found in L. -The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in -L. - -=head1 EXAMPLES - -An example on how to use the functionality is included in the example -verify_callback() in L. - -=head1 SEE ALSO - -L, -L, -L, -L - -=cut diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 09a9510..a0a799b 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -602,13 +602,10 @@ int BIO_ctrl_reset_read_request(BIO *b); # define BIO_dgram_get_mtu_overhead(b) \ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) -/* These two aren't currently implemented */ -/* int BIO_get_ex_num(BIO *bio); */ -/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ +#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) int BIO_set_ex_data(BIO *bio, int idx, void *data); void *BIO_get_ex_data(BIO *bio, int idx); -int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); uint64_t BIO_number_read(BIO *bio); uint64_t BIO_number_written(BIO *bio); diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 5d15515..78d86b1 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -256,33 +256,29 @@ typedef struct bio_st BIO_dummy; struct crypto_ex_data_st { STACK_OF(void) *sk; - /* gcc is screwing up this data structure :-( */ - int dummy; }; DECLARE_STACK_OF(void) /* - * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA - * entry. + * Per class, we have a STACK of function pointers. */ -# define CRYPTO_EX_INDEX_BIO 0 -# define CRYPTO_EX_INDEX_SSL 1 -# define CRYPTO_EX_INDEX_SSL_CTX 2 -# define CRYPTO_EX_INDEX_SSL_SESSION 3 -# define CRYPTO_EX_INDEX_X509_STORE 4 -# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 -# define CRYPTO_EX_INDEX_RSA 6 -# define CRYPTO_EX_INDEX_DSA 7 -# define CRYPTO_EX_INDEX_DH 8 -# define CRYPTO_EX_INDEX_ENGINE 9 -# define CRYPTO_EX_INDEX_X509 10 -# define CRYPTO_EX_INDEX_UI 11 -# define CRYPTO_EX_INDEX_ECDSA 12 -# define CRYPTO_EX_INDEX_ECDH 13 -# define CRYPTO_EX_INDEX_COMP 14 -# define CRYPTO_EX_INDEX_STORE 15 -# define CRYPTO_EX_INDEX_APP 16 -# define CRYPTO_EX_INDEX__COUNT 17 +# define CRYPTO_EX_INDEX_SSL 0 +# define CRYPTO_EX_INDEX_SSL_CTX 1 +# define CRYPTO_EX_INDEX_SSL_SESSION 2 +# define CRYPTO_EX_INDEX_X509 3 +# define CRYPTO_EX_INDEX_X509_STORE 4 +# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +# define CRYPTO_EX_INDEX_DH 6 +# define CRYPTO_EX_INDEX_DSA 7 +# define CRYPTO_EX_INDEX_ECDH 8 +# define CRYPTO_EX_INDEX_ECDSA 9 +# define CRYPTO_EX_INDEX_RSA 10 +# define CRYPTO_EX_INDEX_ENGINE 11 +# define CRYPTO_EX_INDEX_UI 12 +# define CRYPTO_EX_INDEX_BIO 13 +# define CRYPTO_EX_INDEX_STORE 14 +# define CRYPTO_EX_INDEX_APP 15 +# define CRYPTO_EX_INDEX__COUNT 16 /* * This is the default callbacks, but we can have others as well: this is @@ -347,10 +343,18 @@ const char *OpenSSL_version(int type); int OPENSSL_issetugid(void); -/* Within a given class, get/register a new index */ -int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, +typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, + void *srcp, int idx, long argl, void *argp); +__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +/* No longer use an index. */ +int CRYPTO_free_ex_index(int class_index, int idx); + /* * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a * given class (invokes whatever per-class callbacks are applicable) @@ -358,7 +362,9 @@ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from); + void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + /* * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular * index (relative to the class type involved) @@ -584,6 +590,7 @@ void ERR_load_CRYPTO_strings(void); # define CRYPTO_F_DEF_ADD_INDEX 104 # define CRYPTO_F_DEF_GET_CLASS 105 # define CRYPTO_F_FIPS_MODE_SET 109 +# define CRYPTO_F_GET_AND_LOCK 113 # define CRYPTO_F_INT_DUP_EX_DATA 106 # define CRYPTO_F_INT_FREE_EX_DATA 107 # define CRYPTO_F_INT_NEW_EX_DATA 108 diff --git a/include/openssl/dh.h b/include/openssl/dh.h index f5b03d3..816b1eb 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -203,8 +203,8 @@ int DH_up_ref(DH *dh); int DH_bits(const DH *dh); int DH_size(const DH *dh); int DH_security_bits(const DH *dh); -int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 8e69e2e..824faae 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -212,8 +212,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa); int DSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, DSA *dsa); -int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) int DSA_set_ex_data(DSA *d, int idx, void *arg); void *DSA_get_ex_data(DSA *d, int idx); diff --git a/include/openssl/ecdh.h b/include/openssl/ecdh.h index 8a48b12..ca4e653 100644 --- a/include/openssl/ecdh.h +++ b/include/openssl/ecdh.h @@ -97,9 +97,8 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)); -int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new - *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); +#define ECDH_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, l, p, newf, dupf, freef) int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); void *ECDH_get_ex_data(EC_KEY *d, int idx); diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h index 4a02a01..bb84236 100644 --- a/include/openssl/ecdsa.h +++ b/include/openssl/ecdsa.h @@ -222,9 +222,8 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *eckey); /* the standard ex_data functions */ -int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new - *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); +#define ECDSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, l, p, newf, dupf, freef) int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); void *ECDSA_get_ex_data(EC_KEY *d, int idx); diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 7a9b495..1b11e3e 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -575,9 +575,8 @@ int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); /* These functions allow control over any per-structure ENGINE data. */ -int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); +#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); void *ENGINE_get_ex_data(const ENGINE *e, int idx); diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 4384345..02749dd 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -190,13 +190,6 @@ typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; typedef struct crypto_ex_data_st CRYPTO_EX_DATA; -/* Callback types for crypto.h */ -typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp); typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; typedef struct ocsp_response_st OCSP_RESPONSE; diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 2498ff5..734a327 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -478,8 +478,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen); -int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) int RSA_set_ex_data(RSA *r, int idx, void *arg); void *RSA_get_ex_data(const RSA *r, int idx); diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index f2fa57c..cce3afd 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -688,29 +688,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) # define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) -# define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) -# define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) -# define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) -# define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) -# define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) -# define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) -# define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) -# define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) -# define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) -# define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_EX_DATA_FUNCS, (st), (copy_func), (free_func)) -# define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) -# define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) - # define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) # define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) # define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) @@ -918,6 +895,29 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) # define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) +# define sk_EX_CALLBACK_new(cmp) SKM_sk_new(EX_CALLBACK, (cmp)) +# define sk_EX_CALLBACK_new_null() SKM_sk_new_null(EX_CALLBACK) +# define sk_EX_CALLBACK_free(st) SKM_sk_free(EX_CALLBACK, (st)) +# define sk_EX_CALLBACK_num(st) SKM_sk_num(EX_CALLBACK, (st)) +# define sk_EX_CALLBACK_value(st, i) SKM_sk_value(EX_CALLBACK, (st), (i)) +# define sk_EX_CALLBACK_set(st, i, val) SKM_sk_set(EX_CALLBACK, (st), (i), (val)) +# define sk_EX_CALLBACK_zero(st) SKM_sk_zero(EX_CALLBACK, (st)) +# define sk_EX_CALLBACK_push(st, val) SKM_sk_push(EX_CALLBACK, (st), (val)) +# define sk_EX_CALLBACK_unshift(st, val) SKM_sk_unshift(EX_CALLBACK, (st), (val)) +# define sk_EX_CALLBACK_find(st, val) SKM_sk_find(EX_CALLBACK, (st), (val)) +# define sk_EX_CALLBACK_find_ex(st, val) SKM_sk_find_ex(EX_CALLBACK, (st), (val)) +# define sk_EX_CALLBACK_delete(st, i) SKM_sk_delete(EX_CALLBACK, (st), (i)) +# define sk_EX_CALLBACK_delete_ptr(st, ptr) SKM_sk_delete_ptr(EX_CALLBACK, (st), (ptr)) +# define sk_EX_CALLBACK_insert(st, val, i) SKM_sk_insert(EX_CALLBACK, (st), (val), (i)) +# define sk_EX_CALLBACK_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EX_CALLBACK, (st), (cmp)) +# define sk_EX_CALLBACK_dup(st) SKM_sk_dup(EX_CALLBACK, st) +# define sk_EX_CALLBACK_pop_free(st, free_func) SKM_sk_pop_free(EX_CALLBACK, (st), (free_func)) +# define sk_EX_CALLBACK_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EX_CALLBACK, (st), (copy_func), (free_func)) +# define sk_EX_CALLBACK_shift(st) SKM_sk_shift(EX_CALLBACK, (st)) +# define sk_EX_CALLBACK_pop(st) SKM_sk_pop(EX_CALLBACK, (st)) +# define sk_EX_CALLBACK_sort(st) SKM_sk_sort(EX_CALLBACK, (st)) +# define sk_EX_CALLBACK_is_sorted(st) SKM_sk_is_sorted(EX_CALLBACK, (st)) + # define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) # define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) # define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c959156..e3072e7 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1710,23 +1710,18 @@ __owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, __owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl, unsigned char *out, size_t outlen); +#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) __owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); void *SSL_get_ex_data(const SSL *ssl, int idx); -__owur int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - +#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) __owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); -__owur int SSL_SESSION_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - +#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) __owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); -__owur int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); diff --git a/include/openssl/store.h b/include/openssl/store.h index 4f88f99..6711d88 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -122,9 +122,9 @@ int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void)); /* Some methods may use extra data */ # define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) # define STORE_get_app_data(s) STORE_get_ex_data(s,0) -int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); + +#define STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, l, p, newf, dupf, freef) int STORE_set_ex_data(STORE *r, int idx, void *arg); void *STORE_get_ex_data(STORE *r, int idx); diff --git a/include/openssl/ui.h b/include/openssl/ui.h index 2afc58d..9a72ce2 100644 --- a/include/openssl/ui.h +++ b/include/openssl/ui.h @@ -240,8 +240,9 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); /* Some methods may use extra data */ # define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) # define UI_get_app_data(s) UI_get_ex_data(s,0) -int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +#define UI_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) int UI_set_ex_data(UI *r, int idx, void *arg); void *UI_get_ex_data(UI *r, int idx); diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 8ba055f..c48abe3 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -615,8 +615,8 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF) DECLARE_ASN1_FUNCTIONS(X509) DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) -int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +#define X509_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) int X509_set_ex_data(X509 *r, int idx, void *arg); void *X509_get_ex_data(X509 *r, int idx); int i2d_X509_AUX(X509 *a, unsigned char **pp); diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index c595c09..f949bd9 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -494,10 +494,8 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); int X509_STORE_set_default_paths(X509_STORE *ctx); -int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); +#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 12ae35c..cac692d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3042,13 +3042,6 @@ size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, return outlen; } -int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, - new_func, dup_func, free_func); -} - int SSL_set_ex_data(SSL *s, int idx, void *arg) { return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); @@ -3059,14 +3052,6 @@ void *SSL_get_ex_data(const SSL *s, int idx) return (CRYPTO_get_ex_data(&s->ex_data, idx)); } -int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, - new_func, dup_func, free_func); -} - int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg) { return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 0984445..5265b15 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -170,15 +170,6 @@ SSL_SESSION *SSL_get1_session(SSL *ssl) return (sess); } -int SSL_SESSION_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) -{ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, - new_func, dup_func, free_func); -} - int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) { return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); diff --git a/test/nptest.c b/test/exdatatest.c similarity index 58% copy from test/nptest.c copy to test/exdatatest.c index 9528851..96105bb 100644 --- a/test/nptest.c +++ b/test/exdatatest.c @@ -51,16 +51,98 @@ * Hudson (tjh at cryptsoft.com). * */ - - #include +#include #include +#include +#include + +static long sargl; +static void *sargp; +static int sidx; + +static void exnew(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) +{ + assert(idx == sidx); + assert(argl == sargl); + assert(argp == sargp); +} + +static int exdup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp) +{ + assert(idx == sidx); + assert(argl == sargl); + assert(argp == sargp); + return 0; +} + +static void exfree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) +{ + assert(idx == sidx); + assert(argl == sargl); + assert(argp == sargp); +} + +typedef struct myobj_st { + CRYPTO_EX_DATA ex_data; + int id; +} MYOBJ; + +static MYOBJ *MYOBJ_new() +{ + static int count = 0; + MYOBJ *obj = OPENSSL_malloc(sizeof(*obj)); + int st; + + obj->id = ++count; + st = CRYPTO_new_ex_data(CRYPTO_EX_INDEX_APP, obj, &obj->ex_data); + assert(st != 0); + return obj; +} + +static void MYOBJ_sethello(MYOBJ *obj, char *cp) +{ + int st; + + st = CRYPTO_set_ex_data(&obj->ex_data, sidx, cp); + assert(st != 0); +} + +static char *MYOBJ_gethello(MYOBJ *obj) +{ + return CRYPTO_get_ex_data(&obj->ex_data, sidx); +} + +static void MYOBJ_free(MYOBJ *obj) +{ + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_APP, obj, &obj->ex_data); + OPENSSL_free(obj); +} int main() { - char *p = NULL; - char bytes[sizeof(p)]; + MYOBJ *t1, *t2; + const char *cp; + char *p; - memset(bytes, 0, sizeof bytes); - return memcmp(&p, bytes, sizeof(bytes)) == 0 ? 0 : 1; + p = strdup("hello world"); + sargl = 21; + sargp = malloc(1); + sidx = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_APP, sargl, sargp, + exnew, exdup, exfree); + t1 = MYOBJ_new(); + t2 = MYOBJ_new(); + MYOBJ_sethello(t1, p); + cp = MYOBJ_gethello(t1); + assert(cp == p); + cp = MYOBJ_gethello(t2); + assert(cp == NULL); + MYOBJ_free(t1); + MYOBJ_free(t2); + free(sargp); + free(p); + return 0; } diff --git a/util/libeay.num b/util/libeay.num index 5119769..4e2ac48 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1004,7 +1004,7 @@ CRYPTO_get_new_lockid 1026 EXIST::FUNCTION: CRYPTO_new_ex_data 1027 EXIST::FUNCTION: RSA_set_ex_data 1028 EXIST::FUNCTION:RSA RSA_get_ex_data 1029 EXIST::FUNCTION:RSA -RSA_get_ex_new_index 1030 EXIST::FUNCTION:RSA +RSA_get_ex_new_index 1030 NOEXIST::FUNCTION: RSA_padding_add_PKCS1_type_1 1031 EXIST::FUNCTION:RSA RSA_padding_add_PKCS1_type_2 1032 EXIST::FUNCTION:RSA RSA_padding_add_SSLv23 1033 EXIST::FUNCTION:RSA @@ -1033,7 +1033,7 @@ BN_mpi2bn 1059 EXIST::FUNCTION: ASN1_BIT_STRING_get_bit 1060 EXIST::FUNCTION: ASN1_BIT_STRING_set_bit 1061 EXIST::FUNCTION: BIO_get_ex_data 1062 EXIST::FUNCTION: -BIO_get_ex_new_index 1063 EXIST::FUNCTION: +BIO_get_ex_new_index 1063 NOEXIST::FUNCTION: BIO_set_ex_data 1064 EXIST::FUNCTION: X509v3_get_key_usage 1066 NOEXIST::FUNCTION: X509v3_set_key_usage 1067 NOEXIST::FUNCTION: @@ -1069,7 +1069,7 @@ COMP_CTX_new 1096 EXIST::FUNCTION: COMP_CTX_free 1097 EXIST::FUNCTION: COMP_CTX_compress_block 1098 NOEXIST::FUNCTION: COMP_CTX_expand_block 1099 NOEXIST::FUNCTION: -X509_STORE_CTX_get_ex_new_index 1100 EXIST::FUNCTION: +X509_STORE_CTX_get_ex_new_index 1100 NOEXIST::FUNCTION: OBJ_NAME_add 1101 EXIST::FUNCTION: BIO_socket_nbio 1102 EXIST::FUNCTION: EVP_rc2_64_cbc 1103 EXIST::FUNCTION:RC2 @@ -1484,11 +1484,11 @@ DH_set_ex_data 1883 EXIST::FUNCTION:DH DH_set_method 1884 EXIST::FUNCTION:DH DSA_OpenSSL 1885 EXIST::FUNCTION:DSA DH_get_ex_data 1886 EXIST::FUNCTION:DH -DH_get_ex_new_index 1887 EXIST::FUNCTION:DH +DH_get_ex_new_index 1887 NOEXIST::FUNCTION: DSA_new_method 1888 EXIST::FUNCTION:DSA DH_new_method 1889 EXIST::FUNCTION:DH DH_OpenSSL 1890 EXIST::FUNCTION:DH -DSA_get_ex_new_index 1891 EXIST::FUNCTION:DSA +DSA_get_ex_new_index 1891 NOEXIST::FUNCTION: DH_get_default_method 1892 EXIST::FUNCTION:DH DSA_set_ex_data 1893 EXIST::FUNCTION:DSA DH_set_default_method 1894 EXIST::FUNCTION:DH @@ -1580,7 +1580,7 @@ i2d_DSA_PUBKEY_bio 2014 EXIST::FUNCTION:DSA i2d_OTHERNAME 2015 EXIST::FUNCTION: ASN1_OCTET_STRING_free 2016 EXIST::FUNCTION: ASN1_BIT_STRING_set_asc 2017 EXIST::FUNCTION: -X509_get_ex_new_index 2019 EXIST::FUNCTION: +X509_get_ex_new_index 2019 NOEXIST::FUNCTION: ASN1_STRING_TABLE_cleanup 2020 EXIST::FUNCTION: X509_TRUST_get_by_id 2021 EXIST::FUNCTION: X509_PURPOSE_get_trust 2022 EXIST::FUNCTION: @@ -2311,7 +2311,7 @@ d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION: X509_CRL_set_version 2823 EXIST::FUNCTION: BN_mod_sub 2824 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION: -ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE +ENGINE_get_ex_new_index 2826 NOEXIST::FUNCTION: OCSP_REQUEST_free 2827 EXIST::FUNCTION: OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION: X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2435,7 +2435,7 @@ EC_POINT_free 2929 EXIST::FUNCTION:EC DH_up_ref 2930 EXIST::FUNCTION:DH X509_NAME_ENTRY_it 2931 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_ENTRY_it 2931 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_get_ex_new_index 2932 EXIST::FUNCTION: +UI_get_ex_new_index 2932 NOEXIST::FUNCTION: BN_mod_sub_quick 2933 EXIST::FUNCTION: OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION: OCSP_request_sign 2935 EXIST::FUNCTION: @@ -3173,7 +3173,7 @@ BIO_dgram_non_fatal_error 3586 EXIST::FUNCTION: EC_GROUP_get_asn1_flag 3587 EXIST::FUNCTION:EC STORE_ATTR_INFO_in_ex 3588 NOEXIST::FUNCTION: STORE_list_crl_start 3589 NOEXIST::FUNCTION: -ECDH_get_ex_new_index 3590 EXIST::FUNCTION:EC +ECDH_get_ex_new_index 3590 NOEXIST::FUNCTION: STORE_meth_get_modify_fn 3591 NOEXIST::FUNCTION: STORE_method_get_modify_function 3591 NOEXIST::FUNCTION: v2i_ASN1_BIT_STRING 3592 EXIST::FUNCTION: @@ -3341,7 +3341,7 @@ PKCS7_set_digest 3741 EXIST::FUNCTION: EC_KEY_print 3742 EXIST::FUNCTION:EC STORE_meth_set_lock_store_fn 3743 NOEXIST::FUNCTION: STORE_method_set_lock_store_function 3743 NOEXIST::FUNCTION: -ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:EC +ECDSA_get_ex_new_index 3744 NOEXIST::FUNCTION: SHA384 3745 EXIST:!VMSVAX:FUNCTION: POLICY_MAPPING_new 3746 EXIST::FUNCTION: STORE_list_certificate_endp 3747 NOEXIST::FUNCTION: @@ -4665,3 +4665,4 @@ ASYNC_cleanup 5024 EXIST::FUNCTION: ASYNC_init 5025 EXIST::FUNCTION: EVP_MD_CTX_ctrl 5026 EXIST::FUNCTION: EVP_md5_sha1 5027 EXIST::FUNCTION:MD5 +CRYPTO_free_ex_index 5028 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index a63fd41..f737aac 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -146,9 +146,9 @@ SSL_set_verify_result 163 EXIST::FUNCTION: SSL_version 164 EXIST::FUNCTION: SSL_get_info_callback 165 EXIST::FUNCTION: SSL_state 166 NOEXIST::FUNCTION: -SSL_CTX_get_ex_new_index 167 EXIST::FUNCTION: -SSL_SESSION_get_ex_new_index 168 EXIST::FUNCTION: -SSL_get_ex_new_index 169 EXIST::FUNCTION: +SSL_CTX_get_ex_new_index 167 NOEXIST::FUNCTION: +SSL_SESSION_get_ex_new_index 168 NOEXIST::FUNCTION: +SSL_get_ex_new_index 169 NOEXIST::FUNCTION: TLSv1_method 170 EXIST::FUNCTION: TLSv1_server_method 171 EXIST::FUNCTION: TLSv1_client_method 172 EXIST::FUNCTION: From builds at travis-ci.org Tue Dec 1 17:28:36 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 01 Dec 2015 17:28:36 +0000 Subject: [openssl-commits] Broken: openssl/openssl#752 (master - e6390ac) In-Reply-To: Message-ID: <565dd8c32bb02_33fa9178bb988145012@1993b04a-c52f-4529-93f0-c2623dee2d2e.mail> Build Update for openssl/openssl ------------------------------------- Build: #752 Status: Broken Duration: 35 minutes and 25 seconds Commit: e6390ac (master) Author: Rich Salz Message: ex_data part 2: doc fixes and CRYPTO_free_ex_index. Add CRYPTO_free_ex_index (for shared libraries) Unify and complete the documentation for all "ex_data" API's and objects. Replace xxx_get_ex_new_index functions with a macro. Added an exdata test. Renamed the ex_data internal datatypes. Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/d59c7c81e385...e6390acac925 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94202206 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 1 18:37:47 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Dec 2015 18:37:47 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_0_1-stable.61 Message-ID: <20151201183747.22396.32140@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 1 19:55:56 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Dec 2015 19:55:56 +0000 Subject: [openssl-commits] Build failed: openssl master.62 Message-ID: <20151201195555.59409.68321@appveyor.com> An HTML attachment was scrubbed... URL: From rsalz at openssl.org Tue Dec 1 22:09:28 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 01 Dec 2015 22:09:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449007768.124049.29501.nullmailer@dev.openssl.org> The branch master has been updated via 338f5727c88b1ce44a802c5115707309d6316fc4 (commit) from e6390acac925f952cfd06ccdbba0b273b8f71551 (commit) - Log ----------------------------------------------------------------- commit 338f5727c88b1ce44a802c5115707309d6316fc4 Author: Rich Salz Date: Tue Dec 1 13:40:37 2015 -0500 typo fix on function Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: include/openssl/x509.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/x509.h b/include/openssl/x509.h index c48abe3..cdf392a 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -615,7 +615,7 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF) DECLARE_ASN1_FUNCTIONS(X509) DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) -#define X509_new_index(l, p, newf, dupf, freef) \ +#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) int X509_set_ex_data(X509 *r, int idx, void *arg); void *X509_get_ex_data(X509 *r, int idx); From builds at travis-ci.org Tue Dec 1 22:45:59 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 01 Dec 2015 22:45:59 +0000 Subject: [openssl-commits] Fixed: openssl/openssl#753 (master - 338f572) In-Reply-To: Message-ID: <565e2327b4f6_33fa7f92bba4811861af@4bb11891-866e-4138-8e1d-0028ac82804a.mail> Build Update for openssl/openssl ------------------------------------- Build: #753 Status: Fixed Duration: 35 minutes and 55 seconds Commit: 338f572 (master) Author: Rich Salz Message: typo fix on function Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/e6390acac925...338f5727c88b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94272875 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Dec 2 00:56:06 2015 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 Dec 2015 00:56:06 +0000 Subject: [openssl-commits] Build completed: openssl master.63 Message-ID: <20151202005551.28756.58292@appveyor.com> An HTML attachment was scrubbed... URL: From appro at openssl.org Wed Dec 2 09:50:33 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 02 Dec 2015 09:50:33 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449049833.990824.8210.nullmailer@dev.openssl.org> The branch master has been updated via 81f3d6323dcda6a18b06c718600d6a4739e83263 (commit) via b9e3d7e0f6678a991621cfbc4b11ace7860031a0 (commit) from 338f5727c88b1ce44a802c5115707309d6316fc4 (commit) - Log ----------------------------------------------------------------- commit 81f3d6323dcda6a18b06c718600d6a4739e83263 Author: Andy Polyakov Date: Mon Nov 30 23:07:38 2015 +0100 modes/ocb128.c: split fixed block xors to aligned and misaligned. Main goal was to improve performance on RISC platforms, e.g. 10% was measured on MIPS, POWER8... Reviewed-by: Matt Caswell commit b9e3d7e0f6678a991621cfbc4b11ace7860031a0 Author: Andy Polyakov Date: Mon Nov 30 13:26:21 2015 +0100 modes/ocb128.c: ocb_lookup_l to allow non-contiguous lookup and CRYPTO_ocb128_encrypt to handle in==out. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/modes/modes_lcl.h | 25 +++++++------ crypto/modes/ocb128.c | 93 ++++++++++++++++++++++-------------------------- 2 files changed, 54 insertions(+), 64 deletions(-) diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h index 0fd11ce..2f61afe 100644 --- a/crypto/modes/modes_lcl.h +++ b/crypto/modes/modes_lcl.h @@ -144,20 +144,19 @@ struct ccm128_context { #ifndef OPENSSL_NO_OCB -# ifdef STRICT_ALIGNMENT -typedef struct { - unsigned char a[16]; +typedef union { + u64 a[2]; + unsigned char c[16]; } OCB_BLOCK; -# define ocb_block16_xor(in1,in2,out) \ - ocb_block_xor((in1)->a,(in2)->a,16,(out)->a) -# else /* STRICT_ALIGNMENT */ -typedef struct { - u64 a; - u64 b; -} OCB_BLOCK; -# define ocb_block16_xor(in1,in2,out) \ - (out)->a=(in1)->a^(in2)->a; (out)->b=(in1)->b^(in2)->b; -# endif /* STRICT_ALIGNMENT */ +# define ocb_block16_xor(in1,in2,out) \ + ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \ + (out)->a[1]=(in1)->a[1]^(in2)->a[1] ) +# if STRICT_ALIGNMENT +# define ocb_block16_xor_misaligned(in1,in2,out) \ + ocb_block_xor((in1)->c,(in2)->c,16,(out)->c) +# else +# define ocb_block16_xor_misaligned ocb_block16_xor +# endif struct ocb128_context { /* Need both encrypt and decrypt key schedules for decryption */ diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index 2685652..d49aa6e 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -53,11 +53,6 @@ #ifndef OPENSSL_NO_OCB -union ublock { - unsigned char *chrblk; - OCB_BLOCK *ocbblk; -}; - /* * Calculate the number of binary trailing zero's in any given number */ @@ -88,23 +83,18 @@ static void ocb_block_lshift(OCB_BLOCK *in, size_t shift, OCB_BLOCK *out) unsigned char shift_mask; int i; unsigned char mask[15]; - union ublock locin; - union ublock locout; - - locin.ocbblk = in; - locout.ocbblk = out; shift_mask = 0xff; shift_mask <<= (8 - shift); for (i = 15; i >= 0; i--) { if (i > 0) { - mask[i - 1] = locin.chrblk[i] & shift_mask; + mask[i - 1] = in->c[i] & shift_mask; mask[i - 1] >>= 8 - shift; } - locout.chrblk[i] = locin.chrblk[i] << shift; + out->c[i] = in->c[i] << shift; if (i != 15) { - locout.chrblk[i] ^= mask[i]; + out->c[i] ^= mask[i]; } } } @@ -115,23 +105,18 @@ static void ocb_block_lshift(OCB_BLOCK *in, size_t shift, OCB_BLOCK *out) static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out) { unsigned char mask; - union ublock locin; - union ublock locout; - - locin.ocbblk = in; - locout.ocbblk = out; /* * Calculate the mask based on the most significant bit. There are more * efficient ways to do this - but this way is constant time */ - mask = locin.chrblk[0] & 0x80; + mask = in->c[0] & 0x80; mask >>= 7; mask *= 135; ocb_block_lshift(in, 1, out); - locout.chrblk[15] ^= mask; + out->c[15] ^= mask; } /* @@ -153,20 +138,34 @@ static void ocb_block_xor(const unsigned char *in1, */ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx) { - if (idx <= ctx->l_index) { + size_t l_index = ctx->l_index; + + if (idx <= l_index) { return ctx->l + idx; } /* We don't have it - so calculate it */ - ctx->l_index++; - if (ctx->l_index == ctx->max_l_index) { - ctx->max_l_index *= 2; + if (idx >= ctx->max_l_index) { + /* + * Each additional entry allows to process almost double as + * much data, so that in linear world the table will need to + * be expanded with smaller and smaller increments. Originally + * it was doubling in size, which was a waste. Growing it + * linearly is not formally optimal, but is simpler to implement. + * We grow table by minimally required 4*n that would accommodate + * the index. + */ + ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3; ctx->l = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK)); if (!ctx->l) return NULL; } - ocb_double(ctx->l + (idx - 1), ctx->l + idx); + while (l_index <= idx) { + ocb_double(ctx->l + l_index, ctx->l + l_index + 1); + l_index++; + } + ctx->l_index = l_index; return ctx->l + idx; } @@ -177,13 +176,7 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx) static void ocb_encrypt(OCB128_CONTEXT *ctx, OCB_BLOCK *in, OCB_BLOCK *out, void *keyenc) { - union ublock locin; - union ublock locout; - - locin.ocbblk = in; - locout.ocbblk = out; - - ctx->encrypt(locin.chrblk, locout.chrblk, keyenc); + ctx->encrypt(in->c, out->c, keyenc); } /* @@ -192,13 +185,7 @@ static void ocb_encrypt(OCB128_CONTEXT *ctx, OCB_BLOCK *in, OCB_BLOCK *out, static void ocb_decrypt(OCB128_CONTEXT *ctx, OCB_BLOCK *in, OCB_BLOCK *out, void *keydec) { - union ublock locin; - union ublock locout; - - locin.ocbblk = in; - locout.ocbblk = out; - - ctx->decrypt(locin.chrblk, locout.chrblk, keydec); + ctx->decrypt(in->c, out->c, keydec); } /* @@ -228,7 +215,7 @@ int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, { memset(ctx, 0, sizeof(*ctx)); ctx->l_index = 0; - ctx->max_l_index = 1; + ctx->max_l_index = 5; ctx->l = OPENSSL_malloc(ctx->max_l_index * 16); if (ctx->l == NULL) return 0; @@ -252,6 +239,13 @@ int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, /* L_0 = double(L_$) */ ocb_double(&ctx->l_dollar, ctx->l); + /* L_{i} = double(L_{i-1}) */ + ocb_double(ctx->l, ctx->l+1); + ocb_double(ctx->l+1, ctx->l+2); + ocb_double(ctx->l+2, ctx->l+3); + ocb_double(ctx->l+3, ctx->l+4); + ctx->l_index = 4; /* enough to process up to 496 bytes */ + return 1; } @@ -284,9 +278,6 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, unsigned char ktop[16], tmp[16], mask; unsigned char stretch[24], nonce[16]; size_t bottom, shift; - union ublock offset; - - offset.ocbblk = &ctx->offset; /* * Spec says IV is 120 bits or fewer - it allows non byte aligned lengths. @@ -320,7 +311,7 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, &ctx->offset); mask = 0xff; mask <<= 8 - shift; - offset.chrblk[15] |= + ctx->offset.c[15] |= (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); return 1; @@ -423,14 +414,14 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ inblock = (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16)); - ocb_block16_xor(&ctx->offset, inblock, &tmp1); + ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1); + /* Checksum_i = Checksum_{i-1} xor P_i */ + ocb_block16_xor_misaligned(&ctx->checksum, inblock, &ctx->checksum); ocb_encrypt(ctx, &tmp1, &tmp2, ctx->keyenc); outblock = (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16)); - ocb_block16_xor(&ctx->offset, &tmp2, outblock); + ocb_block16_xor_misaligned(&ctx->offset, &tmp2, outblock); - /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&ctx->checksum, inblock, &ctx->checksum); } /* @@ -496,14 +487,14 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ inblock = (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16)); - ocb_block16_xor(&ctx->offset, inblock, &tmp1); + ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1); ocb_decrypt(ctx, &tmp1, &tmp2, ctx->keydec); outblock = (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16)); - ocb_block16_xor(&ctx->offset, &tmp2, outblock); + ocb_block16_xor_misaligned(&ctx->offset, &tmp2, outblock); /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&ctx->checksum, outblock, &ctx->checksum); + ocb_block16_xor_misaligned(&ctx->checksum, outblock, &ctx->checksum); } /* From appro at openssl.org Wed Dec 2 09:54:45 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 02 Dec 2015 09:54:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449050085.706781.10768.nullmailer@dev.openssl.org> The branch master has been updated via 2238e0e45d03ec9ba15e9547f7739cc6987a8f57 (commit) from 81f3d6323dcda6a18b06c718600d6a4739e83263 (commit) - Log ----------------------------------------------------------------- commit 2238e0e45d03ec9ba15e9547f7739cc6987a8f57 Author: Andy Polyakov Date: Tue Dec 1 12:21:08 2015 +0100 crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/sparcv9cap.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index 1731ef6..2058640 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -115,6 +115,17 @@ static void common_handler(int sig) siglongjmp(common_jmp, sig); } +#if defined(__sun) && defined(__SVR4) +# if defined(__GNUC__) && __GNUC__>=2 +extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__ ((weak)); +# elif defined(__SUNPRO_C) +#pragma weak getisax +extern unsigned int getisax(unsigned int vec[], unsigned int sz); +# else +static unsigned int (*getisax) (unsigned int vec[], unsigned int sz) = NULL; +# endif +#endif + void OPENSSL_cpuid_setup(void) { char *e; @@ -133,6 +144,42 @@ void OPENSSL_cpuid_setup(void) return; } +#if defined(__sun) && defined(__SVR4) + if (getisax != NULL) { + unsigned int vec[1]; + + if (getisax (vec,1)) { + if (vec[0]&0x0020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1; + if (vec[0]&0x0040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; + if (vec[0]&0x0080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK; + if (vec[0]&0x0100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; + if (vec[0]&0x0400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; + + /* reconstruct %cfr copy */ + OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff; + OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1; + if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C; + + /* Some heuristics */ + /* all known VIS2-capable CPUs have unprivileged tick counter */ + if (OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS2) + OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; + + OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU; + + /* detect UltraSPARC-Tx, see sparccpud.S for details... */ + if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS1) && + _sparcv9_vis1_instrument() >= 12) + OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); + } + + if (sizeof(size_t) == 8) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; + + return; + } +#endif + /* Initial value, fits UltraSPARC-I&II... */ OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED; From appro at openssl.org Wed Dec 2 09:56:48 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 02 Dec 2015 09:56:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1449050208.165091.11995.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 15c62b0dfde7bab80a404bf544c25eb7a8322fe4 (commit) from 94f98a9019e1c0a3be4ca904b2c27c7af3d937c0 (commit) - Log ----------------------------------------------------------------- commit 15c62b0dfde7bab80a404bf544c25eb7a8322fe4 Author: Andy Polyakov Date: Tue Dec 1 12:21:08 2015 +0100 crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris. Reviewed-by: Rich Salz (cherry picked from commit 2238e0e45d03ec9ba15e9547f7739cc6987a8f57) ----------------------------------------------------------------------- Summary of changes: crypto/sparcv9cap.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index 8bf2846..a36e461 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -237,6 +237,17 @@ static void common_handler(int sig) siglongjmp(common_jmp, sig); } +#if defined(__sun) && defined(__SVR4) +# if defined(__GNUC__) && __GNUC__>=2 +extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__ ((weak)); +# elif defined(__SUNPRO_C) +#pragma weak getisax +extern unsigned int getisax(unsigned int vec[], unsigned int sz); +# else +static unsigned int (*getisax) (unsigned int vec[], unsigned int sz) = NULL; +# endif +#endif + void OPENSSL_cpuid_setup(void) { char *e; @@ -255,6 +266,42 @@ void OPENSSL_cpuid_setup(void) return; } +#if defined(__sun) && defined(__SVR4) + if (getisax != NULL) { + unsigned int vec[1]; + + if (getisax (vec,1)) { + if (vec[0]&0x0020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1; + if (vec[0]&0x0040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; + if (vec[0]&0x0080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK; + if (vec[0]&0x0100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; + if (vec[0]&0x0400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; + + /* reconstruct %cfr copy */ + OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff; + OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1; + if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C; + + /* Some heuristics */ + /* all known VIS2-capable CPUs have unprivileged tick counter */ + if (OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS2) + OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; + + OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU; + + /* detect UltraSPARC-Tx, see sparccpud.S for details... */ + if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS1) && + _sparcv9_vis1_instrument() >= 12) + OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); + } + + if (sizeof(size_t) == 8) + OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; + + return; + } +#endif + /* Initial value, fits UltraSPARC-I&II... */ OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED; From builds at travis-ci.org Wed Dec 2 10:27:35 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 10:27:35 +0000 Subject: [openssl-commits] Broken: openssl/openssl#754 (master - 81f3d63) In-Reply-To: Message-ID: <565ec79785091_33fa90c5662fc995475@1993b04a-c52f-4529-93f0-c2623dee2d2e.mail> Build Update for openssl/openssl ------------------------------------- Build: #754 Status: Broken Duration: 22 minutes and 59 seconds Commit: 81f3d63 (master) Author: Andy Polyakov Message: modes/ocb128.c: split fixed block xors to aligned and misaligned. Main goal was to improve performance on RISC platforms, e.g. 10% was measured on MIPS, POWER8... Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/338f5727c88b...81f3d6323dcd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94360898 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Dec 2 11:01:26 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 11:01:26 +0000 Subject: [openssl-commits] Broken: openssl/openssl#755 (master - 2238e0e) In-Reply-To: Message-ID: <565ecf863a51b_33f9c3c8268d426468a@448487e8-10be-4da9-a285-975ad6705475.mail> Build Update for openssl/openssl ------------------------------------- Build: #755 Status: Broken Duration: 45 minutes and 56 seconds Commit: 2238e0e (master) Author: Andy Polyakov Message: crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris. Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/81f3d6323dcd...2238e0e45d03 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94361730 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Dec 2 15:49:11 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Dec 2015 15:49:11 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449071351.903420.15625.nullmailer@dev.openssl.org> The branch master has been updated via 012c5408507b0c85e0af14efbda51d906d620508 (commit) from 2238e0e45d03ec9ba15e9547f7739cc6987a8f57 (commit) - Log ----------------------------------------------------------------- commit 012c5408507b0c85e0af14efbda51d906d620508 Author: Richard Levitte Date: Wed Dec 2 13:19:45 2015 +0100 Add backtrace to memory leak output This is an option for builds with gcc and --strict-warnings. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- crypto/mem_dbg.c | 75 ++++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 50 insertions(+), 27 deletions(-) diff --git a/Configure b/Configure index cd4f37f..6de3757 100755 --- a/Configure +++ b/Configure @@ -97,7 +97,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -rdynamic -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DCRYPTO_MDEBUG_BACKTRACE -DREF_CHECK -DDEBUG_UNUSED"; # These are used in addition to $gcc_devteam_warn when the compiler is clang. # TODO(openssl-team): fix problems and investigate if (at least) the diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index c19847e..c2fe8af 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -117,6 +117,9 @@ #include #include #include +#if defined(CRYPTO_MDEBUG_BACKTRACE) && defined(__GNUC__) +# include +#endif static int mh_mode = CRYPTO_MEM_CHECK_OFF; /* @@ -175,6 +178,10 @@ typedef struct mem_st unsigned long order; time_t time; APP_INFO *app_info; +#if defined(CRYPTO_MDEBUG_BACKTRACE) && defined(__GNUC__) + void *array[30]; + size_t array_siz; +#endif } MEM; static long options = /* extra information to be recorded */ @@ -515,6 +522,9 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, m->time = time(NULL); else m->time = 0; +#if defined(CRYPTO_MDEBUG_BACKTRACE) && defined(__GNUC__) + m->array_siz = backtrace(m->array, OSSL_NELEM(m->array)); +#endif CRYPTO_THREADID_current(&tmp.threadid); m->app_info = NULL; @@ -608,6 +618,9 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, #endif mp->addr = addr2; mp->num = num; +#if defined(CRYPTO_MDEBUG_BACKTRACE) && defined(__GNUC__) + mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array)); +#endif (void)lh_MEM_insert(mh, mp); } @@ -672,36 +685,36 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) amip = m->app_info; ami_cnt = 0; - if (!amip) - return; - CRYPTO_THREADID_cpy(&ti, &amip->threadid); - - do { - int buf_len; - int info_len; - - ami_cnt++; - memset(buf, '>', ami_cnt); - BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, - " thread=%lu, file=%s, line=%d, info=\"", - CRYPTO_THREADID_hash(&amip->threadid), amip->file, - amip->line); - buf_len = strlen(buf); - info_len = strlen(amip->info); - if (128 - buf_len - 3 < info_len) { - memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); - buf_len = 128 - 3; - } else { - BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); + if (amip) { + CRYPTO_THREADID_cpy(&ti, &amip->threadid); + + do { + int buf_len; + int info_len; + + ami_cnt++; + memset(buf, '>', ami_cnt); + BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, + " thread=%lu, file=%s, line=%d, info=\"", + CRYPTO_THREADID_hash(&amip->threadid), amip->file, + amip->line); buf_len = strlen(buf); - } - BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); + info_len = strlen(amip->info); + if (128 - buf_len - 3 < info_len) { + memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); + buf_len = 128 - 3; + } else { + BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); + buf_len = strlen(buf); + } + BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); - BIO_puts(l->bio, buf); + BIO_puts(l->bio, buf); - amip = amip->next; + amip = amip->next; + } + while (amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti)); } - while (amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti)); #ifdef LEVITTE_DEBUG_MEM if (amip) { @@ -709,6 +722,16 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) abort(); } #endif +#if defined(CRYPTO_MDEBUG_BACKTRACE) && defined(__GNUC__) + { + size_t i; + char **strings = backtrace_symbols(m->array, m->array_siz); + for (i = 0; i < m->array_siz; i++) + fprintf(stderr, "##> %s\n", strings[i]); + + free(strings); + } +#endif } static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM, MEM_LEAK) From builds at travis-ci.org Wed Dec 2 16:39:16 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 16:39:16 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#757 (master - 012c540) In-Reply-To: Message-ID: <565f1eb3c278d_33f9c3c81488c5252a0@448487e8-10be-4da9-a285-975ad6705475.mail> Build Update for openssl/openssl ------------------------------------- Build: #757 Status: Still Failing Duration: 48 minutes and 32 seconds Commit: 012c540 (master) Author: Richard Levitte Message: Add backtrace to memory leak output This is an option for builds with gcc and --strict-warnings. Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/2238e0e45d03...012c5408507b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94426788 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Dec 2 17:27:44 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Dec 2015 17:27:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449077264.791407.21256.nullmailer@dev.openssl.org> The branch master has been updated via f9fd35248c9a3b1125d9ab82ffb19d62e86533ac (commit) from 012c5408507b0c85e0af14efbda51d906d620508 (commit) - Log ----------------------------------------------------------------- commit f9fd35248c9a3b1125d9ab82ffb19d62e86533ac Author: Richard Levitte Date: Wed Dec 2 18:18:03 2015 +0100 _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: test/ssltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/test/ssltest.c b/test/ssltest.c index 1128ec8..68d48d1 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -142,6 +142,7 @@ /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #define _BSD_SOURCE 1 +#define _DEFAULT_SOURCE 1 #include #include From rsalz at openssl.org Wed Dec 2 17:40:50 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 02 Dec 2015 17:40:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449078050.146023.26997.nullmailer@dev.openssl.org> The branch master has been updated via 0aca86b313d286be979629a3193a12e17bf7171a (commit) from f9fd35248c9a3b1125d9ab82ffb19d62e86533ac (commit) - Log ----------------------------------------------------------------- commit 0aca86b313d286be979629a3193a12e17bf7171a Author: Rich Salz Date: Wed Dec 2 12:20:49 2015 -0500 Run test_ordinals after update Catch a common 'make update' failure: conflicting ordinals. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Makefile.org | 5 ++++- test/recipes/{90-test_ordinals.t => 01-test_ordinals.t} | 0 2 files changed, 4 insertions(+), 1 deletion(-) rename test/recipes/{90-test_ordinals.t => 01-test_ordinals.t} (100%) diff --git a/Makefile.org b/Makefile.org index 6cd20f8..08c7000 100644 --- a/Makefile.org +++ b/Makefile.org @@ -436,6 +436,9 @@ rehash.time: certs apps test: tests +test_ordinals: + $(MAKE) TESTS=test_ordinals test + tests: rehash @(cd test && echo "testing..." && \ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); @@ -450,7 +453,7 @@ list-tests: report: @$(PERL) util/selftest.pl -update: errors stacks util/libeay.num util/ssleay.num TABLE +update: errors stacks util/libeay.num util/ssleay.num TABLE test_ordinals @set -e; target=update; $(RECURSIVE_BUILD_CMD) depend: diff --git a/test/recipes/90-test_ordinals.t b/test/recipes/01-test_ordinals.t similarity index 100% rename from test/recipes/90-test_ordinals.t rename to test/recipes/01-test_ordinals.t From levitte at openssl.org Wed Dec 2 17:50:09 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Dec 2015 17:50:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1449078609.758555.30745.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via e979e4715f3795cb59fcf46c77e7c714a184edd8 (commit) from 2c02faeecd2bd321d6b8dd7bbd2f34325785fd03 (commit) - Log ----------------------------------------------------------------- commit e979e4715f3795cb59fcf46c77e7c714a184edd8 Author: Richard Levitte Date: Wed Dec 2 18:18:03 2015 +0100 _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz (cherry picked from commit f9fd35248c9a3b1125d9ab82ffb19d62e86533ac) ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 2f5a134..7a758f0 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -116,6 +116,7 @@ /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #define _BSD_SOURCE 1 +#define _DEFAULT_SOURCE 1 #include #include From levitte at openssl.org Wed Dec 2 17:50:24 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Dec 2015 17:50:24 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1449078624.437523.31021.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 015b17257855e31003eb29a70280764c3c822710 (commit) from 295b9e8cbdd7dce3a0372a5990472f83acf3456b (commit) - Log ----------------------------------------------------------------- commit 015b17257855e31003eb29a70280764c3c822710 Author: Richard Levitte Date: Wed Dec 2 18:18:03 2015 +0100 _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz (cherry picked from commit f9fd35248c9a3b1125d9ab82ffb19d62e86533ac) ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 12d68e3..9605546 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -142,6 +142,7 @@ /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #define _BSD_SOURCE 1 +#define _DEFAULT_SOURCE 1 #include #include From levitte at openssl.org Wed Dec 2 17:50:28 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Dec 2015 17:50:28 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1449078628.020861.31251.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via fb35ea28f4f64263adf3e85327e6d73ab980fe25 (commit) from 41d049e1cda0e23ad45fbca94fc90cfe9cfee466 (commit) - Log ----------------------------------------------------------------- commit fb35ea28f4f64263adf3e85327e6d73ab980fe25 Author: Richard Levitte Date: Wed Dec 2 18:18:03 2015 +0100 _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz (cherry picked from commit f9fd35248c9a3b1125d9ab82ffb19d62e86533ac) ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 6a0c293..349ee1e 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -142,6 +142,7 @@ /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #define _BSD_SOURCE 1 +#define _DEFAULT_SOURCE 1 #include #include From levitte at openssl.org Wed Dec 2 17:50:32 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Dec 2015 17:50:32 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1449078632.175151.31503.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 87bc193bc19eccce049666ba102e58dae41dc941 (commit) from 15c62b0dfde7bab80a404bf544c25eb7a8322fe4 (commit) - Log ----------------------------------------------------------------- commit 87bc193bc19eccce049666ba102e58dae41dc941 Author: Richard Levitte Date: Wed Dec 2 18:18:03 2015 +0100 _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz (cherry picked from commit f9fd35248c9a3b1125d9ab82ffb19d62e86533ac) ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 6737adf..aaf6c6b 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -142,6 +142,7 @@ /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #define _BSD_SOURCE 1 +#define _DEFAULT_SOURCE 1 #include #include From steve at openssl.org Wed Dec 2 17:52:14 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 02 Dec 2015 17:52:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449078734.639823.32498.nullmailer@dev.openssl.org> The branch master has been updated via df04754be7a73cbe813cb58f2f7b42d8e3402c56 (commit) via 7f572e958b13041056f377a62d3219633cfb1e8a (commit) from 0aca86b313d286be979629a3193a12e17bf7171a (commit) - Log ----------------------------------------------------------------- commit df04754be7a73cbe813cb58f2f7b42d8e3402c56 Author: Dr. Stephen Henson Date: Wed Dec 2 17:03:20 2015 +0000 make update Reviewed-by: Richard Levitte commit 7f572e958b13041056f377a62d3219633cfb1e8a Author: Dr. Stephen Henson Date: Wed Dec 2 13:57:04 2015 +0000 Remove legacy sign/verify from EVP_MD. Remove sign/verify and required_pkey_type fields of EVP_MD: these are a legacy from when digests were linked to public key types. All signing is now handled by the corresponding EVP_PKEY_METHOD. Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms already block unsupported types. Remove now obsolete EVP_dss1() and EVP_ecdsa(). Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_sign.c | 19 +++--- crypto/engine/eng_openssl.c | 1 - crypto/evp/Makefile | 24 +------ crypto/evp/c_alld.c | 9 --- crypto/evp/m_dss1.c | 102 ---------------------------- crypto/evp/m_ecdsa.c | 151 ------------------------------------------ crypto/evp/m_md4.c | 1 - crypto/evp/m_md5.c | 1 - crypto/evp/m_md5_sha1.c | 1 - crypto/evp/m_mdc2.c | 1 - crypto/evp/m_null.c | 1 - crypto/evp/m_ripemd.c | 1 - crypto/evp/m_sha1.c | 15 ++--- crypto/evp/m_wp.c | 1 - crypto/evp/p_sign.c | 52 +++++---------- crypto/evp/p_verify.c | 47 ++++--------- crypto/rsa/rsa_pmeth.c | 27 +++++++- doc/crypto/EVP_DigestInit.pod | 14 ++-- engines/ccgost/gost_crypt.c | 3 - engines/ccgost/gost_md.c | 5 +- engines/e_dasync.c | 3 +- engines/e_ossltest.c | 13 ++-- include/openssl/evp.h | 61 ----------------- ssl/ssl_algs.c | 9 --- test/ecdsatest.c | 2 +- util/libeay.num | 4 +- 26 files changed, 80 insertions(+), 488 deletions(-) delete mode 100644 crypto/evp/m_dss1.c delete mode 100644 crypto/evp/m_ecdsa.c diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index ab1959e..18923b1 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -260,17 +260,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, rv = 2; if (rv == 2) { - if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - if (!pkey->ameth || - !OBJ_find_sigid_by_algs(&signid, - EVP_MD_nid(type), - pkey->ameth->pkey_id)) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, - ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); - return 0; - } - } else - signid = type->pkey_type; + if (!pkey->ameth || + !OBJ_find_sigid_by_algs(&signid, + EVP_MD_nid(type), + pkey->ameth->pkey_id)) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, + ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + return 0; + } if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) paramtype = V_ASN1_NULL; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 41754f7..ba9adf0 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -363,7 +363,6 @@ static const EVP_MD test_sha_md = { test_sha1_final, NULL, NULL, - EVP_PKEY_RSA_method, SHA_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA_CTX), }; diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index c672296..ee0998d 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -20,7 +20,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ - m_md5_sha1.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ + m_md5_sha1.c m_mdc2.c m_ripemd.c \ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -33,7 +33,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \ - m_md5_sha1.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ + m_md5_sha1.o m_mdc2.o m_ripemd.o \ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ @@ -460,26 +460,6 @@ evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h evp_pkey.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h evp_pkey.o: evp_pkey.c -m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss1.o: ../include/internal/cryptlib.h m_dss1.c -m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h -m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -m_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_ecdsa.o: ../include/internal/cryptlib.h m_ecdsa.c m_md2.o: ../../e_os.h ../../include/openssl/bio.h m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 0c68bad..70e462d 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -75,15 +75,6 @@ void OpenSSL_add_all_digests(void) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -# ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss1()); - EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -# endif -# ifndef OPENSSL_NO_EC - EVP_add_digest(EVP_ecdsa()); -# endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c deleted file mode 100644 index 77a10cf..0000000 --- a/crypto/evp/m_dss1.c +++ /dev/null @@ -1,102 +0,0 @@ -/* crypto/evp/m_dss1.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "internal/cryptlib.h" - -#include -#include -#include -#ifndef OPENSSL_NO_DSA -# include -#endif - -static int init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD dss1_md = { - NID_dsa, - NID_dsaWithSHA1, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_PKEY_DIGEST, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_NULL_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_dss1(void) -{ - return (&dss1_md); -} diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c deleted file mode 100644 index 745752d..0000000 --- a/crypto/evp/m_ecdsa.c +++ /dev/null @@ -1,151 +0,0 @@ -/* crypto/evp/m_ecdsa.c */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include - -static int init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD ecdsa_md = { - NID_ecdsa_with_SHA1, - NID_ecdsa_with_SHA1, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_PKEY_DIGEST, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_NULL_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_ecdsa(void) -{ - return (&ecdsa_md); -} diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 2ef3023..80021b6 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -94,7 +94,6 @@ static const EVP_MD md4_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, MD4_CBLOCK, sizeof(EVP_MD *) + sizeof(MD4_CTX), }; diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index cd021f5..4ada7d1 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -94,7 +94,6 @@ static const EVP_MD md5_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, MD5_CBLOCK, sizeof(EVP_MD *) + sizeof(MD5_CTX), }; diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 2504e95..22cd7ce 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -171,7 +171,6 @@ static const EVP_MD md5_sha1_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, MD5_CBLOCK, sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), ctrl diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 272d9cb..ffd1b0e 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -94,7 +94,6 @@ static const EVP_MD mdc2_md = { final, NULL, NULL, - EVP_PKEY_RSA_ASN1_OCTET_STRING_method, MDC2_BLOCK, sizeof(EVP_MD *) + sizeof(MDC2_CTX), }; diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index 7374e69..c91f6cb 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -87,7 +87,6 @@ static const EVP_MD null_md = { final, NULL, NULL, - EVP_PKEY_NULL_method, 0, sizeof(EVP_MD *), }; diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index 30046c8..f1c745c 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -94,7 +94,6 @@ static const EVP_MD ripemd160_md = { final, NULL, NULL, - EVP_PKEY_RSA_method, RIPEMD160_CBLOCK, sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), }; diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 42e986d..c913cae 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -139,13 +139,12 @@ static const EVP_MD sha1_md = { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init, update, final, NULL, NULL, - EVP_PKEY_NULL_method, SHA_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA_CTX), ctrl @@ -185,13 +184,12 @@ static const EVP_MD sha224_md = { NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init224, update256, final256, NULL, NULL, - EVP_PKEY_NULL_method, SHA256_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -205,13 +203,12 @@ static const EVP_MD sha256_md = { NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init256, update256, final256, NULL, NULL, - EVP_PKEY_NULL_method, SHA256_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -246,13 +243,12 @@ static const EVP_MD sha384_md = { NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init384, update512, final512, NULL, NULL, - EVP_PKEY_NULL_method, SHA512_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; @@ -266,13 +262,12 @@ static const EVP_MD sha512_md = { NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, init512, update512, final512, NULL, NULL, - EVP_PKEY_NULL_method, SHA512_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 76258b6..9ab3c62 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -35,7 +35,6 @@ static const EVP_MD whirlpool_md = { final, NULL, NULL, - EVP_PKEY_NULL_method, WHIRLPOOL_BBLOCK / 8, sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), }; diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index df507a5..808d0de 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -67,7 +67,8 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; - int i = 0, ok = 0, v = 0; + int i = 0; + size_t sltmp; EVP_PKEY_CTX *pkctx = NULL; *siglen = 0; @@ -86,43 +87,20 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, return 0; } - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - size_t sltmp = (size_t)EVP_PKEY_size(pkey); - i = 0; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (pkctx == NULL) - goto err; - if (EVP_PKEY_sign_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; - i = 1; + sltmp = (size_t)EVP_PKEY_size(pkey); + i = 0; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pkctx == NULL) + goto err; + if (EVP_PKEY_sign_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; + i = 1; err: EVP_PKEY_CTX_free(pkctx); return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (0); - } - - if (ctx->digest->sign == NULL) { - EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED); - return (0); - } - return ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, - pkey->pkey.ptr); } diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 892c646..9802dcc 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, { unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len = 0; - int i = 0, ok = 0, v = 0; + int i = 0; EVP_PKEY_CTX *pkctx = NULL; if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { @@ -85,39 +85,16 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, return 0; } - if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { - i = -1; - pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (pkctx == NULL) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) - goto err; - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); + i = -1; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pkctx == NULL) + goto err; + if (EVP_PKEY_verify_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: - EVP_PKEY_CTX_free(pkctx); - return i; - } - - for (i = 0; i < 4; i++) { - v = ctx->digest->required_pkey_type[i]; - if (v == 0) - break; - if (pkey->type == v) { - ok = 1; - break; - } - } - if (!ok) { - EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); - return (-1); - } - if (ctx->digest->verify == NULL) { - EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); - return (0); - } - - return (ctx->digest->verify(ctx->digest->type, m, m_len, - sigbuf, siglen, pkey->pkey.ptr)); + EVP_PKEY_CTX_free(pkctx); + return i; } diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index a2022bb..8c8e0e8 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -377,20 +377,43 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, static int check_padding_md(const EVP_MD *md, int padding) { + int mdnid; if (!md) return 1; + mdnid = EVP_MD_type(md); + if (padding == RSA_NO_PADDING) { RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); return 0; } if (padding == RSA_X931_PADDING) { - if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { + if (RSA_X931_hash_id(mdnid) == -1) { RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); return 0; } - return 1; + } else { + switch(mdnid) { + /* List of all supported RSA digests */ + case NID_sha1: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + case NID_md5: + case NID_md5_sha1: + case NID_md2: + case NID_md4: + case NID_mdc2: + case NID_ripemd160: + return 1; + + default: + RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST); + return 0; + + } } return 1; diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 1616309..cfb9e14 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -7,7 +7,7 @@ EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1, -EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss1, EVP_mdc2, +EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines @@ -50,7 +50,6 @@ EVP digest routines const EVP_MD *EVP_md2(void); const EVP_MD *EVP_md5(void); const EVP_MD *EVP_sha1(void); - const EVP_MD *EVP_dss1(void); const EVP_MD *EVP_mdc2(void); const EVP_MD *EVP_ripemd160(void); @@ -137,11 +136,6 @@ EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 and RIPEMD160 digest algorithms respectively. -EVP_dss1() returns B an structure the SHA1 digest -algorithm but using DSS (DSA) for the signature algorithm. Note: there is -no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are -however retained for compatibility. - EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it returns is of zero length. @@ -164,7 +158,7 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and EVP_MD_CTX_block_size() return the digest or block size in bytes. EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), -EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the +EVP_mdc2() and EVP_ripemd160() return pointers to the corresponding EVP_MD structures. EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() @@ -261,7 +255,7 @@ L =head1 HISTORY The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now EVP_sha1() can be used with RSA and DSA; there is no need to -use EVP_dss1() any more. +later, so now EVP_sha1() can be used with RSA and DSA. The legacy EVP_dss1() +was removed in OpenSSL 1.1.0 =cut diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c index e2a2ff6..fb066d9 100644 --- a/engines/ccgost/gost_crypt.c +++ b/engines/ccgost/gost_crypt.c @@ -95,9 +95,6 @@ EVP_MD imit_gost_cpa = { gost_imit_final, gost_imit_copy, gost_imit_cleanup, - NULL, - NULL, - {0, 0, 0, 0, 0}, 8, sizeof(struct ossl_gost_imit_ctx), gost_imit_ctrl diff --git a/engines/ccgost/gost_md.c b/engines/ccgost/gost_md.c index 1ccc6be..6c96a1b 100644 --- a/engines/ccgost/gost_md.c +++ b/engines/ccgost/gost_md.c @@ -23,15 +23,12 @@ EVP_MD digest_gost = { NID_id_GostR3411_94, NID_undef, 32, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + 0, gost_digest_init, gost_digest_update, gost_digest_final, gost_digest_copy, gost_digest_cleanup, - NULL, - NULL, - {NID_undef, NID_undef, 0, 0, 0}, 32, sizeof(struct ossl_gost_digest_ctx), NULL diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 04f72a4..c31b43a 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -94,13 +94,12 @@ static const EVP_MD dasync_sha1 = { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, dasync_sha1_init, dasync_sha1_update, dasync_sha1_final, NULL, NULL, - EVP_PKEY_NULL_method, SHA_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA_CTX), }; diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index b3b9bc0..94e53cd 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -107,7 +107,6 @@ static const EVP_MD digest_md5 = { digest_md5_final, NULL, NULL, - EVP_PKEY_RSA_method, MD5_CBLOCK, sizeof(EVP_MD *) + sizeof(MD5_CTX), }; @@ -122,13 +121,12 @@ static const EVP_MD digest_sha1 = { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, digest_sha1_init, digest_sha1_update, digest_sha1_final, NULL, NULL, - EVP_PKEY_NULL_method, SHA_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA_CTX), }; @@ -143,13 +141,12 @@ static const EVP_MD digest_sha256 = { NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, digest_sha256_init, digest_sha256_update, digest_sha256_final, NULL, NULL, - EVP_PKEY_NULL_method, SHA256_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA256_CTX), }; @@ -166,13 +163,12 @@ static const EVP_MD digest_sha384 = { NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, digest_sha384_init, digest_sha512_update, digest_sha384_final, NULL, NULL, - EVP_PKEY_NULL_method, SHA512_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; @@ -181,13 +177,12 @@ static const EVP_MD digest_sha512 = { NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + EVP_MD_FLAG_DIGALGID_ABSENT, digest_sha512_init, digest_sha512_update, digest_sha512_final, NULL, NULL, - EVP_PKEY_NULL_method, SHA512_CBLOCK, sizeof(EVP_MD *) + sizeof(SHA512_CTX), }; diff --git a/include/openssl/evp.h b/include/openssl/evp.h index c9659b3..910f39b 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -158,42 +158,15 @@ struct evp_md_st { int (*final) (EVP_MD_CTX *ctx, unsigned char *md); int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); int (*cleanup) (EVP_MD_CTX *ctx); - /* FIXME: prototype these some day */ - int (*sign) (int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, void *key); - int (*verify) (int type, const unsigned char *m, unsigned int m_length, - const unsigned char *sigbuf, unsigned int siglen, - void *key); - int required_pkey_type[5]; /* EVP_PKEY_xxx */ int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ /* control function */ int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); } /* EVP_MD */ ; -typedef int evp_sign_method(int type, const unsigned char *m, - unsigned int m_length, unsigned char *sigret, - unsigned int *siglen, void *key); -typedef int evp_verify_method(int type, const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, void *key); - /* digest can only handle a single block */ # define EVP_MD_FLAG_ONESHOT 0x0001 -/* - * digest is a "clone" digest used - * which is a copy of an existing - * one for a specific public key type. - * EVP_dss1() etc - */ -# define EVP_MD_FLAG_PKEY_DIGEST 0x0002 - -/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ - -# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 - /* DigestAlgorithmIdentifier flags... */ # define EVP_MD_FLAG_DIGALGID_MASK 0x0018 @@ -222,38 +195,6 @@ typedef int evp_verify_method(int type, const unsigned char *m, # define EVP_MD_CTRL_ALG_CTRL 0x1000 -# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} - -# ifndef OPENSSL_NO_DSA -# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ - (evp_verify_method *)DSA_verify, \ - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ - EVP_PKEY_DSA4,0} -# else -# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method -# endif - -# ifndef OPENSSL_NO_EC -# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ - (evp_verify_method *)ECDSA_verify, \ - {EVP_PKEY_EC,0,0,0} -# else -# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method -# endif - -# ifndef OPENSSL_NO_RSA -# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ - (evp_verify_method *)RSA_verify, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ - (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ - {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} -# else -# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method -# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method -# endif - # endif /* !EVP_MD */ struct evp_md_ctx_st { @@ -772,8 +713,6 @@ const EVP_MD *EVP_md5(void); const EVP_MD *EVP_md5_sha1(void); # endif const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_dss1(void); -const EVP_MD *EVP_ecdsa(void); const EVP_MD *EVP_sha224(void); const EVP_MD *EVP_sha256(void); const EVP_MD *EVP_sha384(void); diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 9c12e19..9a7f155 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -121,15 +121,6 @@ int SSL_library_init(void) EVP_add_digest(EVP_sha256()); EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#if !defined(OPENSSL_NO_DSA) - EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ - EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); -#endif -#ifndef OPENSSL_NO_EC - EVP_add_digest(EVP_ecdsa()); -#endif #ifndef OPENSSL_NO_COMP /* * This will initialise the built-in compression algorithms. The value diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 9754869..d56836f 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -196,7 +196,7 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) EVP_MD_CTX_init(&md_ctx); /* get the message digest */ - if (!EVP_DigestInit(&md_ctx, EVP_ecdsa()) + if (!EVP_DigestInit(&md_ctx, EVP_sha1()) || !EVP_DigestUpdate(&md_ctx, (const void *)message, 3) || !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) goto x962_int_err; diff --git a/util/libeay.num b/util/libeay.num index 4e2ac48..f6bbf06 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -302,7 +302,7 @@ EVP_des_ede_ofb 309 EXIST::FUNCTION:DES EVP_des_ofb 310 EXIST::FUNCTION:DES EVP_desx_cbc 311 EXIST::FUNCTION:DES EVP_dss 312 NOEXIST::FUNCTION: -EVP_dss1 313 EXIST::FUNCTION:DSA +EVP_dss1 313 NOEXIST::FUNCTION: EVP_enc_null 314 EXIST::FUNCTION: EVP_get_cipherbyname 315 EXIST::FUNCTION: EVP_get_digestbyname 316 EXIST::FUNCTION: @@ -3320,7 +3320,7 @@ X509_policy_check 3720 EXIST::FUNCTION: EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION: STORE_set_ex_data 3722 NOEXIST::FUNCTION: ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE -EVP_ecdsa 3724 EXIST::FUNCTION: +EVP_ecdsa 3724 NOEXIST::FUNCTION: BN_BLINDING_get_flags 3725 EXIST::FUNCTION: PKCS12_add_cert 3726 EXIST::FUNCTION: STORE_OBJECT_new 3727 NOEXIST::FUNCTION: From levitte at openssl.org Wed Dec 2 18:20:51 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Dec 2015 18:20:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449080451.492378.16313.nullmailer@dev.openssl.org> The branch master has been updated via a1d3f3d1d0711eeece52f132e73b533d814770ac (commit) from df04754be7a73cbe813cb58f2f7b42d8e3402c56 (commit) - Log ----------------------------------------------------------------- commit a1d3f3d1d0711eeece52f132e73b533d814770ac Author: Richard Levitte Date: Wed Dec 2 18:44:26 2015 +0100 Move the backtrace memleak options to a separate variable The contents of this variable ($memleak_devteam_backtrace) is added to $cflags unless we build for a platform we know doesn't support gcc's -rdynamic och backtrace() and friends. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: Configure | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index 6de3757..9e9f100 100755 --- a/Configure +++ b/Configure @@ -97,7 +97,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -rdynamic -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DCRYPTO_MDEBUG_BACKTRACE -DREF_CHECK -DDEBUG_UNUSED"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED"; # These are used in addition to $gcc_devteam_warn when the compiler is clang. # TODO(openssl-team): fix problems and investigate if (at least) the @@ -108,6 +108,11 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare # -Wextended-offsetof my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations"; +# These are used in addition to $gcc_devteam_warn unless this is a mingw build. +# This adds backtrace information to the memory leak info. +my $memleak_devteam_backtrace = "-rdynamic -DCRYPTO_MDEBUG_BACKTRACE"; + + my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -1749,6 +1754,13 @@ if ($strict_warnings) $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } } + if ($target !~ /^mingw/) + { + foreach $wopt (split /\s+/, $memleak_devteam_backtrace) + { + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } + } } open(IN," The branch master has been updated via 19c6d3ea2d3b4e0ad3e978e42cc7cbdf0c09891f (commit) from a1d3f3d1d0711eeece52f132e73b533d814770ac (commit) - Log ----------------------------------------------------------------- commit 19c6d3ea2d3b4e0ad3e978e42cc7cbdf0c09891f Author: Dr. Stephen Henson Date: Wed Dec 2 14:30:39 2015 +0000 Remove RSA_FLAG_SIGN_VER flag. Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary compatibility after RSA_METHOD was extended to include rsa_sign and rsa_verify fields. It is no longer needed. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_sign.c | 4 ++-- doc/crypto/RSA_set_method.pod | 7 ------- engines/e_capi.c | 2 +- include/openssl/rsa.h | 10 +--------- 4 files changed, 4 insertions(+), 19 deletions(-) diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 9f4649a..3aea4e4 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -77,7 +77,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; - if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { + if (rsa->meth->rsa_sign) { return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); } /* Special case: SSL signature, just check the length */ @@ -271,7 +271,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { - if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { + if (rsa->meth->rsa_verify) { return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); } diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod index 5191844..d09fed2 100644 --- a/doc/crypto/RSA_set_method.pod +++ b/doc/crypto/RSA_set_method.pod @@ -115,22 +115,15 @@ the default method is used. /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key * operations, even if p,q,dmp1,dmq1,iqmp * are NULL - * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match */ int flags; char *app_data; /* ?? */ - /* sign. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa); - /* verify. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ int (*rsa_verify)(int dtype, const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, diff --git a/engines/e_capi.c b/engines/e_capi.c index b2ae577..1e41b26 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -436,7 +436,7 @@ static RSA_METHOD capi_rsa_method = { 0, /* bn_mod_exp */ 0, /* init */ capi_rsa_free, /* finish */ - RSA_FLAG_SIGN_VER, /* flags */ + 0, /* flags */ NULL, /* app_data */ capi_rsa_sign, /* rsa_sign */ 0 /* rsa_verify */ diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 734a327..d47eeb1 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -107,9 +107,7 @@ struct rsa_meth_st { * New sign and verify functions: some libraries don't allow arbitrary * data to be signed/verified: this allows them to be used. Note: for * this to work the RSA_public_decrypt() and RSA_private_encrypt() should - * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note: - * for backwards compatibility this functionality is only enabled if the - * RSA_FLAG_SIGN_VER option is set in 'flags'. + * *NOT* be used RSA_sign(), RSA_verify() should be used instead. */ int (*rsa_sign) (int type, const unsigned char *m, unsigned int m_length, @@ -196,12 +194,6 @@ struct rsa_st { # define RSA_FLAG_EXT_PKEY 0x0020 /* - * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify - * functions. - */ -# define RSA_FLAG_SIGN_VER 0x0040 - -/* * new with 0.9.6j and 0.9.7b; the built-in * RSA implementation now uses blinding by * default (ignoring RSA_FLAG_BLINDING), From levitte at openssl.org Wed Dec 2 18:40:09 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Dec 2015 18:40:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449081609.498333.26364.nullmailer@dev.openssl.org> The branch master has been updated via 16b6081e0d96be87fa53b9932c7c589d7ad9edab (commit) from 19c6d3ea2d3b4e0ad3e978e42cc7cbdf0c09891f (commit) - Log ----------------------------------------------------------------- commit 16b6081e0d96be87fa53b9932c7c589d7ad9edab Author: Richard Levitte Date: Wed Dec 2 18:54:15 2015 +0100 Fix ./Configure reconf './Configure reconf' hasn't been working for a while, because a perl lable needs to be immediately followed by a block. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: Configure | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index 9e9f100..edc9757 100755 --- a/Configure +++ b/Configure @@ -952,6 +952,7 @@ while($argv_unprocessed) $argvstring=join(' ', at argvcopy); PROCESS_ARGS: + { my %unsupported_options = (); foreach (@argvcopy) { @@ -1148,7 +1149,7 @@ PROCESS_ARGS: join(", ", keys %unsupported_options), "\n"; } } - + } if ($processor eq "386") From builds at travis-ci.org Wed Dec 2 18:42:55 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 18:42:55 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#759 (master - f9fd352) In-Reply-To: Message-ID: <565f3baed90df_33f9c436b4e18615040@448487e8-10be-4da9-a285-975ad6705475.mail> Build Update for openssl/openssl ------------------------------------- Build: #759 Status: Still Failing Duration: 47 minutes and 2 seconds Commit: f9fd352 (master) Author: Richard Levitte Message: _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead The feature_test_macros(7) manual tells us that _BSD_SOURCE is deprecated since glibc 2.20 and that the compiler will warn about it being used, unless _DEFAULT_SOURCE is defined as well. Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/012c5408507b...f9fd35248c9a View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94450578 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Dec 2 19:13:11 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 19:13:11 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#760 (master - 0aca86b) In-Reply-To: Message-ID: <565f42c6abb3_33fa0fd118d60386714@37547907-1319-4c89-8ce3-8c9e3005f48e.mail> Build Update for openssl/openssl ------------------------------------- Build: #760 Status: Still Failing Duration: 40 minutes and 45 seconds Commit: 0aca86b (master) Author: Rich Salz Message: Run test_ordinals after update Catch a common 'make update' failure: conflicting ordinals. Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/f9fd35248c9a...0aca86b313d2 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94453693 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Dec 2 20:36:16 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 20:36:16 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#765 (master - df04754) In-Reply-To: Message-ID: <565f56406c0ca_33fa0fd110ebc482785@37547907-1319-4c89-8ce3-8c9e3005f48e.mail> Build Update for openssl/openssl ------------------------------------- Build: #765 Status: Still Failing Duration: 46 minutes and 43 seconds Commit: df04754 (master) Author: Dr. Stephen Henson Message: make update Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/0aca86b313d2...df04754be7a7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94456157 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Dec 2 21:11:53 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 21:11:53 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#766 (master - a1d3f3d) In-Reply-To: Message-ID: <565f5e9978e81_33f9c384fefe87216e@448487e8-10be-4da9-a285-975ad6705475.mail> Build Update for openssl/openssl ------------------------------------- Build: #766 Status: Still Failing Duration: 45 minutes and 1 second Commit: a1d3f3d (master) Author: Richard Levitte Message: Move the backtrace memleak options to a separate variable The contents of this variable ($memleak_devteam_backtrace) is added to $cflags unless we build for a platform we know doesn't support gcc's -rdynamic och backtrace() and friends. Reviewed-by: Andy Polyakov View the changeset: https://github.com/openssl/openssl/compare/df04754be7a7...a1d3f3d1d071 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94462329 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Dec 2 21:45:05 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 21:45:05 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#767 (master - 19c6d3e) In-Reply-To: Message-ID: <565f6660ed279_33f87c46b6c882187c8@43aef3ad-98a7-493a-9b38-f59399f4db6c.mail> Build Update for openssl/openssl ------------------------------------- Build: #767 Status: Still Failing Duration: 39 minutes and 33 seconds Commit: 19c6d3e (master) Author: Dr. Stephen Henson Message: Remove RSA_FLAG_SIGN_VER flag. Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary compatibility after RSA_METHOD was extended to include rsa_sign and rsa_verify fields. It is no longer needed. Reviewed-by: Richard Levitte View the changeset: https://github.com/openssl/openssl/compare/a1d3f3d1d071...19c6d3ea2d3b View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94462821 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve at openssl.org Wed Dec 2 22:16:49 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 02 Dec 2015 22:16:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1449094609.579553.9546.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via d585cc32a55e65573051225b29dc62171f59e05a (commit) from fb35ea28f4f64263adf3e85327e6d73ab980fe25 (commit) - Log ----------------------------------------------------------------- commit d585cc32a55e65573051225b29dc62171f59e05a Author: Dr. Stephen Henson Date: Wed Dec 2 21:49:37 2015 +0000 typo Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e2beb40..fcfc2fb 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -966,7 +966,7 @@ int ssl3_check_client_hello(SSL *s) int ssl3_get_client_hello(SSL *s) { - int i, j, ok, al, ret = -1, cookie_valid = 0;; + int i, j, ok, al, ret = -1, cookie_valid = 0; unsigned int cookie_len; long n; unsigned long id; From builds at travis-ci.org Wed Dec 2 22:16:59 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 22:16:59 +0000 Subject: [openssl-commits] Still Failing: openssl/openssl#768 (master - 16b6081) In-Reply-To: Message-ID: <565f6ddbb8467_33f9c436b4e1876563d@448487e8-10be-4da9-a285-975ad6705475.mail> Build Update for openssl/openssl ------------------------------------- Build: #768 Status: Still Failing Duration: 44 minutes and 32 seconds Commit: 16b6081 (master) Author: Richard Levitte Message: Fix ./Configure reconf './Configure reconf' hasn't been working for a while, because a perl lable needs to be immediately followed by a block. Reviewed-by: Andy Polyakov View the changeset: https://github.com/openssl/openssl/compare/19c6d3ea2d3b...16b6081e0d96 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94466035 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From appro at openssl.org Wed Dec 2 22:41:02 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 02 Dec 2015 22:41:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449096062.704500.22271.nullmailer@dev.openssl.org> The branch master has been updated via 1bbea403842493aa7187aab5d3d3f26ae7874bd4 (commit) from 16b6081e0d96be87fa53b9932c7c589d7ad9edab (commit) - Log ----------------------------------------------------------------- commit 1bbea403842493aa7187aab5d3d3f26ae7874bd4 Author: Andy Polyakov Date: Wed Dec 2 16:25:08 2015 +0100 modes/ocb128.c: fix sanitizer warning. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/modes/ocb128.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index d49aa6e..6206755 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -78,7 +78,8 @@ static u32 ocb_ntz(u64 n) /* * Shift a block of 16 bytes left by shift bits */ -static void ocb_block_lshift(OCB_BLOCK *in, size_t shift, OCB_BLOCK *out) +static void ocb_block_lshift(const unsigned char *in, size_t shift, + unsigned char *out) { unsigned char shift_mask; int i; @@ -88,13 +89,13 @@ static void ocb_block_lshift(OCB_BLOCK *in, size_t shift, OCB_BLOCK *out) shift_mask <<= (8 - shift); for (i = 15; i >= 0; i--) { if (i > 0) { - mask[i - 1] = in->c[i] & shift_mask; + mask[i - 1] = in[i] & shift_mask; mask[i - 1] >>= 8 - shift; } - out->c[i] = in->c[i] << shift; + out[i] = in[i] << shift; if (i != 15) { - out->c[i] ^= mask[i]; + out[i] ^= mask[i]; } } } @@ -114,7 +115,7 @@ static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out) mask >>= 7; mask *= 135; - ocb_block_lshift(in, 1, out); + ocb_block_lshift(in->c, 1, out->c); out->c[15] ^= mask; } @@ -307,8 +308,7 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, /* Offset_0 = Stretch[1+bottom..128+bottom] */ shift = bottom % 8; - ocb_block_lshift((OCB_BLOCK *)(stretch + (bottom / 8)), shift, - &ctx->offset); + ocb_block_lshift(stretch + (bottom / 8), shift, ctx->offset.c); mask = 0xff; mask <<= 8 - shift; ctx->offset.c[15] |= From builds at travis-ci.org Wed Dec 2 23:24:11 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 02 Dec 2015 23:24:11 +0000 Subject: [openssl-commits] Fixed: openssl/openssl#770 (master - 1bbea40) In-Reply-To: Message-ID: <565f7d9a45e2b_33f87bdfc40d4364363@43aef3ad-98a7-493a-9b38-f59399f4db6c.mail> Build Update for openssl/openssl ------------------------------------- Build: #770 Status: Fixed Duration: 42 minutes and 28 seconds Commit: 1bbea40 (master) Author: Andy Polyakov Message: modes/ocb128.c: fix sanitizer warning. Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/16b6081e0d96...1bbea4038424 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/94517168 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Dec 3 05:00:32 2015 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 03 Dec 2015 05:00:32 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_0_1-stable.71 Message-ID: <20151203050032.347.94796@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Dec 3 06:40:52 2015 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 03 Dec 2015 06:40:52 +0000 Subject: [openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.72 Message-ID: <20151203064052.6832.49478@appveyor.com> An HTML attachment was scrubbed... URL: From appro at openssl.org Thu Dec 3 12:24:35 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 03 Dec 2015 12:24:35 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1449145475.410737.21394.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 005f4893dc770d77eb07a098da32e0fca87f07b6 (commit) from d585cc32a55e65573051225b29dc62171f59e05a (commit) - Log ----------------------------------------------------------------- commit 005f4893dc770d77eb07a098da32e0fca87f07b6 Author: Andy Polyakov Date: Thu Dec 3 12:29:49 2015 +0100 e_os.h: limit _MSC_VER trickery to older compilers. PR: #3390, backport from 1.0.2. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: e_os.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/e_os.h b/e_os.h index c9c7aaf..76c471e 100644 --- a/e_os.h +++ b/e_os.h @@ -315,7 +315,7 @@ static __inline unsigned int _strlen31(const char *str) # undef isxdigit # endif # if defined(_MSC_VER) && !defined(_DLL) && defined(stdin) -# if _MSC_VER>=1300 +# if _MSC_VER>=1300 && _MSC_VER<1600 # undef stdin # undef stdout # undef stderr @@ -323,7 +323,7 @@ FILE *__iob_func(); # define stdin (&__iob_func()[0]) # define stdout (&__iob_func()[1]) # define stderr (&__iob_func()[2]) -# elif defined(I_CAN_LIVE_WITH_LNK4049) +# elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049) # undef stdin # undef stdout # undef stderr From appro at openssl.org Thu Dec 3 12:29:54 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 03 Dec 2015 12:29:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449145794.271504.22789.nullmailer@dev.openssl.org> The branch master has been updated via b5516cfbd65de9331d827012fc5bdace1953613e (commit) from 1bbea403842493aa7187aab5d3d3f26ae7874bd4 (commit) - Log ----------------------------------------------------------------- commit b5516cfbd65de9331d827012fc5bdace1953613e Author: Andy Polyakov Date: Wed Dec 2 14:32:08 2015 +0100 perlasm/ppc-xlate.pl: comply with ABIs that specify vrsave as reserved. RT#4162 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/perlasm/ppc-xlate.pl | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index f89e814..0f46cf0 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -151,6 +151,26 @@ my $vmr = sub { " vor $vx,$vy,$vy"; }; +# Some ABIs specify vrsave, special-purpose register #256, as reserved +# for system use. +my $no_vrsave = ($flavour =~ /aix|linux64le/); +my $mtspr = sub { + my ($f,$idx,$ra) = @_; + if ($idx == 256 && $no_vrsave) { + " or $ra,$ra,$ra"; + } else { + " mtspr $idx,$ra"; + } +}; +my $mfspr = sub { + my ($f,$rd,$idx) = @_; + if ($idx == 256 && $no_vrsave) { + " li $rd,-1"; + } else { + " mfspr $rd,$idx"; + } +}; + # PowerISA 2.06 stuff sub vsxmem_op { my ($f, $vrt, $ra, $rb, $op) = @_; From appro at openssl.org Thu Dec 3 12:30:48 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 03 Dec 2015 12:30:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1449145848.622630.23761.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via babe434c99251cd1e3c84d6906f579509343186c (commit) from 87bc193bc19eccce049666ba102e58dae41dc941 (commit) - Log ----------------------------------------------------------------- commit babe434c99251cd1e3c84d6906f579509343186c Author: Andy Polyakov Date: Wed Dec 2 14:32:08 2015 +0100 perlasm/ppc-xlate.pl: comply with ABIs that specify vrsave as reserved. RT#4162 Reviewed-by: Richard Levitte (cherry picked from commit b5516cfbd65de9331d827012fc5bdace1953613e) ----------------------------------------------------------------------- Summary of changes: crypto/perlasm/ppc-xlate.pl | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index f89e814..0f46cf0 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -151,6 +151,26 @@ my $vmr = sub { " vor $vx,$vy,$vy"; }; +# Some ABIs specify vrsave, special-purpose register #256, as reserved +# for system use. +my $no_vrsave = ($flavour =~ /aix|linux64le/); +my $mtspr = sub { + my ($f,$idx,$ra) = @_; + if ($idx == 256 && $no_vrsave) { + " or $ra,$ra,$ra"; + } else { + " mtspr $idx,$ra"; + } +}; +my $mfspr = sub { + my ($f,$rd,$idx) = @_; + if ($idx == 256 && $no_vrsave) { + " li $rd,-1"; + } else { + " mfspr $rd,$idx"; + } +}; + # PowerISA 2.06 stuff sub vsxmem_op { my ($f, $vrt, $ra, $rb, $op) = @_; From levitte at openssl.org Thu Dec 3 14:26:56 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Dec 2015 14:26:56 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1449152816.083920.28900.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via fb4f46763fed3c600db21974577061b611b6fa46 (commit) from babe434c99251cd1e3c84d6906f579509343186c (commit) - Log ----------------------------------------------------------------- commit fb4f46763fed3c600db21974577061b611b6fa46 Author: Richard Levitte Date: Thu Dec 3 15:20:10 2015 +0100 Add cleanup of *.s Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/ec/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index 359ef4e..8949145 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -89,7 +89,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. From matt at openssl.org Thu Dec 3 15:34:36 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:34:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449156876.073129.16815.nullmailer@dev.openssl.org> The branch master has been updated via 29851264f11ccc70c6c0140d7e3d8d93ef5c9b11 (commit) from b5516cfbd65de9331d827012fc5bdace1953613e (commit) - Log ----------------------------------------------------------------- commit 29851264f11ccc70c6c0140d7e3d8d93ef5c9b11 Author: Andy Polyakov Date: Tue Dec 1 09:00:32 2015 +0100 bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193). Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++--- test/bntest.c | 18 ++++++++++++++++++ 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 388e3c6..64e668f 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -1784,6 +1784,15 @@ sqr8x_reduction: .align 32 .L8x_tail_done: add (%rdx),%r8 # can this overflow? + adc \$0,%r9 + adc \$0,%r10 + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 # can't overflow, because we + # started with "overhung" part + # of multiplication xor %rax,%rax neg $carry @@ -3130,6 +3139,15 @@ sqrx8x_reduction: .align 32 .Lsqrx8x_tail_done: add 24+8(%rsp),%r8 # can this overflow? + adc \$0,%r9 + adc \$0,%r10 + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 # can't overflow, because we + # started with "overhung" part + # of multiplication mov $carry,%rax # xor %rax,%rax sub 16+8(%rsp),$carry # mov 16(%rsp),%cf @@ -3173,13 +3191,11 @@ my ($rptr,$nptr)=("%rdx","%rbp"); my @ri=map("%r$_",(10..13)); my @ni=map("%r$_",(14..15)); $code.=<<___; - xor %rbx,%rbx + xor %ebx,%ebx sub %r15,%rsi # compare top-most words adc %rbx,%rbx mov %rcx,%r10 # -$num - .byte 0x67 or %rbx,%rax - .byte 0x67 mov %rcx,%r9 # -$num xor \$1,%rax sar \$3+2,%rcx # cf=0 diff --git a/test/bntest.c b/test/bntest.c index 9caa2c9..9542800 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -1023,6 +1023,24 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) return 0; } } + + /* Regression test for carry propagation bug in sqr8x_reduction */ + BN_hex2bn(&a, "050505050505"); + BN_hex2bn(&b, "02"); + BN_hex2bn(&c, + "4141414141414141414141274141414141414141414141414141414141414141" + "4141414141414141414141414141414141414141414141414141414141414141" + "4141414141414141414141800000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000001"); + BN_mod_exp(d, a, b, c, ctx); + BN_mul(e, a, a, ctx); + if (BN_cmp(d, e)) { + fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n"); + return 0; + } + BN_free(a); BN_free(b); BN_free(c); From matt at openssl.org Thu Dec 3 15:34:49 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:34:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1449156889.911733.17663.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8a27243c7bca665cf940acd66ee9bf578ee8e8a9 (commit) via bfe07df40c13ea2564bb4577620180e3f4849e23 (commit) via 33223e733a3765a779feb82497a0bdc9d9321209 (commit) via 9330fbd07f8f544d978465cc9f6390037a87c16a (commit) via 00456fded43eadd4bb94bf675ae4ea5d158a764f (commit) via c394a488942387246653833359a5c94b5832674e (commit) via d73cc256c8e256c32ed959456101b73ba9842f72 (commit) via cc598f321fbac9c04da5766243ed55d55948637d (commit) from fb4f46763fed3c600db21974577061b611b6fa46 (commit) - Log ----------------------------------------------------------------- commit 8a27243c7bca665cf940acd66ee9bf578ee8e8a9 Author: Matt Caswell Date: Thu Dec 3 14:45:41 2015 +0000 Prepare for 1.0.2f-dev Reviewed-by: Richard Levitte commit bfe07df40c13ea2564bb4577620180e3f4849e23 Author: Matt Caswell Date: Thu Dec 3 14:44:31 2015 +0000 Prepare for 1.0.2e release Reviewed-by: Richard Levitte commit 33223e733a3765a779feb82497a0bdc9d9321209 Author: Matt Caswell Date: Thu Dec 3 14:44:31 2015 +0000 make update Reviewed-by: Richard Levitte commit 9330fbd07f8f544d978465cc9f6390037a87c16a Author: Matt Caswell Date: Tue Dec 1 14:39:47 2015 +0000 Update CHANGES and NEWS Update the CHANGES and NEWS files for the new release. Reviewed-by: Richard Levitte commit 00456fded43eadd4bb94bf675ae4ea5d158a764f Author: Dr. Stephen Henson Date: Wed Nov 4 13:30:03 2015 +0000 Add test for CVE-2015-3194 Reviewed-by: Richard Levitte commit c394a488942387246653833359a5c94b5832674e Author: Dr. Stephen Henson Date: Fri Oct 2 12:35:19 2015 +0100 Add PSS parameter check. Avoid seg fault by checking mgf1 parameter is not NULL. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Lo?c Jonas Etienne (Qnective AG) for discovering this bug. CVE-2015-3194 Reviewed-by: Richard Levitte commit d73cc256c8e256c32ed959456101b73ba9842f72 Author: Andy Polyakov Date: Tue Dec 1 09:00:32 2015 +0100 bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193). Reviewed-by: Richard Levitte (cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107) commit cc598f321fbac9c04da5766243ed55d55948637d Author: Dr. Stephen Henson Date: Tue Nov 10 19:03:07 2015 +0000 Fix leak with ASN.1 combine. When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 62 ++++++++++++++++++++++++++++++++++++++++++- NEWS | 12 ++++++++- README | 2 +- crypto/asn1/tasn_dec.c | 7 +++-- crypto/bn/asm/x86_64-mont5.pl | 22 ++++++++++++--- crypto/bn/bntest.c | 18 +++++++++++++ crypto/opensslv.h | 6 ++--- crypto/rsa/rsa_ameth.c | 2 +- openssl.spec | 2 +- test/Makefile | 7 ++--- test/certs/pss1.pem | 21 +++++++++++++++ test/tx509 | 7 +++++ 12 files changed, 152 insertions(+), 16 deletions(-) create mode 100644 test/certs/pss1.pem diff --git a/CHANGES b/CHANGES index 1dc6dc6..32bd5c5 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,57 @@ OpenSSL CHANGES _______________ - Changes between 1.0.2d and 1.0.2e [xx XXX xxxx] + Changes between 1.0.2e and 1.0.2f [xx XXX xxxx] + + *) + + Changes between 1.0.2d and 1.0.2e [3 Dec 2015] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. + + This issue was reported to OpenSSL by Hanno B?ck. + (CVE-2015-3193) + [Andy Polyakov] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Lo?c Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. This changes the decoding behaviour for some invalid messages, @@ -27,8 +77,18 @@ This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). + (CVE-2015-1793) [Matt Caswell] + *) Race condition handling PSK identify hint + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + Changes between 1.0.2b and 1.0.2c [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI diff --git a/NEWS b/NEWS index cb5674b..6d32f75 100644 --- a/NEWS +++ b/NEWS @@ -5,13 +5,23 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [under development] + Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [under development] o + Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] + + o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) + o Certificate verify crash with missing PSS parameter (CVE-2015-3194) + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs + o In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] o Alternate chains certificate forgery (CVE-2015-1793) + o Race condition handling PSK identify hint (CVE-2015-3196) Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] diff --git a/README b/README index ddc3dd1..4198f72 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2e-dev + OpenSSL 1.0.2f-dev Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index febf605..9256049 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 388e3c6..64e668f 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -1784,6 +1784,15 @@ sqr8x_reduction: .align 32 .L8x_tail_done: add (%rdx),%r8 # can this overflow? + adc \$0,%r9 + adc \$0,%r10 + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 # can't overflow, because we + # started with "overhung" part + # of multiplication xor %rax,%rax neg $carry @@ -3130,6 +3139,15 @@ sqrx8x_reduction: .align 32 .Lsqrx8x_tail_done: add 24+8(%rsp),%r8 # can this overflow? + adc \$0,%r9 + adc \$0,%r10 + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 # can't overflow, because we + # started with "overhung" part + # of multiplication mov $carry,%rax # xor %rax,%rax sub 16+8(%rsp),$carry # mov 16(%rsp),%cf @@ -3173,13 +3191,11 @@ my ($rptr,$nptr)=("%rdx","%rbp"); my @ri=map("%r$_",(10..13)); my @ni=map("%r$_",(14..15)); $code.=<<___; - xor %rbx,%rbx + xor %ebx,%ebx sub %r15,%rsi # compare top-most words adc %rbx,%rbx mov %rcx,%r10 # -$num - .byte 0x67 or %rbx,%rax - .byte 0x67 mov %rcx,%r9 # -$num xor \$1,%rax sar \$3+2,%rcx # cf=0 diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 8b8a152..1e35988 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -1016,6 +1016,24 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx) return 0; } } + + /* Regression test for carry propagation bug in sqr8x_reduction */ + BN_hex2bn(&a, "050505050505"); + BN_hex2bn(&b, "02"); + BN_hex2bn(&c, + "4141414141414141414141274141414141414141414141414141414141414141" + "4141414141414141414141414141414141414141414141414141414141414141" + "4141414141414141414141800000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000001"); + BN_mod_exp(d, a, b, c, ctx); + BN_mul(e, a, a, ctx); + if (BN_cmp(d, e)) { + fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n"); + return 0; + } + BN_free(a); BN_free(b); BN_free(c); diff --git a/crypto/opensslv.h b/crypto/opensslv.h index faaf63f..f4931f5 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10002050L +# define OPENSSL_VERSION_NUMBER 0x10002060L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index ca3922e..4e06218 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) { const unsigned char *p; int plen; - if (alg == NULL) + if (alg == NULL || alg->parameter == NULL) return NULL; if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) return NULL; diff --git a/openssl.spec b/openssl.spec index 45e737a..72ace12 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2e +Version: 1.0.2f Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/test/Makefile b/test/Makefile index 8cbb5ad..b180971 100644 --- a/test/Makefile +++ b/test/Makefile @@ -588,9 +588,10 @@ clienthellotest.o: ../include/openssl/buffer.h ../include/openssl/comp.h clienthellotest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h clienthellotest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h clienthellotest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -clienthellotest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -clienthellotest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -clienthellotest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +clienthellotest.o: ../include/openssl/err.h ../include/openssl/evp.h +clienthellotest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +clienthellotest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +clienthellotest.o: ../include/openssl/objects.h clienthellotest.o: ../include/openssl/opensslconf.h clienthellotest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h clienthellotest.o: ../include/openssl/pem.h ../include/openssl/pem2.h diff --git a/test/certs/pss1.pem b/test/certs/pss1.pem new file mode 100644 index 0000000..29da71d --- /dev/null +++ b/test/certs/pss1.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI +AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD +VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz +NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj +ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH +qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL +IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT +IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k +dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq +QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa +5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2 +4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB +Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii +BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb +xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn +plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY +DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p +NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ +lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8= +-----END CERTIFICATE----- diff --git a/test/tx509 b/test/tx509 index 0ce3b52..77f5cac 100644 --- a/test/tx509 +++ b/test/tx509 @@ -74,5 +74,12 @@ if [ $? != 0 ]; then exit 1; fi cmp x509-f.p x509-ff.p3 if [ $? != 0 ]; then exit 1; fi +echo "Parsing test certificates" + +$cmd -in certs/pss1.pem -text -noout >/dev/null +if [ $? != 0 ]; then exit 1; fi + +echo OK + /bin/rm -f x509-f.* x509-ff.* x509-fff.* exit 0 From matt at openssl.org Thu Dec 3 15:35:04 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:35:04 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1449156904.696895.17987.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via d82626caec9cb3f8da346125434f17eb180d4ef1 (commit) via 55615e8d48a4ddd684fcbfc7ba6523ed6414c8fc (commit) via 56edb20184ac7ea5fec1636a4cae3b8ba5c0d5d1 (commit) via ac3dd9b7e6e2182ae3d1a8dc6c522cef9385f511 (commit) via d8541d7e9e63bf5f343af24644046c8d96498c17 (commit) via b29ffa392e839d05171206523e84909146f7a77c (commit) from 005f4893dc770d77eb07a098da32e0fca87f07b6 (commit) - Log ----------------------------------------------------------------- commit d82626caec9cb3f8da346125434f17eb180d4ef1 Author: Matt Caswell Date: Thu Dec 3 14:51:13 2015 +0000 Prepare for 1.0.1r-dev Reviewed-by: Richard Levitte commit 55615e8d48a4ddd684fcbfc7ba6523ed6414c8fc Author: Matt Caswell Date: Thu Dec 3 14:50:26 2015 +0000 Prepare for 1.0.1q release Reviewed-by: Richard Levitte commit 56edb20184ac7ea5fec1636a4cae3b8ba5c0d5d1 Author: Matt Caswell Date: Thu Dec 3 14:50:26 2015 +0000 make update Reviewed-by: Richard Levitte commit ac3dd9b7e6e2182ae3d1a8dc6c522cef9385f511 Author: Matt Caswell Date: Tue Dec 1 14:39:47 2015 +0000 Update CHANGES and NEWS Update the CHANGES and NEWS files for the new release. Reviewed-by: Richard Levitte commit d8541d7e9e63bf5f343af24644046c8d96498c17 Author: Dr. Stephen Henson Date: Fri Oct 2 13:10:29 2015 +0100 Add PSS parameter check. Avoid seg fault by checking mgf1 parameter is not NULL. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Lo?c Jonas Etienne (Qnective AG) for discovering this bug. CVE-2015-3194 Reviewed-by: Matt Caswell commit b29ffa392e839d05171206523e84909146f7a77c Author: Dr. Stephen Henson Date: Tue Nov 10 19:03:07 2015 +0000 Fix leak with ASN.1 combine. When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 47 ++++++++++++++++++++++++++++++++++++++++++----- NEWS | 11 ++++++++++- README | 2 +- crypto/asn1/tasn_dec.c | 7 +++++-- crypto/opensslv.h | 6 +++--- crypto/rsa/rsa_ameth.c | 2 +- openssl.spec | 2 +- test/Makefile | 7 ++++--- 8 files changed, 67 insertions(+), 17 deletions(-) diff --git a/CHANGES b/CHANGES index 178d010..915b1f6 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,38 @@ OpenSSL CHANGES _______________ - Changes between 1.0.1p and 1.0.1q [xx XXX xxxx] + Changes between 1.0.1q and 1.0.1r [xx XXX xxxx] + + *) + + Changes between 1.0.1p and 1.0.1q [3 Dec 2015] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Lo?c Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. This changes the decoding behaviour for some invalid messages, @@ -14,9 +45,6 @@ return an error [Rich Salz and Ismo Puustinen ] - *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites - from RFC4279, RFC4785, RFC5487, RFC5489. - Changes between 1.0.1o and 1.0.1p [9 Jul 2015] *) Alternate chains certificate forgery @@ -30,10 +58,19 @@ This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). + (CVE-2015-1793) [Matt Caswell] - Changes between 1.0.1n and 1.0.1o [12 Jun 2015] + *) Race condition handling PSK identify hint + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + + Changes between 1.0.1n and 1.0.1o [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. diff --git a/NEWS b/NEWS index ea0c716..e712f14 100644 --- a/NEWS +++ b/NEWS @@ -5,13 +5,22 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [under development] + Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [under development] o + Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015] + + o Certificate verify crash with missing PSS parameter (CVE-2015-3194) + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs + o In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] o Alternate chains certificate forgery (CVE-2015-1793) + o Race condition handling PSK identify hint (CVE-2015-3196) Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] diff --git a/README b/README index edf5138..ad7a748 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.1q-dev + OpenSSL 1.0.1r-dev Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index febf605..9256049 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 78eef03..0bb1bc1 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10001110L +# define OPENSSL_VERSION_NUMBER 0x10001120L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 93e071d..c7f1148 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -279,7 +279,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, if (pss->maskGenAlgorithm) { ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 - && param->type == V_ASN1_SEQUENCE) { + && param && param->type == V_ASN1_SEQUENCE) { p = param->value.sequence->data; plen = param->value.sequence->length; *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); diff --git a/openssl.spec b/openssl.spec index 7ceb322..386f9f6 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl #Version: %{libmaj}.%{libmin}.%{librel} -Version: 1.0.1q +Version: 1.0.1r Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/test/Makefile b/test/Makefile index 522af50..0afae14 100644 --- a/test/Makefile +++ b/test/Makefile @@ -572,9 +572,10 @@ clienthellotest.o: ../include/openssl/buffer.h ../include/openssl/comp.h clienthellotest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h clienthellotest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h clienthellotest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -clienthellotest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -clienthellotest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -clienthellotest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +clienthellotest.o: ../include/openssl/err.h ../include/openssl/evp.h +clienthellotest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +clienthellotest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +clienthellotest.o: ../include/openssl/objects.h clienthellotest.o: ../include/openssl/opensslconf.h clienthellotest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h clienthellotest.o: ../include/openssl/pem.h ../include/openssl/pem2.h From matt at openssl.org Thu Dec 3 15:35:15 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:35:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1449156915.116812.18293.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via f93aad4a56a1580a109785c2c922fe6b8baf7df9 (commit) via ce052c8437fb97cbc57f034fa94b5bcd749dbf52 (commit) via a402b2b7bcff8d6901aa771e49c45cf38836e7bf (commit) via d275dbe6eb7b720b8920f712eea79044f845a4bb (commit) via cf432b3b1bd7caa22943b41b94ec2472ae497dc6 (commit) from 015b17257855e31003eb29a70280764c3c822710 (commit) - Log ----------------------------------------------------------------- commit f93aad4a56a1580a109785c2c922fe6b8baf7df9 Author: Matt Caswell Date: Thu Dec 3 14:57:35 2015 +0000 Prepare for 1.0.0u-dev Reviewed-by: Richard Levitte commit ce052c8437fb97cbc57f034fa94b5bcd749dbf52 Author: Matt Caswell Date: Thu Dec 3 14:56:22 2015 +0000 Prepare for 1.0.0t release Reviewed-by: Richard Levitte commit a402b2b7bcff8d6901aa771e49c45cf38836e7bf Author: Matt Caswell Date: Tue Dec 1 14:39:47 2015 +0000 Update CHANGES and NEWS Update the CHANGES and NEWS files for the new release. Reviewed-by: Rich Salz commit d275dbe6eb7b720b8920f712eea79044f845a4bb Author: Dr. Stephen Henson Date: Mon Feb 23 12:57:50 2015 +0000 Free up passed ASN.1 structure if reused. Change the "reuse" behaviour in ASN1_item_d2i: if successful the old structure is freed and a pointer to the new one used. If it is not successful then the passed structure is untouched. Exception made for primitive types so ssl_asn1.c still works. Reviewed-by: Tim Hudson Reviewed-by: Emilia K?sper Conflicts: doc/crypto/d2i_X509.pod commit cf432b3b1bd7caa22943b41b94ec2472ae497dc6 Author: Dr. Stephen Henson Date: Tue Nov 10 19:03:07 2015 +0000 Fix leak with ASN.1 combine. When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 25 ++++++++++++++++++++++++- NEWS | 7 ++++++- README | 2 +- crypto/asn1/tasn_dec.c | 21 +++++++++++++++------ crypto/opensslv.h | 6 +++--- doc/crypto/d2i_X509.pod | 10 +++++++++- openssl.spec | 2 +- 7 files changed, 59 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index ccf2c03..9cea9e6 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,33 @@ OpenSSL CHANGES _______________ - Changes between 1.0.0s and 1.0.0t [xx XXX xxxx] + Changes between 1.0.0t and 1.0.0u [xx XXX xxxx] *) + Changes between 1.0.0s and 1.0.0t [3 Dec 2015] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + + *) Race condition handling PSK identify hint + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + (CVE-2015-3196) + [Stephen Henson] + Changes between 1.0.0r and 1.0.0s [11 Jun 2015] *) Malformed ECParameters causes infinite loop diff --git a/NEWS b/NEWS index 99ba960..d688d4b 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [under development] + Major changes between OpenSSL 1.0.0t and OpenSSL 1.0.0u [under development] o + Major changes between OpenSSL 1.0.0s and OpenSSL 1.0.0t [3 Dec 2015] + + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + o Race condition handling PSK identify hint (CVE-2015-3196) + Major changes between OpenSSL 1.0.0r and OpenSSL 1.0.0s [11 Jun 2015] o Malformed ECParameters causes infinite loop (CVE-2015-1788) diff --git a/README b/README index 1a70b7f..f2f62b0 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.0t-dev + OpenSSL 1.0.0u-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 7fd336a..f56eb4c 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -140,11 +140,17 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; - if (!pval) - pval = &ptmpval; asn1_tlc_clear_nc(&c); - if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) - return *pval; + if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE) + ptmpval = *pval; + if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) { + if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) { + if (*pval) + ASN1_item_free(*pval, it); + *pval = ptmpval; + } + return ptmpval; + } return NULL; } @@ -180,6 +186,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -500,7 +508,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -689,7 +698,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 5f79fb0..3f7c741 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -26,11 +26,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10000140L +# define OPENSSL_VERSION_NUMBER 0x10000150L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0t-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0u-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0t-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0u-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index 298ec54..6fed4b1 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -199,6 +199,12 @@ B<*px> is valid is broken and some parts of the reused structure may persist if they are not present in the new one. As a result the use of this "reuse" behaviour is strongly discouraged. +Current versions of OpenSSL will not modify B<*px> if an error occurs. +If parsing succeeds then B<*px> is freed (if it is not NULL) and then +set to the value of the newly decoded structure. As a result B<*px> +B be allocated on the stack or an attempt will be made to +free an invalid pointer. + i2d_X509() will not return an error in many versions of OpenSSL, if mandatory fields are not initialized due to a programming error then the encoded structure may contain invalid data or omit the @@ -210,7 +216,9 @@ always succeed. d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B structure or B if an error occurs. The error code that can be obtained by -L. +L. If the "reuse" capability has been used +with a valid X509 structure being passed in via B then the object is not +modified in the event of error. i2d_X509() returns the number of bytes successfully encoded or a negative value if an error occurs. The error code can be obtained by diff --git a/openssl.spec b/openssl.spec index e282aca..a45c687 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.0t +Version: 1.0.0u Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries From matt at openssl.org Thu Dec 3 15:35:28 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:35:28 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1449156928.628552.18623.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 74743418dca737ff584530470c54d1a7061e7e0a (commit) via c2ef67100cd0ca2321b5f1a437abb93fc7e11e37 (commit) via 35c8d0d85fe71e41eb990655b249e398c7fd1435 (commit) via 2cdafc51f008e65b2d5263a80ad0e89e9b56c8d3 (commit) from e979e4715f3795cb59fcf46c77e7c714a184edd8 (commit) - Log ----------------------------------------------------------------- commit 74743418dca737ff584530470c54d1a7061e7e0a Author: Matt Caswell Date: Thu Dec 3 15:00:54 2015 +0000 Prepare for 0.9.8zi-dev Reviewed-by: Richard Levitte commit c2ef67100cd0ca2321b5f1a437abb93fc7e11e37 Author: Matt Caswell Date: Thu Dec 3 15:00:17 2015 +0000 Prepare for 0.9.8zh release Reviewed-by: Richard Levitte commit 35c8d0d85fe71e41eb990655b249e398c7fd1435 Author: Matt Caswell Date: Tue Dec 1 14:39:47 2015 +0000 Update CHANGES and NEWS Update the CHANGES and NEWS files for the new release. Reviewed-by: Rich Salz commit 2cdafc51f008e65b2d5263a80ad0e89e9b56c8d3 Author: Dr. Stephen Henson Date: Tue Nov 10 19:03:07 2015 +0000 Fix leak with ASN.1 combine. When parsing a combined structure pass a flag to the decode routine so on error a pointer to the parent structure is not zeroed as this will leak any additional components in the parent. This can leak memory in any application parsing PKCS#7 or CMS structures. CVE-2015-3195. Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using libFuzzer. PR#4131 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 16 +++++++++++++++- NEWS | 6 +++++- README | 2 +- crypto/asn1/tasn_dec.c | 7 +++++-- crypto/opensslv.h | 6 +++--- openssl.spec | 2 +- 6 files changed, 30 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index ed2f0ec..d3f43af 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,24 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8zg and 0.9.8zh [xx XXX xxxx] + Changes between 0.9.8zh and 0.9.8zi [xx XXX xxxx] *) + Changes between 0.9.8zg and 0.9.8zh [3 Dec 2015] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015] *) Malformed ECParameters causes infinite loop diff --git a/NEWS b/NEWS index 4ffbbab..f3130d4 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 0.9.8zg and OpenSSL 0.9.8zh [under development] + Major changes between OpenSSL 0.9.8zh and OpenSSL 0.9.8zi [under development] o + Major changes between OpenSSL 0.9.8zg and OpenSSL 0.9.8zh [3 Dec 2015] + + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015] o Malformed ECParameters causes infinite loop (CVE-2015-1788) diff --git a/README b/README index 4827753..52df8f6 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.8zh-dev + OpenSSL 0.9.8zi-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 6e4a325..91e7698 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -178,6 +178,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int otag; int ret = 0; ASN1_VALUE **pchptr, *ptmpval; + int combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; if (!pval) return 0; if (aux && aux->asn1_cb) @@ -498,7 +500,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); err: - ASN1_item_ex_free(pval, it); + if (combine == 0) + ASN1_item_ex_free(pval, it); if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); @@ -687,7 +690,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 9aadf3e..b81e308 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -26,11 +26,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x00908210L +# define OPENSSL_VERSION_NUMBER 0x00908220L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zh-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zi-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zh-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zi-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl.spec b/openssl.spec index 12e0705..0cbbd62 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 0.9.8zh +Version: 0.9.8zi Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries From matt at openssl.org Thu Dec 3 15:35:38 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:35:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8zh create Message-ID: <1449156938.123886.18946.nullmailer@dev.openssl.org> The annotated tag OpenSSL_0_9_8zh has been created at f9022119ae9267abd57e70a2b53f27925df77c39 (tag) tagging c2ef67100cd0ca2321b5f1a437abb93fc7e11e37 (commit) replaces OpenSSL_0_9_8zg tagged by Matt Caswell on Thu Dec 3 15:00:17 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 0.9.8zh release tag Dr. Stephen Henson (6): document -2 return value Don't try and parse boolean type. Typo. Limit depth of ASN1 parse printing. Fix uninitialised p error. Fix leak with ASN.1 combine. Matt Caswell (5): Prepare for 0.9.8zh-dev Fix building with OPENSSL_NO_TLSEXT. Make sure OPENSSL_cleanse checks for NULL Update CHANGES and NEWS Prepare for 0.9.8zh release Rich Salz (5): Tweak README about rt and bug reporting. Move FAQ to the web. GH398: Add mingw cross-compile, etc. Remove stricts-warnings on 0.9.8 travis. Change --debug to -d for compat with old releases. Richard Levitte (8): Stop using tardy Set numeric IDs for tar as well Add emacs CC mode style for OpenSSL Add an example .dir-locals.el Remove auto-fill-mode Ignore .dir-locals.el OpenSSL 0.9.8 doesn't have support for mingw64 _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead ----------------------------------------------------------------------- From matt at openssl.org Thu Dec 3 15:35:38 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:35:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1q create Message-ID: <1449156938.246059.18979.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_1q has been created at 075c0103d9e098bb44507e552e3dc45a13b8ce0f (tag) tagging 55615e8d48a4ddd684fcbfc7ba6523ed6414c8fc (commit) replaces OpenSSL_1_0_1p tagged by Matt Caswell on Thu Dec 3 14:50:26 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.1q release tag Adam Eijdenberg (1): Clarify return values for EVP_DigestVerifyFinal. Alessandro Ghedini (11): Make BUF_strndup() read-safe on arbitrary inputs Validate ClientHello extension field length Do not treat 0 return value from BIO_get_fd() as error Replace malloc+strlcpy with strdup Fix memory leaks and other mistakes on errors Set salt length after the malloc has succeeded Fix typos Fix references to various RFCs Check memory allocation Remove useless code Add initial AppVeyor configuration Andy Polyakov (1): e_os.h: limit _MSC_VER trickery to older compilers. Ben Kaduk (1): GH367 follow-up, for more clarity David Brodski (1): Fixed problem with multiple load-unload of comp zlib David Woodhouse (1): RT3479: Add UTF8 support to BIO_read_filename() Dirk Wetter (1): GH336: Return an exit code if report fails Dr. Stephen Henson (19): Sort @sstacklst correctly. use X9.31 keygen by default in FIPS mode Err isn't always malloc failure. Fix memory leak if setup fails. Return error for unsupported modes. Update docs. Use default field separator. Check for FIPS mode after loading config. Handle SSL_ERROR_WANT_X509_LOOKUP Make SRP work with -www SRP memory leak fix Link in applink with fips_premain_dso Don't try and parse boolean type. Typo. Limit depth of ASN1 parse printing. Fix uninitialised p error. typo Fix leak with ASN.1 combine. Add PSS parameter check. Emilia Kasper (11): bntest: don't dereference the |d| array for a zero BIGNUM. BN_mod_exp_mont_consttime: check for zero modulus. RT 3493: fix RSA test RT4002: check for NULL cipher in p12_crpt.c OpenSSL 1.0.1n: add missing CHANGES entry RT3754: check for NULL pointer RT3757: base64 encoding bugs base64 decode: check for high bit BUF_strndup: tidy BUF_strdup and friends: update docs RT2772: accept empty SessionTicket Ernie Hershey (1): GH322: Fix typo in generated comment. GitHub User (1): Missing perldoc markup around < literal Graeme Perrow (1): RT32671: wrong multiple errs TS_check_status_info Gunnar Kudrjavets (1): RT3823: Improve the robustness of event logging Guy Leaver (guleaver) (1): Fix seg fault with 0 p val in SKE Hubert Kario (1): RT4051: fix ciphers man page typo Ismo Puustinen (2): GH367: Fix dsa keygen for too-short seed GH367: use random data if seed too short. Ivo Raisr (1): Make no-psk compile without warnings. Kurt Roeckx (5): d2i: don't update input pointer on failure Fix more d2i cases to properly update the input pointer Use defined(__sun) instead of defined(sun) Set reference count earlier Use both sun and __sun Loganaden Velvindron (1): Clear BN-mont values when free'ing it. Marcus Meissner (1): mark openssl configuration as loaded at end of OPENSSL_config Markus Rinne (1): RT4019: Duplicate -hmac flag in dgst.pod Martin Vejnar (1): RT3774: double-free in DSA Matt Caswell (24): Prepare for 1.0.1q-dev Add test for SSL_set_session_ticket_ext Fix SSL_set_session_ticket_ext when used with SSLv23_method Fix warning when compiling with no-ec2m Check for 0 modulus in BN_MONT_CTX_set Fix missing return value checks in SCTP Fix "make test" seg fault with SCTP enabled Fix DTLS session ticket renewal Fix building with OPENSSL_NO_TLSEXT. Fix session resumption Make sure OPENSSL_cleanse checks for NULL Fix SRP memory leaks Change functions to pass in a limit rather than calculate it Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify Clarify the preferred way of creating patch files Minor EVP_SignInit_ex doc fix Fix missing malloc return value checks Only call ssl3_init_finished_mac once for DTLS Stop DTLS servers asking for unsafe legacy renegotiation Ensure all EVP calls have their returns checked where appropriate Return errors even if the cookie validation has succeeded Update CHANGES and NEWS make update Prepare for 1.0.1q release Pascal Cuoq (4): Set flags to 0 before calling BN_with_flags() Move BN_CTX_start() call so the error case can always call BN_CTX_end(). BN_GF2m_mod_inv(): check bn_wexpand return value ssl3_free(): Return if it wasn't created Peter Waltenberg (1): Exit on error in ecparam Rich Salz (14): Revert "Missing perldoc markup around < literal" Tweak README about rt and bug reporting. Move FAQ to the web. GH372: Remove duplicate flags RT4044: Remove .cvsignore files. RT4044: Remove .cvsignore files. This undoes GH367 for non-master GH398: Add mingw cross-compile, etc. Change --debug to -d for compat with old releases. Fix typo in previous merge Fix travis build for 1.0.1 Avoid SHA1 weakness Some README and CONTRIBUTING cleanups. Fix release in README. Richard Levitte (13): Stop using tardy Set numeric IDs for tar as well Remove extra '; \' in apps/Makefile Small script to re-encode files that need it to UTF-8 Conversion to UTF-8 where needed Add new types to indent.pro Add emacs CC mode style for OpenSSL Add an example .dir-locals.el Remove auto-fill-mode Ignore .dir-locals.el When ENGINE_add finds that id or name is missing, actually return Make the match for previous cflags a bit more strict _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead Tim Zhang (1): Fix the comment for POINT_CONVERSION_UNCOMPRESSED Viktor Dukhovni (2): GH correct organizationalUnitName Fix indentation mancha (1): Fix author credit for e5c0bc6 mrpre (1): check bn_new return value ----------------------------------------------------------------------- From matt at openssl.org Thu Dec 3 15:35:38 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:35:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2e create Message-ID: <1449156938.326657.18995.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_2e has been created at d299bbd186a06e10ca1c8b12ecc24ee177a07126 (tag) tagging bfe07df40c13ea2564bb4577620180e3f4849e23 (commit) replaces OpenSSL_1_0_2d tagged by Matt Caswell on Thu Dec 3 14:44:31 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.2e release tag Adam Eijdenberg (1): Clarify return values for EVP_DigestVerifyFinal. Alessandro Ghedini (15): GH371: Print debug info for ALPN extension GH354: Memory leak fixes Add initial Travis CI configuration Make BUF_strndup() read-safe on arbitrary inputs Validate ClientHello extension field length Fix travis 1.0.2 builds Do not treat 0 return value from BIO_get_fd() as error Replace malloc+strlcpy with strdup Fix memory leaks and other mistakes on errors Set salt length after the malloc has succeeded Fix typos Fix references to various RFCs Check memory allocation Remove useless code Add initial AppVeyor configuration Andy Polyakov (10): modes/asm/ghash-armv4.pl: make it compile by clang. RT#3989 aesni-sha256-x86_64.pl: fix crash on AMD Jaguar. bn/asm/s390x.S: improve performance on z196 and z13 by up to 26%. [even z10 is couple percent faster]. Triggered by RT#4128, but solves the problem by real modulo-scheduling. bn/asm/ppc64-mont.pl: adapt for little-endian. aes/asm/vpaes-ppc.pl: eliminate overhung stores in misaligned cases. Makefile.org: add LC_ALL=C to unify error [and other] messages. x86_64 assembly pack: tune clang version detection. crypto/sparcv9cap.c: add SIGILL-free feature detection for Solaris. perlasm/ppc-xlate.pl: comply with ABIs that specify vrsave as reserved. bn/asm/x86_64-mont5.pl: fix carry propagating bug (CVE-2015-3193). Anton Blanchard (1): RT3990: Fix #include path. Ben Kaduk (1): GH367 follow-up, for more clarity David Brodski (1): Fixed problem with multiple load-unload of comp zlib David Woodhouse (2): RT3998: fix X509_check_host.pod release to 1.0.2 RT3479: Add UTF8 support to BIO_read_filename() Dirk Wetter (1): GH336: Return an exit code if report fails Dr. Stephen Henson (26): Sort @sstacklst correctly. correct example use X9.31 keygen by default in FIPS mode Err isn't always malloc failure. Fix memory leak if setup fails. Return error for unsupported modes. Documentation for SSL_check_chain() Update docs. Match SUITEB strings at start of cipher list. Use default field separator. Check for FIPS mode after loading config. Constify ECDSA_METHOD_new. Make SRP work with -www Handle SSL_ERROR_WANT_X509_LOOKUP SRP memory leak fix Link in applink with fips_premain_dso Don't try and parse boolean type. Typo. RFC5753 compliance. Fix self signed handling. Reject TLS 1.2 ciphersuites if not allowed. Limit depth of ASN1 parse printing. Fix uninitialised p error. Fix leak with ASN.1 combine. Add PSS parameter check. Add test for CVE-2015-3194 Emilia Kasper (14): rsaz_exp.h: align license with the rest of the contribution bntest: don't dereference the |d| array for a zero BIGNUM. BN_mod_exp_mont_consttime: check for zero modulus. RT 3493: fix RSA test RT4002: check for NULL cipher in p12_crpt.c Add missing CHANGES entry for 1.0.2 RT3754: check for NULL pointer RT3757: base64 encoding bugs base64 decode: check for high bit BUF_strndup: tidy BUF_strdup and friends: update docs Document BUF_strnlen RT2772: accept empty SessionTicket make depend: prefer clang over makedepend Ernie Hershey (1): GH322: Fix typo in generated comment. GitHub User (1): Missing perldoc markup around < literal Graeme Perrow (1): RT32671: wrong multiple errs TS_check_status_info Gunnar Kudrjavets (1): RT3823: Improve the robustness of event logging Guy Leaver (guleaver) (1): Fix seg fault with 0 p val in SKE Hiroyuki YAMAMORI (2): Fix DTLS1.2 buffers Fix DTLS1.2 compression Hubert Kario (1): GH351: -help text for some s_client/s_server flags Ismo Puustinen (3): GH364: Free memory on an error path GH367: Fix dsa keygen for too-short seed GH367: use random data if seed too short. Ivo Raisr (1): Make no-psk compile without warnings. John Foley (1): Use memmove instead of memcpy. Kurt Roeckx (6): d2i: don't update input pointer on failure Fix return values when adding serverinfo fails. Fix more d2i cases to properly update the input pointer Use defined(__sun) instead of defined(sun) Set reference count earlier Use both sun and __sun Loganaden Velvindron (1): Clear BN-mont values when free'ing it. Marcus Meissner (1): mark openssl configuration as loaded at end of OPENSSL_config Markus Rinne (1): RT4019: Duplicate -hmac flag in dgst.pod Martin Vejnar (1): RT3774: double-free in DSA Matt Caswell (27): Prepare for 1.0.2e-dev Add test for SSL_set_session_ticket_ext Fix SSL_set_session_ticket_ext when used with SSLv23_method Fix write failure handling in DTLS1.2 Fix warning when compiling with no-ec2m Check for 0 modulus in BN_MONT_CTX_set Fix missing return value checks in SCTP Fix "make test" seg fault with SCTP enabled Fix DTLS session ticket renewal Fix building with OPENSSL_NO_TLSEXT. Fix session resumption Make sure OPENSSL_cleanse checks for NULL Fix SRP memory leaks Change functions to pass in a limit rather than calculate it Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify Clarify the preferred way of creating patch files Minor EVP_SignInit_ex doc fix Ensure the dtls1_get_*_methods work with DTLS_ANY_VERSION Fix missing malloc return value checks Remove redundant check from tls1_get_curvelist Only call ssl3_init_finished_mac once for DTLS Stop DTLS servers asking for unsafe legacy renegotiation Ensure all EVP calls have their returns checked where appropriate Remove cookie validation return value trick Update CHANGES and NEWS make update Prepare for 1.0.2e release Nicholas Cooper (1): RT3959: Fix misleading comment Pascal Cuoq (5): Set flags to 0 before calling BN_with_flags() Properly check return type of DH_compute_key() Move BN_CTX_start() call so the error case can always call BN_CTX_end(). BN_GF2m_mod_inv(): check bn_wexpand return value ssl3_free(): Return if it wasn't created Peter Mosmans (1): RT3346: Fix test_bn regexp for Windows using MSYS. Peter Waltenberg (1): Exit on error in ecparam Rich Salz (19): Revert "Missing perldoc markup around < literal" Tweak README about rt and bug reporting. Various doc fixes from GH pull requests Fix 1.0.2 build break Move FAQ to the web. GH345: Remove stderr output GH372: Remove duplicate flags Remove the "times" directory. RT3767: openssl_button.gif should be PNG Remove bogus CHANGES entries RT4044: Remove .cvsignore files. RT4044: Remove .cvsignore files. This undoes GH367 for non-master GH398: Add mingw cross-compile, etc. Change --debug to -d for compat with old releases. Fix typo in previous merge. Various README and CONTRIBUTING updates Fix release in README Fix README version typo Richard Levitte (14): Stop using tardy Set numeric IDs for tar as well Remove extra '; \' in apps/Makefile Small script to re-encode files that need it to UTF-8 Conversion to UTF-8 where needed Add new types to indent.pro Add emacs CC mode style for OpenSSL Add an example .dir-locals.el Remove auto-fill-mode Ignore .dir-locals.el When ENGINE_add finds that id or name is missing, actually return Make the match for previous cflags a bit more strict _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead Add cleanup of *.s Tim Zhang (1): Fix the comment for POINT_CONVERSION_UNCOMPRESSED Viktor Dukhovni (5): GH correct organizationalUnitName Better handling of verify param id peername field Cleaner handling of "cnid" in do_x509_check Fix indentation Good hygiene with size_t output argument. mancha (1): Fix author credit for e5c0bc6 mrpre (1): check bn_new return value ----------------------------------------------------------------------- From matt at openssl.org Thu Dec 3 15:35:38 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:35:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0t create Message-ID: <1449156938.179222.18963.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_0_0t has been created at 07ecb6190a68fa9aeefc64ec510b3244ac9f4e7a (tag) tagging ce052c8437fb97cbc57f034fa94b5bcd749dbf52 (commit) replaces OpenSSL_1_0_0s tagged by Matt Caswell on Thu Dec 3 14:56:22 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.0t release tag Dirk Wetter (1): GH336: Return an exit code if report fails Dr. Stephen Henson (11): Don't output bogus errors in PKCS12_parse Fix PSK handling. document -2 return value Sort @sstacklst correctly. Use default field separator. Don't try and parse boolean type. Typo. Limit depth of ASN1 parse printing. Fix uninitialised p error. Fix leak with ASN.1 combine. Free up passed ASN.1 structure if reused. Ismo Puustinen (1): GH367: use random data if seed too short. Ivo Raisr (1): Make no-psk compile without warnings. Loganaden Velvindron (1): Clear BN-mont values when free'ing it. Martin Vejnar (1): RT3774: double-free in DSA Matt Caswell (5): Prepare for 1.0.0t-dev Fix building with OPENSSL_NO_TLSEXT. Make sure OPENSSL_cleanse checks for NULL Update CHANGES and NEWS Prepare for 1.0.0t release Rich Salz (5): Tweak README about rt and bug reporting. Move FAQ to the web. GH398: Add mingw cross-compile, etc. Remove stricts-warnings on 1.0.0 travis. Change --debug to -d for compat with old releases. Richard Levitte (10): Remove one extraneous parenthesis Make preprocessor error into real preprocessor error Stop using tardy Set numeric IDs for tar as well Remove extra '; \' in apps/Makefile Add emacs CC mode style for OpenSSL Add an example .dir-locals.el Remove auto-fill-mode Ignore .dir-locals.el _BSD_SOURCE is deprecated, use _DEFAULT_SOURCE instead ----------------------------------------------------------------------- From matt at openssl.org Thu Dec 3 15:35:54 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Dec 2015 15:35:54 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449156954.716695.19206.nullmailer@dev.openssl.org> The branch master has been updated via fda590f8c6af8c40f522e3f62a67b6b5f39f5dde (commit) from 76e25ea3709538ce2b534e6bde4f897942146e93 (commit) - Log ----------------------------------------------------------------- commit fda590f8c6af8c40f522e3f62a67b6b5f39f5dde Author: Matt Caswell Date: Thu Dec 3 15:29:34 2015 +0000 Add release and vulnerabilities information to website for release ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 5 ++ news/secadv/20151203.txt | 123 +++++++++++++++++++++++++++ news/vulnerabilities.xml | 214 ++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 341 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20151203.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 44b973c..cf51a94 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,11 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +03-Dec-2015: Security Advisory: four security fixes +03-Dec-2015: OpenSSL 1.0.2e is now available, including bug and security fixes +03-Dec-2015: OpenSSL 1.0.1q is now available, including bug and security fixes +03-Dec-2015: OpenSSL 1.0.0t is now available, including bug and security fixes +03-Dec-2015: OpenSSL 0.9.8zh is now available, including bug and security fixes 09-Jul-2015: Security Advisory: one security fix 09-Jul-2015: OpenSSL 1.0.2d is now available, including bug and security fixes 09-Jul-2015: OpenSSL 1.0.1p is now available, including bug and security fixes diff --git a/news/secadv/20151203.txt b/news/secadv/20151203.txt new file mode 100644 index 0000000..44051a2 --- /dev/null +++ b/news/secadv/20151203.txt @@ -0,0 +1,123 @@ +OpenSSL Security Advisory [3 Dec 2015] +======================================= + +NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE +0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS +PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. + +BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) +================================================================== + +Severity: Moderate + +There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No +EC algorithms are affected. Analysis suggests that attacks against RSA and DSA +as a result of this defect would be very difficult to perform and are not +believed likely. Attacks against DH are considered just feasible (although very +difficult) because most of the work necessary to deduce information +about a private key may be performed offline. The amount of resources +required for such an attack would be very significant and likely only +accessible to a limited number of attackers. An attacker would +additionally need online access to an unpatched system using the target +private key in a scenario with persistent DH parameters and a private +key that is shared between multiple clients. For example this can occur by +default in OpenSSL DHE based SSL/TLS ciphersuites. + +This issue affects OpenSSL version 1.0.2. + +OpenSSL 1.0.2 users should upgrade to 1.0.2e + +This issue was reported to OpenSSL on August 13 2015 by Hanno +B?ck. The fix was developed by Andy Polyakov of the OpenSSL +development team. + +Certificate verify crash with missing PSS parameter (CVE-2015-3194) +=================================================================== + +Severity: Moderate + +The signature verification routines will crash with a NULL pointer dereference +if presented with an ASN.1 signature using the RSA PSS algorithm and absent +mask generation function parameter. Since these routines are used to verify +certificate signature algorithms this can be used to crash any certificate +verification operation and exploited in a DoS attack. Any application which +performs certificate verification is vulnerable including OpenSSL clients and +servers which enable client authentication. + +This issue affects OpenSSL versions 1.0.2 and 1.0.1. + +OpenSSL 1.0.2 users should upgrade to 1.0.2e +OpenSSL 1.0.1 users should upgrade to 1.0.1q + +This issue was reported to OpenSSL on August 27 2015 by Lo?c Jonas Etienne +(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL +development team. + +X509_ATTRIBUTE memory leak (CVE-2015-3195) +========================================== + +Severity: Moderate + +When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak +memory. This structure is used by the PKCS#7 and CMS routines so any +application which reads PKCS#7 or CMS data from untrusted sources is affected. +SSL/TLS is not affected. + +This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2e +OpenSSL 1.0.1 users should upgrade to 1.0.1q +OpenSSL 1.0.0 users should upgrade to 1.0.0t +OpenSSL 0.9.8 users should upgrade to 0.9.8zh + +This issue was reported to OpenSSL on November 9 2015 by Adam Langley +(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen +Henson of the OpenSSL development team. + +Race condition handling PSK identify hint (CVE-2015-3196) +========================================================= + +Severity: Low + +If PSK identity hints are received by a multi-threaded client then +the values are wrongly updated in the parent SSL_CTX structure. This can +result in a race condition potentially leading to a double free of the +identify hint data. + +This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously +listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 +and has not been previously fixed in an OpenSSL 1.0.0 release. + +OpenSSL 1.0.2 users should upgrade to 1.0.2d +OpenSSL 1.0.1 users should upgrade to 1.0.1p +OpenSSL 1.0.0 users should upgrade to 1.0.0t + +The fix for this issue can be identified in the OpenSSL git repository by commit +ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0). + +The fix was developed by Dr. Stephen Henson of the OpenSSL development team. + +Note +==== + +As per our previous announcements and our Release Strategy +(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions +1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these +versions will be provided after that date. In the absence of significant +security issues being identified prior to that date, the 1.0.0t and 0.9.8zh +releases will be the last for those versions. Users of these versions are +advised to upgrade. + + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20151203.txt + +Note: the online version of the advisory may be updated with additional +details over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/about/secpolicy.html + diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 8dbb358..b2629d7 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -5,7 +5,219 @@ 1.0.0 on 20100329 --> - + + + + + + + + + + + + There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No + EC algorithms are affected. Analysis suggests that attacks against RSA and DSA + as a result of this defect would be very difficult to perform and are not + believed likely. Attacks against DH are considered just feasible (although very + difficult) because most of the work necessary to deduce information + about a private key may be performed offline. The amount of resources + required for such an attack would be very significant and likely only + accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The signature verification routines will crash with a NULL pointer dereference + if presented with an ASN.1 signature using the RSA PSS algorithm and absent + mask generation function parameter. Since these routines are used to verify + certificate signature algorithms this can be used to crash any certificate + verification operation and exploited in a DoS attack. Any application which + performs certificate verification is vulnerable including OpenSSL clients and + servers which enable client authentication. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is affected. + SSL/TLS is not affected. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + If PSK identity hints are received by a multi-threaded client then + the values are wrongly updated in the parent SSL_CTX structure. This can + result in a race condition potentially leading to a double free of the + identify hint data. + + + + + From levitte at openssl.org Thu Dec 3 16:11:45 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Dec 2015 16:11:45 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449159105.632662.9020.nullmailer@dev.openssl.org> The branch master has been updated via b954344e5f61310b12c50e5042bff7af512b4457 (commit) from fda590f8c6af8c40f522e3f62a67b6b5f39f5dde (commit) - Log ----------------------------------------------------------------- commit b954344e5f61310b12c50e5042bff7af512b4457 Author: Richard Levitte Date: Thu Dec 3 17:11:38 2015 +0100 Make sure to redirect the old release notes ----------------------------------------------------------------------- Summary of changes: news/.htaccess | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/news/.htaccess b/news/.htaccess index 6c8fb10..9ca8d84 100644 --- a/news/.htaccess +++ b/news/.htaccess @@ -1,3 +1,8 @@ +Redirect permanent /news/openssl-0.9.8-notes.html /news/cl098.txt +Redirect permanent /news/openssl-1.0.0-notes.html /news/cl100.txt +Redirect permanent /news/openssl-1.0.1-notes.html /news/cl101.txt +Redirect permanent /news/openssl-1.0.2-notes.html /news/cl102.txt + RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteRule secadv_(.*) /news/secadv/$1 [L,R=302,NC] From levitte at openssl.org Thu Dec 3 18:04:40 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Dec 2015 18:04:40 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449165880.844001.10398.nullmailer@dev.openssl.org> The branch master has been updated via eebadc3b6b3ac68cc9bbe03cdc814f2c9d02486a (commit) from b954344e5f61310b12c50e5042bff7af512b4457 (commit) - Log ----------------------------------------------------------------- commit eebadc3b6b3ac68cc9bbe03cdc814f2c9d02486a Author: Richard Levitte Date: Thu Dec 3 19:04:36 2015 +0100 Fixup mk-latest ----------------------------------------------------------------------- Summary of changes: bin/mk-latest | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/mk-latest b/bin/mk-latest index 14f586f..2759297 100755 --- a/bin/mk-latest +++ b/bin/mk-latest @@ -34,15 +34,15 @@ print <<\EOF # Old distro's are in subdirs. RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule (openssl-0\.9\.8.*) old/0.9.x/$1 [L] +RewriteRule ^(openssl-0\.9\.8.*) old/0.9.x/$1 [L] RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L] +RewriteRule ^openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L] RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule openssl-(1\.0\.1.*) old/1.0.1/openssl-$1 [L] +RewriteRule ^openssl-(1\.0\.1.*) old/1.0.1/openssl-$1 [L] RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule openssl-(1\.0\.2.*) old/1.0.1/openssl-$1 [L] +RewriteRule ^openssl-(1\.0\.2.*) old/1.0.1/openssl-$1 [L] RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule openssl-(fips.*) old/fips/openssl-$1 [L] +RewriteRule ^openssl-(fips.*) old/fips/openssl-$1 [L] RemoveEncoding .gz From no-reply at appveyor.com Thu Dec 3 18:39:40 2015 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 03 Dec 2015 18:39:40 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_0_1-stable.77 Message-ID: <20151203183933.17885.17924@appveyor.com> An HTML attachment was scrubbed... URL: From rsalz at openssl.org Thu Dec 3 19:20:02 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 03 Dec 2015 19:20:02 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449170402.337501.19950.nullmailer@dev.openssl.org> The branch master has been updated via 8fa5106fbbdebe56eab4784a5c14bce8f8676d6d (commit) from eebadc3b6b3ac68cc9bbe03cdc814f2c9d02486a (commit) - Log ----------------------------------------------------------------- commit 8fa5106fbbdebe56eab4784a5c14bce8f8676d6d Author: Rich Salz Date: Thu Dec 3 14:19:50 2015 -0500 redirect /license to policies/cla ----------------------------------------------------------------------- Summary of changes: .htaccess | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.htaccess b/.htaccess index 803ad34..74aa4f3 100644 --- a/.htaccess +++ b/.htaccess @@ -6,6 +6,8 @@ Redirect permanent /about/releasestrat.html /policies/releasestrat.html Redirect permanent /licenses/openssl_ccla.pdf /policies/openssl_ccla.pdf Redirect permanent /licenses/openssl_icla.pdf /policies/openssl_icla.pdf Redirect permanent /support/faq.html /docs/faq.html +Redirect permanent /licenses /policies/cla.html +Redirect permanent /licenses/ /policies/cla.html ForceType application/binary From levitte at openssl.org Thu Dec 3 20:26:12 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Dec 2015 20:26:12 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449174372.865498.15719.nullmailer@dev.openssl.org> The branch master has been updated via 10ac045c44c14a807dc5c257417e3c4839c5961c (commit) from 8fa5106fbbdebe56eab4784a5c14bce8f8676d6d (commit) - Log ----------------------------------------------------------------- commit 10ac045c44c14a807dc5c257417e3c4839c5961c Author: Richard Levitte Date: Thu Dec 3 21:26:10 2015 +0100 Remove source/.htaccess from versioning since it's generated ----------------------------------------------------------------------- Summary of changes: source/.htaccess | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 source/.htaccess diff --git a/source/.htaccess b/source/.htaccess deleted file mode 100644 index 6a2766d..0000000 --- a/source/.htaccess +++ /dev/null @@ -1,30 +0,0 @@ -RewriteEngine on -RewriteBase /source -# First, rewrite all the 'latest' URLs -RewriteRule ^latest.tar.gz$ openssl-1.0.2d.tar.gz [L,R=302,NC] -RewriteRule ^openssl-0.9.8-latest.tar.gz$ openssl-0.9.8zg.tar.gz [L,R=302,NC] -RewriteRule ^openssl-1.0.0-latest.tar.gz$ openssl-1.0.0s.tar.gz [L,R=302,NC] -RewriteRule ^openssl-1.0.1-latest.tar.gz$ openssl-1.0.1p.tar.gz [L,R=302,NC] -RewriteRule ^openssl-1.0.2-latest.tar.gz$ openssl-1.0.2d.tar.gz [L,R=302,NC] - -# Old distro's are in subdirs. -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^(openssl-0\.9\.8.*) old/0.9.x/$1 [L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^openssl-(1\.0\.0.*) old/1.0.0/openssl-$1 [L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^openssl-(1\.0\.1.*) old/1.0.1/openssl-$1 [L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^openssl-(1\.0\.2.*) old/1.0.1/openssl-$1 [L] -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^openssl-(fips.*) old/fips/openssl-$1 [L] - - - RemoveEncoding .gz - - - RemoveEncoding .gz - - - RemoveEncoding .gz - From no-reply at appveyor.com Thu Dec 3 21:17:24 2015 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 03 Dec 2015 21:17:24 +0000 Subject: [openssl-commits] Build completed: openssl master.78 Message-ID: <20151203211723.29968.57321@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Dec 3 22:04:21 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Dec 2015 22:04:21 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449180261.090764.17328.nullmailer@dev.openssl.org> The branch master has been updated via 49266e288ce2698587c44205ac75b85f4d6da7cc (commit) via ac20fc67b72cf661dd2ae574b2e14d459c7a9f3f (commit) via 39a259dbd009b9167d8a1373c7df12e11e839cb7 (commit) from 10ac045c44c14a807dc5c257417e3c4839c5961c (commit) - Log ----------------------------------------------------------------- commit 49266e288ce2698587c44205ac75b85f4d6da7cc Author: Richard Levitte Date: Thu Dec 3 23:03:39 2015 +0100 Add release notes generator commit ac20fc67b72cf661dd2ae574b2e14d459c7a9f3f Author: Richard Levitte Date: Thu Dec 3 23:01:32 2015 +0100 Ignore source/.htacces since it's generated commit 39a259dbd009b9167d8a1373c7df12e11e839cb7 Author: Richard Levitte Date: Thu Dec 3 22:58:59 2015 +0100 Add dependencies, so make has a chance to determine if there's work to do ----------------------------------------------------------------------- Summary of changes: .gitignore | 3 ++ Makefile | 41 ++++++++++++++++++----- bin/mk-notes | 39 +++++++++++++++++++++ source/license.html => news/openssl-notes.html.in | 25 ++++++++------ 4 files changed, 89 insertions(+), 19 deletions(-) create mode 100755 bin/mk-notes copy source/license.html => news/openssl-notes.html.in (52%) diff --git a/.gitignore b/.gitignore index f99f40b..e37e39d 100644 --- a/.gitignore +++ b/.gitignore @@ -15,9 +15,12 @@ news/changelog.txt news/newsflash.inc news/cl*.txt news/vulnerabilities.inc +news/openssl-*-notes.html +news/openssl-*-notes.inc newsflash.inc source/*.gz* source/*.patch +source/.htaccess source/index.inc source/license.txt source/old/*/*.patch diff --git a/Makefile b/Makefile index 6df8a09..3e10b5e 100644 --- a/Makefile +++ b/Makefile @@ -90,6 +90,31 @@ news/cl102.txt: $(CHECKOUTS)/openssl-1.0.2-stable/CHANGES @rm -f $@ cp $? $@ +news/openssl-0.9.8-notes.html: news/openssl-notes.html.in + @rm -f $@ + sed -e 's|@VERSION@|0.9.8|g' < $< > $@ +news/openssl-1.0.0-notes.html: news/openssl-notes.html.in + @rm -f $@ + sed -e 's|@VERSION@|1.0.0|g' < $< > $@ +news/openssl-1.0.1-notes.html: news/openssl-notes.html.in + @rm -f $@ + sed -e 's|@VERSION@|1.0.1|g' < $< > $@ +news/openssl-1.0.2-notes.html: news/openssl-notes.html.in + @rm -f $@ + sed -e 's|@VERSION@|1.0.2|g' < $< > $@ +news/openssl-0.9.8-notes.inc: $(CHECKOUTS)/openssl-0.9.8-stable/NEWS news/openssl-0.9.8-notes.html + @rm -f $@ + ./bin/mk-notes 0.9.8 < $(CHECKOUTS)/openssl-0.9.8-stable/NEWS > $@ +news/openssl-1.0.0-notes.inc: $(CHECKOUTS)/openssl-1.0.0-stable/NEWS news/openssl-1.0.0-notes.html + @rm -f $@ + ./bin/mk-notes 1.0.0 < $(CHECKOUTS)/openssl-1.0.0-stable/NEWS > $@ +news/openssl-1.0.1-notes.inc: $(CHECKOUTS)/openssl-1.0.1-stable/NEWS news/openssl-1.0.1-notes.html + @rm -f $@ + ./bin/mk-notes 1.0.1 < $(CHECKOUTS)/openssl-1.0.1-stable/NEWS > $@ +news/openssl-1.0.2-notes.inc: $(CHECKOUTS)/openssl-1.0.2-stable/NEWS news/openssl-1.0.2-notes.html + @rm -f $@ + ./bin/mk-notes 1.0.2 < $(CHECKOUTS)/openssl-1.0.2-stable/NEWS > $@ + news/newsflash.inc: news/newsflash.txt sed <$? >$@ \ -e '/^#/d' \ @@ -103,32 +128,32 @@ news/vulnerabilities.inc: bin/vulnerabilities.xsl news/vulnerabilities.xml docs/faq.inc: docs/faq.txt @rm -f $@ ./bin/mk-faq <$? >$@ -docs/fips.inc: +docs/fips.inc: $(wildcard docs/fips/*) @rm -f $@ ./bin/mk-filelist docs/fips fips/ '*' >$@ -source/.htaccess: +source/.htaccess: $(wildcard source/openssl-*.tar.gz) @rm -f @? ./bin/mk-latest source >$@ source/license.txt: $(SNAP)/LICENSE @rm -f $@ cp $? $@ -source/index.inc: +source/index.inc: $(wildcard $(RELEASEDIR)/openssl-*.tar.gz) @rm -f $@ ./bin/mk-filelist -a $(RELEASEDIR) '' 'openssl-*.tar.gz' >$@ -source/old/0.9.x/index.inc: +source/old/0.9.x/index.inc: $(wildcard source/old/0.9.x/*.gz) @rm -f $@ ./bin/mk-filelist source/old/0.9.x '' '*.gz' >$@ -source/old/1.0.0/index.inc: +source/old/1.0.0/index.inc: $(wildcard source/old/1.0.0/*.gz) @rm -f $@ ./bin/mk-filelist source/old/1.0.0 '' '*.gz' >$@ -source/old/1.0.1/index.inc: +source/old/1.0.1/index.inc: $(wildcard source/old/1.0.1/*.gz) @rm -f $@ ./bin/mk-filelist source/old/1.0.1 '' '*.gz' >$@ -source/old/1.0.2/index.inc: +source/old/1.0.2/index.inc: $(wildcard source/old/1.0.2/*.gz) @rm -f $@ ./bin/mk-filelist source/old/1.0.2 '' '*.gz' >$@ -source/old/fips/index.inc: +source/old/fips/index.inc: $(wildcard source/old/fips/*.gz) @rm -f $@ ./bin/mk-filelist source/old/fips '' '*.gz' >$@ diff --git a/bin/mk-notes b/bin/mk-notes new file mode 100755 index 0000000..7738c6b --- /dev/null +++ b/bin/mk-notes @@ -0,0 +1,39 @@ +#! /usr/bin/perl -w +use strict; + +my $SERIES = shift @ARGV; +die "Missing series argument" if (! $SERIES); + +my $copy = 0; +my $in_ul = 0; +while ( ) { + chomp; + if (/^\s*(Major changes between|Known issues in).*(\d+\.\d+\.\d+)\D.*\[\d+\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s\d+\]:?$/) { + if ($in_ul) { + print "\n"; + $in_ul = 0; + } + if ($2 eq $SERIES) { + print "

"; + print; + print "

\n"; + $copy = 1; + next; + } elsif ($copy) { + last; + } + } + if ($copy) { + # HTML entities. + s|&|&|sg; + s|<|<|sg; + s|>|>|sg; + if (s/^\s+o\s+/
  • / && !$in_ul) { + print ""; diff --git a/source/license.html b/news/openssl-notes.html.in similarity index 52% copy from source/license.html copy to news/openssl-notes.html.in index a2ce2e4..1376da6 100644 --- a/source/license.html +++ b/news/openssl-notes.html.in @@ -9,23 +9,24 @@
    -

    License

    +

    OpenSSL @VERSION@ Series Release Notes

    - This is a copy of the current LICENSE file from - the main repository. - The plain-text document version of this document is available - here: - license.txt + The major changes and known issues for the @VERSION@ branch + of the OpenSSL toolkit are summarised below. The contents + reflect the current state of the NEWS file inside + the git repository.

    -
    -	    
    -	    
    + +

    + More details can be found in the ChangeLog. +

    + +
    @@ -36,3 +37,5 @@ + + From levitte at openssl.org Thu Dec 3 22:11:03 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Dec 2015 22:11:03 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449180663.793381.20810.nullmailer@dev.openssl.org> The branch master has been updated via c48eda367ad21b7c1f00d104915632a2f46b86b8 (commit) from 49266e288ce2698587c44205ac75b85f4d6da7cc (commit) - Log ----------------------------------------------------------------- commit c48eda367ad21b7c1f00d104915632a2f46b86b8 Author: Richard Levitte Date: Thu Dec 3 23:10:51 2015 +0100 After having verified that the notes are properly built, let's let things go wild ----------------------------------------------------------------------- Summary of changes: Makefile | 2 ++ news/.htaccess | 5 ----- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 3e10b5e..03f1292 100644 --- a/Makefile +++ b/Makefile @@ -14,6 +14,8 @@ SIMPLE = newsflash.inc sitemap.txt \ docs/faq.inc docs/fips.inc \ news/changelog.inc news/changelog.txt \ news/cl098.txt news/cl100.txt news/cl101.txt news/cl102.txt \ + news/openssl-0.9.8-notes.inc news/openssl-1.0.0-notes.inc \ + news/openssl-1.0.1-notes.inc news/openssl-1.0.2-notes.inc \ news/newsflash.inc \ news/vulnerabilities.inc \ source/.htaccess \ diff --git a/news/.htaccess b/news/.htaccess index 9ca8d84..6c8fb10 100644 --- a/news/.htaccess +++ b/news/.htaccess @@ -1,8 +1,3 @@ -Redirect permanent /news/openssl-0.9.8-notes.html /news/cl098.txt -Redirect permanent /news/openssl-1.0.0-notes.html /news/cl100.txt -Redirect permanent /news/openssl-1.0.1-notes.html /news/cl101.txt -Redirect permanent /news/openssl-1.0.2-notes.html /news/cl102.txt - RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteRule secadv_(.*) /news/secadv/$1 [L,R=302,NC] From no-reply at appveyor.com Fri Dec 4 03:51:06 2015 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 04 Dec 2015 03:51:06 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.81 Message-ID: <20151204035105.61849.48028@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Dec 4 06:08:05 2015 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 04 Dec 2015 06:08:05 +0000 Subject: [openssl-commits] Build failed: openssl master.82 Message-ID: <20151204060805.29609.90865@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Dec 4 08:31:23 2015 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 04 Dec 2015 08:31:23 +0000 Subject: [openssl-commits] Build completed: openssl master.83 Message-ID: <20151204083122.4088.85584@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Dec 4 10:20:59 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 Dec 2015 10:20:59 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449224459.468273.3926.nullmailer@dev.openssl.org> The branch master has been updated via 1a3906055598e138b7a565567e5ecf0457d0092a (commit) from c48eda367ad21b7c1f00d104915632a2f46b86b8 (commit) - Log ----------------------------------------------------------------- commit 1a3906055598e138b7a565567e5ecf0457d0092a Author: Richard Levitte Date: Fri Dec 4 11:20:52 2015 +0100 make sure indexes of old source tarballs always get generated ----------------------------------------------------------------------- Summary of changes: Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Makefile b/Makefile index 03f1292..d395154 100644 --- a/Makefile +++ b/Makefile @@ -159,3 +159,11 @@ source/old/1.0.2/index.inc: $(wildcard source/old/1.0.2/*.gz) source/old/fips/index.inc: $(wildcard source/old/fips/*.gz) @rm -f $@ ./bin/mk-filelist source/old/fips '' '*.gz' >$@ + +# Because these the indexes of old tarballs will inevitably be newer +# than the tarballs that are moved into their respective directory, +# we must declare them phony, or they will not be regenerated when +# they should. +.PHONY : source/old/0.9.x/index.inc source/old/1.0.0/index.inc \ + source/old/1.0.1/index.inc source/old/1.0.2/index.inc \ + source/old/fips/index.inc From matt at openssl.org Fri Dec 4 14:36:20 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 04 Dec 2015 14:36:20 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449239780.306579.10636.nullmailer@dev.openssl.org> The branch master has been updated via fcace5ea8033431af48292d859b0c23157c5bd3c (commit) from 1a3906055598e138b7a565567e5ecf0457d0092a (commit) - Log ----------------------------------------------------------------- commit fcace5ea8033431af48292d859b0c23157c5bd3c Author: Matt Caswell Date: Fri Dec 4 14:30:05 2015 +0000 Updated security advisory added ----------------------------------------------------------------------- Summary of changes: news/secadv/20151203.txt | 24 ++++++++++++++++++++++-- news/vulnerabilities.xml | 17 +++++++++++++++++ 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/news/secadv/20151203.txt b/news/secadv/20151203.txt index 44051a2..b1d0bb9 100644 --- a/news/secadv/20151203.txt +++ b/news/secadv/20151203.txt @@ -1,5 +1,9 @@ -OpenSSL Security Advisory [3 Dec 2015] -======================================= +OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015] +============================================================= + +[Updated 4 Dec 2015]: This advisory has been updated to include the details of +CVE-2015-1794, a Low severity issue affecting OpenSSL 1.0.2 which had a fix +included in the released packages but was missed from the advisory text. NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS @@ -97,6 +101,22 @@ ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. +Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794) +============================================================ + +Severity: Low + +If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with +the value of p set to 0 then a seg fault can occur leading to a possible denial +of service attack. + +This issue affects OpenSSL version 1.0.2. + +OpenSSL 1.0.2 users should upgrade to 1.0.2e + +This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The +fix was developed by Matt Caswell of the OpenSSL development team. + Note ==== diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index b2629d7..c8d7895 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -6,6 +6,23 @@ --> + + + + + + + + + + + If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with + the value of p set to 0 then a seg fault can occur leading to a possible denial + of service attack. + + + + From builds at travis-ci.org Fri Dec 4 15:59:32 2015 From: builds at travis-ci.org (Travis CI) Date: Fri, 04 Dec 2015 15:59:32 +0000 Subject: [openssl-commits] Failed: crypto-org-ua/openssl-ua#5 (OpenSSL_1_0_2-stable - 08ef6fd) In-Reply-To: Message-ID: <5661b8646858c_33fcf6419eb8c138638@db939808-748a-4e29-b5b8-0a386f3d898a.mail> Build Update for crypto-org-ua/openssl-ua ------------------------------------- Build: #5 Status: Failed Duration: 1 minute and 50 seconds Commit: 08ef6fd (OpenSSL_1_0_2-stable) Author: Ignat Korchagin Message: Merge remote-tracking branch 'upstream/OpenSSL_1_0_2-stable' into OpenSSL_1_0_2-stable View the changeset: https://github.com/crypto-org-ua/openssl-ua/compare/1525f7d243ad...08ef6fd7cb58 View the full build log and details: https://travis-ci.org/crypto-org-ua/openssl-ua/builds/94898234 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Dec 4 16:36:34 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 Dec 2015 16:36:34 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449246994.932059.17595.nullmailer@dev.openssl.org> The branch master has been updated via f6e9c5533101066b2c759986ae8694c0f1926735 (commit) from 29851264f11ccc70c6c0140d7e3d8d93ef5c9b11 (commit) - Log ----------------------------------------------------------------- commit f6e9c5533101066b2c759986ae8694c0f1926735 Author: Richard Levitte Date: Fri Dec 4 17:27:54 2015 +0100 Run test/run_tests.pl directly in the test_ordinals target Running 'make TEST=test_ordinals test' starts the whole build process, which wasn't desired for this target. Instead, we take a shortcut. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index 08c7000..4ad6bf6 100644 --- a/Makefile.org +++ b/Makefile.org @@ -437,7 +437,7 @@ rehash.time: certs apps test: tests test_ordinals: - $(MAKE) TESTS=test_ordinals test + TOP=$(TOP) PERL=$(PERL) $(PERL) test/run_tests.pl test_ordinals tests: rehash @(cd test && echo "testing..." && \ From viktor at openssl.org Fri Dec 4 18:59:26 2015 From: viktor at openssl.org (Viktor Dukhovni) Date: Fri, 04 Dec 2015 18:59:26 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449255566.154477.16881.nullmailer@dev.openssl.org> The branch master has been updated via 1c86d8fd41458d35736ef5b04d7a76cbcf1a274c (commit) from f6e9c5533101066b2c759986ae8694c0f1926735 (commit) - Log ----------------------------------------------------------------- commit 1c86d8fd41458d35736ef5b04d7a76cbcf1a274c Author: Viktor Dukhovni Date: Fri Dec 4 00:27:47 2015 -0500 Revert unnecessary SSL_CIPHER_get_bits API change Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 2 +- ssl/ssl_ciph.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e3072e7..2f3f514 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1391,7 +1391,7 @@ __owur int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -__owur int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits); +__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); __owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); __owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 58fd1fa..58acec4 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1864,14 +1864,14 @@ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) } /* number of bits for symmetric cipher */ -int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits) +int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) { - int32_t ret = 0; + int ret = 0; if (c != NULL) { if (alg_bits != NULL) - *alg_bits = c->alg_bits; - ret = c->strength_bits; + *alg_bits = (int) c->alg_bits; + ret = (int) c->strength_bits; } return ret; } From matt at openssl.org Fri Dec 4 20:28:41 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 04 Dec 2015 20:28:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449260921.754153.28053.nullmailer@dev.openssl.org> The branch master has been updated via ad3819c29ed91ee31ebc806939e6104970694811 (commit) from 1c86d8fd41458d35736ef5b04d7a76cbcf1a274c (commit) - Log ----------------------------------------------------------------- commit ad3819c29ed91ee31ebc806939e6104970694811 Author: Matt Caswell Date: Fri Dec 4 10:18:01 2015 +0000 Fix EAP FAST in the new state machine The new state machine code missed an allowed transition when resuming a session via EAP FAST. This commits adds the missing check for the transition. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_clnt.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 527101b..b49f498 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -283,6 +283,19 @@ int ossl_statem_client_read_transition(SSL *s, int mt) if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) { st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST; return 1; + } else if (s->version >= TLS1_VERSION + && s->tls_session_secret_cb != NULL + && s->session->tlsext_tick != NULL + && mt == SSL3_MT_CHANGE_CIPHER_SPEC) { + /* + * Normally, we can tell if the server is resuming the session + * from the session ID. EAP-FAST (RFC 4851), however, relies on + * the next server message after the ServerHello to determine if + * the server is resuming. + */ + s->hit = 1; + st->hand_state = TLS_ST_CR_CHANGE; + return 1; } else if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) { if (mt == SSL3_MT_CERTIFICATE) { From kurt at openssl.org Fri Dec 4 21:37:58 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Fri, 04 Dec 2015 21:37:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449265078.856325.17474.nullmailer@dev.openssl.org> The branch master has been updated via fe6ef2472db933f01b59cad82aa925736935984b (commit) via 6977e8ee4a718a76351ba5275a9f0be4e530eab5 (commit) via 6f78b9e824c053d062188578635c575017b587c5 (commit) from ad3819c29ed91ee31ebc806939e6104970694811 (commit) - Log ----------------------------------------------------------------- commit fe6ef2472db933f01b59cad82aa925736935984b Author: Kurt Roeckx Date: Fri Dec 4 22:30:36 2015 +0100 Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH Reviewed-by: Dr. Stephen Henson commit 6977e8ee4a718a76351ba5275a9f0be4e530eab5 Author: Kurt Roeckx Date: Fri Dec 4 22:25:11 2015 +0100 Make SSL_{CTX}_set_tmp_ecdh() call SSL_{CTX_}set1_curves() SSL_{CTX}_set_tmp_ecdh() allows to set 1 EC curve and then tries to use it. On the other hand SSL_{CTX_}set1_curves() allows you to set a list of curves, but only when SSL_{CTX_}set_ecdh_auto() was called to turn it on. Reviewed-by: Dr. Stephen Henson commit 6f78b9e824c053d062188578635c575017b587c5 Author: Kurt Roeckx Date: Fri Dec 4 22:22:31 2015 +0100 Remove support for SSL_{CTX_}set_tmp_ecdh_callback(). This only gets used to set a specific curve without actually checking that the peer supports it or not and can therefor result in handshake failures that can be avoided by selecting a different cipher. Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 13 ++++++ doc/ssl/SSL_CTX_set1_curves.pod | 28 ++----------- include/openssl/ssl.h | 14 ------- ssl/s3_lib.c | 89 ++++++++++++----------------------------- ssl/ssl_cert.c | 15 ------- ssl/ssl_ciph.c | 2 - ssl/ssl_conf.c | 57 ++++++++------------------ ssl/ssl_lib.c | 32 +++------------ ssl/ssl_locl.h | 7 ---- ssl/statem/statem_srvr.c | 33 +++------------ ssl/t1_lib.c | 73 +++++++++++---------------------- util/ssleay.num | 4 +- 12 files changed, 93 insertions(+), 274 deletions(-) diff --git a/CHANGES b/CHANGES index 55362fe..c8da88c 100644 --- a/CHANGES +++ b/CHANGES @@ -13,6 +13,19 @@ pages. This work was developed in partnership with Intel Corp. [Matt Caswell] + *) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is + always enabled now. If you want to disable the support you should + exclude it using the list of supported ciphers. + [Kurt Roeckx] + + *) SSL_{CTX}_set_tmp_ecdh() which can set 1 EC curve now internally calls + SSL_{CTX_}set1_curves() which can set a list. + [Kurt Roeckx] + + *) Remove support for SSL_{CTX_}set_tmp_ecdh_callback(). You should set the + curve you want to support using SSL_{CTX_}set1_curves(). + [Kurt Roeckx] + *) State machine rewrite. The state machine code has been significantly refactored in order to remove much duplication of code and solve issues with the old code (see ssl/statem/README for further details). This change diff --git a/doc/ssl/SSL_CTX_set1_curves.pod b/doc/ssl/SSL_CTX_set1_curves.pod index e2d4803..4b6d1af 100644 --- a/doc/ssl/SSL_CTX_set1_curves.pod +++ b/doc/ssl/SSL_CTX_set1_curves.pod @@ -3,8 +3,7 @@ =head1 NAME SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, -SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve, -SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - EC supported curve functions +SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve - EC supported curve functions =head1 SYNOPSIS @@ -19,9 +18,6 @@ SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - EC supported curve functions int SSL_get1_curves(SSL *ssl, int *curves); int SSL_get_shared_curve(SSL *s, int n); - int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff); - int SSL_set_ecdh_auto(SSL *s, int onoff); - =head1 DESCRIPTION SSL_CTX_set1_curves() sets the supported curves for B to B @@ -52,11 +48,6 @@ most applications will only be interested in the first shared curve so B is normally set to zero. If the value B is out of range, NID_undef is returned. -SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve -selection for server B or B to B. If B is 1 then -the highest preference curve is automatically used for ECDH temporary -keys used during key exchange. - All these functions are implemented as macros. =head1 NOTES @@ -65,23 +56,10 @@ If an application wishes to make use of several of these functions for configuration purposes either on a command line or in a file it should consider using the SSL_CONF interface instead of manually parsing options. -The functions SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() can be used to -make a server always choose the most appropriate curve for a client. If set -it will override any temporary ECDH parameters set by a server. Previous -versions of OpenSSL could effectively only use a single ECDH curve set -using a function such as SSL_CTX_set_ecdh_tmp(). Newer applications should -just call: - - SSL_CTX_set_ecdh_auto(ctx, 1); - -and they will automatically support ECDH using the most appropriate shared -curve. - =head1 RETURN VALUES -SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves(), -SSL_set1_curves_list(), SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() -return 1 for success and 0 for failure. +SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves() and +SSL_set1_curves_list(), return 1 for success and 0 for failure. SSL_get1_curves() returns the number of curves, which may be zero. diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 2f3f514..e4a22dc 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1119,7 +1119,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_TMP_ECDH 4 # define SSL_CTRL_SET_TMP_RSA_CB 5 # define SSL_CTRL_SET_TMP_DH_CB 6 -# define SSL_CTRL_SET_TMP_ECDH_CB 7 # define SSL_CTRL_GET_SESSION_REUSED 8 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 @@ -1203,7 +1202,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_CURVES 91 # define SSL_CTRL_SET_CURVES_LIST 92 # define SSL_CTRL_GET_SHARED_CURVE 93 -# define SSL_CTRL_SET_ECDH_AUTO 94 # define SSL_CTRL_SET_SIGALGS 97 # define SSL_CTRL_SET_SIGALGS_LIST 98 # define SSL_CTRL_CERT_FLAGS 99 @@ -1336,10 +1334,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) # define SSL_get_shared_curve(s, n) \ SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) -# define SSL_CTX_set_ecdh_auto(ctx, onoff) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) -# define SSL_set_ecdh_auto(s, onoff) \ - SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) # define SSL_CTX_set1_sigalgs_list(ctx, s) \ @@ -1772,14 +1766,6 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, int keylength)); # endif -# ifndef OPENSSL_NO_EC -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)); -void SSL_set_tmp_ecdh_callback(SSL *ssl, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)); -# endif __owur const COMP_METHOD *SSL_get_current_compression(SSL *s); __owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index bf7336c..d89cdfa 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4072,34 +4072,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH: { - EC_KEY *ecdh = NULL; + const EC_GROUP *group = NULL; + int nid; if (parg == NULL) { SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return (ret); - } - if (!EC_KEY_up_ref((EC_KEY *)parg)) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); - return (ret); + return 0; } - ecdh = (EC_KEY *)parg; - if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) { - if (!EC_KEY_generate_key(ecdh)) { - EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB); - return (ret); - } + group = EC_KEY_get0_group((const EC_KEY *)parg); + if (group == NULL) { + SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS); + return 0; } - EC_KEY_free(s->cert->ecdh_tmp); - s->cert->ecdh_tmp = ecdh; - ret = 1; + nid = EC_GROUP_get_curve_name(group); + if (nid == NID_undef) + return 0; + return tls1_set_curves(&s->tlsext_ellipticcurvelist, + &s->tlsext_ellipticcurvelist_length, + &nid, 1); } break; - case SSL_CTRL_SET_TMP_ECDH_CB: - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (ret); - } #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { @@ -4264,11 +4256,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_SHARED_CURVE: return tls1_shared_curve(s, larg); -# ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_ECDH_AUTO: - s->cert->ecdh_tmp_auto = larg; - return 1; -# endif #endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(s->cert, parg, larg, 0); @@ -4423,13 +4410,6 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_TMP_ECDH_CB: - { - s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; - } - break; -#endif case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->tlsext_debug_cb = (void (*)(SSL *, int, int, unsigned char *, int, void *))fp; @@ -4534,35 +4514,26 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH: { - EC_KEY *ecdh = NULL; + const EC_GROUP *group = NULL; + int nid; if (parg == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); + SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER); return 0; } - ecdh = EC_KEY_dup((EC_KEY *)parg); - if (ecdh == NULL) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB); + group = EC_KEY_get0_group((const EC_KEY *)parg); + if (group == NULL) { + SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS); return 0; } - if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) { - if (!EC_KEY_generate_key(ecdh)) { - EC_KEY_free(ecdh); - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB); - return 0; - } - } - - EC_KEY_free(cert->ecdh_tmp); - cert->ecdh_tmp = ecdh; - return 1; + nid = EC_GROUP_get_curve_name(group); + if (nid == NID_undef) + return 0; + return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, + &ctx->tlsext_ellipticcurvelist_length, + &nid, 1); } /* break; */ - case SSL_CTRL_SET_TMP_ECDH_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); - } #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->tlsext_servername_arg = parg; @@ -4635,9 +4606,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, parg); - case SSL_CTRL_SET_ECDH_AUTO: - ctx->cert->ecdh_tmp_auto = larg; - return 1; #endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 0); @@ -4733,13 +4701,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_EC - case SSL_CTRL_SET_TMP_ECDH_CB: - { - cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; - } - break; -#endif case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; break; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 6f9fcdb..0153b18 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -231,18 +231,6 @@ CERT *ssl_cert_dup(CERT *cert) ret->dh_tmp_auto = cert->dh_tmp_auto; #endif -#ifndef OPENSSL_NO_EC - if (cert->ecdh_tmp) { - ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); - if (ret->ecdh_tmp == NULL) { - SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); - goto err; - } - } - ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; - ret->ecdh_tmp_auto = cert->ecdh_tmp_auto; -#endif - for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = cert->pkeys + i; CERT_PKEY *rpk = ret->pkeys + i; @@ -395,9 +383,6 @@ void ssl_cert_free(CERT *c) #ifndef OPENSSL_NO_DH DH_free(c->dh_tmp); #endif -#ifndef OPENSSL_NO_EC - EC_KEY_free(c->ecdh_tmp); -#endif ssl_cert_clear_certs(c); OPENSSL_free(c->conf_sigalgs); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 58acec4..d2139e1 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1415,8 +1415,6 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384"; break; } - /* Set auto ECDH parameter determination */ - c->ecdh_tmp_auto = 1; return 1; # else SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index ad20f44..ce52569 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -268,48 +268,23 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) /* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) { - int onoff = -1, rv = 1; - if (cctx->flags & SSL_CONF_FLAG_FILE) { - if (*value == '+') { - onoff = 1; - value++; - } - if (*value == '-') { - onoff = 0; - value++; - } - if (strcasecmp(value, "automatic") == 0) { - if (onoff == -1) - onoff = 1; - } else if (onoff != -1) - return 0; - } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { - if (strcmp(value, "auto") == 0) - onoff = 1; - } + int rv = 1; + EC_KEY *ecdh; + int nid; - if (onoff != -1) { - if (cctx->ctx) - rv = SSL_CTX_set_ecdh_auto(cctx->ctx, onoff); - else if (cctx->ssl) - rv = SSL_set_ecdh_auto(cctx->ssl, onoff); - } else { - EC_KEY *ecdh; - int nid; - nid = EC_curve_nist2nid(value); - if (nid == NID_undef) - nid = OBJ_sn2nid(value); - if (nid == 0) - return 0; - ecdh = EC_KEY_new_by_curve_name(nid); - if (!ecdh) - return 0; - if (cctx->ctx) - rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh); - else if (cctx->ssl) - rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh); - EC_KEY_free(ecdh); - } + nid = EC_curve_nist2nid(value); + if (nid == NID_undef) + nid = OBJ_sn2nid(value); + if (nid == 0) + return 0; + ecdh = EC_KEY_new_by_curve_name(nid); + if (!ecdh) + return 0; + if (cctx->ctx) + rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh); + else if (cctx->ssl) + rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh); + EC_KEY_free(ecdh); return rv > 0; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index cac692d..ea2acce 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2010,7 +2010,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) unsigned long mask_k, mask_a, emask_k, emask_a; #ifndef OPENSSL_NO_EC int have_ecc_cert, ecdsa_ok, ecc_pkey_size; - int have_ecdh_tmp, ecdh_ok; + int ecdh_ok; X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; int pk_nid = 0, md_nid = 0; @@ -2036,9 +2036,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) dh_tmp = dh_tmp_export = 0; #endif -#ifndef OPENSSL_NO_EC - have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); -#endif cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID; rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); @@ -2063,8 +2060,8 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) #ifdef CIPHER_DEBUG fprintf(stderr, - "rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", - rsa_tmp, rsa_tmp_export, dh_tmp, have_ecdh_tmp, rsa_enc, + "rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", + rsa_tmp, rsa_tmp_export, dh_tmp, rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); #endif @@ -2169,10 +2166,8 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) #endif #ifndef OPENSSL_NO_EC - if (have_ecdh_tmp) { - mask_k |= SSL_kECDHE; - emask_k |= SSL_kECDHE; - } + mask_k |= SSL_kECDHE; + emask_k |= SSL_kECDHE; #endif #ifndef OPENSSL_NO_PSK @@ -3142,23 +3137,6 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, } #endif -#ifndef OPENSSL_NO_EC -void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)) -{ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB, - (void (*)(void))ecdh); -} - -void SSL_set_tmp_ecdh_callback(SSL *ssl, - EC_KEY *(*ecdh) (SSL *ssl, int is_export, - int keylength)) -{ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh); -} -#endif - #ifndef OPENSSL_NO_PSK int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b4c6244..c1ae1c0 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1568,13 +1568,6 @@ typedef struct cert_st { DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); int dh_tmp_auto; # endif -# ifndef OPENSSL_NO_EC - EC_KEY *ecdh_tmp; - /* Callback for generating ephemeral ECDH keys */ - EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize); - /* Select ECDH parameters automatically */ - int ecdh_tmp_auto; -# endif /* Flags related to certificates */ uint32_t cert_flags; CERT_PKEY pkeys[SSL_PKEY_NUM]; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index bdeaf7e..d4668b2 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1730,7 +1730,6 @@ int tls_construct_server_key_exchange(SSL *s) DH *dh = NULL, *dhp; #endif #ifndef OPENSSL_NO_EC - EC_KEY *ecdh = NULL, *ecdhp; unsigned char *encodedPoint = NULL; int encodedlen = 0; int curve_id = 0; @@ -1867,21 +1866,13 @@ int tls_construct_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_EC if (type & (SSL_kECDHE | SSL_kECDHEPSK)) { const EC_GROUP *group; + EC_KEY *ecdh = NULL; - ecdhp = cert->ecdh_tmp; - if (s->cert->ecdh_tmp_auto) { - /* Get NID of appropriate shared curve */ - int nid = tls1_shared_curve(s, -2); - if (nid != NID_undef) - ecdhp = EC_KEY_new_by_curve_name(nid); - } else if ((ecdhp == NULL) && s->cert->ecdh_tmp_cb) { - ecdhp = s->cert->ecdh_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3-> - tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s-> - s3->tmp.new_cipher)); - } - if (ecdhp == NULL) { + /* Get NID of appropriate shared curve */ + int nid = tls1_shared_curve(s, -2); + if (nid != NID_undef) + ecdh = EC_KEY_new_by_curve_name(nid); + if (ecdh == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, SSL_R_MISSING_TMP_ECDH_KEY); @@ -1894,18 +1885,6 @@ int tls_construct_server_key_exchange(SSL *s) goto err; } - /* Duplicate the ECDH structure. */ - if (ecdhp == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); - goto err; - } - if (s->cert->ecdh_tmp_auto) - ecdh = ecdhp; - else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); - goto err; - } - s->s3->tmp.ecdh = ecdh; if ((EC_KEY_get0_public_key(ecdh) == NULL) || (EC_KEY_get0_private_key(ecdh) == NULL) || diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 02ad438..971aad3 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -259,8 +259,8 @@ static const unsigned char ecformats_default[] = { TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 }; -/* The client's default curves / the server's 'auto' curves. */ -static const unsigned char eccurves_auto[] = { +/* The default curves */ +static const unsigned char eccurves_default[] = { /* Prefer P-256 which has the fastest and most secure implementations. */ 0, 23, /* secp256r1 (23) */ /* Other >= 256-bit prime curves. */ @@ -438,13 +438,8 @@ static int tls1_get_curvelist(SSL *s, int sess, pcurveslen = s->tlsext_ellipticcurvelist_length; } if (!*pcurves) { - if (!s->server || s->cert->ecdh_tmp_auto) { - *pcurves = eccurves_auto; - pcurveslen = sizeof(eccurves_auto); - } else { - *pcurves = eccurves_all; - pcurveslen = sizeof(eccurves_all); - } + *pcurves = eccurves_default; + pcurveslen = sizeof(eccurves_default); } } @@ -507,8 +502,9 @@ int tls1_check_curve(SSL *s, const unsigned char *p, size_t len) } /*- - * Return |nmatch|th shared curve or NID_undef if there is no match. - * For nmatch == -1, return number of matches + * For nmatch >= 0, return the NID of the |nmatch|th shared curve or NID_undef + * if there is no match. + * For nmatch == -1, return number of matches * For nmatch == -2, return the NID of the curve to use for * an EC tmp key, or NID_undef if there is no match. */ @@ -842,11 +838,18 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) } # ifndef OPENSSL_NO_EC -/* Check EC temporary key is compatible with client extensions */ +/* + * tls1_check_ec_tmp_key - Check EC temporary key compatiblity + * @s: SSL connection + * @cid: Cipher ID we're considering using + * + * Checks that the kECDHE cipher suite we're considering using + * is compatible with the client extensions. + * + * Returns 0 when the cipher can't be used or 1 when it can. + */ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) { - unsigned char curve_id[2]; - EC_KEY *ec = s->cert->ecdh_tmp; # ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL /* Allow any curve: not just those peer supports */ if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) @@ -857,6 +860,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) * curves permitted. */ if (tls1_suiteb(s)) { + unsigned char curve_id[2]; /* Curve to check determined by ciphersuite */ if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) curve_id[1] = TLSEXT_curve_P_256; @@ -868,43 +872,12 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) /* Check this curve is acceptable */ if (!tls1_check_ec_key(s, curve_id, NULL)) return 0; - /* If auto or setting curve from callback assume OK */ - if (s->cert->ecdh_tmp_auto || s->cert->ecdh_tmp_cb) - return 1; - /* Otherwise check curve is acceptable */ - else { - unsigned char curve_tmp[2]; - if (!ec) - return 0; - if (!tls1_set_ec_id(curve_tmp, NULL, ec)) - return 0; - if (!curve_tmp[0] || curve_tmp[1] == curve_id[1]) - return 1; - return 0; - } - - } - if (s->cert->ecdh_tmp_auto) { - /* Need a shared curve */ - if (tls1_shared_curve(s, 0)) - return 1; - else - return 0; - } - if (!ec) { - if (s->cert->ecdh_tmp_cb) - return 1; - else - return 0; + return 1; } - if (!tls1_set_ec_id(curve_id, NULL, ec)) - return 0; -/* Set this to allow use of invalid curves for testing */ -# if 0 - return 1; -# else - return tls1_check_ec_key(s, curve_id, NULL); -# endif + /* Need a shared curve */ + if (tls1_shared_curve(s, 0)) + return 1; + return 0; } # endif /* OPENSSL_NO_EC */ diff --git a/util/ssleay.num b/util/ssleay.num index f737aac..1d23afb 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -217,8 +217,8 @@ SSL_renegotiate_pending 265 EXIST::FUNCTION: SSL_CTX_set_msg_callback 266 EXIST::FUNCTION: SSL_set_msg_callback 267 EXIST::FUNCTION: DTLSv1_client_method 268 EXIST::FUNCTION: -SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:EC -SSL_set_tmp_ecdh_callback 270 EXIST::FUNCTION:EC +SSL_CTX_set_tmp_ecdh_callback 269 NOEXIST::FUNCTION: +SSL_set_tmp_ecdh_callback 270 NOEXIST::FUNCTION: SSL_COMP_get_name 271 EXIST::FUNCTION: SSL_get_current_compression 272 EXIST::FUNCTION: DTLSv1_method 273 EXIST::FUNCTION: From kurt at openssl.org Sat Dec 5 16:51:31 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 05 Dec 2015 16:51:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449334291.770353.768.nullmailer@dev.openssl.org> The branch master has been updated via 361a1191279d5a801fa6cfe22d51ef17d6ab38ea (commit) from fe6ef2472db933f01b59cad82aa925736935984b (commit) - Log ----------------------------------------------------------------- commit 361a1191279d5a801fa6cfe22d51ef17d6ab38ea Author: Kurt Roeckx Date: Sat Dec 5 02:04:41 2015 +0100 Remove support for all 40 and 56 bit ciphers. Reviewed-by: Rich Salz MR: #364 ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 + apps/s_server.c | 47 +-- demos/easy_tls/easy-tls.c | 15 - demos/easy_tls/easy-tls.h | 1 - doc/apps/ciphers.pod | 32 -- doc/apps/s_server.pod | 6 - doc/ssl/SSL_CTX_set_cipher_list.pod | 5 - doc/ssl/SSL_CTX_set_options.pod | 1 - doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 159 ------- doc/ssl/ssl.pod | 20 - include/openssl/ssl.h | 31 -- include/openssl/tls1.h | 6 - ssl/s3_enc.c | 36 +- ssl/s3_lib.c | 700 ++++++++++--------------------- ssl/ssl_cert.c | 11 - ssl/ssl_ciph.c | 77 +--- ssl/ssl_err.c | 10 - ssl/ssl_lib.c | 115 +---- ssl/ssl_locl.h | 81 +--- ssl/statem/statem_clnt.c | 177 +------- ssl/statem/statem_srvr.c | 87 +--- ssl/t1_enc.c | 42 +- test/ssltest.c | 44 -- util/ssleay.num | 4 +- 24 files changed, 293 insertions(+), 1419 deletions(-) delete mode 100644 doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod diff --git a/CHANGES b/CHANGES index c8da88c..56092dc 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Remove support for all 40 and 56 bit ciphers. This includes all the export + ciphers who are no longer supported and drops support the ephemeral RSA key + exchange. The LOW ciphers currently doesn't have any ciphers in it. + [Kurt Roeckx] + *) Added ASYNC support. Libcrypto now includes the async sub-library to enable cryptographic operations to be performed asynchronously as long as an asynchronous capable engine is used. See the ASYNC_start_job() man page for diff --git a/apps/s_server.c b/apps/s_server.c index fd8035d..4c3ca79 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -190,9 +190,6 @@ typedef unsigned int u_int; # undef FIONBIO #endif -#ifndef OPENSSL_NO_RSA -static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); -#endif static int not_resumable_sess_cb(SSL *s, int is_forward_secure); static int sv_body(char *hostname, int s, int stype, unsigned char *context); static int www_body(char *hostname, int s, int stype, unsigned char *context); @@ -807,7 +804,7 @@ typedef enum OPTION_choice { OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF, - OPT_QUIET, OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE, + OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, OPT_NO_ECDHE, OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL3, @@ -866,7 +863,6 @@ OPTIONS s_server_options[] = { "Do not load certificates from the default certificates directory"}, {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, {"quiet", OPT_QUIET, '-', "No server output"}, - {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"}, {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, @@ -1004,7 +1000,7 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_DH int no_dhe = 0; #endif - int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0, ret = 1; + int no_ecdhe = 0, nocert = 0, ret = 1; int noCApath = 0, noCAfile = 0; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; @@ -1295,9 +1291,6 @@ int s_server_main(int argc, char *argv[]) case OPT_BRIEF: s_quiet = s_brief = verify_quiet = 1; break; - case OPT_NO_TMP_RSA: - no_tmp_rsa = 1; - break; case OPT_NO_DHE: #ifndef OPENSSL_NO_DH no_dhe = 1; @@ -1824,13 +1817,6 @@ int s_server_main(int argc, char *argv[]) if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain)) goto end; } -#ifndef OPENSSL_NO_RSA - if (!no_tmp_rsa) { - SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); - if (ctx2) - SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb); - } -#endif if (no_resume_ephemeral) { SSL_CTX_set_not_resumable_session_callback(ctx, @@ -3135,35 +3121,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) return (ret); } -#ifndef OPENSSL_NO_RSA -static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) -{ - BIGNUM *bn = NULL; - static RSA *rsa_tmp = NULL; - - if (!rsa_tmp && ((bn = BN_new()) == NULL)) - BIO_printf(bio_err, "Allocation error in generating RSA key\n"); - if (!rsa_tmp && bn) { - if (!s_quiet) { - BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", - keylength); - (void)BIO_flush(bio_err); - } - if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || - !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) { - RSA_free(rsa_tmp); - rsa_tmp = NULL; - } - if (!s_quiet) { - BIO_printf(bio_err, "\n"); - (void)BIO_flush(bio_err); - } - BN_free(bn); - } - return (rsa_tmp); -} -#endif - #define MAX_SESSION_ID_ATTEMPTS 10 static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len) diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index e42d28a..00407dd 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -651,7 +651,6 @@ struct tls_create_ctx_args tls_create_ctx_defaultargs(void) ret.ca_file = NULL; ret.verify_depth = -1; ret.fail_unless_verified = 0; - ret.export_p = 0; return ret; } @@ -781,20 +780,6 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) /* avoid small subgroup attacks: */ SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE); } -#ifndef NO_RSA - if (!a.client_p && a.export_p) { - RSA *tmpkey; - - tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL); - if (tmpkey == NULL) - goto err; - if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) { - RSA_free(tmpkey); - goto err; - } - RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */ - } -#endif return ret; diff --git a/demos/easy_tls/easy-tls.h b/demos/easy_tls/easy-tls.h index 1c587b8..b1a7b30 100644 --- a/demos/easy_tls/easy-tls.h +++ b/demos/easy_tls/easy-tls.h @@ -34,7 +34,6 @@ struct tls_create_ctx_args { const char *ca_file; int verify_depth; int fail_unless_verified; - int export_p; }; struct tls_create_ctx_args tls_create_ctx_defaultargs(void); /* diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 963339a..8db0ea5 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -168,18 +168,6 @@ encryption. "low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms but excluding export cipher suites. -=item B, B - -export encryption algorithms. Including 40 and 56 bits algorithms. - -=item B - -40 bit export encryption algorithms - -=item B - -56 bit export encryption algorithms. This list is empty. - =item B, B the "NULL" ciphers that is those offering no encryption. Because these offer no @@ -387,12 +375,9 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. SSL_RSA_WITH_NULL_MD5 NULL-MD5 SSL_RSA_WITH_NULL_SHA NULL-SHA - SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 SSL_RSA_WITH_RC4_128_SHA RC4-SHA - SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA @@ -400,16 +385,12 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA - SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA SSL_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA SSL_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA - SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA @@ -421,31 +402,22 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_RSA_WITH_NULL_MD5 NULL-MD5 TLS_RSA_WITH_NULL_SHA NULL-SHA - TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 TLS_RSA_WITH_RC4_128_SHA RC4-SHA - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA TLS_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-RSA-DES-CBC-SHA TLS_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA - TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA @@ -511,10 +483,6 @@ algorithms, such as the B engine, included in the OpenSSL distribution. Note: these ciphers can also be used in SSL v3. - TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA - TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA =head2 Elliptic curve cipher suites. diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 706e039..c1a1d1a 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -66,7 +66,6 @@ B B [B<-cipher cipherlist>] [B<-serverpref>] [B<-quiet>] -[B<-no_tmp_rsa>] [B<-ssl3>] [B<-tls1>] [B<-dtls>] @@ -186,11 +185,6 @@ disabling the ephemeral DH cipher suites. if this option is set then no ECDH parameters will be loaded effectively disabling the ephemeral ECDH cipher suites. -=item B<-no_tmp_rsa> - -certain export cipher suites sometimes use a temporary RSA key, this option -disables temporary RSA key generation. - =item B<-crl_check>, B<-crl_check_all> Check the peer certificate has not been revoked by its CA. diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod index ccd10c8..3383232 100644 --- a/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/doc/ssl/SSL_CTX_set_cipher_list.pod @@ -37,10 +37,6 @@ ADH ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key. A RSA cipher can only be chosen, when a RSA certificate is available. -RSA export ciphers with a keylength of 512 bits for the RSA key require -a temporary 512 bit RSA key, as typically the supplied key has a length -of 1024 bit (see -L). RSA ciphers using DHE need a certificate and key and additional DH-parameters (see L). @@ -63,7 +59,6 @@ could be selected and 0 on complete failure. L, L, L, -L, L, L diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 7754e75..cf137a5 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -269,7 +269,6 @@ secure renegotiation and 0 if it does not. L, L, L, L, -L, L =head1 HISTORY diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod deleted file mode 100644 index 296699d..0000000 --- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ /dev/null @@ -1,159 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange - -=head1 SYNOPSIS - - #include - - void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); - long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); - - void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) - long SSL_need_tmp_rsa(SSL *ssl) - - RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength); - -=head1 DESCRIPTION - -SSL_CTX_set_tmp_rsa_callback() sets the callback function for B to be -used when a temporary/ephemeral RSA key is required to B. -The callback is inherited by all SSL objects newly created from B -with . Already created SSL objects are not affected. - -SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be -B. The key is inherited by all SSL objects newly created from B -with . Already created SSL objects are not affected. - -SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed -for RSA-based strength-limited 'exportable' ciphersuites because a RSA key -with a keysize larger than 512 bits is installed. - -SSL_set_tmp_rsa_callback() sets the callback only for B. - -SSL_set_tmp_rsa() sets the key only for B. - -SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed, -for RSA-based strength-limited 'exportable' ciphersuites because a RSA key -with a keysize larger than 512 bits is installed. - -These functions apply to SSL/TLS servers only. - -=head1 NOTES - -When using a cipher with RSA authentication, an ephemeral RSA key exchange -can take place. In this case the session data are negotiated using the -ephemeral/temporary RSA key and the RSA key supplied and certified -by the certificate chain is only used for signing. - -Under previous export restrictions, ciphers with RSA keys shorter (512 bits) -than the usual key length of 1024 bits were created. To use these ciphers -with RSA keys of usual length, an ephemeral key exchange must be performed, -as the normal (certified) key cannot be directly used. - -Using ephemeral RSA key exchange yields forward secrecy, as the connection -can only be decrypted, when the RSA key is known. By generating a temporary -RSA key inside the server application that is lost when the application -is left, it becomes impossible for an attacker to decrypt past sessions, -even if he gets hold of the normal (certified) RSA key, as this key was -used for signing only. The downside is that creating a RSA key is -computationally expensive. - -Additionally, the use of ephemeral RSA key exchange is only allowed in -the TLS standard, when the RSA key can be used for signing only, that is -for export ciphers. Using ephemeral RSA key exchange for other purposes -violates the standard and can break interoperability with clients. -It is therefore strongly recommended to not use ephemeral RSA key -exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead -in order to achieve forward secrecy (see -L). - -An application may either directly specify the key or can supply the key via a -callback function. The callback approach has the advantage, that the callback -may generate the key only in case it is actually needed. As the generation of a -RSA key is however costly, it will lead to a significant delay in the handshake -procedure. Another advantage of the callback function is that it can supply -keys of different size while the explicit setting of the key is only useful for -key size of 512 bits to satisfy the export restricted ciphers and does give -away key length if a longer key would be allowed. - -The B is called with the B needed and -the B information. The B flag is set, when the -ephemeral RSA key exchange is performed with an export cipher. - -=head1 EXAMPLES - -Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the -generation of a RSA key costs a lot of computer time, they saved for later -reuse. For demonstration purposes, two keys for 512 bits and 1024 bits -respectively are generated. - - ... - /* Set up ephemeral RSA stuff */ - RSA *rsa_512 = NULL; - RSA *rsa_1024 = NULL; - - rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); - if (rsa_512 == NULL) - evaluate_error_queue(); - - rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); - if (rsa_1024 == NULL) - evaluate_error_queue(); - - ... - - RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) - { - RSA *rsa_tmp=NULL; - - switch (keylength) { - case 512: - if (rsa_512) - rsa_tmp = rsa_512; - else { /* generate on the fly, should not happen in this example */ - rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); - rsa_512 = rsa_tmp; /* Remember for later reuse */ - } - break; - case 1024: - if (rsa_1024) - rsa_tmp=rsa_1024; - else - should_not_happen_in_this_example(); - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - if (rsa_1024) - rsa_tmp=rsa_1024; - else - rsa_tmp=rsa_512; /* Use at least a shorter key */ - } - return(rsa_tmp); - } - -=head1 RETURN VALUES - -SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return -diagnostic output. - -SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0 -on failure. Check the error queue to find out the reason of failure. - -SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary -RSA key is needed and 0 otherwise. - -=head1 SEE ALSO - -L, L, -L, -L, -L, L - -=cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 421d500..19819f1 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -331,25 +331,6 @@ Use the file path to locate trusted CA certficates. =item long B(SSL_CTX *ctx, DH *(*cb)(void)); -=item long B(SSL_CTX *ctx, RSA *rsa); - -=item SSL_CTX_set_tmp_rsa_callback - -C(SSL_CTX *B, RSA *(*B)(SSL *B, int B, int B));> - -Sets the callback which will be called when a temporary private key is -required. The B> flag will be set if the reason for needing -a temp key is that an export ciphersuite is in use, in which case, -B> will contain the required keylength in bits. Generate a key of -appropriate size (using ???) and return it. - -=item SSL_set_tmp_rsa_callback - -long B(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength)); - -The same as B, except it operates on an SSL -session instead of a context. - =item void B(SSL_CTX *ctx, int mode, int (*cb);(void)) =item int B(SSL_CTX *ctx, EVP_PKEY *pkey); @@ -713,7 +694,6 @@ L, L, L, L, -L, L, L, L, diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e4a22dc..1fb5948 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -181,8 +181,6 @@ extern "C" { /* These are used to specify which ciphers to use and not to use */ -# define SSL_TXT_EXP40 "EXPORT40" -# define SSL_TXT_EXP56 "EXPORT56" # define SSL_TXT_LOW "LOW" # define SSL_TXT_MEDIUM "MEDIUM" # define SSL_TXT_HIGH "HIGH" @@ -268,9 +266,6 @@ extern "C" { # define SSL_TXT_TLSV1_1 "TLSv1.1" # define SSL_TXT_TLSV1_2 "TLSv1.2" -# define SSL_TXT_EXP "EXP" -# define SSL_TXT_EXPORT "EXPORT" - # define SSL_TXT_ALL "ALL" /*- @@ -1113,11 +1108,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_ERROR_WANT_CONNECT 7 # define SSL_ERROR_WANT_ACCEPT 8 # define SSL_ERROR_WANT_ASYNC 9 -# define SSL_CTRL_NEED_TMP_RSA 1 -# define SSL_CTRL_SET_TMP_RSA 2 # define SSL_CTRL_SET_TMP_DH 3 # define SSL_CTRL_SET_TMP_ECDH 4 -# define SSL_CTRL_SET_TMP_RSA_CB 5 # define SSL_CTRL_SET_TMP_DH_CB 6 # define SSL_CTRL_GET_SESSION_REUSED 8 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 @@ -1242,10 +1234,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) # define SSL_total_renegotiations(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) -# define SSL_CTX_need_tmp_RSA(ctx) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) -# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) # define SSL_CTX_set_tmp_dh(ctx,dh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ @@ -1254,10 +1242,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) # define SSL_set_dh_auto(s, onoff) \ SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) -# define SSL_need_tmp_RSA(ssl) \ - SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) -# define SSL_set_tmp_rsa(ssl,rsa) \ - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) # define SSL_set_tmp_dh(ssl,dh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) # define SSL_set_tmp_ecdh(ssl,ecdh) \ @@ -1749,15 +1733,6 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) /* NB: the keylength is only applicable when is_export is true */ -# ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*cb) (SSL *ssl, int is_export, - int keylength)); - -void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb) (SSL *ssl, int is_export, - int keylength)); -# endif # ifndef OPENSSL_NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh) (SSL *ssl, int is_export, @@ -2259,7 +2234,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_EE_KEY_TOO_SMALL 399 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 -# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 @@ -2294,16 +2268,12 @@ void ERR_load_SSL_strings(void); # define SSL_R_MISSING_DSA_SIGNING_CERT 165 # define SSL_R_MISSING_ECDH_CERT 382 # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 -# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 -# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 # define SSL_R_MISSING_RSA_CERTIFICATE 168 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 # define SSL_R_MISSING_RSA_SIGNING_CERT 170 # define SSL_R_MISSING_SRP_PARAM 358 # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 -# define SSL_R_MISSING_TMP_RSA_KEY 172 -# define SSL_R_MISSING_TMP_RSA_PKEY 173 # define SSL_R_MISSING_VERIFY_MESSAGE 174 # define SSL_R_MULTIPLE_SGC_RESTARTS 346 # define SSL_R_NO_CERTIFICATES_RETURNED 176 @@ -2395,7 +2365,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 # define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 # define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index cdc56c6..3bbd1f1 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -658,12 +658,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) * using DHE everywhere, though we may indefinitely maintain aliases for * users or configurations that used "EDH" */ -# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" -# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" -# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" -# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" -# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" -# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" # define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" # define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 850f76d..31c8918 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -197,18 +197,16 @@ int ssl3_change_cipher_state(SSL *s, int which) unsigned char *p, *mac_secret; unsigned char exp_key[EVP_MAX_KEY_LENGTH]; unsigned char exp_iv[EVP_MAX_IV_LENGTH]; - unsigned char *ms, *key, *iv, *er1, *er2; + unsigned char *ms, *key, *iv; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; #ifndef OPENSSL_NO_COMP COMP_METHOD *comp; #endif const EVP_MD *m; - EVP_MD_CTX md; - int is_exp, n, i, j, k, cl; + int n, i, j, k, cl; int reuse_dd = 0; - is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c = s->s3->tmp.new_sym_enc; m = s->s3->tmp.new_hash; /* m == NULL will lead to a crash later */ @@ -295,9 +293,7 @@ int ssl3_change_cipher_state(SSL *s, int which) if (i < 0) goto err2; cl = EVP_CIPHER_key_length(c); - j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? - cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; - /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */ + j = cl; k = EVP_CIPHER_iv_length(c); if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { @@ -307,8 +303,6 @@ int ssl3_change_cipher_state(SSL *s, int which) n += j + j; iv = &(p[n]); n += k + k; - er1 = &(s->s3->client_random[0]); - er2 = &(s->s3->server_random[0]); } else { n = i; ms = &(p[n]); @@ -317,8 +311,6 @@ int ssl3_change_cipher_state(SSL *s, int which) n += j + k; iv = &(p[n]); n += k; - er1 = &(s->s3->server_random[0]); - er2 = &(s->s3->client_random[0]); } if (n > s->s3->tmp.key_block_length) { @@ -326,28 +318,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err2; } - EVP_MD_CTX_init(&md); memcpy(mac_secret, ms, i); - if (is_exp) { - /* - * In here I set both the read and write key/iv to the same value - * since only the correct one will be used :-). - */ - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, key, j); - EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL); - key = &(exp_key[0]); - - if (k > 0) { - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL); - iv = &(exp_iv[0]); - } - } EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); @@ -370,7 +341,6 @@ int ssl3_change_cipher_state(SSL *s, int which) OPENSSL_cleanse(exp_key, sizeof(exp_key)); OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); - EVP_MD_CTX_cleanup(&md); return (1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d89cdfa..24cf5f0 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -173,7 +173,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_MD5, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE, + SSL_NOT_DEFAULT | SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -189,28 +189,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, }, -/* Cipher 03 */ - { - 1, - SSL3_TXT_RSA_RC4_40_MD5, - SSL3_CK_RSA_RC4_40_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - /* Cipher 04 */ { 1, @@ -221,7 +205,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -237,28 +221,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, -/* Cipher 06 */ - { - 1, - SSL3_TXT_RSA_RC2_40_MD5, - SSL3_CK_RSA_RC2_40_MD5, - SSL_kRSA, - SSL_aRSA, - SSL_RC2, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - /* Cipher 07 */ #ifndef OPENSSL_NO_IDEA { @@ -270,29 +238,13 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_IDEA, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, #endif -/* Cipher 08 */ - { - 1, - SSL3_TXT_RSA_DES_40_CBC_SHA, - SSL3_CK_RSA_DES_40_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 56, - }, - /* Cipher 09 */ { 1, @@ -303,7 +255,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -319,29 +271,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, -/* The DH ciphers */ -/* Cipher 0B */ - { - 0, - SSL3_TXT_DH_DSS_DES_40_CBC_SHA, - SSL3_CK_DH_DSS_DES_40_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 56, - }, - /* Cipher 0C */ { 1, @@ -352,7 +287,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -368,28 +303,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, -/* Cipher 0E */ - { - 0, - SSL3_TXT_DH_RSA_DES_40_CBC_SHA, - SSL3_CK_DH_RSA_DES_40_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 56, - }, - /* Cipher 0F */ { 1, @@ -400,7 +319,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -416,29 +335,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, -/* The Ephemeral DH ciphers */ -/* Cipher 11 */ - { - 1, - SSL3_TXT_DHE_DSS_DES_40_CBC_SHA, - SSL3_CK_DHE_DSS_DES_40_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 56, - }, - /* Cipher 12 */ { 1, @@ -449,7 +351,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -465,28 +367,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, -/* Cipher 14 */ - { - 1, - SSL3_TXT_DHE_RSA_DES_40_CBC_SHA, - SSL3_CK_DHE_RSA_DES_40_CBC_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 56, - }, - /* Cipher 15 */ { 1, @@ -497,7 +383,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -513,28 +399,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, }, -/* Cipher 17 */ - { - 1, - SSL3_TXT_ADH_RC4_40_MD5, - SSL3_CK_ADH_RC4_40_MD5, - SSL_kDHE, - SSL_aNULL, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - /* Cipher 18 */ { 1, @@ -545,28 +415,12 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_MD5, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, }, -/* Cipher 19 */ - { - 1, - SSL3_TXT_ADH_DES_40_CBC_SHA, - SSL3_CK_ADH_DES_40_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - /* Cipher 1A */ { 1, @@ -577,7 +431,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_LOW, + SSL_NOT_DEFAULT | SSL_LOW, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 56, 56, @@ -593,7 +447,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -609,7 +463,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -624,7 +478,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -639,7 +493,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -657,7 +511,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -672,7 +526,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -687,7 +541,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -702,7 +556,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -717,7 +571,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -732,7 +586,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -748,7 +602,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -763,7 +617,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -779,7 +633,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -795,7 +649,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -811,7 +665,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -827,7 +681,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -844,7 +698,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -860,7 +714,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -876,7 +730,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -892,7 +746,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -908,7 +762,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -924,7 +778,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -943,7 +797,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -959,7 +813,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -975,7 +829,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -991,7 +845,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1007,7 +861,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1023,7 +877,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1041,7 +895,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1057,7 +911,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1073,7 +927,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1089,7 +943,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1105,7 +959,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1121,7 +975,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1137,7 +991,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1154,7 +1008,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eGOST2814789CNT, SSL_GOST89MAC, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, 256, 256 @@ -1168,7 +1022,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_GOST94, SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE, + SSL_NOT_DEFAULT | SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, 0, 0 @@ -1187,7 +1041,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1202,7 +1056,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1218,7 +1072,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1234,7 +1088,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1250,7 +1104,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1266,7 +1120,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1285,7 +1139,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1301,7 +1155,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -1317,7 +1171,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1333,7 +1187,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1349,7 +1203,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1365,7 +1219,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -1381,7 +1235,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1397,7 +1251,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1413,7 +1267,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1429,7 +1283,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -1445,7 +1299,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1461,7 +1315,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -1481,7 +1335,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_SEED, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1497,7 +1351,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_SEED, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1513,7 +1367,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_SEED, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1529,7 +1383,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_SEED, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1545,7 +1399,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_SEED, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, + SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1561,7 +1415,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_SEED, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1581,7 +1435,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1597,7 +1451,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1613,7 +1467,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1629,7 +1483,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1645,7 +1499,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1661,7 +1515,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1677,7 +1531,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1693,7 +1547,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1709,7 +1563,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1725,7 +1579,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1741,7 +1595,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1757,7 +1611,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1775,7 +1629,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1791,7 +1645,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1807,7 +1661,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1823,7 +1677,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1839,7 +1693,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -1855,7 +1709,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1871,7 +1725,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1887,7 +1741,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1903,7 +1757,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -1919,7 +1773,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA384, SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 0, 0, @@ -1935,7 +1789,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -1951,7 +1805,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -1967,7 +1821,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -1983,7 +1837,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA384, SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 0, 0, @@ -1999,7 +1853,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2015,7 +1869,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -2031,7 +1885,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2047,7 +1901,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA384, SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 0, 0, @@ -2067,7 +1921,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2083,7 +1937,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2099,7 +1953,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2115,7 +1969,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2131,7 +1985,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2147,7 +2001,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2163,7 +2017,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2179,7 +2033,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2195,7 +2049,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2211,7 +2065,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2227,7 +2081,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2243,7 +2097,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH, + SSL_NOT_DEFAULT | SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -2278,7 +2132,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2294,7 +2148,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2310,7 +2164,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -2326,7 +2180,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2342,7 +2196,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2358,7 +2212,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2374,7 +2228,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2390,7 +2244,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -2406,7 +2260,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2422,7 +2276,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2438,7 +2292,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2454,7 +2308,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2470,7 +2324,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -2486,7 +2340,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2502,7 +2356,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2518,7 +2372,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2534,7 +2388,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2550,7 +2404,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -2566,7 +2420,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2582,7 +2436,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2598,7 +2452,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -2614,7 +2468,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2630,7 +2484,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -2646,7 +2500,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2662,7 +2516,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2680,7 +2534,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -2696,7 +2550,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -2712,7 +2566,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -2728,7 +2582,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2744,7 +2598,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2760,7 +2614,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -2776,7 +2630,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2792,7 +2646,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2808,7 +2662,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -2828,7 +2682,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2844,7 +2698,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA384, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -2860,7 +2714,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2876,7 +2730,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA384, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -2892,7 +2746,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2908,7 +2762,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA384, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -2924,7 +2778,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2940,7 +2794,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA384, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -2958,7 +2812,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -2974,7 +2828,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -2990,7 +2844,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3006,7 +2860,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -3022,7 +2876,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3038,7 +2892,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -3054,7 +2908,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3070,7 +2924,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -3087,7 +2941,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_RC4, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_MEDIUM, + SSL_NOT_DEFAULT | SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -3103,7 +2957,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, @@ -3119,7 +2973,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -3135,7 +2989,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, @@ -3151,7 +3005,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, @@ -3167,7 +3021,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, @@ -3183,7 +3037,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA1, SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -3199,7 +3053,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA256, SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 0, 0, @@ -3215,7 +3069,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_SHA384, SSL_TLSV1, - SSL_NOT_DEFAULT | SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS, + SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 0, 0, @@ -3231,7 +3085,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128}, @@ -3245,7 +3099,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -3259,7 +3113,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128}, @@ -3273,7 +3127,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -3287,7 +3141,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128}, @@ -3301,7 +3155,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -3315,7 +3169,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128}, @@ -3329,7 +3183,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -3346,7 +3200,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128}, @@ -3360,7 +3214,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -3374,7 +3228,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128}, @@ -3388,7 +3242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -3402,7 +3256,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128}, @@ -3416,7 +3270,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -3430,7 +3284,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA128, SSL_SHA256, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128}, @@ -3444,7 +3298,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_CAMELLIA256, SSL_SHA384, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256}, @@ -3460,7 +3314,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3476,7 +3330,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3492,7 +3346,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3508,7 +3362,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3524,7 +3378,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3540,7 +3394,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3556,7 +3410,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3572,7 +3426,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3588,7 +3442,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3604,7 +3458,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3620,7 +3474,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3636,7 +3490,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3652,7 +3506,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3668,7 +3522,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3684,7 +3538,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3700,7 +3554,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3716,7 +3570,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3732,7 +3586,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3748,7 +3602,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES128CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, @@ -3764,7 +3618,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_AES256CCM8, SSL_AEAD, SSL_TLSV1_2, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, @@ -3779,7 +3633,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eGOST2814789CNT12, SSL_GOST89MAC12, SSL_TLSV1, - SSL_NOT_EXP | SSL_HIGH, + SSL_HIGH, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, 256, 256}, @@ -3792,7 +3646,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { SSL_eNULL, SSL_GOST12_256, SSL_TLSV1, - SSL_NOT_EXP | SSL_STRONG_NONE, + SSL_STRONG_NONE, SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256, 0, 0}, @@ -3884,9 +3738,6 @@ void ssl3_free(SSL *s) ssl3_cleanup_key_block(s); -#ifndef OPENSSL_NO_RSA - RSA_free(s->s3->peer_rsa_tmp); -#endif #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); DH_free(s->s3->peer_dh_tmp); @@ -3923,11 +3774,6 @@ void ssl3_clear(SSL *s) OPENSSL_free(s->s3->tmp.peer_sigalgs); s->s3->tmp.peer_sigalgs = NULL; -#ifndef OPENSSL_NO_RSA - RSA_free(s->s3->peer_rsa_tmp); - s->s3->peer_rsa_tmp = NULL; -#endif - #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; @@ -4001,36 +3847,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_FLAGS: ret = (int)(s->s3->flags); break; -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_NEED_TMP_RSA: - if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && - ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > - (512 / 8)))) - ret = 1; - break; - case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa = (RSA *)parg; - if (rsa == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return (ret); - } - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); - return (ret); - } - RSA_free(s->cert->rsa_tmp); - s->cert->rsa_tmp = rsa; - ret = 1; - } - break; - case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (ret); - } -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { @@ -4320,17 +4136,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) else { EVP_PKEY *ptmp; int rv = 0; -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) - if (!s->s3->peer_rsa_tmp && !s->s3->peer_dh_tmp && !s->s3->peer_ecdh_tmp) +#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) + if (!s->s3->peer_dh_tmp && !s->s3->peer_ecdh_tmp) return 0; #endif ptmp = EVP_PKEY_new(); if (ptmp == NULL) return 0; -#ifndef OPENSSL_NO_RSA - else if (s->s3->peer_rsa_tmp) - rv = EVP_PKEY_set1_RSA(ptmp, s->s3->peer_rsa_tmp); -#endif #ifndef OPENSSL_NO_DH else if (s->s3->peer_dh_tmp) rv = EVP_PKEY_set1_DH(ptmp, s->s3->peer_dh_tmp); @@ -4396,13 +4208,6 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) int ret = 0; switch (cmd) { -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_SET_TMP_RSA_CB: - { - s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } - break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { @@ -4433,46 +4238,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) cert = ctx->cert; switch (cmd) { -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_NEED_TMP_RSA: - if ((cert->rsa_tmp == NULL) && - ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > - (512 / 8))) - ) - return (1); - else - return (0); - /* break; */ - case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa; - int i; - - rsa = (RSA *)parg; - i = 1; - if (rsa == NULL) - i = 0; - else { - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) - i = 0; - } - if (!i) { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB); - return (0); - } else { - RSA_free(cert->rsa_tmp); - cert->rsa_tmp = rsa; - return (1); - } - } - /* break; */ - case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return (0); - } -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: { @@ -4687,13 +4452,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) cert = ctx->cert; switch (cmd) { -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_SET_TMP_RSA_CB: - { - cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } - break; -#endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH_CB: { @@ -4783,7 +4541,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; int i, ii, ok; - unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; + unsigned long alg_k, alg_a, mask_k, mask_a; /* Let's see which ciphers we can support */ @@ -4836,14 +4594,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ssl_set_masks(s, c); mask_k = s->s3->tmp.mask_k; mask_a = s->s3->tmp.mask_a; - emask_k = s->s3->tmp.export_mask_k; - emask_a = s->s3->tmp.export_mask_a; #ifndef OPENSSL_NO_SRP if (s->srp_ctx.srp_Mask & SSL_kSRP) { mask_k |= SSL_kSRP; - emask_k |= SSL_kSRP; mask_a |= SSL_aSRP; - emask_a |= SSL_aSRP; } #endif @@ -4856,19 +4610,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, continue; #endif /* OPENSSL_NO_PSK */ - if (SSL_C_IS_EXPORT(c)) { - ok = (alg_k & emask_k) && (alg_a & emask_a); + ok = (alg_k & mask_k) && (alg_a & mask_a); #ifdef CIPHER_DEBUG - fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n", - ok, alg_k, alg_a, emask_k, emask_a, (void *)c, c->name); + fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, + alg_a, mask_k, mask_a, (void *)c, c->name); #endif - } else { - ok = (alg_k & mask_k) && (alg_a & mask_a); -#ifdef CIPHER_DEBUG - fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, - alg_a, mask_k, mask_a, (void *)c, c->name); -#endif - } # ifndef OPENSSL_NO_EC /* diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 0153b18..80dc409 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -195,14 +195,6 @@ CERT *ssl_cert_dup(CERT *cert) ret->references = 1; ret->key = &ret->pkeys[cert->key - cert->pkeys]; -#ifndef OPENSSL_NO_RSA - if (cert->rsa_tmp != NULL) { - RSA_up_ref(cert->rsa_tmp); - ret->rsa_tmp = cert->rsa_tmp; - } - ret->rsa_tmp_cb = cert->rsa_tmp_cb; -#endif - #ifndef OPENSSL_NO_DH if (cert->dh_tmp != NULL) { ret->dh_tmp = DHparams_dup(cert->dh_tmp); @@ -377,9 +369,6 @@ void ssl_cert_free(CERT *c) } #endif -#ifndef OPENSSL_NO_RSA - RSA_free(c->rsa_tmp); -#endif #ifndef OPENSSL_NO_DH DH_free(c->dh_tmp); #endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index d2139e1..69a0cc8 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -399,13 +399,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, "TLSv1.0", 0, 0, 0, 0, 0, SSL_TLSV1, 0, 0, 0, 0}, {0, SSL_TXT_TLSV1_2, 0, 0, 0, 0, 0, SSL_TLSV1_2, 0, 0, 0, 0}, - /* export flag */ - {0, SSL_TXT_EXP, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, - {0, SSL_TXT_EXPORT, 0, 0, 0, 0, 0, 0, SSL_EXPORT, 0, 0, 0}, - /* strength classes */ - {0, SSL_TXT_EXP40, 0, 0, 0, 0, 0, 0, SSL_EXP40, 0, 0, 0}, - {0, SSL_TXT_EXP56, 0, 0, 0, 0, 0, 0, SSL_EXP56, 0, 0, 0}, {0, SSL_TXT_LOW, 0, 0, 0, 0, 0, 0, SSL_LOW, 0, 0, 0}, {0, SSL_TXT_MEDIUM, 0, 0, 0, 0, 0, 0, SSL_MEDIUM, 0, 0, 0}, {0, SSL_TXT_HIGH, 0, 0, 0, 0, 0, 0, SSL_HIGH, 0, 0, 0}, @@ -413,24 +407,12 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_FIPS, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_FIPS, 0, 0, 0}, /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */ - {0, SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, 0, - SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_EXPORT | SSL_EXP40, - 0, 0, 0,}, - {0, SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, 0, - SSL_kDHE, SSL_aDSS, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP | SSL_LOW, - 0, 0, 0,}, {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 0, SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,}, - {0, SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, 0, - SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_EXPORT | SSL_EXP40, - 0, 0, 0,}, - {0, SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, 0, - SSL_kDHE, SSL_aRSA, SSL_DES, SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP | SSL_LOW, - 0, 0, 0,}, + SSL_HIGH | SSL_FIPS, 0, 0, 0,}, {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 0, SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,}, + SSL_HIGH | SSL_FIPS, 0, 0, 0,}, }; @@ -982,11 +964,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, continue; if (alg_ssl && !(alg_ssl & cp->algorithm_ssl)) continue; - if ((algo_strength & SSL_EXP_MASK) - && !(algo_strength & SSL_EXP_MASK & cp->algo_strength)) - continue; - if ((algo_strength & SSL_STRONG_MASK) - && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength)) + if (algo_strength && !(algo_strength & cp->algo_strength)) continue; if ((algo_strength & SSL_DEFAULT_MASK) && !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength)) @@ -1249,31 +1227,15 @@ static int ssl_cipher_process_rulestr(const char *rule_str, alg_mac = ca_list[j]->algorithm_mac; } - if (ca_list[j]->algo_strength & SSL_EXP_MASK) { - if (algo_strength & SSL_EXP_MASK) { - algo_strength &= - (ca_list[j]->algo_strength & SSL_EXP_MASK) | - ~SSL_EXP_MASK; - if (!(algo_strength & SSL_EXP_MASK)) { - found = 0; - break; - } - } else - algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK; - } - - if (ca_list[j]->algo_strength & SSL_STRONG_MASK) { - if (algo_strength & SSL_STRONG_MASK) { - algo_strength &= - (ca_list[j]->algo_strength & SSL_STRONG_MASK) | - ~SSL_STRONG_MASK; - if (!(algo_strength & SSL_STRONG_MASK)) { + if (ca_list[j]->algo_strength) { + if (algo_strength) { + algo_strength &= ca_list[j]->algo_strength; + if (!algo_strength) { found = 0; break; } } else - algo_strength |= - ca_list[j]->algo_strength & SSL_STRONG_MASK; + algo_strength = ca_list[j]->algo_strength; } if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) { @@ -1625,12 +1587,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) { - int is_export, pkl, kl; - const char *ver, *exp_str; + const char *ver; const char *kx, *au, *enc, *mac; uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; static const char *format = - "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; + "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n"; alg_mkey = cipher->algorithm_mkey; alg_auth = cipher->algorithm_auth; @@ -1638,11 +1599,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) alg_mac = cipher->algorithm_mac; alg_ssl = cipher->algorithm_ssl; - is_export = SSL_C_IS_EXPORT(cipher); - pkl = SSL_C_EXPORT_PKEYLENGTH(cipher); - kl = SSL_C_EXPORT_KEYLENGTH(cipher); - exp_str = is_export ? " export" : ""; - if (alg_ssl & SSL_SSLV3) ver = "SSLv3"; else if (alg_ssl & SSL_TLSV1) @@ -1654,7 +1610,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) switch (alg_mkey) { case SSL_kRSA: - kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA"; + kx = "RSA"; break; case SSL_kDHr: kx = "DH/RSA"; @@ -1663,7 +1619,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) kx = "DH/DSS"; break; case SSL_kDHE: - kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH"; + kx = "DH"; break; case SSL_kECDHr: kx = "ECDH/RSA"; @@ -1735,16 +1691,16 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) switch (alg_enc) { case SSL_DES: - enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)"; + enc = "DES(56)"; break; case SSL_3DES: enc = "3DES(168)"; break; case SSL_RC4: - enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)") : "RC4(128)"; + enc = "RC4(128)"; break; case SSL_RC2: - enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)"; + enc = "RC2(128)"; break; case SSL_IDEA: enc = "IDEA(128)"; @@ -1834,8 +1790,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) } else if (len < 128) return ("Buffer too small"); - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, - exp_str); + BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac); return (buf); } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 1ecb91b..b594028 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -517,8 +517,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "empty srtp protection profile list"}, {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, - {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), - "error generating tmp rsa key"}, {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"}, {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"}, @@ -559,10 +557,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_MISSING_ECDH_CERT), "missing ecdh cert"}, {ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT), "missing ecdsa signing cert"}, - {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), - "missing export tmp dh key"}, - {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), - "missing export tmp rsa key"}, {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"}, @@ -570,8 +564,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_MISSING_SRP_PARAM), "can't find SRP server param"}, {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"}, {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"}, - {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY), "missing tmp rsa key"}, - {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY), "missing tmp rsa pkey"}, {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"}, {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS), "multiple sgc restarts"}, {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"}, @@ -705,8 +697,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "tlsv1 alert decryption failed"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), - "tlsv1 alert export restriction"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), "tlsv1 alert inappropriate fallback"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ea2acce..d51c6b7 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2004,65 +2004,44 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) CERT_PKEY *cpk; CERT *c = s->cert; uint32_t *pvalid = s->s3->tmp.valid_flags; - int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; - int rsa_enc_export, dh_rsa_export, dh_dsa_export; - int rsa_tmp_export, dh_tmp_export, kl; - unsigned long mask_k, mask_a, emask_k, emask_a; + int rsa_enc, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; + unsigned long mask_k, mask_a; #ifndef OPENSSL_NO_EC - int have_ecc_cert, ecdsa_ok, ecc_pkey_size; + int have_ecc_cert, ecdsa_ok; int ecdh_ok; X509 *x = NULL; - EVP_PKEY *ecc_pkey = NULL; int pk_nid = 0, md_nid = 0; #endif if (c == NULL) return; - kl = SSL_C_EXPORT_PKEYLENGTH(cipher); - -#ifndef OPENSSL_NO_RSA - rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); - rsa_tmp_export = (c->rsa_tmp_cb != NULL || - (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl)); -#else - rsa_tmp = rsa_tmp_export = 0; -#endif #ifndef OPENSSL_NO_DH dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto); - dh_tmp_export = !c->dh_tmp_auto && (c->dh_tmp_cb != NULL || - (dh_tmp - && DH_size(c->dh_tmp) * 8 <= kl)); #else - dh_tmp = dh_tmp_export = 0; + dh_tmp = 0; #endif cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID; - rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN; cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN; cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID; - dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID; - dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_ECC]); #ifndef OPENSSL_NO_EC have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; #endif mask_k = 0; mask_a = 0; - emask_k = 0; - emask_a = 0; #ifdef CIPHER_DEBUG fprintf(stderr, - "rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", - rsa_tmp, rsa_tmp_export, dh_tmp, rsa_enc, - rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa); + "dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n", + dh_tmp, rsa_enc, rsa_sign, dsa_sign, dh_rsa, dh_dsa); #endif #ifndef OPENSSL_NO_GOST @@ -2083,42 +2062,30 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) } #endif - if (rsa_enc || (rsa_tmp && rsa_sign)) + if (rsa_enc) mask_k |= SSL_kRSA; - if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) - emask_k |= SSL_kRSA; - - if (dh_tmp_export) - emask_k |= SSL_kDHE; if (dh_tmp) mask_k |= SSL_kDHE; if (dh_rsa) mask_k |= SSL_kDHr; - if (dh_rsa_export) - emask_k |= SSL_kDHr; if (dh_dsa) mask_k |= SSL_kDHd; - if (dh_dsa_export) - emask_k |= SSL_kDHd; if (mask_k & (SSL_kDHr | SSL_kDHd)) mask_a |= SSL_aDH; if (rsa_enc || rsa_sign) { mask_a |= SSL_aRSA; - emask_a |= SSL_aRSA; } if (dsa_sign) { mask_a |= SSL_aDSS; - emask_a |= SSL_aDSS; } mask_a |= SSL_aNULL; - emask_a |= SSL_aNULL; /* * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites @@ -2134,47 +2101,32 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE; if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) ecdsa_ok = 0; - ecc_pkey = X509_get_pubkey(x); - ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0; - EVP_PKEY_free(ecc_pkey); OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid); if (ecdh_ok) { if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { mask_k |= SSL_kECDHr; mask_a |= SSL_aECDH; - if (ecc_pkey_size <= 163) { - emask_k |= SSL_kECDHr; - emask_a |= SSL_aECDH; - } } if (pk_nid == NID_X9_62_id_ecPublicKey) { mask_k |= SSL_kECDHe; mask_a |= SSL_aECDH; - if (ecc_pkey_size <= 163) { - emask_k |= SSL_kECDHe; - emask_a |= SSL_aECDH; - } } } if (ecdsa_ok) { mask_a |= SSL_aECDSA; - emask_a |= SSL_aECDSA; } } #endif #ifndef OPENSSL_NO_EC mask_k |= SSL_kECDHE; - emask_k |= SSL_kECDHE; #endif #ifndef OPENSSL_NO_PSK mask_k |= SSL_kPSK; mask_a |= SSL_aPSK; - emask_k |= SSL_kPSK; - emask_a |= SSL_aPSK; if (mask_k & SSL_kRSA) mask_k |= SSL_kRSAPSK; if (mask_k & SSL_kDHE) @@ -2185,8 +2137,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) s->s3->tmp.mask_k = mask_k; s->s3->tmp.mask_a = mask_a; - s->s3->tmp.export_mask_k = emask_k; - s->s3->tmp.export_mask_a = emask_a; } #ifndef OPENSSL_NO_EC @@ -2194,8 +2144,6 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) { unsigned long alg_k, alg_a; - EVP_PKEY *pkey = NULL; - int keysize = 0; int md_nid = 0, pk_nid = 0; const SSL_CIPHER *cs = s->s3->tmp.new_cipher; uint32_t ex_kusage = X509_get_key_usage(x); @@ -2203,17 +2151,6 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s) alg_k = cs->algorithm_mkey; alg_a = cs->algorithm_auth; - if (SSL_C_IS_EXPORT(cs)) { - /* ECDH key length in export ciphers must be <= 163 bits */ - pkey = X509_get_pubkey(x); - if (pkey == NULL) - return 0; - keysize = EVP_PKEY_bits(pkey); - EVP_PKEY_free(pkey); - if (keysize > 163) - return 0; - } - OBJ_find_sigid_algs(X509_get_signature_nid(x), &md_nid, &pk_nid); if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr) { @@ -3079,44 +3016,6 @@ int SSL_want(const SSL *s) } /** - * \brief Set the callback for generating temporary RSA keys. - * \param ctx the SSL context. - * \param cb the callback - */ - -#ifndef OPENSSL_NO_RSA -void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl, - int is_export, - int keylength)) -{ - SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); -} - -void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl, - int is_export, - int keylength)) -{ - SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb); -} -#endif - -#ifdef DOXYGEN -/** - * \brief The RSA temporary key callback function. - * \param ssl the SSL session. - * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. - * \param keylength if \c is_export is \c TRUE, then \c keylength is the size - * of the required key in bits. - * \return the temporary RSA key. - * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback - */ - -RSA *cb(SSL *ssl, int is_export, int keylength) -{ -} -#endif - -/** * \brief Set the callback for generating temporary DH keys. * \param ctx the SSL context. * \param dh the callback diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c1ae1c0..34091d3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -438,68 +438,16 @@ */ # define TLS1_STREAM_MAC 0x10000 -/* - * Export and cipher strength information. For each cipher we have to decide - * whether it is exportable or not. This information is likely to change - * over time, since the export control rules are no static technical issue. - * - * Independent of the export flag the cipher strength is sorted into classes. - * SSL_EXP40 was denoting the 40bit US export limit of past times, which now - * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change - * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, - * since SSL_EXP64 could be similar to SSL_LOW. - * For this reason SSL_MICRO and SSL_MINI macros are included to widen the - * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed - * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would - * be possible. - */ -# define SSL_EXP_MASK 0x00000003U -# define SSL_STRONG_MASK 0x000001fcU -# define SSL_DEFAULT_MASK 0X00000200U - -# define SSL_NOT_EXP 0x00000001U -# define SSL_EXPORT 0x00000002U - -# define SSL_STRONG_NONE 0x00000004U -# define SSL_EXP40 0x00000008U -# define SSL_MICRO (SSL_EXP40) -# define SSL_EXP56 0x00000010U -# define SSL_MINI (SSL_EXP56) -# define SSL_LOW 0x00000020U -# define SSL_MEDIUM 0x00000040U -# define SSL_HIGH 0x00000080U -# define SSL_FIPS 0x00000100U - -# define SSL_NOT_DEFAULT 0x00000200U +# define SSL_DEFAULT_MASK 0X00000020U -/* we have used 000003ff - 22 bits left to go */ +# define SSL_STRONG_NONE 0x00000001U +# define SSL_LOW 0x00000002U +# define SSL_MEDIUM 0x00000004U +# define SSL_HIGH 0x00000008U +# define SSL_FIPS 0x00000010U +# define SSL_NOT_DEFAULT 0x00000020U -/*- - * Macros to check the export status and cipher strength for export ciphers. - * Even though the macros for EXPORT and EXPORT40/56 have similar names, - * their meaning is different: - * *_EXPORT macros check the 'exportable' status. - * *_EXPORT40/56 macros are used to check whether a certain cipher strength - * is given. - * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct - * algorithm structure element to be passed (algorithms, algo_strength) and no - * typechecking can be done as they are all of type unsigned long, their - * direct usage is discouraged. - * Use the SSL_C_* macros instead. - */ -# define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) -# define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) -# define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) -# define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) -# define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) -# define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) - -# define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ - (a) == SSL_DES ? 8 : 7) -# define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) -# define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \ - (c)->algo_strength) -# define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) +/* we have used 0000003f - 26 bits left to go */ /* Check if an SSL structure is using DTLS */ # define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) @@ -550,8 +498,7 @@ # define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1 /*- - * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) | - * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN) + * SSL_kRSA <- RSA_ENC * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN * SSL_aRSA <- RSA_ENC | RSA_SIGN @@ -1300,7 +1247,6 @@ typedef struct ssl3_state_st { int ctype_num; char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; - int use_rsa_tmp; int key_block_length; unsigned char *key_block; const EVP_CIPHER *new_sym_enc; @@ -1349,8 +1295,6 @@ typedef struct ssl3_state_st { */ uint32_t mask_k; uint32_t mask_a; - uint32_t export_mask_k; - uint32_t export_mask_a; /* Client only */ uint32_t mask_ssl; } tmp; @@ -1392,9 +1336,6 @@ typedef struct ssl3_state_st { # endif /* !OPENSSL_NO_EC */ /* For clients: peer temporary key */ -# ifndef OPENSSL_NO_RSA - RSA *peer_rsa_tmp; -# endif # ifndef OPENSSL_NO_DH DH *peer_dh_tmp; # endif @@ -1559,10 +1500,6 @@ typedef struct cert_st { * an index, not a pointer. */ CERT_PKEY *key; -# ifndef OPENSSL_NO_RSA - RSA *rsa_tmp; - RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize); -# endif # ifndef OPENSSL_NO_DH DH *dh_tmp; DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index b49f498..9ac9921 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -211,30 +211,6 @@ static int key_exchange_expected(SSL *s) return 1; } - /* - * Export ciphersuites may have temporary RSA keys if the public key in the - * server certificate is longer than the maximum export strength - */ - if ((alg_k & SSL_kRSA) && SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { - EVP_PKEY *pkey; - - pkey = X509_get_pubkey(s->session->peer); - if (pkey == NULL) - return -1; - - /* - * If the public key in the certificate is shorter than or equal to the - * maximum export strength then a temporary RSA key is not allowed - */ - if (EVP_PKEY_bits(pkey) - <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) - return 0; - - EVP_PKEY_free(pkey); - - return 1; - } - return 0; } @@ -1622,10 +1598,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) save_param_start = *pkt; -#ifndef OPENSSL_NO_RSA - RSA_free(s->s3->peer_rsa_tmp); - s->s3->peer_rsa_tmp = NULL; -#endif #ifndef OPENSSL_NO_DH DH_free(s->s3->peer_dh_tmp); s->s3->peer_dh_tmp = NULL; @@ -1709,51 +1681,8 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) /* We must check if there is a certificate */ if (alg_a & (SSL_aRSA|SSL_aDSS)) pkey = X509_get_pubkey(s->session->peer); - } else -#endif /* !OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_RSA - if (alg_k & SSL_kRSA) { - PACKET mod, exp; - /* Temporary RSA keys only allowed in export ciphersuites */ - if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - - if (!PACKET_get_length_prefixed_2(pkt, &mod) - || !PACKET_get_length_prefixed_2(pkt, &exp)) { - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - - if ((rsa = RSA_new()) == NULL) { - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); - goto err; - } - - if ((rsa->n = BN_bin2bn(PACKET_data(&mod), PACKET_remaining(&mod), - rsa->n)) == NULL - || (rsa->e = BN_bin2bn(PACKET_data(&exp), PACKET_remaining(&exp), - rsa->e)) == NULL) { - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_BN_LIB); - goto err; - } - - /* this should be because we are using an export cipher */ - if (alg_a & SSL_aRSA) - pkey = X509_get_pubkey(s->session->peer); - else { - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; - } - - s->s3->peer_rsa_tmp = rsa; - rsa = NULL; } -#else /* OPENSSL_NO_RSA */ - if (0) ; -#endif +#endif /* !OPENSSL_NO_SRP */ #ifndef OPENSSL_NO_DH else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) { PACKET prime, generator, pub_key; @@ -1850,14 +1779,6 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) group = EC_KEY_get0_group(ecdh); - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && - (EC_GROUP_get_degree(group) > 163)) { - al = SSL_AD_EXPORT_RESTRICTION; - SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, - SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); - goto f_err; - } - /* Next, get the encoded ECPoint */ if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) || ((bn_ctx = BN_CTX_new()) == NULL)) { @@ -2445,20 +2366,16 @@ psk_err: goto err; } - if (s->s3->peer_rsa_tmp != NULL) - rsa = s->s3->peer_rsa_tmp; - else { - pkey = X509_get_pubkey(s->session->peer); - if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) - || (pkey->pkey.rsa == NULL)) { - SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - EVP_PKEY_free(pkey); - goto err; - } - rsa = pkey->pkey.rsa; + pkey = X509_get_pubkey(s->session->peer); + if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) + || (pkey->pkey.rsa == NULL)) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); EVP_PKEY_free(pkey); + goto err; } + rsa = pkey->pkey.rsa; + EVP_PKEY_free(pkey); pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; @@ -3178,10 +3095,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) int i, idx; long alg_k, alg_a; EVP_PKEY *pkey = NULL; - int pkey_bits; -#ifndef OPENSSL_NO_RSA - RSA *rsa; -#endif #ifndef OPENSSL_NO_DH DH *dh; #endif @@ -3193,9 +3106,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) /* we don't have a certificate */ if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK)) return (1); -#ifndef OPENSSL_NO_RSA - rsa = s->s3->peer_rsa_tmp; -#endif #ifndef OPENSSL_NO_DH dh = s->s3->peer_dh_tmp; #endif @@ -3222,7 +3132,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif pkey = X509_get_pubkey(s->session->peer); - pkey_bits = EVP_PKEY_bits(pkey); i = X509_certificate_type(s->session->peer, pkey); EVP_PKEY_free(pkey); @@ -3240,27 +3149,11 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_RSA - if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) { - if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && - !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; - } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { - if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { - if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; - } - if (rsa != NULL) { - /* server key exchange is not allowed. */ - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); - goto f_err; - } - } - } + if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && + !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; } #endif #ifndef OPENSSL_NO_DH @@ -3284,48 +3177,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) # endif #endif - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && - pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { -#ifndef OPENSSL_NO_RSA - if (alg_k & SSL_kRSA) { - if (rsa == NULL) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_EXPORT_TMP_RSA_KEY); - goto f_err; - } else if (RSA_bits(rsa) > - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { - /* We have a temporary RSA key but it's too large. */ - al = SSL_AD_EXPORT_RESTRICTION; - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_EXPORT_TMP_RSA_KEY); - goto f_err; - } - } else -#endif -#ifndef OPENSSL_NO_DH - if (alg_k & SSL_kDHE) { - if (DH_bits(dh) > - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { - /* We have a temporary DH key but it's too large. */ - al = SSL_AD_EXPORT_RESTRICTION; - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_EXPORT_TMP_DH_KEY); - goto f_err; - } - } else if (alg_k & (SSL_kDHr | SSL_kDHd)) { - /* The cert should have had an export DH key. */ - al = SSL_AD_EXPORT_RESTRICTION; - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_EXPORT_TMP_DH_KEY); - goto f_err; - } else -#endif - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; - } - } return (1); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index d4668b2..a39e288 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -315,7 +315,7 @@ static int send_server_key_exchange(SSL *s) unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; /* - * only send a ServerKeyExchange if DH, fortezza or RSA but we have a + * only send a ServerKeyExchange if DH or fortezza but we have a * sign only certificate PSK: may send PSK identity hints For * ECC ciphersuites, we send a serverKeyExchange message only if * the cipher suite is either ECDH-anon or ECDHE. In other cases, @@ -324,15 +324,6 @@ static int send_server_key_exchange(SSL *s) */ if ( (alg_k & SSL_kDHE) || (alg_k & SSL_kECDHE) - || ((alg_k & SSL_kRSA) - && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) - && EVP_PKEY_size(s->cert->pkeys - [SSL_PKEY_RSA_ENC].privatekey) * - 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) - ) - ) - ) /* * PSK: send ServerKeyExchange if PSK identity hint if * provided @@ -1723,9 +1714,6 @@ int tls_construct_server_done(SSL *s) int tls_construct_server_key_exchange(SSL *s) { -#ifndef OPENSSL_NO_RSA - RSA *rsa; -#endif #ifndef OPENSSL_NO_DH DH *dh = NULL, *dhp; #endif @@ -1769,35 +1757,6 @@ int tls_construct_server_key_exchange(SSL *s) if (type & (SSL_kPSK | SSL_kRSAPSK)) { } else #endif /* !OPENSSL_NO_PSK */ -#ifndef OPENSSL_NO_RSA - if (type & SSL_kRSA) { - rsa = cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) { - rsa = s->cert->rsa_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3-> - tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3-> - tmp.new_cipher)); - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp = rsa; - } - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0] = rsa->n; - r[1] = rsa->e; - s->s3->tmp.use_rsa_tmp = 1; - } else -#endif #ifndef OPENSSL_NO_DH if (type & (SSL_kDHE | SSL_kDHEPSK)) { if (s->cert->dh_tmp_auto) { @@ -1811,11 +1770,7 @@ int tls_construct_server_key_exchange(SSL *s) } else dhp = cert->dh_tmp; if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) - dhp = s->cert->dh_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3-> - tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3-> - tmp.new_cipher)); + dhp = s->cert->dh_tmp_cb(s, 0, 1024); if (dhp == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, @@ -1903,13 +1858,6 @@ int tls_construct_server_key_exchange(SSL *s) goto err; } - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && - (EC_GROUP_get_degree(group) > 163)) { - SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER); - goto err; - } - /* * XXX: For now, we only support ephemeral ECDH keys over named * (not generic) curves. For supported named curves, curve_id is @@ -2316,30 +2264,15 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) size_t j; /* FIX THIS UP EAY EAY EAY EAY */ - if (s->s3->tmp.use_rsa_tmp) { - if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL)) - rsa = s->cert->rsa_tmp; - /* - * Don't do a callback because rsa_tmp should be sent already - */ - if (rsa == NULL) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_TMP_RSA_PKEY); - goto f_err; - - } - } else { - pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; - if ((pkey == NULL) || - (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_MISSING_RSA_CERTIFICATE); - goto f_err; - } - rsa = pkey->pkey.rsa; + pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; + if ((pkey == NULL) || + (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, + SSL_R_MISSING_RSA_CERTIFICATE); + goto f_err; } + rsa = pkey->pkey.rsa; /* SSLv3 and pre-standard DTLS omit the length bytes. */ if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) { diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index ae1d36c..ccf933e 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -294,15 +294,12 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, int tls1_change_cipher_state(SSL *s, int which) { - static const unsigned char empty[] = ""; unsigned char *p, *mac_secret; - unsigned char *exp_label; unsigned char tmp1[EVP_MAX_KEY_LENGTH]; unsigned char tmp2[EVP_MAX_KEY_LENGTH]; unsigned char iv1[EVP_MAX_IV_LENGTH * 2]; unsigned char iv2[EVP_MAX_IV_LENGTH * 2]; unsigned char *ms, *key, *iv; - int client_write; EVP_CIPHER_CTX *dd; const EVP_CIPHER *c; #ifndef OPENSSL_NO_COMP @@ -313,10 +310,9 @@ int tls1_change_cipher_state(SSL *s, int which) int *mac_secret_size; EVP_MD_CTX *mac_ctx; EVP_PKEY *mac_key; - int is_export, n, i, j, k, exp_label_len, cl; + int n, i, j, k, cl; int reuse_dd = 0; - is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); c = s->s3->tmp.new_sym_enc; m = s->s3->tmp.new_hash; mac_type = s->s3->tmp.new_mac_pkey_type; @@ -413,8 +409,7 @@ int tls1_change_cipher_state(SSL *s, int which) i = *mac_secret_size = s->s3->tmp.new_mac_secret_size; cl = EVP_CIPHER_key_length(c); - j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? - cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; + j = cl; /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ /* If GCM/CCM mode only part of IV comes from PRF */ if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) @@ -431,9 +426,6 @@ int tls1_change_cipher_state(SSL *s, int which) n += j + j; iv = &(p[n]); n += k + k; - exp_label = (unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST; - exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE; - client_write = 1; } else { n = i; ms = &(p[n]); @@ -442,9 +434,6 @@ int tls1_change_cipher_state(SSL *s, int which) n += j + k; iv = &(p[n]); n += k; - exp_label = (unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST; - exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE; - client_write = 0; } if (n > s->s3->tmp.key_block_length) { @@ -473,33 +462,6 @@ int tls1_change_cipher_state(SSL *s, int which) printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n'); } #endif - if (is_export) { - /* - * In here I set both the read and write key/iv to the same value - * since only the correct one will be used :-). - */ - if (!tls1_PRF(s, - exp_label, exp_label_len, - s->s3->client_random, SSL3_RANDOM_SIZE, - s->s3->server_random, SSL3_RANDOM_SIZE, - NULL, 0, NULL, 0, - key, j, tmp1, tmp2, EVP_CIPHER_key_length(c))) - goto err2; - key = tmp1; - - if (k > 0) { - if (!tls1_PRF(s, - TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE, - s->s3->client_random, SSL3_RANDOM_SIZE, - s->s3->server_random, SSL3_RANDOM_SIZE, - NULL, 0, NULL, 0, empty, 0, iv1, iv2, k * 2)) - goto err2; - if (client_write) - iv = iv1; - else - iv = &(iv1[k]); - } - } if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) diff --git a/test/ssltest.c b/test/ssltest.c index 68d48d1..0912392 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -212,10 +212,6 @@ #define COMP_ZLIB 1 static int verify_callback(int ok, X509_STORE_CTX *ctx); -#ifndef OPENSSL_NO_RSA -static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); -static void free_tmp_rsa(void); -#endif static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); #define APP_CALLBACK_STRING "Test Callback Argument" struct app_verify_arg { @@ -1483,10 +1479,6 @@ int main(int argc, char *argv[]) (void)no_ecdhe; #endif -#ifndef OPENSSL_NO_RSA - SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); -#endif - if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || (!SSL_CTX_set_default_verify_paths(s_ctx)) || (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || @@ -1716,9 +1708,6 @@ int main(int argc, char *argv[]) BIO_free(bio_stdout); -#ifndef OPENSSL_NO_RSA - free_tmp_rsa(); -#endif #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif @@ -2834,39 +2823,6 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) return (ok); } -#ifndef OPENSSL_NO_RSA -static RSA *rsa_tmp = NULL; - -static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) -{ - BIGNUM *bn = NULL; - if (rsa_tmp == NULL) { - bn = BN_new(); - rsa_tmp = RSA_new(); - if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) { - BIO_printf(bio_err, "Memory error..."); - goto end; - } - printf("Generating temp (%d bit) RSA key...", keylength); - if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) { - BIO_printf(bio_err, "Error generating key."); - RSA_free(rsa_tmp); - rsa_tmp = NULL; - } - end: - printf("\n"); - } - BN_free(bn); - return (rsa_tmp); -} - -static void free_tmp_rsa(void) -{ - RSA_free(rsa_tmp); - rsa_tmp = NULL; -} -#endif - #ifndef OPENSSL_NO_DH /*- * These DH parameters have been generated as follows: diff --git a/util/ssleay.num b/util/ssleay.num index 1d23afb..59a368a 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -157,7 +157,7 @@ BIO_new_ssl_connect 174 EXIST::FUNCTION: SSL_get_ex_data_X509_STORE_CTX_idx 175 EXIST:!VMS:FUNCTION: SSL_get_ex_d_X509_STORE_CTX_idx 175 EXIST:VMS:FUNCTION: SSL_CTX_set_tmp_dh_callback 176 EXIST::FUNCTION:DH -SSL_CTX_set_tmp_rsa_callback 177 EXIST::FUNCTION:RSA +SSL_CTX_set_tmp_rsa_callback 177 NOEXIST::FUNCTION: SSL_CTX_set_timeout 178 EXIST::FUNCTION: SSL_CTX_get_timeout 179 EXIST::FUNCTION: SSL_CTX_get_cert_store 180 EXIST::FUNCTION: @@ -167,7 +167,7 @@ SSL_library_init 183 EXIST::FUNCTION: SSL_COMP_add_compression_method 184 EXIST::FUNCTION: SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION: SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION: -SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA +SSL_set_tmp_rsa_callback 186 NOEXIST::FUNCTION: SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION: SSL_add_dir_cert_subjs_to_stk 188 EXIST:VMS:FUNCTION: From builds at travis-ci.org Sat Dec 5 17:29:17 2015 From: builds at travis-ci.org (Travis CI) Date: Sat, 05 Dec 2015 17:29:17 +0000 Subject: [openssl-commits] Broken: openssl/openssl#788 (master - 361a119) In-Reply-To: Message-ID: <56631eeda44_33fb8ad66f8001046a3@dd3140f3-adb6-4ba3-8707-7f676be5cf69.mail> Build Update for openssl/openssl ------------------------------------- Build: #788 Status: Broken Duration: 37 minutes and 12 seconds Commit: 361a119 (master) Author: Kurt Roeckx Message: Remove support for all 40 and 56 bit ciphers. Reviewed-by: Rich Salz MR: #364 View the changeset: https://github.com/openssl/openssl/compare/fe6ef2472db9...361a1191279d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95076274 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From viktor at openssl.org Sun Dec 6 17:50:05 2015 From: viktor at openssl.org (Viktor Dukhovni) Date: Sun, 06 Dec 2015 17:50:05 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449424205.874508.16683.nullmailer@dev.openssl.org> The branch master has been updated via 1c735804a2c7e9ad6321794998a2b36a4dd9824b (commit) from 361a1191279d5a801fa6cfe22d51ef17d6ab38ea (commit) - Log ----------------------------------------------------------------- commit 1c735804a2c7e9ad6321794998a2b36a4dd9824b Author: Viktor Dukhovni Date: Sun Dec 6 00:35:06 2015 -0500 Really disable 56-bit (single-DES) ciphers Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: doc/apps/ciphers.pod | 17 ++-------- ssl/s3_lib.c | 96 ---------------------------------------------------- 2 files changed, 3 insertions(+), 110 deletions(-) diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 8db0ea5..43bfd94 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -165,8 +165,9 @@ encryption. =item B -"low" encryption cipher suites, currently those using 64 or 56 bit encryption -algorithms but excluding export cipher suites. +"low" encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. All these +ciphersuites have been removed as of OpenSSL 1.1.0. =item B, B @@ -378,20 +379,14 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 SSL_RSA_WITH_RC4_128_SHA RC4-SHA SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - SSL_DH_DSS_WITH_DES_CBC_SHA DH-DSS-DES-CBC-SHA SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA - SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA - SSL_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - SSL_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. @@ -405,20 +400,14 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 TLS_RSA_WITH_RC4_128_SHA RC4-SHA TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DHE_DSS_WITH_DES_CBC_SHA DHE-DSS-CBC-SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - TLS_DHE_RSA_WITH_DES_CBC_SHA DHE-RSA-DES-CBC-SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA =head2 AES ciphersuites from RFC3268, extending TLS v1.0 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 24cf5f0..03d0320 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -245,22 +245,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { }, #endif -/* Cipher 09 */ - { - 1, - SSL3_TXT_RSA_DES_64_CBC_SHA, - SSL3_CK_RSA_DES_64_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - /* Cipher 0A */ { 1, @@ -277,22 +261,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 168, }, -/* Cipher 0C */ - { - 1, - SSL3_TXT_DH_DSS_DES_64_CBC_SHA, - SSL3_CK_DH_DSS_DES_64_CBC_SHA, - SSL_kDHd, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - /* Cipher 0D */ { 1, @@ -309,22 +277,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 168, }, -/* Cipher 0F */ - { - 1, - SSL3_TXT_DH_RSA_DES_64_CBC_SHA, - SSL3_CK_DH_RSA_DES_64_CBC_SHA, - SSL_kDHr, - SSL_aDH, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - /* Cipher 10 */ { 1, @@ -341,22 +293,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 168, }, -/* Cipher 12 */ - { - 1, - SSL3_TXT_DHE_DSS_DES_64_CBC_SHA, - SSL3_CK_DHE_DSS_DES_64_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - /* Cipher 13 */ { 1, @@ -373,22 +309,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 168, }, -/* Cipher 15 */ - { - 1, - SSL3_TXT_DHE_RSA_DES_64_CBC_SHA, - SSL3_CK_DHE_RSA_DES_64_CBC_SHA, - SSL_kDHE, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - /* Cipher 16 */ { 1, @@ -421,22 +341,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 128, }, -/* Cipher 1A */ - { - 1, - SSL3_TXT_ADH_DES_64_CBC_SHA, - SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kDHE, - SSL_aNULL, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_DEFAULT | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - /* Cipher 1B */ { 1, From builds at travis-ci.org Sun Dec 6 18:28:14 2015 From: builds at travis-ci.org (Travis CI) Date: Sun, 06 Dec 2015 18:28:14 +0000 Subject: [openssl-commits] Fixed: openssl/openssl#789 (master - 1c73580) In-Reply-To: Message-ID: <56647e3d6e463_33f9369e2791c354945@87f7e15e-95dd-404c-949f-08046aa442b6.mail> Build Update for openssl/openssl ------------------------------------- Build: #789 Status: Fixed Duration: 37 minutes and 36 seconds Commit: 1c73580 (master) Author: Viktor Dukhovni Message: Really disable 56-bit (single-DES) ciphers Reviewed-by: Kurt Roeckx View the changeset: https://github.com/openssl/openssl/compare/361a1191279d...1c735804a2c7 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95208480 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From viktor at openssl.org Mon Dec 7 03:23:13 2015 From: viktor at openssl.org (Viktor Dukhovni) Date: Mon, 07 Dec 2015 03:23:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449458593.599503.23888.nullmailer@dev.openssl.org> The branch master has been updated via d231a4010bfa4032dc24a74c6cd3073e252864c4 (commit) from 1c735804a2c7e9ad6321794998a2b36a4dd9824b (commit) - Log ----------------------------------------------------------------- commit d231a4010bfa4032dc24a74c6cd3073e252864c4 Author: Viktor Dukhovni Date: Sun Dec 6 22:17:15 2015 -0500 Fix typo and improve a bit of text Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/apps/pkeyutl.pod | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod index b437635..a7b75e6 100644 --- a/doc/apps/pkeyutl.pod +++ b/doc/apps/pkeyutl.pod @@ -140,13 +140,14 @@ EVP_get_digestbyname() function for example B. =head1 RSA ALGORITHM -The RSA algorithm supports encrypt, decrypt, sign, verify and verifyrecover -operations in general. Some padding modes only support some of these -operations however. +The RSA algorithm generally supports the encrypt, decrypt, sign, +verify and verifyrecover operations. However, some padding modes +support only a subset of these operations. The following additional +B values are supported: =over 4 -=item -B +=item B This sets the RSA padding mode. Acceptable values for B are B for PKCS#1 padding, B for SSLv23 padding, B for no padding, B From appro at openssl.org Mon Dec 7 11:07:38 2015 From: appro at openssl.org (Andy Polyakov) Date: Mon, 07 Dec 2015 11:07:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449486458.615956.28761.nullmailer@dev.openssl.org> The branch master has been updated via a285992763f3961f69a8d86bf7dfff020a08cef9 (commit) from d231a4010bfa4032dc24a74c6cd3073e252864c4 (commit) - Log ----------------------------------------------------------------- commit a285992763f3961f69a8d86bf7dfff020a08cef9 Author: Andy Polyakov Date: Sun Dec 6 22:02:39 2015 +0100 ARMv4 assembly pack: allow Thumb2 even in iOS build, and engage it in most modules. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aes-armv4.pl | 1 + crypto/aes/asm/bsaes-armv7.pl | 1 + crypto/bn/asm/armv4-gf2m.pl | 2 +- crypto/bn/asm/armv4-mont.pl | 2 +- crypto/ec/asm/ecp_nistz256-armv4.pl | 2 +- crypto/modes/asm/ghash-armv4.pl | 2 +- crypto/perlasm/arm-xlate.pl | 6 ++++++ crypto/sha/asm/sha1-armv4-large.pl | 10 +++++----- crypto/sha/asm/sha256-armv4.pl | 4 ++-- crypto/sha/asm/sha512-armv4.pl | 2 +- 10 files changed, 20 insertions(+), 12 deletions(-) diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl index c3d166f..fbe4597 100644 --- a/crypto/aes/asm/aes-armv4.pl +++ b/crypto/aes/asm/aes-armv4.pl @@ -75,6 +75,7 @@ $code=<<___; .thumb #else .code 32 +#undef __thumb2__ #endif .type AES_Te,%object diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl index f9293d5..03b8d82 100644 --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl @@ -731,6 +731,7 @@ $code.=<<___; .thumb #else .code 32 +# undef __thumb2__ #endif .type _bsaes_decrypt8,%function diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index 227581e..22aa483 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -51,7 +51,7 @@ $code=<<___; #include "arm_arch.h" .text -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) .syntax unified .thumb #else diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 48e5230..7017ad5 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -91,7 +91,7 @@ $code=<<___; #include "arm_arch.h" .text -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) .syntax unified .thumb #else diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl index aeeb190..3a636ea 100755 --- a/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -45,7 +45,7 @@ $code.=<<___; #include "arm_arch.h" .text -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) .syntax unified .thumb #else diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 245ac92..0d5b8ef 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -136,7 +136,7 @@ $code=<<___; #include "arm_arch.h" .text -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) .syntax unified .thumb #else diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl index 81ceb31..ecd3198 100755 --- a/crypto/perlasm/arm-xlate.pl +++ b/crypto/perlasm/arm-xlate.pl @@ -66,6 +66,12 @@ my $extern = sub { }; my $type = sub { if ($flavour =~ /linux/) { ".type\t".join(',', at _); } + elsif ($flavour =~ /ios32/) { if (join(',', at _) =~ /(\w+),%function/) { + "#ifdef __thumb2__\n". + ".thumb_func $1\n". + "#endif"; + } + } else { ""; } }; my $size = sub { diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 9d34e04..e1bb92b 100644 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -181,7 +181,7 @@ $code=<<___; #include "arm_arch.h" .text -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) .syntax unified .thumb #else @@ -222,7 +222,7 @@ for($i=0;$i<5;$i++) { &BODY_00_15(@V); unshift(@V,pop(@V)); } $code.=<<___; -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) mov $t3,sp teq $Xi,$t3 #else @@ -246,7 +246,7 @@ for($i=0;$i<5;$i++) { &BODY_20_39(@V); unshift(@V,pop(@V)); } $code.=<<___; -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) mov $t3,sp teq $Xi,$t3 #else @@ -263,7 +263,7 @@ for($i=0;$i<5;$i++) { &BODY_40_59(@V); unshift(@V,pop(@V)); } $code.=<<___; -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) mov $t3,sp teq $Xi,$t3 #else @@ -610,7 +610,7 @@ my ($W0,$W1,$ABCD_SAVE)=map("q$_",(12..14)); $code.=<<___; #if __ARM_MAX_ARCH__>=7 -# if defined(__thumb2__) && !defined(__APPLE__) +# if defined(__thumb2__) # define INST(a,b,c,d) .byte c,d|0xf,a,b # else # define INST(a,b,c,d) .byte a,b,c,d|0x10 diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index c65073b..b6b39dc 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -175,7 +175,7 @@ $code=<<___; #endif .text -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) .syntax unified .thumb # define adrl adr @@ -595,7 +595,7 @@ my $Ktbl="r3"; $code.=<<___; #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -# if defined(__thumb2__) && !defined(__APPLE__) +# if defined(__thumb2__) # define INST(a,b,c,d) .byte c,d|0xc,a,b # else # define INST(a,b,c,d) .byte a,b,c,d diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index a83d677..56bb9fd 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -212,7 +212,7 @@ $code=<<___; #endif .text -#if defined(__thumb2__) && !defined(__APPLE__) +#if defined(__thumb2__) .syntax unified .thumb # define adrl adr From steve at openssl.org Mon Dec 7 14:31:13 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 07 Dec 2015 14:31:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449498673.640846.10106.nullmailer@dev.openssl.org> The branch master has been updated via 5fa30720e481e62d14c113f502db1a76cf5dd221 (commit) from a285992763f3961f69a8d86bf7dfff020a08cef9 (commit) - Log ----------------------------------------------------------------- commit 5fa30720e481e62d14c113f502db1a76cf5dd221 Author: Dr. Stephen Henson Date: Thu Dec 3 22:57:25 2015 +0000 Fix and update versions in CHANGES and NEWS Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- NEWS | 16 +++++++++++++++- 2 files changed, 74 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 56092dc..db3f638 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + Changes between 1.0.2e and 1.1.0 [xx XXX xxxx] *) Remove support for all 40 and 56 bit ciphers. This includes all the export ciphers who are no longer supported and drops support the ephemeral RSA key @@ -558,6 +558,64 @@ whose return value is often ignored. [Steve Henson] + Changes between 1.0.2d and 1.0.2e [3 Dec 2015] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. + + This issue was reported to OpenSSL by Hanno B?ck. + (CVE-2015-3193) + [Andy Polyakov] + + *) Certificate verify crash with missing PSS parameter + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and absent mask generation function parameter. Since these + routines are used to verify certificate signature algorithms this can be + used to crash any certificate verification operation and exploited in a + DoS attack. Any application which performs certificate verification is + vulnerable including OpenSSL clients and servers which enable client + authentication. + + This issue was reported to OpenSSL by Lo?c Jonas Etienne (Qnective AG). + (CVE-2015-3194) + [Stephen Henson] + + *) X509_ATTRIBUTE memory leak + + When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak + memory. This structure is used by the PKCS#7 and CMS routines so any + application which reads PKCS#7 or CMS data from untrusted sources is + affected. SSL/TLS is not affected. + + This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using + libFuzzer. + (CVE-2015-3195) + [Stephen Henson] + + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. + This changes the decoding behaviour for some invalid messages, + though the change is mostly in the more lenient direction, and + legacy behaviour is preserved as much as possible. + [Emilia K?sper] + + *) In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + [Rich Salz and Ismo Puustinen ] + Changes between 1.0.2c and 1.0.2d [9 Jul 2015] *) Alternate chains certificate forgery diff --git a/NEWS b/NEWS index e51526e..c5cb71b 100644 --- a/NEWS +++ b/NEWS @@ -5,9 +5,23 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [under development] + Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [under development] + + o + + Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] + + o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) + o Certificate verify crash with missing PSS parameter (CVE-2015-3194) + o X509_ATTRIBUTE memory leak (CVE-2015-3195) + o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs + o In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + + Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015] o Alternate chains certificate forgery (CVE-2015-1793) + o Race condition handling PSK identify hint (CVE-2015-3196) Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015] From levitte at openssl.org Mon Dec 7 15:12:40 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 15:12:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449501160.141751.20149.nullmailer@dev.openssl.org> The branch master has been updated via 451a5bdf0386d7acf091c3e3b39107e5ed8be25d (commit) via 475fc3d8729190fd12b4ff23d6ec488439fb78f9 (commit) via 4a544810f08539f1549eea9be36bd878c67c8e26 (commit) from 5fa30720e481e62d14c113f502db1a76cf5dd221 (commit) - Log ----------------------------------------------------------------- commit 451a5bdf0386d7acf091c3e3b39107e5ed8be25d Author: Richard Levitte Date: Mon Dec 7 15:56:27 2015 +0100 Do not add symlinks in the source release Reviewed-by: Rich Salz commit 475fc3d8729190fd12b4ff23d6ec488439fb78f9 Author: Richard Levitte Date: Mon Dec 7 15:47:43 2015 +0100 In travis, build from a "source release" rather than from the build tree Reviewed-by: Rich Salz commit 4a544810f08539f1549eea9be36bd878c67c8e26 Author: Richard Levitte Date: Mon Dec 7 15:45:50 2015 +0100 Small changes to creating dists Make TARFILE include ../ instead of having that hard coded all over the place. When transforming file names in TAR_COMMAND, use $(NAME) instead of openssl-$(VERSION) Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: .travis.yml | 6 ++++++ Makefile.org | 36 ++++++++++++++++-------------------- 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/.travis.yml b/.travis.yml index f431989..61f7c4a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -68,6 +68,9 @@ matrix: env: CONFIG_OPTS="--debug --strict-warnings" before_script: + - make -f Makefile.org TARFILE=_srcdist.tar NAME=_srcdist dist + - tar -xvzf _srcdist.tar.gz + - cd _srcdist - if [ "$CC" == i686-w64-mingw32-gcc ]; then export CROSS_COMPILE=${CC%%gcc}; unset CC; ./Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format; @@ -77,13 +80,16 @@ before_script: else ./config $CONFIG_OPTS; fi + - cd .. script: + - cd _srcdist - make - if [ -n "$CROSS_COMPILE" ]; then export EXE_SHELL="wine" WINEPREFIX=`pwd`; fi - make test + - cd .. notifications: email: diff --git a/Makefile.org b/Makefile.org index 4ad6bf6..0ecb897 100644 --- a/Makefile.org +++ b/Makefile.org @@ -172,8 +172,7 @@ SHARED_LDFLAGS= GENERAL= Makefile BASENAME= openssl NAME= $(BASENAME)-$(VERSION) -TARFILE= $(NAME).tar -WTARFILE= $(NAME)-win.tar +TARFILE= ../$(NAME).tar HEADER= e_os.h # Directories created on install if they don't exist. @@ -493,38 +492,35 @@ TABLE: Configure Configurations/*.conf # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ --owner openssl:0 --group openssl:0 \ - --transform 's|^|openssl-$(VERSION)/|' \ + --transform 's|^|$(NAME)/|' \ -cvf - -../$(TARFILE).list: +$(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \! -name '*test' \! -name '.#*' \! -name '*~' \ - | sort > ../$(TARFILE).list + \! -name '*test' \! -name '.#*' \! -name '*~' \! -xtype l \ + | sort > $(TARFILE).list -tar: ../$(TARFILE).list +tar: $(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE).gz + $(TAR_COMMAND) | gzip --best > $(TARFILE).gz + rm -f $(TARFILE).list + ls -l $(TARFILE).gz -tar-snap: ../$(TARFILE).list - $(TAR_COMMAND) > ../$(TARFILE) - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE) +tar-snap: $(TARFILE).list + $(TAR_COMMAND) > $(TARFILE) + rm -f $(TARFILE).list + ls -l $(TARFILE) dist: $(PERL) Configure dist - @$(MAKE) dist_pem_h @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar - -dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' \ + TARFILE='$(TARFILE)' NAME='$(NAME)' tar install: all install_docs install_sw From levitte at openssl.org Mon Dec 7 15:22:04 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 15:22:04 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1449501724.841717.21889.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8e18babd1b140532b70774ba37fde336a8d0f1fe (commit) via b12fd50626bccf2db2bb3673dcf5fdc2294f499c (commit) via e40d6bf00ae0ab9fa2e20a3a11d5556e3c8e58ad (commit) from 8a27243c7bca665cf940acd66ee9bf578ee8e8a9 (commit) - Log ----------------------------------------------------------------- commit 8e18babd1b140532b70774ba37fde336a8d0f1fe Author: Richard Levitte Date: Mon Dec 7 15:56:27 2015 +0100 Do not add symlinks in the source release Reviewed-by: Rich Salz (cherry picked from commit 451a5bdf0386d7acf091c3e3b39107e5ed8be25d) commit b12fd50626bccf2db2bb3673dcf5fdc2294f499c Author: Richard Levitte Date: Mon Dec 7 15:47:43 2015 +0100 In travis, build from a "source release" rather than from the build tree Reviewed-by: Rich Salz (cherry picked from commit 475fc3d8729190fd12b4ff23d6ec488439fb78f9) commit e40d6bf00ae0ab9fa2e20a3a11d5556e3c8e58ad Author: Richard Levitte Date: Mon Dec 7 15:45:50 2015 +0100 Small changes to creating dists Make TARFILE include ../ instead of having that hard coded all over the place. When transforming file names in TAR_COMMAND, use $(NAME) instead of openssl-$(VERSION) Reviewed-by: Rich Salz (cherry picked from commit 4a544810f08539f1549eea9be36bd878c67c8e26) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 6 ++++++ Makefile.org | 36 ++++++++++++++++-------------------- 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/.travis.yml b/.travis.yml index b88eb3a..6a2d745 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,6 +32,9 @@ matrix: env: CONFIG_OPTS="-d --strict-warnings" before_script: + - make -f Makefile.org TARFILE=_srcdist.tar NAME=_srcdist dist + - tar -xvzf _srcdist.tar.gz + - cd _srcdist - if [ "$CC" == i686-w64-mingw32-gcc ]; then export CROSS_COMPILE=${CC%%gcc}; unset CC; ./Configure mingw $CONFIG_OPTS; @@ -44,10 +47,13 @@ before_script: fi; ./config $CONFIG_OPTS; fi + - cd .. script: + - cd _srcdist - make - if [ -z "$CROSS_COMPILE" ]; then make test; fi + - cd .. notifications: email: diff --git a/Makefile.org b/Makefile.org index 0333644..acc86ef 100644 --- a/Makefile.org +++ b/Makefile.org @@ -180,8 +180,7 @@ SHARED_LDFLAGS= GENERAL= Makefile BASENAME= openssl NAME= $(BASENAME)-$(VERSION) -TARFILE= $(NAME).tar -WTARFILE= $(NAME)-win.tar +TARFILE= ../$(NAME).tar EXHEADER= e_os2.h HEADER= e_os.h @@ -499,38 +498,35 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ --owner openssl:0 --group openssl:0 \ - --transform 's|^|openssl-$(VERSION)/|' \ + --transform 's|^|$(NAME)/|' \ -cvf - -../$(TARFILE).list: +$(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \! -name '*test' \! -name '.#*' \! -name '*~' \ - | sort > ../$(TARFILE).list + \! -name '*test' \! -name '.#*' \! -name '*~' \! -xtype l \ + | sort > $(TARFILE).list -tar: ../$(TARFILE).list +tar: $(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE).gz + $(TAR_COMMAND) | gzip --best > $(TARFILE).gz + rm -f $(TARFILE).list + ls -l $(TARFILE).gz -tar-snap: ../$(TARFILE).list - $(TAR_COMMAND) > ../$(TARFILE) - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE) +tar-snap: $(TARFILE).list + $(TAR_COMMAND) > $(TARFILE) + rm -f $(TARFILE).list + ls -l $(TARFILE) dist: $(PERL) Configure dist - @$(MAKE) dist_pem_h @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar - -dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' \ + TARFILE='$(TARFILE)' NAME='$(NAME)' tar install: all install_docs install_sw From levitte at openssl.org Mon Dec 7 15:25:22 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 15:25:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1449501922.405963.22474.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 641365436e363550486f74a3fe723b281c9ff81c (commit) via 1e8a87295e4e7f753cff47f9728487b74c4b932b (commit) via 3b92a6fe4f2a8f260c166fc330b3f1e85f31b351 (commit) from d82626caec9cb3f8da346125434f17eb180d4ef1 (commit) - Log ----------------------------------------------------------------- commit 641365436e363550486f74a3fe723b281c9ff81c Author: Richard Levitte Date: Mon Dec 7 15:56:27 2015 +0100 Do not add symlinks in the source release Reviewed-by: Rich Salz (cherry picked from commit 451a5bdf0386d7acf091c3e3b39107e5ed8be25d) commit 1e8a87295e4e7f753cff47f9728487b74c4b932b Author: Richard Levitte Date: Mon Dec 7 15:47:43 2015 +0100 In travis, build from a "source release" rather than from the build tree Reviewed-by: Rich Salz (cherry picked from commit 475fc3d8729190fd12b4ff23d6ec488439fb78f9) commit 3b92a6fe4f2a8f260c166fc330b3f1e85f31b351 Author: Richard Levitte Date: Mon Dec 7 15:45:50 2015 +0100 Small changes to creating dists Make TARFILE include ../ instead of having that hard coded all over the place. When transforming file names in TAR_COMMAND, use $(NAME) instead of openssl-$(VERSION) Reviewed-by: Rich Salz (cherry picked from commit 4a544810f08539f1549eea9be36bd878c67c8e26) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 6 ++++++ Makefile.org | 34 +++++++++++++++------------------- 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/.travis.yml b/.travis.yml index 397ac1d..288a3f1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,6 +32,9 @@ matrix: env: CONFIG_OPTS="-d --strict-warnings" before_script: + - make -f Makefile.org TARFILE=_srcdist.tar NAME=_srcdist dist + - tar -xvzf _srcdist.tar.gz + - cd _srcdist - if [ "$CC" == i686-w64-mingw32-gcc ]; then export CROSS_COMPILE=${CC%%gcc}; unset CC; ./Configure mingw $CONFIG_OPTS; @@ -41,10 +44,13 @@ before_script: else ./config $CONFIG_OPTS; fi + - cd .. script: + - cd _srcdist - make - if [ -z "$CROSS_COMPILE" ]; then make test; fi + - cd .. notifications: recipient: diff --git a/Makefile.org b/Makefile.org index aa8776e..7e7728f 100644 --- a/Makefile.org +++ b/Makefile.org @@ -180,7 +180,6 @@ GENERAL= Makefile BASENAME= openssl NAME= $(BASENAME)-$(VERSION) TARFILE= $(NAME).tar -WTARFILE= $(NAME)-win.tar EXHEADER= e_os2.h HEADER= e_os.h @@ -499,38 +498,35 @@ TABLE: Configure # would occur. Therefore the list of files is temporarily stored into a file # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. -TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \ +TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ --owner openssl:0 --group openssl:0 \ - --transform 's|^|openssl-$(VERSION)/|' \ + --transform 's|^|$(NAME)/|' \ -cvf - -../$(TARFILE).list: +$(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \! -name '*test' \! -name '.#*' \! -name '*~' \ - | sort > ../$(TARFILE).list + \! -name '*test' \! -name '.#*' \! -name '*~' \! -xtype l \ + | sort > $(TARFILE).list -tar: ../$(TARFILE).list +tar: $(TARFILE).list find . -type d -print | xargs chmod 755 find . -type f -print | xargs chmod a+r find . -type f -perm -0100 -print | xargs chmod a+x - $(TAR_COMMAND) | gzip --best >../$(TARFILE).gz - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE).gz + $(TAR_COMMAND) | gzip --best > $(TARFILE).gz + rm -f $(TARFILE).list + ls -l $(TARFILE).gz -tar-snap: ../$(TARFILE).list - $(TAR_COMMAND) > ../$(TARFILE) - rm -f ../$(TARFILE).list - ls -l ../$(TARFILE) +tar-snap: $(TARFILE).list + $(TAR_COMMAND) > $(TARFILE) + rm -f $(TARFILE).list + ls -l $(TARFILE) dist: $(PERL) Configure dist - @$(MAKE) dist_pem_h @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar - -dist_pem_h: - (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' \ + TARFILE='$(TARFILE)' NAME='$(NAME)' tar install: all install_docs install_sw From builds at travis-ci.org Mon Dec 7 15:42:30 2015 From: builds at travis-ci.org (Travis CI) Date: Mon, 07 Dec 2015 15:42:30 +0000 Subject: [openssl-commits] Errored: openssl/openssl#795 (OpenSSL_1_0_2-stable - 8e18bab) In-Reply-To: Message-ID: <5665a8e42ee28_33f8ca999b6e48696ae@3684dd14-25c1-4899-bfc4-65855e7d1e23.mail> Build Update for openssl/openssl ------------------------------------- Build: #795 Status: Errored Duration: 13 seconds Commit: 8e18bab (OpenSSL_1_0_2-stable) Author: Richard Levitte Message: Do not add symlinks in the source release Reviewed-by: Rich Salz (cherry picked from commit 451a5bdf0386d7acf091c3e3b39107e5ed8be25d) View the changeset: https://github.com/openssl/openssl/compare/8a27243c7bca...8e18babd1b14 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95368590 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Dec 7 15:32:47 2015 From: builds at travis-ci.org (Travis CI) Date: Mon, 07 Dec 2015 15:32:47 +0000 Subject: [openssl-commits] Errored: openssl/openssl#794 (master - 451a5bd) In-Reply-To: Message-ID: <5665a69f77033_33f8caee288c486145a@3684dd14-25c1-4899-bfc4-65855e7d1e23.mail> Build Update for openssl/openssl ------------------------------------- Build: #794 Status: Errored Duration: 15 minutes and 39 seconds Commit: 451a5bd (master) Author: Richard Levitte Message: Do not add symlinks in the source release Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/5fa30720e481...451a5bdf0386 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95366948 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Dec 7 16:45:42 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 16:45:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449506742.047603.7511.nullmailer@dev.openssl.org> The branch master has been updated via 507db4c5313288d55eeb8434b0111201ba363b28 (commit) via 706e2462f1d2a884139334a5209664d5b8ca09ec (commit) via 716854d74e17e031257d184246cc59ed7fffb2cc (commit) via 25191fffb9f858b29b7029c7df944f25a4dc723f (commit) via b3bb779997ae620918b8467cc6a452725013e204 (commit) via a87a0a6e5eb7993ae7a4d2eb13e605d8b5428073 (commit) via dc0099e1dd013abe52d0ff4901e02cca030bec97 (commit) via e0a3a803d93dac94dfd8c7c54445be73f7572032 (commit) via bfb0641f932490c2e7fb5f9f7cb4a88017a5abfa (commit) via 959ed5316c84d0e12ad18acfd40cefe15603ddfb (commit) via 67565323589932ef36e84d95b07bcc97325c9961 (commit) via eda34e4bef33a3b8f1e207bf04769007c70cbd1e (commit) via 32fd54a9a36c172cf4e5fe4b7af2ae1f1ce1bc0a (commit) via 74cabf3fef77ab73c45e27cf6ed90f6db020e7c7 (commit) via bf7c68177b6fbb80406c60136654b6fefe7e3ba2 (commit) via 3f43aecc599a5a729609deca7d98a677334ab3b8 (commit) via ab0a14bbc7bc7cdda4cfb2b2a730804b3437429f (commit) via cddcea8c4b46ea610d928af899e394d9e323c617 (commit) via cc9d6655a1e6562564a0ac4b5dfcd72f24de7063 (commit) via 2db6bf6f856fc7a6e848e3c45b274b327a86784c (commit) via 6e59a892db781658c050e5217127c4147c116ac9 (commit) via 9b6c00707eae2cbce79479f4b1a5dc11019abca0 (commit) via fa0c23de83efaf92da17cffce12444adbca48c89 (commit) via 77a01145be26ceeefa6870e1e9dd7f99ac123fa3 (commit) via 7638370ca6cb1d89eba5d891f522776b9da3d6e7 (commit) from 451a5bdf0386d7acf091c3e3b39107e5ed8be25d (commit) - Log ----------------------------------------------------------------- commit 507db4c5313288d55eeb8434b0111201ba363b28 Author: Richard Levitte Date: Tue Dec 1 03:28:22 2015 +0100 Add an entry in CHANGES Reviewed-by: Rich Salz commit 706e2462f1d2a884139334a5209664d5b8ca09ec Author: Richard Levitte Date: Fri Dec 4 13:04:54 2015 +0100 Document EVP_MD constructors, destructors and manipulators Reviewed-by: Rich Salz commit 716854d74e17e031257d184246cc59ed7fffb2cc Author: Richard Levitte Date: Mon Nov 30 23:43:59 2015 +0100 Document the HMAC changes Reviewed-by: Rich Salz commit 25191fffb9f858b29b7029c7df944f25a4dc723f Author: Richard Levitte Date: Tue Dec 1 03:19:11 2015 +0100 Document the EVP_MD_CTX changes Reviewed-by: Rich Salz commit b3bb779997ae620918b8467cc6a452725013e204 Author: Richard Levitte Date: Fri Nov 27 14:47:08 2015 +0100 make update Reviewed-by: Rich Salz commit a87a0a6e5eb7993ae7a4d2eb13e605d8b5428073 Author: Richard Levitte Date: Wed Dec 2 22:49:24 2015 +0100 Cleanup: fix all sources that used HMAC_CTX_init Reviewed-by: Rich Salz commit dc0099e1dd013abe52d0ff4901e02cca030bec97 Author: Richard Levitte Date: Wed Dec 2 22:47:31 2015 +0100 Cleanup: rename HMAC_CTX_init to HMAC_CTX_reset Reviewed-by: Rich Salz commit e0a3a803d93dac94dfd8c7c54445be73f7572032 Author: Richard Levitte Date: Wed Dec 2 00:52:56 2015 +0100 Cleanup: support EVP_MD_CTX_(create|init|destroy) for deprecated use Reviewed-by: Rich Salz commit bfb0641f932490c2e7fb5f9f7cb4a88017a5abfa Author: Richard Levitte Date: Wed Dec 2 00:49:35 2015 +0100 Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy) Reviewed-by: Rich Salz commit 959ed5316c84d0e12ad18acfd40cefe15603ddfb Author: Richard Levitte Date: Wed Dec 2 00:26:19 2015 +0100 Cleanup: rename EVP_MD_CTX_(create|init|destroy) to EVP_MD_CTX_(new|reset|free) Looking over names, it seems like we usually use names ending with _new and _free as object constructors and destructors. Also, since EVP_MD_CTX_init is now used to reset a EVP_MD_CTX, it might as well be named accordingly. Reviewed-by: Rich Salz commit 67565323589932ef36e84d95b07bcc97325c9961 Author: Richard Levitte Date: Wed Dec 2 00:22:30 2015 +0100 Cleanup: Remove M_EVP_MD_* macros These macros were only meant for crypto/evp, and are now entirely unused. Reviewed-by: Rich Salz commit eda34e4bef33a3b8f1e207bf04769007c70cbd1e Author: Richard Levitte Date: Mon Nov 30 23:43:27 2015 +0100 Adapt the rest of the source to the removal of (EVP_MD_CTX|HMAC_CTX)_cleanup Reviewed-by: Rich Salz commit 32fd54a9a36c172cf4e5fe4b7af2ae1f1ce1bc0a Author: Richard Levitte Date: Mon Nov 30 23:42:39 2015 +0100 Remove HMAC_CTX_cleanup and combine its functionality into EVP_MD_CTX_init This follows the same idea as the combination of EVP_MD_CTX_cleanup and EVP_MD_CTX_init into one function. Reviewed-by: Rich Salz commit 74cabf3fef77ab73c45e27cf6ed90f6db020e7c7 Author: Richard Levitte Date: Tue Dec 1 01:38:35 2015 +0100 Remove EVP_MD_CTX_cleanup and put its functionality into EVP_MD_CTX_init The idea is that with EVP_MD_CTX_create() and EVP_MD_CTX_destroy(), EVP_MD_CTX_cleanup and EVP_MD_CTX_init is not used the same as before. Instead, we need a single function that can be used to reinitialise an existing EVP_MD_CTX that's been created with EVP_MD_CTX_create() previously. Combining EVP_MD_CTX_cleanup and EVP_MD_CTX_init into that one function is the answer. Reviewed-by: Rich Salz commit bf7c68177b6fbb80406c60136654b6fefe7e3ba2 Author: Richard Levitte Date: Mon Nov 30 13:44:28 2015 +0100 Adapt the rest of the source to the opaque HMAC_CTX Reviewed-by: Rich Salz commit 3f43aecc599a5a729609deca7d98a677334ab3b8 Author: Richard Levitte Date: Mon Nov 30 13:34:20 2015 +0100 Make the definition of HMAC_CTX opaque This moves the definition to crypto/hmac/hmac_lcl.h. Constructor and destructor added, and the typedef moved to include/openssl/ossl_typ.h. Reviewed-by: Rich Salz commit ab0a14bbc7bc7cdda4cfb2b2a730804b3437429f Author: Richard Levitte Date: Mon Nov 30 10:25:36 2015 +0100 Add inclusion of internal/evp_int.h to all crypto/ files that need it These are the files that add new EVP_MDs. Reviewed-by: Rich Salz commit cddcea8c4b46ea610d928af899e394d9e323c617 Author: Richard Levitte Date: Mon Nov 30 10:24:12 2015 +0100 Adapt all engines that add new EVP_MDs Reviewed-by: Rich Salz commit cc9d6655a1e6562564a0ac4b5dfcd72f24de7063 Author: Richard Levitte Date: Sun Nov 29 20:12:35 2015 +0100 Have the few apps that accessed EVP_MD directly use accessors instead Reviewed-by: Rich Salz commit 2db6bf6f856fc7a6e848e3c45b274b327a86784c Author: Richard Levitte Date: Sun Nov 29 20:09:34 2015 +0100 Make the definition of EVP_MD opaque This moves the definition to crypto/include/internal/evp_int.h and defines all the necessary method creators, destructors, writers and accessors. The name standard for the latter is inspired from the corresponding functions to manipulate UI methods. Reviewed-by: Rich Salz commit 6e59a892db781658c050e5217127c4147c116ac9 Author: Richard Levitte Date: Fri Nov 27 14:02:12 2015 +0100 Adjust all accesses to EVP_MD_CTX to use accessor functions. Reviewed-by: Rich Salz commit 9b6c00707eae2cbce79479f4b1a5dc11019abca0 Author: Richard Levitte Date: Fri Nov 27 14:19:27 2015 +0100 Document the changed HMAC API. Reviewed-by: Rich Salz commit fa0c23de83efaf92da17cffce12444adbca48c89 Author: Richard Levitte Date: Fri Nov 27 14:10:15 2015 +0100 Adapt HMAC to the EVP_MD_CTX changes This change required some special treatment, as HMAC is intertwined with EVP_MD. For now, all local HMAC_CTX variables MUST be initialised with HMAC_CTX_EMPTY, or whatever happens to be on the stack will be mistaken for actual pointers to EVP_MD_CTX. This will change as soon as HMAC_CTX becomes opaque. Also, since HMAC_CTX_init() can fail now, its return type changes from void to int, and it will return 0 on failure, 1 on success. Reviewed-by: Rich Salz commit 77a01145be26ceeefa6870e1e9dd7f99ac123fa3 Author: Richard Levitte Date: Fri Nov 27 14:17:50 2015 +0100 Have other crypto/evp files include evp_locl.h Note: this does not include the files in crypto/evp that are just instanciations of EVP_MD. Reviewed-by: Rich Salz commit 7638370ca6cb1d89eba5d891f522776b9da3d6e7 Author: Richard Levitte Date: Fri Nov 27 13:35:02 2015 +0100 Make the definition of EVP_MD_CTX opaque This moves the definitionto crypto/evp/evp_locl.h, along with a few associated accessor macros. A few accessor/writer functions added. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 22 +++ apps/ca.c | 2 +- apps/passwd.c | 58 +++--- apps/req.c | 44 +++-- apps/speed.c | 20 +- apps/ts.c | 13 +- crypto/asn1/Makefile | 8 +- crypto/asn1/a_sign.c | 34 ++-- crypto/asn1/a_verify.c | 33 ++-- crypto/asn1/asn_mime.c | 1 + crypto/asn1/x_algor.c | 1 + crypto/cmac/cm_pmeth.c | 4 +- crypto/cms/cms_asn1.c | 3 +- crypto/cms/cms_dd.c | 14 +- crypto/cms/cms_lcl.h | 2 +- crypto/cms/cms_sd.c | 61 +++--- crypto/dh/dh_kdf.c | 18 +- crypto/dsa/dsa_gen.c | 19 +- crypto/ecdh/ech_kdf.c | 20 +- crypto/engine/eng_openssl.c | 98 ++++++--- crypto/evp/Makefile | 35 ++-- crypto/evp/bio_md.c | 6 +- crypto/evp/bio_ok.c | 74 ++++--- crypto/evp/digest.c | 104 +++++----- crypto/evp/evp_key.c | 24 +-- crypto/evp/evp_lib.c | 147 ++++++++++++++ crypto/evp/evp_locl.h | 14 ++ crypto/evp/m_md4.c | 7 +- crypto/evp/m_md5.c | 7 +- crypto/evp/m_md5_sha1.c | 9 +- crypto/evp/m_mdc2.c | 7 +- crypto/evp/m_null.c | 1 + crypto/evp/m_ripemd.c | 7 +- crypto/evp/m_sha1.c | 25 +-- crypto/evp/m_sigver.c | 27 ++- crypto/evp/m_wp.c | 7 +- crypto/evp/names.c | 1 + crypto/evp/p5_crpt.c | 25 ++- crypto/evp/p5_crpt2.c | 50 +++-- crypto/evp/p_sign.c | 22 ++- crypto/evp/p_verify.c | 18 +- crypto/hmac/Makefile | 1 + crypto/hmac/hm_pmeth.c | 29 +-- crypto/hmac/hmac.c | 129 ++++++++---- include/openssl/ssl2.h => crypto/hmac/hmac_lcl.h | 24 ++- crypto/include/internal/evp_int.h | 17 ++ crypto/pem/pem_seal.c | 10 +- crypto/pem/pvkfmt.c | 14 +- crypto/pkcs12/p12_key.c | 23 ++- crypto/pkcs12/p12_mutl.c | 16 +- crypto/pkcs7/pk7_doit.c | 58 +++--- crypto/rand/md_rand.c | 72 ++++--- crypto/rsa/rsa_ameth.c | 2 +- crypto/rsa/rsa_oaep.c | 19 +- crypto/rsa/rsa_pss.c | 41 ++-- crypto/srp/srp_lib.c | 89 +++++---- crypto/srp/srp_vfy.c | 22 ++- crypto/ts/ts_rsp_verify.c | 15 +- crypto/x509/x509_cmp.c | 31 +-- doc/crypto/EVP_DigestInit.pod | 70 +++---- doc/crypto/EVP_DigestSignInit.pod | 4 +- doc/crypto/EVP_DigestVerifyInit.pod | 4 +- doc/crypto/EVP_MD_meth_new.pod | 160 +++++++++++++++ doc/crypto/EVP_SignInit.pod | 4 +- doc/crypto/EVP_VerifyInit.pod | 4 +- doc/crypto/hmac.pod | 39 ++-- engines/ccgost/gost_crypt.c | 60 ++++-- engines/ccgost/gost_eng.c | 34 +++- engines/ccgost/gost_lcl.h | 6 +- engines/ccgost/gost_md.c | 59 +++--- engines/ccgost/gost_pmeth.c | 3 +- engines/e_dasync.c | 67 +++++-- engines/e_ossltest.c | 240 +++++++++++++++-------- include/openssl/evp.h | 90 +++++---- include/openssl/hmac.h | 17 +- include/openssl/ossl_typ.h | 2 + include/openssl/pem.h | 2 +- ssl/record/ssl3_record.c | 53 ++--- ssl/s3_cbc.c | 24 +-- ssl/s3_enc.c | 100 ++++++---- ssl/ssl_lib.c | 20 +- ssl/statem/statem_clnt.c | 49 +++-- ssl/statem/statem_dtls.c | 3 +- ssl/statem/statem_srvr.c | 58 +++--- ssl/t1_enc.c | 58 +++--- ssl/t1_lib.c | 21 +- test/ecdsatest.c | 14 +- test/evp_extra_test.c | 38 ++-- test/evp_test.c | 10 +- test/gost2814789test.c | 21 +- test/hmactest.c | 66 ++++--- test/mdc2test.c | 20 +- test/sha1test.c | 12 +- test/sha256t.c | 26 +-- test/sha512t.c | 26 +-- util/libeay.num | 42 +++- 96 files changed, 2062 insertions(+), 1168 deletions(-) copy include/openssl/ssl2.h => crypto/hmac/hmac_lcl.h (90%) create mode 100644 doc/crypto/EVP_MD_meth_new.pod diff --git a/CHANGES b/CHANGES index db3f638..9ee1731 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,28 @@ exchange. The LOW ciphers currently doesn't have any ciphers in it. [Kurt Roeckx] + *) Make EVP_MD_CTX, EVP_MD and HMAC_CTX opaque. For HMAC_CTX, the + following constructors and destructors were added: + + HMAC_CTX *HMAC_CTX_new(void); + void HMAC_CTX_free(HMAC_CTX *ctx); + + For EVP_MD, a complete API to create, fill and destroy such + methods has been added. See EVP_MD_meth_new(3) for + documentation. + + Additional changes: + 1) HMAC_CTX_cleanup() and EVP_MD_CTX_cleanup() were removed, + HMAC_CTX_init() and EVP_MD_CTX_init() should be called instead + to reinitialise and already created structure. Also, + HMAC_CTX_init() and EVP_MD_CTX_init() now return 0 for failure + and 1 for success (they previously had the return type void). + 2) For consistency with the majority of our object creators and + destructors, EVP_MD_CTX_(create|destroy) were renamed to + EVP_MD_CTX_(new|free). The old names are retained as macros + for deprecated builds. + [Richard Levitte] + *) Added ASYNC support. Libcrypto now includes the async sub-library to enable cryptographic operations to be performed asynchronously as long as an asynchronous capable engine is used. See the ASYNC_start_job() man page for diff --git a/apps/ca.c b/apps/ca.c index eea9d99..f6ba239 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -828,7 +828,7 @@ end_of_options: } if (verbose) BIO_printf(bio_err, "message digest is %s\n", - OBJ_nid2ln(dgst->type)); + OBJ_nid2ln(EVP_MD_type(dgst))); if ((policy == NULL) && ((policy = NCONF_get_string(conf, section, ENV_POLICY)) == diff --git a/apps/passwd.c b/apps/passwd.c index 372e0e8..2a32111 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -307,7 +307,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) char *salt_out; int n; unsigned int i; - EVP_MD_CTX md, md2; + EVP_MD_CTX *md, *md2; size_t passwd_len, salt_len; passwd_len = strlen(passwd); @@ -322,45 +322,50 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) salt_len = strlen(salt_out); assert(salt_len <= 8); - EVP_MD_CTX_init(&md); - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, passwd, passwd_len); - EVP_DigestUpdate(&md, "$", 1); - EVP_DigestUpdate(&md, magic, strlen(magic)); - EVP_DigestUpdate(&md, "$", 1); - EVP_DigestUpdate(&md, salt_out, salt_len); - - EVP_MD_CTX_init(&md2); - EVP_DigestInit_ex(&md2, EVP_md5(), NULL); - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, salt_out, salt_len); - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestFinal_ex(&md2, buf, NULL); + md = EVP_MD_CTX_new(); + if (md == NULL) + return NULL; + EVP_DigestInit_ex(md, EVP_md5(), NULL); + EVP_DigestUpdate(md, passwd, passwd_len); + EVP_DigestUpdate(md, "$", 1); + EVP_DigestUpdate(md, magic, strlen(magic)); + EVP_DigestUpdate(md, "$", 1); + EVP_DigestUpdate(md, salt_out, salt_len); + + md2 = EVP_MD_CTX_new(); + if (md2 == NULL) + return NULL; + EVP_DigestInit_ex(md2, EVP_md5(), NULL); + EVP_DigestUpdate(md2, passwd, passwd_len); + EVP_DigestUpdate(md2, salt_out, salt_len); + EVP_DigestUpdate(md2, passwd, passwd_len); + EVP_DigestFinal_ex(md2, buf, NULL); for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - EVP_DigestUpdate(&md, buf, sizeof buf); - EVP_DigestUpdate(&md, buf, i); + EVP_DigestUpdate(md, buf, sizeof buf); + EVP_DigestUpdate(md, buf, i); n = passwd_len; while (n) { - EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1); + EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1); n >>= 1; } - EVP_DigestFinal_ex(&md, buf, NULL); + EVP_DigestFinal_ex(md, buf, NULL); for (i = 0; i < 1000; i++) { - EVP_DigestInit_ex(&md2, EVP_md5(), NULL); - EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, + EVP_DigestInit_ex(md2, EVP_md5(), NULL); + EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf, (i & 1) ? passwd_len : sizeof buf); if (i % 3) - EVP_DigestUpdate(&md2, salt_out, salt_len); + EVP_DigestUpdate(md2, salt_out, salt_len); if (i % 7) - EVP_DigestUpdate(&md2, passwd, passwd_len); - EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, + EVP_DigestUpdate(md2, passwd, passwd_len); + EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd, (i & 1) ? sizeof buf : passwd_len); - EVP_DigestFinal_ex(&md2, buf, NULL); + EVP_DigestFinal_ex(md2, buf, NULL); } - EVP_MD_CTX_cleanup(&md2); + EVP_MD_CTX_free(md2); + EVP_MD_CTX_free(md); { /* transform buf into output string */ @@ -399,7 +404,6 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) *output = 0; assert(strlen(out_buf) < sizeof(out_buf)); } - EVP_MD_CTX_cleanup(&md); return out_buf; } diff --git a/apps/req.c b/apps/req.c index 5d9231c..c275763 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1492,7 +1492,8 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, EVP_PKEY_CTX *pkctx = NULL; int i; - EVP_MD_CTX_init(ctx); + if (ctx == NULL) + return 0; if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) return 0; for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { @@ -1510,13 +1511,16 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(&mctx, pkey, md, sigopts); + rv = do_sign_init(mctx, pkey, md, sigopts); + /* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys + * the EVP_MD_CTX we send it, so only destroy it here if the former + * isn't called */ if (rv > 0) - rv = X509_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); + rv = X509_sign_ctx(x, mctx); + else + EVP_MD_CTX_free(mctx); return rv > 0 ? 1 : 0; } @@ -1524,13 +1528,15 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; - EVP_MD_CTX mctx; - - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(&mctx, pkey, md, sigopts); + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + rv = do_sign_init(mctx, pkey, md, sigopts); + /* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys + * the EVP_MD_CTX we send it, so only destroy it here if the former + * isn't called */ if (rv > 0) - rv = X509_REQ_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); + rv = X509_REQ_sign_ctx(x, mctx); + else + EVP_MD_CTX_free(mctx); return rv > 0 ? 1 : 0; } @@ -1538,12 +1544,14 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; - EVP_MD_CTX mctx; - - EVP_MD_CTX_init(&mctx); - rv = do_sign_init(&mctx, pkey, md, sigopts); + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + rv = do_sign_init(mctx, pkey, md, sigopts); + /* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys + * the EVP_MD_CTX we send it, so only destroy it here if the former + * isn't called */ if (rv > 0) - rv = X509_CRL_sign_ctx(x, &mctx); - EVP_MD_CTX_cleanup(&mctx); + rv = X509_CRL_sign_ctx(x, mctx); + else + EVP_MD_CTX_free(mctx); return rv > 0 ? 1 : 0; } diff --git a/apps/speed.c b/apps/speed.c index 68530b1..8e1fe84 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1298,24 +1298,28 @@ int speed_main(int argc, char **argv) #if !defined(OPENSSL_NO_MD5) if (doit[D_HMAC]) { - HMAC_CTX hctx; + HMAC_CTX *hctx = NULL; - HMAC_CTX_init(&hctx); - HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...", + hctx = HMAC_CTX_new(); + if (hctx == NULL) { + BIO_printf(bio_err, "HMAC malloc failure, exiting..."); + exit(1); + } + HMAC_Init_ex(hctx, (unsigned char *)"This is a key...", 16, EVP_md5(), NULL); for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) { - HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL); - HMAC_Update(&hctx, buf, lengths[j]); - HMAC_Final(&hctx, &(hmac[0]), NULL); + HMAC_Init_ex(hctx, NULL, 0, NULL, NULL); + HMAC_Update(hctx, buf, lengths[j]); + HMAC_Final(hctx, &(hmac[0]), NULL); } d = Time_F(STOP); print_result(D_HMAC, j, count, d); } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); } #endif if (doit[D_SHA1]) { @@ -1687,7 +1691,7 @@ int speed_main(int argc, char **argv) EVP_CIPHER_CTX_cleanup(&ctx); } if (evp_md) { - names[D_EVP] = OBJ_nid2ln(evp_md->type); + names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); print_message(names[D_EVP], save_count, lengths[j]); Time_F(START); diff --git a/apps/ts.c b/apps/ts.c index ac91323..00b5e53 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -523,17 +523,22 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md, return 0; if (input) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); unsigned char buffer[4096]; int length; + if (md_ctx == NULL) + return 0; *md_value = app_malloc(md_value_len, "digest buffer"); - EVP_DigestInit(&md_ctx, md); + EVP_DigestInit(md_ctx, md); while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) { - EVP_DigestUpdate(&md_ctx, buffer, length); + EVP_DigestUpdate(md_ctx, buffer, length); } - if (!EVP_DigestFinal(&md_ctx, *md_value, NULL)) + if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) { + EVP_MD_CTX_free(md_ctx); return 0; + } + EVP_MD_CTX_free(md_ctx); } else { long digest_len; *md_value = string_to_hex(digest, &digest_len); diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index a6f1bac..3f59adc 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -208,7 +208,7 @@ a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h a_sign.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h -a_sign.o: a_sign.c +a_sign.o: ../include/internal/evp_int.h a_sign.c a_strex.o: ../../e_os.h ../../include/openssl/asn1.h a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -349,7 +349,8 @@ asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -asn_mime.o: ../include/internal/cryptlib.h asn1_locl.h asn_mime.c +asn_mime.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h +asn_mime.o: asn1_locl.h asn_mime.c asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -689,7 +690,8 @@ x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c +x_algor.o: ../../include/openssl/x509_vfy.h ../include/internal/evp_int.h +x_algor.o: x_algor.c x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 18923b1..5b5d5b7 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -124,6 +124,7 @@ #include #include #include "internal/asn1_int.h" +#include "internal/evp_int.h" #ifndef NO_ASN1_OLD @@ -131,12 +132,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char *p, *buf_in = NULL, *buf_out = NULL; int i, inl = 0, outl = 0, outll = 0; X509_ALGOR *a; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } for (i = 0; i < 2; i++) { if (i == 0) a = algor1; @@ -182,9 +186,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, p = buf_in; i2d(data, &p); - if (!EVP_SignInit_ex(&ctx, type, NULL) - || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) - || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, + if (!EVP_SignInit_ex(ctx, type, NULL) + || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) + || !EVP_SignFinal(ctx, (unsigned char *)buf_out, (unsigned int *)&outl, pkey)) { outl = 0; ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); @@ -201,7 +205,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); @@ -213,13 +217,17 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { + EVP_MD_CTX_free(ctx); return 0; } - return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); + return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); } int ASN1_item_sign_ctx(const ASN1_ITEM *it, @@ -234,7 +242,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, int rv; type = EVP_MD_CTX_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); if (!type || !pkey) { ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); @@ -307,7 +315,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; err: - EVP_MD_CTX_cleanup(ctx); + EVP_MD_CTX_free(ctx); OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); OPENSSL_clear_free((char *)buf_out, outll); return (outl); diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 540b71c..4acee3e 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -77,12 +77,15 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); const EVP_MD *type; unsigned char *p, *buf_in = NULL; int ret = -1, i, inl; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } i = OBJ_obj2nid(a->algorithm); type = EVP_get_digestbyname(OBJ_nid2sn(i)); if (type == NULL) { @@ -104,8 +107,8 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p = buf_in; i2d(data, &p); - ret = EVP_VerifyInit_ex(&ctx, type, NULL) - && EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); + ret = EVP_VerifyInit_ex(ctx, type, NULL) + && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -115,7 +118,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = -1; - if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, + if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, (unsigned int)signature->length, pkey) <= 0) { ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -123,7 +126,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return (ret); } @@ -132,7 +135,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; int ret = -1, inl; @@ -148,7 +151,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { @@ -161,7 +168,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); + ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); /* * Return value of 2 means carry on, anything else means we exit * straight away: either a fatal error of the underlying verification @@ -185,7 +192,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; goto err; @@ -200,7 +207,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - ret = EVP_DigestVerifyUpdate(&ctx, buf_in, inl); + ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); OPENSSL_clear_free(buf_in, (unsigned int)inl); @@ -210,7 +217,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = -1; - if (EVP_DigestVerifyFinal(&ctx, signature->data, + if (EVP_DigestVerifyFinal(ctx, signature->data, (size_t)signature->length) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; @@ -218,6 +225,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return (ret); } diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 12f6fd6..5369099 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -60,6 +60,7 @@ #include #include #include +#include "internal/evp_int.h" #include "asn1_locl.h" /* diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index ca27491..5ad63eb 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -61,6 +61,7 @@ #include #include #include +#include "internal/evp_int.h" ASN1_SEQUENCE(X509_ALGOR) = { ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 080db63..4e060f3 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -101,7 +101,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - if (!CMAC_Update(ctx->pctx->data, data, count)) + if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count)) return 0; return 1; } @@ -109,7 +109,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = int_update; + EVP_MD_CTX_set_update_fn(mctx, int_update); return 1; } diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index e044cf5..3b9f7b5 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -95,8 +95,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; EVP_PKEY_free(si->pkey); X509_free(si->signer); - if (si->pctx) - EVP_MD_CTX_cleanup(&si->mctx); + EVP_MD_CTX_free(si->mctx); } return 1; } diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 426f8cd..9ac45b5 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -99,19 +99,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; int r = 0; CMS_DigestedData *dd; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE); + goto err; + } dd = cms->d.digestedData; - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) + if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0) goto err; if (verify) { @@ -133,7 +137,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) } err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return r; diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index 227356b..3d41d4f 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -137,7 +137,7 @@ struct CMS_SignerInfo_st { X509 *signer; EVP_PKEY *pkey; /* Digest and public key context for alternative parameters */ - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; }; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 1720bcd..5c39746 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -287,9 +287,14 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si->pkey = pk; si->signer = signer; - EVP_MD_CTX_init(&si->mctx); + si->mctx = EVP_MD_CTX_new(); si->pctx = NULL; + if (si->mctx == NULL) { + CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (flags & CMS_USE_KEYID) { si->version = 3; if (sd->version < 3) @@ -387,7 +392,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, goto err; if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; - } else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <= + } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 0) goto err; } @@ -444,7 +449,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) { - return &si->mctx; + return si->mctx; } STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) @@ -571,17 +576,21 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); int r = 0; EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } if (!si->pkey) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); return 0; } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; /* Set SignerInfo algortihm details if we used custom parametsr */ if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) @@ -596,7 +605,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, cms->d.signedData->encapContentInfo->eContentType; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, V_ASN1_OCTET_STRING, md, mdlen)) @@ -613,7 +622,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; pctx = si->pctx; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; siglen = EVP_PKEY_size(si->pkey); sig = OPENSSL_malloc(siglen); @@ -634,7 +643,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) { + if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR); OPENSSL_free(sig); goto err; @@ -645,7 +654,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, r = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); EVP_PKEY_CTX_free(pctx); return r; @@ -668,7 +677,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) int CMS_SignerInfo_sign(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = si->mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; @@ -687,7 +696,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) if (si->pctx) pctx = si->pctx; else { - EVP_MD_CTX_init(mctx); + EVP_MD_CTX_reset(mctx); if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; } @@ -719,7 +728,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) goto err; } - EVP_MD_CTX_cleanup(mctx); + EVP_MD_CTX_reset(mctx); ASN1_STRING_set0(si->signature, abuf, siglen); @@ -727,14 +736,14 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) err: OPENSSL_free(abuf); - EVP_MD_CTX_cleanup(mctx); + EVP_MD_CTX_reset(mctx); return 0; } int CMS_SignerInfo_verify(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = NULL; unsigned char *abuf = NULL; int alen, r = -1; const EVP_MD *md = NULL; @@ -747,7 +756,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return -1; - EVP_MD_CTX_init(mctx); + if (si->mctx == NULL) + si->mctx = EVP_MD_CTX_new(); + mctx = si->mctx; if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) goto err; @@ -769,7 +780,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) if (r <= 0) CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); err: - EVP_MD_CTX_cleanup(mctx); + EVP_MD_CTX_reset(mctx); return r; } @@ -806,12 +817,16 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) { ASN1_OCTET_STRING *os = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); EVP_PKEY_CTX *pkctx = NULL; int r = -1; unsigned char mval[EVP_MAX_MD_SIZE]; unsigned int mlen; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE); + goto err; + } /* If we have any signed attributes look for messageDigest value */ if (CMS_signed_get_attr_count(si) >= 0) { os = CMS_signed_get0_data_by_OBJ(si, @@ -824,10 +839,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) { + if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, CMS_R_UNABLE_TO_FINALIZE_CONTEXT); goto err; @@ -849,7 +864,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else r = 1; } else { - const EVP_MD *md = EVP_MD_CTX_md(&mctx); + const EVP_MD *md = EVP_MD_CTX_md(mctx); pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); if (pkctx == NULL) goto err; @@ -871,7 +886,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) err: EVP_PKEY_CTX_free(pkctx); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return r; } diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 5597960..8ce8498 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -144,7 +144,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; int rv = 0; unsigned int i; size_t mdlen; @@ -152,31 +152,33 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, int derlen; if (Zlen > DH_KDF_MAX) return 0; + mctx = EVP_MD_CTX_new(); + if (mctx == NULL) + return 0; mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); if (derlen == 0) goto err; for (i = 1;; i++) { unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + EVP_DigestInit_ex(mctx, md, NULL); + if (!EVP_DigestUpdate(mctx, Z, Zlen)) goto err; ctr[3] = i & 0xFF; ctr[2] = (i >> 8) & 0xFF; ctr[1] = (i >> 16) & 0xFF; ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, der, derlen)) + if (!EVP_DigestUpdate(mctx, der, derlen)) goto err; if (outlen >= mdlen) { - if (!EVP_DigestFinal(&mctx, out, NULL)) + if (!EVP_DigestFinal(mctx, out, NULL)) goto err; outlen -= mdlen; if (outlen == 0) break; out += mdlen; } else { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + if (!EVP_DigestFinal(mctx, mtmp, NULL)) goto err; memcpy(out, mtmp, outlen); OPENSSL_cleanse(mtmp, mdlen); @@ -186,7 +188,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, rv = 1; err: OPENSSL_free(der); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return rv; } #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 106ec3c..d6e3614 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -360,10 +360,11 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, int counter = 0; int r = 0; BN_CTX *ctx = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); unsigned int h = 2; - EVP_MD_CTX_init(&mctx); + if (mctx == NULL) + goto err; if (evpmd == NULL) { if (N == 160) @@ -374,7 +375,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, evpmd = EVP_sha256(); } - mdsize = M_EVP_MD_size(evpmd); + mdsize = EVP_MD_size(evpmd); /* If unverificable g generation only don't need seed */ if (!ret->p || !ret->q || idx >= 0) { if (seed_len == 0) @@ -582,15 +583,15 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, md[0] = idx & 0xff; md[1] = (h >> 8) & 0xff; md[2] = h & 0xff; - if (!EVP_DigestInit_ex(&mctx, evpmd, NULL)) + if (!EVP_DigestInit_ex(mctx, evpmd, NULL)) goto err; - if (!EVP_DigestUpdate(&mctx, seed_tmp, seed_len)) + if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len)) goto err; - if (!EVP_DigestUpdate(&mctx, ggen, sizeof(ggen))) + if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen))) goto err; - if (!EVP_DigestUpdate(&mctx, md, 3)) + if (!EVP_DigestUpdate(mctx, md, 3)) goto err; - if (!EVP_DigestFinal_ex(&mctx, md, NULL)) + if (!EVP_DigestFinal_ex(mctx, md, NULL)) goto err; if (!BN_bin2bn(md, mdsize, test)) goto err; @@ -639,7 +640,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return ok; } diff --git a/crypto/ecdh/ech_kdf.c b/crypto/ecdh/ech_kdf.c index 1e77c6f..cbcbfd9 100644 --- a/crypto/ecdh/ech_kdf.c +++ b/crypto/ecdh/ech_kdf.c @@ -64,7 +64,7 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = NULL; int rv = 0; unsigned int i; size_t mdlen; @@ -72,30 +72,32 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX || Zlen > ECDH_KDF_MAX) return 0; + mctx = EVP_MD_CTX_new(); + if (mctx == NULL) + return 0; mdlen = EVP_MD_size(md); - EVP_MD_CTX_init(&mctx); for (i = 1;; i++) { unsigned char mtmp[EVP_MAX_MD_SIZE]; - EVP_DigestInit_ex(&mctx, md, NULL); + EVP_DigestInit_ex(mctx, md, NULL); ctr[3] = i & 0xFF; ctr[2] = (i >> 8) & 0xFF; ctr[1] = (i >> 16) & 0xFF; ctr[0] = (i >> 24) & 0xFF; - if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + if (!EVP_DigestUpdate(mctx, Z, Zlen)) goto err; - if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr))) + if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr))) goto err; - if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen)) + if (!EVP_DigestUpdate(mctx, sinfo, sinfolen)) goto err; if (outlen >= mdlen) { - if (!EVP_DigestFinal(&mctx, out, NULL)) + if (!EVP_DigestFinal(mctx, out, NULL)) goto err; outlen -= mdlen; if (outlen == 0) break; out += mdlen; } else { - if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + if (!EVP_DigestFinal(mctx, mtmp, NULL)) goto err; memcpy(out, mtmp, outlen); OPENSSL_cleanse(mtmp, mdlen); @@ -104,6 +106,6 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, } rv = 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return rv; } diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index ba9adf0..b81f9c6 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -111,6 +111,8 @@ # undef TEST_ENG_OPENSSL_RC4_P_CIPHER #endif +static int openssl_destroy(ENGINE *e); + #ifdef TEST_ENG_OPENSSL_RC4 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); @@ -144,6 +146,7 @@ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, engine_openssl_id) || !ENGINE_set_name(e, engine_openssl_name) + || !ENGINE_set_destroy_function(e, openssl_destroy) #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS # ifndef OPENSSL_NO_RSA || !ENGINE_set_RSA(e, RSA_get_default_method()) @@ -326,15 +329,13 @@ static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, #ifdef TEST_ENG_OPENSSL_SHA /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ # include -static const int test_digest_nids[] = { NID_sha1 }; -static const int test_digest_nids_number = 1; static int test_sha1_init(EVP_MD_CTX *ctx) { # ifdef TEST_ENG_OPENSSL_SHA_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); # endif - return SHA1_Init(ctx->md_data); + return SHA1_Init(EVP_MD_CTX_md_data(ctx)); } static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) @@ -342,7 +343,7 @@ static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); # endif - return SHA1_Update(ctx->md_data, data, count); + return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) @@ -350,34 +351,63 @@ static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); # endif - return SHA1_Final(md, ctx->md_data); + return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); } -static const EVP_MD test_sha_md = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, - 0, - test_sha1_init, - test_sha1_update, - test_sha1_final, - NULL, - NULL, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; +static EVP_MD *sha1_md = NULL; +static const EVP_MD *test_sha_md(void) +{ + if (sha1_md == NULL) { + EVP_MD *md; + + if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL + || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) + || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) + || !EVP_MD_meth_set_app_datasize(md, + sizeof(EVP_MD *) + sizeof(SHA_CTX)) + || !EVP_MD_meth_set_flags(md, 0) + || !EVP_MD_meth_set_init(md, test_sha1_init) + || !EVP_MD_meth_set_update(md, test_sha1_update) + || !EVP_MD_meth_set_final(md, test_sha1_final)) { + EVP_MD_meth_free(md); + md = NULL; + } + sha1_md = md; + } + return sha1_md; +} +static void test_sha_md_destroy(void) +{ + EVP_MD_meth_free(sha1_md); + sha1_md = NULL; +} +static int test_digest_nids(const int **nids) +{ + static int digest_nids[2] = { 0, 0 }; + static int pos = 0; + static int init = 0; + + if (!init) { + const EVP_MD *md; + if ((md = test_sha_md()) != NULL) + digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos] = 0; + init = 1; + } + *nids = digest_nids; + return pos; +} static int openssl_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) { if (!digest) { /* We are returning a list of supported nids */ - *nids = test_digest_nids; - return test_digest_nids_number; + return test_digest_nids(nids); } /* We are being asked for a specific digest */ if (nid == NID_sha1) - *digest = &test_sha_md; + *digest = test_sha_md(); else { # ifdef TEST_ENG_OPENSSL_SHA_OTHERS fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " @@ -420,7 +450,7 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, typedef struct { const EVP_MD *md; /* MD for HMAC use */ ASN1_OCTET_STRING ktmp; /* Temp storage for key */ - HMAC_CTX ctx; + HMAC_CTX *ctx; } OSSL_HMAC_PKEY_CTX; static int ossl_hmac_init(EVP_PKEY_CTX *ctx) @@ -431,7 +461,7 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx) if (hctx == NULL) return 0; hctx->ktmp.type = V_ASN1_OCTET_STRING; - HMAC_CTX_init(&hctx->ctx); + hctx->ctx = HMAC_CTX_new(); EVP_PKEY_CTX_set_data(ctx, hctx); EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); # ifdef TEST_ENG_OPENSSL_HMAC_INIT @@ -448,8 +478,7 @@ static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) sctx = EVP_PKEY_CTX_get_data(src); dctx = EVP_PKEY_CTX_get_data(dst); dctx->md = sctx->md; - HMAC_CTX_init(&dctx->ctx); - if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) + if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx)) return 0; if (sctx->ktmp.data) { if (!ASN1_OCTET_STRING_set(&dctx->ktmp, @@ -463,7 +492,7 @@ static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx) { OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - HMAC_CTX_cleanup(&hctx->ctx); + HMAC_CTX_free(hctx->ctx); OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); OPENSSL_free(hctx); } @@ -484,8 +513,8 @@ static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx->pctx); - if (!HMAC_Update(&hctx->ctx, data, count)) + OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx)); + if (!HMAC_Update(hctx->ctx, data, count)) return 0; return 1; } @@ -493,7 +522,7 @@ static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = ossl_int_update; + EVP_MD_CTX_set_update_fn(mctx, ossl_int_update); return 1; } @@ -510,7 +539,7 @@ static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, if (!sig) return 1; - if (!HMAC_Final(&hctx->ctx, sig, &hlen)) + if (!HMAC_Final(hctx->ctx, sig, &hlen)) return 0; *siglen = (size_t)hlen; return 1; @@ -537,7 +566,7 @@ static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_DIGESTINIT: pk = EVP_PKEY_CTX_get0_pkey(ctx); key = EVP_PKEY_get0(pk); - if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, NULL)) + if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL)) return 0; break; @@ -616,3 +645,10 @@ static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, } #endif + +int openssl_destroy(ENGINE *e) +{ + test_sha_md_destroy(); + return 1; +} + diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index ee0998d..3972dc8 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -111,7 +111,8 @@ bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_md.o: ../include/internal/cryptlib.h bio_md.c +bio_md.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h bio_md.c +bio_md.o: evp_locl.h bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -121,7 +122,7 @@ bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bio_ok.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h -bio_ok.o: bio_ok.c +bio_ok.o: ../include/internal/evp_int.h bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -173,7 +174,8 @@ digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -digest.o: ../include/internal/cryptlib.h digest.c +digest.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h digest.c +digest.o: evp_locl.h e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -430,7 +432,7 @@ evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h evp_lib.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h -evp_lib.o: evp_lib.c +evp_lib.o: ../include/internal/evp_int.h evp_lib.c evp_locl.h evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -481,7 +483,7 @@ m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h m_md4.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h -m_md4.o: m_md4.c +m_md4.o: ../include/internal/evp_int.h m_md4.c m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -495,7 +497,7 @@ m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h m_md5.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h -m_md5.o: m_md5.c +m_md5.o: ../include/internal/evp_int.h m_md5.c m_md5_sha1.o: ../../e_os.h ../../include/openssl/asn1.h m_md5_sha1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_md5_sha1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -510,7 +512,8 @@ m_md5_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h m_md5_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_md5_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h m_md5_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md5_sha1.o: ../include/internal/cryptlib.h m_md5_sha1.c +m_md5_sha1.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h +m_md5_sha1.o: m_md5_sha1.c m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h @@ -524,7 +527,7 @@ m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_mdc2.o: ../include/internal/cryptlib.h m_mdc2.c +m_mdc2.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h m_mdc2.c m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -537,7 +540,7 @@ m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h m_null.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h -m_null.o: m_null.c +m_null.o: ../include/internal/evp_int.h m_null.c m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -552,7 +555,7 @@ m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h m_ripemd.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h -m_ripemd.o: m_ripemd.c +m_ripemd.o: ../include/internal/evp_int.h m_ripemd.c m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -562,7 +565,7 @@ m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha1.o: ../include/internal/cryptlib.h m_sha1.c +m_sha1.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h m_sha1.c m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -576,7 +579,7 @@ m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h m_sigver.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h -m_sigver.o: ../include/internal/evp_int.h m_sigver.c +m_sigver.o: ../include/internal/evp_int.h evp_locl.h m_sigver.c m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -589,7 +592,7 @@ m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_wp.o: ../include/internal/cryptlib.h m_wp.c +m_wp.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h m_wp.c names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -602,7 +605,7 @@ names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h names.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h -names.o: names.c +names.o: ../include/internal/evp_int.h names.c p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -712,7 +715,7 @@ p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h p_sign.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h -p_sign.o: p_sign.c +p_sign.o: ../include/internal/evp_int.h p_sign.c p_verify.o: ../../e_os.h ../../include/openssl/asn1.h p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -726,7 +729,7 @@ p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h p_verify.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h -p_verify.o: p_verify.c +p_verify.o: ../include/internal/evp_int.h p_verify.c pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index 6afaf9a..24c7dc3 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -61,6 +61,8 @@ #include "internal/cryptlib.h" #include #include +#include "internal/evp_int.h" +#include "evp_locl.h" /* * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest @@ -98,7 +100,7 @@ static int md_new(BIO *bi) { EVP_MD_CTX *ctx; - ctx = EVP_MD_CTX_create(); + ctx = EVP_MD_CTX_new(); if (ctx == NULL) return (0); @@ -112,7 +114,7 @@ static int md_free(BIO *a) { if (a == NULL) return (0); - EVP_MD_CTX_destroy(a->ptr); + EVP_MD_CTX_free(a->ptr); a->ptr = NULL; a->init = 0; a->flags = 0; diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 8658f88..5f3f2de 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -125,6 +125,7 @@ #include #include #include +#include "internal/evp_int.h" static int ok_write(BIO *h, const char *buf, int num); static int ok_read(BIO *h, char *buf, int size); @@ -149,7 +150,7 @@ typedef struct ok_struct { size_t buf_off_save; int cont; /* <= 0 when finished */ int finished; - EVP_MD_CTX md; + EVP_MD_CTX *md; int blockout; /* output block is ready */ int sigio; /* must process signature */ unsigned char buf[IOBS]; @@ -182,7 +183,7 @@ static int ok_new(BIO *bi) ctx->cont = 1; ctx->sigio = 1; - EVP_MD_CTX_init(&ctx->md); + ctx->md = EVP_MD_CTX_new(); bi->init = 0; bi->ptr = (char *)ctx; bi->flags = 0; @@ -193,7 +194,7 @@ static int ok_free(BIO *a) { if (a == NULL) return (0); - EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); + EVP_MD_CTX_free(((BIO_OK_CTX *)a->ptr)->md); OPENSSL_clear_free(a->ptr, sizeof(BIO_OK_CTX)); a->ptr = NULL; a->init = 0; @@ -412,14 +413,14 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_C_SET_MD: md = ptr; - if (!EVP_DigestInit_ex(&ctx->md, md, NULL)) + if (!EVP_DigestInit_ex(ctx->md, md, NULL)) return 0; b->init = 1; break; case BIO_C_GET_MD: if (b->init) { ppmd = ptr; - *ppmd = ctx->md.digest; + *ppmd = EVP_MD_CTX_md(ctx->md); } else ret = 0; break; @@ -468,30 +469,36 @@ static int sig_out(BIO *b) { BIO_OK_CTX *ctx; EVP_MD_CTX *md; + const EVP_MD *digest; + int md_size; + void *md_data; ctx = b->ptr; - md = &ctx->md; + md = ctx->md; + digest = EVP_MD_CTX_md(md); + md_size = EVP_MD_size(digest); + md_data = EVP_MD_CTX_md_data(md); - if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE) + if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE) return 1; - if (!EVP_DigestInit_ex(md, md->digest, NULL)) + if (!EVP_DigestInit_ex(md, digest, NULL)) goto berr; /* * FIXME: there's absolutely no guarantee this makes any sense at all, * particularly now EVP_MD_CTX has been restructured. */ - if (RAND_bytes(md->md_data, md->digest->md_size) <= 0) + if (RAND_bytes(md_data, md_size) <= 0) goto berr; - memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); - longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); - ctx->buf_len += md->digest->md_size; + memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size); + longswap(&(ctx->buf[ctx->buf_len]), md_size); + ctx->buf_len += md_size; if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) goto berr; if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) goto berr; - ctx->buf_len += md->digest->md_size; + ctx->buf_len += md_size; ctx->blockout = 1; ctx->sigio = 0; return 1; @@ -506,25 +513,31 @@ static int sig_in(BIO *b) EVP_MD_CTX *md; unsigned char tmp[EVP_MAX_MD_SIZE]; int ret = 0; + const EVP_MD *digest; + int md_size; + void *md_data; ctx = b->ptr; - md = &ctx->md; + md = ctx->md; + digest = EVP_MD_CTX_md(md); + md_size = EVP_MD_size(digest); + md_data = EVP_MD_CTX_md_data(md); - if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size) + if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size) return 1; - if (!EVP_DigestInit_ex(md, md->digest, NULL)) + if (!EVP_DigestInit_ex(md, digest, NULL)) goto berr; - memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); - longswap(md->md_data, md->digest->md_size); - ctx->buf_off += md->digest->md_size; + memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size); + longswap(md_data, md_size); + ctx->buf_off += md_size; if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; - ctx->buf_off += md->digest->md_size; + ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0; + ctx->buf_off += md_size; if (ret == 1) { ctx->sigio = 0; if (ctx->buf_len != ctx->buf_off) { @@ -547,9 +560,13 @@ static int block_out(BIO *b) BIO_OK_CTX *ctx; EVP_MD_CTX *md; unsigned long tl; + const EVP_MD *digest; + int md_size; ctx = b->ptr; - md = &ctx->md; + md = ctx->md; + digest = EVP_MD_CTX_md(md); + md_size = EVP_MD_size(digest); tl = ctx->buf_len - OK_BLOCK_BLOCK; ctx->buf[0] = (unsigned char)(tl >> 24); @@ -561,7 +578,7 @@ static int block_out(BIO *b) goto berr; if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) goto berr; - ctx->buf_len += md->digest->md_size; + ctx->buf_len += md_size; ctx->blockout = 1; return 1; berr: @@ -575,9 +592,11 @@ static int block_in(BIO *b) EVP_MD_CTX *md; unsigned long tl = 0; unsigned char tmp[EVP_MAX_MD_SIZE]; + int md_size; ctx = b->ptr; - md = &ctx->md; + md = ctx->md; + md_size = EVP_MD_size(EVP_MD_CTX_md(md)); assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ tl = ctx->buf[0]; @@ -588,7 +607,7 @@ static int block_in(BIO *b) tl <<= 8; tl |= ctx->buf[3]; - if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size) + if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) return 1; if (!EVP_DigestUpdate(md, @@ -596,10 +615,9 @@ static int block_in(BIO *b) goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == - 0) { + if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { /* there might be parts from next block lurking around ! */ - ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size; + ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; ctx->buf_len_save = ctx->buf_len; ctx->buf_off = OK_BLOCK_BLOCK; ctx->buf_len = tl + OK_BLOCK_BLOCK; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 32a87f6..5da0e01 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -116,25 +116,54 @@ #ifndef OPENSSL_NO_ENGINE # include #endif +#include "internal/evp_int.h" +#include "evp_locl.h" -void EVP_MD_CTX_init(EVP_MD_CTX *ctx) +/* This call frees resources associated with the context */ +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) { + if (ctx == NULL) + return 1; + + /* + * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because + * sometimes only copies of the context are ever finalised. + */ + if (ctx->digest && ctx->digest->cleanup + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + } + EVP_PKEY_CTX_free(ctx->pctx); +#ifndef OPENSSL_NO_ENGINE + if (ctx->engine) + /* + * The EVP_MD we used belongs to an ENGINE, release the functional + * reference we held for this reason. + */ + ENGINE_finish(ctx->engine); +#endif memset(ctx, 0, sizeof(*ctx)); + + return 1; } -EVP_MD_CTX *EVP_MD_CTX_create(void) +EVP_MD_CTX *EVP_MD_CTX_new(void) { - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); - - if (ctx != NULL) - EVP_MD_CTX_init(ctx); + return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); +} - return ctx; +void EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_reset(ctx); + OPENSSL_free(ctx); } int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { - EVP_MD_CTX_init(ctx); + EVP_MD_CTX_reset(ctx); return EVP_DigestInit_ex(ctx, type, NULL); } @@ -233,7 +262,7 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; ret = EVP_DigestFinal_ex(ctx, md, size); - EVP_MD_CTX_cleanup(ctx); + EVP_MD_CTX_reset(ctx); return ret; } @@ -256,7 +285,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) { - EVP_MD_CTX_init(out); + EVP_MD_CTX_reset(out); return EVP_MD_CTX_copy_ex(out, in); } @@ -280,7 +309,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); } else tmp_buf = NULL; - EVP_MD_CTX_cleanup(out); + EVP_MD_CTX_reset(out); memcpy(out, in, sizeof(*out)); if (in->md_data && out->digest->ctx_size) { @@ -301,7 +330,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) if (in->pctx) { out->pctx = EVP_PKEY_CTX_dup(in->pctx); if (!out->pctx) { - EVP_MD_CTX_cleanup(out); + EVP_MD_CTX_reset(out); return 0; } } @@ -316,55 +345,20 @@ int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); int ret; - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); - ret = EVP_DigestInit_ex(&ctx, type, impl) - && EVP_DigestUpdate(&ctx, data, count) - && EVP_DigestFinal_ex(&ctx, md, size); - EVP_MD_CTX_cleanup(&ctx); + if (ctx == NULL) + return 0; + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT); + ret = EVP_DigestInit_ex(ctx, type, impl) + && EVP_DigestUpdate(ctx, data, count) + && EVP_DigestFinal_ex(ctx, md, size); + EVP_MD_CTX_free(ctx); return ret; } -void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) -{ - if (ctx) { - EVP_MD_CTX_cleanup(ctx); - OPENSSL_free(ctx); - } -} - -/* This call frees resources associated with the context */ -int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) -{ - /* - * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because - * sometimes only copies of the context are ever finalised. - */ - if (ctx->digest && ctx->digest->cleanup - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) - ctx->digest->cleanup(ctx); - if (ctx->digest && ctx->digest->ctx_size && ctx->md_data - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - } - EVP_PKEY_CTX_free(ctx->pctx); -#ifndef OPENSSL_NO_ENGINE - if (ctx->engine) - /* - * The EVP_MD we used belongs to an ENGINE, release the functional - * reference we held for this reason. - */ - ENGINE_finish(ctx->engine); -#endif - memset(ctx, 0, sizeof(*ctx)); - - return 1; -} - int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) { if (ctx->digest && ctx->digest->md_ctrl) { diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 3e2c989..65f0381 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -123,7 +123,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, int datal, int count, unsigned char *key, unsigned char *iv) { - EVP_MD_CTX c; + EVP_MD_CTX *c; unsigned char md_buf[EVP_MAX_MD_SIZE]; int niv, nkey, addmd = 0; unsigned int mds = 0, i; @@ -136,27 +136,29 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, if (data == NULL) return (nkey); - EVP_MD_CTX_init(&c); + c = EVP_MD_CTX_new(); + if (c == NULL) + goto err; for (;;) { - if (!EVP_DigestInit_ex(&c, md, NULL)) + if (!EVP_DigestInit_ex(c, md, NULL)) goto err; if (addmd++) - if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) goto err; - if (!EVP_DigestUpdate(&c, data, datal)) + if (!EVP_DigestUpdate(c, data, datal)) goto err; if (salt != NULL) - if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN)) + if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN)) goto err; - if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) goto err; for (i = 1; i < (unsigned int)count; i++) { - if (!EVP_DigestInit_ex(&c, md, NULL)) + if (!EVP_DigestInit_ex(c, md, NULL)) goto err; - if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) goto err; - if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) goto err; } i = 0; @@ -189,7 +191,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, } rv = type->key_len; err: - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_free(c); OPENSSL_cleanse(md_buf, sizeof(md_buf)); return rv; } diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 319eede..4f55a1b 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -60,6 +60,8 @@ #include "internal/cryptlib.h" #include #include +#include "internal/evp_int.h" +#include "evp_locl.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { @@ -309,6 +311,128 @@ unsigned long EVP_MD_flags(const EVP_MD *md) return md->flags; } +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) +{ + EVP_MD *md = (EVP_MD *)OPENSSL_zalloc(sizeof(EVP_MD)); + if (md != NULL) { + md->type = md_type; + md->pkey_type = pkey_type; + } + return md; +} +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) +{ + EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type); + if (md != NULL) + memcpy(to, md, sizeof(*to)); + return to; +} +void EVP_MD_meth_free(EVP_MD *md) +{ + OPENSSL_free(md); +} +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) +{ + md->block_size = blocksize; + return 1; +} +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize) +{ + md->md_size = resultsize; + return 1; +} +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) +{ + md->ctx_size = datasize; + return 1; +} +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) +{ + md->flags = flags; + return 1; +} +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) +{ + md->init = init; + return 1; +} +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)) +{ + md->update = update; + return 1; +} +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)) +{ + md->final = final; + return 1; +} +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)) +{ + md->copy = copy; + return 1; +} +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)) +{ + md->cleanup = cleanup; + return 1; +} +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)) +{ + md->md_ctrl = ctrl; + return 1; +} + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md) +{ + return md->block_size; +} +int EVP_MD_meth_get_result_size(const EVP_MD *md) +{ + return md->md_size; +} +int EVP_MD_meth_get_app_datasize(const EVP_MD *md) +{ + return md->ctx_size; +} +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md) +{ + return md->block_size; +} +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx) +{ + return md->init; +} +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count) +{ + return md->update; +} +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md) +{ + return md->final; +} +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from) +{ + return md->copy; +} +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx) +{ + return md->cleanup; +} +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2) +{ + return md->md_ctrl; +} + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) { if (!ctx) @@ -316,6 +440,29 @@ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) return ctx->digest; } +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) +{ + return ctx->pctx; +} + +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) +{ + return ctx->md_data; +} + +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count) +{ + return ctx->update; +} + +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)) +{ + ctx->update = update; +} + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) { ctx->flags |= flags; diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index b70a54c..918ff0a 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -57,6 +57,20 @@ * */ +/* EVP_MD_CTX related stuff */ + +struct evp_md_ctx_st { + const EVP_MD *digest; + ENGINE *engine; /* functional reference if 'digest' is + * ENGINE-provided */ + unsigned long flags; + void *md_data; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); +} /* EVP_MD_CTX */ ; + /* Macros to code block cipher wrappers */ /* Wrapper functions for each cipher mode */ diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 80021b6..8987c42 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -68,20 +68,21 @@ # ifndef OPENSSL_NO_RSA # include # endif +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return MD4_Init(ctx->md_data); + return MD4_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD4_Update(ctx->md_data, data, count); + return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD4_Final(md, ctx->md_data); + return MD4_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md4_md = { diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 4ada7d1..ad26604 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -68,20 +68,21 @@ # ifndef OPENSSL_NO_RSA # include # endif +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return MD5_Init(ctx->md_data); + return MD5_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD5_Update(ctx->md_data, data, count); + return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MD5_Final(md, ctx->md_data); + return MD5_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD md5_md = { diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 22cd7ce..f5472a3 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -60,6 +60,7 @@ # include # include # include "internal/cryptlib.h" +# include "internal/evp_int.h" # ifndef OPENSSL_NO_RSA # include # endif @@ -71,7 +72,7 @@ struct md5_sha1_ctx { static int init(EVP_MD_CTX *ctx) { - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (!MD5_Init(&mctx->md5)) return 0; return SHA1_Init(&mctx->sha1); @@ -79,7 +80,7 @@ static int init(EVP_MD_CTX *ctx) static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (!MD5_Update(&mctx->md5, data, count)) return 0; return SHA1_Update(&mctx->sha1, data, count); @@ -87,7 +88,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t count) static int final(EVP_MD_CTX *ctx, unsigned char *md) { - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (!MD5_Final(md, &mctx->md5)) return 0; return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); @@ -98,7 +99,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) unsigned char padtmp[48]; unsigned char md5tmp[MD5_DIGEST_LENGTH]; unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - struct md5_sha1_ctx *mctx = ctx->md_data; + struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) return 0; diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index ffd1b0e..8934b54 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -68,20 +68,21 @@ # ifndef OPENSSL_NO_RSA # include # endif +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return MDC2_Init(ctx->md_data); + return MDC2_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MDC2_Update(ctx->md_data, data, count); + return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return MDC2_Final(md, ctx->md_data); + return MDC2_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD mdc2_md = { diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index c91f6cb..b649115 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -61,6 +61,7 @@ #include #include #include +#include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index f1c745c..faf09a1 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -68,20 +68,21 @@ # ifndef OPENSSL_NO_RSA # include # endif +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return RIPEMD160_Init(ctx->md_data); + return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return RIPEMD160_Update(ctx->md_data, data, count); + return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return RIPEMD160_Final(md, ctx->md_data); + return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD ripemd160_md = { diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index c913cae..2f30c3c 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -65,20 +65,21 @@ #ifndef OPENSSL_NO_RSA # include #endif +#include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return SHA1_Init(ctx->md_data); + return SHA1_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA1_Update(ctx->md_data, data, count); + return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA1_Final(md, ctx->md_data); + return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); } static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) @@ -86,7 +87,7 @@ static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) unsigned char padtmp[40]; unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - SHA_CTX *sha1 = ctx->md_data; + SHA_CTX *sha1 = EVP_MD_CTX_md_data(ctx); if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) return 0; @@ -157,12 +158,12 @@ const EVP_MD *EVP_sha1(void) static int init224(EVP_MD_CTX *ctx) { - return SHA224_Init(ctx->md_data); + return SHA224_Init(EVP_MD_CTX_md_data(ctx)); } static int init256(EVP_MD_CTX *ctx) { - return SHA256_Init(ctx->md_data); + return SHA256_Init(EVP_MD_CTX_md_data(ctx)); } /* @@ -172,12 +173,12 @@ static int init256(EVP_MD_CTX *ctx) */ static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA256_Update(ctx->md_data, data, count); + return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final256(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA256_Final(md, ctx->md_data); + return SHA256_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD sha224_md = { @@ -220,23 +221,23 @@ const EVP_MD *EVP_sha256(void) static int init384(EVP_MD_CTX *ctx) { - return SHA384_Init(ctx->md_data); + return SHA384_Init(EVP_MD_CTX_md_data(ctx)); } static int init512(EVP_MD_CTX *ctx) { - return SHA512_Init(ctx->md_data); + return SHA512_Init(EVP_MD_CTX_md_data(ctx)); } /* See comment in SHA224/256 section */ static int update512(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA512_Update(ctx->md_data, data, count); + return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final512(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA512_Final(md, ctx->md_data); + return SHA512_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD sha384_md = { diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 258fd91..067d330 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -63,6 +63,7 @@ #include #include #include "internal/evp_int.h" +#include "evp_locl.h" static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey, @@ -157,16 +158,15 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, else r = EVP_DigestFinal_ex(ctx, md, &mdlen); } else { - EVP_MD_CTX tmp_ctx; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) return 0; if (sctx) - r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, - sigret, siglen, &tmp_ctx); + r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, + sigret, siglen, tmp_ctx); else - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - EVP_MD_CTX_cleanup(&tmp_ctx); + r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); + EVP_MD_CTX_free(tmp_ctx); } if (sctx || !r) return r; @@ -203,16 +203,15 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, } else r = EVP_DigestFinal_ex(ctx, md, &mdlen); } else { - EVP_MD_CTX tmp_ctx; - EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) return -1; if (vctx) { - r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, - sig, siglen, &tmp_ctx); + r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, + sig, siglen, tmp_ctx); } else - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - EVP_MD_CTX_cleanup(&tmp_ctx); + r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); + EVP_MD_CTX_free(tmp_ctx); } if (vctx || !r) return r; diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 9ab3c62..0a4a3a9 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -9,20 +9,21 @@ # include # include # include +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { - return WHIRLPOOL_Init(ctx->md_data); + return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx)); } static int update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return WHIRLPOOL_Update(ctx->md_data, data, count); + return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count); } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return WHIRLPOOL_Final(md, ctx->md_data); + return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx)); } static const EVP_MD whirlpool_md = { diff --git a/crypto/evp/names.c b/crypto/evp/names.c index c7c4615..8d132e9 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -61,6 +61,7 @@ #include #include #include +#include "internal/evp_int.h" int EVP_add_cipher(const EVP_CIPHER *c) { diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 2d37d08..d27d83f 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -75,7 +75,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; int i; @@ -84,7 +84,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, unsigned char *salt; int mdsize; int rv = 0; - EVP_MD_CTX_init(&ctx); /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || @@ -111,24 +110,30 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, else if (passlen == -1) passlen = strlen(pass); - if (!EVP_DigestInit_ex(&ctx, md, NULL)) + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE); goto err; - if (!EVP_DigestUpdate(&ctx, pass, passlen)) + } + + if (!EVP_DigestInit_ex(ctx, md, NULL)) + goto err; + if (!EVP_DigestUpdate(ctx, pass, passlen)) goto err; - if (!EVP_DigestUpdate(&ctx, salt, saltlen)) + if (!EVP_DigestUpdate(ctx, salt, saltlen)) goto err; PBEPARAM_free(pbe); - if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; mdsize = EVP_MD_size(md); if (mdsize < 0) return 0; for (i = 1; i < iter; i++) { - if (!EVP_DigestInit_ex(&ctx, md, NULL)) + if (!EVP_DigestInit_ex(ctx, md, NULL)) goto err; - if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) + if (!EVP_DigestUpdate(ctx, md_tmp, mdsize)) goto err; - if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; } OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); @@ -143,6 +148,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return rv; } diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 4986a21..0f5b82b 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -85,21 +85,28 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; int cplen, j, k, tkeylen, mdlen; unsigned long i = 1; - HMAC_CTX hctx_tpl, hctx; + HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; mdlen = EVP_MD_size(digest); if (mdlen < 0) return 0; - HMAC_CTX_init(&hctx_tpl); + hctx_tpl = HMAC_CTX_new(); + if (hctx_tpl == NULL) + return 0; p = out; tkeylen = keylen; if (!pass) passlen = 0; else if (passlen == -1) passlen = strlen(pass); - if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); + if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) { + HMAC_CTX_free(hctx_tpl); + return 0; + } + hctx = HMAC_CTX_new(); + if (hctx == NULL) { + HMAC_CTX_free(hctx_tpl); return 0; } while (tkeylen) { @@ -115,31 +122,33 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); + if (!HMAC_CTX_copy(hctx, hctx_tpl)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - if (!HMAC_Update(&hctx, salt, saltlen) - || !HMAC_Update(&hctx, itmp, 4) - || !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); + if (!HMAC_Update(hctx, salt, saltlen) + || !HMAC_Update(hctx, itmp, 4) + || !HMAC_Final(hctx, digtmp, NULL)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_reset(hctx); memcpy(p, digtmp, cplen); for (j = 1; j < iter; j++) { - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); + if (!HMAC_CTX_copy(hctx, hctx_tpl)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - if (!HMAC_Update(&hctx, digtmp, mdlen) - || !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); + if (!HMAC_Update(hctx, digtmp, mdlen) + || !HMAC_Final(hctx, digtmp, NULL)) { + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); return 0; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_reset(hctx); for (k = 0; k < cplen; k++) p[k] ^= digtmp[k]; } @@ -147,7 +156,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, i++; p += cplen; } - HMAC_CTX_cleanup(&hctx_tpl); + HMAC_CTX_free(hctx); + HMAC_CTX_free(hctx_tpl); # ifdef DEBUG_PKCS5V2 fprintf(stderr, "Password:\n"); h__dump(pass, passlen); diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 808d0de..c5e479e 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -61,6 +61,7 @@ #include #include #include +#include "internal/evp_int.h" int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) @@ -72,17 +73,20 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, EVP_PKEY_CTX *pkctx = NULL; *siglen = 0; - if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { + if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { int rv = 0; - EVP_MD_CTX tmp_ctx; - EVP_MD_CTX_init(&tmp_ctx); - rv = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL) { + EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE); + return 0; + } + rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); if (rv) - rv = EVP_DigestFinal_ex(&tmp_ctx, m, &m_len); - EVP_MD_CTX_cleanup(&tmp_ctx); + rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); + EVP_MD_CTX_free(tmp_ctx); if (!rv) return 0; } @@ -94,13 +98,13 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, goto err; if (EVP_PKEY_sign_init(pkctx) <= 0) goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) goto err; if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) goto err; *siglen = sltmp; i = 1; err: - EVP_PKEY_CTX_free(pkctx); - return i; + EVP_PKEY_CTX_free(pkctx); + return i; } diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 9802dcc..32ec0de 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -61,6 +61,7 @@ #include #include #include +#include "internal/evp_int.h" int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) @@ -70,17 +71,20 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, int i = 0; EVP_PKEY_CTX *pkctx = NULL; - if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { + if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { int rv = 0; - EVP_MD_CTX tmp_ctx; - EVP_MD_CTX_init(&tmp_ctx); - rv = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); + EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); + if (tmp_ctx == NULL) { + EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE); + return 0; + } + rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); if (rv) - rv = EVP_DigestFinal_ex(&tmp_ctx, m, &m_len); - EVP_MD_CTX_cleanup(&tmp_ctx); + rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); + EVP_MD_CTX_free(tmp_ctx); if (!rv) return 0; } @@ -91,7 +95,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) goto err; i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); err: diff --git a/crypto/hmac/Makefile b/crypto/hmac/Makefile index 934631a..a16e620 100644 --- a/crypto/hmac/Makefile +++ b/crypto/hmac/Makefile @@ -95,3 +95,4 @@ hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h hmac.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h hmac.c +hmac.o: hmac_lcl.h diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index e06a1db..41013bc 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -69,7 +69,7 @@ typedef struct { const EVP_MD *md; /* MD for HMAC use */ ASN1_OCTET_STRING ktmp; /* Temp storage for key */ - HMAC_CTX ctx; + HMAC_CTX *ctx; } HMAC_PKEY_CTX; static int pkey_hmac_init(EVP_PKEY_CTX *ctx) @@ -80,7 +80,7 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx) if (hctx == NULL) return 0; hctx->ktmp.type = V_ASN1_OCTET_STRING; - HMAC_CTX_init(&hctx->ctx); + hctx->ctx = HMAC_CTX_new(); ctx->data = hctx; ctx->keygen_info_count = 0; @@ -96,8 +96,7 @@ static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) sctx = src->data; dctx = dst->data; dctx->md = sctx->md; - HMAC_CTX_init(&dctx->ctx); - if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) + if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx)) return 0; if (sctx->ktmp.data) { if (!ASN1_OCTET_STRING_set(&dctx->ktmp, @@ -111,9 +110,12 @@ static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) { HMAC_PKEY_CTX *hctx = ctx->data; - HMAC_CTX_cleanup(&hctx->ctx); - OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); - OPENSSL_free(hctx); + if (hctx != NULL) { + HMAC_CTX_free(hctx->ctx); + OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); + OPENSSL_free(hctx); + ctx->data = NULL; + } } static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) @@ -132,8 +134,8 @@ static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - HMAC_PKEY_CTX *hctx = ctx->pctx->data; - if (!HMAC_Update(&hctx->ctx, data, count)) + HMAC_PKEY_CTX *hctx = EVP_MD_CTX_pkey_ctx(ctx)->data; + if (!HMAC_Update(hctx->ctx, data, count)) return 0; return 1; } @@ -141,9 +143,10 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { HMAC_PKEY_CTX *hctx = ctx->data; - HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); + HMAC_CTX_set_flags(hctx->ctx, + EVP_MD_CTX_test_flags(mctx, ~EVP_MD_CTX_FLAG_NO_INIT)); EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = int_update; + EVP_MD_CTX_set_update_fn(mctx, int_update); return 1; } @@ -160,7 +163,7 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, if (!sig) return 1; - if (!HMAC_Final(&hctx->ctx, sig, &hlen)) + if (!HMAC_Final(hctx->ctx, sig, &hlen)) return 0; *siglen = (size_t)hlen; return 1; @@ -185,7 +188,7 @@ static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_DIGESTINIT: key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; - if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, + if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, ctx->engine)) return 0; break; diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 7699b0b..3bc93a8 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -61,6 +61,7 @@ #include #include "internal/cryptlib.h" #include +#include "hmac_lcl.h" int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) @@ -83,14 +84,14 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, if (key != NULL) { reset = 1; - j = M_EVP_MD_block_size(md); + j = EVP_MD_block_size(md); OPENSSL_assert(j <= (int)sizeof(ctx->key)); if (j < len) { - if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) + if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)) goto err; - if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) + if (!EVP_DigestUpdate(ctx->md_ctx, key, len)) goto err; - if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, + if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key, &ctx->key_length)) goto err; } else { @@ -107,19 +108,19 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, if (reset) { for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) pad[i] = 0x36 ^ ctx->key[i]; - if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) + if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)) goto err; - if (!EVP_DigestUpdate(&ctx->i_ctx, pad, M_EVP_MD_block_size(md))) + if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) goto err; for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) pad[i] = 0x5c ^ ctx->key[i]; - if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) + if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)) goto err; - if (!EVP_DigestUpdate(&ctx->o_ctx, pad, M_EVP_MD_block_size(md))) + if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) goto err; } - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) + if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) goto err; return 1; err: @@ -130,7 +131,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) { if (key && md) - HMAC_CTX_init(ctx); + HMAC_CTX_reset(ctx); return HMAC_Init_ex(ctx, key, len, md, NULL); } #endif @@ -139,7 +140,7 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) { if (!ctx->md) return 0; - return EVP_DigestUpdate(&ctx->md_ctx, data, len); + return EVP_DigestUpdate(ctx->md_ctx, data, len); } int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) @@ -150,78 +151,124 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) if (!ctx->md) goto err; - if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) + if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i)) goto err; - if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) + if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx)) goto err; - if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) + if (!EVP_DigestUpdate(ctx->md_ctx, buf, i)) goto err; - if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) + if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len)) goto err; return 1; err: return 0; } -void HMAC_CTX_init(HMAC_CTX *ctx) +size_t HMAC_size(HMAC_CTX *ctx) { - EVP_MD_CTX_init(&ctx->i_ctx); - EVP_MD_CTX_init(&ctx->o_ctx); - EVP_MD_CTX_init(&ctx->md_ctx); + return EVP_MD_size((ctx)->md); +} + +HMAC_CTX *HMAC_CTX_new(void) +{ + HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_zalloc(sizeof(HMAC_CTX)); + if (ctx) + if (!HMAC_CTX_reset(ctx)) { + HMAC_CTX_free(ctx); + ctx = NULL; + } + return ctx; +} + +static void hmac_ctx_cleanup(HMAC_CTX *ctx) +{ + EVP_MD_CTX_reset(ctx->i_ctx); + EVP_MD_CTX_reset(ctx->o_ctx); + EVP_MD_CTX_reset(ctx->md_ctx); + ctx->md = NULL; + ctx->key_length = 0; + memset(ctx->key, 0, sizeof(HMAC_MAX_MD_CBLOCK)); +} + +void HMAC_CTX_free(HMAC_CTX *ctx) +{ + if (ctx != NULL) { + hmac_ctx_cleanup(ctx); + EVP_MD_CTX_free(ctx->i_ctx); + EVP_MD_CTX_free(ctx->o_ctx); + EVP_MD_CTX_free(ctx->md_ctx); + OPENSSL_free(ctx); + } +} + +int HMAC_CTX_reset(HMAC_CTX *ctx) +{ + hmac_ctx_cleanup(ctx); + if (ctx->i_ctx == NULL) + ctx->i_ctx = EVP_MD_CTX_new(); + if (ctx->i_ctx == NULL) + goto err; + if (ctx->o_ctx == NULL) + ctx->o_ctx = EVP_MD_CTX_new(); + if (ctx->o_ctx == NULL) + goto err; + if (ctx->md_ctx == NULL) + ctx->md_ctx = EVP_MD_CTX_new(); + if (ctx->md_ctx == NULL) + goto err; ctx->md = NULL; + return 1; + err: + hmac_ctx_cleanup(ctx); + return 0; } int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) { - HMAC_CTX_init(dctx); - if (!EVP_MD_CTX_copy_ex(&dctx->i_ctx, &sctx->i_ctx)) + if (!HMAC_CTX_reset(dctx)) + goto err; + if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx)) goto err; - if (!EVP_MD_CTX_copy_ex(&dctx->o_ctx, &sctx->o_ctx)) + if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx)) goto err; - if (!EVP_MD_CTX_copy_ex(&dctx->md_ctx, &sctx->md_ctx)) + if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) goto err; memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); dctx->key_length = sctx->key_length; dctx->md = sctx->md; return 1; err: + hmac_ctx_cleanup(dctx); return 0; } -void HMAC_CTX_cleanup(HMAC_CTX *ctx) -{ - EVP_MD_CTX_cleanup(&ctx->i_ctx); - EVP_MD_CTX_cleanup(&ctx->o_ctx); - EVP_MD_CTX_cleanup(&ctx->md_ctx); - memset(ctx, 0, sizeof(*ctx)); -} - unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len) { - HMAC_CTX c; + HMAC_CTX *c = NULL; static unsigned char m[EVP_MAX_MD_SIZE]; if (md == NULL) md = m; - HMAC_CTX_init(&c); - if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL)) + if ((c = HMAC_CTX_new()) == NULL) + goto err; + if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL)) goto err; - if (!HMAC_Update(&c, d, n)) + if (!HMAC_Update(c, d, n)) goto err; - if (!HMAC_Final(&c, md, md_len)) + if (!HMAC_Final(c, md, md_len)) goto err; - HMAC_CTX_cleanup(&c); + HMAC_CTX_free(c); return md; err: - HMAC_CTX_cleanup(&c); + HMAC_CTX_free(c); return NULL; } void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) { - M_EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); - M_EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); - M_EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + EVP_MD_CTX_set_flags(ctx->i_ctx, flags); + EVP_MD_CTX_set_flags(ctx->o_ctx, flags); + EVP_MD_CTX_set_flags(ctx->md_ctx, flags); } diff --git a/include/openssl/ssl2.h b/crypto/hmac/hmac_lcl.h similarity index 90% copy from include/openssl/ssl2.h copy to crypto/hmac/hmac_lcl.h index 64e1b14..b14607d 100644 --- a/include/openssl/ssl2.h +++ b/crypto/hmac/hmac_lcl.h @@ -1,4 +1,4 @@ -/* ssl/ssl2.h */ +/* crypto/hmac/hmac.h */ /* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) * All rights reserved. * @@ -55,19 +55,23 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ - -#ifndef HEADER_SSL2_H -# define HEADER_SSL2_H +#ifndef HEADER_HMAC_LCL_H +# define HEADER_HMAC_LCL_H #ifdef __cplusplus extern "C" { #endif - -# define SSL2_VERSION 0x0002 - -# define SSL2_MT_CLIENT_HELLO 1 - -#ifdef __cplusplus +#if 0 /* emacs indentation fix */ } #endif + +typedef struct hmac_ctx_st { + const EVP_MD *md; + EVP_MD_CTX *md_ctx; + EVP_MD_CTX *i_ctx; + EVP_MD_CTX *o_ctx; + unsigned int key_length; + unsigned char key[HMAC_MAX_MD_CBLOCK]; +} HMAC_CTX; + #endif diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 218aede..4372d4b 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -129,3 +129,20 @@ extern const EVP_PKEY_METHOD dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth; extern const EVP_PKEY_METHOD hmac_pkey_meth; extern const EVP_PKEY_METHOD rsa_pkey_meth; + +struct evp_md_st { + int type; + int pkey_type; + int md_size; + unsigned long flags; + int (*init) (EVP_MD_CTX *ctx); + int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); + int (*final) (EVP_MD_CTX *ctx, unsigned char *md); + int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); + int (*cleanup) (EVP_MD_CTX *ctx); + int block_size; + int ctx_size; /* how big does the ctx->md_data need to be */ + /* control function */ + int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +} /* EVP_MD */ ; + diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c index e8ea1b0..d0db777 100644 --- a/crypto/pem/pem_seal.c +++ b/crypto/pem/pem_seal.c @@ -93,8 +93,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, EVP_EncodeInit(&ctx->encode); - EVP_MD_CTX_init(&ctx->md); - if (!EVP_SignInit(&ctx->md, md_type)) + ctx->md = EVP_MD_CTX_new(); + if (!EVP_SignInit(ctx->md, md_type)) goto err; EVP_CIPHER_CTX_init(&ctx->cipher); @@ -124,7 +124,7 @@ int PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, int i, j; *outl = 0; - if (!EVP_SignUpdate(&ctx->md, in, inl)) + if (!EVP_SignUpdate(ctx->md, in, inl)) return 0; for (;;) { if (inl <= 0) @@ -172,13 +172,13 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, EVP_EncodeFinal(&ctx->encode, out, &j); *outl += j; - if (!EVP_SignFinal(&ctx->md, s, &i, priv)) + if (!EVP_SignFinal(ctx->md, s, &i, priv)) goto err; *sigl = EVP_EncodeBlock(sig, s, i); ret = 1; err: - EVP_MD_CTX_cleanup(&ctx->md); + EVP_MD_CTX_free(ctx->md); EVP_CIPHER_CTX_cleanup(&ctx->cipher); OPENSSL_free(s); return (ret); diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 50f19f3..c95967c 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -650,16 +650,16 @@ static int derive_pvk_key(unsigned char *key, const unsigned char *salt, unsigned int saltlen, const unsigned char *pass, int passlen) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_new();; int rv = 1; - EVP_MD_CTX_init(&mctx); - if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) - || !EVP_DigestUpdate(&mctx, salt, saltlen) - || !EVP_DigestUpdate(&mctx, pass, passlen) - || !EVP_DigestFinal_ex(&mctx, key, NULL)) + if (mctx == NULL + || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL) + || !EVP_DigestUpdate(mctx, salt, saltlen) + || !EVP_DigestUpdate(mctx, pass, passlen) + || !EVP_DigestFinal_ex(mctx, key, NULL)) rv = 0; - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return rv; } diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index fe378d7..3efdd4a 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -109,13 +109,16 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int i, j, u, v; int ret = 0; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; #ifdef DEBUG_KEYGEN unsigned char *tmpout = out; int tmpn = n; #endif - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) + goto err; + #ifdef DEBUG_KEYGEN fprintf(stderr, "KEYGEN DEBUG\n"); fprintf(stderr, "ID %d, ITER %d\n", id, iter); @@ -151,15 +154,15 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; for (;;) { - if (!EVP_DigestInit_ex(&ctx, md_type, NULL) - || !EVP_DigestUpdate(&ctx, D, v) - || !EVP_DigestUpdate(&ctx, I, Ilen) - || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + if (!EVP_DigestInit_ex(ctx, md_type, NULL) + || !EVP_DigestUpdate(ctx, D, v) + || !EVP_DigestUpdate(ctx, I, Ilen) + || !EVP_DigestFinal_ex(ctx, Ai, NULL)) goto err; for (j = 1; j < iter; j++) { - if (!EVP_DigestInit_ex(&ctx, md_type, NULL) - || !EVP_DigestUpdate(&ctx, Ai, u) - || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + if (!EVP_DigestInit_ex(ctx, md_type, NULL) + || !EVP_DigestUpdate(ctx, Ai, u) + || !EVP_DigestFinal_ex(ctx, Ai, NULL)) goto err; } memcpy(out, Ai, min(n, u)); @@ -215,7 +218,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, OPENSSL_free(I); BN_free(Ij); BN_free(Bpl1); - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return ret; } diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 4cf68e1..fda2bc9 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -59,7 +59,7 @@ # include # include "internal/cryptlib.h" -#include +# include # include # include # include @@ -91,7 +91,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *mac, unsigned int *maclen) { const EVP_MD *md_type; - HMAC_CTX hmac; + HMAC_CTX *hmac = NULL; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; int md_size = 0; @@ -133,15 +133,15 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); return 0; } - HMAC_CTX_init(&hmac); - if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) - || !HMAC_Update(&hmac, p12->authsafes->d.data->data, + hmac = HMAC_CTX_new(); + if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL) + || !HMAC_Update(hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length) - || !HMAC_Final(&hmac, mac, maclen)) { - HMAC_CTX_cleanup(&hmac); + || !HMAC_Final(hmac, mac, maclen)) { + HMAC_CTX_free(hmac); return 0; } - HMAC_CTX_cleanup(&hmac); + HMAC_CTX_free(hmac); return 1; } diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index df83294..91864dc 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -692,7 +692,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) int i, j; BIO *btmp; PKCS7_SIGNER_INFO *si; - EVP_MD_CTX *mdc, ctx_tmp; + EVP_MD_CTX *mdc, *ctx_tmp; STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; ASN1_OCTET_STRING *os = NULL; @@ -707,7 +707,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) return 0; } - EVP_MD_CTX_init(&ctx_tmp); + ctx_tmp = EVP_MD_CTX_new(); + if (ctx_tmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); + return 0; + } + i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -784,7 +789,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* * We now have the EVP_MD_CTX, lets do the signing. */ - if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) + if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc)) goto err; sk = si->auth_attr; @@ -794,7 +799,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) * sign the attributes */ if (sk_X509_ATTRIBUTE_num(sk) > 0) { - if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) + if (!do_pkcs7_signed_attrib(si, ctx_tmp)) goto err; } else { unsigned char *abuf = NULL; @@ -804,7 +809,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if (abuf == NULL) goto err; - if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) { + if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) { PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); goto err; } @@ -849,13 +854,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) } ret = 1; err: - EVP_MD_CTX_cleanup(&ctx_tmp); + EVP_MD_CTX_free(ctx_tmp); return (ret); } int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; @@ -866,8 +871,13 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (md == NULL) return 0; - EVP_MD_CTX_init(&mctx); - if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) + mctx = EVP_MD_CTX_new(); + if (mctx == NULL) { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, @@ -880,16 +890,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); if (!abuf) goto err; - if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) + if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) goto err; OPENSSL_free(abuf); abuf = NULL; - if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) + if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) goto err; abuf = OPENSSL_malloc(siglen); if (abuf == NULL) goto err; - if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) + if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, @@ -898,7 +908,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) goto err; } - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); ASN1_STRING_set0(si->enc_digest, abuf, siglen); @@ -906,7 +916,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) err: OPENSSL_free(abuf); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return 0; } @@ -972,14 +982,18 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509) { ASN1_OCTET_STRING *os; - EVP_MD_CTX mdc_tmp, *mdc; + EVP_MD_CTX *mdc_tmp, *mdc; int ret = 0, i; int md_type; STACK_OF(X509_ATTRIBUTE) *sk; BIO *btmp; EVP_PKEY *pkey; - EVP_MD_CTX_init(&mdc_tmp); + mdc_tmp = EVP_MD_CTX_new(); + if (mdc_tmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); @@ -1016,7 +1030,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, * mdc is the digest ctx that we want, unless there are attributes, in * which case the digest is the signed attributes */ - if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) + if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc)) goto err; sk = si->auth_attr; @@ -1026,7 +1040,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, int alen; ASN1_OCTET_STRING *message_digest; - if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) + if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len)) goto err; message_digest = PKCS7_digest_from_attributes(sk); if (!message_digest) { @@ -1041,7 +1055,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, goto err; } - if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL)) + if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL)) goto err; alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, @@ -1051,7 +1065,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, ret = -1; goto err; } - if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) + if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) goto err; OPENSSL_free(abuf); @@ -1064,7 +1078,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, goto err; } - i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); + i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey); EVP_PKEY_free(pkey); if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); @@ -1073,7 +1087,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } ret = 1; err: - EVP_MD_CTX_cleanup(&mdc_tmp); + EVP_MD_CTX_free(mdc_tmp); return (ret); } diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 698a638..c2dfce4 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -212,7 +212,7 @@ static int rand_add(const void *buf, int num, double add) int i, j, k, st_idx; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; + EVP_MD_CTX *m; int do_not_lock; int rv = 0; @@ -234,7 +234,10 @@ static int rand_add(const void *buf, int num, double add) * hash function. */ - EVP_MD_CTX_init(&m); + m = EVP_MD_CTX_new(); + if (m == NULL) + goto err; + /* check if we already have the lock */ if (crypto_lock_rand) { CRYPTO_THREADID cur; @@ -284,21 +287,21 @@ static int rand_add(const void *buf, int num, double add) j = (num - i); j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; - if (!MD_Init(&m)) + if (!MD_Init(m)) goto err; - if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) goto err; k = (st_idx + j) - STATE_SIZE; if (k > 0) { - if (!MD_Update(&m, &(state[st_idx]), j - k)) + if (!MD_Update(m, &(state[st_idx]), j - k)) goto err; - if (!MD_Update(&m, &(state[0]), k)) + if (!MD_Update(m, &(state[0]), k)) goto err; - } else if (!MD_Update(&m, &(state[st_idx]), j)) + } else if (!MD_Update(m, &(state[st_idx]), j)) goto err; /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ - if (!MD_Update(&m, buf, j)) + if (!MD_Update(m, buf, j)) goto err; /* * We know that line may cause programs such as purify and valgrind @@ -308,9 +311,9 @@ static int rand_add(const void *buf, int num, double add) * insecure keys. */ - if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) goto err; - if (!MD_Final(&m, local_md)) + if (!MD_Final(m, local_md)) goto err; md_c[1]++; @@ -352,7 +355,7 @@ static int rand_add(const void *buf, int num, double add) #endif rv = 1; err: - EVP_MD_CTX_cleanup(&m); + EVP_MD_CTX_free(m); return rv; } @@ -369,7 +372,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) int ok; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; + EVP_MD_CTX *m; #ifndef GETPID_IS_MEANINGLESS pid_t curr_pid = getpid(); #endif @@ -409,7 +412,10 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) if (num <= 0) return 1; - EVP_MD_CTX_init(&m); + m = EVP_MD_CTX_new(); + if (m == NULL) + goto err_mem; + /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ num_ceil = (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); @@ -523,26 +529,26 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) /* num_ceil -= MD_DIGEST_LENGTH/2 */ j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; num -= j; - if (!MD_Init(&m)) + if (!MD_Init(m)) goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) { /* just in the first iteration to save time */ - if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid)) + if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid)) goto err; curr_pid = 0; } #endif if (curr_time) { /* just in the first iteration to save time */ - if (!MD_Update(&m, (unsigned char *)&curr_time, sizeof curr_time)) + if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time)) goto err; - if (!MD_Update(&m, (unsigned char *)&tv, sizeof tv)) + if (!MD_Update(m, (unsigned char *)&tv, sizeof tv)) goto err; curr_time = 0; - rand_hw_seed(&m); + rand_hw_seed(m); } - if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) goto err; - if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) goto err; #ifndef PURIFY /* purify complains */ @@ -553,19 +559,19 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) * builds it is not used: the removal of such a small source of * entropy has negligible impact on security. */ - if (!MD_Update(&m, buf, j)) + if (!MD_Update(m, buf, j)) goto err; #endif k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; if (k > 0) { - if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) + if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) goto err; - if (!MD_Update(&m, &(state[0]), k)) + if (!MD_Update(m, &(state[0]), k)) goto err; - } else if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) + } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) goto err; - if (!MD_Final(&m, local_md)) + if (!MD_Final(m, local_md)) goto err; for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { @@ -578,23 +584,23 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) } } - if (!MD_Init(&m) - || !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) - || !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + if (!MD_Init(m) + || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)) + || !MD_Update(m, local_md, MD_DIGEST_LENGTH)) goto err; CRYPTO_w_lock(CRYPTO_LOCK_RAND); /* * Prevent deadlocks if we end up in an async engine */ ASYNC_block_pause(); - if (!MD_Update(&m, md, MD_DIGEST_LENGTH) || !MD_Final(&m, md)) { + if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) { CRYPTO_w_unlock(CRYPTO_LOCK_RAND); goto err; } ASYNC_unblock_pause(); CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - EVP_MD_CTX_cleanup(&m); + EVP_MD_CTX_free(m); if (ok) return (1); else if (pseudo) @@ -606,8 +612,12 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) return (0); } err: - EVP_MD_CTX_cleanup(&m); RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB); + EVP_MD_CTX_free(m); + return 0; + err_mem: + RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE); + EVP_MD_CTX_free(m); return 0; } diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index bae43f2..68b268e 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -729,7 +729,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ASN1_BIT_STRING *sig) { int pad_mode; - EVP_PKEY_CTX *pkctx = ctx->pctx; + EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; if (pad_mode == RSA_PKCS1_PADDING) diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index ff551f2..0ad1ef3 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -242,13 +242,14 @@ int PKCS1_MGF1(unsigned char *mask, long len, { long i, outlen = 0; unsigned char cnt[4]; - EVP_MD_CTX c; + EVP_MD_CTX *c = EVP_MD_CTX_new(); unsigned char md[EVP_MAX_MD_SIZE]; int mdlen; int rv = -1; - EVP_MD_CTX_init(&c); - mdlen = M_EVP_MD_size(dgst); + if (c == NULL) + goto err; + mdlen = EVP_MD_size(dgst); if (mdlen < 0) goto err; for (i = 0; outlen < len; i++) { @@ -256,16 +257,16 @@ int PKCS1_MGF1(unsigned char *mask, long len, cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - if (!EVP_DigestInit_ex(&c, dgst, NULL) - || !EVP_DigestUpdate(&c, seed, seedlen) - || !EVP_DigestUpdate(&c, cnt, 4)) + if (!EVP_DigestInit_ex(c, dgst, NULL) + || !EVP_DigestUpdate(c, seed, seedlen) + || !EVP_DigestUpdate(c, cnt, 4)) goto err; if (outlen + mdlen <= len) { - if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) + if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) goto err; outlen += mdlen; } else { - if (!EVP_DigestFinal_ex(&c, md, NULL)) + if (!EVP_DigestFinal_ex(c, md, NULL)) goto err; memcpy(mask + outlen, md, len - outlen); outlen = len; @@ -273,6 +274,6 @@ int PKCS1_MGF1(unsigned char *mask, long len, } rv = 0; err: - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_free(c); return rv; } diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 95bf6b0..5f44dd3 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -88,14 +88,17 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, int hLen, maskedDBLen, MSBits, emLen; const unsigned char *H; unsigned char *DB = NULL; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char H_[EVP_MAX_MD_SIZE]; - EVP_MD_CTX_init(&ctx); + + + if (ctx == NULL) + goto err; if (mgf1Hash == NULL) mgf1Hash = Hash; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); if (hLen < 0) goto err; /*- @@ -153,15 +156,15 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); goto err; } - if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) - || !EVP_DigestUpdate(&ctx, mHash, hLen)) + if (!EVP_DigestInit_ex(ctx, Hash, NULL) + || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; if (maskedDBLen - i) { - if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i)) + if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) goto err; } - if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) + if (!EVP_DigestFinal_ex(ctx, H_, NULL)) goto err; if (memcmp(H_, H, hLen)) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE); @@ -171,7 +174,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, err: OPENSSL_free(DB); - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return ret; @@ -193,12 +196,12 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, int ret = 0; int hLen, maskedDBLen, MSBits, emLen; unsigned char *H, *salt = NULL, *p; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; if (mgf1Hash == NULL) mgf1Hash = Hash; - hLen = M_EVP_MD_size(Hash); + hLen = EVP_MD_size(Hash); if (hLen < 0) goto err; /*- @@ -241,16 +244,17 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, } maskedDBLen = emLen - hLen - 1; H = EM + maskedDBLen; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) - || !EVP_DigestUpdate(&ctx, mHash, hLen)) + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) + goto err; + if (!EVP_DigestInit_ex(ctx, Hash, NULL) + || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; - if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) + if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) goto err; - if (!EVP_DigestFinal_ex(&ctx, H, NULL)) + if (!EVP_DigestFinal_ex(ctx, H, NULL)) goto err; - EVP_MD_CTX_cleanup(&ctx); /* Generate dbMask in place then perform XOR on it */ if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) @@ -278,6 +282,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ret = 1; err: + EVP_MD_CTX_free(ctx); OPENSSL_free(salt); return ret; diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 850ec2c..0a073b6 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -70,31 +70,36 @@ static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g) unsigned char digest[SHA_DIGEST_LENGTH]; unsigned char *tmp; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; int longg; int longN = BN_num_bytes(N); + BIGNUM *res = NULL; if (BN_ucmp(g, N) >= 0) return NULL; - if ((tmp = OPENSSL_malloc(longN)) == NULL) + ctxt = EVP_MD_CTX_new(); + if (ctxt == NULL) return NULL; + if ((tmp = OPENSSL_malloc(longN)) == NULL) + goto err; BN_bn2bin(N, tmp); - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, tmp, longN); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, tmp, longN); memset(tmp, 0, longN); longg = BN_bn2bin(g, tmp); /* use the zeros behind to pad on left */ - EVP_DigestUpdate(&ctxt, tmp + longg, longN - longg); - EVP_DigestUpdate(&ctxt, tmp, longg); + EVP_DigestUpdate(ctxt, tmp + longg, longN - longg); + EVP_DigestUpdate(ctxt, tmp, longg); OPENSSL_free(tmp); - EVP_DigestFinal_ex(&ctxt, digest, NULL); - EVP_MD_CTX_cleanup(&ctxt); - return BN_bin2bn(digest, sizeof(digest), NULL); + EVP_DigestFinal_ex(ctxt, digest, NULL); + res = BN_bin2bn(digest, sizeof(digest), NULL); + err: + EVP_MD_CTX_free(ctxt); + return res; } BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) @@ -104,7 +109,7 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) BIGNUM *u; unsigned char cu[SHA_DIGEST_LENGTH]; unsigned char *cAB; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; int longN; if ((A == NULL) || (B == NULL) || (N == NULL)) return NULL; @@ -114,25 +119,30 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) longN = BN_num_bytes(N); - if ((cAB = OPENSSL_malloc(2 * longN)) == NULL) + ctxt = EVP_MD_CTX_new(); + if (ctxt == NULL) return NULL; + if ((cAB = OPENSSL_malloc(2 * longN)) == NULL) + goto err; memset(cAB, 0, longN); - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A, cAB + longN), longN); - EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B, cAB + longN), longN); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(A, cAB + longN), longN); + EVP_DigestUpdate(ctxt, cAB + BN_bn2bin(B, cAB + longN), longN); OPENSSL_free(cAB); - EVP_DigestFinal_ex(&ctxt, cu, NULL); - EVP_MD_CTX_cleanup(&ctxt); + EVP_DigestFinal_ex(ctxt, cu, NULL); if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL) - return NULL; - if (!BN_is_zero(u)) - return u; - BN_free(u); - return NULL; + goto err; + if (BN_is_zero(u)) { + BN_free(u); + u = NULL; + } + err: + EVP_MD_CTX_free(ctxt); + + return u; } BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, @@ -196,31 +206,36 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass) { unsigned char dig[SHA_DIGEST_LENGTH]; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt; unsigned char *cs; + BIGNUM *res = NULL; if ((s == NULL) || (user == NULL) || (pass == NULL)) return NULL; - if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) + ctxt = EVP_MD_CTX_new(); + if (ctxt == NULL) return NULL; + if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) + goto err; - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, user, strlen(user)); - EVP_DigestUpdate(&ctxt, ":", 1); - EVP_DigestUpdate(&ctxt, pass, strlen(pass)); - EVP_DigestFinal_ex(&ctxt, dig, NULL); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, user, strlen(user)); + EVP_DigestUpdate(ctxt, ":", 1); + EVP_DigestUpdate(ctxt, pass, strlen(pass)); + EVP_DigestFinal_ex(ctxt, dig, NULL); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); BN_bn2bin(s, cs); - EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s)); + EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)); OPENSSL_free(cs); - EVP_DigestUpdate(&ctxt, dig, sizeof(dig)); - EVP_DigestFinal_ex(&ctxt, dig, NULL); - EVP_MD_CTX_cleanup(&ctxt); + EVP_DigestUpdate(ctxt, dig, sizeof(dig)); + EVP_DigestFinal_ex(ctxt, dig, NULL); - return BN_bin2bn(dig, sizeof(dig), NULL); + res = BN_bin2bn(dig, sizeof(dig), NULL); + err: + EVP_MD_CTX_free(ctxt); + return res; } BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index b271c99..1be68f2 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -474,7 +474,7 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) SRP_user_pwd *user; unsigned char digv[SHA_DIGEST_LENGTH]; unsigned char digs[SHA_DIGEST_LENGTH]; - EVP_MD_CTX ctxt; + EVP_MD_CTX *ctxt = NULL; if (vb == NULL) return NULL; @@ -499,18 +499,20 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0) goto err; - EVP_MD_CTX_init(&ctxt); - EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); - EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); - EVP_DigestUpdate(&ctxt, username, strlen(username)); - EVP_DigestFinal_ex(&ctxt, digs, NULL); - EVP_MD_CTX_cleanup(&ctxt); - if (SRP_user_pwd_set_sv_BN - (user, BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), - BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) + ctxt = EVP_MD_CTX_new(); + EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key)); + EVP_DigestUpdate(ctxt, username, strlen(username)); + EVP_DigestFinal_ex(ctxt, digs, NULL); + EVP_MD_CTX_free(ctxt); + ctxt = NULL; + if (SRP_user_pwd_set_sv_BN(user, + BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), + BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) return user; err: + EVP_MD_CTX_free(ctxt); SRP_user_pwd_free(user); return NULL; } diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 5a69a94..c79db38 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -529,7 +529,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint; X509_ALGOR *md_alg_resp = msg_imprint->hash_algo; const EVP_MD *md; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = NULL; unsigned char buffer[4096]; int length; @@ -551,17 +551,24 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, goto err; } - if (!EVP_DigestInit(&md_ctx, md)) + md_ctx = EVP_MD_CTX_new(); + if (md_ctx == NULL) { + TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EVP_DigestInit(md_ctx, md)) goto err; while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { - if (!EVP_DigestUpdate(&md_ctx, buffer, length)) + if (!EVP_DigestUpdate(md_ctx, buffer, length)) goto err; } - if (!EVP_DigestFinal(&md_ctx, *imprint, NULL)) + if (!EVP_DigestFinal(md_ctx, *imprint, NULL)) goto err; + EVP_MD_CTX_free(md_ctx); return 1; err: + EVP_MD_CTX_free(md_ctx); X509_ALGOR_free(*md_alg); OPENSSL_free(*imprint); *imprint_len = 0; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 4017545..5c3ac6a 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -82,28 +82,29 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) unsigned long X509_issuer_and_serial_hash(X509 *a) { unsigned long ret = 0; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char md[16]; char *f; - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) + goto err; f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); - if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) + if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) goto err; - if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) + if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) goto err; OPENSSL_free(f); if (!EVP_DigestUpdate - (&ctx, (unsigned char *)a->cert_info.serialNumber.data, + (ctx, (unsigned char *)a->cert_info.serialNumber.data, (unsigned long)a->cert_info.serialNumber.length)) goto err; - if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) + if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL)) goto err; ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return (ret); } #endif @@ -248,21 +249,23 @@ unsigned long X509_NAME_hash(X509_NAME *x) unsigned long X509_NAME_hash_old(X509_NAME *x) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); unsigned long ret = 0; unsigned char md[16]; + if (md_ctx == NULL) + return ret; + /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x, NULL); - EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) - && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) - && EVP_DigestFinal_ex(&md_ctx, md, NULL)) + EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL) + && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length) + && EVP_DigestFinal_ex(md_ctx, md, NULL)) ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return (ret); } diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index cfb9e14..1b98c1c 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -2,9 +2,9 @@ =head1 NAME -EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, -EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, +EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MAX_MD_SIZE, +EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2, @@ -15,17 +15,15 @@ EVP digest routines #include - void EVP_MD_CTX_init(EVP_MD_CTX *ctx); - EVP_MD_CTX *EVP_MD_CTX_create(void); + EVP_MD_CTX *EVP_MD_CTX_new(void); + int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); + void EVP_MD_CTX_free(EVP_MD_CTX *ctx); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); - int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); - void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); - int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); @@ -42,9 +40,16 @@ EVP digest routines int EVP_MD_block_size(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); - #define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) - #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) - #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) + int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); + void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); + int EVP_MD_CTX_size(const EVP_MD *ctx); + int EVP_MD_CTX_block_size(const EVP_MD *ctx); + int EVP_MD_CTX_type(const EVP_MD *ctx); + EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); + void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); const EVP_MD *EVP_md_null(void); const EVP_MD *EVP_md2(void); @@ -59,17 +64,21 @@ EVP digest routines const EVP_MD *EVP_sha512(void); const EVP_MD *EVP_get_digestbyname(const char *name); - #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) - #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) + const EVP_MD *EVP_get_digestbynid(int type); + const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); =head1 DESCRIPTION The EVP digest routines are a high level interface to message digests, and should be used instead of the cipher-specific functions. -EVP_MD_CTX_init() initializes digest context B. +EVP_MD_CTX_new() allocates, initializes and returns a digest context. + +EVP_MD_CTX_reset() resets the digest context B. This can be used +to reuse an already existing context. -EVP_MD_CTX_create() allocates, initializes and returns a digest context. +EVP_MD_CTX_free() cleans up digest context B and frees up the +space allocated to it. EVP_DigestInit_ex() sets up digest context B to use a digest B from ENGINE B. B must be initialized before calling this @@ -88,13 +97,6 @@ After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() can be made, but EVP_DigestInit_ex() can be called to initialize a new digest operation. -EVP_MD_CTX_cleanup() cleans up digest context B, it should be called -after a digest context is no longer needed. - -EVP_MD_CTX_destroy() cleans up digest context B and frees up the -space allocated to it, it should be called only on a context created -using EVP_MD_CTX_create(). - EVP_MD_CTX_copy_ex() can be used to copy the message digest state from B to B. This is useful if large amounts of data are to be hashed which only differ in the last few bytes. B must be initialized @@ -186,17 +188,9 @@ implementations of digests to be specified. If digest contexts are not cleaned up after use memory leaks will occur. -Stack allocation of EVP_MD_CTX structures is common, for example: - - EVP_MD_CTX mctx; - EVP_MD_CTX_init(&mctx); - -This will cause binary compatibility issues if the size of EVP_MD_CTX -structure changes (this will only happen with a major release of OpenSSL). -Applications wishing to avoid this should use EVP_MD_CTX_create() instead: - - EVP_MD_CTX *mctx; - mctx = EVP_MD_CTX_create(); +EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), +EVP_get_digestbynid() and EVP_get_digestbyobj() are defined as +macros. =head1 EXAMPLE @@ -230,12 +224,12 @@ digest name passed on the command line. exit(1); } - mdctx = EVP_MD_CTX_create(); + mdctx = EVP_MD_CTX_new(); EVP_DigestInit_ex(mdctx, md, NULL); EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); EVP_DigestFinal_ex(mdctx, md_value, &md_len); - EVP_MD_CTX_destroy(mdctx); + EVP_MD_CTX_free(mdctx); printf("Digest is: "); for(i = 0; i < md_len; i++) @@ -254,6 +248,12 @@ L =head1 HISTORY +B became opaque in OpenSSL 1.1. Consequently, stack +allocated Bs are no longer supported. + +EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to +EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. + The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now EVP_sha1() can be used with RSA and DSA. The legacy EVP_dss1() was removed in OpenSSL 1.1.0 diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod index caad7fa..4b9eb21 100644 --- a/doc/crypto/EVP_DigestSignInit.pod +++ b/doc/crypto/EVP_DigestSignInit.pod @@ -18,8 +18,8 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing func The EVP signature routines are a high level interface to digital signatures. EVP_DigestSignInit() sets up signing context B to use digest B from -ENGINE B and private key B. B must be initialized with -EVP_MD_CTX_init() before calling this function. If B is not NULL the +ENGINE B and private key B. B must be created with +EVP_MD_CTX_new() before calling this function. If B is not NULL the EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can be used to set alternative signing options. diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod index 338fc74..cc740b7 100644 --- a/doc/crypto/EVP_DigestVerifyInit.pod +++ b/doc/crypto/EVP_DigestVerifyInit.pod @@ -18,8 +18,8 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signat The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest -B from ENGINE B and public key B. B must be initialized -with EVP_MD_CTX_init() before calling this function. If B is not NULL the +B from ENGINE B and public key B. B must be created +with EVP_MD_CTX_new() before calling this function. If B is not NULL the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this can be used to set alternative verification options. diff --git a/doc/crypto/EVP_MD_meth_new.pod b/doc/crypto/EVP_MD_meth_new.pod new file mode 100644 index 0000000..a6a17cd --- /dev/null +++ b/doc/crypto/EVP_MD_meth_new.pod @@ -0,0 +1,160 @@ +=pod + +=head1 NAME + +EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, +EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, +EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, +EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, +EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, +EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, +EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, +EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, +EVP_MD_meth_get_ctrl, EVP_MD_meth_get_pkey_types, +EVP_MD_meth_get_sign, EVP_MD_meth_get_verify - Routines to build up +EVP_MD methods + +=head1 SYNOPSIS + + #include + + EVP_MD *EVP_MD_create_method(int md_type, int pkey_type); + EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); + void EVP_MD_destroy_method(EVP_MD *md); + + int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); + int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); + int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); + int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); + int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); + int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); + int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); + int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); + int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); + int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + + int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); + int EVP_MD_meth_get_result_size(const EVP_MD *md); + int EVP_MD_meth_get_app_datasize(const EVP_MD *md); + unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); + int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); + int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); + int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); + int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); + int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); + int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); + +=head1 DESCRIPTION + +The B type is a structure for digest method implementation. +It can also have associated public/private key signing and verifying +routines. + +EVP_MD_meth_new() creates a new B structure. + +EVP_MD_meth_dup() creates a copy of B. + +EVP_MD_meth_free() destroys a B structure. + +EVP_MD_meth_set_input_blocksize() sets the internal input block size +for the method B to B bytes. + +EVP_MD_meth_set_result_size() sets the size of the result that the +digest method in B is expected to produce to B bytes. + +The digest method may have its own private data, which OpenSSL will +allocate for it. EVP_MD_meth_set_app_datasize() should be used to +set the size for it to B. + +EVP_MD_meth_set_flags() sets the flags to describe optional +behaviours in the particular B. Several flags can be or'd +together. The available flags are: + +=over 4 + +=item EVP_MD_FLAG_ONESHOT + +This digest method can only handles one block of input. + +=item EVP_MD_FLAG_DIGALGID_NULL + +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to NULL by default. Use this for PKCS#1. I + +=item EVP_MD_FLAG_DIGALGID_ABSENT + +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. I + +=item EVP_MD_FLAG_DIGALGID_CUSTOM + +Custom DigestAlgorithmIdentifier handling via ctrl, with +B as default. I +Currently unused. + +=back + +EVP_MD_meth_set_init() sets the digest init function for B. +The digest init function is called by EVP_DigestInit(), +EVP_DigestInit_ex(), EVP_SignInit, EVP_SignInit_ex(), EVP_VerifyInit() +and EVP_VerifyInit_ex(). + +EVP_MD_meth_set_update() sets the digest update function for B. +The digest update function is called by EVP_DigestUpdate(), +EVP_SignUpdate(). + +EVP_MD_meth_set_final() sets the digest final function for B. +The digest final function is called by EVP_DigestFinal(), +EVP_DigestFinal_ex(), EVP_SignFinal() and EVP_VerifyFinal(). + +EVP_MD_meth_set_copy() sets the function for B to do extra +computations after the method's private data structure has been copied +from one B to another. If all that's needed is to copy +the data, there is no need for this copy function. +Note that the copy function is passed two B, the private +data structure is then available with EVP_MD_CTX_md_data(). +This copy function is called by EVP_MD_CTX_copy() and +EVP_MD_CTX_copy_ex(). + +EVP_MD_meth_set_cleanup() sets the function for B to do extra +cleanup before the method's privata data structure is cleaned out and +freed. +Note that the cleanup function is passed a B, the +private data structure is then available with EVP_MD_CTX_md_data(). +This cleanup function is called by EVP_MD_CTX_reset() and +EVP_MD_CTX_free(). + +EVP_MD_meth_set_ctrl() sets the control function for B. + + +EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(), +EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(), +EVP_MD_meth_get_init(), EVP_MD_meth_get_update(), +EVP_MD_meth_get_final(), EVP_MD_meth_get_copy(), +EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used +to retrieve the method data given with the EVP_MD_meth_set_*() +functions above. + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +The B structure was openly available in OpenSSL before version +1.1. The functions described here were added in OpenSSL version 1.1. + +=cut diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index afb2942..185b113 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -23,8 +23,8 @@ The EVP signature routines are a high level interface to digital signatures. EVP_SignInit_ex() sets up signing context B to use digest -B from ENGINE B. B must be initialized with -EVP_MD_CTX_init() before calling this function. +B from ENGINE B. B must be created with +EVP_MD_CTX_new() before calling this function. EVP_SignUpdate() hashes B bytes of data at B into the signature context B. This function can be called several times on the diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod index 1a1d980..7fb6e63 100644 --- a/doc/crypto/EVP_VerifyInit.pod +++ b/doc/crypto/EVP_VerifyInit.pod @@ -20,8 +20,8 @@ The EVP signature verification routines are a high level interface to digital signatures. EVP_VerifyInit_ex() sets up verification context B to use digest -B from ENGINE B. B must be initialized by calling -EVP_MD_CTX_init() before calling this function. +B from ENGINE B. B must be created by calling +EVP_MD_CTX_new() before calling this function. EVP_VerifyUpdate() hashes B bytes of data at B into the verification context B. This function can be called several times on the diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod index 753617a..d8e2498 100644 --- a/doc/crypto/hmac.pod +++ b/doc/crypto/hmac.pod @@ -2,7 +2,7 @@ =head1 NAME -HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup - HMAC message authentication code +HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final - HMAC message authentication code =head1 SYNOPSIS @@ -12,7 +12,8 @@ HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_ int key_len, const unsigned char *d, int n, unsigned char *md, unsigned int *md_len); - void HMAC_CTX_init(HMAC_CTX *ctx); + HMAC_CTX *HMAC_CTX_new(void); + int HMAC_CTX_reset(HMAC_CTX *ctx); int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md); @@ -21,7 +22,7 @@ HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); - void HMAC_CTX_cleanup(HMAC_CTX *ctx); + void HMAC_CTX_free(HMAC_CTX *ctx); =head1 DESCRIPTION @@ -40,12 +41,15 @@ the output is placed in B, unless it is B. B can be EVP_sha1(), EVP_ripemd160() etc. -HMAC_CTX_init() initialises a B before first use. It must be -called. +HMAC_CTX_new() creates a new HMAC_CTX in heap memory. -HMAC_CTX_cleanup() erases the key and other data from the B -and releases any associated resources. It must be called when an -B is no longer required. +HMAC_CTX_reset() zeroes an existing B and associated +resources, making it suitable for new computations as if it was newly +created with HMAC_CTX_new(). + +HMAC_CTX_free() erases the key and other data from the B, +releases any associated resources and finally frees the B +itself. The following functions may be used if the message is not completely stored in memory: @@ -57,8 +61,8 @@ with OpenSSL 0.9.6b. HMAC_Init_ex() initializes or reuses a B structure to use the function B and key B. Either can be NULL, in which -case the existing one will be reused. HMAC_CTX_init() must have been -called before the first use of an B in this +case the existing one will be reused. B must have been created +with HMAC_CTX_new() before the first use of an B in this function. B. @@ -74,10 +78,13 @@ must have space for the hash function output. HMAC() returns a pointer to the message authentication code or NULL if an error occurred. -HMAC_Init_ex(), HMAC_Update() and HMAC_Final() return 1 for success or 0 if -an error occurred. +HMAC_CTX_new() returns a pointer to a new B on success or +B if an error occurred. + +HMAC_CTX_reset(), HMAC_Init_ex(), HMAC_Update() and HMAC_Final() return 1 +for success or 0 if an error occurred. -HMAC_CTX_init() and HMAC_CTX_cleanup() do not return values. +HMAC_CTX_free() do not return values. =head1 CONFORMING TO @@ -89,6 +96,12 @@ L, L =head1 HISTORY +HMAC_CTX_init() was replaced with HMAC_CTX_reset() in OpenSSL versions 1.1. + +HMAC_CTX_cleanup() existed in OpenSSL versions before 1.1. + +HMAC_CTX_new() and HMAC_CTX_free() are new in OpenSSL version 1.1. + HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in versions of OpenSSL before 1.0.0. diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c index fb066d9..062884f 100644 --- a/engines/ccgost/gost_crypt.c +++ b/engines/ccgost/gost_crypt.c @@ -85,20 +85,37 @@ static int gost_imit_cleanup(EVP_MD_CTX *ctx); /* Control function, knows how to set MAC key.*/ static int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr); -EVP_MD imit_gost_cpa = { - NID_id_Gost28147_89_MAC, - NID_undef, - 4, - 0, - gost_imit_init_cpa, - gost_imit_update, - gost_imit_final, - gost_imit_copy, - gost_imit_cleanup, - 8, - sizeof(struct ossl_gost_imit_ctx), - gost_imit_ctrl -}; +static EVP_MD *_hidden_Gost28147_89_MAC_md = NULL; +EVP_MD *imit_gost_cpa(void) +{ + + if (_hidden_Gost28147_89_MAC_md == NULL) { + EVP_MD *md; + + if ((md = EVP_MD_meth_new(NID_id_Gost28147_89_MAC, NID_undef)) == NULL + || !EVP_MD_meth_set_result_size(md, 4) + || !EVP_MD_meth_set_input_blocksize(md, 8) + || !EVP_MD_meth_set_app_datasize(md, + sizeof(struct ossl_gost_imit_ctx)) + || !EVP_MD_meth_set_flags(md, 0) + || !EVP_MD_meth_set_init(md, gost_imit_init_cpa) + || !EVP_MD_meth_set_update(md, gost_imit_update) + || !EVP_MD_meth_set_final(md, gost_imit_final) + || !EVP_MD_meth_set_copy(md, gost_imit_copy) + || !EVP_MD_meth_set_cleanup(md, gost_imit_cleanup) + || !EVP_MD_meth_set_ctrl(md, gost_imit_ctrl)) { + EVP_MD_meth_free(md); + md = NULL; + } + _hidden_Gost28147_89_MAC_md = md; + } + return _hidden_Gost28147_89_MAC_md; +} +void imit_gost_cpa_destroy(void) +{ + EVP_MD_meth_free(_hidden_Gost28147_89_MAC_md); + _hidden_Gost28147_89_MAC_md = NULL; +} /* * Correspondence between gost parameter OIDs and substitution blocks @@ -500,7 +517,7 @@ int gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) int gost_imit_init_cpa(EVP_MD_CTX *ctx) { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); memset(c->buffer, 0, sizeof(c->buffer)); memset(c->partial_block, 0, sizeof(c->partial_block)); c->count = 0; @@ -529,7 +546,7 @@ static void mac_block_mesh(struct ossl_gost_imit_ctx *c, int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); const unsigned char *p = data; size_t bytes = count, i; if (!(c->key_set)) { @@ -561,7 +578,7 @@ int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count) int gost_imit_final(EVP_MD_CTX *ctx, unsigned char *md) { - struct ossl_gost_imit_ctx *c = ctx->md_data; + struct ossl_gost_imit_ctx *c = EVP_MD_CTX_md_data(ctx); if (!c->key_set) { GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET); return 0; @@ -595,9 +612,9 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) return 0; } - gost_key(&(((struct ossl_gost_imit_ctx *)(ctx->md_data))->cctx), + gost_key(&(((struct ossl_gost_imit_ctx *)(EVP_MD_CTX_md_data(ctx)))->cctx), ptr); - ((struct ossl_gost_imit_ctx *)(ctx->md_data))->key_set = 1; + ((struct ossl_gost_imit_ctx *)(EVP_MD_CTX_md_data(ctx)))->key_set = 1; return 1; } @@ -608,13 +625,14 @@ int gost_imit_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) int gost_imit_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) { - memcpy(to->md_data, from->md_data, sizeof(struct ossl_gost_imit_ctx)); + memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from), + sizeof(struct ossl_gost_imit_ctx)); return 1; } /* Clean up imit ctx */ int gost_imit_cleanup(EVP_MD_CTX *ctx) { - memset(ctx->md_data, 0, sizeof(struct ossl_gost_imit_ctx)); + memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_imit_ctx)); return 1; } diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c index 4129260..fed3abe 100644 --- a/engines/ccgost/gost_eng.c +++ b/engines/ccgost/gost_eng.c @@ -39,8 +39,24 @@ static int gost_pkey_asn1_meths(ENGINE *e, EVP_PKEY_ASN1_METHOD **ameth, static int gost_cipher_nids[] = { NID_id_Gost28147_89, NID_gost89_cnt, 0 }; -static int gost_digest_nids[] = - { NID_id_GostR3411_94, NID_id_Gost28147_89_MAC, 0 }; +static int gost_digest_nids(const int **nids) +{ + static int digest_nids[3] = { 0, 0, 0 }; + static int pos = 0; + static int init = 0; + + if (!init) { + const EVP_MD *md; + if ((md = digest_gost()) != NULL) + digest_nids[pos++] = EVP_MD_type(md); + if ((md = imit_gost_cpa()) != NULL) + digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos] = 0; + init = 1; + } + *nids = digest_nids; + return pos; +} static EVP_PKEY_METHOD *pmeth_GostR3410_2001 = NULL; static EVP_PKEY_METHOD *pmeth_Gost28147_MAC = NULL; @@ -60,6 +76,9 @@ static int gost_engine_finish(ENGINE *e) static int gost_engine_destroy(ENGINE *e) { + digest_gost_destroy(); + imit_gost_cpa_destroy(); + gost_param_free(); pmeth_GostR3410_2001 = NULL; @@ -136,8 +155,8 @@ static int bind_gost(ENGINE *e, const char *id) /* These two actually should go in LIST_ADD command */ || !EVP_add_cipher(&cipher_gost) || !EVP_add_cipher(&cipher_gost_cpacnt) - || !EVP_add_digest(&digest_gost) - || !EVP_add_digest(&imit_gost_cpa) + || !EVP_add_digest(digest_gost()) + || !EVP_add_digest(imit_gost_cpa()) ) { goto end; } @@ -157,16 +176,15 @@ static int gost_digests(ENGINE *e, const EVP_MD **digest, { int ok = 1; if (!digest) { - *nids = gost_digest_nids; - return 2; + return gost_digest_nids(nids); } /* * printf("Digest no %d requested\n",nid); */ if (nid == NID_id_GostR3411_94) { - *digest = &digest_gost; + *digest = digest_gost(); } else if (nid == NID_id_Gost28147_89_MAC) { - *digest = &imit_gost_cpa; + *digest = imit_gost_cpa(); } else { ok = 0; *digest = NULL; diff --git a/engines/ccgost/gost_lcl.h b/engines/ccgost/gost_lcl.h index b2541a7..1e047c6 100644 --- a/engines/ccgost/gost_lcl.h +++ b/engines/ccgost/gost_lcl.h @@ -143,9 +143,11 @@ struct ossl_gost_digest_ctx { gost_ctx cctx; }; /* EVP_MD structure for GOST R 34.11 */ -extern EVP_MD digest_gost; +EVP_MD *digest_gost(void); +void digest_gost_destroy(void); /* EVP_MD structure for GOST 28147 in MAC mode */ -extern EVP_MD imit_gost_cpa; +EVP_MD *imit_gost_cpa(void); +void imit_gost_cpa_destroy(void); /* Cipher context used for EVP_CIPHER operation */ struct ossl_gost_cipher_ctx { int paramNID; diff --git a/engines/ccgost/gost_md.c b/engines/ccgost/gost_md.c index 6c96a1b..8c12d00 100644 --- a/engines/ccgost/gost_md.c +++ b/engines/ccgost/gost_md.c @@ -19,24 +19,39 @@ static int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md); static int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from); static int gost_digest_cleanup(EVP_MD_CTX *ctx); -EVP_MD digest_gost = { - NID_id_GostR3411_94, - NID_undef, - 32, - 0, - gost_digest_init, - gost_digest_update, - gost_digest_final, - gost_digest_copy, - gost_digest_cleanup, - 32, - sizeof(struct ossl_gost_digest_ctx), - NULL -}; +static EVP_MD *_hidden_GostR3411_94_md = NULL; +EVP_MD *digest_gost(void) +{ + + if (_hidden_GostR3411_94_md == NULL) { + EVP_MD *md; + + if ((md = EVP_MD_meth_new(NID_id_GostR3411_94, NID_undef)) == NULL + || !EVP_MD_meth_set_result_size(md, 32) + || !EVP_MD_meth_set_input_blocksize(md, 32) + || !EVP_MD_meth_set_app_datasize(md, + sizeof(struct ossl_gost_digest_ctx)) + || !EVP_MD_meth_set_init(md, gost_digest_init) + || !EVP_MD_meth_set_update(md, gost_digest_update) + || !EVP_MD_meth_set_final(md, gost_digest_final) + || !EVP_MD_meth_set_copy(md, gost_digest_copy) + || !EVP_MD_meth_set_cleanup(md, gost_digest_cleanup)) { + EVP_MD_meth_free(md); + md = NULL; + } + _hidden_GostR3411_94_md = md; + } + return _hidden_GostR3411_94_md; +} +void digest_gost_destroy(void) +{ + EVP_MD_meth_free(_hidden_GostR3411_94_md); + _hidden_GostR3411_94_md = NULL; +} int gost_digest_init(EVP_MD_CTX *ctx) { - struct ossl_gost_digest_ctx *c = ctx->md_data; + struct ossl_gost_digest_ctx *c = EVP_MD_CTX_md_data(ctx); memset(&(c->dctx), 0, sizeof(gost_hash_ctx)); gost_init(&(c->cctx), &GostR3411_94_CryptoProParamSet); c->dctx.cipher_ctx = &(c->cctx); @@ -45,20 +60,20 @@ int gost_digest_init(EVP_MD_CTX *ctx) int gost_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return hash_block((gost_hash_ctx *) ctx->md_data, data, count); + return hash_block((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), data, count); } int gost_digest_final(EVP_MD_CTX *ctx, unsigned char *md) { - return finish_hash((gost_hash_ctx *) ctx->md_data, md); + return finish_hash((gost_hash_ctx *) EVP_MD_CTX_md_data(ctx), md); } int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) { - struct ossl_gost_digest_ctx *md_ctx = to->md_data; - if (to->md_data && from->md_data) { - memcpy(to->md_data, from->md_data, + struct ossl_gost_digest_ctx *md_ctx = EVP_MD_CTX_md_data(to); + if (EVP_MD_CTX_md_data(to) && EVP_MD_CTX_md_data(from)) { + memcpy(EVP_MD_CTX_md_data(to), EVP_MD_CTX_md_data(from), sizeof(struct ossl_gost_digest_ctx)); md_ctx->dctx.cipher_ctx = &(md_ctx->cctx); } @@ -67,7 +82,7 @@ int gost_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) int gost_digest_cleanup(EVP_MD_CTX *ctx) { - if (ctx->md_data) - memset(ctx->md_data, 0, sizeof(struct ossl_gost_digest_ctx)); + if (EVP_MD_CTX_md_data(ctx)) + memset(EVP_MD_CTX_md_data(ctx), 0, sizeof(struct ossl_gost_digest_ctx)); return 1; } diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index e70e297..7381c95 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -388,7 +388,8 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } else { key = &(data->key); } - return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32, key); + return EVP_MD_meth_get_ctrl(EVP_MD_CTX_md(mctx)) + (mctx, EVP_MD_CTRL_SET_KEY, 32, key); } } return -2; diff --git a/engines/e_dasync.c b/engines/e_dasync.c index c31b43a..e22c614 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -80,8 +80,6 @@ void ENGINE_load_dasync(void); static int dasync_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); -static int dasync_digest_nids[] = { NID_sha1, 0 }; - static void dummy_pause_job(void); /* SHA1 */ @@ -90,19 +88,49 @@ static int dasync_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count); static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); -static const EVP_MD dasync_sha1 = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - dasync_sha1_init, - dasync_sha1_update, - dasync_sha1_final, - NULL, - NULL, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; +static EVP_MD *_hidden_sha1_md = NULL; +static const EVP_MD *dasync_sha1(void) +{ + if (_hidden_sha1_md == NULL) { + EVP_MD *md; + + if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL + || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) + || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) + || !EVP_MD_meth_set_app_datasize(md, + sizeof(EVP_MD *) + sizeof(SHA_CTX)) + || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) + || !EVP_MD_meth_set_init(md, dasync_sha1_init) + || !EVP_MD_meth_set_update(md, dasync_sha1_update) + || !EVP_MD_meth_set_final(md, dasync_sha1_final)) { + EVP_MD_meth_free(md); + md = NULL; + } + _hidden_sha1_md = md; + } + return _hidden_sha1_md; +} +static void destroy_digests(void) +{ + EVP_MD_meth_free(_hidden_sha1_md); + _hidden_sha1_md = NULL; +} +static int dasync_digest_nids(const int **nids) +{ + static int digest_nids[2] = { 0, 0 }; + static int pos = 0; + static int init = 0; + + if (!init) { + const EVP_MD *md; + if ((md = dasync_sha1()) != NULL) + digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos] = 0; + init = 1; + } + *nids = digest_nids; + return pos; +} /* RSA */ @@ -207,6 +235,7 @@ static int dasync_finish(ENGINE *e) static int dasync_destroy(ENGINE *e) { + destroy_digests(); ERR_unload_DASYNC_strings(); return 1; } @@ -217,14 +246,12 @@ static int dasync_digests(ENGINE *e, const EVP_MD **digest, int ok = 1; if (!digest) { /* We are returning a list of supported nids */ - *nids = dasync_digest_nids; - return (sizeof(dasync_digest_nids) - - 1) / sizeof(dasync_digest_nids[0]); + return dasync_digest_nids(nids); } /* We are being asked for a specific digest */ switch (nid) { case NID_sha1: - *digest = &dasync_sha1; + *digest = dasync_sha1(); break; default: ok = 0; @@ -259,7 +286,7 @@ static void dummy_pause_job(void) { * implementation */ #undef data -#define data(ctx) ((SHA_CTX *)(ctx)->md_data) +#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx)) static int dasync_sha1_init(EVP_MD_CTX *ctx) { dummy_pause_job(); diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index 94e53cd..5fdb23e 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -87,29 +87,34 @@ void ENGINE_load_ossltest(void); static int ossltest_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); -static int ossltest_digest_nids[] = { - NID_md5, NID_sha1, NID_sha256, NID_sha384, NID_sha512, 0 -}; - /* MD5 */ static int digest_md5_init(EVP_MD_CTX *ctx); static int digest_md5_update(EVP_MD_CTX *ctx, const void *data, size_t count); static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md); -static const EVP_MD digest_md5 = { - NID_md5, - NID_md5WithRSAEncryption, - MD5_DIGEST_LENGTH, - 0, - digest_md5_init, - digest_md5_update, - digest_md5_final, - NULL, - NULL, - MD5_CBLOCK, - sizeof(EVP_MD *) + sizeof(MD5_CTX), -}; +static EVP_MD *_hidden_md5_md = NULL; +static const EVP_MD *digest_md5(void) +{ + if (_hidden_md5_md == NULL) { + EVP_MD *md; + + if ((md = EVP_MD_meth_new(NID_md5, NID_md5WithRSAEncryption)) == NULL + || !EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH) + || !EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK) + || !EVP_MD_meth_set_app_datasize(md, + sizeof(EVP_MD *) + sizeof(MD5_CTX)) + || !EVP_MD_meth_set_flags(md, 0) + || !EVP_MD_meth_set_init(md, digest_md5_init) + || !EVP_MD_meth_set_update(md, digest_md5_update) + || !EVP_MD_meth_set_final(md, digest_md5_final)) { + EVP_MD_meth_free(md); + md = NULL; + } + _hidden_md5_md = md; + } + return _hidden_md5_md; +} /* SHA1 */ static int digest_sha1_init(EVP_MD_CTX *ctx); @@ -117,19 +122,28 @@ static int digest_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count); static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md); -static const EVP_MD digest_sha1 = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - digest_sha1_init, - digest_sha1_update, - digest_sha1_final, - NULL, - NULL, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; +static EVP_MD *_hidden_sha1_md = NULL; +static const EVP_MD *digest_sha1(void) +{ + if (_hidden_sha1_md == NULL) { + EVP_MD *md; + + if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL + || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) + || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) + || !EVP_MD_meth_set_app_datasize(md, + sizeof(EVP_MD *) + sizeof(SHA_CTX)) + || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) + || !EVP_MD_meth_set_init(md, digest_sha1_init) + || !EVP_MD_meth_set_update(md, digest_sha1_update) + || !EVP_MD_meth_set_final(md, digest_sha1_final)) { + EVP_MD_meth_free(md); + md = NULL; + } + _hidden_sha1_md = md; + } + return _hidden_sha1_md; +} /* SHA256 */ static int digest_sha256_init(EVP_MD_CTX *ctx); @@ -137,19 +151,28 @@ static int digest_sha256_update(EVP_MD_CTX *ctx, const void *data, size_t count); static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md); -static const EVP_MD digest_sha256 = { - NID_sha256, - NID_sha256WithRSAEncryption, - SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - digest_sha256_init, - digest_sha256_update, - digest_sha256_final, - NULL, - NULL, - SHA256_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA256_CTX), -}; +static EVP_MD *_hidden_sha256_md = NULL; +static const EVP_MD *digest_sha256(void) +{ + if (_hidden_sha256_md == NULL) { + EVP_MD *md; + + if ((md = EVP_MD_meth_new(NID_sha256, NID_sha256WithRSAEncryption)) == NULL + || !EVP_MD_meth_set_result_size(md, SHA256_DIGEST_LENGTH) + || !EVP_MD_meth_set_input_blocksize(md, SHA256_CBLOCK) + || !EVP_MD_meth_set_app_datasize(md, + sizeof(EVP_MD *) + sizeof(SHA256_CTX)) + || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) + || !EVP_MD_meth_set_init(md, digest_sha256_init) + || !EVP_MD_meth_set_update(md, digest_sha256_update) + || !EVP_MD_meth_set_final(md, digest_sha256_final)) { + EVP_MD_meth_free(md); + md = NULL; + } + _hidden_sha256_md = md; + } + return _hidden_sha256_md; +} /* SHA384/SHA512 */ static int digest_sha384_init(EVP_MD_CTX *ctx); @@ -159,33 +182,87 @@ static int digest_sha512_update(EVP_MD_CTX *ctx, const void *data, static int digest_sha384_final(EVP_MD_CTX *ctx, unsigned char *md); static int digest_sha512_final(EVP_MD_CTX *ctx, unsigned char *md); -static const EVP_MD digest_sha384 = { - NID_sha384, - NID_sha384WithRSAEncryption, - SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - digest_sha384_init, - digest_sha512_update, - digest_sha384_final, - NULL, - NULL, - SHA512_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA512_CTX), -}; - -static const EVP_MD digest_sha512 = { - NID_sha512, - NID_sha512WithRSAEncryption, - SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - digest_sha512_init, - digest_sha512_update, - digest_sha512_final, - NULL, - NULL, - SHA512_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA512_CTX), -}; +static EVP_MD *_hidden_sha384_md = NULL; +static const EVP_MD *digest_sha384(void) +{ + if (_hidden_sha384_md == NULL) { + EVP_MD *md; + + if ((md = EVP_MD_meth_new(NID_sha384, NID_sha384WithRSAEncryption)) == NULL + || !EVP_MD_meth_set_result_size(md, SHA384_DIGEST_LENGTH) + || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) + || !EVP_MD_meth_set_app_datasize(md, + sizeof(EVP_MD *) + sizeof(SHA512_CTX)) + || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) + || !EVP_MD_meth_set_init(md, digest_sha384_init) + || !EVP_MD_meth_set_update(md, digest_sha512_update) + || !EVP_MD_meth_set_final(md, digest_sha384_final)) { + EVP_MD_meth_free(md); + md = NULL; + } + _hidden_sha384_md = md; + } + return _hidden_sha384_md; +} +static EVP_MD *_hidden_sha512_md = NULL; +static const EVP_MD *digest_sha512(void) +{ + if (_hidden_sha512_md == NULL) { + EVP_MD *md; + + if ((md = EVP_MD_meth_new(NID_sha512, NID_sha512WithRSAEncryption)) == NULL + || !EVP_MD_meth_set_result_size(md, SHA512_DIGEST_LENGTH) + || !EVP_MD_meth_set_input_blocksize(md, SHA512_CBLOCK) + || !EVP_MD_meth_set_app_datasize(md, + sizeof(EVP_MD *) + sizeof(SHA512_CTX)) + || !EVP_MD_meth_set_flags(md, EVP_MD_FLAG_DIGALGID_ABSENT) + || !EVP_MD_meth_set_init(md, digest_sha512_init) + || !EVP_MD_meth_set_update(md, digest_sha512_update) + || !EVP_MD_meth_set_final(md, digest_sha512_final)) { + EVP_MD_meth_free(md); + md = NULL; + } + _hidden_sha512_md = md; + } + return _hidden_sha512_md; +} +static void destroy_digests(void) +{ + EVP_MD_meth_free(_hidden_md5_md); + _hidden_md5_md = NULL; + EVP_MD_meth_free(_hidden_sha1_md); + _hidden_sha1_md = NULL; + EVP_MD_meth_free(_hidden_sha256_md); + _hidden_sha256_md = NULL; + EVP_MD_meth_free(_hidden_sha384_md); + _hidden_sha384_md = NULL; + EVP_MD_meth_free(_hidden_sha512_md); + _hidden_sha512_md = NULL; +} +static int ossltest_digest_nids(const int **nids) +{ + static int digest_nids[6] = { 0, 0, 0, 0, 0, 0 }; + static int pos = 0; + static int init = 0; + + if (!init) { + const EVP_MD *md; + if ((md = digest_md5()) != NULL) + digest_nids[pos++] = EVP_MD_type(md); + if ((md = digest_sha1()) != NULL) + digest_nids[pos++] = EVP_MD_type(md); + if ((md = digest_sha256()) != NULL) + digest_nids[pos++] = EVP_MD_type(md); + if ((md = digest_sha384()) != NULL) + digest_nids[pos++] = EVP_MD_type(md); + if ((md = digest_sha512()) != NULL) + digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos] = 0; + init = 1; + } + *nids = digest_nids; + return pos; +} /* Setup ciphers */ static int ossltest_ciphers(ENGINE *, const EVP_CIPHER **, @@ -287,6 +364,7 @@ static int ossltest_finish(ENGINE *e) static int ossltest_destroy(ENGINE *e) { + destroy_digests(); ERR_unload_OSSLTEST_strings(); return 1; } @@ -297,26 +375,24 @@ static int ossltest_digests(ENGINE *e, const EVP_MD **digest, int ok = 1; if (!digest) { /* We are returning a list of supported nids */ - *nids = ossltest_digest_nids; - return (sizeof(ossltest_digest_nids) - - 1) / sizeof(ossltest_digest_nids[0]); + return ossltest_digest_nids(nids); } /* We are being asked for a specific digest */ switch (nid) { case NID_md5: - *digest = &digest_md5; + *digest = digest_md5(); break; case NID_sha1: - *digest = &digest_sha1; + *digest = digest_sha1(); break; case NID_sha256: - *digest = &digest_sha256; + *digest = digest_sha256(); break; case NID_sha384: - *digest = &digest_sha384; + *digest = digest_sha384(); break; case NID_sha512: - *digest = &digest_sha512; + *digest = digest_sha512(); break; default: ok = 0; @@ -365,7 +441,7 @@ static void fill_known_data(unsigned char *md, unsigned int len) * the same value. */ #undef data -#define data(ctx) ((MD5_CTX *)(ctx)->md_data) +#define data(ctx) ((MD5_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_md5_init(EVP_MD_CTX *ctx) { return MD5_Init(data(ctx)); @@ -392,7 +468,7 @@ static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md) * SHA1 implementation. */ #undef data -#define data(ctx) ((SHA_CTX *)(ctx)->md_data) +#define data(ctx) ((SHA_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_sha1_init(EVP_MD_CTX *ctx) { return SHA1_Init(data(ctx)); @@ -419,7 +495,7 @@ static int digest_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) * SHA256 implementation. */ #undef data -#define data(ctx) ((SHA256_CTX *)(ctx)->md_data) +#define data(ctx) ((SHA256_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_sha256_init(EVP_MD_CTX *ctx) { return SHA256_Init(data(ctx)); @@ -446,7 +522,7 @@ static int digest_sha256_final(EVP_MD_CTX *ctx, unsigned char *md) * SHA384/512 implementation. */ #undef data -#define data(ctx) ((SHA512_CTX *)(ctx)->md_data) +#define data(ctx) ((SHA512_CTX *)EVP_MD_CTX_md_data(ctx)) static int digest_sha384_init(EVP_MD_CTX *ctx) { return SHA384_Init(data(ctx)); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 910f39b..d8fbba1 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -148,21 +148,41 @@ struct evp_pkey_st { # define EVP_PKEY_MO_DECRYPT 0x0008 # ifndef EVP_MD -struct evp_md_st { - int type; - int pkey_type; - int md_size; - unsigned long flags; - int (*init) (EVP_MD_CTX *ctx); - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); - int (*final) (EVP_MD_CTX *ctx, unsigned char *md); - int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); - int (*cleanup) (EVP_MD_CTX *ctx); - int block_size; - int ctx_size; /* how big does the ctx->md_data need to be */ - /* control function */ - int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); -} /* EVP_MD */ ; +EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +void EVP_MD_meth_free(EVP_MD *md); + +int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, + const void *data, + size_t count)); +int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, + unsigned char *md)); +int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, + const EVP_MD_CTX *from)); +int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2)); + +int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +int EVP_MD_meth_get_result_size(const EVP_MD *md); +int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, + const void *data, + size_t count); +int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, + unsigned char *md); +int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, + const EVP_MD_CTX *from); +int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + int p1, void *p2); /* digest can only handle a single block */ # define EVP_MD_FLAG_ONESHOT 0x0001 @@ -197,18 +217,6 @@ struct evp_md_st { # endif /* !EVP_MD */ -struct evp_md_ctx_st { - const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is - * ENGINE-provided */ - unsigned long flags; - void *md_data; - /* Public key context for sign/verify */ - EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -} /* EVP_MD_CTX */ ; - /* values for EVP_MD_CTX flags */ # define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be @@ -467,15 +475,6 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, # define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) /* Macros to reduce FIPS dependencies: do NOT use in applications */ -# define M_EVP_MD_size(e) ((e)->md_size) -# define M_EVP_MD_block_size(e) ((e)->block_size) -# define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) -# define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) -# define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) -# define M_EVP_MD_type(e) ((e)->type) -# define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) -# define M_EVP_MD_CTX_md(e) ((e)->digest) - # define M_EVP_CIPHER_nid(e) ((e)->nid) # define M_EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) # define M_EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) @@ -503,9 +502,16 @@ int EVP_MD_block_size(const EVP_MD *md); unsigned long EVP_MD_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); +void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update) (EVP_MD_CTX *ctx, + const void *data, size_t count)); # define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) # define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); int EVP_CIPHER_nid(const EVP_CIPHER *cipher); # define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) @@ -565,11 +571,15 @@ void BIO_set_md(BIO *, const EVP_MD *md); # define EVP_delete_digest_alias(alias) \ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); -EVP_MD_CTX *EVP_MD_CTX_create(void); -void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +EVP_MD_CTX *EVP_MD_CTX_new(void); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +# ifdef OPENSSL_USE_DEPRECATED +# define EVP_MD_CTX_create() EVP_MD_CTX_new() +# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +# endif /*__owur*/ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h index 011e2ae..071e8b4 100644 --- a/include/openssl/hmac.h +++ b/include/openssl/hmac.h @@ -68,19 +68,10 @@ extern "C" { #endif -typedef struct hmac_ctx_st { - const EVP_MD *md; - EVP_MD_CTX md_ctx; - EVP_MD_CTX i_ctx; - EVP_MD_CTX o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK]; -} HMAC_CTX; - -# define HMAC_size(e) (EVP_MD_size((e)->md)) - -void HMAC_CTX_init(HMAC_CTX *ctx); -void HMAC_CTX_cleanup(HMAC_CTX *ctx); +size_t HMAC_size(HMAC_CTX *e); +HMAC_CTX *HMAC_CTX_new(void); +int HMAC_CTX_reset(HMAC_CTX *ctx); +void HMAC_CTX_free(HMAC_CTX *ctx); #ifdef OPENSSL_USE_DEPRECATED diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 02749dd..e56bf80 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -137,6 +137,8 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; +typedef struct hmac_ctx_st HMAC_CTX; + typedef struct dh_st DH; typedef struct dh_method DH_METHOD; diff --git a/include/openssl/pem.h b/include/openssl/pem.h index f9e23d2..2746e0e 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -104,7 +104,7 @@ extern "C" { */ typedef struct PEM_Encode_Seal_st { EVP_ENCODE_CTX encode; - EVP_MD_CTX md; + EVP_MD_CTX *md; EVP_CIPHER_CTX cipher; } PEM_ENCODE_SEAL_CTX; diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 381872d..99c655e 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -791,7 +791,6 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) { SSL3_RECORD *rec; unsigned char *mac_sec, *seq; - EVP_MD_CTX md_ctx; const EVP_MD_CTX *hash; unsigned char *p, rec_char; size_t md_size; @@ -855,30 +854,33 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send) } else { unsigned int md_size_u; /* Chop the digest off the end :-) */ - EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); + + if (md_ctx == NULL) + return -1; rec_char = rec->type; p = md; s2n(rec->length, p); - if (EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 - || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 - || EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad) <= 0 - || EVP_DigestUpdate(&md_ctx, seq, 8) <= 0 - || EVP_DigestUpdate(&md_ctx, &rec_char, 1) <= 0 - || EVP_DigestUpdate(&md_ctx, md, 2) <= 0 - || EVP_DigestUpdate(&md_ctx, rec->input, rec->length) <= 0 - || EVP_DigestFinal_ex(&md_ctx, md, NULL) <= 0 - || EVP_MD_CTX_copy_ex(&md_ctx, hash) <= 0 - || EVP_DigestUpdate(&md_ctx, mac_sec, md_size) <= 0 - || EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad) <= 0 - || EVP_DigestUpdate(&md_ctx, md, md_size) <= 0 - || EVP_DigestFinal_ex(&md_ctx, md, &md_size_u) <= 0) { - EVP_MD_CTX_cleanup(&md_ctx); + if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 + || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0 + || EVP_DigestUpdate(md_ctx, seq, 8) <= 0 + || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0 + || EVP_DigestUpdate(md_ctx, md, 2) <= 0 + || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0 + || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0 + || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 + || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 + || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0 + || EVP_DigestUpdate(md_ctx, md, md_size) <= 0 + || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) { + EVP_MD_CTX_reset(md_ctx); return -1; } md_size = md_size_u; - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); } ssl3_record_sequence_update(seq); @@ -892,7 +894,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) EVP_MD_CTX *hash; size_t md_size; int i; - EVP_MD_CTX hmac, *mac_ctx; + EVP_MD_CTX *hmac = NULL, *mac_ctx; unsigned char header[13]; int stream_mac = (send ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM)); @@ -916,9 +918,11 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) if (stream_mac) { mac_ctx = hash; } else { - if (!EVP_MD_CTX_copy(&hmac, hash)) + hmac = EVP_MD_CTX_new(); + if (hmac == NULL + || !EVP_MD_CTX_copy(hmac, hash)) return -1; - mac_ctx = &hmac; + mac_ctx = hmac; } if (SSL_IS_DTLS(ssl)) { @@ -953,16 +957,14 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) rec->length + md_size, rec->orig_len, ssl->s3->read_mac_secret, ssl->s3->read_mac_secret_size, 0) <= 0) { - if (!stream_mac) - EVP_MD_CTX_cleanup(&hmac); + EVP_MD_CTX_free(hmac); return -1; } } else { if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { - if (!stream_mac) - EVP_MD_CTX_cleanup(&hmac); + EVP_MD_CTX_free(hmac); return -1; } if (!send && !SSL_USE_ETM(ssl) && FIPS_mode()) @@ -971,8 +973,7 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) rec->length, rec->orig_len); } - if (!stream_mac) - EVP_MD_CTX_cleanup(&hmac); + EVP_MD_CTX_free(hmac); #ifdef TLS_DEBUG fprintf(stderr, "seq="); diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 177f6d7..f07a045 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -201,7 +201,7 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char first_block[MAX_HASH_BLOCK_SIZE]; unsigned char mac_out[EVP_MAX_MD_SIZE]; unsigned i, j, md_out_size_u; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = NULL; /* * mdLengthSize is the number of bytes in the length field that * terminates * the hash. @@ -497,34 +497,36 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, mac_out[j] |= block[j] & is_block_b; } - EVP_MD_CTX_init(&md_ctx); - if (EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */ ) <= 0) + md_ctx = EVP_MD_CTX_new(); + if (md_ctx == NULL) + goto err; + if (EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */ ) <= 0) goto err; if (is_sslv3) { /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */ memset(hmac_pad, 0x5c, sslv3_pad_length); - if (EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length) <= 0 - || EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length) <= 0 - || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) + if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0 + || EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0 + || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0) goto err; } else { /* Complete the HMAC in the standard manner. */ for (i = 0; i < md_block_size; i++) hmac_pad[i] ^= 0x6a; - if (EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size) <= 0 - || EVP_DigestUpdate(&md_ctx, mac_out, md_size) <= 0) + if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0 + || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0) goto err; } - ret = EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); + ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u); if (ret && md_out_size) *md_out_size = md_out_size_u; - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return 1; err: - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return 0; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 31c8918..c20bff2 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -142,19 +142,24 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) { - EVP_MD_CTX m5; - EVP_MD_CTX s1; + EVP_MD_CTX *m5; + EVP_MD_CTX *s1; unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; unsigned char c = 'A'; unsigned int i, j, k; + int ret = 0; #ifdef CHARSET_EBCDIC c = os_toascii[c]; /* 'A' in ASCII */ #endif k = 0; - EVP_MD_CTX_init(&m5); - EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_MD_CTX_init(&s1); + m5 = EVP_MD_CTX_new(); + s1 = EVP_MD_CTX_new(); + if (m5 == NULL || s1 == NULL) { + SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_MALLOC_FAILURE); + goto err; + } + EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { k++; if (k > sizeof buf) { @@ -166,30 +171,32 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) for (j = 0; j < k; j++) buf[j] = c; c++; - EVP_DigestInit_ex(&s1, EVP_sha1(), NULL); - EVP_DigestUpdate(&s1, buf, k); - EVP_DigestUpdate(&s1, s->session->master_key, + EVP_DigestInit_ex(s1, EVP_sha1(), NULL); + EVP_DigestUpdate(s1, buf, k); + EVP_DigestUpdate(s1, s->session->master_key, s->session->master_key_length); - EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&s1, smd, NULL); + EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE); + EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE); + EVP_DigestFinal_ex(s1, smd, NULL); - EVP_DigestInit_ex(&m5, EVP_md5(), NULL); - EVP_DigestUpdate(&m5, s->session->master_key, + EVP_DigestInit_ex(m5, EVP_md5(), NULL); + EVP_DigestUpdate(m5, s->session->master_key, s->session->master_key_length); - EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH); + EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH); if ((int)(i + MD5_DIGEST_LENGTH) > num) { - EVP_DigestFinal_ex(&m5, smd, NULL); + EVP_DigestFinal_ex(m5, smd, NULL); memcpy(km, smd, (num - i)); } else - EVP_DigestFinal_ex(&m5, km, NULL); + EVP_DigestFinal_ex(m5, km, NULL); km += MD5_DIGEST_LENGTH; } OPENSSL_cleanse(smd, sizeof(smd)); - EVP_MD_CTX_cleanup(&m5); - EVP_MD_CTX_cleanup(&s1); - return 1; + ret = 1; + err: + EVP_MD_CTX_free(m5); + EVP_MD_CTX_free(s1); + return ret; } int ssl3_change_cipher_state(SSL *s, int which) @@ -440,7 +447,7 @@ void ssl3_free_digest_list(SSL *s) { BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; - EVP_MD_CTX_destroy(s->s3->handshake_dgst); + EVP_MD_CTX_free(s->s3->handshake_dgst); s->s3->handshake_dgst = NULL; } @@ -465,7 +472,7 @@ int ssl3_digest_cached_records(SSL *s, int keep) return 0; } - s->s3->handshake_dgst = EVP_MD_CTX_create(); + s->s3->handshake_dgst = EVP_MD_CTX_new(); if (s->s3->handshake_dgst == NULL) { SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); return 0; @@ -492,7 +499,7 @@ int ssl3_digest_cached_records(SSL *s, int keep) int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) { int ret; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; if (!ssl3_digest_cached_records(s, 0)) return 0; @@ -502,25 +509,29 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) return 0; } - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst); + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE); + return 0; + } + EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst); - ret = EVP_MD_CTX_size(&ctx); + ret = EVP_MD_CTX_size(ctx); if (ret < 0) { - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_reset(ctx); return 0; } - if ((sender != NULL && EVP_DigestUpdate(&ctx, sender, len) <= 0) - || EVP_MD_CTX_ctrl(&ctx, EVP_CTRL_SSL3_MASTER_SECRET, + if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) + || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, s->session->master_key_length, s->session->master_key) <= 0 - || EVP_DigestFinal_ex(&ctx, p, NULL) <= 0) { + || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); ret = 0; } - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return ret; } @@ -540,29 +551,32 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, #endif }; unsigned char buf[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); int i, ret = 0; unsigned int n; #ifdef OPENSSL_SSL_TRACE_CRYPTO unsigned char *tmpout = out; #endif - EVP_MD_CTX_init(&ctx); + if (ctx == NULL) { + SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE); + return 0; + } for (i = 0; i < 3; i++) { - if (EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL) <= 0 - || EVP_DigestUpdate(&ctx, salt[i], + if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 + || EVP_DigestUpdate(ctx, salt[i], strlen((const char *)salt[i])) <= 0 - || EVP_DigestUpdate(&ctx, p, len) <= 0 - || EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), + || EVP_DigestUpdate(ctx, p, len) <= 0 + || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), + || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_DigestFinal_ex(&ctx, buf, &n) <= 0 + || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 - || EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL) <= 0 - || EVP_DigestUpdate(&ctx, p, len) <= 0 - || EVP_DigestUpdate(&ctx, buf, n) <= 0 - || EVP_DigestFinal_ex(&ctx, out, &n) <= 0) { + || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 + || EVP_DigestUpdate(ctx, p, len) <= 0 + || EVP_DigestUpdate(ctx, buf, n) <= 0 + || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { SSLerr(SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); ret = 0; break; @@ -570,7 +584,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, out += n; ret += n; } - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); #ifdef OPENSSL_SSL_TRACE_CRYPTO if (ret > 0 && s->msg_callback) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d51c6b7..3ca7c3f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3177,9 +3177,9 @@ void SSL_set_not_resumable_session_callback(SSL *ssl, EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md) { ssl_clear_hash_ctx(hash); - *hash = EVP_MD_CTX_create(); + *hash = EVP_MD_CTX_new(); if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) { - EVP_MD_CTX_destroy(*hash); + EVP_MD_CTX_free(*hash); *hash = NULL; return NULL; } @@ -3190,26 +3190,30 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash) { if (*hash) - EVP_MD_CTX_destroy(*hash); + EVP_MD_CTX_free(*hash); *hash = NULL; } /* Retrieve handshake hashes */ int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *hdgst = s->s3->handshake_dgst; int ret = EVP_MD_CTX_size(hdgst); - EVP_MD_CTX_init(&ctx); if (ret < 0 || ret > outlen) { ret = 0; goto err; } - if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) - || EVP_DigestFinal_ex(&ctx, out, NULL) <= 0) + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + ret = 0; + goto err; + } + if (!EVP_MD_CTX_copy_ex(ctx, hdgst) + || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) ret = 0; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(ctx); return ret; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 9ac9921..60c0983 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1573,7 +1573,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; int al, j; long alg_k, alg_a; EVP_PKEY *pkey = NULL; @@ -1592,7 +1592,12 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) #endif PACKET save_param_start, signature; - EVP_MD_CTX_init(&md_ctx); + md_ctx = EVP_MD_CTX_new(); + if (md_ctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto f_err; + } alg_k = s->s3->tmp.new_cipher->algorithm_mkey; @@ -1882,18 +1887,18 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } - if (EVP_VerifyInit_ex(&md_ctx, md, NULL) <= 0 - || EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]), + if (EVP_VerifyInit_ex(md_ctx, md, NULL) <= 0 + || EVP_VerifyUpdate(md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]), + || EVP_VerifyUpdate(md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_VerifyUpdate(&md_ctx, PACKET_data(¶ms), + || EVP_VerifyUpdate(md_ctx, PACKET_data(¶ms), PACKET_remaining(¶ms)) <= 0) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB); goto f_err; } - if (EVP_VerifyFinal(&md_ctx, PACKET_data(&signature), + if (EVP_VerifyFinal(md_ctx, PACKET_data(&signature), PACKET_remaining(&signature), pkey) <= 0) { /* bad signature */ al = SSL_AD_DECRYPT_ERROR; @@ -1916,7 +1921,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } } EVP_PKEY_free(pkey); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return MSG_PROCESS_CONTINUE_READING; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -1933,7 +1938,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) EC_POINT_free(srvr_ecpoint); EC_KEY_free(ecdh); #endif - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); ossl_statem_set_error(s); return MSG_PROCESS_ERROR; } @@ -2716,7 +2721,7 @@ psk_err: * Compute shared IV and store it in algorithm-specific context * data */ - ukm_hash = EVP_MD_CTX_create(); + ukm_hash = EVP_MD_CTX_new(); if (EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0 || EVP_DigestUpdate(ukm_hash, s->s3->client_random, @@ -2724,12 +2729,12 @@ psk_err: || EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE) <= 0 || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) { - EVP_MD_CTX_destroy(ukm_hash); + EVP_MD_CTX_free(ukm_hash); SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } - EVP_MD_CTX_destroy(ukm_hash); + EVP_MD_CTX_free(ukm_hash); if (EVP_PKEY_CTX_ctrl (pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { @@ -2894,13 +2899,17 @@ int tls_construct_client_verify(SSL *s) unsigned char *p; EVP_PKEY *pkey; const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys]; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; unsigned u = 0; unsigned long n = 0; long hdatalen = 0; void *hdata; - EVP_MD_CTX_init(&mctx); + mctx = EVP_MD_CTX_new(); + if (mctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } p = ssl_handshake_start(s); pkey = s->cert->key->privatekey; @@ -2921,13 +2930,13 @@ int tls_construct_client_verify(SSL *s) #ifdef SSL_DEBUG fprintf(stderr, "Using client alg %s\n", EVP_MD_name(md)); #endif - if (!EVP_SignInit_ex(&mctx, md, NULL) - || !EVP_SignUpdate(&mctx, hdata, hdatalen) + if (!EVP_SignInit_ex(mctx, md, NULL) + || !EVP_SignUpdate(mctx, hdata, hdatalen) || (s->version == SSL3_VERSION - && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET, + && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, s->session->master_key_length, s->session->master_key)) - || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) { + || !EVP_SignFinal(mctx, p + 2, &u, pkey)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_EVP_LIB); goto err; } @@ -2949,10 +2958,10 @@ int tls_construct_client_verify(SSL *s) goto err; } - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return 1; err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return 0; } diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index aafd28f..6d73659 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -204,8 +204,7 @@ void dtls1_hm_fragment_free(hm_fragment *frag) if (frag->msg_header.is_ccs) { EVP_CIPHER_CTX_free(frag->msg_header. saved_retransmit_state.enc_write_ctx); - EVP_MD_CTX_destroy(frag->msg_header. - saved_retransmit_state.write_hash); + EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state.write_hash); } OPENSSL_free(frag->fragment); OPENSSL_free(frag->reassembly); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index a39e288..3ccb287 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1733,9 +1733,13 @@ int tls_construct_server_key_exchange(SSL *s) BIGNUM *r[4]; int nr[4], kn; BUF_MEM *buf; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); - EVP_MD_CTX_init(&md_ctx); + if (md_ctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } type = s->s3->tmp.new_cipher->algorithm_mkey; cert = s->cert; @@ -2040,13 +2044,13 @@ int tls_construct_server_key_exchange(SSL *s) #ifdef SSL_DEBUG fprintf(stderr, "Using hash %s\n", EVP_MD_name(md)); #endif - if (EVP_SignInit_ex(&md_ctx, md, NULL) <= 0 - || EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]), + if (EVP_SignInit_ex(md_ctx, md, NULL) <= 0 + || EVP_SignUpdate(md_ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]), + || EVP_SignUpdate(md_ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE) <= 0 - || EVP_SignUpdate(&md_ctx, d, n) <= 0 - || EVP_SignFinal(&md_ctx, &(p[2]), + || EVP_SignUpdate(md_ctx, d, n) <= 0 + || EVP_SignFinal(md_ctx, &(p[2]), (unsigned int *)&i, pkey) <= 0) { SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_LIB_EVP); al = SSL_AD_INTERNAL_ERROR; @@ -2071,7 +2075,7 @@ int tls_construct_server_key_exchange(SSL *s) goto f_err; } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -2080,7 +2084,7 @@ int tls_construct_server_key_exchange(SSL *s) OPENSSL_free(encodedPoint); BN_CTX_free(bn_ctx); #endif - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); ossl_statem_set_error(s); return 0; } @@ -2884,8 +2888,13 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) long hdatalen = 0; void *hdata; - EVP_MD_CTX mctx; - EVP_MD_CTX_init(&mctx); + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + + if (mctx == NULL) { + SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } peer = s->session->peer; pkey = X509_get_pubkey(peer); @@ -2966,8 +2975,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) #ifdef SSL_DEBUG fprintf(stderr, "Using client verify alg %s\n", EVP_MD_name(md)); #endif - if (!EVP_VerifyInit_ex(&mctx, md, NULL) - || !EVP_VerifyUpdate(&mctx, hdata, hdatalen)) { + if (!EVP_VerifyInit_ex(mctx, md, NULL) + || !EVP_VerifyUpdate(mctx, hdata, hdatalen)) { SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); al = SSL_AD_INTERNAL_ERROR; goto f_err; @@ -2982,7 +2991,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) #endif if (s->version == SSL3_VERSION - && !EVP_MD_CTX_ctrl(&mctx, EVP_CTRL_SSL3_MASTER_SECRET, + && !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, s->session->master_key_length, s->session->master_key)) { SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_EVP_LIB); @@ -2990,7 +2999,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) goto f_err; } - if (EVP_VerifyFinal(&mctx, data, len, pkey) <= 0) { + if (EVP_VerifyFinal(mctx, data, len, pkey) <= 0) { al = SSL_AD_DECRYPT_ERROR; SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, SSL_R_BAD_SIGNATURE); goto f_err; @@ -3004,7 +3013,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } BIO_free(s->s3->handshake_buffer); s->s3->handshake_buffer = NULL; - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); EVP_PKEY_free(pkey); return ret; } @@ -3151,7 +3160,7 @@ int tls_construct_new_session_ticket(SSL *s) { unsigned char *senc = NULL; EVP_CIPHER_CTX ctx; - HMAC_CTX hctx; + HMAC_CTX *hctx = NULL; unsigned char *p, *macstart; const unsigned char *const_p; int len, slen_full, slen; @@ -3178,7 +3187,7 @@ int tls_construct_new_session_ticket(SSL *s) } EVP_CIPHER_CTX_init(&ctx); - HMAC_CTX_init(&hctx); + hctx = HMAC_CTX_new(); p = senc; if (!i2d_SSL_SESSION(s->session, &p)) @@ -3224,8 +3233,7 @@ int tls_construct_new_session_ticket(SSL *s) * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { - if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) + if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, hctx, 1) < 0) goto err; } else { if (RAND_bytes(iv, 16) <= 0) @@ -3233,7 +3241,7 @@ int tls_construct_new_session_ticket(SSL *s) if (!EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv)) goto err; - if (!HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16, EVP_sha256(), NULL)) goto err; memcpy(key_name, tctx->tlsext_tick_key_name, 16); @@ -3263,13 +3271,13 @@ int tls_construct_new_session_ticket(SSL *s) goto err; p += len; - if (!HMAC_Update(&hctx, macstart, p - macstart)) + if (!HMAC_Update(hctx, macstart, p - macstart)) goto err; - if (!HMAC_Final(&hctx, p, &hlen)) + if (!HMAC_Final(hctx, p, &hlen)) goto err; EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); p += hlen; /* Now write out lengths: p points to end of data written */ @@ -3286,7 +3294,7 @@ int tls_construct_new_session_ticket(SSL *s) err: OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); ossl_statem_set_error(s); return 0; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index ccf933e..5889558 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -157,7 +157,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, { int chunk; size_t j; - EVP_MD_CTX ctx, ctx_tmp, ctx_init; + EVP_MD_CTX *ctx, *ctx_tmp, *ctx_init; EVP_PKEY *mac_key; unsigned char A1[EVP_MAX_MD_SIZE]; size_t A1_len; @@ -166,60 +166,62 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, chunk = EVP_MD_size(md); OPENSSL_assert(chunk >= 0); - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_init(&ctx_tmp); - EVP_MD_CTX_init(&ctx_init); - EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + ctx = EVP_MD_CTX_new(); + ctx_tmp = EVP_MD_CTX_new(); + ctx_init = EVP_MD_CTX_new(); + if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL) + goto err; + EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (!mac_key) goto err; - if (!EVP_DigestSignInit(&ctx_init, NULL, md, NULL, mac_key)) + if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key)) goto err; - if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) + if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) + if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) + if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) + if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) + if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) + if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) goto err; - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; for (;;) { /* Reinit mac contexts */ - if (!EVP_MD_CTX_copy_ex(&ctx, &ctx_init)) + if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) goto err; - if (!EVP_DigestSignUpdate(&ctx, A1, A1_len)) + if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) goto err; - if (olen > chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp, &ctx)) + if (olen > chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx)) goto err; - if (seed1 && !EVP_DigestSignUpdate(&ctx, seed1, seed1_len)) + if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len)) goto err; - if (seed2 && !EVP_DigestSignUpdate(&ctx, seed2, seed2_len)) + if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len)) goto err; - if (seed3 && !EVP_DigestSignUpdate(&ctx, seed3, seed3_len)) + if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len)) goto err; - if (seed4 && !EVP_DigestSignUpdate(&ctx, seed4, seed4_len)) + if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len)) goto err; - if (seed5 && !EVP_DigestSignUpdate(&ctx, seed5, seed5_len)) + if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len)) goto err; if (olen > chunk) { - if (!EVP_DigestSignFinal(&ctx, out, &j)) + if (!EVP_DigestSignFinal(ctx, out, &j)) goto err; out += j; olen -= j; /* calc the next A1 value */ - if (!EVP_DigestSignFinal(&ctx_tmp, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len)) goto err; } else { /* last one */ - if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) + if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) goto err; memcpy(out, A1, olen); break; @@ -228,9 +230,9 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, ret = 1; err: EVP_PKEY_free(mac_key); - EVP_MD_CTX_cleanup(&ctx); - EVP_MD_CTX_cleanup(&ctx_tmp); - EVP_MD_CTX_cleanup(&ctx_init); + EVP_MD_CTX_free(ctx); + EVP_MD_CTX_free(ctx_tmp); + EVP_MD_CTX_free(ctx_init); OPENSSL_cleanse(A1, sizeof(A1)); return ret; } @@ -372,7 +374,7 @@ int tls1_change_cipher_state(SSL *s, int which) goto err; dd = s->enc_write_ctx; if (SSL_IS_DTLS(s)) { - mac_ctx = EVP_MD_CTX_create(); + mac_ctx = EVP_MD_CTX_new(); if (mac_ctx == NULL) goto err; s->write_hash = mac_ctx; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 971aad3..a6f2502 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3027,6 +3027,7 @@ end: * point to the resulting session. * * Returns: + * -2: fatal error, malloc failure. * -1: fatal error, either from parsing or decrypting the ticket. * 2: the ticket couldn't be decrypted. * 3: a ticket was successfully decrypted and *psess was set. @@ -3041,19 +3042,21 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, const unsigned char *p; int slen, mlen, renew_ticket = 0; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; - HMAC_CTX hctx; + HMAC_CTX *hctx = NULL; EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; /* Need at least keyname + iv + some encrypted data */ if (eticklen < 48) return 2; /* Initialize session ticket encryption and HMAC contexts */ - HMAC_CTX_init(&hctx); + hctx = HMAC_CTX_new(); + if (hctx == NULL) + return -2; EVP_CIPHER_CTX_init(&ctx); if (tctx->tlsext_ticket_key_cb) { unsigned char *nctick = (unsigned char *)etick; int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, - &ctx, &hctx, 0); + &ctx, hctx, 0); if (rv < 0) return -1; if (rv == 0) @@ -3064,7 +3067,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Check key name matches */ if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; - if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, + if (HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key, 16, EVP_sha256(), NULL) <= 0 || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, @@ -3076,17 +3079,17 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, * Attempt to process session ticket, first conduct sanity and integrity * checks on ticket. */ - mlen = HMAC_size(&hctx); + mlen = HMAC_size(hctx); if (mlen < 0) { goto err; } eticklen -= mlen; /* Check HMAC of encrypted ticket */ - if (HMAC_Update(&hctx, etick, eticklen) <= 0 - || HMAC_Final(&hctx, tick_hmac, NULL) <= 0) { + if (HMAC_Update(hctx, etick, eticklen) <= 0 + || HMAC_Final(hctx, tick_hmac, NULL) <= 0) { goto err; } - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { EVP_CIPHER_CTX_cleanup(&ctx); return 2; @@ -3135,7 +3138,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, return 2; err: EVP_CIPHER_CTX_cleanup(&ctx); - HMAC_CTX_cleanup(&hctx); + HMAC_CTX_free(hctx); return -1; } diff --git a/test/ecdsatest.c b/test/ecdsatest.c index d56836f..a55a553 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -188,17 +188,19 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) const char message[] = "abc"; unsigned char digest[20]; unsigned int dgst_len = 0; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); EC_KEY *key = NULL; ECDSA_SIG *signature = NULL; BIGNUM *r = NULL, *s = NULL; BIGNUM *kinv = NULL, *rp = NULL; - EVP_MD_CTX_init(&md_ctx); + if (md_ctx == NULL) + goto x962_int_err; + /* get the message digest */ - if (!EVP_DigestInit(&md_ctx, EVP_sha1()) - || !EVP_DigestUpdate(&md_ctx, (const void *)message, 3) - || !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) + if (!EVP_DigestInit(md_ctx, EVP_sha1()) + || !EVP_DigestUpdate(md_ctx, (const void *)message, 3) + || !EVP_DigestFinal(md_ctx, digest, &dgst_len)) goto x962_int_err; BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); @@ -244,7 +246,7 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) ECDSA_SIG_free(signature); BN_free(r); BN_free(s); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); BN_clear_free(kinv); BN_clear_free(rp); return ret; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index ac79388..a536308 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -277,19 +277,21 @@ static int test_EVP_DigestSignInit(void) EVP_PKEY *pkey = NULL; unsigned char *sig = NULL; size_t sig_len = 0; - EVP_MD_CTX md_ctx, md_ctx_verify; + EVP_MD_CTX *md_ctx, *md_ctx_verify; - EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_init(&md_ctx_verify); + md_ctx = EVP_MD_CTX_new(); + md_ctx_verify = EVP_MD_CTX_new(); + if (md_ctx == NULL || md_ctx_verify == NULL) + goto out; pkey = load_example_rsa_key(); if (pkey == NULL || - !EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) { + !EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) { goto out; } /* Determine the size of the signature. */ - if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) { + if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) { goto out; } /* Sanity check for testing. */ @@ -299,14 +301,14 @@ static int test_EVP_DigestSignInit(void) } sig = OPENSSL_malloc(sig_len); - if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) { + if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) { goto out; } /* Ensure that the signature round-trips. */ - if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) - || !EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) - || !EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) { + if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) + || !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)) + || !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) { goto out; } @@ -317,8 +319,8 @@ static int test_EVP_DigestSignInit(void) ERR_print_errors_fp(stderr); } - EVP_MD_CTX_cleanup(&md_ctx); - EVP_MD_CTX_cleanup(&md_ctx_verify); + EVP_MD_CTX_free(md_ctx); + EVP_MD_CTX_free(md_ctx_verify); EVP_PKEY_free(pkey); OPENSSL_free(sig); @@ -329,15 +331,15 @@ static int test_EVP_DigestVerifyInit(void) { int ret = 0; EVP_PKEY *pkey = NULL; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; - EVP_MD_CTX_init(&md_ctx); + md_ctx = EVP_MD_CTX_new(); pkey = load_example_rsa_key(); if (pkey == NULL || - !EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) || - !EVP_DigestVerifyFinal(&md_ctx, kSignature, sizeof(kSignature))) { + !EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || + !EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)) || + !EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature))) { goto out; } ret = 1; @@ -347,7 +349,7 @@ static int test_EVP_DigestVerifyInit(void) ERR_print_errors_fp(stderr); } - EVP_MD_CTX_cleanup(&md_ctx); + EVP_MD_CTX_free(md_ctx); EVP_PKEY_free(pkey); return ret; diff --git a/test/evp_test.c b/test/evp_test.c index 83d1749..725af8a 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -691,7 +691,7 @@ static int digest_test_run(struct evp_test *t) EVP_MD_CTX *mctx; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int md_len; - mctx = EVP_MD_CTX_create(); + mctx = EVP_MD_CTX_new(); if (!mctx) goto err; err = "DIGESTINIT_ERROR"; @@ -713,8 +713,7 @@ static int digest_test_run(struct evp_test *t) goto err; err = NULL; err: - if (mctx) - EVP_MD_CTX_destroy(mctx); + EVP_MD_CTX_free(mctx); t->err = err; return 1; } @@ -1101,7 +1100,7 @@ static int mac_test_run(struct evp_test *t) if (!md) goto err; } - mctx = EVP_MD_CTX_create(); + mctx = EVP_MD_CTX_new(); if (!mctx) goto err; err = "DIGESTSIGNINIT_ERROR"; @@ -1129,8 +1128,7 @@ static int mac_test_run(struct evp_test *t) goto err; err = NULL; err: - if (mctx) - EVP_MD_CTX_destroy(mctx); + EVP_MD_CTX_free(mctx); OPENSSL_free(mac); EVP_PKEY_CTX_free(genctx); EVP_PKEY_free(key); diff --git a/test/gost2814789test.c b/test/gost2814789test.c index 56a8ae3..2ab0782 100644 --- a/test/gost2814789test.c +++ b/test/gost2814789test.c @@ -1207,7 +1207,7 @@ int main(int argc, char *argv[]) u64 ullMaxLen = 6 * 1000 * 1000; int ignore = 0; ENGINE *impl = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_CIPHER_CTX ectx; EVP_PKEY *mac_key; byte bDerive[EVP_MAX_KEY_LENGTH]; @@ -1391,28 +1391,33 @@ int main(int argc, char *argv[]) */ continue; } - EVP_MD_CTX_init(&mctx); + mctx = EVP_MD_CTX_new(); + if (mctx == NULL) { + fflush(NULL); + fprintf(stderr, "ENGINE_ctrl_cmd_string: malloc failure\n"); + return 14; + } mac_key = EVP_PKEY_new_mac_key(NID_id_Gost28147_89_MAC, NULL, bDerive, mdl); - EVP_DigestSignInit(&mctx, NULL, md_g89imit, impl, mac_key); + EVP_DigestSignInit(mctx, NULL, md_g89imit, impl, mac_key); if (G89_MAX_TC_LEN >= tcs[t].ullLen) { - EVP_DigestSignUpdate(&mctx, tcs[t].bIn, + EVP_DigestSignUpdate(mctx, tcs[t].bIn, (unsigned int)tcs[t].ullLen); } else { for (ullLeft = tcs[t].ullLen; ullLeft >= sizeof(bZB); ullLeft -= sizeof(bZB)) { printf("B"); fflush(NULL); - EVP_DigestSignUpdate(&mctx, bZB, sizeof(bZB)); + EVP_DigestSignUpdate(mctx, bZB, sizeof(bZB)); } printf("b" FMT64 "/" FMT64, ullLeft, tcs[t].ullLen); fflush(NULL); - EVP_DigestSignUpdate(&mctx, bZB, (unsigned int)ullLeft); + EVP_DigestSignUpdate(mctx, bZB, (unsigned int)ullLeft); } siglen = 4; - OPENSSL_assert(EVP_DigestSignFinal(&mctx, bTest, &siglen)); + OPENSSL_assert(EVP_DigestSignFinal(mctx, bTest, &siglen)); EVP_PKEY_free(mac_key); - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); enlu = (int)tcs[t].ullLen; enlf = 0; l = siglen; diff --git a/test/hmactest.c b/test/hmactest.c index f8d5350..9fb12ad 100644 --- a/test/hmactest.c +++ b/test/hmactest.c @@ -134,7 +134,7 @@ int main(int argc, char *argv[]) char *p; # endif int err = 0; - HMAC_CTX ctx, ctx2; + HMAC_CTX *ctx = NULL, *ctx2 = NULL; unsigned char buf[EVP_MAX_MD_SIZE]; unsigned int len; @@ -165,57 +165,61 @@ int main(int argc, char *argv[]) # endif /* OPENSSL_NO_MD5 */ /* test4 */ - HMAC_CTX_init(&ctx); - if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) { + ctx = HMAC_CTX_new(); + if (ctx == NULL) { + printf("HMAC malloc failure (test 4)\n"); + err++; + goto end; + } + if (HMAC_Init_ex(ctx, NULL, 0, NULL, NULL)) { printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); err++; goto test5; } - if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); err++; goto test5; } - if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) { + if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha1(), NULL)) { printf("Should fail to initialise HMAC with empty key (test 4)\n"); err++; goto test5; } - if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); err++; goto test5; } printf("test 4 ok\n"); test5: - HMAC_CTX_cleanup(&ctx); - HMAC_CTX_init(&ctx); - if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) { + HMAC_CTX_reset(ctx); + if (HMAC_Init_ex(ctx, test[4].key, test[4].key_len, NULL, NULL)) { printf("Should fail to initialise HMAC with empty MD (test 5)\n"); err++; goto test6; } - if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Should fail HMAC_Update with ctx not set up (test 5)\n"); err++; goto test6; } - if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) { + if (HMAC_Init_ex(ctx, test[4].key, -1, EVP_sha1(), NULL)) { printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); err++; goto test6; } - if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { + if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { printf("Failed to initialise HMAC (test 5)\n"); err++; goto test6; } - if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + if (!HMAC_Update(ctx, test[4].data, test[4].data_len)) { printf("Error updating HMAC with data (test 5)\n"); err++; goto test6; } - if (!HMAC_Final(&ctx, buf, &len)) { + if (!HMAC_Final(ctx, buf, &len)) { printf("Error finalising data (test 5)\n"); err++; goto test6; @@ -227,22 +231,22 @@ test5: err++; goto test6; } - if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { + if (HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL)) { printf("Should disallow changing MD without a new key (test 5)\n"); err++; goto test6; } - if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { + if (!HMAC_Init_ex(ctx, test[4].key, test[4].key_len, EVP_sha256(), NULL)) { printf("Failed to reinitialise HMAC (test 5)\n"); err++; goto test6; } - if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) { + if (!HMAC_Update(ctx, test[5].data, test[5].data_len)) { printf("Error updating HMAC with data (sha256) (test 5)\n"); err++; goto test6; } - if (!HMAC_Final(&ctx, buf, &len)) { + if (!HMAC_Final(ctx, buf, &len)) { printf("Error finalising data (sha256) (test 5)\n"); err++; goto test6; @@ -254,17 +258,17 @@ test5: err++; goto test6; } - if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) { + if (!HMAC_Init_ex(ctx, test[6].key, test[6].key_len, NULL, NULL)) { printf("Failed to reinitialise HMAC with key (test 5)\n"); err++; goto test6; } - if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) { + if (!HMAC_Update(ctx, test[6].data, test[6].data_len)) { printf("Error updating HMAC with data (new key) (test 5)\n"); err++; goto test6; } - if (!HMAC_Final(&ctx, buf, &len)) { + if (!HMAC_Final(ctx, buf, &len)) { printf("Error finalising data (new key) (test 5)\n"); err++; goto test6; @@ -278,24 +282,29 @@ test5: printf("test 5 ok\n"); } test6: - HMAC_CTX_cleanup(&ctx); - HMAC_CTX_init(&ctx); - if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { + HMAC_CTX_reset(ctx); + ctx2 = HMAC_CTX_new(); + if (ctx2 == NULL) { + printf("HMAC malloc failure (test 6)\n"); + err++; + goto end; + } + if (!HMAC_Init_ex(ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { printf("Failed to initialise HMAC (test 6)\n"); err++; goto end; } - if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) { + if (!HMAC_Update(ctx, test[7].data, test[7].data_len)) { printf("Error updating HMAC with data (test 6)\n"); err++; goto end; } - if (!HMAC_CTX_copy(&ctx2, &ctx)) { + if (!HMAC_CTX_copy(ctx2, ctx)) { printf("Failed to copy HMAC_CTX (test 6)\n"); err++; goto end; } - if (!HMAC_Final(&ctx2, buf, &len)) { + if (!HMAC_Final(ctx2, buf, &len)) { printf("Error finalising data (test 6)\n"); err++; goto end; @@ -309,7 +318,8 @@ test6: printf("test 6 ok\n"); } end: - HMAC_CTX_cleanup(&ctx); + HMAC_CTX_free(ctx2); + HMAC_CTX_free(ctx); EXIT(err); } diff --git a/test/mdc2test.c b/test/mdc2test.c index a0d77a3..938a3c1 100644 --- a/test/mdc2test.c +++ b/test/mdc2test.c @@ -95,17 +95,17 @@ int main(int argc, char *argv[]) int ret = 0; unsigned char md[MDC2_DIGEST_LENGTH]; int i; - EVP_MD_CTX c; + EVP_MD_CTX *c; static char *text = "Now is the time for all "; # ifdef CHARSET_EBCDIC ebcdic2ascii(text, text, strlen(text)); # endif - EVP_MD_CTX_init(&c); - EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); - EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text)); - EVP_DigestFinal_ex(&c, &(md[0]), NULL); + c = EVP_MD_CTX_new(); + EVP_DigestInit_ex(c, EVP_mdc2(), NULL); + EVP_DigestUpdate(c, (unsigned char *)text, strlen(text)); + EVP_DigestFinal_ex(c, &(md[0]), NULL); if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) { for (i = 0; i < MDC2_DIGEST_LENGTH; i++) @@ -118,11 +118,11 @@ int main(int argc, char *argv[]) } else printf("pad1 - ok\n"); - EVP_DigestInit_ex(&c, EVP_mdc2(), NULL); + EVP_DigestInit_ex(c, EVP_mdc2(), NULL); /* FIXME: use a ctl function? */ - ((MDC2_CTX *)c.md_data)->pad_type = 2; - EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text)); - EVP_DigestFinal_ex(&c, &(md[0]), NULL); + ((MDC2_CTX *)EVP_MD_CTX_md_data(c))->pad_type = 2; + EVP_DigestUpdate(c, (unsigned char *)text, strlen(text)); + EVP_DigestFinal_ex(c, &(md[0]), NULL); if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) { for (i = 0; i < MDC2_DIGEST_LENGTH; i++) @@ -135,7 +135,7 @@ int main(int argc, char *argv[]) } else printf("pad2 - ok\n"); - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_free(c); # ifdef OPENSSL_SYS_NETWARE if (ret) printf("ERROR: %d\n", ret); diff --git a/test/sha1test.c b/test/sha1test.c index cc3633d..676cc84 100644 --- a/test/sha1test.c +++ b/test/sha1test.c @@ -88,7 +88,7 @@ int main(int argc, char *argv[]) char **P, **R; static unsigned char buf[1000]; char *p, *r; - EVP_MD_CTX c; + EVP_MD_CTX *c; unsigned char md[SHA_DIGEST_LENGTH]; #ifdef CHARSET_EBCDIC @@ -96,7 +96,7 @@ int main(int argc, char *argv[]) ebcdic2ascii(test[1], test[1], strlen(test[1])); #endif - EVP_MD_CTX_init(&c); + c = EVP_MD_CTX_new(); P = test; R = ret; i = 1; @@ -118,10 +118,10 @@ int main(int argc, char *argv[]) #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); #endif /* CHARSET_EBCDIC */ - EVP_DigestInit_ex(&c, EVP_sha1(), NULL); + EVP_DigestInit_ex(c, EVP_sha1(), NULL); for (i = 0; i < 1000; i++) - EVP_DigestUpdate(&c, buf, 1000); - EVP_DigestFinal_ex(&c, md, NULL); + EVP_DigestUpdate(c, buf, 1000); + EVP_DigestFinal_ex(c, md, NULL); p = pt(md); r = bigret; @@ -137,7 +137,7 @@ int main(int argc, char *argv[]) printf("ERROR: %d\n", err); #endif EXIT(err); - EVP_MD_CTX_cleanup(&c); + EVP_MD_CTX_free(c); return (0); } diff --git a/test/sha256t.c b/test/sha256t.c index 11f3684..2ff9ed2 100644 --- a/test/sha256t.c +++ b/test/sha256t.c @@ -56,7 +56,7 @@ int main(int argc, char **argv) { unsigned char md[SHA256_DIGEST_LENGTH]; int i; - EVP_MD_CTX evp; + EVP_MD_CTX *evp; fprintf(stdout, "Testing SHA-256 "); @@ -80,10 +80,15 @@ int main(int argc, char **argv) fprintf(stdout, "."); fflush(stdout); - EVP_MD_CTX_init(&evp); - EVP_DigestInit_ex(&evp, EVP_sha256(), NULL); + evp = EVP_MD_CTX_new(); + if (evp == NULL) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n"); + return 1; + } + EVP_DigestInit_ex(evp, EVP_sha256(), NULL); for (i = 0; i < 1000000; i += 288) - EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" @@ -93,8 +98,7 @@ int main(int argc, char **argv) "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", (1000000 - i) < 288 ? 1000000 - i : 288); - EVP_DigestFinal_ex(&evp, md, NULL); - EVP_MD_CTX_cleanup(&evp); + EVP_DigestFinal_ex(evp, md, NULL); if (memcmp(md, app_b3, sizeof(app_b3))) { fflush(stdout); @@ -129,14 +133,14 @@ int main(int argc, char **argv) fprintf(stdout, "."); fflush(stdout); - EVP_MD_CTX_init(&evp); - EVP_DigestInit_ex(&evp, EVP_sha224(), NULL); + EVP_MD_CTX_reset(evp); + EVP_DigestInit_ex(evp, EVP_sha224(), NULL); for (i = 0; i < 1000000; i += 64) - EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", (1000000 - i) < 64 ? 1000000 - i : 64); - EVP_DigestFinal_ex(&evp, md, NULL); - EVP_MD_CTX_cleanup(&evp); + EVP_DigestFinal_ex(evp, md, NULL); + EVP_MD_CTX_free(evp); if (memcmp(md, addenum_3, sizeof(addenum_3))) { fflush(stdout); diff --git a/test/sha512t.c b/test/sha512t.c index f60d319..e1f30de 100644 --- a/test/sha512t.c +++ b/test/sha512t.c @@ -75,7 +75,7 @@ int main(int argc, char **argv) { unsigned char md[SHA512_DIGEST_LENGTH]; int i; - EVP_MD_CTX evp; + EVP_MD_CTX *evp; # ifdef OPENSSL_IA32_SSE2 /* @@ -113,10 +113,15 @@ int main(int argc, char **argv) fprintf(stdout, "."); fflush(stdout); - EVP_MD_CTX_init(&evp); - EVP_DigestInit_ex(&evp, EVP_sha512(), NULL); + evp = EVP_MD_CTX_new(); + if (evp == NULL) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed. (malloc failure)\n"); + return 1; + } + EVP_DigestInit_ex(evp, EVP_sha512(), NULL); for (i = 0; i < 1000000; i += 288) - EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" @@ -126,8 +131,8 @@ int main(int argc, char **argv) "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", (1000000 - i) < 288 ? 1000000 - i : 288); - EVP_DigestFinal_ex(&evp, md, NULL); - EVP_MD_CTX_cleanup(&evp); + EVP_DigestFinal_ex(evp, md, NULL); + EVP_MD_CTX_reset(evp); if (memcmp(md, app_c3, sizeof(app_c3))) { fflush(stdout); @@ -163,14 +168,13 @@ int main(int argc, char **argv) fprintf(stdout, "."); fflush(stdout); - EVP_MD_CTX_init(&evp); - EVP_DigestInit_ex(&evp, EVP_sha384(), NULL); + EVP_DigestInit_ex(evp, EVP_sha384(), NULL); for (i = 0; i < 1000000; i += 64) - EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + EVP_DigestUpdate(evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", (1000000 - i) < 64 ? 1000000 - i : 64); - EVP_DigestFinal_ex(&evp, md, NULL); - EVP_MD_CTX_cleanup(&evp); + EVP_DigestFinal_ex(evp, md, NULL); + EVP_MD_CTX_free(evp); if (memcmp(md, app_d3, sizeof(app_d3))) { fflush(stdout); diff --git a/util/libeay.num b/util/libeay.num index f6bbf06..8b7f296 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2066,7 +2066,7 @@ KRB5_APREQBODY_new 2626 NOEXIST::FUNCTION: X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION: ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION: -EVP_MD_CTX_init 2630 EXIST::FUNCTION: +EVP_MD_CTX_reset 2630 EXIST::FUNCTION: EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION: PKCS7_ATTR_SIGN_it 2632 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2162,7 +2162,7 @@ ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION: OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION: OCSP_RESPBYTES_new 2711 EXIST::FUNCTION: -EVP_MD_CTX_create 2712 EXIST::FUNCTION: +EVP_MD_CTX_new 2712 EXIST::FUNCTION: OCSP_resp_find_status 2713 EXIST::FUNCTION: X509_ALGOR_it 2714 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_ALGOR_it 2714 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2207,7 +2207,7 @@ OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION: i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION: PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: -HMAC_CTX_init 2747 EXIST::FUNCTION: +HMAC_CTX_reset 2747 EXIST::FUNCTION: ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_print 2749 EXIST::FUNCTION: KRB5_TKTBODY_it 2750 NOEXIST::FUNCTION: @@ -2256,7 +2256,7 @@ CRYPTO_get_locked_mem_ex_funcs 2781 NOEXIST::FUNCTION: CRYPTO_get_locked_mem_ex_functions 2781 NOEXIST::FUNCTION: ASN1_TIME_check 2782 EXIST::FUNCTION: UI_get0_user_data 2783 EXIST::FUNCTION: -HMAC_CTX_cleanup 2784 EXIST::FUNCTION: +HMAC_CTX_cleanup 2784 NOEXIST::FUNCTION: DSA_up_ref 2785 EXIST::FUNCTION:DSA _ossl_odes_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION: _ossl_old_des_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION: @@ -2306,7 +2306,7 @@ OCSP_RESPDATA_free 2818 EXIST::FUNCTION: d2i_KRB5_TICKET 2819 NOEXIST::FUNCTION: OTHERNAME_it 2820 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OTHERNAME_it 2820 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EVP_MD_CTX_cleanup 2821 EXIST::FUNCTION: +EVP_MD_CTX_cleanup 2821 NOEXIST::FUNCTION: d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION: X509_CRL_set_version 2823 EXIST::FUNCTION: BN_mod_sub 2824 EXIST::FUNCTION: @@ -2427,7 +2427,7 @@ BASIC_CONSTRAINTS_it 2922 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA BASIC_CONSTRAINTS_it 2922 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: BN_mod_add_quick 2923 EXIST::FUNCTION: EC_POINT_new 2924 EXIST::FUNCTION:EC -EVP_MD_CTX_destroy 2925 EXIST::FUNCTION: +EVP_MD_CTX_free 2925 EXIST::FUNCTION: OCSP_RESPBYTES_free 2926 EXIST::FUNCTION: EVP_aes_128_cbc 2927 EXIST::FUNCTION:AES OCSP_SINGLERESP_get1_ext_d2i 2928 EXIST::FUNCTION: @@ -4666,3 +4666,33 @@ ASYNC_init 5025 EXIST::FUNCTION: EVP_MD_CTX_ctrl 5026 EXIST::FUNCTION: EVP_md5_sha1 5027 EXIST::FUNCTION:MD5 CRYPTO_free_ex_index 5028 EXIST::FUNCTION: +EVP_MD_meth_set_copy 5029 EXIST::FUNCTION: +EVP_MD_meth_set_flags 5030 EXIST::FUNCTION: +EVP_MD_meth_set_input_blocksize 5031 EXIST::FUNCTION: +EVP_MD_meth_get_update 5032 EXIST::FUNCTION: +EVP_MD_meth_get_input_blocksize 5033 EXIST::FUNCTION: +EVP_MD_CTX_pkey_ctx 5034 EXIST::FUNCTION: +EVP_MD_meth_set_ctrl 5035 EXIST::FUNCTION: +EVP_MD_meth_get_init 5036 EXIST::FUNCTION: +EVP_MD_meth_new 5037 EXIST::FUNCTION: +EVP_MD_meth_get_ctrl 5038 EXIST::FUNCTION: +EVP_MD_CTX_update_fn 5039 EXIST::FUNCTION: +EVP_MD_meth_set_update 5040 EXIST::FUNCTION: +EVP_MD_meth_get_final 5041 EXIST::FUNCTION: +EVP_MD_CTX_md_data 5042 EXIST::FUNCTION: +EVP_MD_meth_set_app_datasize 5043 EXIST::FUNCTION: +EVP_MD_meth_set_result_size 5044 EXIST::FUNCTION: +EVP_MD_meth_set_final 5045 EXIST::FUNCTION: +EVP_MD_meth_get_result_size 5046 EXIST::FUNCTION: +EVP_MD_meth_get_flags 5047 EXIST::FUNCTION: +EVP_MD_meth_get_app_datasize 5048 EXIST::FUNCTION: +EVP_MD_meth_free 5049 EXIST::FUNCTION: +EVP_MD_meth_set_cleanup 5050 EXIST::FUNCTION: +EVP_MD_meth_get_cleanup 5051 EXIST::FUNCTION: +EVP_MD_meth_set_init 5052 EXIST::FUNCTION: +EVP_MD_meth_get_copy 5053 EXIST::FUNCTION: +EVP_MD_CTX_set_update_fn 5054 EXIST::FUNCTION: +EVP_MD_meth_dup 5055 EXIST::FUNCTION: +HMAC_size 5056 EXIST::FUNCTION: +HMAC_CTX_new 5057 EXIST::FUNCTION: +HMAC_CTX_free 5058 EXIST::FUNCTION: From levitte at openssl.org Mon Dec 7 16:49:25 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 16:49:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449506965.933131.8927.nullmailer@dev.openssl.org> The branch master has been updated via b91dd150d2b9b5ddca37722e7f52ea59ba7f80da (commit) from 507db4c5313288d55eeb8434b0111201ba363b28 (commit) - Log ----------------------------------------------------------------- commit b91dd150d2b9b5ddca37722e7f52ea59ba7f80da Author: Richard Levitte Date: Mon Dec 7 16:50:15 2015 +0100 Change tar owner and group to just 0 It seems like some tar versions don't like the name:id form for --owner and --group. The closest known anonymous user being 0 (root), that seems to be the most appropriate user/group to assign ownership to. It matters very little when unpacking either way. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index 0ecb897..b0d2fcf 100644 --- a/Makefile.org +++ b/Makefile.org @@ -493,7 +493,7 @@ TABLE: Configure Configurations/*.conf # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ - --owner openssl:0 --group openssl:0 \ + --owner 0 --group 0 \ --transform 's|^|$(NAME)/|' \ -cvf - From builds at travis-ci.org Mon Dec 7 18:01:20 2015 From: builds at travis-ci.org (Travis CI) Date: Mon, 07 Dec 2015 18:01:20 +0000 Subject: [openssl-commits] Errored: openssl/openssl#799 (master - 507db4c) In-Reply-To: Message-ID: <5665c96f2c06b_33f98a84b53e05529f2@7eb53206-e8a2-4c2c-a5e1-993f0312dfb2.mail> Build Update for openssl/openssl ------------------------------------- Build: #799 Status: Errored Duration: 8 seconds Commit: 507db4c (master) Author: Richard Levitte Message: Add an entry in CHANGES Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/451a5bdf0386...507db4c53132 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95388238 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Dec 7 18:40:14 2015 From: builds at travis-ci.org (Travis CI) Date: Mon, 07 Dec 2015 18:40:14 +0000 Subject: [openssl-commits] Errored: openssl/openssl#800 (master - b91dd15) In-Reply-To: Message-ID: <5665d28e7ad94_33f98a162752c59976d@7eb53206-e8a2-4c2c-a5e1-993f0312dfb2.mail> Build Update for openssl/openssl ------------------------------------- Build: #800 Status: Errored Duration: 45 minutes and 48 seconds Commit: b91dd15 (master) Author: Richard Levitte Message: Change tar owner and group to just 0 It seems like some tar versions don't like the name:id form for --owner and --group. The closest known anonymous user being 0 (root), that seems to be the most appropriate user/group to assign ownership to. It matters very little when unpacking either way. Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/507db4c53132...b91dd150d2b9 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95389089 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Dec 7 19:11:02 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 19:11:02 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1449515462.889201.19649.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 4e295148c302feb394ea547debc20338305d92b2 (commit) from 8e18babd1b140532b70774ba37fde336a8d0f1fe (commit) - Log ----------------------------------------------------------------- commit 4e295148c302feb394ea547debc20338305d92b2 Author: Richard Levitte Date: Mon Dec 7 16:50:15 2015 +0100 Change tar owner and group to just 0 It seems like some tar versions don't like the name:id form for --owner and --group. The closest known anonymous user being 0 (root), that seems to be the most appropriate user/group to assign ownership to. It matters very little when unpacking either way. Reviewed-by: Rich Salz (cherry picked from commit b91dd150d2b9b5ddca37722e7f52ea59ba7f80da) ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index acc86ef..e035fc4 100644 --- a/Makefile.org +++ b/Makefile.org @@ -499,7 +499,7 @@ TABLE: Configure # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ - --owner openssl:0 --group openssl:0 \ + --owner 0 --group 0 \ --transform 's|^|$(NAME)/|' \ -cvf - From levitte at openssl.org Mon Dec 7 19:11:08 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 19:11:08 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1449515468.043407.19899.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 777adea16aded9e398fb691074da60891ef63c58 (commit) from 641365436e363550486f74a3fe723b281c9ff81c (commit) - Log ----------------------------------------------------------------- commit 777adea16aded9e398fb691074da60891ef63c58 Author: Richard Levitte Date: Mon Dec 7 16:50:15 2015 +0100 Change tar owner and group to just 0 It seems like some tar versions don't like the name:id form for --owner and --group. The closest known anonymous user being 0 (root), that seems to be the most appropriate user/group to assign ownership to. It matters very little when unpacking either way. Reviewed-by: Rich Salz (cherry picked from commit b91dd150d2b9b5ddca37722e7f52ea59ba7f80da) ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index 7e7728f..dbb7374 100644 --- a/Makefile.org +++ b/Makefile.org @@ -499,7 +499,7 @@ TABLE: Configure # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal # tar does not support the --files-from option. TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ - --owner openssl:0 --group openssl:0 \ + --owner 0 --group 0 \ --transform 's|^|$(NAME)/|' \ -cvf - From builds at travis-ci.org Mon Dec 7 19:33:25 2015 From: builds at travis-ci.org (Travis CI) Date: Mon, 07 Dec 2015 19:33:25 +0000 Subject: [openssl-commits] Errored: openssl/openssl#802 (OpenSSL_1_0_2-stable - 4e29514) In-Reply-To: Message-ID: <5665df059a842_33fe2f593f9286316e@5dfca64c-ca78-41e9-8ea7-db921960298e.mail> Build Update for openssl/openssl ------------------------------------- Build: #802 Status: Errored Duration: 11 seconds Commit: 4e29514 (OpenSSL_1_0_2-stable) Author: Richard Levitte Message: Change tar owner and group to just 0 It seems like some tar versions don't like the name:id form for --owner and --group. The closest known anonymous user being 0 (root), that seems to be the most appropriate user/group to assign ownership to. It matters very little when unpacking either way. Reviewed-by: Rich Salz (cherry picked from commit b91dd150d2b9b5ddca37722e7f52ea59ba7f80da) View the changeset: https://github.com/openssl/openssl/compare/8e18babd1b14...4e295148c302 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95417541 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Dec 7 19:53:05 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 19:53:05 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449517985.636683.10795.nullmailer@dev.openssl.org> The branch master has been updated via 39d5193201cd0d73afebbd8c08f641b541c02b77 (commit) from b91dd150d2b9b5ddca37722e7f52ea59ba7f80da (commit) - Log ----------------------------------------------------------------- commit 39d5193201cd0d73afebbd8c08f641b541c02b77 Author: Richard Levitte Date: Mon Dec 7 20:37:08 2015 +0100 Fix clang complaints about uninitialised variables. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/pkcs12/p12_key.c | 6 +++--- crypto/srp/srp_lib.c | 4 ++-- ssl/t1_enc.c | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index 3efdd4a..6963a97 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -104,12 +104,12 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type) { - unsigned char *B, *D, *I, *p, *Ai; + unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL; int Slen, Plen, Ilen, Ijlen; int i, j, u, v; int ret = 0; - BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ - EVP_MD_CTX *ctx; + BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */ + EVP_MD_CTX *ctx = NULL; #ifdef DEBUG_KEYGEN unsigned char *tmpout = out; int tmpn = n; diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 0a073b6..4b0ae0d 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -106,9 +106,9 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) { /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */ - BIGNUM *u; + BIGNUM *u = NULL; unsigned char cu[SHA_DIGEST_LENGTH]; - unsigned char *cAB; + unsigned char *cAB = NULL; EVP_MD_CTX *ctxt = NULL; int longN; if ((A == NULL) || (B == NULL) || (N == NULL)) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 5889558..2d96330 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -157,8 +157,8 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, { int chunk; size_t j; - EVP_MD_CTX *ctx, *ctx_tmp, *ctx_init; - EVP_PKEY *mac_key; + EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL; + EVP_PKEY *mac_key = NULL; unsigned char A1[EVP_MAX_MD_SIZE]; size_t A1_len; int ret = 0; From levitte at openssl.org Mon Dec 7 20:01:22 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 20:01:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449518482.599144.14102.nullmailer@dev.openssl.org> The branch master has been updated via 47abe380042cad34b78a1a9c7c18995f3e8f8ad2 (commit) from 39d5193201cd0d73afebbd8c08f641b541c02b77 (commit) - Log ----------------------------------------------------------------- commit 47abe380042cad34b78a1a9c7c18995f3e8f8ad2 Author: Richard Levitte Date: Mon Dec 7 20:49:17 2015 +0100 Remove typedef of HMAC_CTX from crypto/hmac/hmac_lcl.h This is already defined in include/openssl/ossl_typ.h. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/hmac/hmac_lcl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/hmac/hmac_lcl.h b/crypto/hmac/hmac_lcl.h index b14607d..f6ce8f9 100644 --- a/crypto/hmac/hmac_lcl.h +++ b/crypto/hmac/hmac_lcl.h @@ -65,13 +65,13 @@ extern "C" { } #endif -typedef struct hmac_ctx_st { +struct hmac_ctx_st { const EVP_MD *md; EVP_MD_CTX *md_ctx; EVP_MD_CTX *i_ctx; EVP_MD_CTX *o_ctx; unsigned int key_length; unsigned char key[HMAC_MAX_MD_CBLOCK]; -} HMAC_CTX; +}; #endif From builds at travis-ci.org Mon Dec 7 20:31:19 2015 From: builds at travis-ci.org (Travis CI) Date: Mon, 07 Dec 2015 20:31:19 +0000 Subject: [openssl-commits] Errored: openssl/openssl#803 (master - 39d5193) In-Reply-To: Message-ID: <5665ec97a40b4_33f98a1626cbc734541@7eb53206-e8a2-4c2c-a5e1-993f0312dfb2.mail> Build Update for openssl/openssl ------------------------------------- Build: #803 Status: Errored Duration: 35 minutes and 45 seconds Commit: 39d5193 (master) Author: Richard Levitte Message: Fix clang complaints about uninitialised variables. Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/b91dd150d2b9...39d5193201cd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95426353 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Dec 7 20:59:28 2015 From: builds at travis-ci.org (Travis CI) Date: Mon, 07 Dec 2015 20:59:28 +0000 Subject: [openssl-commits] Errored: openssl/openssl#804 (master - 47abe38) In-Reply-To: Message-ID: <5665f3306c8b7_33f977742612c23327e@7ad7f7d4-fd62-4e6f-b2ed-41904c34b824.mail> Build Update for openssl/openssl ------------------------------------- Build: #804 Status: Errored Duration: 43 minutes and 18 seconds Commit: 47abe38 (master) Author: Richard Levitte Message: Remove typedef of HMAC_CTX from crypto/hmac/hmac_lcl.h This is already defined in include/openssl/ossl_typ.h. Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/39d5193201cd...47abe380042c View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95428008 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Dec 7 23:22:48 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 07 Dec 2015 23:22:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449530568.299963.30131.nullmailer@dev.openssl.org> The branch master has been updated via 3cb9fd97ced4a74ba5d4751c455146899164a202 (commit) from 47abe380042cad34b78a1a9c7c18995f3e8f8ad2 (commit) - Log ----------------------------------------------------------------- commit 3cb9fd97ced4a74ba5d4751c455146899164a202 Author: Richard Levitte Date: Tue Dec 8 00:11:47 2015 +0100 Remove double semi (;) When in the middle of declarations, some C compilers will complain. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/pem/pvkfmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index c95967c..58cbd07 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -650,7 +650,7 @@ static int derive_pvk_key(unsigned char *key, const unsigned char *salt, unsigned int saltlen, const unsigned char *pass, int passlen) { - EVP_MD_CTX *mctx = EVP_MD_CTX_new();; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); int rv = 1; if (mctx == NULL || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL) From no-reply at appveyor.com Tue Dec 8 00:32:55 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 Dec 2015 00:32:55 +0000 Subject: [openssl-commits] Build failed: openssl master.102 Message-ID: <20151208003255.11517.75142@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Dec 8 00:42:40 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 08 Dec 2015 00:42:40 +0000 Subject: [openssl-commits] Errored: openssl/openssl#809 (master - 3cb9fd9) In-Reply-To: Message-ID: <5666277e8f52b_33f989dd3bbf010813ab@7eb53206-e8a2-4c2c-a5e1-993f0312dfb2.mail> Build Update for openssl/openssl ------------------------------------- Build: #809 Status: Errored Duration: 34 minutes and 55 seconds Commit: 3cb9fd9 (master) Author: Richard Levitte Message: Remove double semi (;) When in the middle of declarations, some C compilers will complain. Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/47abe380042c...3cb9fd97ced4 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95467510 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 8 02:03:26 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 Dec 2015 02:03:26 +0000 Subject: [openssl-commits] Build completed: openssl OpenSSL_1_0_1-stable.103 Message-ID: <20151208020324.26612.98714@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 8 03:40:21 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 Dec 2015 03:40:21 +0000 Subject: [openssl-commits] Build failed: openssl master.105 Message-ID: <20151208034021.98360.77982@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 8 05:18:07 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 Dec 2015 05:18:07 +0000 Subject: [openssl-commits] Build failed: openssl master.106 Message-ID: <20151208051807.26599.13227@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 8 06:49:24 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 Dec 2015 06:49:24 +0000 Subject: [openssl-commits] Build completed: openssl OpenSSL_1_0_1-stable.107 Message-ID: <20151208064923.26593.76658@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 8 10:01:32 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 Dec 2015 10:01:32 +0000 Subject: [openssl-commits] Build failed: openssl master.109 Message-ID: <20151208100129.26618.58691@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Dec 8 11:05:19 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 Dec 2015 11:05:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449572720.001655.28027.nullmailer@dev.openssl.org> The branch master has been updated via c376d170d184c037134005830e584e21f429dfb2 (commit) from 3cb9fd97ced4a74ba5d4751c455146899164a202 (commit) - Log ----------------------------------------------------------------- commit c376d170d184c037134005830e584e21f429dfb2 Author: Richard Levitte Date: Tue Dec 8 01:01:13 2015 +0100 Cleanup the EVP_MD_CTX before exit rather than after Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: test/sha1test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/sha1test.c b/test/sha1test.c index 676cc84..8cba4b2 100644 --- a/test/sha1test.c +++ b/test/sha1test.c @@ -136,8 +136,8 @@ int main(int argc, char *argv[]) if (err) printf("ERROR: %d\n", err); #endif - EXIT(err); EVP_MD_CTX_free(c); + EXIT(err); return (0); } From levitte at openssl.org Tue Dec 8 11:06:46 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 Dec 2015 11:06:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1449572806.184646.31426.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via c44844d928ad3c471c8dbe8baf2df8957900125b (commit) from 4e295148c302feb394ea547debc20338305d92b2 (commit) - Log ----------------------------------------------------------------- commit c44844d928ad3c471c8dbe8baf2df8957900125b Author: Richard Levitte Date: Tue Dec 8 01:01:13 2015 +0100 Cleanup the EVP_MD_CTX before exit rather than after Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/sha/sha1test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 0052a95..551a348 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -157,8 +157,8 @@ int main(int argc, char *argv[]) if (err) printf("ERROR: %d\n", err); # endif - EXIT(err); EVP_MD_CTX_cleanup(&c); + EXIT(err); return (0); } From levitte at openssl.org Tue Dec 8 11:07:27 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 Dec 2015 11:07:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1449572847.707737.32399.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 66a1ccf494b8fe1b842cd7bdda2d1a025d325753 (commit) from 777adea16aded9e398fb691074da60891ef63c58 (commit) - Log ----------------------------------------------------------------- commit 66a1ccf494b8fe1b842cd7bdda2d1a025d325753 Author: Richard Levitte Date: Tue Dec 8 01:01:13 2015 +0100 Cleanup the EVP_MD_CTX before exit rather than after Reviewed-by: Matt Caswell (cherry picked from commit c44844d928ad3c471c8dbe8baf2df8957900125b) ----------------------------------------------------------------------- Summary of changes: crypto/sha/sha1test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 0052a95..551a348 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -157,8 +157,8 @@ int main(int argc, char *argv[]) if (err) printf("ERROR: %d\n", err); # endif - EXIT(err); EVP_MD_CTX_cleanup(&c); + EXIT(err); return (0); } From builds at travis-ci.org Tue Dec 8 11:35:41 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 08 Dec 2015 11:35:41 +0000 Subject: [openssl-commits] Errored: openssl/openssl#811 (OpenSSL_1_0_2-stable - c44844d) In-Reply-To: Message-ID: <5666c08d69bd2_33fedccdde038723a9@c71271e0-f745-4c9f-9970-974ac344d657.mail> Build Update for openssl/openssl ------------------------------------- Build: #811 Status: Errored Duration: 12 seconds Commit: c44844d (OpenSSL_1_0_2-stable) Author: Richard Levitte Message: Cleanup the EVP_MD_CTX before exit rather than after Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/4e295148c302...c44844d928ad View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95550135 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Dec 8 11:39:23 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 08 Dec 2015 11:39:23 +0000 Subject: [openssl-commits] Errored: openssl/openssl#810 (master - c376d17) In-Reply-To: Message-ID: <5666c169970f1_33fedc5e40f8c73147@c71271e0-f745-4c9f-9970-974ac344d657.mail> Build Update for openssl/openssl ------------------------------------- Build: #810 Status: Errored Duration: 32 minutes and 56 seconds Commit: c376d17 (master) Author: Richard Levitte Message: Cleanup the EVP_MD_CTX before exit rather than after Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/3cb9fd97ced4...c376d170d184 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95549861 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 8 11:45:07 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 Dec 2015 11:45:07 +0000 Subject: [openssl-commits] Build failed: openssl master.110 Message-ID: <20151208114506.26599.57802@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Dec 8 11:59:54 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 08 Dec 2015 11:59:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449575994.130089.16967.nullmailer@dev.openssl.org> The branch master has been updated via 6140f0365311e6d08cdde63932c56ee741d9a605 (commit) from c376d170d184c037134005830e584e21f429dfb2 (commit) - Log ----------------------------------------------------------------- commit 6140f0365311e6d08cdde63932c56ee741d9a605 Author: Dmitry Belyavskiy Date: Wed Sep 30 22:42:57 2015 +0300 Add some new cipher ctrl constants These are needed for GOST Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: include/openssl/evp.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d8fbba1..611fd19 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -378,6 +378,27 @@ struct evp_cipher_st { # define EVP_CTRL_SSL3_MASTER_SECRET 0x1d +/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +# define EVP_CTRL_SET_SBOX 0x1d +/* + * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a + * pre-allocated buffer with specified size + */ +# define EVP_CTRL_SBOX_USED 0x1e +/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, + * 0 switches meshing off + */ +# define EVP_CTRL_KEY_MESH 0x1f +/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +# define EVP_CTRL_BLOCK_PADDING_MODE 0x20 + +/* Padding modes */ +#define EVP_PADDING_PKCS7 1 +#define EVP_PADDING_ISO7816_4 2 +#define EVP_PADDING_ANSI923 3 +#define EVP_PADDING_ISO10126 4 +#define EVP_PADDING_ZERO 5 + /* RFC 5246 defines additional data to be 13 bytes in length */ # define EVP_AEAD_TLS1_AAD_LEN 13 From builds at travis-ci.org Tue Dec 8 12:45:08 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 08 Dec 2015 12:45:08 +0000 Subject: [openssl-commits] Errored: openssl/openssl#815 (master - 6140f03) In-Reply-To: Message-ID: <5666d0d43fff_33fedc5e3ac40115375@c71271e0-f745-4c9f-9970-974ac344d657.mail> Build Update for openssl/openssl ------------------------------------- Build: #815 Status: Errored Duration: 26 minutes and 3 seconds Commit: 6140f03 (master) Author: Dmitry Belyavskiy Message: Add some new cipher ctrl constants These are needed for GOST Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/c376d170d184...6140f0365311 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95557535 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Dec 8 13:09:14 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 08 Dec 2015 13:09:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449580154.209287.28889.nullmailer@dev.openssl.org> The branch master has been updated via 686cf15e9dfd3263ec05019f4b2b52253cdcf38e (commit) from 6140f0365311e6d08cdde63932c56ee741d9a605 (commit) - Log ----------------------------------------------------------------- commit 686cf15e9dfd3263ec05019f4b2b52253cdcf38e Author: Matt Caswell Date: Tue Dec 8 13:00:59 2015 +0000 Fix merge error Commit 6140f0365 added some new ctrl constants. However due to a merge error one of these values was duplicated with an existing value. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: include/openssl/evp.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 611fd19..bc9fc8b 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -379,18 +379,18 @@ struct evp_cipher_st { # define EVP_CTRL_SSL3_MASTER_SECRET 0x1d /* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ -# define EVP_CTRL_SET_SBOX 0x1d +# define EVP_CTRL_SET_SBOX 0x1e /* * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a * pre-allocated buffer with specified size */ -# define EVP_CTRL_SBOX_USED 0x1e +# define EVP_CTRL_SBOX_USED 0x1f /* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, * 0 switches meshing off */ -# define EVP_CTRL_KEY_MESH 0x1f +# define EVP_CTRL_KEY_MESH 0x20 /* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ -# define EVP_CTRL_BLOCK_PADDING_MODE 0x20 +# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 /* Padding modes */ #define EVP_PADDING_PKCS7 1 From builds at travis-ci.org Tue Dec 8 14:06:03 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 08 Dec 2015 14:06:03 +0000 Subject: [openssl-commits] Errored: openssl/openssl#818 (master - 686cf15) In-Reply-To: Message-ID: <5666e37f83235_33fe2f1f810d8800521@5dfca64c-ca78-41e9-8ea7-db921960298e.mail> Build Update for openssl/openssl ------------------------------------- Build: #818 Status: Errored Duration: 39 minutes and 45 seconds Commit: 686cf15 (master) Author: Matt Caswell Message: Fix merge error Commit 6140f0365 added some new ctrl constants. However due to a merge error one of these values was duplicated with an existing value. Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/6140f0365311...686cf15e9dfd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95569062 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 8 14:29:28 2015 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 Dec 2015 14:29:28 +0000 Subject: [openssl-commits] Build completed: openssl master.111 Message-ID: <20151208142926.26618.67127@appveyor.com> An HTML attachment was scrubbed... URL: From steve at openssl.org Tue Dec 8 16:35:57 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 08 Dec 2015 16:35:57 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449592557.010110.24923.nullmailer@dev.openssl.org> The branch master has been updated via 42a8b3f90aef8eb2e9d5c7f9c7cb7f8ae1a3ace2 (commit) via b3fce9c91eeee661be6a89803778e18ac76d05a4 (commit) via 040c8783509b85a707d25dd3086cc1984b7fef60 (commit) via 41609361433d34f609ca841eb1bbaaf0feba1946 (commit) via e7f0d9210c4a421e6306cd9a0c486c3e96be4d25 (commit) from 686cf15e9dfd3263ec05019f4b2b52253cdcf38e (commit) - Log ----------------------------------------------------------------- commit 42a8b3f90aef8eb2e9d5c7f9c7cb7f8ae1a3ace2 Author: Dr. Stephen Henson Date: Mon Dec 7 16:09:13 2015 +0000 Extended master secret test script. Reviewed-by: Matt Caswell commit b3fce9c91eeee661be6a89803778e18ac76d05a4 Author: Dr. Stephen Henson Date: Sun Dec 6 17:49:14 2015 +0000 Add extms extension Reviewed-by: Matt Caswell commit 040c8783509b85a707d25dd3086cc1984b7fef60 Author: Dr. Stephen Henson Date: Tue Dec 8 02:07:43 2015 +0000 TLSProxy update Add function to delete extensions and fix ClientHello repacking. Reviewed-by: Matt Caswell commit 41609361433d34f609ca841eb1bbaaf0feba1946 Author: Dr. Stephen Henson Date: Sat Dec 5 18:58:49 2015 +0000 update errors Reviewed-by: Matt Caswell commit e7f0d9210c4a421e6306cd9a0c486c3e96be4d25 Author: Dr. Stephen Henson Date: Fri Dec 4 19:48:15 2015 +0000 Extended master secret fixes and checks. Add new flag TLS1_FLAGS_RECEIVED_EXTMS which is set when the peer sends the extended master secret extension. Server now sends extms if and only if the client sent extms. Check consistency of extms extension when resuming sessions following (where practical) RFC7627. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 1 + include/openssl/ssl3.h | 2 + ssl/ssl_err.c | 1 + ssl/ssl_locl.h | 5 +- ssl/ssl_sess.c | 22 +++- ssl/t1_lib.c | 68 +++++++--- test/recipes/70-test_tlsextms.t | 273 ++++++++++++++++++++++++++++++++++++++++ util/TLSProxy/ClientHello.pm | 22 +++- util/TLSProxy/ServerHello.pm | 5 + 9 files changed, 373 insertions(+), 26 deletions(-) create mode 100644 test/recipes/70-test_tlsextms.t diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 1fb5948..bc58b0b 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2247,6 +2247,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_ILLEGAL_SUITEB_DIGEST 380 # define SSL_R_INAPPROPRIATE_FALLBACK 373 # define SSL_R_INCONSISTENT_COMPRESSION 340 +# define SSL_R_INCONSISTENT_EXTMS 104 # define SSL_R_INVALID_COMMAND 280 # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 # define SSL_R_INVALID_NULL_CMD_NAME 385 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index ef93c08..2a2974c 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -369,6 +369,8 @@ extern "C" { /* Set if we encrypt then mac instead of usual mac then encrypt */ # define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0100 +/* Set if extended master secret extension received from peer */ +# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index b594028..0623104 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -533,6 +533,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_ILLEGAL_SUITEB_DIGEST), "illegal Suite B digest"}, {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"}, {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"}, + {ERR_REASON(SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"}, {ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"}, {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 34091d3..1e1b265 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2021,8 +2021,9 @@ __owur int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) __owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length); # endif -__owur int tls1_process_ticket(SSL *s, const PACKET *ext, - const PACKET *session_id, SSL_SESSION **ret); +__owur int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext, + const PACKET *session_id, + SSL_SESSION **ret); __owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 5265b15..aff615e 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -497,6 +497,10 @@ int ssl_get_new_session(SSL *s, int session) ss->ssl_version = s->version; ss->verify_result = X509_V_OK; + /* If client supports extended master secret set it in session */ + if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) + ss->flags |= SSL_SESS_FLAG_EXTMS; + return (1); } @@ -533,8 +537,8 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) if (len == 0) try_session_cache = 0; - /* sets s->tlsext_ticket_expected */ - r = tls1_process_ticket(s, ext, session_id, &ret); + /* sets s->tlsext_ticket_expected and extended master secret flag */ + r = tls_check_serverhello_tlsext_early(s, ext, session_id, &ret); switch (r) { case -1: /* Error during processing */ fatal = 1; @@ -670,6 +674,20 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) goto err; } + /* Check extended master secret extension consistency */ + if (ret->flags & SSL_SESS_FLAG_EXTMS) { + /* If old session includes extms, but new does not: abort handshake */ + if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) { + SSLerr(SSL_F_SSL_GET_PREV_SESSION, SSL_R_INCONSISTENT_EXTMS); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + fatal = 1; + goto err; + } + } else if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { + /* If new session includes extms, but old does not: do not resume */ + goto err; + } + s->session_ctx->stats.sess_hit++; SSL_SESSION_free(s->session); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a6f2502..83015e8 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1699,7 +1699,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, } } #endif - if (!s->hit && s->session->flags & SSL_SESS_FLAG_EXTMS) { + if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { s2n(TLSEXT_TYPE_extended_master_secret, ret); s2n(0, ret); } @@ -2269,10 +2269,11 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al) else if (type == TLSEXT_TYPE_encrypt_then_mac) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; #endif - else if (type == TLSEXT_TYPE_extended_master_secret) { - if (!s->hit) - s->session->flags |= SSL_SESS_FLAG_EXTMS; - } + /* + * Note: extended master secret extension handled in + * tls_check_serverhello_tlsext_early() + */ + /* * If this ClientHello extension was unhandled and this is a * nonresumed connection, check whether the extension is a custom @@ -2366,6 +2367,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; #endif + s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + if (!PACKET_get_net_2(pkt, &length)) goto ri_check; @@ -2554,6 +2557,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) } #endif else if (type == TLSEXT_TYPE_extended_master_secret) { + s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; if (!s->hit) s->session->flags |= SSL_SESS_FLAG_EXTMS; } @@ -2603,6 +2607,19 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) return 0; } + if (s->hit) { + /* + * Check extended master secret extension is consistent with + * original session. + */ + if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) != + !(s->session->flags & SSL_SESS_FLAG_EXTMS)) { + *al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, SSL_R_INCONSISTENT_EXTMS); + return 0; + } + } + return 1; } @@ -2892,8 +2909,11 @@ int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt) /*- * Since the server cache lookup is done early on in the processing of the - * ClientHello, and other operations depend on the result, we need to handle - * any TLS session ticket extension at the same time. + * ClientHello and other operations depend on the result some extensions + * need to be handled at the same time. + * + * Two extensions are currently handled, session ticket and extended master + * secret. * * session_id: ClientHello session ID. * ext: ClientHello extensions (including length prefix) @@ -2920,23 +2940,29 @@ int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt) * a session ticket or we couldn't use the one it gave us, or if * s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket. * Otherwise, s->tlsext_ticket_expected is set to 0. + * + * For extended master secret flag is set if the extension is present. + * */ -int tls1_process_ticket(SSL *s, const PACKET *ext, const PACKET *session_id, - SSL_SESSION **ret) +int tls_check_serverhello_tlsext_early(SSL *s, const PACKET *ext, + const PACKET *session_id, + SSL_SESSION **ret) { unsigned int i; PACKET local_ext = *ext; int retv = -1; + int have_ticket = 0; + int use_ticket = tls_use_ticket(s); + *ret = NULL; s->tlsext_ticket_expected = 0; + s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; /* * If tickets disabled behave as if no ticket present to permit stateful * resumption. */ - if (!tls_use_ticket(s)) - return 0; if ((s->version <= SSL3_VERSION)) return 0; @@ -2957,10 +2983,17 @@ int tls1_process_ticket(SSL *s, const PACKET *ext, const PACKET *session_id, retv = 0; goto end; } - if (type == TLSEXT_TYPE_session_ticket) { + if (type == TLSEXT_TYPE_session_ticket && use_ticket) { int r; unsigned char *etick; + /* Duplicate extension */ + if (have_ticket != 0) { + retv = -1; + goto end; + } + have_ticket = 1; + if (size == 0) { /* * The client will accept a ticket but doesn't currently have @@ -2968,7 +3001,7 @@ int tls1_process_ticket(SSL *s, const PACKET *ext, const PACKET *session_id, */ s->tlsext_ticket_expected = 1; retv = 1; - goto end; + continue; } if (s->tls_session_secret_cb) { /* @@ -2978,7 +3011,7 @@ int tls1_process_ticket(SSL *s, const PACKET *ext, const PACKET *session_id, * calculate the master secret later. */ retv = 2; - goto end; + continue; } if (!PACKET_get_bytes(&local_ext, &etick, size)) { /* Shouldn't ever happen */ @@ -3003,15 +3036,18 @@ int tls1_process_ticket(SSL *s, const PACKET *ext, const PACKET *session_id, retv = -1; break; } - goto end; + continue; } else { + if (type == TLSEXT_TYPE_extended_master_secret) + s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS; if (!PACKET_forward(&local_ext, size)) { retv = -1; goto end; } } } - retv = 0; + if (have_ticket == 0) + retv = 0; end: return retv; } diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t new file mode 100644 index 0000000..cdda7f8 --- /dev/null +++ b/test/recipes/70-test_tlsextms.t @@ -0,0 +1,273 @@ +#!/usr/bin/perl +# Written by Stephen Henson for the OpenSSL project. +# ==================================================================== +# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# openssl-core at openssl.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.openssl.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== +# +# This product includes cryptographic software written by Eric Young +# (eay at cryptsoft.com). This product includes software written by Tim +# Hudson (tjh at cryptsoft.com). + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr top_file top_dir/; +use TLSProxy::Proxy; +use File::Temp qw(tempfile); + +my $test_name = "test_tlsextms"; +setup($test_name); + +plan skip_all => "$test_name can only be performed with OpenSSL configured shared" + unless (map { s/\R//; s/^SHARED_LIBS=\s*//; $_ } + grep { /^SHARED_LIBS=/ } + do { local @ARGV = ( top_file("Makefile") ); <> })[0] ne ""; + +$ENV{OPENSSL_ENGINES} = top_dir("engines"); +$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; + +sub checkmessages($$$$$); +sub setrmextms($$); +sub clearall(); + +my $crmextms = 0; +my $srmextms = 0; +my $cextms = 0; +my $sextms = 0; +my $fullhand = 0; + +my $proxy = TLSProxy::Proxy->new( + \&extms_filter, + cmdstr(app(["openssl"])), + top_file("apps", "server.pem"), + 1 +); + +plan tests => 9; + +#Test 1: By default server and client should send extended master secret +# extension. +#Expected result: ClientHello extension seen; ServerHello extension seen +# Full handshake + +setrmextms(0, 0); +$proxy->start(); +checkmessages(1, "Default extended master secret test", 1, 1, 1); + +#Test 2: If client omits extended master secret extension, server should too. +#Expected result: ClientHello extension not seen; ServerHello extension not seen +# Full handshake + +clearall(); +setrmextms(1, 0); +$proxy->start(); +checkmessages(2, "No client extension extended master secret test", 0, 0, 1); + +# Test 3: same as 1 but with session tickets disabled. +# Expected result: same as test 1. + +clearall(); +$proxy->clientflags("-no_ticket"); +setrmextms(0, 0); +$proxy->start(); +checkmessages(3, "No ticket extended master secret test", 1, 1, 1); + +# Test 4: same as 2 but with session tickets disabled. +# Expected result: same as test 2. + +clearall(); +$proxy->clientflags("-no_ticket"); +setrmextms(1, 0); +$proxy->start(); +checkmessages(2, "No ticket, no client extension extended master secret test", 0, 0, 1); + +#Test 5: Session resumption extended master secret test +# +#Expected result: ClientHello extension seen; ServerHello extension seen +# Abbreviated handshake + +clearall(); +setrmextms(0, 0); +(my $fh, my $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +$proxy->clientstart(); +checkmessages(5, "Session resumption extended master secret test", 1, 1, 0); + +#Test 6: Session resumption extended master secret test orginial session +# omits extension. Server must not resume session. +#Expected result: ClientHello extension seen; ServerHello extension seen +# Full handshake + +clearall(); +setrmextms(1, 0); +($fh, $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +setrmextms(0, 0); +$proxy->clientstart(); +checkmessages(6, "Session resumption extended master secret test", 1, 1, 1); + +#Test 7: Session resumption extended master secret test resumed session +# omits client extension. Server must abort connection. +#Expected result: aborted connection. + +clearall(); +setrmextms(0, 0); +($fh, $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +setrmextms(1, 0); +$proxy->clientstart(); +ok(TLSProxy::Message->fail(), "Client inconsistent session resupmption"); + +#Test 8: Session resumption extended master secret test resumed session +# omits server extension. Client must abort connection. +#Expected result: aborted connection. + +clearall(); +setrmextms(0, 0); +($fh, $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +setrmextms(0, 1); +$proxy->clientstart(); +ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 1"); + +#Test 9: Session resumption extended master secret test initial session +# omits server extension. Client must abort connection. +#Expected result: aborted connection. + +clearall(); +setrmextms(0, 1); +($fh, $session) = tempfile(); +$proxy->serverconnects(2); +$proxy->clientflags("-sess_out ".$session); +$proxy->start(); +$proxy->clear(); +$proxy->clientflags("-sess_in ".$session); +setrmextms(0, 0); +$proxy->clientstart(); +ok(TLSProxy::Message->fail(), "Server inconsistent session resumption 2"); + +sub extms_filter +{ + my $proxy = shift; + + foreach my $message (@{$proxy->message_list}) { + if ($crmextms && $message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + $message->delete_extension(TLSProxy::ClientHello::EXT_EXTENDED_MASTER_SECRET); + $message->repack(); + } + if ($srmextms && $message->mt == TLSProxy::Message::MT_SERVER_HELLO) { + $message->delete_extension(TLSProxy::ClientHello::EXT_EXTENDED_MASTER_SECRET); + $message->repack(); + } + } +} + +sub checkmessages($$$$$) +{ + my ($testno, $testname, $testcextms, $testsextms, $testhand) = @_; + + subtest $testname => sub { + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO + || $message->mt == TLSProxy::Message::MT_SERVER_HELLO) { + #Get the extensions data + my %extensions = %{$message->extension_data}; + if (defined + $extensions{TLSProxy::ClientHello::EXT_EXTENDED_MASTER_SECRET}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + $cextms = 1; + } else { + $sextms = 1; + } + } + } elsif ($message->mt == TLSProxy::Message::MT_CLIENT_KEY_EXCHANGE) { + #Must be doing a full handshake + $fullhand = 1; + } + } + + plan tests => 4; + + ok(TLSProxy::Message->success, "Handshake"); + + ok($testcextms == $cextms, + "ClientHello extension extended master secret check"); + ok($testsextms == $sextms, + "ServerHello extension extended master secret check"); + ok($testhand == $fullhand, + "Extended master secret full handshake check"); + + } +} + +sub setrmextms($$) +{ + ($crmextms, $srmextms) = @_; +} + +sub clearall() +{ + $cextms = 0; + $sextms = 0; + $fullhand = 0; + $proxy->clear(); +} diff --git a/util/TLSProxy/ClientHello.pm b/util/TLSProxy/ClientHello.pm index 0b7dbbc..c6f3c3f 100644 --- a/util/TLSProxy/ClientHello.pm +++ b/util/TLSProxy/ClientHello.pm @@ -59,6 +59,7 @@ use parent 'TLSProxy::Message'; use constant { EXT_ENCRYPT_THEN_MAC => 22, + EXT_EXTENDED_MASTER_SECRET => 23, EXT_SESSION_TICKET => 35 }; @@ -70,7 +71,7 @@ sub new $records, $startoffset, $message_frag_lens) = @_; - + my $self = $class->SUPER::new( $server, 1, @@ -118,7 +119,7 @@ sub parse #For now we just deal with this as a block of data. In the future we will #want to parse this my $extension_data = substr($self->data, $ptr); - + if (length($extension_data) != $extensions_len) { die "Invalid extension length\n"; } @@ -169,6 +170,7 @@ sub set_message_contents { my $self = shift; my $data; + my $extensions = ""; $data = pack('n', $self->client_version); $data .= $self->random; @@ -178,14 +180,17 @@ sub set_message_contents $data .= pack("n*", @{$self->ciphersuites}); $data .= pack('C', $self->comp_meth_len); $data .= pack("C*", @{$self->comp_meths}); - $data .= pack('n', $self->extensions_len); + foreach my $key (keys %{$self->extension_data}) { my $extdata = ${$self->extension_data}{$key}; - $data .= pack("n", $key); - $data .= pack("n", length($extdata)); - $data .= $extdata; + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; } + $data .= pack('n', length($extensions)); + $data .= $extensions; + $self->data($data); } @@ -270,4 +275,9 @@ sub extension_data } return $self->{extension_data}; } +sub delete_extension +{ + my ($self, $ext_type) = @_; + delete $self->{extension_data}{$ext_type}; +} 1; diff --git a/util/TLSProxy/ServerHello.pm b/util/TLSProxy/ServerHello.pm index 56b8a34..487538a 100644 --- a/util/TLSProxy/ServerHello.pm +++ b/util/TLSProxy/ServerHello.pm @@ -230,4 +230,9 @@ sub set_extension my ($self, $ext_type, $ext_data) = @_; $self->{extension_data}{$ext_type} = $ext_data; } +sub delete_extension +{ + my ($self, $ext_type) = @_; + delete $self->{extension_data}{$ext_type}; +} 1; From steve at openssl.org Tue Dec 8 17:15:57 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 08 Dec 2015 17:15:57 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449594957.515279.4867.nullmailer@dev.openssl.org> The branch master has been updated via d05775d7034d97c46faf06349c114ed6ad01ebbe (commit) from 42a8b3f90aef8eb2e9d5c7f9c7cb7f8ae1a3ace2 (commit) - Log ----------------------------------------------------------------- commit d05775d7034d97c46faf06349c114ed6ad01ebbe Author: Dr. Stephen Henson Date: Tue Dec 8 16:49:12 2015 +0000 Update NEWS Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: NEWS | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index c5cb71b..995370e 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,8 @@ Major changes between OpenSSL 1.0.2e and OpenSSL 1.1.0 [under development] - o + o Support for extended master secret + o CCM ciphersuites Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015] From builds at travis-ci.org Tue Dec 8 17:23:41 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 08 Dec 2015 17:23:41 +0000 Subject: [openssl-commits] Errored: openssl/openssl#822 (master - 42a8b3f) In-Reply-To: Message-ID: <5667121d404fd_33fcfb31815ec949fa@9e3c2246-e88c-4f83-9a16-f8dc0fbc98d6.mail> Build Update for openssl/openssl ------------------------------------- Build: #822 Status: Errored Duration: 46 minutes and 36 seconds Commit: 42a8b3f (master) Author: Dr. Stephen Henson Message: Extended master secret test script. Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/686cf15e9dfd...42a8b3f90aef View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95613762 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Dec 8 18:05:30 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 08 Dec 2015 18:05:30 +0000 Subject: [openssl-commits] Errored: openssl/openssl#823 (master - d05775d) In-Reply-To: Message-ID: <56671be7af21f_33fe2f593ef6410977dd@5dfca64c-ca78-41e9-8ea7-db921960298e.mail> Build Update for openssl/openssl ------------------------------------- Build: #823 Status: Errored Duration: 32 minutes and 36 seconds Commit: d05775d (master) Author: Dr. Stephen Henson Message: Update NEWS Reviewed-by: Matt Caswell View the changeset: https://github.com/openssl/openssl/compare/42a8b3f90aef...d05775d7034d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95622484 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Dec 8 20:04:59 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 Dec 2015 20:04:59 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1449605099.551650.10902.nullmailer@dev.openssl.org> The branch master has been updated via 3cd7aef34d0d414d27ab00abadb99265a2cffde9 (commit) via 382af61f6213e975b4c2a50fd8b9fedd23d86ab5 (commit) via 4d3c30a1799bf7b4dc7223b84417c4de992a6b9c (commit) from d05775d7034d97c46faf06349c114ed6ad01ebbe (commit) - Log ----------------------------------------------------------------- commit 3cd7aef34d0d414d27ab00abadb99265a2cffde9 Author: Richard Levitte Date: Tue Dec 8 15:34:52 2015 +0100 Not all 'find's know -xtype, use -type instead Reviewed-by: Rich Salz commit 382af61f6213e975b4c2a50fd8b9fedd23d86ab5 Author: Richard Levitte Date: Tue Dec 8 12:43:05 2015 +0100 Adapt the OS X build to use the OS X tar As part of this, move release creation to a script to be called from .travis.yml. That makes it much easier to test outside of travis. Reviewed-by: Rich Salz commit 4d3c30a1799bf7b4dc7223b84417c4de992a6b9c Author: Richard Levitte Date: Tue Dec 8 12:42:27 2015 +0100 Make it possible to affect the way dists are made Introducing DISTTARVARS to propagate changed variables down to the tar-making target. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: .travis-create-release.sh | 10 ++++++++++ .travis.yml | 2 +- Makefile.org | 5 ++--- 3 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 .travis-create-release.sh diff --git a/.travis-create-release.sh b/.travis-create-release.sh new file mode 100644 index 0000000..0404fc1 --- /dev/null +++ b/.travis-create-release.sh @@ -0,0 +1,10 @@ +#! /bin/sh + +# $1 is expected to be $TRAVIS_OS_NAME + +if [ "$1" == osx ]; then + make -f Makefile.org \ + DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist +else + make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist +fi diff --git a/.travis.yml b/.travis.yml index 61f7c4a..b16998b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -68,7 +68,7 @@ matrix: env: CONFIG_OPTS="--debug --strict-warnings" before_script: - - make -f Makefile.org TARFILE=_srcdist.tar NAME=_srcdist dist + - sh .travis-create-release.sh $TRAVIS_OS_NAME - tar -xvzf _srcdist.tar.gz - cd _srcdist - if [ "$CC" == i686-w64-mingw32-gcc ]; then diff --git a/Makefile.org b/Makefile.org index b0d2fcf..1c604f1 100644 --- a/Makefile.org +++ b/Makefile.org @@ -500,7 +500,7 @@ TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ $(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \! -name '*test' \! -name '.#*' \! -name '*~' \! -xtype l \ + \! -name '*test' \! -name '.#*' \! -name '*~' \! -type l \ | sort > $(TARFILE).list tar: $(TARFILE).list @@ -519,8 +519,7 @@ tar-snap: $(TARFILE).list dist: $(PERL) Configure dist @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' \ - TARFILE='$(TARFILE)' NAME='$(NAME)' tar + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar install: all install_docs install_sw From levitte at openssl.org Tue Dec 8 20:06:44 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 Dec 2015 20:06:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1449605204.504550.16021.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 5ff0cfa517de5c385752f695be938cc29f6b069d (commit) via 02d013e6213b57bf23ba70373f634feb8532a5f3 (commit) via 89cd4fb5e9ff1018fd5502dc10de2be8ce0cccd8 (commit) from c44844d928ad3c471c8dbe8baf2df8957900125b (commit) - Log ----------------------------------------------------------------- commit 5ff0cfa517de5c385752f695be938cc29f6b069d Author: Richard Levitte Date: Tue Dec 8 15:34:52 2015 +0100 Not all 'find's know -xtype, use -type instead Reviewed-by: Rich Salz (cherry picked from commit 3cd7aef34d0d414d27ab00abadb99265a2cffde9) commit 02d013e6213b57bf23ba70373f634feb8532a5f3 Author: Richard Levitte Date: Tue Dec 8 12:43:05 2015 +0100 Adapt the OS X build to use the OS X tar As part of this, move release creation to a script to be called from .travis.yml. That makes it much easier to test outside of travis. Reviewed-by: Rich Salz (cherry picked from commit 382af61f6213e975b4c2a50fd8b9fedd23d86ab5) commit 89cd4fb5e9ff1018fd5502dc10de2be8ce0cccd8 Author: Richard Levitte Date: Tue Dec 8 12:42:27 2015 +0100 Make it possible to affect the way dists are made Introducing DISTTARVARS to propagate changed variables down to the tar-making target. Reviewed-by: Rich Salz (cherry picked from commit 4d3c30a1799bf7b4dc7223b84417c4de992a6b9c) ----------------------------------------------------------------------- Summary of changes: .travis-create-release.sh | 10 ++++++++++ .travis.yml | 2 +- Makefile.org | 5 ++--- 3 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 .travis-create-release.sh diff --git a/.travis-create-release.sh b/.travis-create-release.sh new file mode 100644 index 0000000..0404fc1 --- /dev/null +++ b/.travis-create-release.sh @@ -0,0 +1,10 @@ +#! /bin/sh + +# $1 is expected to be $TRAVIS_OS_NAME + +if [ "$1" == osx ]; then + make -f Makefile.org \ + DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist +else + make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist +fi diff --git a/.travis.yml b/.travis.yml index 6a2d745..c46716b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ matrix: env: CONFIG_OPTS="-d --strict-warnings" before_script: - - make -f Makefile.org TARFILE=_srcdist.tar NAME=_srcdist dist + - sh .travis-create-release.sh $TRAVIS_OS_NAME - tar -xvzf _srcdist.tar.gz - cd _srcdist - if [ "$CC" == i686-w64-mingw32-gcc ]; then diff --git a/Makefile.org b/Makefile.org index e035fc4..d2deca5 100644 --- a/Makefile.org +++ b/Makefile.org @@ -506,7 +506,7 @@ TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ $(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \! -name '*test' \! -name '.#*' \! -name '*~' \! -xtype l \ + \! -name '*test' \! -name '.#*' \! -name '*~' \! -type l \ | sort > $(TARFILE).list tar: $(TARFILE).list @@ -525,8 +525,7 @@ tar-snap: $(TARFILE).list dist: $(PERL) Configure dist @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' \ - TARFILE='$(TARFILE)' NAME='$(NAME)' tar + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar install: all install_docs install_sw From levitte at openssl.org Tue Dec 8 20:06:49 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 08 Dec 2015 20:06:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1449605209.463638.16333.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via a19244a433a340275425a7fa6b85e4920eb32430 (commit) via cf269a1a0e8ee9572e1d804449565fb749b6a968 (commit) via 4305622736dbbf63efe1637228ceeeb8a1132157 (commit) from 66a1ccf494b8fe1b842cd7bdda2d1a025d325753 (commit) - Log ----------------------------------------------------------------- commit a19244a433a340275425a7fa6b85e4920eb32430 Author: Richard Levitte Date: Tue Dec 8 15:34:52 2015 +0100 Not all 'find's know -xtype, use -type instead Reviewed-by: Rich Salz (cherry picked from commit 3cd7aef34d0d414d27ab00abadb99265a2cffde9) commit cf269a1a0e8ee9572e1d804449565fb749b6a968 Author: Richard Levitte Date: Tue Dec 8 12:43:05 2015 +0100 Adapt the OS X build to use the OS X tar As part of this, move release creation to a script to be called from .travis.yml. That makes it much easier to test outside of travis. Reviewed-by: Rich Salz (cherry picked from commit 382af61f6213e975b4c2a50fd8b9fedd23d86ab5) commit 4305622736dbbf63efe1637228ceeeb8a1132157 Author: Richard Levitte Date: Tue Dec 8 12:42:27 2015 +0100 Make it possible to affect the way dists are made Introducing DISTTARVARS to propagate changed variables down to the tar-making target. Reviewed-by: Rich Salz (cherry picked from commit 4d3c30a1799bf7b4dc7223b84417c4de992a6b9c) ----------------------------------------------------------------------- Summary of changes: .travis-create-release.sh | 10 ++++++++++ .travis.yml | 2 +- Makefile.org | 5 ++--- 3 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 .travis-create-release.sh diff --git a/.travis-create-release.sh b/.travis-create-release.sh new file mode 100644 index 0000000..0404fc1 --- /dev/null +++ b/.travis-create-release.sh @@ -0,0 +1,10 @@ +#! /bin/sh + +# $1 is expected to be $TRAVIS_OS_NAME + +if [ "$1" == osx ]; then + make -f Makefile.org \ + DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist +else + make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist +fi diff --git a/.travis.yml b/.travis.yml index 288a3f1..ad05909 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ matrix: env: CONFIG_OPTS="-d --strict-warnings" before_script: - - make -f Makefile.org TARFILE=_srcdist.tar NAME=_srcdist dist + - sh .travis-create-release.sh $TRAVIS_OS_NAME - tar -xvzf _srcdist.tar.gz - cd _srcdist - if [ "$CC" == i686-w64-mingw32-gcc ]; then diff --git a/Makefile.org b/Makefile.org index dbb7374..308a6e6 100644 --- a/Makefile.org +++ b/Makefile.org @@ -506,7 +506,7 @@ TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \ $(TARFILE).list: find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \ \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \ - \! -name '*test' \! -name '.#*' \! -name '*~' \! -xtype l \ + \! -name '*test' \! -name '.#*' \! -name '*~' \! -type l \ | sort > $(TARFILE).list tar: $(TARFILE).list @@ -525,8 +525,7 @@ tar-snap: $(TARFILE).list dist: $(PERL) Configure dist @$(MAKE) SDIRS='$(SDIRS)' clean - @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' \ - TARFILE='$(TARFILE)' NAME='$(NAME)' tar + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar install: all install_docs install_sw From builds at travis-ci.org Tue Dec 8 20:52:37 2015 From: builds at travis-ci.org (Travis CI) Date: Tue, 08 Dec 2015 20:52:37 +0000 Subject: [openssl-commits] Passed: openssl/openssl#824 (master - 3cd7aef) In-Reply-To: Message-ID: <566743152aba9_33fedc0efb88c5267d6@c71271e0-f745-4c9f-9970-974ac344d657.mail> Build Update for openssl/openssl ------------------------------------- Build: #824 Status: Passed Duration: 46 minutes and 35 seconds Commit: 3cd7aef (master) Author: Richard Levitte Message: Not all 'find's know -xtype, use -type instead Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/d05775d7034d...3cd7aef34d0d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/95655999 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From rsalz at openssl.org Tue Dec 8 21:05:10 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 08 Dec 2015 21:05:10 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1449608710.488603.13114.nullmailer@dev.openssl.org> The branch master has been updated via 1623aae7f4e9d53fb9e6a69817a46519f8dfeea1 (commit) from fcace5ea8033431af48292d859b0c23157c5bd3c (commit) - Log ----------------------------------------------------------------- commit 1623aae7f4e9d53fb9e6a69817a46519f8dfeea1 Author: Rich Salz Date: Tue Dec 8 16:04:57 2015 -0500 Add ACKNOWLEDGEMENTS content. ----------------------------------------------------------------------- Summary of changes: community/thanks.html | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/community/thanks.html b/community/thanks.html index 5e2ba3b..9a3b489 100644 --- a/community/thanks.html +++ b/community/thanks.html @@ -56,6 +56,21 @@
  • +

    We would like to identify and thank the following sponsors for + their past significant support of the OpenSSL project:

    + +