From no-reply at appveyor.com Fri Jun 1 14:28:17 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 01 Jun 2018 14:28:17 +0000 Subject: [openssl-commits] Build failed: openssl master.18257 Message-ID: <20180601142817.1.71CBBD2F50CBF4E7@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jun 1 15:06:06 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 01 Jun 2018 15:06:06 +0000 Subject: [openssl-commits] Build completed: openssl master.18258 Message-ID: <20180601150606.1.705098222FAC0B0D@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Jun 1 17:39:19 2018 From: levitte at openssl.org (Richard Levitte) Date: Fri, 01 Jun 2018 17:39:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527874759.439675.17030.nullmailer@dev.openssl.org> The branch master has been updated via 166f0082e7ce53ed608d8519526b99893ca7925e (commit) from 5eb774324a14b03835020bb3ae2e1c6c92515db0 (commit) - Log ----------------------------------------------------------------- commit 166f0082e7ce53ed608d8519526b99893ca7925e Author: Richard Levitte Date: Thu May 24 20:44:45 2018 +0200 STORE: split off the description of the 'file' scheme loader This includes a quick recommendation on how to name loader docmentation. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6350) ----------------------------------------------------------------------- Summary of changes: doc/man7/ossl_store-file.pod | 74 ++++++++++++++++++++++++++++++++++++++++++++ doc/man7/ossl_store.pod | 26 ++-------------- 2 files changed, 76 insertions(+), 24 deletions(-) create mode 100644 doc/man7/ossl_store-file.pod diff --git a/doc/man7/ossl_store-file.pod b/doc/man7/ossl_store-file.pod new file mode 100644 index 0000000..1378427 --- /dev/null +++ b/doc/man7/ossl_store-file.pod @@ -0,0 +1,74 @@ +=pod + +=begin comment + +This is a recommended way to describe OSSL_STORE loaders, +"ossl_store-{name}", where {name} is replaced with the name of the +scheme it implements, in man section 7. + +=end comment + +=head1 NAME + +ossl_store-file - The store 'file' scheme loader + +=head1 SYNOPSIS + +=for comment generic + +#include + +=head1 DESCRIPTION + +Support for the 'file' scheme is built into C. +Since files come in all kinds of formats and content types, the 'file' +scheme has its own layer of functionality called "file handlers", +which are used to try to decode diverse types of file contents. + +In case a file is formatted as PEM, each called file handler receives +the PEM name (everything following any 'C<-----BEGIN >') as well as +possible PEM headers, together with the decoded PEM body. Since PEM +formatted files can contain more than one object, the file handlers +are called upon for each such object. + +If the file isn't determined to be formatted as PEM, the content is +loaded in raw form in its entirety and passed to the available file +handlers as is, with no PEM name or headers. + +Each file handler is expected to handle PEM and non-PEM content as +appropriate. Some may refuse non-PEM content for the sake of +determinism (for example, there are keys out in the wild that are +represented as an ASN.1 OCTET STRING. In raw form, it's not easily +possible to distinguish those from any other data coming as an ASN.1 +OCTET STRING, so such keys would naturally be accepted as PEM files +only). + +=head1 NOTES + +When needed, the 'file' scheme loader will require a pass phrase by +using the C that was passed via OSSL_STORE_open(). +This pass phrase is used as it is, which may present some challenge +when the file that's loaded contains a PKCS#12 object. +See L for more information. + +=begin comment + +The treatment of pass phrases is currently being worked on and may +change. + +=end comment + +=head1 SEE ALSO + +L, L + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/ossl_store.pod b/doc/man7/ossl_store.pod index 98cc04f..efa4780 100644 --- a/doc/man7/ossl_store.pod +++ b/doc/man7/ossl_store.pod @@ -30,30 +30,8 @@ from which an OpenSSL type can be retrieved. Support for a URI scheme is called a STORE "loader", and can be added dynamically from the calling application or from a loadable engine. -=head2 The 'file' scheme - -Support for the 'file' scheme is already built into C. -Since files come in all kinds of formats and content types, the 'file' -scheme has its own layer of functionality called "file handlers", -which are used to try to decode diverse types of file contents. - -In case a file is formatted as PEM, each called file handler receives -the PEM name (everything following any 'C<-----BEGIN >') as well as -possible PEM headers, together with the decoded PEM body. Since PEM -formatted files can contain more than one object, the file handlers -are called upon for each such object. - -If the file isn't determined to be formatted as PEM, the content is -loaded in raw form in its entirety and passed to the available file -handlers as is, with no PEM name or headers. - -Each file handler is expected to handle PEM and non-PEM content as -appropriate. Some may refuse non-PEM content for the sake of -determinism (for example, there are keys out in the wild that are -represented as an ASN.1 OCTET STRING. In raw form, it's not easily -possible to distinguish those from any other data coming as an ASN.1 -OCTET STRING, so such keys would naturally be accepted as PEM files -only). +Support for the 'file' scheme is built into C. +See L for more information. =head1 EXAMPLES From no-reply at appveyor.com Fri Jun 1 20:31:44 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 01 Jun 2018 20:31:44 +0000 Subject: [openssl-commits] Build failed: openssl master.18263 Message-ID: <20180601203144.1.835EF59472B8DBD2@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jun 1 23:38:48 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 01 Jun 2018 23:38:48 +0000 Subject: [openssl-commits] Build completed: openssl master.18264 Message-ID: <20180601233848.1.8C244497D89E2CBA@appveyor.com> An HTML attachment was scrubbed... URL: From rsalz at openssl.org Sat Jun 2 18:57:47 2018 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 Jun 2018 18:57:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527965867.830598.3877.nullmailer@dev.openssl.org> The branch master has been updated via 886c2e614fc1e78e658122bf6f6bccdd7dd23857 (commit) from 166f0082e7ce53ed608d8519526b99893ca7925e (commit) - Log ----------------------------------------------------------------- commit 886c2e614fc1e78e658122bf6f6bccdd7dd23857 Author: Rich Salz Date: Sat Jun 2 14:57:34 2018 -0400 Make OS/X more explicit, to avoid questions Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6404) ----------------------------------------------------------------------- Summary of changes: INSTALL | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 52e3f2a..77de570 100644 --- a/INSTALL +++ b/INSTALL @@ -2,7 +2,7 @@ -------------------- This document describes installation on all supported operating - systems (the Linux/Unix family, OpenVMS and Windows) + systems (the Linux/Unix family including Mac OS/X, OpenVMS and Windows) To install OpenSSL, you will need: @@ -76,7 +76,7 @@ If you want to just get on with it, do: - on Unix: + on Unix (again, this includes Mac OS/X): $ ./config $ make From rsalz at openssl.org Sat Jun 2 20:17:47 2018 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 Jun 2018 20:17:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1527970667.507434.12911.nullmailer@dev.openssl.org> The branch master has been updated via 6da34cfbddede5e46f9c9183b724c99999dcfb41 (commit) from 886c2e614fc1e78e658122bf6f6bccdd7dd23857 (commit) - Log ----------------------------------------------------------------- commit 6da34cfbddede5e46f9c9183b724c99999dcfb41 Author: Ken Goldman Date: Sat Jun 2 16:17:32 2018 -0400 Document failure return for ECDSA_SIG_new ECDSA_SIG_new() returns NULL on error. Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6398) ----------------------------------------------------------------------- Summary of changes: doc/man3/ECDSA_SIG_new.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod index 72962f0..0bf63f8 100644 --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -121,6 +121,8 @@ returned as a newly allocated B structure (or NULL on error). =head1 RETURN VALUES +ECDSA_SIG_new() returns NULL if the allocation fails. + ECDSA_SIG_set0() returns 1 on success or 0 on failure. ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, From rsalz at openssl.org Sat Jun 2 20:19:37 2018 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 Jun 2018 20:19:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1527970777.373314.14088.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 78641aacb777147eeca698faf1376761d005ad39 (commit) from 13b578ada3106a4ce9b836f167ee520539f5fa8f (commit) - Log ----------------------------------------------------------------- commit 78641aacb777147eeca698faf1376761d005ad39 Author: Ken Goldman Date: Sat Jun 2 16:17:32 2018 -0400 Document failure return for ECDSA_SIG_new ECDSA_SIG_new() returns NULL on error. Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6398) (cherry picked from commit 6da34cfbddede5e46f9c9183b724c99999dcfb41) ----------------------------------------------------------------------- Summary of changes: doc/crypto/ECDSA_SIG_new.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/crypto/ECDSA_SIG_new.pod b/doc/crypto/ECDSA_SIG_new.pod index 9e1f662..3920b96 100644 --- a/doc/crypto/ECDSA_SIG_new.pod +++ b/doc/crypto/ECDSA_SIG_new.pod @@ -114,6 +114,8 @@ returned as a newly allocated B structure (or NULL on error). =head1 RETURN VALUES +ECDSA_SIG_new() returns NULL if the allocation fails. + ECDSA_SIG_set0() returns 1 on success or 0 on failure. ECDSA_size() returns the maximum length signature or 0 on error. From rsalz at openssl.org Sat Jun 2 20:24:00 2018 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 Jun 2018 20:24:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1527971040.230211.15699.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 278f65eeabb28279661927ecbcc23e95aad34948 (commit) from 1ac3cd6277f880fac4df313702d5e3b3814e56e2 (commit) - Log ----------------------------------------------------------------- commit 278f65eeabb28279661927ecbcc23e95aad34948 Author: Ken Goldman Date: Sat Jun 2 16:22:04 2018 -0400 Document failure return of ECDSA_SIG_new ECDSA_SIG_new() returns NULL on error. Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6398) (cherry picked from commit 6da34cfbddede5e46f9c9183b724c99999dcfb41) ----------------------------------------------------------------------- Summary of changes: doc/crypto/ecdsa.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod index 46c071b..5708d90 100644 --- a/doc/crypto/ecdsa.pod +++ b/doc/crypto/ecdsa.pod @@ -112,6 +112,8 @@ using the public key B. =head1 RETURN VALUES +ECDSA_SIG_new() returns NULL if the allocation fails. + ECDSA_size() returns the maximum length signature or 0 on error. ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or 0 From scan-admin at coverity.com Sun Jun 3 07:30:33 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 03 Jun 2018 07:30:33 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b139918de906_6a6b2ab1dd750f587147f@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I06XX3wUYm9Y55O3h7kI6-2BXnnY-2FS4T66SIgGoK6K5pqRsG-2F5-2BO3RxTLGwR3r7nPDqx7nZVy-2FTZoQTq1i6HgzNDdAMpuzfUgT-2FFm7gu-2F4n8TR6WKMhQd6Wc-2F0-2BngGuKrVpl2853Bz7ORjwNqT8W725UYj-2Fz5LdkiF5z84CdRihs84-2BlUj1TGI9E5l9mv7H88xG8-3D Build ID: 213754 Analysis Summary: New defects found: 0 Defects eliminated: 10 From scan-admin at coverity.com Sun Jun 3 07:46:15 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 03 Jun 2018 07:46:15 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b139cc6665a4_74bf2ab1dd750f587145@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3Epoukly8II-2BYaZhRIiOb-2FBU-2BSLWgUPwMhLHf6eBh3FtHlQ2JgqyXeeiqWGBUwc4ZDCCj735CCL3z2USb3Ib4IbS65BhpSl3mtFvWOuvw-2BCeootFUuMT-2BJXZAiQz0AQts1PXE6FM9MRUJcYy-2FXY3a7vc-2BfVhLgmoMUJOOCsbL5WWmKNNoPv-2FdUEuv1-2Fm6TiW4-3D Build ID: 213757 Analysis Summary: New defects found: 0 Defects eliminated: 0 From kurt at openssl.org Sun Jun 3 10:18:17 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Sun, 03 Jun 2018 10:18:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528021097.838478.5396.nullmailer@dev.openssl.org> The branch master has been updated via 1e653d0ff7fc2e06a1cb1e05c01feecde84e67d3 (commit) via 2545f9446e4a924548f393cc9e7391e6b10ed1b5 (commit) via cf0891b8f1e85d130084c90661b7e05f4e90ec78 (commit) via 8f57662771356882561b98d6add06a16dc479f9b (commit) from 6da34cfbddede5e46f9c9183b724c99999dcfb41 (commit) - Log ----------------------------------------------------------------- commit 1e653d0ff7fc2e06a1cb1e05c01feecde84e67d3 Author: Kurt Roeckx Date: Sat Jun 2 18:15:32 2018 +0200 Fix checking the return value of getentropy() Reviewed-by: Andy Polyakov GH: #6405 commit 2545f9446e4a924548f393cc9e7391e6b10ed1b5 Author: Kurt Roeckx Date: Sat Jun 2 17:54:29 2018 +0200 Remove support for calling getrandom(), we now always call getentropy() Only Linux and FreeBSD provide getrandom(), but they both also provide getentropy() since the same version and we already tried to call that. Reviewed-by: Andy Polyakov GH: #6405 commit cf0891b8f1e85d130084c90661b7e05f4e90ec78 Author: Kurt Roeckx Date: Sat Jun 2 17:50:16 2018 +0200 Look up availability of getentropy() at runtime. This will actually support most OSs, and at least adds support for Solaris and OSX Fixes: #6403 Reviewed-by: Andy Polyakov GH: #6405 commit 8f57662771356882561b98d6add06a16dc479f9b Author: Kurt Roeckx Date: Sat Jun 2 15:22:13 2018 +0200 Add support for KERN_ARND to get random bytes on NetBSD Reviewed-by: Andy Polyakov GH: #6405 ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 70 +++++++++++++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 29 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 1f0084d..9f17494 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -15,6 +15,7 @@ #include "rand_lcl.h" #include "internal/rand_int.h" #include +#include "internal/dso.h" #if defined(__linux) # include #endif @@ -23,7 +24,7 @@ # include # include #endif -#if defined(__OpenBSD__) +#if defined(__OpenBSD__) || defined(__NetBSD__) # include #endif #ifdef OPENSSL_SYS_UNIX @@ -163,20 +164,6 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # error "Seeding uses urandom but DEVRANDOM is not configured" # endif -# if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 25) -# define OPENSSL_HAVE_GETRANDOM -# endif -# endif - -# if (defined(__FreeBSD__) && __FreeBSD_version >= 1200061) -# define OPENSSL_HAVE_GETRANDOM -# endif - -# if defined(OPENSSL_HAVE_GETRANDOM) -# include -# endif - # if defined(OPENSSL_RAND_SEED_OS) # if !defined(DEVRANDOM) # error "OS seeding requires DEVRANDOM to be configured" @@ -189,7 +176,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # error "librandom not (yet) supported" # endif -# if defined(__FreeBSD__) && defined(KERN_ARND) +# if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) /* * sysctl_random(): Use sysctl() to read a random number from the kernel * Returns the size on success, 0 on failure. @@ -201,14 +188,25 @@ static size_t sysctl_random(char *buf, size_t buflen) size_t len; /* - * Old implementations returned longs, newer versions support variable - * sizes up to 256 byte. The code below would not work properly when - * the sysctl returns long and we want to request something not a multiple - * of longs, which should never be the case. + * On FreeBSD old implementations returned longs, newer versions support + * variable sizes up to 256 byte. The code below would not work properly + * when the sysctl returns long and we want to request something not a + * multiple of longs, which should never be the case. */ if (!ossl_assert(buflen % sizeof(long) == 0)) return 0; + /* + * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only + * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0 + * it returns a variable number of bytes with the current version supporting + * up to 256 bytes. + * Just return an error on older NetBSD versions. + */ +#if defined(__NetBSD__) && __NetBSD_Version__ < 400000000 + return 0; +#endif + mib[0] = CTL_KERN; mib[1] = KERN_ARND; @@ -231,23 +229,37 @@ static size_t sysctl_random(char *buf, size_t buflen) */ int syscall_random(void *buf, size_t buflen) { -# if defined(OPENSSL_HAVE_GETRANDOM) - return (int)getrandom(buf, buflen, 0); -# endif + union { + void *p; + int (*f)(void *buffer, size_t length); + } p_getentropy; + + /* + * Do runtime detection to find getentropy(). + * + * We could cache the result of the lookup, but we normally don't + * call this function often. + * + * Known OSs that should support this: + * - Darwin since 16 (OSX 10.12, IOS 10.0). + * - Solaris since 11.3 + * - OpenBSD since 5.6 + * - Linux since 3.17 with glibc 2.25 + * - FreeBSD since 12.0 (1200061) + */ + p_getentropy.p = DSO_global_lookup("getentropy"); + if (p_getentropy.p != NULL) + return p_getentropy.f(buf, buflen) == 0 ? buflen : 0; + /* Linux supports this since version 3.17 */ # if defined(__linux) && defined(SYS_getrandom) return (int)syscall(SYS_getrandom, buf, buflen, 0); # endif -# if defined(__FreeBSD__) && defined(KERN_ARND) +# if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) return (int)sysctl_random(buf, buflen); # endif - /* Supported since OpenBSD 5.6 */ -# if defined(__OpenBSD__) && OpenBSD >= 201411 - return getentropy(buf, buflen); -# endif - return -1; } From appro at openssl.org Sun Jun 3 19:17:48 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 03 Jun 2018 19:17:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528053468.192691.17121.nullmailer@dev.openssl.org> The branch master has been updated via 9a708bf982da1d2c9739339d16d7b021da955e00 (commit) via c1b2569d234c1247d2a7a3338ca4568bc0a489a5 (commit) via c5307d9cc079f379ee0e2bc960abda73046cd4ec (commit) from 1e653d0ff7fc2e06a1cb1e05c01feecde84e67d3 (commit) - Log ----------------------------------------------------------------- commit 9a708bf982da1d2c9739339d16d7b021da955e00 Author: Andy Polyakov Date: Sun May 20 12:13:16 2018 +0200 {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. OPENSSL_memcmp is a must in GCM decrypt and general-purpose loop takes quite a portion of execution time for short inputs, more than GHASH for few-byte inputs according to profiler. Special 16-byte case takes it off top five list in profiler output. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6312) commit c1b2569d234c1247d2a7a3338ca4568bc0a489a5 Author: Andy Polyakov Date: Sun May 20 12:02:39 2018 +0200 modes/gcm128.c: coalesce calls to GHASH. On contemporary platforms assembly GHASH processes multiple blocks faster than one by one. For TLS payloads shorter than 16 bytes, e.g. alerts, it's possible to reduce hashing operation to single call. And for block lengths not divisible by 16 - fold two final calls to one. Improvement is most noticeable with "reptoline", because call to assembly GHASH is indirect. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6312) commit c5307d9cc079f379ee0e2bc960abda73046cd4ec Author: Andy Polyakov Date: Sun May 20 11:54:24 2018 +0200 evp/e_aes.c: replace calls to one-liners with references in GCM. Even though calls can be viewed as styling improvement, they do come with cost. It's not big cost and shows only on short inputs, but it is measurable, 2-3% on some platforms. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6312) ----------------------------------------------------------------------- Summary of changes: crypto/arm64cpuid.pl | 13 +++ crypto/evp/e_aes.c | 73 +++++------- crypto/modes/gcm128.c | 280 +++++++++++++++++++++++++++++++++++++++++------ crypto/modes/modes_lcl.h | 3 + crypto/x86_64cpuid.pl | 12 ++ 5 files changed, 304 insertions(+), 77 deletions(-) diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl index daa2b17..06c8add 100755 --- a/crypto/arm64cpuid.pl +++ b/crypto/arm64cpuid.pl @@ -115,6 +115,19 @@ OPENSSL_cleanse: CRYPTO_memcmp: eor w3,w3,w3 cbz x2,.Lno_data // len==0? + cmp x2,#16 + b.ne .Loop_cmp + ldp x8,x9,[x0] + ldp x10,x11,[x1] + eor x8,x8,x10 + eor x9,x9,x11 + orr x8,x8,x9 + mov x0,#1 + cmp x8,#0 + csel x0,xzr,x0,eq + ret + +.align 4 .Loop_cmp: ldrb w4,[x0],#1 ldrb w5,[x1],#1 diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 951fc8f..eb37b4b 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -2814,8 +2814,8 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_INIT: gctx->key_set = 0; gctx->iv_set = 0; - gctx->ivlen = EVP_CIPHER_CTX_iv_length(c); - gctx->iv = EVP_CIPHER_CTX_iv_noconst(c); + gctx->ivlen = c->cipher->iv_len; + gctx->iv = c->iv; gctx->taglen = -1; gctx->iv_gen = 0; gctx->tls_aad_len = -1; @@ -2826,7 +2826,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { - if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) + if (gctx->iv != c->iv) OPENSSL_free(gctx->iv); if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) { EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); @@ -2837,17 +2837,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_AEAD_SET_TAG: - if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c)) + if (arg <= 0 || arg > 16 || c->encrypt) return 0; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); + memcpy(c->buf, ptr, arg); gctx->taglen = arg; return 1; case EVP_CTRL_AEAD_GET_TAG: - if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c) + if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) return 0; - memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg); + memcpy(ptr, c->buf, arg); return 1; case EVP_CTRL_GCM_SET_IV_FIXED: @@ -2865,8 +2865,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; if (arg) memcpy(gctx->iv, ptr, arg); - if (EVP_CIPHER_CTX_encrypting(c) - && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) + if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) return 0; gctx->iv_gen = 1; return 1; @@ -2887,8 +2886,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_GCM_SET_IV_INV: - if (gctx->iv_gen == 0 || gctx->key_set == 0 - || EVP_CIPHER_CTX_encrypting(c)) + if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) return 0; memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); @@ -2899,24 +2897,22 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) /* Save the AAD for later use */ if (arg != EVP_AEAD_TLS1_AAD_LEN) return 0; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); + memcpy(c->buf, ptr, arg); gctx->tls_aad_len = arg; { - unsigned int len = - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 - | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; + unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; /* Correct length for explicit IV */ if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) return 0; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too */ - if (!EVP_CIPHER_CTX_encrypting(c)) { + if (!c->encrypt) { if (len < EVP_GCM_TLS_TAG_LEN) return 0; len -= EVP_GCM_TLS_TAG_LEN; } - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; - EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; + c->buf[arg - 2] = len >> 8; + c->buf[arg - 1] = len & 0xff; } /* Extra padding: tag appended to record */ return EVP_GCM_TLS_TAG_LEN; @@ -2930,8 +2926,8 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; gctx_out->gcm.key = &gctx_out->ks; } - if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c)) - gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out); + if (gctx->iv == c->iv) + gctx_out->iv = out->iv; else { if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); @@ -2958,8 +2954,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, do { #ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { - HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &gctx->ks.ks); + HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) HWAES_encrypt); # ifdef HWAES_ctr32_encrypt_blocks @@ -2972,8 +2967,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE) { - AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &gctx->ks.ks); + AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) AES_encrypt); gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; @@ -2982,8 +2976,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &gctx->ks.ks); + vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) vpaes_encrypt); gctx->ctr = NULL; @@ -2992,8 +2985,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif (void)0; /* terminate potentially open 'else' */ - AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, - &gctx->ks.ks); + AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) AES_encrypt); #ifdef AES_CTR_ASM @@ -3045,19 +3037,18 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * Set IV from start of buffer or generate IV and write to start of * buffer. */ - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ? - EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, + if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN + : EVP_CTRL_GCM_SET_IV_INV, EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) goto err; /* Use saved AAD */ - if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), - gctx->tls_aad_len)) + if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) goto err; /* Fix buffer and length to point to payload */ in += EVP_GCM_TLS_EXPLICIT_IV_LEN; out += EVP_GCM_TLS_EXPLICIT_IV_LEN; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (ctx->encrypt) { /* Encrypt payload */ if (gctx->ctr) { size_t bulk = 0; @@ -3136,11 +3127,9 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, goto err; } /* Retrieve tag */ - CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), - EVP_GCM_TLS_TAG_LEN); + CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ - if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len, - EVP_GCM_TLS_TAG_LEN)) { + if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -3170,7 +3159,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out == NULL) { if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) return -1; - } else if (EVP_CIPHER_CTX_encrypting(ctx)) { + } else if (ctx->encrypt) { if (gctx->ctr) { size_t bulk = 0; #if defined(AES_GCM_ASM) @@ -3261,17 +3250,15 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } return len; } else { - if (!EVP_CIPHER_CTX_encrypting(ctx)) { + if (!ctx->encrypt) { if (gctx->taglen < 0) return -1; - if (CRYPTO_gcm128_finish(&gctx->gcm, - EVP_CIPHER_CTX_buf_noconst(ctx), - gctx->taglen) != 0) + if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) return -1; gctx->iv_set = 0; return 0; } - CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16); + CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); gctx->taglen = 16; /* Don't reuse the IV */ gctx->iv_set = 0; diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 4c8ae91..7a10eb2 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -986,7 +986,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, long one; char little; } is_endian = { 1 }; - unsigned int n, ctr; + unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; block128_f block = ctx->block; @@ -1004,9 +1004,23 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, return -1; ctx->len.u[1] = mlen; + mres = ctx->mres; + if (ctx->ares) { /* First call to encrypt finalizes GHASH(AAD) */ +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + if (len == 0) { + GCM_MUL(ctx); + ctx->ares = 0; + return 0; + } + memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + mres = sizeof(ctx->Xi); +#else GCM_MUL(ctx); +#endif ctx->ares = 0; } @@ -1019,28 +1033,48 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, else ctr = ctx->Yi.d[3]; - n = ctx->mres; + n = mres % 16; #if !defined(OPENSSL_SMALL_FOOTPRINT) if (16 % sizeof(size_t) == 0) { /* always true actually */ do { if (n) { +# if defined(GHASH) + while (n && len) { + ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n]; + --len; + n = (n + 1) % 16; + } + if (n == 0) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } else { + ctx->mres = mres; + return 0; + } +# else while (n && len) { ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; --len; n = (n + 1) % 16; } - if (n == 0) + if (n == 0) { GCM_MUL(ctx); - else { + mres = 0; + } else { ctx->mres = n; return 0; } +# endif } # if defined(STRICT_ALIGNMENT) if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) break; # endif # if defined(GHASH) + if (len >= 16 && mres) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } # if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -1128,13 +1162,21 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, # endif else ctx->Yi.d[3] = ctr; +# if defined(GHASH) + while (len--) { + ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n]; + ++n; + } +# else while (len--) { ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n]; ++n; } + mres = n; +# endif } - ctx->mres = n; + ctx->mres = mres; return 0; } while (0); } @@ -1152,13 +1194,22 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; } - ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n]; +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + ctx->Xn[mres++] = out[i] = in[i] ^ ctx->EKi.c[n]; n = (n + 1) % 16; + if (mres == sizeof(ctx->Xn)) { + GHASH(ctx,ctx->Xn,sizeof(ctx->Xn)); + mres = 0; + } +#else + ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n]; + mres = n = (n + 1) % 16; if (n == 0) GCM_MUL(ctx); +#endif } - ctx->mres = n; + ctx->mres = mres; return 0; } @@ -1170,7 +1221,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, long one; char little; } is_endian = { 1 }; - unsigned int n, ctr; + unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; block128_f block = ctx->block; @@ -1188,9 +1239,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, return -1; ctx->len.u[1] = mlen; + mres = ctx->mres; + if (ctx->ares) { /* First call to decrypt finalizes GHASH(AAD) */ +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + if (len == 0) { + GCM_MUL(ctx); + ctx->ares = 0; + return 0; + } + memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + mres = sizeof(ctx->Xi); +#else GCM_MUL(ctx); +#endif ctx->ares = 0; } @@ -1203,11 +1268,25 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, else ctr = ctx->Yi.d[3]; - n = ctx->mres; + n = mres % 16; #if !defined(OPENSSL_SMALL_FOOTPRINT) if (16 % sizeof(size_t) == 0) { /* always true actually */ do { if (n) { +# if defined(GHASH) + while (n && len) { + *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n]; + --len; + n = (n + 1) % 16; + } + if (n == 0) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } else { + ctx->mres = mres; + return 0; + } +# else while (n && len) { u8 c = *(in++); *(out++) = c ^ ctx->EKi.c[n]; @@ -1215,18 +1294,24 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, --len; n = (n + 1) % 16; } - if (n == 0) + if (n == 0) { GCM_MUL(ctx); - else { + mres = 0; + } else { ctx->mres = n; return 0; } +# endif } # if defined(STRICT_ALIGNMENT) if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) break; # endif # if defined(GHASH) + if (len >= 16 && mres) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } # if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -1315,15 +1400,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, # endif else ctx->Yi.d[3] = ctr; +# if defined(GHASH) + while (len--) { + out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n]; + ++n; + } +# else while (len--) { u8 c = in[n]; ctx->Xi.c[n] ^= c; out[n] = c ^ ctx->EKi.c[n]; ++n; } + mres = n; +# endif } - ctx->mres = n; + ctx->mres = mres; return 0; } while (0); } @@ -1342,15 +1435,24 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; } +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + out[i] = (ctx->Xn[mres++] = c = in[i]) ^ ctx->EKi.c[n]; + n = (n + 1) % 16; + if (mres == sizeof(ctx->Xn)) { + GHASH(ctx,ctx->Xn,sizeof(ctx->Xn)); + mres = 0; + } +#else c = in[i]; out[i] = c ^ ctx->EKi.c[n]; ctx->Xi.c[n] ^= c; - n = (n + 1) % 16; + mres = n = (n + 1) % 16; if (n == 0) GCM_MUL(ctx); +#endif } - ctx->mres = n; + ctx->mres = mres; return 0; } @@ -1365,7 +1467,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, long one; char little; } is_endian = { 1 }; - unsigned int n, ctr; + unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; void *key = ctx->key; @@ -1382,9 +1484,23 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, return -1; ctx->len.u[1] = mlen; + mres = ctx->mres; + if (ctx->ares) { /* First call to encrypt finalizes GHASH(AAD) */ +#if defined(GHASH) + if (len == 0) { + GCM_MUL(ctx); + ctx->ares = 0; + return 0; + } + memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + mres = sizeof(ctx->Xi); +#else GCM_MUL(ctx); +#endif ctx->ares = 0; } @@ -1397,30 +1513,51 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, else ctr = ctx->Yi.d[3]; - n = ctx->mres; + n = mres % 16; if (n) { +# if defined(GHASH) + while (n && len) { + ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n]; + --len; + n = (n + 1) % 16; + } + if (n == 0) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } else { + ctx->mres = mres; + return 0; + } +# else while (n && len) { ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; --len; n = (n + 1) % 16; } - if (n == 0) + if (n == 0) { GCM_MUL(ctx); - else { + mres = 0; + } else { ctx->mres = n; return 0; } +# endif } -# if defined(GHASH) && defined(GHASH_CHUNK) +# if defined(GHASH) + if (len >= 16 && mres) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } +# if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; if (is_endian.little) -# ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +# else PUTU32(ctx->Yi.c + 12, ctr); -# endif +# endif else ctx->Yi.d[3] = ctr; GHASH(ctx, out, GHASH_CHUNK); @@ -1428,6 +1565,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, in += GHASH_CHUNK; len -= GHASH_CHUNK; } +# endif # endif if ((i = (len & (size_t)-16))) { size_t j = i / 16; @@ -1468,12 +1606,16 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; while (len--) { - ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n]; +# if defined(GHASH) + ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n]; +# else + ctx->Xi.c[mres++] ^= out[n] = in[n] ^ ctx->EKi.c[n]; +# endif ++n; } } - ctx->mres = n; + ctx->mres = mres; return 0; #endif } @@ -1489,7 +1631,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, long one; char little; } is_endian = { 1 }; - unsigned int n, ctr; + unsigned int n, ctr, mres; size_t i; u64 mlen = ctx->len.u[1]; void *key = ctx->key; @@ -1506,9 +1648,23 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, return -1; ctx->len.u[1] = mlen; + mres = ctx->mres; + if (ctx->ares) { /* First call to decrypt finalizes GHASH(AAD) */ +# if defined(GHASH) + if (len == 0) { + GCM_MUL(ctx); + ctx->ares = 0; + return 0; + } + memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + mres = sizeof(ctx->Xi); +# else GCM_MUL(ctx); +# endif ctx->ares = 0; } @@ -1521,8 +1677,22 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, else ctr = ctx->Yi.d[3]; - n = ctx->mres; + n = mres % 16; if (n) { +# if defined(GHASH) + while (n && len) { + *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n]; + --len; + n = (n + 1) % 16; + } + if (n == 0) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } else { + ctx->mres = mres; + return 0; + } +# else while (n && len) { u8 c = *(in++); *(out++) = c ^ ctx->EKi.c[n]; @@ -1530,30 +1700,38 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, --len; n = (n + 1) % 16; } - if (n == 0) + if (n == 0) { GCM_MUL(ctx); - else { + mres = 0; + } else { ctx->mres = n; return 0; } +# endif } -# if defined(GHASH) && defined(GHASH_CHUNK) +# if defined(GHASH) + if (len >= 16 && mres) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } +# if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { GHASH(ctx, in, GHASH_CHUNK); (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; if (is_endian.little) -# ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +# else PUTU32(ctx->Yi.c + 12, ctr); -# endif +# endif else ctx->Yi.d[3] = ctr; out += GHASH_CHUNK; in += GHASH_CHUNK; len -= GHASH_CHUNK; } +# endif # endif if ((i = (len & (size_t)-16))) { size_t j = i / 16; @@ -1597,14 +1775,18 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; while (len--) { +# if defined(GHASH) + out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n]; +# else u8 c = in[n]; - ctx->Xi.c[n] ^= c; + ctx->Xi.c[mres++] ^= c; out[n] = c ^ ctx->EKi.c[n]; +# endif ++n; } } - ctx->mres = n; + ctx->mres = mres; return 0; #endif } @@ -1620,10 +1802,32 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, u64 clen = ctx->len.u[1] << 3; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) = ctx->ghash; +# endif #endif +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + u128 bitlen; + unsigned int mres = ctx->mres; + + if (mres) { + unsigned blocks = (mres + 15) & -16; + + memset(ctx->Xn + mres, 0, blocks - mres); + mres = blocks; + if (mres == sizeof(ctx->Xn)) { + GHASH(ctx, ctx->Xn, mres); + mres = 0; + } + } else if (ctx->ares) { + GCM_MUL(ctx); + } +#else if (ctx->mres || ctx->ares) GCM_MUL(ctx); +#endif if (is_endian.little) { #ifdef BSWAP8 @@ -1640,9 +1844,17 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, #endif } +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + bitlen.hi = alen; + bitlen.lo = clen; + memcpy(ctx->Xn + mres, &bitlen, sizeof(bitlen)); + mres += sizeof(bitlen); + GHASH(ctx, ctx->Xn, mres); +#else ctx->Xi.u[0] ^= alen; ctx->Xi.u[1] ^= clen; GCM_MUL(ctx); +#endif ctx->Xi.u[0] ^= ctx->EK0.u[0]; ctx->Xi.u[1] ^= ctx->EK0.u[1]; diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h index 16dcf4e..fa85460 100644 --- a/crypto/modes/modes_lcl.h +++ b/crypto/modes/modes_lcl.h @@ -128,6 +128,9 @@ struct gcm128_context { unsigned int mres, ares; block128_f block; void *key; +#if !defined(OPENSSL_SMALL_FOOTPRINT) + unsigned char Xn[48]; +#endif }; struct xts128_context { diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl index 513d005..6423e80 100644 --- a/crypto/x86_64cpuid.pl +++ b/crypto/x86_64cpuid.pl @@ -271,6 +271,18 @@ CRYPTO_memcmp: xor %r10,%r10 cmp \$0,$arg3 je .Lno_data + cmp \$16,$arg3 + jne .Loop_cmp + mov ($arg1),%r10 + mov 8($arg1),%r11 + mov \$1,$arg3 + xor ($arg2),%r10 + xor 8($arg2),%r11 + or %r11,%r10 + cmovnz $arg3,%rax + ret + +.align 16 .Loop_cmp: mov ($arg1),%r10b lea 1($arg1),$arg1 From appro at openssl.org Sun Jun 3 19:20:54 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 03 Jun 2018 19:20:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528053654.121231.18647.nullmailer@dev.openssl.org> The branch master has been updated via c4d9ef4cc5bf1c48a74b64879622ae9fd6f26b03 (commit) via 1a467bd12f20928f3d5e6809b5f9394dbe606541 (commit) via 41013cd63c068e2f271fabc92702ee67d800f0cb (commit) from 9a708bf982da1d2c9739339d16d7b021da955e00 (commit) - Log ----------------------------------------------------------------- commit c4d9ef4cc5bf1c48a74b64879622ae9fd6f26b03 Author: Andy Polyakov Date: Sat Jun 2 15:25:50 2018 +0200 sha/asm/sha512p8-ppc.pl: improve POWER9 performance by ~10%. Biggest part, ~7%, of improvement resulted from omitting constants' table index increment in each round. And minor part from rescheduling instructions. Apparently POWER9 (and POWER8) manage to dispatch instructions more efficiently if they are laid down as if they have no latency... Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6406) commit 1a467bd12f20928f3d5e6809b5f9394dbe606541 Author: Andy Polyakov Date: Sat Jun 2 14:14:28 2018 +0200 chacha/asm/chacha-ppc.pl: improve POWER8 performance by 15%. This comes at cost of minor 2.5% regression on G4, which is reasonable trade-off. [Further improve compliance with ABI requirements.] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6406) commit 41013cd63c068e2f271fabc92702ee67d800f0cb Author: Andy Polyakov Date: Sat Jun 2 14:03:27 2018 +0200 PPC assembly pack: correct POWER9 results. As it turns out originally published results were skewed by "turbo" mode. VM apparently remains oblivious to dynamic frequency scaling, and reports that processor operates at "base" frequency at all times. While actual frequency gets increased under load. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6406) ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aesp8-ppc.pl | 3 +- crypto/chacha/asm/chacha-ppc.pl | 74 ++++++++++++--------- crypto/modes/asm/ghashp8-ppc.pl | 2 +- crypto/poly1305/asm/poly1305-ppc.pl | 2 +- crypto/poly1305/asm/poly1305-ppcfp.pl | 1 - crypto/poly1305/poly1305_ieee754.c | 1 - crypto/sha/asm/keccak1600-ppc64.pl | 2 +- crypto/sha/asm/keccak1600p8-ppc.pl | 2 +- crypto/sha/asm/sha512p8-ppc.pl | 122 +++++++++++++++------------------- 9 files changed, 102 insertions(+), 107 deletions(-) diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl index 8670940..488b133 100755 --- a/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/aes/asm/aesp8-ppc.pl @@ -40,7 +40,8 @@ # CBC en-/decrypt CTR XTS # POWER8[le] 3.96/0.72 0.74 1.1 # POWER8[be] 3.75/0.65 0.66 1.0 -# POWER9[le] 3.05/0.65 0.65 0.80 +# POWER9[le] 4.02/0.86 0.84 1.05 +# POWER9[be] 3.99/0.78 0.79 0.97 $flavour = shift; diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl index 350d5fa..88746fe 100755 --- a/crypto/chacha/asm/chacha-ppc.pl +++ b/crypto/chacha/asm/chacha-ppc.pl @@ -23,11 +23,11 @@ # IALU/gcc-4.x 3xAltiVec+1xIALU # # Freescale e300 13.6/+115% - -# PPC74x0/G4e 6.81/+310% 3.72 +# PPC74x0/G4e 6.81/+310% 3.81 # PPC970/G5 9.29/+160% ? -# POWER7 8.62/+61% 3.38 -# POWER8 8.70/+51% 3.36 -# POWER9 6.61/+29% 3.30(*) +# POWER7 8.62/+61% 3.35 +# POWER8 8.70/+51% 2.91 +# POWER9 8.80/+29% 4.44(*) # # (*) this is trade-off result, it's possible to improve it, but # then it would negatively affect all others; @@ -398,12 +398,12 @@ ___ my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2) = map("v$_",(0..11)); my @K = map("v$_",(12..17)); -my ($FOUR,$sixteen,$twenty4) = map("v$_",(18..20)); -my ($inpperm,$outperm,$outmask) = map("v$_",(21..23)); -my @D = map("v$_",(24..28)); +my ($FOUR,$sixteen,$twenty4) = map("v$_",(18..19,23)); +my ($inpperm,$outperm,$outmask) = map("v$_",(24..26)); +my @D = map("v$_",(27..31)); my ($twelve,$seven,$T0,$T1) = @D; -my $FRAME=$LOCALS+64+10*16+18*$SIZE_T; # 10*16 is for v20-v28 offload +my $FRAME=$LOCALS+64+10*16+18*$SIZE_T; # 10*16 is for v23-v31 offload sub VMXROUND { my $odd = pop; @@ -445,22 +445,22 @@ $code.=<<___; li r10,`15+$LOCALS+64` li r11,`31+$LOCALS+64` mfspr r12,256 - stvx v20,r10,$sp + stvx v23,r10,$sp addi r10,r10,32 - stvx v21,r11,$sp + stvx v24,r11,$sp addi r11,r11,32 - stvx v22,r10,$sp + stvx v25,r10,$sp addi r10,r10,32 - stvx v23,r11,$sp + stvx v26,r11,$sp addi r11,r11,32 - stvx v24,r10,$sp + stvx v27,r10,$sp addi r10,r10,32 - stvx v25,r11,$sp + stvx v28,r11,$sp addi r11,r11,32 - stvx v26,r10,$sp + stvx v29,r10,$sp addi r10,r10,32 - stvx v27,r11,$sp - stvx v28,r10,$sp + stvx v30,r11,$sp + stvx v31,r10,$sp stw r12,`$FRAME-$SIZE_T*18-4`($sp) # save vrsave $PUSH r14,`$FRAME-$SIZE_T*18`($sp) $PUSH r15,`$FRAME-$SIZE_T*17`($sp) @@ -480,7 +480,7 @@ $code.=<<___; $PUSH r29,`$FRAME-$SIZE_T*3`($sp) $PUSH r30,`$FRAME-$SIZE_T*2`($sp) $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - li r12,-8 + li r12,-4096+511 $PUSH r0, `$FRAME+$LRSAVE`($sp) mtspr 256,r12 # preserve 29 AltiVec registers @@ -588,9 +588,13 @@ ___ my @thread3=&ROUND(0,4,8,12); foreach (@thread0) { - eval; eval(shift(@thread3)); - eval(shift(@thread1)); eval(shift(@thread3)); - eval(shift(@thread2)); eval(shift(@thread3)); + eval; + eval(shift(@thread1)); + eval(shift(@thread2)); + + eval(shift(@thread3)); + eval(shift(@thread3)); + eval(shift(@thread3)); } foreach (@thread3) { eval; } @@ -600,9 +604,13 @@ ___ @thread3=&ROUND(0,5,10,15); foreach (@thread0) { - eval; eval(shift(@thread3)); - eval(shift(@thread1)); eval(shift(@thread3)); - eval(shift(@thread2)); eval(shift(@thread3)); + eval; + eval(shift(@thread1)); + eval(shift(@thread2)); + + eval(shift(@thread3)); + eval(shift(@thread3)); + eval(shift(@thread3)); } foreach (@thread3) { eval; } $code.=<<___; @@ -843,22 +851,22 @@ Ldone_vmx: li r10,`15+$LOCALS+64` li r11,`31+$LOCALS+64` mtspr 256,r12 # restore vrsave - lvx v20,r10,$sp + lvx v23,r10,$sp addi r10,r10,32 - lvx v21,r11,$sp + lvx v24,r11,$sp addi r11,r11,32 - lvx v22,r10,$sp + lvx v25,r10,$sp addi r10,r10,32 - lvx v23,r11,$sp + lvx v26,r11,$sp addi r11,r11,32 - lvx v24,r10,$sp + lvx v27,r10,$sp addi r10,r10,32 - lvx v25,r11,$sp + lvx v28,r11,$sp addi r11,r11,32 - lvx v26,r10,$sp + lvx v29,r10,$sp addi r10,r10,32 - lvx v27,r11,$sp - lvx v28,r10,$sp + lvx v30,r11,$sp + lvx v31,r10,$sp $POP r0, `$FRAME+$LRSAVE`($sp) $POP r14,`$FRAME-$SIZE_T*18`($sp) $POP r15,`$FRAME-$SIZE_T*17`($sp) diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl index 6df485e..6a2ac71 100755 --- a/crypto/modes/asm/ghashp8-ppc.pl +++ b/crypto/modes/asm/ghashp8-ppc.pl @@ -30,7 +30,7 @@ # 2x aggregated reduction improves performance by 50% (resulting # performance on POWER8 is 1 cycle per processed byte), and 4x # aggregated reduction - by 170% or 2.7x (resulting in 0.55 cpb). -# POWER9 delivers 0.40 cpb. +# POWER9 delivers 0.51 cpb. $flavour=shift; $output =shift; diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl index cb4ae23..0c6d015 100755 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ b/crypto/poly1305/asm/poly1305-ppc.pl @@ -28,7 +28,7 @@ # PPC970 7.00/+114% 3.51/+205% # POWER7 3.75/+260% 1.93/+100% # POWER8 - 2.03/+200% -# POWER9 - 1.56/+150% +# POWER9 - 2.00/+150% # # Do we need floating-point implementation for PPC? Results presented # in poly1305_ieee754.c are tricky to compare to, because they are for diff --git a/crypto/poly1305/asm/poly1305-ppcfp.pl b/crypto/poly1305/asm/poly1305-ppcfp.pl index 2abb8e2..09f8185 100755 --- a/crypto/poly1305/asm/poly1305-ppcfp.pl +++ b/crypto/poly1305/asm/poly1305-ppcfp.pl @@ -26,7 +26,6 @@ # PPC970 6.03/+80% # POWER7 3.50/+30% # POWER8 3.75/+10% -# POWER9 2.80/+12% $flavour = shift; diff --git a/crypto/poly1305/poly1305_ieee754.c b/crypto/poly1305/poly1305_ieee754.c index 1a06e03..995a02e 100644 --- a/crypto/poly1305/poly1305_ieee754.c +++ b/crypto/poly1305/poly1305_ieee754.c @@ -38,7 +38,6 @@ * POWER6 4.92 * POWER7 4.50 * POWER8 4.10 - * POWER9 3.14 * * z10 11.2 * z196+ 7.30 diff --git a/crypto/sha/asm/keccak1600-ppc64.pl b/crypto/sha/asm/keccak1600-ppc64.pl index bc1023e..30e70c5 100755 --- a/crypto/sha/asm/keccak1600-ppc64.pl +++ b/crypto/sha/asm/keccak1600-ppc64.pl @@ -30,7 +30,7 @@ # PPC970/G5 14.6/+120% # POWER7 10.3/+100% # POWER8 11.5/+85% -# POWER9 7.2/+45% +# POWER9 9.4/+45% # # (*) Corresponds to SHA3-256. Percentage after slash is improvement # over gcc-4.x-generated KECCAK_1X_ALT code. Newer compilers do diff --git a/crypto/sha/asm/keccak1600p8-ppc.pl b/crypto/sha/asm/keccak1600p8-ppc.pl index a0aeeb0..de2bcd6 100755 --- a/crypto/sha/asm/keccak1600p8-ppc.pl +++ b/crypto/sha/asm/keccak1600p8-ppc.pl @@ -23,7 +23,7 @@ # buffer for r=1088, which matches SHA3-256. This is 17% better than # scalar PPC64 code. It probably should be noted that if POWER8's # successor can achieve higher scalar instruction issue rate, then -# this module will loose... And it does on POWER9 with 8.8 vs. 7.2. +# this module will loose... And it does on POWER9 with 12.0 vs. 9.4. $flavour = shift; diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl index a33ae4d..e3f522c 100755 --- a/crypto/sha/asm/sha512p8-ppc.pl +++ b/crypto/sha/asm/sha512p8-ppc.pl @@ -37,8 +37,8 @@ # build of sha512-ppc.pl, presented for reference. # # POWER8 POWER9 -# SHA256 9.9 [15.8] 9.2 [9.3] -# SHA512 6.3 [10.3] 5.8 [5.9] +# SHA256 9.7 [15.8] 11.2 [12.5] +# SHA512 6.1 [10.3] 7.0 [7.9] $flavour=shift; $output =shift; @@ -79,7 +79,8 @@ if ($output =~ /512/) { } $func="sha${bits}_block_p8"; -$FRAME=8*$SIZE_T; +$LOCALS=8*$SIZE_T+8*16; +$FRAME=$LOCALS+9*16+6*$SIZE_T; $sp ="r1"; $toc="r2"; @@ -91,16 +92,17 @@ $idx="r7"; $lrsave="r8"; $offload="r11"; $vrsave="r12"; -($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,10,26..31)); - $x00=0 if ($flavour =~ /osx/); + at I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,10,26..31)); + $x00=0 if ($flavour =~ /osx/); @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7)); - at X=map("v$_",(8..23)); -($Ki,$Func,$S0,$S1,$s0,$s1,$lemask)=map("v$_",(24..31)); + at X=map("v$_",(8..19,24..27)); +($Ki,$Func,$Sigma,$lemask)=map("v$_",(28..31)); sub ROUND { my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; my $j=($i+1)%16; +my $k=($i+2)%8; $code.=<<___ if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1)); lvx_u @X[$i+1],0,$inp ; load X[i] in advance @@ -112,26 +114,30 @@ ___ $code.=<<___ if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0); vperm @X[$i], at X[$i], at X[$i],$lemask ___ +$code.=<<___ if ($i>=15); + vshasigma${sz} $Sigma, at X[($j+1)%16],0,0 + vaddu${sz}m @X[$j], at X[$j],$Sigma + vshasigma${sz} $Sigma, at X[($j+14)%16],0,15 + vaddu${sz}m @X[$j], at X[$j],$Sigma + vaddu${sz}m @X[$j], at X[$j], at X[($j+9)%16] +___ $code.=<<___; - `"vshasigma${sz} $s0, at X[($j+1)%16],0,0" if ($i>=15)` - vsel $Func,$g,$f,$e ; Ch(e,f,g) - vshasigma${sz} $S1,$e,1,15 ; Sigma1(e) vaddu${sz}m $h,$h, at X[$i%16] ; h+=X[i] - vshasigma${sz} $S0,$a,1,0 ; Sigma0(a) - `"vshasigma${sz} $s1, at X[($j+14)%16],0,15" if ($i>=15)` + vsel $Func,$g,$f,$e ; Ch(e,f,g) + vaddu${sz}m $g,$g,$Ki ; future h+=K[i] vaddu${sz}m $h,$h,$Func ; h+=Ch(e,f,g) + vshasigma${sz} $Sigma,$e,1,15 ; Sigma1(e) + vaddu${sz}m $h,$h,$Sigma ; h+=Sigma1(e) vxor $Func,$a,$b - `"vaddu${sz}m @X[$j], at X[$j], at X[($j+9)%16]" if ($i>=15)` - vaddu${sz}m $h,$h,$S1 ; h+=Sigma1(e) vsel $Func,$b,$c,$Func ; Maj(a,b,c) - vaddu${sz}m $g,$g,$Ki ; future h+=K[i] vaddu${sz}m $d,$d,$h ; d+=h - vaddu${sz}m $S0,$S0,$Func ; Sigma0(a)+Maj(a,b,c) - `"vaddu${sz}m @X[$j], at X[$j],$s0" if ($i>=15)` - lvx $Ki,$idx,$Tbl ; load next K[i] - addi $idx,$idx,16 - vaddu${sz}m $h,$h,$S0 ; h+=Sigma0(a)+Maj(a,b,c) - `"vaddu${sz}m @X[$j], at X[$j],$s1" if ($i>=15)` + vshasigma${sz} $Sigma,$a,1,0 ; Sigma0(a) + vaddu${sz}m $Sigma,$Sigma,$Func ; Sigma0(a)+Maj(a,b,c) + vaddu${sz}m $h,$h,$Sigma ; h+=Sigma0(a)+Maj(a,b,c) + lvx $Ki, at I[$k],$idx ; load next K[i] +___ +$code.=<<___ if ($k == 7); + addi $idx,$idx,0x80 ___ } @@ -142,21 +148,13 @@ $code=<<___; .globl $func .align 6 $func: - $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) + $STU $sp,-$FRAME($sp) mflr $lrsave - li r10,`$FRAME+8*16+15` - li r11,`$FRAME+8*16+31` - stvx v20,r10,$sp # ABI says so + li r10,`$LOCALS+15` + li r11,`$LOCALS+31` + stvx v24,r10,$sp # ABI says so addi r10,r10,32 mfspr $vrsave,256 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 stvx v25,r11,$sp addi r11,r11,32 stvx v26,r10,$sp @@ -169,26 +167,26 @@ $func: addi r11,r11,32 stvx v30,r10,$sp stvx v31,r11,$sp - li r11,-1 - stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave + li r11,-4096+255 + stw $vrsave,`$FRAME+6*$SIZE_T-4`($sp) # save vrsave li $x10,0x10 - $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) + $PUSH r26,`$FRAME-6*$SIZE_T`($sp) li $x20,0x20 - $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) + $PUSH r27,`$FRAME-5*$SIZE_T`($sp) li $x30,0x30 - $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) + $PUSH r28,`$FRAME-4*$SIZE_T`($sp) li $x40,0x40 - $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) + $PUSH r29,`$FRAME-3*$SIZE_T`($sp) li $x50,0x50 - $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) + $PUSH r30,`$FRAME-2*$SIZE_T`($sp) li $x60,0x60 - $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) + $PUSH r31,`$FRAME-1*$SIZE_T`($sp) li $x70,0x70 - $PUSH $lrsave,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp) + $PUSH $lrsave,`$FRAME+$LRSAVE`($sp) mtspr 256,r11 bl LPICmeup - addi $offload,$sp,$FRAME+15 + addi $offload,$sp,`8*$SIZE_T+15` ___ $code.=<<___ if ($LENDIAN); li $idx,8 @@ -222,9 +220,9 @@ $code.=<<___; .align 5 Loop: lvx $Ki,$x00,$Tbl - li $idx,16 lvx_u @X[0],0,$inp addi $inp,$inp,16 + mr $idx,$Tbl # copy $Tbl stvx $A,$x00,$offload # offload $A-$H stvx $B,$x10,$offload stvx $C,$x20,$offload @@ -234,8 +232,7 @@ Loop: stvx $G,$x60,$offload stvx $H,$x70,$offload vaddu${sz}m $H,$H,$Ki # h+K[i] - lvx $Ki,$idx,$Tbl - addi $idx,$idx,16 + lvx $Ki,$x10,$Tbl ___ for ($i=0;$i<16;$i++) { &ROUND($i, at V); unshift(@V,pop(@V)); } $code.=<<___; @@ -268,10 +265,9 @@ $code.=<<___; bne Loop ___ $code.=<<___ if ($SZ==4); - lvx @X[0],$idx,$Tbl - addi $idx,$idx,16 + lvx @X[0],$x20,$idx vperm $A,$A,$B,$Ki # pack the answer - lvx @X[1],$idx,$Tbl + lvx @X[1],$x30,$idx vperm $E,$E,$F,$Ki vperm $A,$A,$C, at X[0] vperm $E,$E,$G, at X[0] @@ -291,19 +287,11 @@ $code.=<<___ if ($SZ==8); stvx_u $G,$x30,$ctx ___ $code.=<<___; - li r10,`$FRAME+8*16+15` + li r10,`$LOCALS+15` mtlr $lrsave - li r11,`$FRAME+8*16+31` + li r11,`$LOCALS+31` mtspr 256,$vrsave - lvx v20,r10,$sp # ABI says so - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp + lvx v24,r10,$sp # ABI says so addi r10,r10,32 lvx v25,r11,$sp addi r11,r11,32 @@ -317,13 +305,13 @@ $code.=<<___; addi r11,r11,32 lvx v30,r10,$sp lvx v31,r11,$sp - $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) - $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) - $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) - $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) - $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) - $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) - addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` + $POP r26,`$FRAME-6*$SIZE_T`($sp) + $POP r27,`$FRAME-5*$SIZE_T`($sp) + $POP r28,`$FRAME-4*$SIZE_T`($sp) + $POP r29,`$FRAME-3*$SIZE_T`($sp) + $POP r30,`$FRAME-2*$SIZE_T`($sp) + $POP r31,`$FRAME-1*$SIZE_T`($sp) + addi $sp,$sp,$FRAME blr .long 0 .byte 0,12,4,1,0x80,6,3,0 From no-reply at appveyor.com Mon Jun 4 10:04:49 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 Jun 2018 10:04:49 +0000 Subject: [openssl-commits] Build failed: openssl master.18293 Message-ID: <20180604100449.1.4777227210C55553@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jun 4 10:20:50 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 Jun 2018 10:20:50 +0000 Subject: [openssl-commits] Build failed: openssl master.18294 Message-ID: <20180604102050.1.4E9D22D399A78153@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jun 4 10:33:38 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 Jun 2018 10:33:38 +0000 Subject: [openssl-commits] Build failed: openssl master.18295 Message-ID: <20180604103338.1.024660FB879685E6@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Mon Jun 4 11:04:13 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 04 Jun 2018 11:04:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528110253.844207.13548.nullmailer@dev.openssl.org> The branch master has been updated via 722add716bce487f5818cc57cb594fd526454b70 (commit) via 2167239abaec5fa44072fa1194505af0b3fced89 (commit) via 206521a06efe10d1eafac5b313ce42850fd75136 (commit) via 245be5304d7c8e4a4345c971791cbf03cb5ca603 (commit) via e14d6cf691c9d8ad49df280b580b6836a67c6a19 (commit) via 44d3845d8967c66a87e4d7628552e2bfd45ac344 (commit) via 266291aa8dc203c6791cc94b617323d4b04d7094 (commit) via 2398404e007a3d94a1be9db1574007b4242f4f9a (commit) via e425f90fffd33786b6d45b46b67dc8bb61baecc7 (commit) from c4d9ef4cc5bf1c48a74b64879622ae9fd6f26b03 (commit) - Log ----------------------------------------------------------------- commit 722add716bce487f5818cc57cb594fd526454b70 Author: Matt Caswell Date: Thu May 31 16:30:33 2018 +0100 Rebuild error codes There were a large number of error codes that were unused (probably a copy&paste from somewhere else). Since these have never been made public we should remove then and rebuild the error codes. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6386) commit 2167239abaec5fa44072fa1194505af0b3fced89 Author: Matt Caswell Date: Thu May 31 15:53:30 2018 +0100 Use lowercase for internal SM2 symbols Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6386) commit 206521a06efe10d1eafac5b313ce42850fd75136 Author: Matt Caswell Date: Thu May 31 15:38:36 2018 +0100 Remove non-existant functions from libcrypto.num These were never made public so can just be deleted. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6386) commit 245be5304d7c8e4a4345c971791cbf03cb5ca603 Author: Matt Caswell Date: Thu May 31 14:43:14 2018 +0100 More more on SM2 error codes and tidy up Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6386) commit e14d6cf691c9d8ad49df280b580b6836a67c6a19 Author: Matt Caswell Date: Thu May 31 13:49:47 2018 +0100 Improve use of the test framework in the SM2 internal tests Also general clean up of those tests Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6386) commit 44d3845d8967c66a87e4d7628552e2bfd45ac344 Author: Matt Caswell Date: Thu May 31 13:10:12 2018 +0100 Further work on SM2 error codes Also does some reformatting to tidy things up Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6386) commit 266291aa8dc203c6791cc94b617323d4b04d7094 Author: Matt Caswell Date: Thu May 31 13:09:39 2018 +0100 Add test recipes for internal SM2 tests Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6386) commit 2398404e007a3d94a1be9db1574007b4242f4f9a Author: Jack Lloyd Date: Thu May 17 16:08:33 2018 -0400 Set SM2 error codes Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6386) commit e425f90fffd33786b6d45b46b67dc8bb61baecc7 Author: Jack Lloyd Date: Fri Apr 6 09:45:41 2018 -0400 Make SM2 functions private Address issue #5670 Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6386) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_pmeth.c | 26 +- crypto/err/openssl.ec | 2 +- crypto/err/openssl.txt | 81 +---- {include/openssl => crypto/include/internal}/sm2.h | 26 +- crypto/include/internal/sm2err.h | 48 +++ crypto/sm2/sm2_crypt.c | 274 +++++++++------- crypto/sm2/sm2_err.c | 101 +----- crypto/sm2/sm2_sign.c | 257 +++++++++------ crypto/sm2/sm2_za.c | 111 +++---- include/openssl/sm2err.h | 95 ------ test/build.info | 16 +- ...-test_internal_sm4.t => 03-test_internal_sm2.t} | 5 +- test/sm2_internal_test.c | 364 +++++++++++++++++++++ test/sm2crypttest.c | 254 -------------- test/sm2sigtest.c | 238 -------------- util/libcrypto.num | 10 - 16 files changed, 844 insertions(+), 1064 deletions(-) rename {include/openssl => crypto/include/internal}/sm2.h (75%) create mode 100644 crypto/include/internal/sm2err.h delete mode 100644 include/openssl/sm2err.h copy test/recipes/{03-test_internal_sm4.t => 03-test_internal_sm2.t} (77%) create mode 100644 test/sm2_internal_test.c delete mode 100644 test/sm2crypttest.c delete mode 100644 test/sm2sigtest.c diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index b4105c2..0187adf 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -17,7 +17,7 @@ #include "internal/evp_int.h" #if !defined(OPENSSL_NO_SM2) -# include +# include "internal/sm2.h" #endif /* EC pkey context structure */ @@ -126,7 +126,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, #if defined(OPENSSL_NO_SM2) return -1; #else - ret = SM2_sign(type, tbs, tbslen, sig, &sltmp, ec); + ret = sm2_sign(type, tbs, tbslen, sig, &sltmp, ec); #endif } else { ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); @@ -156,7 +156,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, #if defined(OPENSSL_NO_SM2) ret = -1; #else - ret = SM2_verify(type, tbs, tbslen, sig, siglen, ec); + ret = sm2_verify(type, tbs, tbslen, sig, siglen, ec); #endif } else { ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); @@ -223,12 +223,14 @@ static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx, md_type = NID_sm3; if (out == NULL) { - *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type), - inlen); - ret = 1; + if (!sm2_ciphertext_size(ec, EVP_get_digestbynid(md_type), inlen, + outlen)) + ret = -1; + else + ret = 1; } else { - ret = SM2_encrypt(ec, EVP_get_digestbynid(md_type), + ret = sm2_encrypt(ec, EVP_get_digestbynid(md_type), in, inlen, out, outlen); } # endif @@ -261,12 +263,14 @@ static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx, md_type = NID_sm3; if (out == NULL) { - *outlen = SM2_plaintext_size(ec, EVP_get_digestbynid(md_type), - inlen); - ret = 1; + if (!sm2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen, + outlen)) + ret = -1; + else + ret = 1; } else { - ret = SM2_decrypt(ec, EVP_get_digestbynid(md_type), + ret = sm2_decrypt(ec, EVP_get_digestbynid(md_type), in, inlen, out, outlen); } # endif diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index f45e230..7fc5788 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -32,7 +32,7 @@ L CMS include/openssl/cms.h crypto/cms/cms_err.c L CT include/openssl/ct.h crypto/ct/ct_err.c L ASYNC include/openssl/async.h crypto/async/async_err.c L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c -L SM2 include/openssl/sm2.h crypto/sm2/sm2_err.c +L SM2 crypto/include/internal/sm2.h crypto/sm2/sm2_err.c L OSSL_STORE include/openssl/store.h crypto/store/store_err.c # additional header files to be scanned for function names diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 62e798a..afd7e38 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1063,11 +1063,15 @@ RSA_F_RSA_VERIFY:119:RSA_verify RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1 RSA_F_SETUP_TBUF:167:setup_tbuf -SM2_F_PKEY_SM2_CTRL:274:pkey_sm2_ctrl -SM2_F_PKEY_SM2_CTRL_STR:275:pkey_sm2_ctrl_str -SM2_F_PKEY_SM2_KEYGEN:276:pkey_sm2_keygen -SM2_F_PKEY_SM2_PARAMGEN:277:pkey_sm2_paramgen -SM2_F_PKEY_SM2_SIGN:278:pkey_sm2_sign +SM2_F_SM2_COMPUTE_MSG_HASH:100:sm2_compute_msg_hash +SM2_F_SM2_COMPUTE_USERID_DIGEST:101:sm2_compute_userid_digest +SM2_F_SM2_DECRYPT:102:sm2_decrypt +SM2_F_SM2_ENCRYPT:103:sm2_encrypt +SM2_F_SM2_PLAINTEXT_SIZE:104:sm2_plaintext_size +SM2_F_SM2_SIGN:105:sm2_sign +SM2_F_SM2_SIG_GEN:106:sm2_sig_gen +SM2_F_SM2_SIG_VERIFY:107:sm2_sig_verify +SM2_F_SM2_VERIFY:108:sm2_verify SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:* SSL_F_ADD_KEY_SHARE:512:add_key_share SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list @@ -2515,66 +2519,13 @@ RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type RSA_R_VALUE_MISSING:147:value missing RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length -SM2_R_ASN1_ERROR:115:asn1 error -SM2_R_ASN5_ERROR:1150:asn5 error -SM2_R_BAD_SIGNATURE:156:bad signature -SM2_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range -SM2_R_BUFFER_TOO_SMALL:100:buffer too small -SM2_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range -SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh -SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing -SM2_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure -SM2_R_DECODE_ERROR:142:decode error -SM2_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero -SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure -SM2_R_FIELD_TOO_LARGE:143:field too large -SM2_R_GF2M_NOT_SUPPORTED:147:gf2m not supported -SM2_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure -SM2_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure -SM2_R_INCOMPATIBLE_OBJECTS:101:incompatible objects -SM2_R_INVALID_ARGUMENT:112:invalid argument -SM2_R_INVALID_COMPRESSED_POINT:110:invalid compressed point -SM2_R_INVALID_COMPRESSION_BIT:109:invalid compression bit -SM2_R_INVALID_CURVE:141:invalid curve -SM2_R_INVALID_DIGEST:151:invalid digest -SM2_R_INVALID_DIGEST_TYPE:138:invalid digest type -SM2_R_INVALID_ENCODING:102:invalid encoding -SM2_R_INVALID_FIELD:103:invalid field -SM2_R_INVALID_FORM:104:invalid form -SM2_R_INVALID_GROUP_ORDER:122:invalid group order -SM2_R_INVALID_KEY:116:invalid key -SM2_R_INVALID_OUTPUT_LENGTH:161:invalid output length -SM2_R_INVALID_PEER_KEY:133:invalid peer key -SM2_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis -SM2_R_INVALID_PRIVATE_KEY:123:invalid private key -SM2_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis -SM2_R_KDF_PARAMETER_ERROR:148:kdf parameter error -SM2_R_KEYS_NOT_SET:140:keys not set -SM2_R_MISSING_PARAMETERS:124:missing parameters -SM2_R_MISSING_PRIVATE_KEY:125:missing private key -SM2_R_NEED_NEW_SETUP_VALUES:157:need new setup values -SM2_R_NOT_A_NIST_PRIME:135:not a NIST prime -SM2_R_NOT_IMPLEMENTED:126:not implemented -SM2_R_NOT_INITIALIZED:111:not initialized -SM2_R_NO_PARAMETERS_SET:139:no parameters set -SM2_R_NO_PRIVATE_VALUE:154:no private value -SM2_R_OPERATION_NOT_SUPPORTED:152:operation not supported -SM2_R_PASSED_NULL_PARAMETER:134:passed null parameter -SM2_R_PEER_KEY_ERROR:149:peer key error -SM2_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure -SM2_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure -SM2_R_POINT_AT_INFINITY:106:point at infinity -SM2_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve -SM2_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed -SM2_R_SHARED_INFO_ERROR:150:shared info error -SM2_R_SLOT_FULL:108:slot full -SM2_R_UNDEFINED_GENERATOR:113:undefined generator -SM2_R_UNDEFINED_ORDER:128:undefined order -SM2_R_UNKNOWN_GROUP:129:unknown group -SM2_R_UNKNOWN_ORDER:114:unknown order -SM2_R_UNSUPPORTED_FIELD:131:unsupported field -SM2_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters -SM2_R_WRONG_ORDER:130:wrong order +SM2_R_ASN1_ERROR:100:asn1 error +SM2_R_BAD_SIGNATURE:101:bad signature +SM2_R_INVALID_DIGEST:102:invalid digest +SM2_R_INVALID_DIGEST_TYPE:103:invalid digest type +SM2_R_INVALID_ENCODING:104:invalid encoding +SM2_R_INVALID_FIELD:105:invalid field +SM2_R_USER_ID_TOO_LARGE:106:user id too large SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\ attempt to reuse session in different context diff --git a/include/openssl/sm2.h b/crypto/include/internal/sm2.h similarity index 75% rename from include/openssl/sm2.h rename to crypto/include/internal/sm2.h index af24c01..e0e2d75 100644 --- a/include/openssl/sm2.h +++ b/crypto/include/internal/sm2.h @@ -24,7 +24,7 @@ extern "C" { /* The default user id as specified in GM/T 0009-2012 */ # define SM2_DEFAULT_USERID "1234567812345678" -int SM2_compute_userid_digest(uint8_t *out, +int sm2_compute_userid_digest(uint8_t *out, const EVP_MD *digest, const char *user_id, const EC_KEY *key); @@ -32,11 +32,11 @@ int SM2_compute_userid_digest(uint8_t *out, * SM2 signature operation. Computes ZA (user id digest) and then signs * H(ZA || msg) using SM2 */ -ECDSA_SIG *SM2_do_sign(const EC_KEY *key, +ECDSA_SIG *sm2_do_sign(const EC_KEY *key, const EVP_MD *digest, const char *user_id, const uint8_t *msg, size_t msg_len); -int SM2_do_verify(const EC_KEY *key, +int sm2_do_verify(const EC_KEY *key, const EVP_MD *digest, const ECDSA_SIG *signature, const char *user_id, const uint8_t *msg, size_t msg_len); @@ -44,40 +44,36 @@ int SM2_do_verify(const EC_KEY *key, /* * SM2 signature generation. Assumes input is an SM3 digest */ -int SM2_sign(int type, const unsigned char *dgst, int dgstlen, +int sm2_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); /* * SM2 signature verification. Assumes input is an SM3 digest */ -int SM2_verify(int type, const unsigned char *dgst, int dgstlen, +int sm2_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *eckey); /* * SM2 encryption */ -size_t SM2_ciphertext_size(const EC_KEY *key, - const EVP_MD *digest, - size_t msg_len); +int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *ct_size); -size_t SM2_plaintext_size(const EC_KEY *key, - const EVP_MD *digest, - size_t msg_len); +int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *pt_size); -int SM2_encrypt(const EC_KEY *key, +int sm2_encrypt(const EC_KEY *key, const EVP_MD *digest, const uint8_t *msg, size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len); -int SM2_decrypt(const EC_KEY *key, +int sm2_decrypt(const EC_KEY *key, const EVP_MD *digest, const uint8_t *ciphertext, size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len); -int ERR_load_SM2_strings(void); - # ifdef __cplusplus } # endif diff --git a/crypto/include/internal/sm2err.h b/crypto/include/internal/sm2err.h new file mode 100644 index 0000000..f2d60e1 --- /dev/null +++ b/crypto/include/internal/sm2err.h @@ -0,0 +1,48 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_SM2ERR_H +# define HEADER_SM2ERR_H + +# include + +# ifndef OPENSSL_NO_SM2 + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_SM2_strings(void); + +/* + * SM2 function codes. + */ +# define SM2_F_SM2_COMPUTE_MSG_HASH 100 +# define SM2_F_SM2_COMPUTE_USERID_DIGEST 101 +# define SM2_F_SM2_DECRYPT 102 +# define SM2_F_SM2_ENCRYPT 103 +# define SM2_F_SM2_PLAINTEXT_SIZE 104 +# define SM2_F_SM2_SIGN 105 +# define SM2_F_SM2_SIG_GEN 106 +# define SM2_F_SM2_SIG_VERIFY 107 +# define SM2_F_SM2_VERIFY 108 + +/* + * SM2 reason codes. + */ +# define SM2_R_ASN1_ERROR 100 +# define SM2_R_BAD_SIGNATURE 101 +# define SM2_R_INVALID_DIGEST 102 +# define SM2_R_INVALID_DIGEST_TYPE 103 +# define SM2_R_INVALID_ENCODING 104 +# define SM2_R_INVALID_FIELD 105 +# define SM2_R_USER_ID_TOO_LARGE 106 + +# endif +#endif diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index a31c40f..0fe1dd8 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -9,7 +9,9 @@ * https://www.openssl.org/source/license.html */ -#include +#include "internal/sm2.h" +#include "internal/sm2err.h" +#include #include #include #include @@ -35,7 +37,7 @@ ASN1_SEQUENCE(SM2_Ciphertext) = { IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext) -static size_t EC_field_size(const EC_GROUP *group) +static size_t ec_field_size(const EC_GROUP *group) { /* Is there some simpler way to do this? */ BIGNUM *p = BN_new(); @@ -57,31 +59,51 @@ static size_t EC_field_size(const EC_GROUP *group) return field_size; } -size_t SM2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len) +int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *pt_size) { - const size_t field_size = EC_field_size(EC_KEY_get0_group(key)); - const size_t md_size = EVP_MD_size(digest); - - const size_t overhead = 10 + 2 * field_size + md_size; - if(msg_len <= overhead) - return 0; - - return msg_len - overhead; + const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); + const int md_size = EVP_MD_size(digest); + size_t overhead; + + if (md_size < 0) { + SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST); + return 0; + } + if (field_size == 0) { + SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD); + return 0; + } + + overhead = 10 + 2 * field_size + (size_t)md_size; + if (msg_len <= overhead) { + SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING); + return 0; + } + + *pt_size = msg_len - overhead; + return 1; } -size_t SM2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len) +int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *ct_size) { - const size_t field_size = EC_field_size(EC_KEY_get0_group(key)); - const size_t md_size = EVP_MD_size(digest); - return 10 + 2 * field_size + md_size + msg_len; + const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); + const int md_size = EVP_MD_size(digest); + + if (field_size == 0 || md_size < 0) + return 0; + + *ct_size = 10 + 2 * field_size + (size_t)md_size + msg_len; + return 1; } -int SM2_encrypt(const EC_KEY *key, +int sm2_encrypt(const EC_KEY *key, const EVP_MD *digest, const uint8_t *msg, size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len) { - int rc = 0; + int rc = 0, ciphertext_leni; size_t i; BN_CTX *ctx = NULL; BIGNUM *k = NULL; @@ -89,9 +111,7 @@ int SM2_encrypt(const EC_KEY *key, BIGNUM *y1 = NULL; BIGNUM *x2 = NULL; BIGNUM *y2 = NULL; - EVP_MD_CTX *hash = EVP_MD_CTX_new(); - struct SM2_Ciphertext_st ctext_struct; const EC_GROUP *group = EC_KEY_get0_group(key); const BIGNUM *order = EC_GROUP_get0_order(group); @@ -99,24 +119,32 @@ int SM2_encrypt(const EC_KEY *key, EC_POINT *kG = NULL; EC_POINT *kP = NULL; uint8_t *msg_mask = NULL; - uint8_t *x2y2 = NULL; uint8_t *C3 = NULL; - - const size_t field_size = EC_field_size(group); + const size_t field_size = ec_field_size(group); const size_t C3_size = EVP_MD_size(digest); - if (field_size == 0 || C3_size == 0) - goto done; + /* NULL these before any "goto done" */ + ctext_struct.C2 = NULL; + ctext_struct.C3 = NULL; + + if (hash == NULL + || group == NULL + || order == NULL + || P == NULL + || field_size == 0 + || C3_size == 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } kG = EC_POINT_new(group); kP = EC_POINT_new(group); - if (kG == NULL || kP == NULL) - goto done; - ctx = BN_CTX_new(); - if (ctx == NULL) - goto done; + if (kG == NULL || kP == NULL || ctx == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } BN_CTX_start(ctx); k = BN_CTX_get(ctx); @@ -125,76 +153,93 @@ int SM2_encrypt(const EC_KEY *key, y1 = BN_CTX_get(ctx); y2 = BN_CTX_get(ctx); - if (y2 == NULL) - goto done; + if (y2 == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_BN_LIB); + goto done; + } x2y2 = OPENSSL_zalloc(2 * field_size); C3 = OPENSSL_zalloc(C3_size); - if (x2y2 == NULL || C3 == NULL) - goto done; + if (x2y2 == NULL || C3 == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } memset(ciphertext_buf, 0, *ciphertext_len); - BN_priv_rand_range(k, order); - - if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0) - goto done; - - if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, y1, ctx) == 0) + if (!BN_priv_rand_range(k, order)) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); goto done; + } - if (EC_POINT_mul(group, kP, NULL, P, k, ctx) == 0) + if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) + || !EC_POINT_get_affine_coordinates_GFp(group, kG, x1, y1, ctx) + || !EC_POINT_mul(group, kP, NULL, P, k, ctx) + || !EC_POINT_get_affine_coordinates_GFp(group, kP, x2, y2, ctx)) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB); goto done; + } - if (EC_POINT_get_affine_coordinates_GFp(group, kP, x2, y2, ctx) == 0) + if (BN_bn2binpad(x2, x2y2, field_size) < 0 + || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); goto done; - - BN_bn2binpad(x2, x2y2, field_size); - BN_bn2binpad(y2, x2y2 + field_size, field_size); + } msg_mask = OPENSSL_zalloc(msg_len); - if (msg_mask == NULL) + if (msg_mask == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE); goto done; + } /* X9.63 with no salt happens to match the KDF used in SM2 */ - if (ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest) - == 0) + if (!ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, + digest)) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB); goto done; + } for (i = 0; i != msg_len; ++i) msg_mask[i] ^= msg[i]; - if (EVP_DigestInit(hash, digest) == 0) - goto done; - - if (EVP_DigestUpdate(hash, x2y2, field_size) == 0) - goto done; - - if (EVP_DigestUpdate(hash, msg, msg_len) == 0) - goto done; - - if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0) - goto done; - - if (EVP_DigestFinal(hash, C3, NULL) == 0) + if (EVP_DigestInit(hash, digest) == 0 + || EVP_DigestUpdate(hash, x2y2, field_size) == 0 + || EVP_DigestUpdate(hash, msg, msg_len) == 0 + || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0 + || EVP_DigestFinal(hash, C3, NULL) == 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB); goto done; + } ctext_struct.C1x = x1; ctext_struct.C1y = y1; ctext_struct.C3 = ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size); ctext_struct.C2 = ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len); - *ciphertext_len = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf); + if (ctext_struct.C3 == NULL || ctext_struct.C2 == NULL) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } + if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size) + || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } - ASN1_OCTET_STRING_free(ctext_struct.C2); - ASN1_OCTET_STRING_free(ctext_struct.C3); + ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf); + /* Ensure cast to size_t is safe */ + if (ciphertext_leni < 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + *ciphertext_len = (size_t)ciphertext_leni; rc = 1; done: + ASN1_OCTET_STRING_free(ctext_struct.C2); + ASN1_OCTET_STRING_free(ctext_struct.C3); OPENSSL_free(msg_mask); OPENSSL_free(x2y2); OPENSSL_free(C3); @@ -205,27 +250,23 @@ int SM2_encrypt(const EC_KEY *key, return rc; } -int SM2_decrypt(const EC_KEY *key, +int sm2_decrypt(const EC_KEY *key, const EVP_MD *digest, const uint8_t *ciphertext, size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len) { int rc = 0; int i; - BN_CTX *ctx = NULL; const EC_GROUP *group = EC_KEY_get0_group(key); EC_POINT *C1 = NULL; struct SM2_Ciphertext_st *sm2_ctext = NULL; BIGNUM *x2 = NULL; BIGNUM *y2 = NULL; - uint8_t *x2y2 = NULL; uint8_t *computed_C3 = NULL; - - const size_t field_size = EC_field_size(group); + const size_t field_size = ec_field_size(group); const int hash_size = EVP_MD_size(digest); - uint8_t *msg_mask = NULL; const uint8_t *C2 = NULL; const uint8_t *C3 = NULL; @@ -239,87 +280,94 @@ int SM2_decrypt(const EC_KEY *key, sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len); - if (sm2_ctext == NULL) + if (sm2_ctext == NULL) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_ASN1_ERROR); goto done; + } - if (sm2_ctext->C3->length != hash_size) + if (sm2_ctext->C3->length != hash_size) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_ENCODING); goto done; + } C2 = sm2_ctext->C2->data; C3 = sm2_ctext->C3->data; msg_len = sm2_ctext->C2->length; ctx = BN_CTX_new(); - if (ctx == NULL) - goto done; + if (ctx == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE); + goto done; + } BN_CTX_start(ctx); x2 = BN_CTX_get(ctx); y2 = BN_CTX_get(ctx); - if(y2 == NULL) - goto done; + if (y2 == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_BN_LIB); + goto done; + } msg_mask = OPENSSL_zalloc(msg_len); x2y2 = OPENSSL_zalloc(2 * field_size); computed_C3 = OPENSSL_zalloc(hash_size); - if(msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL) - goto done; - - C1 = EC_POINT_new(group); - if (C1 == NULL) - goto done; - - if (EC_POINT_set_affine_coordinates_GFp - (group, C1, sm2_ctext->C1x, sm2_ctext->C1y, ctx) == 0) + if (msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE); goto done; + } - if (EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), ctx) == - 0) + C1 = EC_POINT_new(group); + if (C1 == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE); goto done; - - if (EC_POINT_get_affine_coordinates_GFp(group, C1, x2, y2, ctx) == 0) + } + + if (!EC_POINT_set_affine_coordinates_GFp(group, C1, sm2_ctext->C1x, + sm2_ctext->C1y, ctx) + || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), + ctx) + || !EC_POINT_get_affine_coordinates_GFp(group, C1, x2, y2, ctx)) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB); goto done; + } - BN_bn2binpad(x2, x2y2, field_size); - BN_bn2binpad(y2, x2y2 + field_size, field_size); - - if (ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest) - == 0) + if (BN_bn2binpad(x2, x2y2, field_size) < 0 + || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0 + || !ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, + digest)) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR); goto done; + } for (i = 0; i != msg_len; ++i) ptext_buf[i] = C2[i] ^ msg_mask[i]; hash = EVP_MD_CTX_new(); - - if (hash == NULL) - goto done; - - if (EVP_DigestInit(hash, digest) == 0) + if (hash == NULL) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE); goto done; - - if (EVP_DigestUpdate(hash, x2y2, field_size) == 0) - goto done; - - if (EVP_DigestUpdate(hash, ptext_buf, msg_len) == 0) - goto done; - - if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0) - goto done; - - if (EVP_DigestFinal(hash, computed_C3, NULL) == 0) + } + + if (!EVP_DigestInit(hash, digest) + || !EVP_DigestUpdate(hash, x2y2, field_size) + || !EVP_DigestUpdate(hash, ptext_buf, msg_len) + || !EVP_DigestUpdate(hash, x2y2 + field_size, field_size) + || !EVP_DigestFinal(hash, computed_C3, NULL)) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB); goto done; + } - if (memcmp(computed_C3, C3, hash_size) != 0) + if (CRYPTO_memcmp(computed_C3, C3, hash_size) != 0) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_DIGEST); goto done; + } rc = 1; *ptext_len = msg_len; done: - if (rc == 0) memset(ptext_buf, 0, *ptext_len); diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c index 0c051f6..e36975f 100644 --- a/crypto/sm2/sm2_err.c +++ b/crypto/sm2/sm2_err.c @@ -9,109 +9,34 @@ */ #include -#include +#include "internal/sm2err.h" #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA SM2_str_functs[] = { - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_KEYGEN, 0), "pkey_sm2_keygen"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_PARAMGEN, 0), "pkey_sm2_paramgen"}, - {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0), + "sm2_compute_msg_hash"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_USERID_DIGEST, 0), + "sm2_compute_userid_digest"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_DECRYPT, 0), "sm2_decrypt"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_ENCRYPT, 0), "sm2_encrypt"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_PLAINTEXT_SIZE, 0), "sm2_plaintext_size"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIGN, 0), "sm2_sign"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_GEN, 0), "sm2_sig_gen"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_VERIFY, 0), "sm2_sig_verify"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_VERIFY, 0), "sm2_verify"}, {0, NULL} }; static const ERR_STRING_DATA SM2_str_reasons[] = { {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN5_ERROR), "asn5 error"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BIGNUM_OUT_OF_RANGE), - "bignum out of range"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_COORDINATES_OUT_OF_RANGE), - "coordinates out of range"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH), - "curve does not support ecdh"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING), - "curve does not support signing"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_D2I_ECPKPARAMETERS_FAILURE), - "d2i ecpkparameters failure"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DISCRIMINANT_IS_ZERO), - "discriminant is zero"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE), - "ec group new by name failure"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_FIELD_TOO_LARGE), "field too large"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_GF2M_NOT_SUPPORTED), "gf2m not supported"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_GROUP2PKPARAMETERS_FAILURE), - "group2pkparameters failure"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_I2D_ECPKPARAMETERS_FAILURE), - "i2d ecpkparameters failure"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INCOMPATIBLE_OBJECTS), - "incompatible objects"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ARGUMENT), "invalid argument"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_COMPRESSED_POINT), - "invalid compressed point"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_COMPRESSION_BIT), - "invalid compression bit"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE), "invalid digest type"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FORM), "invalid form"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_GROUP_ORDER), - "invalid group order"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_KEY), "invalid key"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_OUTPUT_LENGTH), - "invalid output length"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PEER_KEY), "invalid peer key"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PENTANOMIAL_BASIS), - "invalid pentanomial basis"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PRIVATE_KEY), - "invalid private key"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_TRINOMIAL_BASIS), - "invalid trinomial basis"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_KDF_PARAMETER_ERROR), - "kdf parameter error"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_KEYS_NOT_SET), "keys not set"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_MISSING_PRIVATE_KEY), - "missing private key"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NEED_NEW_SETUP_VALUES), - "need new setup values"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_A_NIST_PRIME), "not a NIST prime"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_IMPLEMENTED), "not implemented"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_INITIALIZED), "not initialized"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PRIVATE_VALUE), "no private value"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_OPERATION_NOT_SUPPORTED), - "operation not supported"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PASSED_NULL_PARAMETER), - "passed null parameter"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PKPARAMETERS2GROUP_FAILURE), - "pkparameters2group failure"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_ARITHMETIC_FAILURE), - "point arithmetic failure"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_AT_INFINITY), "point at infinity"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_IS_NOT_ON_CURVE), - "point is not on curve"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_RANDOM_NUMBER_GENERATION_FAILED), - "random number generation failed"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_SLOT_FULL), "slot full"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNDEFINED_GENERATOR), - "undefined generator"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNDEFINED_ORDER), "undefined order"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNKNOWN_GROUP), "unknown group"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNKNOWN_ORDER), "unknown order"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNSUPPORTED_FIELD), "unsupported field"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_WRONG_CURVE_PARAMETERS), - "wrong curve parameters"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_WRONG_ORDER), "wrong order"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"}, {0, NULL} }; diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index e12eca1..4ca0ca8 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -9,44 +9,51 @@ * https://www.openssl.org/source/license.html */ -#include +#include "internal/sm2.h" +#include "internal/sm2err.h" +#include #include +#include #include #include -static BIGNUM *compute_msg_hash(const EVP_MD *digest, - const EC_KEY *key, - const char *user_id, - const uint8_t *msg, size_t msg_len) +static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, + const EC_KEY *key, + const char *user_id, + const uint8_t *msg, size_t msg_len) { EVP_MD_CTX *hash = EVP_MD_CTX_new(); const int md_size = EVP_MD_size(digest); uint8_t *za = OPENSSL_zalloc(md_size); BIGNUM *e = NULL; - if (za == NULL) - goto done; - - if (hash == NULL) - goto done; - - if (SM2_compute_userid_digest(za, digest, user_id, key) == 0) - goto done; - - if (EVP_DigestInit(hash, digest) == 0) + if (hash == NULL || za == NULL) { + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE); goto done; + } - if (EVP_DigestUpdate(hash, za, md_size) == 0) + if (md_size < 0) { + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST); goto done; + } - if (EVP_DigestUpdate(hash, msg, msg_len) == 0) + if (!sm2_compute_userid_digest(za, digest, user_id, key)) { + /* SM2err already called */ goto done; + } - /* reuse za buffer to hold H(ZA || M) */ - if (EVP_DigestFinal(hash, za, NULL) == 0) + if (!EVP_DigestInit(hash, digest) + || !EVP_DigestUpdate(hash, za, md_size) + || !EVP_DigestUpdate(hash, msg, msg_len) + /* reuse za buffer to hold H(ZA || M) */ + || !EVP_DigestFinal(hash, za, NULL)) { + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB); goto done; + } e = BN_bin2bn(za, md_size, NULL); + if (e == NULL) + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR); done: OPENSSL_free(za); @@ -54,13 +61,11 @@ static BIGNUM *compute_msg_hash(const EVP_MD *digest, return e; } -static -ECDSA_SIG *SM2_sig_gen(const EC_KEY *key, const BIGNUM *e) +static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) { const BIGNUM *dA = EC_KEY_get0_private_key(key); const EC_GROUP *group = EC_KEY_get0_group(key); const BIGNUM *order = EC_GROUP_get0_order(group); - ECDSA_SIG *sig = NULL; EC_POINT *kG = NULL; BN_CTX *ctx = NULL; @@ -72,63 +77,75 @@ ECDSA_SIG *SM2_sig_gen(const EC_KEY *key, const BIGNUM *e) BIGNUM *tmp = NULL; kG = EC_POINT_new(group); - if (kG == NULL) - goto done; - ctx = BN_CTX_new(); - if (ctx == NULL) + if (kG == NULL || ctx == NULL) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE); goto done; + } - BN_CTX_start(ctx); + BN_CTX_start(ctx); k = BN_CTX_get(ctx); rk = BN_CTX_get(ctx); x1 = BN_CTX_get(ctx); tmp = BN_CTX_get(ctx); - - if (tmp == NULL) + if (tmp == NULL) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE); goto done; + } - /* These values are returned and so should not be allocated out of the context */ + /* + * These values are returned and so should not be allocated out of the + * context + */ r = BN_new(); s = BN_new(); - if (r == NULL || s == NULL) + if (r == NULL || s == NULL) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE); goto done; + } for (;;) { - BN_priv_rand_range(k, order); - - if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0) - goto done; - - if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, NULL, ctx) == 0) - goto done; - - if (BN_mod_add(r, e, x1, order, ctx) == 0) + if (!BN_priv_rand_range(k, order)) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR); + goto done; + } + + if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) + || !EC_POINT_get_affine_coordinates_GFp(group, kG, x1, NULL, + ctx) + || !BN_mod_add(r, e, x1, order, ctx)) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR); goto done; + } /* try again if r == 0 or r+k == n */ if (BN_is_zero(r)) continue; - BN_add(rk, r, k); + if (!BN_add(rk, r, k)) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR); + goto done; + } if (BN_cmp(rk, order) == 0) continue; - BN_add(s, dA, BN_value_one()); - BN_mod_inverse(s, s, order, ctx); - - BN_mod_mul(tmp, dA, r, order, ctx); - BN_sub(tmp, k, tmp); - - BN_mod_mul(s, s, tmp, order, ctx); + if (!BN_add(s, dA, BN_value_one()) + || !BN_mod_inverse(s, s, order, ctx) + || !BN_mod_mul(tmp, dA, r, order, ctx) + || !BN_sub(tmp, k, tmp) + || !BN_mod_mul(s, s, tmp, order, ctx)) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB); + goto done; + } sig = ECDSA_SIG_new(); - - if (sig == NULL) + if (sig == NULL) { + SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE); goto done; + } /* takes ownership of r and s */ ECDSA_SIG_set0(sig, r, s); @@ -136,7 +153,6 @@ ECDSA_SIG *SM2_sig_gen(const EC_KEY *key, const BIGNUM *e) } done: - if (sig == NULL) { BN_free(r); BN_free(s); @@ -145,74 +161,76 @@ ECDSA_SIG *SM2_sig_gen(const EC_KEY *key, const BIGNUM *e) BN_CTX_free(ctx); EC_POINT_free(kG); return sig; - } -static -int SM2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, const BIGNUM *e) +static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, + const BIGNUM *e) { int ret = 0; const EC_GROUP *group = EC_KEY_get0_group(key); const BIGNUM *order = EC_GROUP_get0_order(group); BN_CTX *ctx = NULL; EC_POINT *pt = NULL; - BIGNUM *t = NULL; BIGNUM *x1 = NULL; const BIGNUM *r = NULL; const BIGNUM *s = NULL; ctx = BN_CTX_new(); - if (ctx == NULL) - goto done; pt = EC_POINT_new(group); - if (pt == NULL) + if (ctx == NULL || pt == NULL) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE); goto done; + } BN_CTX_start(ctx); - t = BN_CTX_get(ctx); x1 = BN_CTX_get(ctx); - - if (x1 == NULL) + if (x1 == NULL) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE); goto done; + } /* - B1: verify whether r' in [1,n-1], verification failed if not - B2: vefify whether s' in [1,n-1], verification failed if not - B3: set M'~=ZA || M' - B4: calculate e'=Hv(M'~) - B5: calculate t = (r' + s') modn, verification failed if t=0 - B6: calculate the point (x1', y1')=[s']G + [t]PA - B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed + * B1: verify whether r' in [1,n-1], verification failed if not + * B2: vefify whether s' in [1,n-1], verification failed if not + * B3: set M'~=ZA || M' + * B4: calculate e'=Hv(M'~) + * B5: calculate t = (r' + s') modn, verification failed if t=0 + * B6: calculate the point (x1', y1')=[s']G + [t]PA + * B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed */ ECDSA_SIG_get0(sig, &r, &s); - if (BN_cmp(r, BN_value_one()) < 0) - goto done; - if (BN_cmp(s, BN_value_one()) < 0) - goto done; - - if (BN_cmp(order, r) <= 0) - goto done; - if (BN_cmp(order, s) <= 0) - goto done; - - if (BN_mod_add(t, r, s, order, ctx) == 0) + if (BN_cmp(r, BN_value_one()) < 0 + || BN_cmp(s, BN_value_one()) < 0 + || BN_cmp(order, r) <= 0 + || BN_cmp(order, s) <= 0) { + SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE); goto done; + } - if (BN_is_zero(t) == 1) + if (!BN_mod_add(t, r, s, order, ctx)) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB); goto done; + } - if (EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) == 0) + if (BN_is_zero(t)) { + SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE); goto done; + } - if (EC_POINT_get_affine_coordinates_GFp(group, pt, x1, NULL, ctx) == 0) + if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) + || !EC_POINT_get_affine_coordinates_GFp(group, pt, x1, NULL, ctx)) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB); goto done; + } - if (BN_mod_add(t, e, x1, order, ctx) == 0) + if (!BN_mod_add(t, e, x1, order, ctx)) { + SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB); goto done; + } if (BN_cmp(r, t) == 0) ret = 1; @@ -223,61 +241,74 @@ int SM2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, const BIGNUM *e) return ret; } -ECDSA_SIG *SM2_do_sign(const EC_KEY *key, +ECDSA_SIG *sm2_do_sign(const EC_KEY *key, const EVP_MD *digest, const char *user_id, const uint8_t *msg, size_t msg_len) { BIGNUM *e = NULL; ECDSA_SIG *sig = NULL; - e = compute_msg_hash(digest, key, user_id, msg, msg_len); - if (e == NULL) + e = sm2_compute_msg_hash(digest, key, user_id, msg, msg_len); + if (e == NULL) { + /* SM2err already called */ goto done; + } - sig = SM2_sig_gen(key, e); + sig = sm2_sig_gen(key, e); done: BN_free(e); return sig; } -int SM2_do_verify(const EC_KEY *key, +int sm2_do_verify(const EC_KEY *key, const EVP_MD *digest, const ECDSA_SIG *sig, const char *user_id, const uint8_t *msg, size_t msg_len) { BIGNUM *e = NULL; - int ret = -1; + int ret = 0; - e = compute_msg_hash(digest, key, user_id, msg, msg_len); - if (e == NULL) + e = sm2_compute_msg_hash(digest, key, user_id, msg, msg_len); + if (e == NULL) { + /* SM2err already called */ goto done; + } - ret = SM2_sig_verify(key, sig, e); + ret = sm2_sig_verify(key, sig, e); done: BN_free(e); return ret; } -int SM2_sign(int type, const unsigned char *dgst, int dgstlen, +int sm2_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey) { BIGNUM *e = NULL; ECDSA_SIG *s = NULL; + int sigleni; int ret = -1; - if (type != NID_sm3) - goto done; - - if (dgstlen != 32) /* expected length of SM3 hash */ - goto done; + if (type != NID_sm3 || dgstlen != 32) { + SM2err(SM2_F_SM2_SIGN, SM2_R_INVALID_DIGEST_TYPE); + goto done; + } e = BN_bin2bn(dgst, dgstlen, NULL); + if (e == NULL) { + SM2err(SM2_F_SM2_SIGN, ERR_R_BN_LIB); + goto done; + } - s = SM2_sig_gen(eckey, e); + s = sm2_sig_gen(eckey, e); - *siglen = i2d_ECDSA_SIG(s, &sig); + sigleni = i2d_ECDSA_SIG(s, &sig); + if (sigleni < 0) { + SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR); + goto done; + } + *siglen = (unsigned int)sigleni; ret = 1; @@ -287,7 +318,7 @@ int SM2_sign(int type, const unsigned char *dgst, int dgstlen, return ret; } -int SM2_verify(int type, const unsigned char *dgst, int dgstlen, +int sm2_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s = NULL; @@ -297,22 +328,34 @@ int SM2_verify(int type, const unsigned char *dgst, int dgstlen, int derlen = -1; int ret = -1; - if (type != NID_sm3) - goto done; + if (type != NID_sm3) { + SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_DIGEST_TYPE); + goto done; + } s = ECDSA_SIG_new(); - if (s == NULL) + if (s == NULL) { + SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE); goto done; - if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) + } + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) { + SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING); goto done; + } /* Ensure signature uses DER and doesn't have trailing garbage */ derlen = i2d_ECDSA_SIG(s, &der); - if (derlen != sig_len || memcmp(sig, der, derlen) != 0) + if (derlen != sig_len || memcmp(sig, der, derlen) != 0) { + SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING); goto done; + } e = BN_bin2bn(dgst, dgstlen, NULL); + if (e == NULL) { + SM2err(SM2_F_SM2_VERIFY, ERR_R_BN_LIB); + goto done; + } - ret = SM2_sig_verify(eckey, s, e); + ret = sm2_sig_verify(eckey, s, e); done: OPENSSL_free(der); diff --git a/crypto/sm2/sm2_za.c b/crypto/sm2/sm2_za.c index f76fe0f..a9560c3 100644 --- a/crypto/sm2/sm2_za.c +++ b/crypto/sm2/sm2_za.c @@ -9,32 +9,29 @@ * https://www.openssl.org/source/license.html */ -#include +#include "internal/sm2.h" +#include "internal/sm2err.h" +#include #include #include #include -int SM2_compute_userid_digest(uint8_t *out, +int sm2_compute_userid_digest(uint8_t *out, const EVP_MD *digest, const char *user_id, const EC_KEY *key) { int rc = 0; - const EC_GROUP *group = EC_KEY_get0_group(key); - BN_CTX *ctx = NULL; EVP_MD_CTX *hash = NULL; - BIGNUM *p = NULL; BIGNUM *a = NULL; BIGNUM *b = NULL; - BIGNUM *xG = NULL; BIGNUM *yG = NULL; BIGNUM *xA = NULL; BIGNUM *yA = NULL; - int p_bytes = 0; uint8_t *buf = NULL; size_t uid_len = 0; @@ -42,12 +39,11 @@ int SM2_compute_userid_digest(uint8_t *out, uint8_t e_byte = 0; hash = EVP_MD_CTX_new(); - if (hash == NULL) - goto done; - ctx = BN_CTX_new(); - if (ctx == NULL) - goto done; + if (hash == NULL || ctx == NULL) { + SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_MALLOC_FAILURE); + goto done; + } p = BN_CTX_get(ctx); a = BN_CTX_get(ctx); @@ -57,70 +53,75 @@ int SM2_compute_userid_digest(uint8_t *out, xA = BN_CTX_get(ctx); yA = BN_CTX_get(ctx); - if (p == NULL || a == NULL || b == NULL || - xG == NULL || yG == NULL || xA == NULL || yA == NULL) - goto done; + if (yA == NULL) { + SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_MALLOC_FAILURE); + goto done; + } memset(out, 0, EVP_MD_size(digest)); - if (EVP_DigestInit(hash, digest) == 0) + if (!EVP_DigestInit(hash, digest)) { + SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_EVP_LIB); goto done; + } - /* - ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) - */ + /* ZA = H256(ENTLA || IDA || a || b || xG || yG || xA || yA) */ uid_len = strlen(user_id); - - if (uid_len >= 8192) /* too large */ + if (uid_len >= (UINT16_MAX / 8)) { + /* too large */ + SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, SM2_R_USER_ID_TOO_LARGE); goto done; + } - entla = (unsigned short)(8 * uid_len); + entla = (uint16_t)(8 * uid_len); e_byte = entla >> 8; - if (EVP_DigestUpdate(hash, &e_byte, 1) == 0) + if (!EVP_DigestUpdate(hash, &e_byte, 1)) { + SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_EVP_LIB); goto done; + } e_byte = entla & 0xFF; - if (EVP_DigestUpdate(hash, &e_byte, 1) == 0) + if (!EVP_DigestUpdate(hash, &e_byte, 1) + || !EVP_DigestUpdate(hash, user_id, uid_len)) { + SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_EVP_LIB); goto done; + } - if (EVP_DigestUpdate(hash, user_id, uid_len) == 0) - goto done; - - if (EC_GROUP_get_curve_GFp(group, p, a, b, ctx) == 0) + if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { + SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_EC_LIB); goto done; + } p_bytes = BN_num_bytes(p); buf = OPENSSL_zalloc(p_bytes); - - BN_bn2binpad(a, buf, p_bytes); - if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) - goto done; - BN_bn2binpad(b, buf, p_bytes); - if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) - goto done; - EC_POINT_get_affine_coordinates_GFp(group, - EC_GROUP_get0_generator(group), - xG, yG, ctx); - BN_bn2binpad(xG, buf, p_bytes); - if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) - goto done; - BN_bn2binpad(yG, buf, p_bytes); - if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) + if (buf == NULL) { + SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_MALLOC_FAILURE); goto done; - - EC_POINT_get_affine_coordinates_GFp(group, - EC_KEY_get0_public_key(key), - xA, yA, ctx); - BN_bn2binpad(xA, buf, p_bytes); - if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) - goto done; - BN_bn2binpad(yA, buf, p_bytes); - if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) - goto done; - - if (EVP_DigestFinal(hash, out, NULL) == 0) + } + + if (BN_bn2binpad(a, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(b, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EC_POINT_get_affine_coordinates_GFp(group, + EC_GROUP_get0_generator(group), + xG, yG, ctx) + || BN_bn2binpad(xG, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(yG, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EC_POINT_get_affine_coordinates_GFp(group, + EC_KEY_get0_public_key(key), + xA, yA, ctx) + || BN_bn2binpad(xA, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(yA, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EVP_DigestFinal(hash, out, NULL)) { + SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_INTERNAL_ERROR); goto done; + } rc = 1; diff --git a/include/openssl/sm2err.h b/include/openssl/sm2err.h deleted file mode 100644 index 3416c3d..0000000 --- a/include/openssl/sm2err.h +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef HEADER_SM2ERR_H -# define HEADER_SM2ERR_H - -# ifdef __cplusplus -extern "C" { -# endif -int ERR_load_SM2_strings(void); -# ifdef __cplusplus -} -# endif - -/* - * SM2 function codes. - */ -# define SM2_F_PKEY_SM2_CTRL 274 -# define SM2_F_PKEY_SM2_CTRL_STR 275 -# define SM2_F_PKEY_SM2_KEYGEN 276 -# define SM2_F_PKEY_SM2_PARAMGEN 277 -# define SM2_F_PKEY_SM2_SIGN 278 - -/* - * SM2 reason codes. - */ -# define SM2_R_ASN1_ERROR 115 -# define SM2_R_ASN5_ERROR 1150 -# define SM2_R_BAD_SIGNATURE 156 -# define SM2_R_BIGNUM_OUT_OF_RANGE 144 -# define SM2_R_BUFFER_TOO_SMALL 100 -# define SM2_R_COORDINATES_OUT_OF_RANGE 146 -# define SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 -# define SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 -# define SM2_R_D2I_ECPKPARAMETERS_FAILURE 117 -# define SM2_R_DECODE_ERROR 142 -# define SM2_R_DISCRIMINANT_IS_ZERO 118 -# define SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 -# define SM2_R_FIELD_TOO_LARGE 143 -# define SM2_R_GF2M_NOT_SUPPORTED 147 -# define SM2_R_GROUP2PKPARAMETERS_FAILURE 120 -# define SM2_R_I2D_ECPKPARAMETERS_FAILURE 121 -# define SM2_R_INCOMPATIBLE_OBJECTS 101 -# define SM2_R_INVALID_ARGUMENT 112 -# define SM2_R_INVALID_COMPRESSED_POINT 110 -# define SM2_R_INVALID_COMPRESSION_BIT 109 -# define SM2_R_INVALID_CURVE 141 -# define SM2_R_INVALID_DIGEST 151 -# define SM2_R_INVALID_DIGEST_TYPE 138 -# define SM2_R_INVALID_ENCODING 102 -# define SM2_R_INVALID_FIELD 103 -# define SM2_R_INVALID_FORM 104 -# define SM2_R_INVALID_GROUP_ORDER 122 -# define SM2_R_INVALID_KEY 116 -# define SM2_R_INVALID_OUTPUT_LENGTH 161 -# define SM2_R_INVALID_PEER_KEY 133 -# define SM2_R_INVALID_PENTANOMIAL_BASIS 132 -# define SM2_R_INVALID_PRIVATE_KEY 123 -# define SM2_R_INVALID_TRINOMIAL_BASIS 137 -# define SM2_R_KDF_PARAMETER_ERROR 148 -# define SM2_R_KEYS_NOT_SET 140 -# define SM2_R_MISSING_PARAMETERS 124 -# define SM2_R_MISSING_PRIVATE_KEY 125 -# define SM2_R_NEED_NEW_SETUP_VALUES 157 -# define SM2_R_NOT_A_NIST_PRIME 135 -# define SM2_R_NOT_IMPLEMENTED 126 -# define SM2_R_NOT_INITIALIZED 111 -# define SM2_R_NO_PARAMETERS_SET 139 -# define SM2_R_NO_PRIVATE_VALUE 154 -# define SM2_R_OPERATION_NOT_SUPPORTED 152 -# define SM2_R_PASSED_NULL_PARAMETER 134 -# define SM2_R_PEER_KEY_ERROR 149 -# define SM2_R_PKPARAMETERS2GROUP_FAILURE 127 -# define SM2_R_POINT_ARITHMETIC_FAILURE 155 -# define SM2_R_POINT_AT_INFINITY 106 -# define SM2_R_POINT_IS_NOT_ON_CURVE 107 -# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 158 -# define SM2_R_SHARED_INFO_ERROR 150 -# define SM2_R_SLOT_FULL 108 -# define SM2_R_UNDEFINED_GENERATOR 113 -# define SM2_R_UNDEFINED_ORDER 128 -# define SM2_R_UNKNOWN_GROUP 129 -# define SM2_R_UNKNOWN_ORDER 114 -# define SM2_R_UNSUPPORTED_FIELD 131 -# define SM2_R_WRONG_CURVE_PARAMETERS 145 -# define SM2_R_WRONG_ORDER 130 - -#endif diff --git a/test/build.info b/test/build.info index 000153d..9fe511a 100644 --- a/test/build.info +++ b/test/build.info @@ -28,7 +28,6 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN aborttest test_test \ sanitytest exdatatest bntest \ ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \ - sm2sigtest sm2crypttest \ md2test \ hmactest \ rc2test rc4test rc5test \ @@ -89,14 +88,6 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[ecdsatest]=../include DEPEND[ecdsatest]=../libcrypto libtestutil.a - SOURCE[sm2sigtest]=sm2sigtest.c - INCLUDE[sm2sigtest]=../include - DEPEND[sm2sigtest]=../libcrypto libtestutil.a - - SOURCE[sm2crypttest]=sm2crypttest.c - INCLUDE[sm2crypttest]=../include - DEPEND[sm2crypttest]=../libcrypto libtestutil.a - SOURCE[gmdifftest]=gmdifftest.c INCLUDE[gmdifftest]=../include DEPEND[gmdifftest]=../libcrypto libtestutil.a @@ -448,6 +439,9 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN IF[{- !$disabled{siphash} -}] PROGRAMS_NO_INST=siphash_internal_test ENDIF + IF[{- !$disabled{sm2} -}] + PROGRAMS_NO_INST=sm2_internal_test + ENDIF IF[{- !$disabled{sm4} -}] PROGRAMS_NO_INST=sm4_internal_test ENDIF @@ -491,6 +485,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[siphash_internal_test]=.. ../include ../crypto/include DEPEND[siphash_internal_test]=../libcrypto.a libtestutil.a + SOURCE[sm2_internal_test]=sm2_internal_test.c + INCLUDE[sm2_internal_test]=../include ../crypto/include + DEPEND[sm2_internal_test]=../libcrypto.a libtestutil.a + SOURCE[sm4_internal_test]=sm4_internal_test.c INCLUDE[sm4_internal_test]=.. ../include ../crypto/include DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a diff --git a/test/recipes/03-test_internal_sm4.t b/test/recipes/03-test_internal_sm2.t similarity index 77% copy from test/recipes/03-test_internal_sm4.t copy to test/recipes/03-test_internal_sm2.t index 459d83c..b93716e 100644 --- a/test/recipes/03-test_internal_sm4.t +++ b/test/recipes/03-test_internal_sm2.t @@ -1,6 +1,5 @@ #! /usr/bin/env perl # Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. -# Copyright 2017 [Ribose Inc.](https://www.ribose.com). All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,9 +11,9 @@ use OpenSSL::Test; # get 'plan' use OpenSSL::Test::Simple; use OpenSSL::Test::Utils; -setup("test_internal_sm4"); +setup("test_internal_sm2"); plan skip_all => "This test is unsupported in a shared library build on Windows" if $^O eq 'MSWin32' && !disabled("shared"); -simple_test("test_internal_sm4", "sm4_internal_test", "sm4"); +simple_test("test_internal_sm2", "sm2_internal_test", "sm2"); diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c new file mode 100644 index 0000000..4ae7303 --- /dev/null +++ b/test/sm2_internal_test.c @@ -0,0 +1,364 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include "testutil.h" + +#ifndef OPENSSL_NO_SM2 + +# include "internal/sm2.h" + +static RAND_METHOD fake_rand; +static const RAND_METHOD *saved_rand; + +static uint8_t *fake_rand_bytes = NULL; +static size_t fake_rand_bytes_offset = 0; + +static int get_faked_bytes(unsigned char *buf, int num) +{ + int i; + + if (fake_rand_bytes == NULL) + return saved_rand->bytes(buf, num); + + for (i = 0; i != num; ++i) + buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i]; + fake_rand_bytes_offset += num; + return 1; +} + +static int start_fake_rand(const char *hex_bytes) +{ + /* save old rand method */ + if (!TEST_ptr(saved_rand = RAND_get_rand_method())) + return 0; + + fake_rand = *saved_rand; + /* use own random function */ + fake_rand.bytes = get_faked_bytes; + + fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL); + fake_rand_bytes_offset = 0; + + /* set new RAND_METHOD */ + if (!TEST_true(RAND_set_rand_method(&fake_rand))) + return 0; + return 1; +} + +static int restore_rand(void) +{ + OPENSSL_free(fake_rand_bytes); + fake_rand_bytes = NULL; + fake_rand_bytes_offset = 0; + if (!TEST_true(RAND_set_rand_method(saved_rand))) + return 0; + return 1; +} + +static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex, + const char *b_hex, const char *x_hex, + const char *y_hex, const char *order_hex, + const char *cof_hex) +{ + BIGNUM *p = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *g_x = NULL; + BIGNUM *g_y = NULL; + BIGNUM *order = NULL; + BIGNUM *cof = NULL; + EC_POINT *generator = NULL; + EC_GROUP *group = NULL; + int ok = 0; + + if (!TEST_true(BN_hex2bn(&p, p_hex)) + || !TEST_true(BN_hex2bn(&a, a_hex)) + || !TEST_true(BN_hex2bn(&b, b_hex))) + goto done; + + group = EC_GROUP_new_curve_GFp(p, a, b, NULL); + if (!TEST_ptr(group)) + goto done; + + generator = EC_POINT_new(group); + if (!TEST_ptr(generator)) + goto done; + + if (!TEST_true(BN_hex2bn(&g_x, x_hex)) + || !TEST_true(BN_hex2bn(&g_y, y_hex)) + || !TEST_true(EC_POINT_set_affine_coordinates_GFp(group, generator, + g_x, g_y, NULL))) + goto done; + + if (!TEST_true(BN_hex2bn(&order, order_hex)) + || !TEST_true(BN_hex2bn(&cof, cof_hex)) + || !TEST_true(EC_GROUP_set_generator(group, generator, order, cof))) + goto done; + + ok = 1; +done: + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(g_x); + BN_free(g_y); + EC_POINT_free(generator); + BN_free(order); + BN_free(cof); + if (!ok) { + EC_GROUP_free(group); + group = NULL; + } + + return group; +} + +static int test_sm2_crypt(const EC_GROUP *group, + const EVP_MD *digest, + const char *privkey_hex, + const char *message, + const char *k_hex, const char *ctext_hex) +{ + const size_t msg_len = strlen(message); + BIGNUM *priv = NULL; + EC_KEY *key = NULL; + EC_POINT *pt = NULL; + unsigned char *expected = OPENSSL_hexstr2buf(ctext_hex, NULL); + size_t ctext_len = 0; + size_t ptext_len = 0; + uint8_t *ctext = NULL; + uint8_t *recovered = NULL; + size_t recovered_len = msg_len; + int rc = 0; + + if (!TEST_ptr(expected) + || !TEST_true(BN_hex2bn(&priv, privkey_hex))) + goto done; + + key = EC_KEY_new(); + if (!TEST_ptr(key) + || !TEST_true(EC_KEY_set_group(key, group)) + || !TEST_true(EC_KEY_set_private_key(key, priv))) + goto done; + + pt = EC_POINT_new(group); + if (!TEST_ptr(pt) + || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) + || !TEST_true(EC_KEY_set_public_key(key, pt)) + || !TEST_true(sm2_ciphertext_size(key, digest, msg_len, &ctext_len))) + goto done; + + ctext = OPENSSL_zalloc(ctext_len); + if (!TEST_ptr(ctext)) + goto done; + + start_fake_rand(k_hex); + if (!TEST_true(sm2_encrypt(key, digest, (const uint8_t *)message, msg_len, + ctext, &ctext_len))) { + restore_rand(); + goto done; + } + restore_rand(); + + if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len)) + goto done; + + if (!TEST_true(sm2_plaintext_size(key, digest, ctext_len, &ptext_len)) + || !TEST_int_eq(ptext_len, msg_len)) + goto done; + + recovered = OPENSSL_zalloc(ptext_len); + if (!TEST_ptr(recovered) + || !TEST_true(sm2_decrypt(key, digest, ctext, ctext_len, recovered, &recovered_len)) + || !TEST_int_eq(recovered_len, msg_len) + || !TEST_mem_eq(recovered, recovered_len, message, msg_len)) + goto done; + + rc = 1; + done: + BN_free(priv); + EC_POINT_free(pt); + OPENSSL_free(ctext); + OPENSSL_free(recovered); + OPENSSL_free(expected); + EC_KEY_free(key); + return rc; +} + +static int sm2_crypt_test(void) +{ + int testresult = 1; + EC_GROUP *test_group = + create_EC_group + ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", + "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", + "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", + "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", + "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", + "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", + "1"); + + if (!TEST_ptr(test_group)) + goto done; + + if (!test_sm2_crypt( + test_group, + EVP_sm3(), + "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0", + "encryption standard", + "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F", + "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF1" + "7F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A2" + "4B84400F01B804209C3D7360C30156FAB7C80A0276712DA9D8094A634B766D3A" + "285E07480653426D0413650053A89B41C418B0C3AAD00D886C00286467")) + goto done; + + /* Same test as above except using SHA-256 instead of SM3 */ + if (!test_sm2_crypt( + test_group, + EVP_sha256(), + "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0", + "encryption standard", + "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F", + "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF17F" + "6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A24B84" + "400F01B80420BE89139D07853100EFA763F60CBE30099EA3DF7F8F364F9D10A5E9" + "88E3C5AAFC0413229E6C9AEE2BB92CAD649FE2C035689785DA33")) + goto done; + + testresult = 1; + done: + EC_GROUP_free(test_group); + + return testresult; +} + +static int test_sm2_sign(const EC_GROUP *group, + const char *userid, + const char *privkey_hex, + const char *message, + const char *k_hex, + const char *r_hex, + const char *s_hex) +{ + const size_t msg_len = strlen(message); + int ok = 0; + BIGNUM *priv = NULL; + EC_POINT *pt = NULL; + EC_KEY *key = NULL; + ECDSA_SIG *sig = NULL; + const BIGNUM *sig_r = NULL; + const BIGNUM *sig_s = NULL; + BIGNUM *r = NULL; + BIGNUM *s = NULL; + + if (!TEST_true(BN_hex2bn(&priv, privkey_hex))) + goto done; + + key = EC_KEY_new(); + if (!TEST_ptr(key) + || !TEST_true(EC_KEY_set_group(key, group)) + || !TEST_true(EC_KEY_set_private_key(key, priv))) + goto done; + + pt = EC_POINT_new(group); + if (!TEST_ptr(pt) + || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) + || !TEST_true(EC_KEY_set_public_key(key, pt))) + goto done; + + start_fake_rand(k_hex); + sig = sm2_do_sign(key, EVP_sm3(), userid, (const uint8_t *)message, msg_len); + restore_rand(); + + if (!TEST_ptr(sig)) + goto done; + + ECDSA_SIG_get0(sig, &sig_r, &sig_s); + + if (!TEST_true(BN_hex2bn(&r, r_hex)) + || !TEST_true(BN_hex2bn(&s, s_hex)) + || !TEST_BN_eq(r, sig_r) + || !TEST_BN_eq(s, sig_s)) + goto done; + + ok = sm2_do_verify(key, EVP_sm3(), sig, userid, (const uint8_t *)message, + msg_len); + + /* We goto done whether this passes or fails */ + TEST_true(ok); + + done: + ECDSA_SIG_free(sig); + EC_POINT_free(pt); + EC_KEY_free(key); + BN_free(priv); + BN_free(r); + BN_free(s); + + return ok; +} + +static int sm2_sig_test(void) +{ + int testresult = 0; + /* From draft-shen-sm2-ecdsa-02 */ + EC_GROUP *test_group = + create_EC_group + ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", + "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", + "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", + "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", + "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", + "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", + "1"); + + if (!TEST_ptr(test_group)) + goto done; + + if (!TEST_true(test_sm2_sign( + test_group, + "ALICE123 at YAHOO.COM", + "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263", + "message digest", + "006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F", + "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1", + "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7"))) + goto done; + + testresult = 1; + + done: + EC_GROUP_free(test_group); + + return testresult; +} + +#endif + +int setup_tests(void) +{ +#ifdef OPENSSL_NO_SM2 + TEST_note("SM2 is disabled."); +#else + ADD_TEST(sm2_crypt_test); + ADD_TEST(sm2_sig_test); +#endif + return 1; +} diff --git a/test/sm2crypttest.c b/test/sm2crypttest.c deleted file mode 100644 index cd72cb0..0000000 --- a/test/sm2crypttest.c +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include "testutil.h" - -#ifndef OPENSSL_NO_SM2 - -# include - -static RAND_METHOD fake_rand; -static const RAND_METHOD *saved_rand; - -static uint8_t *fake_rand_bytes = NULL; -static size_t fake_rand_bytes_offset = 0; - -static int get_faked_bytes(unsigned char *buf, int num) -{ - int i; - - if (fake_rand_bytes == NULL) - return saved_rand->bytes(buf, num); - - for (i = 0; i != num; ++i) - buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i]; - fake_rand_bytes_offset += num; - return 1; -} - -static int start_fake_rand(const char *hex_bytes) -{ - /* save old rand method */ - if (!TEST_ptr(saved_rand = RAND_get_rand_method())) - return 0; - - fake_rand = *saved_rand; - /* use own random function */ - fake_rand.bytes = get_faked_bytes; - - fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL); - fake_rand_bytes_offset = 0; - - /* set new RAND_METHOD */ - if (!TEST_true(RAND_set_rand_method(&fake_rand))) - return 0; - return 1; -} - -static int restore_rand(void) -{ - OPENSSL_free(fake_rand_bytes); - fake_rand_bytes = NULL; - fake_rand_bytes_offset = 0; - if (!TEST_true(RAND_set_rand_method(saved_rand))) - return 0; - return 1; -} - -static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex, - const char *b_hex, const char *x_hex, - const char *y_hex, const char *order_hex, - const char *cof_hex) -{ - BIGNUM *p = NULL; - BIGNUM *a = NULL; - BIGNUM *b = NULL; - BIGNUM *g_x = NULL; - BIGNUM *g_y = NULL; - BIGNUM *order = NULL; - BIGNUM *cof = NULL; - EC_POINT *generator = NULL; - EC_GROUP *group = NULL; - - BN_hex2bn(&p, p_hex); - BN_hex2bn(&a, a_hex); - BN_hex2bn(&b, b_hex); - - group = EC_GROUP_new_curve_GFp(p, a, b, NULL); - BN_free(p); - BN_free(a); - BN_free(b); - - if (group == NULL) - return NULL; - - generator = EC_POINT_new(group); - if (generator == NULL) - return NULL; - - BN_hex2bn(&g_x, x_hex); - BN_hex2bn(&g_y, y_hex); - - if (EC_POINT_set_affine_coordinates_GFp(group, generator, g_x, g_y, NULL) == - 0) - return NULL; - - BN_free(g_x); - BN_free(g_y); - - BN_hex2bn(&order, order_hex); - BN_hex2bn(&cof, cof_hex); - - if (EC_GROUP_set_generator(group, generator, order, cof) == 0) - return NULL; - - EC_POINT_free(generator); - BN_free(order); - BN_free(cof); - - return group; -} - -static int test_sm2(const EC_GROUP *group, - const EVP_MD *digest, - const char *privkey_hex, - const char *message, - const char *k_hex, const char *ctext_hex) -{ - const size_t msg_len = strlen(message); - - BIGNUM *priv = NULL; - EC_KEY *key = NULL; - EC_POINT *pt = NULL; - unsigned char *expected = OPENSSL_hexstr2buf(ctext_hex, NULL); - - size_t ctext_len = 0; - size_t ptext_len = 0; - uint8_t *ctext = NULL; - uint8_t *recovered = NULL; - size_t recovered_len = msg_len; - - int rc = 0; - - BN_hex2bn(&priv, privkey_hex); - - key = EC_KEY_new(); - EC_KEY_set_group(key, group); - EC_KEY_set_private_key(key, priv); - - pt = EC_POINT_new(group); - EC_POINT_mul(group, pt, priv, NULL, NULL, NULL); - - EC_KEY_set_public_key(key, pt); - BN_free(priv); - EC_POINT_free(pt); - - ctext_len = SM2_ciphertext_size(key, digest, msg_len); - ctext = OPENSSL_zalloc(ctext_len); - if (ctext == NULL) - goto done; - - start_fake_rand(k_hex); - rc = SM2_encrypt(key, digest, - (const uint8_t *)message, msg_len, ctext, &ctext_len); - restore_rand(); - - TEST_mem_eq(ctext, ctext_len, expected, ctext_len); - if (rc == 0) - goto done; - - ptext_len = SM2_plaintext_size(key, digest, ctext_len); - - TEST_int_eq(ptext_len, msg_len); - - recovered = OPENSSL_zalloc(ptext_len); - if (recovered == NULL) - goto done; - rc = SM2_decrypt(key, digest, ctext, ctext_len, recovered, &recovered_len); - - TEST_int_eq(recovered_len, msg_len); - TEST_mem_eq(recovered, recovered_len, message, msg_len); - if (rc == 0) - return 0; - - rc = 1; - done: - - OPENSSL_free(ctext); - OPENSSL_free(recovered); - OPENSSL_free(expected); - EC_KEY_free(key); - return rc; -} - -static int sm2_crypt_test(void) -{ - int rc; - EC_GROUP *test_group = - create_EC_group - ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", - "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", - "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", - "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", - "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", - "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", - "1"); - - if (test_group == NULL) - return 0; - - rc = test_sm2(test_group, - EVP_sm3(), - "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0", - "encryption standard", - "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F", - "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF1" - "7F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A2" - "4B84400F01B804209C3D7360C30156FAB7C80A0276712DA9D8094A634B766D3A" - "285E07480653426D0413650053A89B41C418B0C3AAD00D886C00286467"); - - if (rc == 0) - return 0; - - /* Same test as above except using SHA-256 instead of SM3 */ - rc = test_sm2(test_group, - EVP_sha256(), - "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0", - "encryption standard", - "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F", - "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF17F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A24B84400F01B80420BE89139D07853100EFA763F60CBE30099EA3DF7F8F364F9D10A5E988E3C5AAFC0413229E6C9AEE2BB92CAD649FE2C035689785DA33"); - if (rc == 0) - return 0; - - EC_GROUP_free(test_group); - - return 1; -} - -#endif - -int setup_tests(void) -{ -#ifdef OPENSSL_NO_SM2 - TEST_note("SM2 is disabled."); -#else - ADD_TEST(sm2_crypt_test); -#endif - return 1; -} diff --git a/test/sm2sigtest.c b/test/sm2sigtest.c deleted file mode 100644 index 33be783..0000000 --- a/test/sm2sigtest.c +++ /dev/null @@ -1,238 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include "testutil.h" - -#ifndef OPENSSL_NO_SM2 - -# include - -static RAND_METHOD fake_rand; -static const RAND_METHOD *saved_rand; - -static uint8_t *fake_rand_bytes = NULL; -static size_t fake_rand_bytes_offset = 0; - -static int get_faked_bytes(unsigned char *buf, int num) -{ - int i; - - if (fake_rand_bytes == NULL) - return saved_rand->bytes(buf, num); - - for (i = 0; i != num; ++i) - buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i]; - fake_rand_bytes_offset += num; - return 1; -} - -static int start_fake_rand(const char *hex_bytes) -{ - /* save old rand method */ - if (!TEST_ptr(saved_rand = RAND_get_rand_method())) - return 0; - - fake_rand = *saved_rand; - /* use own random function */ - fake_rand.bytes = get_faked_bytes; - - fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL); - fake_rand_bytes_offset = 0; - - /* set new RAND_METHOD */ - if (!TEST_true(RAND_set_rand_method(&fake_rand))) - return 0; - return 1; -} - -static int restore_rand(void) -{ - OPENSSL_free(fake_rand_bytes); - fake_rand_bytes = NULL; - fake_rand_bytes_offset = 0; - if (!TEST_true(RAND_set_rand_method(saved_rand))) - return 0; - return 1; -} - -static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex, - const char *b_hex, const char *x_hex, - const char *y_hex, const char *order_hex, - const char *cof_hex) -{ - BIGNUM *p = NULL; - BIGNUM *a = NULL; - BIGNUM *b = NULL; - BIGNUM *g_x = NULL; - BIGNUM *g_y = NULL; - BIGNUM *order = NULL; - BIGNUM *cof = NULL; - EC_POINT *generator = NULL; - EC_GROUP *group = NULL; - - BN_hex2bn(&p, p_hex); - BN_hex2bn(&a, a_hex); - BN_hex2bn(&b, b_hex); - - group = EC_GROUP_new_curve_GFp(p, a, b, NULL); - BN_free(p); - BN_free(a); - BN_free(b); - - if (group == NULL) - return NULL; - - generator = EC_POINT_new(group); - if (generator == NULL) - return NULL; - - BN_hex2bn(&g_x, x_hex); - BN_hex2bn(&g_y, y_hex); - - if (EC_POINT_set_affine_coordinates_GFp(group, generator, g_x, g_y, NULL) == - 0) - return NULL; - - BN_free(g_x); - BN_free(g_y); - - BN_hex2bn(&order, order_hex); - BN_hex2bn(&cof, cof_hex); - - if (EC_GROUP_set_generator(group, generator, order, cof) == 0) - return NULL; - - EC_POINT_free(generator); - BN_free(order); - BN_free(cof); - - return group; -} - - -static int test_sm2(const EC_GROUP *group, - const char *userid, - const char *privkey_hex, - const char *message, - const char *k_hex, const char *r_hex, const char *s_hex) -{ - const size_t msg_len = strlen(message); - int ok = -1; - BIGNUM *priv = NULL; - EC_POINT *pt = NULL; - EC_KEY *key = NULL; - ECDSA_SIG *sig = NULL; - const BIGNUM *sig_r = NULL; - const BIGNUM *sig_s = NULL; - BIGNUM *r = NULL; - BIGNUM *s = NULL; - - BN_hex2bn(&priv, privkey_hex); - - key = EC_KEY_new(); - EC_KEY_set_group(key, group); - EC_KEY_set_private_key(key, priv); - - pt = EC_POINT_new(group); - EC_POINT_mul(group, pt, priv, NULL, NULL, NULL); - EC_KEY_set_public_key(key, pt); - - start_fake_rand(k_hex); - sig = SM2_do_sign(key, EVP_sm3(), userid, (const uint8_t *)message, msg_len); - restore_rand(); - - if (sig == NULL) - return 0; - - ECDSA_SIG_get0(sig, &sig_r, &sig_s); - - BN_hex2bn(&r, r_hex); - BN_hex2bn(&s, s_hex); - - if (BN_cmp(r, sig_r) != 0) { - printf("Signature R mismatch: "); - BN_print_fp(stdout, r); - printf(" != "); - BN_print_fp(stdout, sig_r); - printf("\n"); - ok = 0; - } - if (BN_cmp(s, sig_s) != 0) { - printf("Signature S mismatch: "); - BN_print_fp(stdout, s); - printf(" != "); - BN_print_fp(stdout, sig_s); - printf("\n"); - ok = 0; - } - - ok = SM2_do_verify(key, EVP_sm3(), sig, userid, (const uint8_t *)message, msg_len); - - ECDSA_SIG_free(sig); - EC_POINT_free(pt); - EC_KEY_free(key); - BN_free(priv); - BN_free(r); - BN_free(s); - - return ok; -} - -static int sm2_sig_test(void) -{ - int rc = 0; - /* From draft-shen-sm2-ecdsa-02 */ - EC_GROUP *test_group = - create_EC_group - ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", - "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", - "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", - "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", - "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", - "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", - "1"); - - if (test_group == NULL) - return 0; - - rc = test_sm2(test_group, - "ALICE123 at YAHOO.COM", - "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263", - "message digest", - "006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F", - "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1", - "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7"); - - EC_GROUP_free(test_group); - - return rc; -} - -#endif - -int setup_tests(void) -{ -#ifdef OPENSSL_NO_SM2 - TEST_note("SM2 is disabled."); -#else - ADD_TEST(sm2_sig_test); -#endif - return 1; -} diff --git a/util/libcrypto.num b/util/libcrypto.num index 9d6653c..a810755 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4514,16 +4514,6 @@ EVP_PKEY_new_CMAC_key 4455 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_set_priv_key 4456 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_set_pub_key 4457 1_1_1 EXIST::FUNCTION: RAND_DRBG_set_defaults 4458 1_1_1 EXIST::FUNCTION: -SM2_decrypt 4459 1_1_1 EXIST::FUNCTION:SM2 -SM2_do_sign 4460 1_1_1 EXIST::FUNCTION:SM2 -SM2_compute_userid_digest 4461 1_1_1 EXIST::FUNCTION:SM2 -SM2_encrypt 4462 1_1_1 EXIST::FUNCTION:SM2 -SM2_ciphertext_size 4463 1_1_1 EXIST::FUNCTION:SM2 -SM2_verify 4464 1_1_1 EXIST::FUNCTION:SM2 -SM2_do_verify 4465 1_1_1 EXIST::FUNCTION:SM2 -SM2_sign 4466 1_1_1 EXIST::FUNCTION:SM2 -ERR_load_SM2_strings 4467 1_1_1 EXIST::FUNCTION:SM2 -SM2_plaintext_size 4468 1_1_1 EXIST::FUNCTION:SM2 conf_ssl_name_find 4469 1_1_0i EXIST::FUNCTION: conf_ssl_get_cmd 4470 1_1_0i EXIST::FUNCTION: conf_ssl_get 4471 1_1_0i EXIST::FUNCTION: From no-reply at appveyor.com Mon Jun 4 11:15:46 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 Jun 2018 11:15:46 +0000 Subject: [openssl-commits] Build completed: openssl master.18296 Message-ID: <20180604111546.1.4DC31A8C4EB27FDE@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jun 4 11:27:58 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 Jun 2018 11:27:58 +0000 Subject: [openssl-commits] Build failed: openssl master.18297 Message-ID: <20180604112758.1.83C04FBDD3471FF5@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jun 4 12:12:31 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 Jun 2018 12:12:31 +0000 Subject: [openssl-commits] Build completed: openssl master.18298 Message-ID: <20180604121231.1.90D47035DA64FFCA@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jun 4 17:01:57 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 Jun 2018 17:01:57 +0000 Subject: [openssl-commits] Build failed: openssl master.18305 Message-ID: <20180604170157.1.BFAF4D2238AE949D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jun 4 18:15:00 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 04 Jun 2018 18:15:00 +0000 Subject: [openssl-commits] Build completed: openssl master.18306 Message-ID: <20180604181500.1.2EB873A4C7E8E684@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Jun 5 08:13:54 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 05 Jun 2018 08:13:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528186434.406645.659.nullmailer@dev.openssl.org> The branch master has been updated via 02f9d83585e03fb8d1c9d8bf5059db5b4acefd98 (commit) from 722add716bce487f5818cc57cb594fd526454b70 (commit) - Log ----------------------------------------------------------------- commit 02f9d83585e03fb8d1c9d8bf5059db5b4acefd98 Author: Richard Levitte Date: Tue Jun 5 09:37:14 2018 +0200 crypto/sm2/sm2_za.c: include internal/numbers.h Needed for the platforms that don't define UINT16_MAX. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6414) ----------------------------------------------------------------------- Summary of changes: crypto/sm2/sm2_za.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/sm2/sm2_za.c b/crypto/sm2/sm2_za.c index a9560c3..94d0dac 100644 --- a/crypto/sm2/sm2_za.c +++ b/crypto/sm2/sm2_za.c @@ -15,6 +15,7 @@ #include #include #include +#include "internal/numbers.h" int sm2_compute_userid_digest(uint8_t *out, const EVP_MD *digest, From rsalz at openssl.org Tue Jun 5 15:17:22 2018 From: rsalz at openssl.org (Rich Salz) Date: Tue, 05 Jun 2018 15:17:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1528211842.034169.22389.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via cc2842038bc74a8e50c05ddc3f6afe2c29bbb633 (commit) from 78641aacb777147eeca698faf1376761d005ad39 (commit) - Log ----------------------------------------------------------------- commit cc2842038bc74a8e50c05ddc3f6afe2c29bbb633 Author: Rich Salz Date: Sat Jun 2 14:57:34 2018 -0400 Make OS/X more explicit, to avoid questions Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6404) (cherry picked from commit 886c2e614fc1e78e658122bf6f6bccdd7dd23857) ----------------------------------------------------------------------- Summary of changes: INSTALL | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALL b/INSTALL index 3e21cc2..9e09dc5 100644 --- a/INSTALL +++ b/INSTALL @@ -3,7 +3,7 @@ -------------------- This document describes installation on all supported operating - systems (the Linux/Unix family, OpenVMS and Windows) + systems (the Linux/Unix family including Mac OS/X, OpenVMS and Windows) To install OpenSSL, you will need: @@ -76,7 +76,7 @@ If you want to just get on with it, do: - on Unix: + on Unix (again, this includes Mac OS/X): $ ./config $ make From rsalz at openssl.org Tue Jun 5 15:18:24 2018 From: rsalz at openssl.org (Rich Salz) Date: Tue, 05 Jun 2018 15:18:24 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528211904.890506.23449.nullmailer@dev.openssl.org> The branch master has been updated via 630fe1da888490b7dfef3fe0928b813ddff5d51a (commit) from 02f9d83585e03fb8d1c9d8bf5059db5b4acefd98 (commit) - Log ----------------------------------------------------------------- commit 630fe1da888490b7dfef3fe0928b813ddff5d51a Author: Rich Salz Date: Tue Jun 5 11:17:59 2018 -0400 Improve wording Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6413) ----------------------------------------------------------------------- Summary of changes: INSTALL | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALL b/INSTALL index 77de570..b1a5868 100644 --- a/INSTALL +++ b/INSTALL @@ -2,7 +2,8 @@ -------------------- This document describes installation on all supported operating - systems (the Linux/Unix family including Mac OS/X, OpenVMS and Windows) + systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS, + and Windows). To install OpenSSL, you will need: From rsalz at openssl.org Tue Jun 5 15:18:34 2018 From: rsalz at openssl.org (Rich Salz) Date: Tue, 05 Jun 2018 15:18:34 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1528211914.489905.24245.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 853d2453620ff04fbe8afa89fabd77eff42f54db (commit) from cc2842038bc74a8e50c05ddc3f6afe2c29bbb633 (commit) - Log ----------------------------------------------------------------- commit 853d2453620ff04fbe8afa89fabd77eff42f54db Author: Rich Salz Date: Tue Jun 5 11:17:59 2018 -0400 Improve wording Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6413) (cherry picked from commit 630fe1da888490b7dfef3fe0928b813ddff5d51a) ----------------------------------------------------------------------- Summary of changes: INSTALL | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALL b/INSTALL index 9e09dc5..5a98d1d 100644 --- a/INSTALL +++ b/INSTALL @@ -3,7 +3,8 @@ -------------------- This document describes installation on all supported operating - systems (the Linux/Unix family including Mac OS/X, OpenVMS and Windows) + systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS, + and Windows). To install OpenSSL, you will need: From matthias.st.pierre at ncp-e.com Tue Jun 5 16:09:07 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 05 Jun 2018 16:09:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528214947.729125.30911.nullmailer@dev.openssl.org> The branch master has been updated via 0336df2fa316a3e08b8f0d2d0e8d4bc175e46634 (commit) from 630fe1da888490b7dfef3fe0928b813ddff5d51a (commit) - Log ----------------------------------------------------------------- commit 0336df2fa316a3e08b8f0d2d0e8d4bc175e46634 Author: Georg Schmidt Date: Thu May 31 01:42:39 2018 +0200 Issue warnings for large DSA and RSA keys Issue a warning when generating DSA or RSA keys of size greater than OPENSSL_DSA_MAX_MODULUS_BITS resp. OPENSSL_RSA_MAX_MODULUS_BITS. Reviewed-by: Paul Dale Reviewed-by: Rich Salz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6380) ----------------------------------------------------------------------- Summary of changes: apps/dsaparam.c | 6 ++++++ apps/gendsa.c | 7 +++++++ apps/genrsa.c | 5 +++++ apps/req.c | 12 ++++++++++++ 4 files changed, 30 insertions(+) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 341480b..8e33ffd 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -128,6 +128,12 @@ int dsaparam_main(int argc, char **argv) goto end; if (numbits > 0) { + if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, numbits); + cb = BN_GENCB_new(); if (cb == NULL) { BIO_printf(bio_err, "Error allocating BN_GENCB object\n"); diff --git a/apps/gendsa.c b/apps/gendsa.c index 06e3792..4013754 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -117,6 +117,13 @@ int gendsa_main(int argc, char **argv) goto end2; DSA_get0_pqg(dsa, &p, NULL, NULL); + + if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p)); + BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p)); if (!DSA_generate_key(dsa)) goto end; diff --git a/apps/genrsa.c b/apps/genrsa.c index 2bc8fa0..c17cd14 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -123,6 +123,11 @@ opthelp: if (argc == 1) { if (!opt_int(argv[0], &num) || num <= 0) goto end; + if (num > OPENSSL_RSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for RSA keys.\n" + " Your key size is %d! Larger key size may behave not as expected.\n", + OPENSSL_RSA_MAX_MODULUS_BITS, num); } else if (argc > 0) { BIO_printf(bio_err, "Extra arguments given.\n"); goto opthelp; diff --git a/apps/req.c b/apps/req.c index ca4b7ec..59baa89 100644 --- a/apps/req.c +++ b/apps/req.c @@ -517,6 +517,18 @@ int req_main(int argc, char **argv) goto end; } + if (pkey_type == EVP_PKEY_RSA && newkey > OPENSSL_RSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for RSA keys.\n" + " Your key size is %ld! Larger key size may behave not as expected.\n", + OPENSSL_RSA_MAX_MODULUS_BITS, newkey); + + if (pkey_type == EVP_PKEY_DSA && newkey > OPENSSL_DSA_MAX_MODULUS_BITS) + BIO_printf(bio_err, + "Warning: It is not recommended to use more than %d bit for DSA keys.\n" + " Your key size is %ld! Larger key size may behave not as expected.\n", + OPENSSL_DSA_MAX_MODULUS_BITS, newkey); + if (genctx == NULL) { genctx = set_keygen_ctx(NULL, &pkey_type, &newkey, &keyalgstr, gen_eng); From no-reply at appveyor.com Tue Jun 5 17:02:35 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 05 Jun 2018 17:02:35 +0000 Subject: [openssl-commits] Build failed: openssl master.18322 Message-ID: <20180605170235.1.A441BBD4BCB8ACA3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 5 17:51:36 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 05 Jun 2018 17:51:36 +0000 Subject: [openssl-commits] Build completed: openssl master.18323 Message-ID: <20180605175136.1.8D792421391C9325@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 5 19:08:01 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 05 Jun 2018 19:08:01 +0000 Subject: [openssl-commits] Build failed: openssl master.18327 Message-ID: <20180605190801.1.5F61431C200FAAEF@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 5 19:48:42 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 05 Jun 2018 19:48:42 +0000 Subject: [openssl-commits] Build failed: openssl master.18328 Message-ID: <20180605194842.1.720DA3C415529713@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 5 20:25:07 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 05 Jun 2018 20:25:07 +0000 Subject: [openssl-commits] Build completed: openssl master.18329 Message-ID: <20180605202507.1.1539D87FE3A23CCA@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jun 6 00:53:50 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 06 Jun 2018 00:53:50 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1528246430.947559.15352.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 0336df2 Issue warnings for large DSA and RSA keys 630fe1d Improve wording 02f9d83 crypto/sm2/sm2_za.c: include internal/numbers.h Build log ended with (last 100 lines): "-oMakefile" ../openssl/apps/tsget.in > "apps/tsget" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/tools/c_rehash.in > "tools/c_rehash" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x apps/tsget ar r apps/libapps.a apps/app_rand.o apps/apps.o apps/bf_prefix.o apps/opt.o apps/s_cb.o apps/s_socket.o clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aes-x86_64.o crypto/aes/aes-x86_64.s ar: creating apps/libapps.a ranlib apps/libapps.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aesni-mb-x86_64.o crypto/aes/aesni-mb-x86_64.s chmod a+x tools/c_rehash clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aesni-sha1-x86_64.o crypto/aes/aesni-sha1-x86_64.s chmod a+x util/shlib_wrap.sh clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aesni-sha256-x86_64.o crypto/aes/aesni-sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aesni-x86_64.o crypto/aes/aesni-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/bsaes-x86_64.o crypto/aes/bsaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/vpaes-x86_64.o crypto/aes/vpaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/rsaz-avx2.o crypto/bn/rsaz-avx2.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/rsaz-x86_64.o crypto/bn/rsaz-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/x86_64-gf2m.o crypto/bn/x86_64-gf2m.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/x86_64-mont.o crypto/bn/x86_64-mont.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/x86_64-mont5.o crypto/bn/x86_64-mont5.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/camellia/cmll-x86_64.o crypto/camellia/cmll-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/chacha/chacha-x86_64.o crypto/chacha/chacha-x86_64.s clang -I. -Icrypto/include -Iinclude -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/cversion.d.tmp -MT crypto/cversion.o -c -o crypto/cversion.o ../openssl/crypto/cversion.c clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/ec/ecp_nistz256-x86_64.o crypto/ec/ecp_nistz256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/ec/x25519-x86_64.o crypto/ec/x25519-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/md5/md5-x86_64.o crypto/md5/md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/modes/aesni-gcm-x86_64.o crypto/modes/aesni-gcm-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/modes/ghash-x86_64.o crypto/modes/ghash-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/poly1305/poly1305-x86_64.o crypto/poly1305/poly1305-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/rc4/rc4-md5-x86_64.o crypto/rc4/rc4-md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/rc4/rc4-x86_64.o crypto/rc4/rc4-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/keccak1600-x86_64.o crypto/sha/keccak1600-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha1-mb-x86_64.o crypto/sha/sha1-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha1-x86_64.o crypto/sha/sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha256-mb-x86_64.o crypto/sha/sha256-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha256-x86_64.o crypto/sha/sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha512-x86_64.o crypto/sha/sha512-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/whrlpool/wp-x86_64.o crypto/whrlpool/wp-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/x86_64cpuid.o crypto/x86_64cpuid.s ar r libssl.a ssl/bio_ssl.o ssl/d1_lib.o ssl/d1_msg.o ssl/d1_srtp.o ssl/methods.o ssl/packet.o ssl/pqueue.o ssl/record/dtls1_bitmap.o ssl/record/rec_layer_d1.o ssl/record/rec_layer_s3.o ssl/record/ssl3_buffer.o ssl/record/ssl3_record.o ssl/record/ssl3_record_tls13.o ssl/s3_cbc.o ssl/s3_enc.o ssl/s3_lib.o ssl/s3_msg.o ssl/ssl_asn1.o ssl/ssl_cert.o ssl/ssl_ciph.o ssl/ssl_conf.o ssl/ssl_err.o ssl/ssl_init.o ssl/ssl_lib.o ssl/ssl_mcnf.o ssl/ssl_rsa.o ssl/ssl_sess.o ssl/ssl_stat.o ssl/ssl_txt.o ssl/ssl_utst.o ssl/statem/extensions.o ssl/statem/extensions_clnt.o ssl/statem/extensions_cust.o ssl/statem/extensions_srvr.o ssl/statem/statem.o ssl/statem/statem_clnt.o ssl/statem/statem_dtls.o ssl/statem/statem_lib.o ssl/statem/statem_srvr.o ssl/t1_enc.o ssl/t1_lib.o ssl/t1_trce.o ssl/tls13_enc.o ssl/tls_srp.o ar: creating libssl.a ranlib libssl.a || echo Never mind. ar r test/libtestutil.a test/testutil/basic_output.o test/testutil/cb.o test/testutil/driver.o test/testutil/format_output.o test/testutil/init.o test/testutil/main.o test/testutil/output_helpers.o test/testutil/stanza.o test/testutil/tap_bio.o test/testutil/test_cleanup.o test/testutil/tests.o clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -c -o engines/e_padlock-x86_64.o engines/e_padlock-x86_64.s ar: creating test/libtestutil.a ranlib test/libtestutil.a || echo Never mind. clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/asn1pars.d.tmp -MT apps/asn1pars.o -c -o apps/asn1pars.o ../openssl/apps/asn1pars.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ca.d.tmp -MT apps/ca.o -c -o apps/ca.o ../openssl/apps/ca.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ciphers.d.tmp -MT apps/ciphers.o -c -o apps/ciphers.o ../openssl/apps/ciphers.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/cms.d.tmp -MT apps/cms.o -c -o apps/cms.o ../openssl/apps/cms.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/crl.d.tmp -MT apps/crl.o -c -o apps/crl.o ../openssl/apps/crl.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/crl2p7.d.tmp -MT apps/crl2p7.o -c -o apps/crl2p7.o ../openssl/apps/crl2p7.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/dgst.d.tmp -MT apps/dgst.o -c -o apps/dgst.o ../openssl/apps/dgst.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/dhparam.d.tmp -MT apps/dhparam.o -c -o apps/dhparam.o ../openssl/apps/dhparam.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/dsa.d.tmp -MT apps/dsa.o -c -o apps/dsa.o ../openssl/apps/dsa.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/dsaparam.d.tmp -MT apps/dsaparam.o -c -o apps/dsaparam.o ../openssl/apps/dsaparam.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ec.d.tmp -MT apps/ec.o -c -o apps/ec.o ../openssl/apps/ec.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ecparam.d.tmp -MT apps/ecparam.o -c -o apps/ecparam.o ../openssl/apps/ecparam.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/enc.d.tmp -MT apps/enc.o -c -o apps/enc.o ../openssl/apps/enc.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/engine.d.tmp -MT apps/engine.o -c -o apps/engine.o ../openssl/apps/engine.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/errstr.d.tmp -MT apps/errstr.o -c -o apps/errstr.o ../openssl/apps/errstr.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/gendsa.d.tmp -MT apps/gendsa.o -c -o apps/gendsa.o ../openssl/apps/gendsa.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/genpkey.d.tmp -MT apps/genpkey.o -c -o apps/genpkey.o ../openssl/apps/genpkey.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/genrsa.d.tmp -MT apps/genrsa.o -c -o apps/genrsa.o ../openssl/apps/genrsa.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/nseq.d.tmp -MT apps/nseq.o -c -o apps/nseq.o ../openssl/apps/nseq.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ocsp.d.tmp -MT apps/ocsp.o -c -o apps/ocsp.o ../openssl/apps/ocsp.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/openssl.d.tmp -MT apps/openssl.o -c -o apps/openssl.o ../openssl/apps/openssl.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/passwd.d.tmp -MT apps/passwd.o -c -o apps/passwd.o ../openssl/apps/passwd.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkcs12.d.tmp -MT apps/pkcs12.o -c -o apps/pkcs12.o ../openssl/apps/pkcs12.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkcs7.d.tmp -MT apps/pkcs7.o -c -o apps/pkcs7.o ../openssl/apps/pkcs7.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkcs8.d.tmp -MT apps/pkcs8.o -c -o apps/pkcs8.o ../openssl/apps/pkcs8.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkey.d.tmp -MT apps/pkey.o -c -o apps/pkey.o ../openssl/apps/pkey.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkeyparam.d.tmp -MT apps/pkeyparam.o -c -o apps/pkeyparam.o ../openssl/apps/pkeyparam.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkeyutl.d.tmp -MT apps/pkeyutl.o -c -o apps/pkeyutl.o ../openssl/apps/pkeyutl.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/prime.d.tmp -MT apps/prime.o -c -o apps/prime.o ../openssl/apps/prime.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/rand.d.tmp -MT apps/rand.o -c -o apps/rand.o ../openssl/apps/rand.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/rehash.d.tmp -MT apps/rehash.o -c -o apps/rehash.o ../openssl/apps/rehash.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/req.d.tmp -MT apps/req.o -c -o apps/req.o ../openssl/apps/req.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/rsa.d.tmp -MT apps/rsa.o -c -o apps/rsa.o ../openssl/apps/rsa.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/rsautl.d.tmp -MT apps/rsautl.o -c -o apps/rsautl.o ../openssl/apps/rsautl.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/s_client.d.tmp -MT apps/s_client.o -c -o apps/s_client.o ../openssl/apps/s_client.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/s_server.d.tmp -MT apps/s_server.o -c -o apps/s_server.o ../openssl/apps/s_server.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/s_time.d.tmp -MT apps/s_time.o -c -o apps/s_time.o ../openssl/apps/s_time.c ../openssl/apps/req.c:526:51: error: use of undeclared identifier 'OPENSSL_DSA_MAX_MODULUS_BITS' if (pkey_type == EVP_PKEY_DSA && newkey > OPENSSL_DSA_MAX_MODULUS_BITS) ^ ../openssl/apps/req.c:530:24: error: use of undeclared identifier 'OPENSSL_DSA_MAX_MODULUS_BITS' OPENSSL_DSA_MAX_MODULUS_BITS, newkey); ^ 2 errors generated. Makefile:6607: recipe for target 'apps/req.o' failed make[1]: *** [apps/req.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From appro at openssl.org Wed Jun 6 20:14:48 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 06 Jun 2018 20:14:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528316088.171425.16502.nullmailer@dev.openssl.org> The branch master has been updated via 316d527ff9b6597105df399fc222ea328cd827bf (commit) via 791cc3029bd2aee7fc6b766b9841ce1e0a14484a (commit) via 3f9c3b3c48252f24043689ad6b0e78b4a3005910 (commit) via f0c77d66b49c3ca7378035f233f86ec0336866eb (commit) from 0336df2fa316a3e08b8f0d2d0e8d4bc175e46634 (commit) - Log ----------------------------------------------------------------- commit 316d527ff9b6597105df399fc222ea328cd827bf Author: Andy Polyakov Date: Tue Jun 5 20:00:46 2018 +0200 crypto/ppccap.c: wire new ChaCha20_ctr32_vsx. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6419) commit 791cc3029bd2aee7fc6b766b9841ce1e0a14484a Author: Andy Polyakov Date: Tue Jun 5 19:59:19 2018 +0200 chacha/asm/chacha-ppc.pl: improve performance by 40/80% on POWER8/9. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6419) commit 3f9c3b3c48252f24043689ad6b0e78b4a3005910 Author: Andy Polyakov Date: Tue Jun 5 19:57:42 2018 +0200 perlasm/ppc-xlate.pl: add vmrg[eo]w instructions. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6419) commit f0c77d66b49c3ca7378035f233f86ec0336866eb Author: Andy Polyakov Date: Tue Jun 5 19:55:55 2018 +0200 sha/asm/sha512p8-ppc.pl: fix build on Mac OS X. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6419) ----------------------------------------------------------------------- Summary of changes: crypto/chacha/asm/chacha-ppc.pl | 415 +++++++++++++++++++++++++++++++++++++++- crypto/perlasm/ppc-xlate.pl | 2 + crypto/ppccap.c | 11 +- crypto/sha/asm/sha512p8-ppc.pl | 3 +- 4 files changed, 418 insertions(+), 13 deletions(-) diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl index 88746fe..96cdfeb 100755 --- a/crypto/chacha/asm/chacha-ppc.pl +++ b/crypto/chacha/asm/chacha-ppc.pl @@ -18,19 +18,31 @@ # # ChaCha20 for PowerPC/AltiVec. # +# June 2018 +# +# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for +# processors that can't issue more than one vector instruction per +# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x +# interleave would perform better. Incidentally PowerISA 2.07 (first +# implemented by POWER8) defined new usable instructions, hence 4xVSX +# code path... +# # Performance in cycles per byte out of large buffer. # -# IALU/gcc-4.x 3xAltiVec+1xIALU +# IALU/gcc-4.x 3xAltiVec+1xIALU 4xVSX # -# Freescale e300 13.6/+115% - -# PPC74x0/G4e 6.81/+310% 3.81 -# PPC970/G5 9.29/+160% ? -# POWER7 8.62/+61% 3.35 -# POWER8 8.70/+51% 2.91 -# POWER9 8.80/+29% 4.44(*) +# Freescale e300 13.6/+115% - - +# PPC74x0/G4e 6.81/+310% 3.81 - +# PPC970/G5 9.29/+160% ? - +# POWER7 8.62/+61% 3.35 - +# POWER8 8.70/+51% 2.91 2.09 +# POWER9 8.80/+29% 4.44(*) 2.45(**) # # (*) this is trade-off result, it's possible to improve it, but # then it would negatively affect all others; +# (**) POWER9 seems to be "allergic" to mixing vector and integer +# instructions, which is why switch to vector-only code pays +# off that much; $flavour = shift; @@ -893,7 +905,390 @@ Ldone_vmx: .byte 0,12,0x04,1,0x80,18,5,0 .long 0 .size .ChaCha20_ctr32_vmx,.-.ChaCha20_ctr32_vmx +___ +}}} +{{{ +my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, + $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15)); +my @K = map("v$_",(16..19)); +my $CTR = "v26"; +my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30)); +my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3); +my $beperm = "v31"; + +my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); + +my $FRAME=$LOCALS+64+7*16; # 7*16 is for v26-v31 offload + +sub VSX_lane_ROUND { +my ($a0,$b0,$c0,$d0)=@_; +my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); +my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); +my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); +my @x=map("\"v$_\"",(0..15)); + + ( + "&vadduwm (@x[$a0], at x[$a0], at x[$b0])", # Q1 + "&vadduwm (@x[$a1], at x[$a1], at x[$b1])", # Q2 + "&vadduwm (@x[$a2], at x[$a2], at x[$b2])", # Q3 + "&vadduwm (@x[$a3], at x[$a3], at x[$b3])", # Q4 + "&vxor (@x[$d0], at x[$d0], at x[$a0])", + "&vxor (@x[$d1], at x[$d1], at x[$a1])", + "&vxor (@x[$d2], at x[$d2], at x[$a2])", + "&vxor (@x[$d3], at x[$d3], at x[$a3])", + "&vrlw (@x[$d0], at x[$d0],'$sixteen')", + "&vrlw (@x[$d1], at x[$d1],'$sixteen')", + "&vrlw (@x[$d2], at x[$d2],'$sixteen')", + "&vrlw (@x[$d3], at x[$d3],'$sixteen')", + + "&vadduwm (@x[$c0], at x[$c0], at x[$d0])", + "&vadduwm (@x[$c1], at x[$c1], at x[$d1])", + "&vadduwm (@x[$c2], at x[$c2], at x[$d2])", + "&vadduwm (@x[$c3], at x[$c3], at x[$d3])", + "&vxor (@x[$b0], at x[$b0], at x[$c0])", + "&vxor (@x[$b1], at x[$b1], at x[$c1])", + "&vxor (@x[$b2], at x[$b2], at x[$c2])", + "&vxor (@x[$b3], at x[$b3], at x[$c3])", + "&vrlw (@x[$b0], at x[$b0],'$twelve')", + "&vrlw (@x[$b1], at x[$b1],'$twelve')", + "&vrlw (@x[$b2], at x[$b2],'$twelve')", + "&vrlw (@x[$b3], at x[$b3],'$twelve')", + + "&vadduwm (@x[$a0], at x[$a0], at x[$b0])", + "&vadduwm (@x[$a1], at x[$a1], at x[$b1])", + "&vadduwm (@x[$a2], at x[$a2], at x[$b2])", + "&vadduwm (@x[$a3], at x[$a3], at x[$b3])", + "&vxor (@x[$d0], at x[$d0], at x[$a0])", + "&vxor (@x[$d1], at x[$d1], at x[$a1])", + "&vxor (@x[$d2], at x[$d2], at x[$a2])", + "&vxor (@x[$d3], at x[$d3], at x[$a3])", + "&vrlw (@x[$d0], at x[$d0],'$eight')", + "&vrlw (@x[$d1], at x[$d1],'$eight')", + "&vrlw (@x[$d2], at x[$d2],'$eight')", + "&vrlw (@x[$d3], at x[$d3],'$eight')", + + "&vadduwm (@x[$c0], at x[$c0], at x[$d0])", + "&vadduwm (@x[$c1], at x[$c1], at x[$d1])", + "&vadduwm (@x[$c2], at x[$c2], at x[$d2])", + "&vadduwm (@x[$c3], at x[$c3], at x[$d3])", + "&vxor (@x[$b0], at x[$b0], at x[$c0])", + "&vxor (@x[$b1], at x[$b1], at x[$c1])", + "&vxor (@x[$b2], at x[$b2], at x[$c2])", + "&vxor (@x[$b3], at x[$b3], at x[$c3])", + "&vrlw (@x[$b0], at x[$b0],'$seven')", + "&vrlw (@x[$b1], at x[$b1],'$seven')", + "&vrlw (@x[$b2], at x[$b2],'$seven')", + "&vrlw (@x[$b3], at x[$b3],'$seven')" + ); +} + +$code.=<<___; +.globl .ChaCha20_ctr32_vsx +.align 5 +.ChaCha20_ctr32_vsx: + $STU $sp,-$FRAME($sp) + mflr r0 + li r10,`15+$LOCALS+64` + li r11,`31+$LOCALS+64` + mfspr r12,256 + stvx v26,r10,$sp + addi r10,r10,32 + stvx v27,r11,$sp + addi r11,r11,32 + stvx v28,r10,$sp + addi r10,r10,32 + stvx v29,r11,$sp + addi r11,r11,32 + stvx v30,r10,$sp + stvx v31,r11,$sp + stw r12,`$FRAME-4`($sp) # save vrsave + li r12,-4096+63 + $PUSH r0, `$FRAME+$LRSAVE`($sp) + mtspr 256,r12 # preserve 29 AltiVec registers + + bl Lconsts # returns pointer Lsigma in r12 + lvx_4w @K[0],0,r12 # load sigma + addi r12,r12,0x50 + li $x10,16 + li $x20,32 + li $x30,48 + li r11,64 + + lvx_4w @K[1],0,$key # load key + lvx_4w @K[2],$x10,$key + lvx_4w @K[3],0,$ctr # load counter + + vxor $xt0,$xt0,$xt0 + lvx_4w $xt1,r11,r12 + vspltw $CTR, at K[3],0 + vsldoi @K[3], at K[3],$xt0,4 + vsldoi @K[3],$xt0, at K[3],12 # clear @K[3].word[0] + vadduwm $CTR,$CTR,$xt1 + + be?lvsl $beperm,0,$x10 # 0x00..0f + be?vspltisb $xt0,3 # 0x03..03 + be?vxor $beperm,$beperm,$xt0 # swap bytes within words + + li r0,10 # inner loop counter + mtctr r0 + b Loop_outer_vsx + +.align 5 +Loop_outer_vsx: + lvx $xa0,$x00,r12 # load [smashed] sigma + lvx $xa1,$x10,r12 + lvx $xa2,$x20,r12 + lvx $xa3,$x30,r12 + + vspltw $xb0, at K[1],0 # smash the key + vspltw $xb1, at K[1],1 + vspltw $xb2, at K[1],2 + vspltw $xb3, at K[1],3 + + vspltw $xc0, at K[2],0 + vspltw $xc1, at K[2],1 + vspltw $xc2, at K[2],2 + vspltw $xc3, at K[2],3 + + vmr $xd0,$CTR # smash the counter + vspltw $xd1, at K[3],1 + vspltw $xd2, at K[3],2 + vspltw $xd3, at K[3],3 + + vspltisw $sixteen,-16 # synthesize constants + vspltisw $twelve,12 + vspltisw $eight,8 + vspltisw $seven,7 + +Loop_vsx: +___ + foreach (&VSX_lane_ROUND(0, 4, 8,12)) { eval; } + foreach (&VSX_lane_ROUND(0, 5,10,15)) { eval; } +$code.=<<___; + bdnz Loop_vsx + + vadduwm $xd0,$xd0,$CTR + + vmrgew $xt0,$xa0,$xa1 # transpose data + vmrgew $xt1,$xa2,$xa3 + vmrgow $xa0,$xa0,$xa1 + vmrgow $xa2,$xa2,$xa3 + vmrgew $xt2,$xb0,$xb1 + vmrgew $xt3,$xb2,$xb3 + vpermdi $xa1,$xa0,$xa2,0b00 + vpermdi $xa3,$xa0,$xa2,0b11 + vpermdi $xa0,$xt0,$xt1,0b00 + vpermdi $xa2,$xt0,$xt1,0b11 + + vmrgow $xb0,$xb0,$xb1 + vmrgow $xb2,$xb2,$xb3 + vmrgew $xt0,$xc0,$xc1 + vmrgew $xt1,$xc2,$xc3 + vpermdi $xb1,$xb0,$xb2,0b00 + vpermdi $xb3,$xb0,$xb2,0b11 + vpermdi $xb0,$xt2,$xt3,0b00 + vpermdi $xb2,$xt2,$xt3,0b11 + + vmrgow $xc0,$xc0,$xc1 + vmrgow $xc2,$xc2,$xc3 + vmrgew $xt2,$xd0,$xd1 + vmrgew $xt3,$xd2,$xd3 + vpermdi $xc1,$xc0,$xc2,0b00 + vpermdi $xc3,$xc0,$xc2,0b11 + vpermdi $xc0,$xt0,$xt1,0b00 + vpermdi $xc2,$xt0,$xt1,0b11 + + vmrgow $xd0,$xd0,$xd1 + vmrgow $xd2,$xd2,$xd3 + vspltisw $xt0,4 + vadduwm $CTR,$CTR,$xt0 # next counter value + vpermdi $xd1,$xd0,$xd2,0b00 + vpermdi $xd3,$xd0,$xd2,0b11 + vpermdi $xd0,$xt2,$xt3,0b00 + vpermdi $xd2,$xt2,$xt3,0b11 + + vadduwm $xa0,$xa0, at K[0] + vadduwm $xb0,$xb0, at K[1] + vadduwm $xc0,$xc0, at K[2] + vadduwm $xd0,$xd0, at K[3] + + be?vperm $xa0,$xa0,$xa0,$beperm + be?vperm $xb0,$xb0,$xb0,$beperm + be?vperm $xc0,$xc0,$xc0,$beperm + be?vperm $xd0,$xd0,$xd0,$beperm + + ${UCMP}i $len,0x40 + blt Ltail_vsx + + lvx_4w $xt0,$x00,$inp + lvx_4w $xt1,$x10,$inp + lvx_4w $xt2,$x20,$inp + lvx_4w $xt3,$x30,$inp + + vxor $xt0,$xt0,$xa0 + vxor $xt1,$xt1,$xb0 + vxor $xt2,$xt2,$xc0 + vxor $xt3,$xt3,$xd0 + + stvx_4w $xt0,$x00,$out + stvx_4w $xt1,$x10,$out + addi $inp,$inp,0x40 + stvx_4w $xt2,$x20,$out + subi $len,$len,0x40 + stvx_4w $xt3,$x30,$out + addi $out,$out,0x40 + beq Ldone_vsx + + vadduwm $xa0,$xa1, at K[0] + vadduwm $xb0,$xb1, at K[1] + vadduwm $xc0,$xc1, at K[2] + vadduwm $xd0,$xd1, at K[3] + + be?vperm $xa0,$xa0,$xa0,$beperm + be?vperm $xb0,$xb0,$xb0,$beperm + be?vperm $xc0,$xc0,$xc0,$beperm + be?vperm $xd0,$xd0,$xd0,$beperm + + ${UCMP}i $len,0x40 + blt Ltail_vsx + + lvx_4w $xt0,$x00,$inp + lvx_4w $xt1,$x10,$inp + lvx_4w $xt2,$x20,$inp + lvx_4w $xt3,$x30,$inp + + vxor $xt0,$xt0,$xa0 + vxor $xt1,$xt1,$xb0 + vxor $xt2,$xt2,$xc0 + vxor $xt3,$xt3,$xd0 + + stvx_4w $xt0,$x00,$out + stvx_4w $xt1,$x10,$out + addi $inp,$inp,0x40 + stvx_4w $xt2,$x20,$out + subi $len,$len,0x40 + stvx_4w $xt3,$x30,$out + addi $out,$out,0x40 + beq Ldone_vsx + + vadduwm $xa0,$xa2, at K[0] + vadduwm $xb0,$xb2, at K[1] + vadduwm $xc0,$xc2, at K[2] + vadduwm $xd0,$xd2, at K[3] + + be?vperm $xa0,$xa0,$xa0,$beperm + be?vperm $xb0,$xb0,$xb0,$beperm + be?vperm $xc0,$xc0,$xc0,$beperm + be?vperm $xd0,$xd0,$xd0,$beperm + + ${UCMP}i $len,0x40 + blt Ltail_vsx + + lvx_4w $xt0,$x00,$inp + lvx_4w $xt1,$x10,$inp + lvx_4w $xt2,$x20,$inp + lvx_4w $xt3,$x30,$inp + + vxor $xt0,$xt0,$xa0 + vxor $xt1,$xt1,$xb0 + vxor $xt2,$xt2,$xc0 + vxor $xt3,$xt3,$xd0 + + stvx_4w $xt0,$x00,$out + stvx_4w $xt1,$x10,$out + addi $inp,$inp,0x40 + stvx_4w $xt2,$x20,$out + subi $len,$len,0x40 + stvx_4w $xt3,$x30,$out + addi $out,$out,0x40 + beq Ldone_vsx + + vadduwm $xa0,$xa3, at K[0] + vadduwm $xb0,$xb3, at K[1] + vadduwm $xc0,$xc3, at K[2] + vadduwm $xd0,$xd3, at K[3] + + be?vperm $xa0,$xa0,$xa0,$beperm + be?vperm $xb0,$xb0,$xb0,$beperm + be?vperm $xc0,$xc0,$xc0,$beperm + be?vperm $xd0,$xd0,$xd0,$beperm + + ${UCMP}i $len,0x40 + blt Ltail_vsx + + lvx_4w $xt0,$x00,$inp + lvx_4w $xt1,$x10,$inp + lvx_4w $xt2,$x20,$inp + lvx_4w $xt3,$x30,$inp + + vxor $xt0,$xt0,$xa0 + vxor $xt1,$xt1,$xb0 + vxor $xt2,$xt2,$xc0 + vxor $xt3,$xt3,$xd0 + + stvx_4w $xt0,$x00,$out + stvx_4w $xt1,$x10,$out + addi $inp,$inp,0x40 + stvx_4w $xt2,$x20,$out + subi $len,$len,0x40 + stvx_4w $xt3,$x30,$out + addi $out,$out,0x40 + mtctr r0 + bne Loop_outer_vsx + +Ldone_vsx: + lwz r12,`$FRAME-4`($sp) # pull vrsave + li r10,`15+$LOCALS+64` + li r11,`31+$LOCALS+64` + $POP r0, `$FRAME+$LRSAVE`($sp) + mtspr 256,r12 # restore vrsave + lvx v26,r10,$sp + addi r10,r10,32 + lvx v27,r11,$sp + addi r11,r11,32 + lvx v28,r10,$sp + addi r10,r10,32 + lvx v29,r11,$sp + addi r11,r11,32 + lvx v30,r10,$sp + lvx v31,r11,$sp + mtlr r0 + addi $sp,$sp,$FRAME + blr + +.align 4 +Ltail_vsx: + addi r11,$sp,$LOCALS + mtctr $len + stvx_4w $xa0,$x00,r11 # offload block to stack + stvx_4w $xb0,$x10,r11 + stvx_4w $xc0,$x20,r11 + stvx_4w $xd0,$x30,r11 + subi r12,r11,1 # prepare for *++ptr + subi $inp,$inp,1 + subi $out,$out,1 + +Loop_tail_vsx: + lbzu r6,1(r12) + lbzu r7,1($inp) + xor r6,r6,r7 + stbu r6,1($out) + bdnz Loop_tail_vsx + + stvx_4w $K[0],$x00,r11 # wipe copy of the block + stvx_4w $K[0],$x10,r11 + stvx_4w $K[0],$x20,r11 + stvx_4w $K[0],$x30,r11 + + b Ldone_vsx + .long 0 + .byte 0,12,0x04,1,0x80,0,5,0 + .long 0 +.size .ChaCha20_ctr32_vsx,.-.ChaCha20_ctr32_vsx +___ +}}} +$code.=<<___; .align 5 Lconsts: mflr r0 @@ -919,10 +1314,14 @@ $code.=<<___ if (!$LITTLE_ENDIAN); # flipped words .long 0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c ___ $code.=<<___; + .long 0x61707865,0x61707865,0x61707865,0x61707865 + .long 0x3320646e,0x3320646e,0x3320646e,0x3320646e + .long 0x79622d32,0x79622d32,0x79622d32,0x79622d32 + .long 0x6b206574,0x6b206574,0x6b206574,0x6b206574 + .long 0,1,2,3 .asciz "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by " .align 2 ___ -}}} foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index 1a22f7a..d220c62 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -256,6 +256,8 @@ my $vsubudm = sub { vcrypto_op(@_, 1216); }; my $vaddcuq = sub { vcrypto_op(@_, 320); }; my $vaddeuqm = sub { vfour(@_,60); }; my $vaddecuq = sub { vfour(@_,61); }; +my $vmrgew = sub { vfour(@_,0,1932); }; +my $vmrgow = sub { vfour(@_,0,1676); }; my $mtsle = sub { my ($f, $arg) = @_; diff --git a/crypto/ppccap.c b/crypto/ppccap.c index f8b7c00..8b7d765 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -90,13 +90,18 @@ void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp, void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp, size_t len, const unsigned int key[8], const unsigned int counter[4]); +void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len, const unsigned int key[8], const unsigned int counter[4]) { - OPENSSL_ppccap_P & PPC_ALTIVEC - ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) - : ChaCha20_ctr32_int(out, inp, len, key, counter); + OPENSSL_ppccap_P & PPC_CRYPTO207 + ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) + : OPENSSL_ppccap_P & PPC_ALTIVEC + ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) + : ChaCha20_ctr32_int(out, inp, len, key, counter); } #endif diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl index e3f522c..2792800 100755 --- a/crypto/sha/asm/sha512p8-ppc.pl +++ b/crypto/sha/asm/sha512p8-ppc.pl @@ -92,8 +92,7 @@ $idx="r7"; $lrsave="r8"; $offload="r11"; $vrsave="r12"; - at I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,10,26..31)); - $x00=0 if ($flavour =~ /osx/); + at I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70) = (0,map("r$_",(10,26..31))); @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7)); @X=map("v$_",(8..19,24..27)); From openssl at openssl.org Thu Jun 7 00:54:08 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 07 Jun 2018 00:54:08 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1528332848.434153.29157.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 316d527 crypto/ppccap.c: wire new ChaCha20_ctr32_vsx. 791cc30 chacha/asm/chacha-ppc.pl: improve performance by 40/80% on POWER8/9. 3f9c3b3 perlasm/ppc-xlate.pl: add vmrg[eo]w instructions. f0c77d6 sha/asm/sha512p8-ppc.pl: fix build on Mac OS X. Build log ended with (last 100 lines): "-oMakefile" ../openssl/apps/tsget.in > "apps/tsget" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/tools/c_rehash.in > "tools/c_rehash" /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" \ "-oMakefile" ../openssl/util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x apps/tsget ar r apps/libapps.a apps/app_rand.o apps/apps.o apps/bf_prefix.o apps/opt.o apps/s_cb.o apps/s_socket.o ar: creating apps/libapps.a ranlib apps/libapps.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aes-x86_64.o crypto/aes/aes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aesni-mb-x86_64.o crypto/aes/aesni-mb-x86_64.s chmod a+x util/shlib_wrap.sh clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aesni-sha1-x86_64.o crypto/aes/aesni-sha1-x86_64.s chmod a+x tools/c_rehash clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aesni-sha256-x86_64.o crypto/aes/aesni-sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/aesni-x86_64.o crypto/aes/aesni-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/bsaes-x86_64.o crypto/aes/bsaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/aes/vpaes-x86_64.o crypto/aes/vpaes-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/rsaz-avx2.o crypto/bn/rsaz-avx2.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/rsaz-x86_64.o crypto/bn/rsaz-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/x86_64-gf2m.o crypto/bn/x86_64-gf2m.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/x86_64-mont.o crypto/bn/x86_64-mont.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/bn/x86_64-mont5.o crypto/bn/x86_64-mont5.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/camellia/cmll-x86_64.o crypto/camellia/cmll-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/chacha/chacha-x86_64.o crypto/chacha/chacha-x86_64.s clang -I. -Icrypto/include -Iinclude -Icrypto -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/cversion.d.tmp -MT crypto/cversion.o -c -o crypto/cversion.o ../openssl/crypto/cversion.c clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/ec/ecp_nistz256-x86_64.o crypto/ec/ecp_nistz256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/ec/x25519-x86_64.o crypto/ec/x25519-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/md5/md5-x86_64.o crypto/md5/md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/modes/aesni-gcm-x86_64.o crypto/modes/aesni-gcm-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/modes/ghash-x86_64.o crypto/modes/ghash-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/poly1305/poly1305-x86_64.o crypto/poly1305/poly1305-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/rc4/rc4-md5-x86_64.o crypto/rc4/rc4-md5-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/rc4/rc4-x86_64.o crypto/rc4/rc4-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/keccak1600-x86_64.o crypto/sha/keccak1600-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha1-mb-x86_64.o crypto/sha/sha1-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha1-x86_64.o crypto/sha/sha1-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha256-mb-x86_64.o crypto/sha/sha256-mb-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha256-x86_64.o crypto/sha/sha256-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/sha/sha512-x86_64.o crypto/sha/sha512-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/whrlpool/wp-x86_64.o crypto/whrlpool/wp-x86_64.s clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -c -o crypto/x86_64cpuid.o crypto/x86_64cpuid.s ar r libssl.a ssl/bio_ssl.o ssl/d1_lib.o ssl/d1_msg.o ssl/d1_srtp.o ssl/methods.o ssl/packet.o ssl/pqueue.o ssl/record/dtls1_bitmap.o ssl/record/rec_layer_d1.o ssl/record/rec_layer_s3.o ssl/record/ssl3_buffer.o ssl/record/ssl3_record.o ssl/record/ssl3_record_tls13.o ssl/s3_cbc.o ssl/s3_enc.o ssl/s3_lib.o ssl/s3_msg.o ssl/ssl_asn1.o ssl/ssl_cert.o ssl/ssl_ciph.o ssl/ssl_conf.o ssl/ssl_err.o ssl/ssl_init.o ssl/ssl_lib.o ssl/ssl_mcnf.o ssl/ssl_rsa.o ssl/ssl_sess.o ssl/ssl_stat.o ssl/ssl_txt.o ssl/ssl_utst.o ssl/statem/extensions.o ssl/statem/extensions_clnt.o ssl/statem/extensions_cust.o ssl/statem/extensions_srvr.o ssl/statem/statem.o ssl/statem/statem_clnt.o ssl/statem/statem_dtls.o ssl/statem/statem_lib.o ssl/statem/statem_srvr.o ssl/t1_enc.o ssl/t1_lib.o ssl/t1_trce.o ssl/tls13_enc.o ssl/tls_srp.o ar: creating libssl.a ranlib libssl.a || echo Never mind. ar r test/libtestutil.a test/testutil/basic_output.o test/testutil/cb.o test/testutil/driver.o test/testutil/format_output.o test/testutil/init.o test/testutil/main.o test/testutil/output_helpers.o test/testutil/stanza.o test/testutil/tap_bio.o test/testutil/test_cleanup.o test/testutil/tests.o ar: creating test/libtestutil.a ranlib test/libtestutil.a || echo Never mind. clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -c -o engines/e_padlock-x86_64.o engines/e_padlock-x86_64.s clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/asn1pars.d.tmp -MT apps/asn1pars.o -c -o apps/asn1pars.o ../openssl/apps/asn1pars.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ca.d.tmp -MT apps/ca.o -c -o apps/ca.o ../openssl/apps/ca.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ciphers.d.tmp -MT apps/ciphers.o -c -o apps/ciphers.o ../openssl/apps/ciphers.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/cms.d.tmp -MT apps/cms.o -c -o apps/cms.o ../openssl/apps/cms.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/crl.d.tmp -MT apps/crl.o -c -o apps/crl.o ../openssl/apps/crl.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/crl2p7.d.tmp -MT apps/crl2p7.o -c -o apps/crl2p7.o ../openssl/apps/crl2p7.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/dgst.d.tmp -MT apps/dgst.o -c -o apps/dgst.o ../openssl/apps/dgst.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/dhparam.d.tmp -MT apps/dhparam.o -c -o apps/dhparam.o ../openssl/apps/dhparam.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/dsa.d.tmp -MT apps/dsa.o -c -o apps/dsa.o ../openssl/apps/dsa.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/dsaparam.d.tmp -MT apps/dsaparam.o -c -o apps/dsaparam.o ../openssl/apps/dsaparam.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ec.d.tmp -MT apps/ec.o -c -o apps/ec.o ../openssl/apps/ec.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ecparam.d.tmp -MT apps/ecparam.o -c -o apps/ecparam.o ../openssl/apps/ecparam.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/enc.d.tmp -MT apps/enc.o -c -o apps/enc.o ../openssl/apps/enc.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/engine.d.tmp -MT apps/engine.o -c -o apps/engine.o ../openssl/apps/engine.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/errstr.d.tmp -MT apps/errstr.o -c -o apps/errstr.o ../openssl/apps/errstr.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/gendsa.d.tmp -MT apps/gendsa.o -c -o apps/gendsa.o ../openssl/apps/gendsa.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/genpkey.d.tmp -MT apps/genpkey.o -c -o apps/genpkey.o ../openssl/apps/genpkey.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/genrsa.d.tmp -MT apps/genrsa.o -c -o apps/genrsa.o ../openssl/apps/genrsa.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/nseq.d.tmp -MT apps/nseq.o -c -o apps/nseq.o ../openssl/apps/nseq.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/ocsp.d.tmp -MT apps/ocsp.o -c -o apps/ocsp.o ../openssl/apps/ocsp.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/openssl.d.tmp -MT apps/openssl.o -c -o apps/openssl.o ../openssl/apps/openssl.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/passwd.d.tmp -MT apps/passwd.o -c -o apps/passwd.o ../openssl/apps/passwd.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkcs12.d.tmp -MT apps/pkcs12.o -c -o apps/pkcs12.o ../openssl/apps/pkcs12.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkcs7.d.tmp -MT apps/pkcs7.o -c -o apps/pkcs7.o ../openssl/apps/pkcs7.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkcs8.d.tmp -MT apps/pkcs8.o -c -o apps/pkcs8.o ../openssl/apps/pkcs8.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkey.d.tmp -MT apps/pkey.o -c -o apps/pkey.o ../openssl/apps/pkey.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkeyparam.d.tmp -MT apps/pkeyparam.o -c -o apps/pkeyparam.o ../openssl/apps/pkeyparam.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/pkeyutl.d.tmp -MT apps/pkeyutl.o -c -o apps/pkeyutl.o ../openssl/apps/pkeyutl.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/prime.d.tmp -MT apps/prime.o -c -o apps/prime.o ../openssl/apps/prime.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/rand.d.tmp -MT apps/rand.o -c -o apps/rand.o ../openssl/apps/rand.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/rehash.d.tmp -MT apps/rehash.o -c -o apps/rehash.o ../openssl/apps/rehash.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/req.d.tmp -MT apps/req.o -c -o apps/req.o ../openssl/apps/req.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/rsa.d.tmp -MT apps/rsa.o -c -o apps/rsa.o ../openssl/apps/rsa.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/rsautl.d.tmp -MT apps/rsautl.o -c -o apps/rsautl.o ../openssl/apps/rsautl.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/s_client.d.tmp -MT apps/s_client.o -c -o apps/s_client.o ../openssl/apps/s_client.c clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/s_server.d.tmp -MT apps/s_server.o -c -o apps/s_server.o ../openssl/apps/s_server.c ../openssl/apps/req.c:526:51: error: use of undeclared identifier 'OPENSSL_DSA_MAX_MODULUS_BITS' if (pkey_type == EVP_PKEY_DSA && newkey > OPENSSL_DSA_MAX_MODULUS_BITS) ^ clang -I. -Iinclude -Iapps -I../openssl -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF apps/s_time.d.tmp -MT apps/s_time.o -c -o apps/s_time.o ../openssl/apps/s_time.c ../openssl/apps/req.c:530:24: error: use of undeclared identifier 'OPENSSL_DSA_MAX_MODULUS_BITS' OPENSSL_DSA_MAX_MODULUS_BITS, newkey); ^ 2 errors generated. Makefile:6607: recipe for target 'apps/req.o' failed make[1]: *** [apps/req.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From matt at openssl.org Thu Jun 7 08:47:56 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 07 Jun 2018 08:47:56 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528361276.243066.23149.nullmailer@dev.openssl.org> The branch master has been updated via ac52f42aca9fe0933f7564581268ac50c826bd39 (commit) from 316d527ff9b6597105df399fc222ea328cd827bf (commit) - Log ----------------------------------------------------------------- commit ac52f42aca9fe0933f7564581268ac50c826bd39 Author: Matt Caswell Date: Wed Jun 6 09:51:12 2018 +0100 Fix no-dsa Broken by 0336df2fa. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6427) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/req.c b/apps/req.c index 59baa89..7e7b994 100644 --- a/apps/req.c +++ b/apps/req.c @@ -523,11 +523,13 @@ int req_main(int argc, char **argv) " Your key size is %ld! Larger key size may behave not as expected.\n", OPENSSL_RSA_MAX_MODULUS_BITS, newkey); +#ifndef OPENSSL_NO_DSA if (pkey_type == EVP_PKEY_DSA && newkey > OPENSSL_DSA_MAX_MODULUS_BITS) BIO_printf(bio_err, "Warning: It is not recommended to use more than %d bit for DSA keys.\n" " Your key size is %ld! Larger key size may behave not as expected.\n", OPENSSL_DSA_MAX_MODULUS_BITS, newkey); +#endif if (genctx == NULL) { genctx = set_keygen_ctx(NULL, &pkey_type, &newkey, From matt at openssl.org Thu Jun 7 08:53:19 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 07 Jun 2018 08:53:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528361599.427650.24768.nullmailer@dev.openssl.org> The branch master has been updated via 309371d6266877a8f04d0aa7b0f6add6d269d962 (commit) from ac52f42aca9fe0933f7564581268ac50c826bd39 (commit) - Log ----------------------------------------------------------------- commit 309371d6266877a8f04d0aa7b0f6add6d269d962 Author: Matt Caswell Date: Wed Jun 6 11:54:32 2018 +0100 Fix EAP-FAST Commit 61fb59238d broke EAP-FAST support. This fixes it. Fixes #6395 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6428) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index aab50e1..1826dd2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1487,11 +1487,13 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, } } - switch (ret) { - case SSL_TICKET_NO_DECRYPT: - case SSL_TICKET_SUCCESS_RENEW: - case SSL_TICKET_EMPTY: - s->ext.ticket_expected = 1; + if (s->ext.session_secret_cb == NULL || SSL_IS_TLS13(s)) { + switch (ret) { + case SSL_TICKET_NO_DECRYPT: + case SSL_TICKET_SUCCESS_RENEW: + case SSL_TICKET_EMPTY: + s->ext.ticket_expected = 1; + } } *psess = sess; From matt at openssl.org Thu Jun 7 10:05:11 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 07 Jun 2018 10:05:11 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528365911.114966.7018.nullmailer@dev.openssl.org> The branch master has been updated via 10bda8f8dd359b3db39a5157be0e72afe9f05eea (commit) via 6cf2dbd9faffbed52a6bede924fe0a93345b8bfa (commit) via 4ff1a5266685f4a687a9f91b531c2f979b96db22 (commit) from 309371d6266877a8f04d0aa7b0f6add6d269d962 (commit) - Log ----------------------------------------------------------------- commit 10bda8f8dd359b3db39a5157be0e72afe9f05eea Author: Matt Caswell Date: Thu Jun 7 10:00:44 2018 +0100 Reformulate the if condition in tls_process_new_session_ticket Improves readability Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6415) commit 6cf2dbd9faffbed52a6bede924fe0a93345b8bfa Author: Matt Caswell Date: Tue Jun 5 12:23:28 2018 +0100 Don't store the ticket nonce in the session We generate the secrets based on the nonce immediately so there is no need to keep the nonce. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6415) commit 4ff1a5266685f4a687a9f91b531c2f979b96db22 Author: Matt Caswell Date: Fri Jun 1 16:52:34 2018 +0100 Fix TLSv1.3 ticket nonces All tickets on a connection need to have a unique nonce. When this was originally implemented we only ever sent one ticket on the conneciton so this didn't matter. We were just using the value 0. Now we can get multiple tickets to we need to start doing the ticket nonce properly. Fixes #6387 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6415) ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 1 - ssl/ssl_asn1.c | 24 +++----------------- ssl/ssl_locl.h | 14 +++++++----- ssl/ssl_sess.c | 9 -------- ssl/statem/extensions.c | 35 +++++++++-------------------- ssl/statem/statem_clnt.c | 38 +++++++++++++++++++++++++++----- ssl/statem/statem_srvr.c | 57 +++++++++++++++++++++++++++++++++++------------- ssl/tls13_enc.c | 3 +-- test/session.pem | 18 +++++++-------- 9 files changed, 105 insertions(+), 94 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index db0a2d5..280250a 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -48,7 +48,6 @@ extern "C" { # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) # define SSL_MAX_KEY_ARG_LENGTH 8 # define SSL_MAX_MASTER_KEY_LENGTH 48 -# define TLS13_MAX_RESUMPTION_MASTER_LENGTH 64 /* The maximum number of encrypt/decrypt pipelines we can support */ # define SSL_MAX_PIPELINES 32 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 1da1c82..9af4b84 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -41,7 +41,6 @@ typedef struct { uint64_t flags; uint32_t max_early_data; ASN1_OCTET_STRING *alpn_selected; - ASN1_OCTET_STRING *tick_nonce; uint32_t tlsext_max_fragment_len_mode; ASN1_OCTET_STRING *ticket_appdata; } SSL_SESSION_ASN1; @@ -73,9 +72,8 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = { ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14), ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15), ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16), - ASN1_EXP_OPT(SSL_SESSION_ASN1, tick_nonce, ASN1_OCTET_STRING, 17), - ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 18), - ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 19) + ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17), + ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18) } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) @@ -124,7 +122,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ASN1_OCTET_STRING psk_identity, psk_identity_hint; #endif ASN1_OCTET_STRING alpn_selected; - ASN1_OCTET_STRING tick_nonce; ASN1_OCTET_STRING ticket_appdata; long l; @@ -195,12 +192,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ssl_session_oinit(&as.alpn_selected, &alpn_selected, in->ext.alpn_selected, in->ext.alpn_selected_len); - if (in->ext.tick_nonce == NULL) - as.tick_nonce = NULL; - else - ssl_session_oinit(&as.tick_nonce, &tick_nonce, - in->ext.tick_nonce, in->ext.tick_nonce_len); - as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode; if (in->ticket_appdata == NULL) @@ -299,7 +290,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; if (!ssl_session_memcpy(ret->master_key, &tmpl, - as->master_key, TLS13_MAX_RESUMPTION_MASTER_LENGTH)) + as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH)) goto err; ret->master_key_length = tmpl; @@ -374,15 +365,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->ext.alpn_selected_len = 0; } - if (as->tick_nonce != NULL) { - ret->ext.tick_nonce = as->tick_nonce->data; - ret->ext.tick_nonce_len = as->tick_nonce->length; - as->tick_nonce->data = NULL; - } else { - ret->ext.tick_nonce = NULL; - ret->ext.tick_nonce_len = 0; - } - ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode; if (as->ticket_appdata != NULL) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 31e5cc8..86c250b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -470,6 +470,8 @@ struct ssl_method_st { long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); }; +# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64 + /*- * Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { @@ -505,9 +507,9 @@ struct ssl_session_st { unsigned char early_secret[EVP_MAX_MD_SIZE]; /* * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption - * master secret + * PSK */ - unsigned char master_key[TLS13_MAX_RESUMPTION_MASTER_LENGTH]; + unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH]; /* session_id - valid? */ size_t session_id_length; unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; @@ -567,8 +569,6 @@ struct ssl_session_st { /* Session lifetime hint in seconds */ unsigned long tick_lifetime_hint; uint32_t tick_age_add; - unsigned char *tick_nonce; - size_t tick_nonce_len; int tick_identity; /* Max number of bytes that can be sent as early data */ uint32_t max_early_data; @@ -1125,12 +1125,12 @@ struct ssl_st { */ uint32_t mac_flags; /* - * The TLS1.3 secrets. The resumption master secret is stored in the - * session. + * The TLS1.3 secrets. */ unsigned char early_secret[EVP_MAX_MD_SIZE]; unsigned char handshake_secret[EVP_MAX_MD_SIZE]; unsigned char master_secret[EVP_MAX_MD_SIZE]; + unsigned char resumption_master_secret[EVP_MAX_MD_SIZE]; unsigned char client_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_secret[EVP_MAX_MD_SIZE]; unsigned char server_finished_hash[EVP_MAX_MD_SIZE]; @@ -1422,6 +1422,8 @@ struct ssl_st { size_t num_tickets; /* The number of TLS1.3 tickets actually sent so far */ size_t sent_tickets; + /* The next nonce value to use when we send a ticket on this connection */ + uint64_t next_ticket_nonce; }; /* diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 52ec670..525edb3 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -133,7 +133,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) #endif dest->peer_chain = NULL; dest->peer = NULL; - dest->ext.tick_nonce = NULL; dest->ticket_appdata = NULL; memset(&dest->ex_data, 0, sizeof(dest->ex_data)); @@ -230,13 +229,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } } - if (src->ext.tick_nonce != NULL) { - dest->ext.tick_nonce = OPENSSL_memdup(src->ext.tick_nonce, - src->ext.tick_nonce_len); - if (dest->ext.tick_nonce == NULL) - goto err; - } - #ifndef OPENSSL_NO_SRP if (src->srp_username) { dest->srp_username = OPENSSL_strdup(src->srp_username); @@ -824,7 +816,6 @@ void SSL_SESSION_free(SSL_SESSION *ss) OPENSSL_free(ss->srp_username); #endif OPENSSL_free(ss->ext.alpn_selected); - OPENSSL_free(ss->ext.tick_nonce); OPENSSL_free(ss->ticket_appdata); CRYPTO_THREAD_lock_free(ss->lock); OPENSSL_clear_free(ss, sizeof(*ss)); diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 209b4df..8885e5e 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1421,13 +1421,11 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, EVP_MD_CTX *mctx = NULL; unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE]; unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE]; - unsigned char tmppsk[EVP_MAX_MD_SIZE]; - unsigned char *early_secret, *psk; - const char resumption_label[] = "res binder"; - const char external_label[] = "ext binder"; - const char nonce_label[] = "resumption"; - const char *label; - size_t bindersize, labelsize, psklen, hashsize; + unsigned char *early_secret; + static const unsigned char resumption_label[] = "res binder"; + static const unsigned char external_label[] = "ext binder"; + const unsigned char *label; + size_t bindersize, labelsize, hashsize; int hashsizei = EVP_MD_size(md); int ret = -1; int usepskfored = 0; @@ -1454,21 +1452,6 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, labelsize = sizeof(resumption_label) - 1; } - if (external) { - psk = sess->master_key; - psklen = sess->master_key_length; - } else { - psk = tmppsk; - psklen = hashsize; - if (!tls13_hkdf_expand(s, md, sess->master_key, - (const unsigned char *)nonce_label, - sizeof(nonce_label) - 1, sess->ext.tick_nonce, - sess->ext.tick_nonce_len, psk, hashsize)) { - /* SSLfatal() already called */ - goto err; - } - } - /* * Generate the early_secret. On the server side we've selected a PSK to * resume with (internal or external) so we always do this. On the client @@ -1481,7 +1464,9 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, early_secret = (unsigned char *)s->early_secret; else early_secret = (unsigned char *)sess->early_secret; - if (!tls13_generate_secret(s, md, NULL, psk, psklen, early_secret)) { + + if (!tls13_generate_secret(s, md, NULL, sess->master_key, + sess->master_key_length, early_secret)) { /* SSLfatal() already called */ goto err; } @@ -1500,8 +1485,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, } /* Generate the binder key */ - if (!tls13_hkdf_expand(s, md, early_secret, (unsigned char *)label, - labelsize, hash, hashsize, binderkey, hashsize)) { + if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, + hashsize, binderkey, hashsize)) { /* SSLfatal() already called */ goto err; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6c0f8be..ff35384 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -22,6 +22,7 @@ #include #include #include +#include static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt); static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt); @@ -2558,16 +2559,15 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) RAW_EXTENSION *exts = NULL; PACKET nonce; + PACKET_null_init(&nonce); + if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint) || (SSL_IS_TLS13(s) && (!PACKET_get_net_4(pkt, &age_add) - || !PACKET_get_length_prefixed_1(pkt, &nonce) - || !PACKET_memdup(&nonce, &s->session->ext.tick_nonce, - &s->session->ext.tick_nonce_len))) + || !PACKET_get_length_prefixed_1(pkt, &nonce))) || !PACKET_get_net_2(pkt, &ticklen) - || (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) != ticklen) - || (SSL_IS_TLS13(s) - && (ticklen == 0 || PACKET_remaining(pkt) < ticklen))) { + || (SSL_IS_TLS13(s) ? (ticklen == 0 || PACKET_remaining(pkt) < ticklen) + : PACKET_remaining(pkt) != ticklen)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); goto err; @@ -2674,6 +2674,32 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) /* This is a standalone message in TLSv1.3, so there is no more to read */ if (SSL_IS_TLS13(s)) { + const EVP_MD *md = ssl_handshake_md(s); + int hashleni = EVP_MD_size(md); + size_t hashlen; + static const unsigned char nonce_label[] = "resumption"; + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); + goto err; + } + hashlen = (size_t)hashleni; + + if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, + nonce_label, + sizeof(nonce_label) - 1, + PACKET_data(&nonce), + PACKET_remaining(&nonce), + s->session->master_key, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } + s->session->master_key_length = hashlen; + OPENSSL_free(exts); ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); return MSG_PROCESS_FINISHED_READING; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index ce8cec1..c2976b7 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -24,6 +24,8 @@ #include #include +#define TICKET_NONCE_SIZE 8 + static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt); /* @@ -3751,6 +3753,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[TLSEXT_KEYNAME_LENGTH]; int iv_len; + unsigned char tick_nonce[TICKET_NONCE_SIZE]; size_t macoffset, macendoffset; union { unsigned char age_add_c[sizeof(uint32_t)]; @@ -3758,14 +3761,27 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) } age_add_u; if (SSL_IS_TLS13(s)) { + size_t i, hashlen; + uint64_t nonce; + static const unsigned char nonce_label[] = "resumption"; + const EVP_MD *md = ssl_handshake_md(s); void (*cb) (const SSL *ssl, int type, int val) = NULL; + int hashleni = EVP_MD_size(md); + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); + goto err; + } + hashlen = (size_t)hashleni; if (s->info_callback != NULL) cb = s->info_callback; else if (s->ctx->info_callback != NULL) cb = s->ctx->info_callback; - if (cb != NULL) { /* * We don't start and stop the handshake in between each ticket when @@ -3806,20 +3822,25 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) goto err; } s->session->ext.tick_age_add = age_add_u.age_add; - /* - * ticket_nonce is set to a single 0 byte because we only ever send a - * single ticket per connection. IMPORTANT: If we ever support multiple - * tickets per connection then this will need to be changed. - */ - OPENSSL_free(s->session->ext.tick_nonce); - s->session->ext.tick_nonce = OPENSSL_zalloc(sizeof(char)); - if (s->session->ext.tick_nonce == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, - ERR_R_MALLOC_FAILURE); + + nonce = s->next_ticket_nonce; + for (i = TICKET_NONCE_SIZE; i > 0; i--) { + tick_nonce[i - 1] = (unsigned char)(nonce & 0xff); + nonce >>= 8; + } + + if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, + nonce_label, + sizeof(nonce_label) - 1, + tick_nonce, + TICKET_NONCE_SIZE, + s->session->master_key, + hashlen)) { + /* SSLfatal() already called */ goto err; } - s->session->ext.tick_nonce_len = 1; + s->session->master_key_length = hashlen; + s->session->time = (long)time(NULL); if (s->s3->alpn_selected != NULL) { OPENSSL_free(s->session->ext.alpn_selected); @@ -3962,8 +3983,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) ? 0 : s->session->timeout) || (SSL_IS_TLS13(s) && (!WPACKET_put_bytes_u32(pkt, age_add_u.age_add) - || !WPACKET_sub_memcpy_u8(pkt, s->session->ext.tick_nonce, - s->session->ext.tick_nonce_len))) + || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, + TICKET_NONCE_SIZE))) /* Now the actual ticket data */ || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_get_total_written(pkt, &macoffset) @@ -4002,7 +4023,13 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) /* SSLfatal() already called */ goto err; } + /* + * Increment both |sent_tickets| and |next_ticket_nonce|. |sent_tickets| + * gets reset to 0 if we send more tickets following a post-handshake + * auth, but |next_ticket_nonce| does not. + */ s->sent_tickets++; + s->next_ticket_nonce++; ssl_update_cache(s, SSL_SESS_CACHE_SERVER); } EVP_CIPHER_CTX_free(ctx); diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 3fc8e96..264381b 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -602,12 +602,11 @@ int tls13_change_cipher_state(SSL *s, int which) if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret, resumption_master_secret, sizeof(resumption_master_secret) - 1, - hashval, hashlen, s->session->master_key, + hashval, hashlen, s->resumption_master_secret, hashlen)) { /* SSLfatal() already called */ goto err; } - s->session->master_key_length = hashlen; } if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher, diff --git a/test/session.pem b/test/session.pem index 8b01ffc..ea0b0bc 100644 --- a/test/session.pem +++ b/test/session.pem @@ -1,7 +1,7 @@ -----BEGIN SSL SESSION PARAMETERS----- -MIIFRAIBAQICAwQEAhMCBCDom190ggLdEV9HNhMrbc8/MLs9NS3nqoWFoIJLgQqS -tgQwzskkzvykWInToBTKeUhVYe4BidOBYHdHZ65Z2ETBf63lz1dMKRraxwl6K07f -BUyBoQYCBFlct3qiBAICHCCjggPrMIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0G +MIIFSgIBAQICAwQEAhMCBCAUv8MKab5ruWM6I8xtEH++u+bb2B1OznYnDrRcpLll +6AQwzwJoGXOQ3uCa7bCy07owBiH4Bf13MiDtwaHSnNTEyfLEZBy3SgCE06wa5TJk +Fx8aoQYCBFsWdRqiBAICHCCjggPrMIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0G CSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdy b3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQD DBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoX @@ -22,10 +22,10 @@ Wz9qoeoFZax+QBpIZYjROU3TS3fpyLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCp W2Uoy8sAA4JjN9OtsZY7dvUXFgJ7vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZ J1z1cbbwGDDzfvGFPzJ+Sq+zEPdsxoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxz A7mNGv73JoZJA6nFgj+ADSlJsY/tJBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+Al -tvHTANdAq0t/K3o+pplMVKQCBAClAwIBFakEAgIcIKqBwwSBwFNYKC1r6z0zp+wI -V+A8n63Wh4X/0HtKa7dJCGhvLxjI+BL9QK8JB2Qrs3OR32VjVyVWD9K0atHwhyTR -wwFJfBEfgv9reCtOiQg2oHadD3iCbHjhhGCvbj+zCChMGSEE8NtqkBpwGATtwgN7 -qoLShh+JyHwhfXWKhKlEibr8W0ipe6R3VUW9+wsW8nTGs4FmvQSIkLI1WCr226LN -wkRIx5+3Q3mZB39Epco4srvyLy8J/B+x2lhUdIpov7VBz++C864GAgRYHFWqrwQC -AkAAsQMEAQA= +tvHTANdAq0t/K3o+pplMVKQCBAClAwIBFakEAgIcIKqB0wSB0EMQ5938LY/ASVsV +0kStjTVOps9p3VT071bTjD3RR211+gLzBwGCk8gWNH1glJXjLAenh9E2ivDK1tYQ +3ODRdB3V46t9E78r0uAmSG/WMJ9OvkFlXyIhseYwvWW0P1cAYPI/j3Evgcyu9GIs +HSDVEKbBy9CJYCkW/SrT+2A3ouqp+wSW0XgDLFFB+mBte2Hg7wv2uILrYZ4Y0fNe +CUcTq8B+0EFEiq7p0KRGXwpSKYxNw7qZgg/Us3W85BYMnzYjfDzN0KHf+BI28VRT +Rjxuud2uBwIFANHVD/k= -----END SSL SESSION PARAMETERS----- From levitte at openssl.org Thu Jun 7 11:25:16 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 07 Jun 2018 11:25:16 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528370716.708451.19345.nullmailer@dev.openssl.org> The branch master has been updated via 0189bf2bbe30d4fa710fe7440ed7f3d8eab039c6 (commit) from 10bda8f8dd359b3db39a5157be0e72afe9f05eea (commit) - Log ----------------------------------------------------------------- commit 0189bf2bbe30d4fa710fe7440ed7f3d8eab039c6 Author: Richard Levitte Date: Tue Jun 5 15:58:43 2018 +0200 Document UTF-8 expectation for pass phrases passed to OSSL_STORE After some discussion, it was concluded that the better idea is to stipulate that the pass phrases passed to the OSSL_STORE API are expected to be UTF-8 encoded, and that all objects made accessible through OSSL_STORE URIs should adhere to this expectation (at the discretion of the loaders). Email ref: https://mta.openssl.org/pipermail/openssl-project/2018-June/000771.html Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6416) ----------------------------------------------------------------------- Summary of changes: doc/man7/ossl_store-file.pod | 15 ++++++--------- doc/man7/ossl_store.pod | 7 +++++++ doc/man7/passphrase-encoding.pod | 12 +++++------- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/doc/man7/ossl_store-file.pod b/doc/man7/ossl_store-file.pod index 1378427..996043b 100644 --- a/doc/man7/ossl_store-file.pod +++ b/doc/man7/ossl_store-file.pod @@ -47,17 +47,14 @@ only). When needed, the 'file' scheme loader will require a pass phrase by using the C that was passed via OSSL_STORE_open(). -This pass phrase is used as it is, which may present some challenge -when the file that's loaded contains a PKCS#12 object. +This pass phrase is expected to be UTF-8 encoded, anything else will +give an undefined result. +The files made accessible through this loader are expected to be +standard compliant with regards to pass phrase encoding. +Files that aren't should be re-generated with a correctly encoded pass +phrase. See L for more information. -=begin comment - -The treatment of pass phrases is currently being worked on and may -change. - -=end comment - =head1 SEE ALSO L, L diff --git a/doc/man7/ossl_store.pod b/doc/man7/ossl_store.pod index efa4780..6e75abd 100644 --- a/doc/man7/ossl_store.pod +++ b/doc/man7/ossl_store.pod @@ -33,6 +33,13 @@ dynamically from the calling application or from a loadable engine. Support for the 'file' scheme is built into C. See L for more information. +=head2 UI_METHOD and pass phrases + +The B API does nothing to enforce any specific format or +encoding on the pass phrase that the B provides. However, +the pass phrase is expected to be UTF-8 encoded. The result of any +other encoding is undefined. + =head1 EXAMPLES =head2 A generic call diff --git a/doc/man7/passphrase-encoding.pod b/doc/man7/passphrase-encoding.pod index bc777c9..d5c9d1e 100644 --- a/doc/man7/passphrase-encoding.pod +++ b/doc/man7/passphrase-encoding.pod @@ -80,13 +80,11 @@ than 1.1.0 was misinterpreted as ISO-8859-1 sequences. L acts as a general interface to access all kinds of objects, potentially protected with a pass phrase, a PIN or something else. -This API currently doesn't stipulate any specific encoding of pass phrases, but -uses the underlying routines with their behaviours. -This means that when using the built-in C scheme loader, the pass phrase -to unlock a PKCS#12 file will be treated as described for PKCS#12 above, and -the pass phrase for a PEM files will be treated as the general case described -above, since that loader uses the same underlying routines. -I. +This API stipulates that pass phrases should be UTF-8 encoded, and that any +other pass phrase encoding may give undefined results. +This API relies on the application to ensure UTF-8 encoding, and doesn't check +that this is the case, so what it gets, it will also pass to the underlying +loader. =head1 RECOMMENDATIONS From matt at openssl.org Thu Jun 7 12:12:13 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 07 Jun 2018 12:12:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528373533.556731.26758.nullmailer@dev.openssl.org> The branch master has been updated via c0a58e034d3eff68ca5e0d36d7b4d147425b0599 (commit) from 0189bf2bbe30d4fa710fe7440ed7f3d8eab039c6 (commit) - Log ----------------------------------------------------------------- commit c0a58e034d3eff68ca5e0d36d7b4d147425b0599 Author: Marcus Huewe Date: Fri May 11 12:24:56 2018 +0200 Do not free a session before calling the remove_session_cb If the remove_session_cb accesses the session's data (for instance, via SSL_SESSION_get_protocol_version), a potential use after free can occur. For this, consider the following scenario when adding a new session via SSL_CTX_add_session: - The session cache is full (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) - Only the session cache has a reference to ctx->session_cache_tail (that is, ctx->session_cache_tail->references == 1) Since the cache is full, remove_session_lock is called to remove ctx->session_cache_tail from the cache. That is, it SSL_SESSION_free()s the session, which free()s the data. Afterwards, the free()d session is passed to the remove_session_cb. If the callback accesses the session's data, we have a use after free. The free before calling the callback behavior was introduced in commit e4612d02c53cccd24fa97b08fc01250d1238cca1 ("Remove sessions from external cache, even if internal cache not used."). CLA: trivial Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6222) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 525edb3..0723765 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -769,11 +769,11 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) if (lck) CRYPTO_THREAD_unlock(ctx->lock); - if (ret) - SSL_SESSION_free(r); - if (ctx->remove_session_cb != NULL) ctx->remove_session_cb(ctx, c); + + if (ret) + SSL_SESSION_free(r); } else ret = 0; return ret; From matt at openssl.org Thu Jun 7 12:14:29 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 07 Jun 2018 12:14:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1528373669.400344.27793.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 6849421c7553337df64536893690478f99f053c9 (commit) from 853d2453620ff04fbe8afa89fabd77eff42f54db (commit) - Log ----------------------------------------------------------------- commit 6849421c7553337df64536893690478f99f053c9 Author: Marcus Huewe Date: Fri May 11 12:24:56 2018 +0200 Do not free a session before calling the remove_session_cb If the remove_session_cb accesses the session's data (for instance, via SSL_SESSION_get_protocol_version), a potential use after free can occur. For this, consider the following scenario when adding a new session via SSL_CTX_add_session: - The session cache is full (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) - Only the session cache has a reference to ctx->session_cache_tail (that is, ctx->session_cache_tail->references == 1) Since the cache is full, remove_session_lock is called to remove ctx->session_cache_tail from the cache. That is, it SSL_SESSION_free()s the session, which free()s the data. Afterwards, the free()d session is passed to the remove_session_cb. If the callback accesses the session's data, we have a use after free. The free before calling the callback behavior was introduced in commit e4612d02c53cccd24fa97b08fc01250d1238cca1 ("Remove sessions from external cache, even if internal cache not used."). CLA: trivial Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6222) (cherry picked from commit c0a58e034d3eff68ca5e0d36d7b4d147425b0599) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 0dea8b5..023ba9d 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -734,11 +734,11 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) if (lck) CRYPTO_THREAD_unlock(ctx->lock); - if (ret) - SSL_SESSION_free(r); - if (ctx->remove_session_cb != NULL) ctx->remove_session_cb(ctx, c); + + if (ret) + SSL_SESSION_free(r); } else ret = 0; return (ret); From openssl at openssl.org Fri Jun 8 01:00:56 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 08 Jun 2018 01:00:56 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1528419656.546449.5761.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: c0a58e0 Do not free a session before calling the remove_session_cb 0189bf2 Document UTF-8 expectation for pass phrases passed to OSSL_STORE 10bda8f Reformulate the if condition in tls_process_new_session_ticket 6cf2dbd Don't store the ticket nonce in the session 4ff1a52 Fix TLSv1.3 ticket nonces 309371d Fix EAP-FAST ac52f42 Fix no-dsa From matt at openssl.org Fri Jun 8 09:08:26 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 08 Jun 2018 09:08:26 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528448906.129149.27923.nullmailer@dev.openssl.org> The branch master has been updated via bb5f281ad0eed55ae4ddc7ba0ce953411b64bf32 (commit) via 72ff0a540059633b7906a78d5d06087d5ce7b7ad (commit) via edb77a4d0f6032e983c91c1a5fbd4136f9757b1c (commit) via 0d124b0a51d3ad8c8807cab280ea18fc68489155 (commit) from c0a58e034d3eff68ca5e0d36d7b4d147425b0599 (commit) - Log ----------------------------------------------------------------- commit bb5f281ad0eed55ae4ddc7ba0ce953411b64bf32 Author: Matt Caswell Date: Fri Jun 1 15:06:52 2018 +0100 Add a test for the raw private/public key getters Reviewed-by: Rich Salz Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6394) commit 72ff0a540059633b7906a78d5d06087d5ce7b7ad Author: Matt Caswell Date: Fri Jun 1 14:30:50 2018 +0100 Add function for setting the EVP_PKEY_ASN1_METHOD raw key getter functions EVP_PKEY_asn1_set_get_priv_key() and EVP_PKEY_asn1_set_get_pub_key() Reviewed-by: Rich Salz Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6394) commit edb77a4d0f6032e983c91c1a5fbd4136f9757b1c Author: Matt Caswell Date: Fri Jun 1 14:14:09 2018 +0100 Document the raw key getter functions EVP_PKEY_get_raw_private_key() and EVP_PKEY_get_raw_public_key() Reviewed-by: Rich Salz Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6394) commit 0d124b0a51d3ad8c8807cab280ea18fc68489155 Author: Matt Caswell Date: Fri Jun 1 12:22:28 2018 +0100 Add support getting raw private/public keys Only applies to algorithms that support it. Both raw private and public keys can be obtained for X25519, Ed25519, X448, Ed448. Raw private keys only can be obtained for HMAC, Poly1305 and SipHash Fixes #6259 Reviewed-by: Rich Salz Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6394) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/ameth_lib.c | 16 ++++++++ crypto/ec/ecx_meth.c | 49 +++++++++++++++++++++++ crypto/err/openssl.txt | 3 ++ crypto/evp/evp_err.c | 5 +++ crypto/evp/p_lib.c | 34 ++++++++++++++++ crypto/hmac/hm_ameth.c | 21 ++++++++++ crypto/include/internal/asn1_int.h | 2 + crypto/poly1305/poly1305_ameth.c | 21 ++++++++++ crypto/siphash/siphash_ameth.c | 21 ++++++++++ doc/man3/EVP_PKEY_ASN1_METHOD.pod | 17 +++++++- doc/man3/EVP_PKEY_new.pod | 49 ++++++++++++++++++----- include/openssl/evp.h | 13 ++++++ include/openssl/evperr.h | 3 ++ test/evp_extra_test.c | 81 ++++++++++++++++++++++++++++++++++++++ util/libcrypto.num | 4 ++ 15 files changed, 327 insertions(+), 12 deletions(-) diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index b5f0293..9b3274b 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -417,3 +417,19 @@ void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, { ameth->set_pub_key = set_pub_key; } + +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)) +{ + ameth->get_priv_key = get_priv_key; +} + +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)) +{ + ameth->get_pub_key = get_pub_key; +} diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index d2aa6dd..e75e07b 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -354,6 +354,47 @@ static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len) KEY_OP_PUBLIC); } +static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) +{ + const ECX_KEY *key = pkey->pkey.ecx; + + if (priv == NULL) { + *len = KEYLENID(pkey->ameth->pkey_id); + return 1; + } + + if (key == NULL + || key->privkey == NULL + || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) + return 0; + + *len = KEYLENID(pkey->ameth->pkey_id); + memcpy(priv, key->privkey, *len); + + return 1; +} + +static int ecx_get_pub_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len) +{ + const ECX_KEY *key = pkey->pkey.ecx; + + if (pub == NULL) { + *len = KEYLENID(pkey->ameth->pkey_id); + return 1; + } + + if (key == NULL + || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) + return 0; + + *len = KEYLENID(pkey->ameth->pkey_id); + memcpy(pub, key->pubkey, *len); + + return 1; +} + const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { EVP_PKEY_X25519, EVP_PKEY_X25519, @@ -393,6 +434,8 @@ const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { ecx_set_priv_key, ecx_set_pub_key, + ecx_get_priv_key, + ecx_get_pub_key, }; const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = { @@ -434,6 +477,8 @@ const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = { ecx_set_priv_key, ecx_set_pub_key, + ecx_get_priv_key, + ecx_get_pub_key, }; static int ecd_size25519(const EVP_PKEY *pkey) @@ -547,6 +592,8 @@ const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = { ecx_set_priv_key, ecx_set_pub_key, + ecx_get_priv_key, + ecx_get_pub_key, }; const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = { @@ -587,6 +634,8 @@ const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = { ecx_set_priv_key, ecx_set_pub_key, + ecx_get_priv_key, + ecx_get_pub_key, }; static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index afd7e38..bd54c8b 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -757,6 +757,8 @@ EVP_F_EVP_PKEY_GET0_HMAC:183:EVP_PKEY_get0_hmac EVP_F_EVP_PKEY_GET0_POLY1305:184:EVP_PKEY_get0_poly1305 EVP_F_EVP_PKEY_GET0_RSA:121:EVP_PKEY_get0_RSA EVP_F_EVP_PKEY_GET0_SIPHASH:172:EVP_PKEY_get0_siphash +EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY:202:EVP_PKEY_get_raw_private_key +EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY:203:EVP_PKEY_get_raw_public_key EVP_F_EVP_PKEY_KEYGEN:146:EVP_PKEY_keygen EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init EVP_F_EVP_PKEY_METH_ADD0:194:EVP_PKEY_meth_add0 @@ -2199,6 +2201,7 @@ EVP_R_EXPECTING_A_EC_KEY:142:expecting a ec key EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key EVP_R_FIPS_MODE_NOT_SUPPORTED:167:fips mode not supported +EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed EVP_R_ILLEGAL_SCRYPT_PARAMETERS:171:illegal scrypt parameters EVP_R_INITIALIZATION_ERROR:134:initialization error EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 01ed97e..809adff 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -93,6 +93,10 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_RSA, 0), "EVP_PKEY_get0_RSA"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_SIPHASH, 0), "EVP_PKEY_get0_siphash"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, 0), + "EVP_PKEY_get_raw_private_key"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, 0), + "EVP_PKEY_get_raw_public_key"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0), "EVP_PKEY_keygen_init"}, @@ -185,6 +189,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "expecting a siphash key"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS), "illegal scrypt parameters"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INITIALIZATION_ERROR), diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index e4d2bb1..d78f1d2 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -280,6 +280,40 @@ EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, return NULL; } +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) +{ + if (pkey->ameth->get_priv_key == NULL) { + EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + + if (!pkey->ameth->get_priv_key(pkey, priv, len)) { + EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, EVP_R_GET_RAW_KEY_FAILED); + return 0; + } + + return 1; +} + +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len) +{ + if (pkey->ameth->get_pub_key == NULL) { + EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return 0; + } + + if (!pkey->ameth->get_pub_key(pkey, pub, len)) { + EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, EVP_R_GET_RAW_KEY_FAILED); + return 0; + } + + return 1; +} + EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len, const EVP_CIPHER *cipher) { diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c index b786db0..fa204e9 100644 --- a/crypto/hmac/hm_ameth.c +++ b/crypto/hmac/hm_ameth.c @@ -72,6 +72,25 @@ static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, return 1; } +static int hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) +{ + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + + if (priv == NULL) { + *len = ASN1_STRING_length(os); + return 1; + } + + if (os == NULL || *len < (size_t)ASN1_STRING_length(os)) + return 0; + + *len = ASN1_STRING_length(os); + memcpy(priv, ASN1_STRING_get0_data(os), *len); + + return 1; +} + const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { EVP_PKEY_HMAC, EVP_PKEY_HMAC, @@ -103,4 +122,6 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { hmac_set_priv_key, NULL, + hmac_get_priv_key, + NULL, }; diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h index 962c3c6..b8a6762 100644 --- a/crypto/include/internal/asn1_int.h +++ b/crypto/include/internal/asn1_int.h @@ -61,6 +61,8 @@ struct evp_pkey_asn1_method_st { /* Get/set raw private/public key data */ int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); + int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); + int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); } /* EVP_PKEY_ASN1_METHOD */ ; DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) diff --git a/crypto/poly1305/poly1305_ameth.c b/crypto/poly1305/poly1305_ameth.c index ed4115b7..033ee8c 100644 --- a/crypto/poly1305/poly1305_ameth.c +++ b/crypto/poly1305/poly1305_ameth.c @@ -67,6 +67,25 @@ static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, return 1; } +static int poly1305_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) +{ + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + + if (priv == NULL) { + *len = POLY1305_KEY_SIZE; + return 1; + } + + if (os == NULL || *len < POLY1305_KEY_SIZE) + return 0; + + memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os)); + *len = POLY1305_KEY_SIZE; + + return 1; +} + const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth = { EVP_PKEY_POLY1305, EVP_PKEY_POLY1305, @@ -98,4 +117,6 @@ const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth = { poly1305_set_priv_key, NULL, + poly1305_get_priv_key, + NULL, }; diff --git a/crypto/siphash/siphash_ameth.c b/crypto/siphash/siphash_ameth.c index 6411501..c0ab7ef 100644 --- a/crypto/siphash/siphash_ameth.c +++ b/crypto/siphash/siphash_ameth.c @@ -68,6 +68,25 @@ static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, return 1; } +static int siphash_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len) +{ + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + + if (priv == NULL) { + *len = SIPHASH_KEY_SIZE; + return 1; + } + + if (os == NULL || *len < SIPHASH_KEY_SIZE) + return 0; + + memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os)); + *len = SIPHASH_KEY_SIZE; + + return 1; +} + const EVP_PKEY_ASN1_METHOD siphash_asn1_meth = { EVP_PKEY_SIPHASH, EVP_PKEY_SIPHASH, @@ -99,4 +118,6 @@ const EVP_PKEY_ASN1_METHOD siphash_asn1_meth = { siphash_set_priv_key, NULL, + siphash_get_priv_key, + NULL, }; diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index cb9375a..3c2ffd9 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -21,6 +21,8 @@ EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, EVP_PKEY_asn1_set_set_priv_key, EVP_PKEY_asn1_set_set_pub_key, +EVP_PKEY_asn1_set_get_priv_key, +EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 - manipulating and registering EVP_PKEY_ASN1_METHOD structure @@ -125,6 +127,16 @@ EVP_PKEY_get0_asn1 const unsigned char *pub, size_t len)); + void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); + + void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); =head1 DESCRIPTION @@ -390,8 +402,9 @@ EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), EVP_PKEY_asn1_set_siginf(), EVP_PKEY_asn1_set_check(), EVP_PKEY_asn1_set_public_check(), EVP_PKEY_asn1_set_param_check(), -EVP_PKEY_asn1_set_security_bits(), EVP_PKEY_asn1_set_set_priv_key() and -EVP_PKEY_asn1_set_set_pub_key() set the diverse methods of the given +EVP_PKEY_asn1_set_security_bits(), EVP_PKEY_asn1_set_set_priv_key(), +EVP_PKEY_asn1_set_set_pub_key(), EVP_PKEY_asn1_set_get_priv_key() and +EVP_PKEY_asn1_set_get_pub_key() set the diverse methods of the given B object. EVP_PKEY_get0_asn1() finds the B associated diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index 17ffc6b..a3532a3 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -8,8 +8,10 @@ EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, -EVP_PKEY_new_mac_key -- public/private key allocation functions +EVP_PKEY_new_mac_key, +EVP_PKEY_get_raw_private_key, +EVP_PKEY_get_raw_public_key +- public/private key allocation and raw key handling functions =head1 SYNOPSIS @@ -28,10 +30,16 @@ EVP_PKEY_new_mac_key EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen); + int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); + int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + =head1 DESCRIPTION The EVP_PKEY_new() function allocates an empty B structure which is -used by OpenSSL to store private keys. The reference count is set to B<1>. +used by OpenSSL to store public and private keys. The reference count is set to +B<1>. EVP_PKEY_up_ref() increments the reference count of B. @@ -63,14 +71,32 @@ creation of a CMAC in the B argument. EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead. +EVP_PKEY_get_raw_private_key() fills the buffer provided by B with raw +private key data. The number of bytes written is populated in B<*len>. If the +buffer B is NULL then B<*len> is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the private key data. This function +only works for algorithms that support raw private keys. Currently this is: +B, B, B, B, +B, B or B. + +EVP_PKEY_get_raw_public_key() fills the buffer provided by B with raw +public key data. The number of bytes written is populated in B<*len>. If the +buffer B is NULL then B<*len> is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the public key data. This function +only works for algorithms that support raw public keys. Currently this is: +B, B, B or B. + =head1 NOTES The B structure is used by various OpenSSL functions which require a general private key without reference to any particular algorithm. -The structure returned by EVP_PKEY_new() is empty. To add a private key to this -empty structure the functions described in L should be -used. +The structure returned by EVP_PKEY_new() is empty. To add a private or public +key to this empty structure use the appropriate functions described in +L, L, L or +L. =head1 RETURN VALUES @@ -78,19 +104,22 @@ EVP_PKEY_new(), EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly allocated B structure or B if an error occurred. -EVP_PKEY_up_ref() returns 1 for success and 0 for failure. +EVP_PKEY_up_ref(), EVP_PKEY_get_raw_private_key() and +EVP_PKEY_get_raw_public_key() return 1 for success and 0 for failure. =head1 SEE ALSO -L +L, L, L or +L =head1 HISTORY EVP_PKEY_new() and EVP_PKEY_free() exist in all versions of OpenSSL. EVP_PKEY_up_ref() was first added to OpenSSL 1.1.0. -EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key() and -EVP_PKEY_new_CMAC_key() were first added to OpenSSL 1.1.1. +EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(), +EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and +EVP_PKEY_get_raw_public_key() were first added to OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 63cba15..33ff674 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1238,6 +1238,14 @@ void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len)); +void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_priv_key) (const EVP_PKEY *pk, + unsigned char *priv, + size_t *len)); +void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, + int (*get_pub_key) (const EVP_PKEY *pk, + unsigned char *pub, + size_t *len)); void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_security_bits) (const EVP_PKEY @@ -1352,6 +1360,11 @@ EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *pub, size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, + size_t *len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, + size_t *len); + EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len, const EVP_CIPHER *cipher); diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 84f2951..a8f79c7 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -79,6 +79,8 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_GET0_POLY1305 184 # define EVP_F_EVP_PKEY_GET0_RSA 121 # define EVP_F_EVP_PKEY_GET0_SIPHASH 172 +# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY 202 +# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY 203 # define EVP_F_EVP_PKEY_KEYGEN 146 # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 # define EVP_F_EVP_PKEY_METH_ADD0 194 @@ -139,6 +141,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_EXPECTING_A_POLY1305_KEY 164 # define EVP_R_EXPECTING_A_SIPHASH_KEY 175 # define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_GET_RAW_KEY_FAILED 182 # define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 # define EVP_R_INITIALIZATION_ERROR 134 # define EVP_R_INPUT_NOT_INITIALIZED 111 diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index e63d683..fd461c9 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -9,6 +9,7 @@ #include #include +#include #include #include #include @@ -476,6 +477,85 @@ static int test_EVP_PKCS82PKEY(void) } #endif +static struct keys_st { + int type; + char *priv; + char *pub; +} keys[] = { + { + EVP_PKEY_HMAC, "0123456789", NULL + }, { + EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL + }, { + EVP_PKEY_SIPHASH, "0123456789012345", NULL + }, { + EVP_PKEY_X25519, "01234567890123456789012345678901", + "abcdefghijklmnopqrstuvwxyzabcdef" + }, { + EVP_PKEY_ED25519, "01234567890123456789012345678901", + "abcdefghijklmnopqrstuvwxyzabcdef" + }, { + EVP_PKEY_X448, + "01234567890123456789012345678901234567890123456789012345", + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" + }, { + EVP_PKEY_ED448, + "012345678901234567890123456789012345678901234567890123456", + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" + } +}; + +static int test_set_get_raw_keys_int(int tst, int pub) +{ + int ret = 0; + unsigned char buf[80]; + unsigned char *in; + size_t inlen, len = 0; + EVP_PKEY *pkey; + + /* Check if this algorithm supports public keys */ + if (keys[tst].pub == NULL) + return 1; + + memset(buf, 0, sizeof(buf)); + + if (pub) { + inlen = strlen(keys[tst].pub); + in = (unsigned char *)keys[tst].pub; + pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, + NULL, + in, + inlen); + } else { + inlen = strlen(keys[tst].priv); + in = (unsigned char *)keys[tst].priv; + pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, + NULL, + in, + inlen); + } + + if (!TEST_ptr(pkey) + || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) + || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) + || !TEST_true(len == inlen) + || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) + || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) + || !TEST_mem_eq(in, inlen, buf, len)) + goto done; + + ret = 1; + done: + EVP_PKEY_free(pkey); + return ret; +} + +static int test_set_get_raw_keys(int tst) +{ + return test_set_get_raw_keys_int(tst, 0) + && test_set_get_raw_keys_int(tst, 1); +} + static int pkey_custom_check(EVP_PKEY *pkey) { return 0xbeef; @@ -581,6 +661,7 @@ int setup_tests(void) #ifndef OPENSSL_NO_EC ADD_TEST(test_EVP_PKCS82PKEY); #endif + ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); if (!TEST_ptr(custom_pmeth)) return 0; diff --git a/util/libcrypto.num b/util/libcrypto.num index a810755..a25f65f 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4563,3 +4563,7 @@ X509_OBJECT_set1_X509 4514 1_1_0i EXIST::FUNCTION: X509_LOOKUP_meth_get_get_by_issuer_serial 4515 1_1_0i EXIST::FUNCTION: X509_LOOKUP_meth_set_init 4516 1_1_0i EXIST::FUNCTION: X509_OBJECT_set1_X509_CRL 4517 1_1_0i EXIST::FUNCTION: +EVP_PKEY_get_raw_public_key 4518 1_1_1 EXIST::FUNCTION: +EVP_PKEY_get_raw_private_key 4519 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_get_priv_key 4520 1_1_1 EXIST::FUNCTION: +EVP_PKEY_asn1_set_get_pub_key 4521 1_1_1 EXIST::FUNCTION: From osslsanity at gmail.com Fri Jun 8 09:27:13 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Fri, 8 Jun 2018 09:27:13 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_noec #559 Message-ID: <480545659.452.1528450033423.JavaMail.jenkins@ip-172-31-34-99> See Changes: [matt] Add support getting raw private/public keys [matt] Document the raw key getter functions [matt] Add function for setting the EVP_PKEY_ASN1_METHOD raw key getter [matt] Add a test for the raw private/public key getters ------------------------------------------ [...truncated 505.72 KB...] rm -f test/v3ext ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3ext test/v3ext.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/v3nametest.d.tmp -MT test/v3nametest.o -c -o test/v3nametest.o test/v3nametest.c rm -f test/v3nametest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3nametest test/v3nametest.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/verify_extra_test.d.tmp -MT test/verify_extra_test.o -c -o test/verify_extra_test.o test/verify_extra_test.c rm -f test/verify_extra_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/verify_extra_test test/verify_extra_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/versions.d.tmp -MT test/versions.o -c -o test/versions.o test/versions.c rm -f test/versions ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/versions test/versions.o \ -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/wpackettest.d.tmp -MT test/wpackettest.o -c -o test/wpackettest.o test/wpackettest.c rm -f test/wpackettest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/wpackettest test/wpackettest.o \ libssl.a test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test.o test/x509_check_cert_pkey_test.c rm -f test/x509_check_cert_pkey_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_check_cert_pkey_test test/x509_check_cert_pkey_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test.o -c -o test/x509_dup_cert_test.o test/x509_dup_cert_test.c rm -f test/x509_dup_cert_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_dup_cert_test test/x509_dup_cert_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -I. -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_internal_test.d.tmp -MT test/x509_internal_test.o -c -o test/x509_internal_test.o test/x509_internal_test.c rm -f test/x509_internal_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_internal_test test/x509_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_time_test.d.tmp -MT test/x509_time_test.o -c -o test/x509_time_test.o test/x509_time_test.c rm -f test/x509_time_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_time_test test/x509_time_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509aux.d.tmp -MT test/x509aux.o -c -o test/x509aux.o test/x509aux.c rm -f test/x509aux ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509aux test/x509aux.o \ test/libtestutil.a -lcrypto -ldl -pthread /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/CA.pl.in > "apps/CA.pl" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/tsget.in > "apps/tsget" chmod a+x apps/tsget /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" tools/c_rehash.in > "tools/c_rehash" chmod a+x tools/c_rehash /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x util/shlib_wrap.sh make[1]: Leaving directory ` + apps/openssl version -a OpenSSL 1.1.1-pre8-dev xx XXX xxxx built on: Fri Jun 8 09:21:59 2018 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib/engines-1.1" Seeding source: os-specific + make test make depend && make _tests make[1]: Entering directory ` make[1]: Leaving directory ` make[1]: Entering directory ` ( cd test; \ mkdir -p test-runs; \ SRCTOP=../. \ BLDTOP=../. \ RESULT_D=test-runs \ PERL="/usr/bin/perl" \ EXE_EXT= \ OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \ OPENSSL_DEBUG_MEMORY=on \ /usr/bin/perl .././test/run_tests.pl ) ../test/recipes/01-test_abort.t .................... ok ../test/recipes/01-test_sanity.t ................... ok ../test/recipes/01-test_symbol_presence.t .......... skipped: Only useful when building shared libraries ../test/recipes/01-test_test.t ..................... ok ../test/recipes/02-test_internal_ctype.t ........... ok ../test/recipes/02-test_lhash.t .................... ok ../test/recipes/02-test_ordinals.t ................. ok ../test/recipes/02-test_stack.t .................... ok ../test/recipes/03-test_exdata.t ................... ok ../test/recipes/03-test_internal_asn1.t ............ ok ../test/recipes/03-test_internal_chacha.t .......... ok ../test/recipes/03-test_internal_curve448.t ........ skipped: This test is unsupported in a no-ec build ../test/recipes/03-test_internal_mdc2.t ............ ok ../test/recipes/03-test_internal_modes.t ........... ok ../test/recipes/03-test_internal_poly1305.t ........ ok ../test/recipes/03-test_internal_siphash.t ......... ok ../test/recipes/03-test_internal_sm2.t ............. skipped: sm2 is not supported by this OpenSSL build ../test/recipes/03-test_internal_sm4.t ............. ok ../test/recipes/03-test_internal_ssl_cert_table.t .. ok ../test/recipes/03-test_internal_x509.t ............ ok ../test/recipes/03-test_ui.t ....................... ok ../test/recipes/04-test_asn1_encode.t .............. ok ../test/recipes/04-test_asn1_string_table.t ........ ok ../test/recipes/04-test_bio_callback.t ............. ok ../test/recipes/04-test_bioprint.t ................. ok ../test/recipes/04-test_err.t ...................... ok ../test/recipes/04-test_pem.t ...................... ok ../test/recipes/05-test_bf.t ....................... ok ../test/recipes/05-test_cast.t ..................... ok ../test/recipes/05-test_des.t ...................... ok ../test/recipes/05-test_hmac.t ..................... ok ../test/recipes/05-test_idea.t ..................... ok ../test/recipes/05-test_md2.t ...................... skipped: md2 is not supported by this OpenSSL build ../test/recipes/05-test_mdc2.t ..................... ok ../test/recipes/05-test_rand.t ..................... ok ../test/recipes/05-test_rc2.t ...................... ok ../test/recipes/05-test_rc4.t ...................... ok ../test/recipes/05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build ../test/recipes/06-test-rdrand.t ................... ok ../test/recipes/10-test_bn.t ....................... ok ../test/recipes/10-test_exp.t ...................... ok ../test/recipes/15-test_dh.t ....................... ok ../test/recipes/15-test_dsa.t ...................... ok ../test/recipes/15-test_ec.t ....................... ok ../test/recipes/15-test_ecdsa.t .................... skipped: ec is not supported by this OpenSSL build ../test/recipes/15-test_ecparam.t .................. skipped: EC isn't supported in this build ../test/recipes/15-test_genrsa.t ................... ok ../test/recipes/15-test_mp_rsa.t ................... ok ../test/recipes/15-test_out_option.t ............... ok ../test/recipes/15-test_rsa.t ...................... ok ../test/recipes/15-test_rsapss.t ................... ok ../test/recipes/20-test_enc.t ...................... ok ../test/recipes/20-test_enc_more.t ................. ok ../test/recipes/20-test_passwd.t ................... ok ../test/recipes/25-test_crl.t ...................... ok ../test/recipes/25-test_d2i.t ...................... ok ../test/recipes/25-test_pkcs7.t .................... ok ../test/recipes/25-test_req.t ...................... ok ../test/recipes/25-test_sid.t ...................... skipped: test_sid needs EC to run ../test/recipes/25-test_verify.t ................... ok ../test/recipes/25-test_x509.t ..................... ok ../test/recipes/30-test_afalg.t .................... skipped: test_afalg not supported for this build ../test/recipes/30-test_engine.t ................... ok ../test/recipes/30-test_evp.t ...................... ok ../test/recipes/30-test_evp_extra.t ................ Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../test/recipes/30-test_pbelu.t .................... ok ../test/recipes/30-test_pkey_meth.t ................ ok ../test/recipes/30-test_pkey_meth_kdf.t ............ ok ../test/recipes/40-test_rehash.t ................... ok ../test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../test/recipes/60-test_x509_dup_cert.t ............ ok ../test/recipes/60-test_x509_store.t ............... ok ../test/recipes/60-test_x509_time.t ................ ok ../test/recipes/70-test_asyncio.t .................. ok ../test/recipes/70-test_bad_dtls.t ................. ok ../test/recipes/70-test_clienthello.t .............. ok ../test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../test/recipes/70-test_packet.t ................... ok ../test/recipes/70-test_recordlen.t ................ ok ../test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../test/recipes/70-test_servername.t ............... ok ../test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../test/recipes/70-test_verify_extra.t ............. ok ../test/recipes/70-test_wpacket.t .................. ok ../test/recipes/80-test_ca.t ....................... ok ../test/recipes/80-test_cipherbytes.t .............. ok ../test/recipes/80-test_cipherlist.t ............... ok ../test/recipes/80-test_ciphername.t ............... ok ../test/recipes/80-test_cms.t ...................... ok ../test/recipes/80-test_cmsapi.t ................... ok ../test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/80-test_dtls.t ..................... ok ../test/recipes/80-test_dtls_mtu.t ................. ok ../test/recipes/80-test_dtlsv1listen.t ............. ok ../test/recipes/80-test_ocsp.t ..................... ok ../test/recipes/80-test_pkcs12.t ................... ok ../test/recipes/80-test_ssl_new.t .................. ok ../test/recipes/80-test_ssl_old.t .................. ok ../test/recipes/80-test_ssl_test_ctx.t ............. ok ../test/recipes/80-test_sslcorrupt.t ............... ok ../test/recipes/80-test_tsa.t ...................... ok ../test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/90-test_asn1_time.t ................ ok ../test/recipes/90-test_async.t .................... ok ../test/recipes/90-test_bio_enc.t .................. ok ../test/recipes/90-test_constant_time.t ............ ok ../test/recipes/90-test_fatalerr.t ................. ok ../test/recipes/90-test_gmdiff.t ................... ok ../test/recipes/90-test_ige.t ...................... ok ../test/recipes/90-test_includes.t ................. ok ../test/recipes/90-test_memleak.t .................. ok ../test/recipes/90-test_overhead.t ................. ok ../test/recipes/90-test_secmem.t ................... ok ../test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../test/recipes/90-test_srp.t ...................... ok ../test/recipes/90-test_sslapi.t ................... ok ../test/recipes/90-test_sslbuffers.t ............... ok ../test/recipes/90-test_store.t .................... ok ../test/recipes/90-test_sysdefault.t ............... ok ../test/recipes/90-test_threads.t .................. ok ../test/recipes/90-test_time_offset.t .............. ok ../test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../test/recipes/90-test_v3name.t ................... ok ../test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../test/recipes/99-test_ecstress.t ................. ok ../test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../test/recipes/30-test_evp_extra.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1016, 107 wallclock secs ( 0.49 usr 0.05 sys + 39.84 cusr 8.90 csys = 49.28 CPU) Result: FAIL make[1]: *** [_tests] Error 1 make[1]: Leaving directory ` make: *** [tests] Error 2 Build step 'Execute shell' marked build as failure From appro at openssl.org Fri Jun 8 13:50:37 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 08 Jun 2018 13:50:37 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528465837.878355.26976.nullmailer@dev.openssl.org> The branch master has been updated via 10f279713ae39736ca1c7bcb09e240c7c5fb298a (commit) from bb5f281ad0eed55ae4ddc7ba0ce953411b64bf32 (commit) - Log ----------------------------------------------------------------- commit 10f279713ae39736ca1c7bcb09e240c7c5fb298a Author: Andy Polyakov Date: Thu Jun 7 14:04:34 2018 +0200 chacha/asm/chacha-ppc.pl: fix big-endian build. It's kind of a "brown-bag" bug, as I did recognize the problem and verified an ad-hoc solution, but failed to follow up with cross-checks prior filing previous merge request. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6435) ----------------------------------------------------------------------- Summary of changes: crypto/chacha/asm/chacha-ppc.pl | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl index 96cdfeb..f4f8610 100755 --- a/crypto/chacha/asm/chacha-ppc.pl +++ b/crypto/chacha/asm/chacha-ppc.pl @@ -438,9 +438,9 @@ my ($a,$b,$c,$d)=@_; "&vxor ('$b','$b','$c')", "&vrlw ('$b','$b','$seven')", - "&vsldoi ('$c','$c','$c',8)", - "&vsldoi ('$b','$b','$b',$odd?4:12)", - "&vsldoi ('$d','$d','$d',$odd?12:4)" + "&vrldoi ('$c','$c',8)", + "&vrldoi ('$b','$b',$odd?4:12)", + "&vrldoi ('$d','$d',$odd?12:4)" ); } @@ -1334,11 +1334,12 @@ foreach (split("\n",$code)) { s/\?lvsr/lvsl/ or s/\?lvsl/lvsr/ or s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or - s/(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/; + s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/; } else { # little-endian s/le\?// or s/be\?/#be#/ or - s/\?([a-z]+)/$1/; + s/\?([a-z]+)/$1/ or + s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/; } print $_,"\n"; From appro at openssl.org Fri Jun 8 13:56:50 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 08 Jun 2018 13:56:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528466210.498101.28349.nullmailer@dev.openssl.org> The branch master has been updated via bbb02a5b6d27f76931c3385321b2c594781c7a1b (commit) from 10f279713ae39736ca1c7bcb09e240c7c5fb298a (commit) - Log ----------------------------------------------------------------- commit bbb02a5b6d27f76931c3385321b2c594781c7a1b Author: Mingtao Yang Date: Wed Jun 6 09:34:18 2018 -0700 modes/ocb128.c: Reset nonce-dependent variables on setiv Upon a call to CRYPTO_ocb128_setiv, either directly on an OCB_CTX or indirectly with EVP_CTRL_AEAD_SET_IVLEN, reset the nonce-dependent variables in the OCB_CTX. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6420) ----------------------------------------------------------------------- Summary of changes: crypto/modes/modes_lcl.h | 15 +++--- crypto/modes/ocb128.c | 121 ++++++++++++++++++++++++----------------------- 2 files changed, 69 insertions(+), 67 deletions(-) diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h index fa85460..f2ae01d 100644 --- a/crypto/modes/modes_lcl.h +++ b/crypto/modes/modes_lcl.h @@ -178,12 +178,13 @@ struct ocb128_context { OCB_BLOCK l_dollar; OCB_BLOCK *l; /* Must be reset for each session */ - u64 blocks_hashed; - u64 blocks_processed; - OCB_BLOCK tag; - OCB_BLOCK offset_aad; - OCB_BLOCK sum; - OCB_BLOCK offset; - OCB_BLOCK checksum; + struct { + u64 blocks_hashed; + u64 blocks_processed; + OCB_BLOCK offset_aad; + OCB_BLOCK sum; + OCB_BLOCK offset; + OCB_BLOCK checksum; + } sess; }; #endif /* OPENSSL_NO_OCB */ diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index 96f21f6..76591e6 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -239,6 +239,9 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, return -1; } + /* Reset nonce-dependent variables */ + memset(&ctx->sess, 0, sizeof(ctx->sess)); + /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */ nonce[0] = ((taglen * 8) % 128) << 1; memset(nonce + 1, 0, 15); @@ -259,10 +262,10 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, /* Offset_0 = Stretch[1+bottom..128+bottom] */ shift = bottom % 8; - ocb_block_lshift(stretch + (bottom / 8), shift, ctx->offset.c); + ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c); mask = 0xff; mask <<= 8 - shift; - ctx->offset.c[15] |= + ctx->sess.offset.c[15] |= (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); return 1; @@ -281,25 +284,25 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, /* Calculate the number of blocks of AAD provided now, and so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_hashed; + all_num_blocks = num_blocks + ctx->sess.blocks_hashed; /* Loop through all full blocks of AAD */ - for (i = ctx->blocks_hashed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) { OCB_BLOCK *lookup; /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset_aad, lookup, &ctx->offset_aad); + ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad); memcpy(tmp.c, aad, 16); aad += 16; /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ - ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum); + ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); } /* @@ -310,20 +313,21 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, if (last_len > 0) { /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset_aad, &ctx->l_star, &ctx->offset_aad); + ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star, + &ctx->sess.offset_aad); /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ memset(tmp.c, 0, 16); memcpy(tmp.c, aad, last_len); tmp.c[last_len] = 0x80; - ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum); + ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); } - ctx->blocks_hashed = all_num_blocks; + ctx->sess.blocks_hashed = all_num_blocks; return 1; } @@ -344,7 +348,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, * so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_processed; + all_num_blocks = num_blocks + ctx->sess.blocks_processed; if (num_blocks && all_num_blocks == (size_t)all_num_blocks && ctx->stream != NULL) { @@ -360,11 +364,11 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, return 0; ctx->stream(in, out, num_blocks, ctx->keyenc, - (size_t)ctx->blocks_processed + 1, ctx->offset.c, - (const unsigned char (*)[16])ctx->l, ctx->checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); } else { /* Loop through all full blocks to be encrypted */ - for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { OCB_BLOCK *lookup; OCB_BLOCK tmp; @@ -372,18 +376,18 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); memcpy(tmp.c, in, 16); in += 16; /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); memcpy(out, tmp.c, 16); out += 16; @@ -400,10 +404,10 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, OCB_BLOCK pad; /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); + ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); /* C_* = P_* xor Pad[1..bitlen(P_*)] */ ocb_block_xor(in, pad.c, last_len, out); @@ -412,10 +416,10 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, memset(pad.c, 0, 16); /* borrow pad */ memcpy(pad.c, in, last_len); pad.c[last_len] = 0x80; - ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); } - ctx->blocks_processed = all_num_blocks; + ctx->sess.blocks_processed = all_num_blocks; return 1; } @@ -436,7 +440,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, * so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_processed; + all_num_blocks = num_blocks + ctx->sess.blocks_processed; if (num_blocks && all_num_blocks == (size_t)all_num_blocks && ctx->stream != NULL) { @@ -452,30 +456,30 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, return 0; ctx->stream(in, out, num_blocks, ctx->keydec, - (size_t)ctx->blocks_processed + 1, ctx->offset.c, - (const unsigned char (*)[16])ctx->l, ctx->checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); } else { OCB_BLOCK tmp; /* Loop through all full blocks to be decrypted */ - for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); memcpy(tmp.c, in, 16); in += 16; /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); ctx->decrypt(tmp.c, tmp.c, ctx->keydec); - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); memcpy(out, tmp.c, 16); out += 16; @@ -492,10 +496,10 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, OCB_BLOCK pad; /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); + ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); /* P_* = C_* xor Pad[1..bitlen(C_*)] */ ocb_block_xor(in, pad.c, last_len, out); @@ -504,39 +508,46 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, memset(pad.c, 0, 16); /* borrow pad */ memcpy(pad.c, out, last_len); pad.c[last_len] = 0x80; - ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); } - ctx->blocks_processed = all_num_blocks; + ctx->sess.blocks_processed = all_num_blocks; return 1; } -/* - * Calculate the tag and verify it against the supplied tag - */ -int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, - size_t len) +static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len, + int write) { OCB_BLOCK tmp; + if (len > 16 || len < 1) { + return -1; + } + /* * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */ - ocb_block16_xor(&ctx->checksum, &ctx->offset, &tmp); + ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp); ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp); ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sum, &ctx->tag); + ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp); - if (len > 16 || len < 1) { - return -1; + if (write) { + memcpy(tag, &tmp, len); + return 1; + } else { + return CRYPTO_memcmp(&tmp, tag, len); } +} - /* Compare the tag if we've been given one */ - if (tag) - return CRYPTO_memcmp(&ctx->tag, tag, len); - else - return -1; +/* + * Calculate the tag and verify it against the supplied tag + */ +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len) +{ + return ocb_finish(ctx, (unsigned char*)tag, len, 0); } /* @@ -544,17 +555,7 @@ int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, */ int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len) { - if (len > 16 || len < 1) { - return -1; - } - - /* Calculate the tag */ - CRYPTO_ocb128_finish(ctx, NULL, 0); - - /* Copy the tag into the supplied buffer */ - memcpy(tag, ctx->tag.c, len); - - return 1; + return ocb_finish(ctx, tag, len, 1); } /* From appro at openssl.org Fri Jun 8 13:57:49 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 08 Jun 2018 13:57:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1528466269.107163.29294.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 776ad43f9d5c50bd8f9d03c89b862d275835247a (commit) from 6849421c7553337df64536893690478f99f053c9 (commit) - Log ----------------------------------------------------------------- commit 776ad43f9d5c50bd8f9d03c89b862d275835247a Author: Mingtao Yang Date: Wed Jun 6 09:34:18 2018 -0700 modes/ocb128.c: Reset nonce-dependent variables on setiv Upon a call to CRYPTO_ocb128_setiv, either directly on an OCB_CTX or indirectly with EVP_CTRL_AEAD_SET_IVLEN, reset the nonce-dependent variables in the OCB_CTX. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6420) (cherry picked from commit bbb02a5b6d27f76931c3385321b2c594781c7a1b) ----------------------------------------------------------------------- Summary of changes: crypto/modes/modes_lcl.h | 15 +++--- crypto/modes/ocb128.c | 121 ++++++++++++++++++++++++----------------------- 2 files changed, 69 insertions(+), 67 deletions(-) diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h index 7a1603b..0a3c4c3 100644 --- a/crypto/modes/modes_lcl.h +++ b/crypto/modes/modes_lcl.h @@ -174,12 +174,13 @@ struct ocb128_context { OCB_BLOCK l_dollar; OCB_BLOCK *l; /* Must be reset for each session */ - u64 blocks_hashed; - u64 blocks_processed; - OCB_BLOCK tag; - OCB_BLOCK offset_aad; - OCB_BLOCK sum; - OCB_BLOCK offset; - OCB_BLOCK checksum; + struct { + u64 blocks_hashed; + u64 blocks_processed; + OCB_BLOCK offset_aad; + OCB_BLOCK sum; + OCB_BLOCK offset; + OCB_BLOCK checksum; + } sess; }; #endif /* OPENSSL_NO_OCB */ diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index db794d0..69422da 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -236,6 +236,9 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, return -1; } + /* Reset nonce-dependent variables */ + memset(&ctx->sess, 0, sizeof(ctx->sess)); + /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */ nonce[0] = ((taglen * 8) % 128) << 1; memset(nonce + 1, 0, 15); @@ -256,10 +259,10 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, /* Offset_0 = Stretch[1+bottom..128+bottom] */ shift = bottom % 8; - ocb_block_lshift(stretch + (bottom / 8), shift, ctx->offset.c); + ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c); mask = 0xff; mask <<= 8 - shift; - ctx->offset.c[15] |= + ctx->sess.offset.c[15] |= (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); return 1; @@ -278,25 +281,25 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, /* Calculate the number of blocks of AAD provided now, and so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_hashed; + all_num_blocks = num_blocks + ctx->sess.blocks_hashed; /* Loop through all full blocks of AAD */ - for (i = ctx->blocks_hashed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) { OCB_BLOCK *lookup; /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset_aad, lookup, &ctx->offset_aad); + ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad); memcpy(tmp.c, aad, 16); aad += 16; /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ - ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum); + ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); } /* @@ -307,20 +310,21 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, if (last_len > 0) { /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset_aad, &ctx->l_star, &ctx->offset_aad); + ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star, + &ctx->sess.offset_aad); /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ memset(tmp.c, 0, 16); memcpy(tmp.c, aad, last_len); tmp.c[last_len] = 0x80; - ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum); + ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); } - ctx->blocks_hashed = all_num_blocks; + ctx->sess.blocks_hashed = all_num_blocks; return 1; } @@ -341,7 +345,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, * so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_processed; + all_num_blocks = num_blocks + ctx->sess.blocks_processed; if (num_blocks && all_num_blocks == (size_t)all_num_blocks && ctx->stream != NULL) { @@ -357,11 +361,11 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, return 0; ctx->stream(in, out, num_blocks, ctx->keyenc, - (size_t)ctx->blocks_processed + 1, ctx->offset.c, - (const unsigned char (*)[16])ctx->l, ctx->checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); } else { /* Loop through all full blocks to be encrypted */ - for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { OCB_BLOCK *lookup; OCB_BLOCK tmp; @@ -369,18 +373,18 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); memcpy(tmp.c, in, 16); in += 16; /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); memcpy(out, tmp.c, 16); out += 16; @@ -397,10 +401,10 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, OCB_BLOCK pad; /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); + ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); /* C_* = P_* xor Pad[1..bitlen(P_*)] */ ocb_block_xor(in, pad.c, last_len, out); @@ -409,10 +413,10 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, memset(pad.c, 0, 16); /* borrow pad */ memcpy(pad.c, in, last_len); pad.c[last_len] = 0x80; - ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); } - ctx->blocks_processed = all_num_blocks; + ctx->sess.blocks_processed = all_num_blocks; return 1; } @@ -433,7 +437,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, * so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_processed; + all_num_blocks = num_blocks + ctx->sess.blocks_processed; if (num_blocks && all_num_blocks == (size_t)all_num_blocks && ctx->stream != NULL) { @@ -449,30 +453,30 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, return 0; ctx->stream(in, out, num_blocks, ctx->keydec, - (size_t)ctx->blocks_processed + 1, ctx->offset.c, - (const unsigned char (*)[16])ctx->l, ctx->checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); } else { OCB_BLOCK tmp; /* Loop through all full blocks to be decrypted */ - for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); memcpy(tmp.c, in, 16); in += 16; /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); ctx->decrypt(tmp.c, tmp.c, ctx->keydec); - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); memcpy(out, tmp.c, 16); out += 16; @@ -489,10 +493,10 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, OCB_BLOCK pad; /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); + ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); /* P_* = C_* xor Pad[1..bitlen(C_*)] */ ocb_block_xor(in, pad.c, last_len, out); @@ -501,39 +505,46 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, memset(pad.c, 0, 16); /* borrow pad */ memcpy(pad.c, out, last_len); pad.c[last_len] = 0x80; - ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); } - ctx->blocks_processed = all_num_blocks; + ctx->sess.blocks_processed = all_num_blocks; return 1; } -/* - * Calculate the tag and verify it against the supplied tag - */ -int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, - size_t len) +static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len, + int write) { OCB_BLOCK tmp; + if (len > 16 || len < 1) { + return -1; + } + /* * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */ - ocb_block16_xor(&ctx->checksum, &ctx->offset, &tmp); + ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp); ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp); ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sum, &ctx->tag); + ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp); - if (len > 16 || len < 1) { - return -1; + if (write) { + memcpy(tag, &tmp, len); + return 1; + } else { + return CRYPTO_memcmp(&tmp, tag, len); } +} - /* Compare the tag if we've been given one */ - if (tag) - return CRYPTO_memcmp(&ctx->tag, tag, len); - else - return -1; +/* + * Calculate the tag and verify it against the supplied tag + */ +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len) +{ + return ocb_finish(ctx, (unsigned char*)tag, len, 0); } /* @@ -541,17 +552,7 @@ int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, */ int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len) { - if (len > 16 || len < 1) { - return -1; - } - - /* Calculate the tag */ - CRYPTO_ocb128_finish(ctx, NULL, 0); - - /* Copy the tag into the supplied buffer */ - memcpy(tag, ctx->tag.c, len); - - return 1; + return ocb_finish(ctx, tag, len, 1); } /* From appro at openssl.org Fri Jun 8 14:35:44 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 08 Jun 2018 14:35:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528468544.062611.3186.nullmailer@dev.openssl.org> The branch master has been updated via c8a56217f9e00430d4cf20b70246ee049f285da6 (commit) from bbb02a5b6d27f76931c3385321b2c594781c7a1b (commit) - Log ----------------------------------------------------------------- commit c8a56217f9e00430d4cf20b70246ee049f285da6 Author: Andy Polyakov Date: Sun Jun 3 20:47:54 2018 +0200 Configurations/*.conf: ios targets face-lift. Move ios targets to 15-ios.conf and modernize by deploying xcrun. This excuses user from looking for paths and setting environment variables. [Thanks to @0neday for hint.] Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6410) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 40 ---------------------------- Configurations/15-ios.conf | 64 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 40 deletions(-) create mode 100644 Configurations/15-ios.conf diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 8d55ad8..fed386b 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1573,46 +1573,6 @@ my %targets = ( perlasm_scheme => "macosx", }, -#### iPhoneOS/iOS -# -# It takes three prior-set environment variables to make it work: -# -# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] -# CROSS_TOP=/where/SDKs/are -# CROSS_SDK=iPhoneOSx.y.sdk -# -# Exact paths vary with Xcode releases, but for couple of last ones -# they would look like this: -# -# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ -# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer -# CROSS_SDK=iPhoneOS.sdk -# - "iphoneos-cross" => { - inherit_from => [ "darwin-common" ], - cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), - sys_id => "iOS", - disable => [ "engine" ], - }, - "ios-cross" => { - inherit_from => [ "darwin-common", asm("armv4_asm") ], - # It should be possible to go below iOS 6 and even add -arch armv6, - # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant - # at this point. - cflags => add("-arch armv7 -mios-version-min=6.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), - sys_id => "iOS", - perlasm_scheme => "ios32", - disable => [ "engine" ], - }, - "ios64-cross" => { - inherit_from => [ "darwin-common", asm("aarch64_asm") ], - cflags => add("-arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), - sys_id => "iOS", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - perlasm_scheme => "ios64", - disable => [ "engine" ], - }, - ##### GNU Hurd "hurd-x86" => { inherit_from => [ "BASE_unix" ], diff --git a/Configurations/15-ios.conf b/Configurations/15-ios.conf new file mode 100644 index 0000000..aff9096 --- /dev/null +++ b/Configurations/15-ios.conf @@ -0,0 +1,64 @@ +#### iPhoneOS/iOS +# +# It takes recent enough XCode to use following two targets. It shouldn't +# be a problem by now, but if they don't work, original targets below +# that depend on manual definition of environment variables should still +# work... +# +my %targets = ( + "ios-xcrun" => { + inherit_from => [ "darwin-common", asm("armv4_asm") ], + # It should be possible to go below iOS 6 and even add -arch armv6, + # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant + # at this point. + CC => "xcrun -sdk iphoneos cc", + cflags => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"), + sys_id => "iOS", + perlasm_scheme => "ios32", + disable => [ "engine" ], + }, + "ios64-xcrun" => { + inherit_from => [ "darwin-common", asm("aarch64_asm") ], + CC => "xcrun -sdk iphoneos cc", + cflags => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"), + sys_id => "iOS", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + perlasm_scheme => "ios64", + disable => [ "engine" ], + }, + "iossimulator-xcrun" => { + inherit_from => [ "darwin-common" ], + CC => "xcrun -sdk iphonesimulator cc", + sys_id => "iOS", + disable => [ "engine" ], + }, +# It takes three prior-set environment variables to make it work: +# +# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] +# CROSS_TOP=/where/SDKs/are +# CROSS_SDK=iPhoneOSx.y.sdk +# +# Exact paths vary with Xcode releases, but for couple of last ones +# they would look like this: +# +# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ +# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer +# CROSS_SDK=iPhoneOS.sdk +# + "iphoneos-cross" => { + inherit_from => [ "darwin-common" ], + cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), + sys_id => "iOS", + disable => [ "engine" ], + }, + "ios-cross" => { + inherit_from => [ "ios-xcrun" ], + CC => "cc", + cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"), + }, + "ios64-cross" => { + inherit_from => [ "ios64-xcrun" ], + CC => "cc", + cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"), + }, +); From osslsanity at gmail.com Fri Jun 8 15:27:20 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Fri, 8 Jun 2018 15:27:20 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_noec #560 In-Reply-To: <480545659.452.1528450033423.JavaMail.jenkins@ip-172-31-34-99> References: <480545659.452.1528450033423.JavaMail.jenkins@ip-172-31-34-99> Message-ID: <1413986519.453.1528471640760.JavaMail.jenkins@ip-172-31-34-99> See Changes: [appro] chacha/asm/chacha-ppc.pl: fix big-endian build. [appro] modes/ocb128.c: Reset nonce-dependent variables on setiv [appro] Configurations/*.conf: ios targets face-lift. ------------------------------------------ [...truncated 505.72 KB...] rm -f test/v3ext ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3ext test/v3ext.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/v3nametest.d.tmp -MT test/v3nametest.o -c -o test/v3nametest.o test/v3nametest.c rm -f test/v3nametest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3nametest test/v3nametest.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/verify_extra_test.d.tmp -MT test/verify_extra_test.o -c -o test/verify_extra_test.o test/verify_extra_test.c rm -f test/verify_extra_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/verify_extra_test test/verify_extra_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/versions.d.tmp -MT test/versions.o -c -o test/versions.o test/versions.c rm -f test/versions ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/versions test/versions.o \ -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/wpackettest.d.tmp -MT test/wpackettest.o -c -o test/wpackettest.o test/wpackettest.c rm -f test/wpackettest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/wpackettest test/wpackettest.o \ libssl.a test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test.o test/x509_check_cert_pkey_test.c rm -f test/x509_check_cert_pkey_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_check_cert_pkey_test test/x509_check_cert_pkey_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test.o -c -o test/x509_dup_cert_test.o test/x509_dup_cert_test.c rm -f test/x509_dup_cert_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_dup_cert_test test/x509_dup_cert_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -I. -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_internal_test.d.tmp -MT test/x509_internal_test.o -c -o test/x509_internal_test.o test/x509_internal_test.c rm -f test/x509_internal_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_internal_test test/x509_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_time_test.d.tmp -MT test/x509_time_test.o -c -o test/x509_time_test.o test/x509_time_test.c rm -f test/x509_time_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_time_test test/x509_time_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509aux.d.tmp -MT test/x509aux.o -c -o test/x509aux.o test/x509aux.c rm -f test/x509aux ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509aux test/x509aux.o \ test/libtestutil.a -lcrypto -ldl -pthread /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/CA.pl.in > "apps/CA.pl" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/tsget.in > "apps/tsget" chmod a+x apps/tsget /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" tools/c_rehash.in > "tools/c_rehash" chmod a+x tools/c_rehash /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x util/shlib_wrap.sh make[1]: Leaving directory ` + apps/openssl version -a OpenSSL 1.1.1-pre8-dev xx XXX xxxx built on: Fri Jun 8 15:22:01 2018 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib/engines-1.1" Seeding source: os-specific + make test make depend && make _tests make[1]: Entering directory ` make[1]: Leaving directory ` make[1]: Entering directory ` ( cd test; \ mkdir -p test-runs; \ SRCTOP=../. \ BLDTOP=../. \ RESULT_D=test-runs \ PERL="/usr/bin/perl" \ EXE_EXT= \ OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \ OPENSSL_DEBUG_MEMORY=on \ /usr/bin/perl .././test/run_tests.pl ) ../test/recipes/01-test_abort.t .................... ok ../test/recipes/01-test_sanity.t ................... ok ../test/recipes/01-test_symbol_presence.t .......... skipped: Only useful when building shared libraries ../test/recipes/01-test_test.t ..................... ok ../test/recipes/02-test_internal_ctype.t ........... ok ../test/recipes/02-test_lhash.t .................... ok ../test/recipes/02-test_ordinals.t ................. ok ../test/recipes/02-test_stack.t .................... ok ../test/recipes/03-test_exdata.t ................... ok ../test/recipes/03-test_internal_asn1.t ............ ok ../test/recipes/03-test_internal_chacha.t .......... ok ../test/recipes/03-test_internal_curve448.t ........ skipped: This test is unsupported in a no-ec build ../test/recipes/03-test_internal_mdc2.t ............ ok ../test/recipes/03-test_internal_modes.t ........... ok ../test/recipes/03-test_internal_poly1305.t ........ ok ../test/recipes/03-test_internal_siphash.t ......... ok ../test/recipes/03-test_internal_sm2.t ............. skipped: sm2 is not supported by this OpenSSL build ../test/recipes/03-test_internal_sm4.t ............. ok ../test/recipes/03-test_internal_ssl_cert_table.t .. ok ../test/recipes/03-test_internal_x509.t ............ ok ../test/recipes/03-test_ui.t ....................... ok ../test/recipes/04-test_asn1_encode.t .............. ok ../test/recipes/04-test_asn1_string_table.t ........ ok ../test/recipes/04-test_bio_callback.t ............. ok ../test/recipes/04-test_bioprint.t ................. ok ../test/recipes/04-test_err.t ...................... ok ../test/recipes/04-test_pem.t ...................... ok ../test/recipes/05-test_bf.t ....................... ok ../test/recipes/05-test_cast.t ..................... ok ../test/recipes/05-test_des.t ...................... ok ../test/recipes/05-test_hmac.t ..................... ok ../test/recipes/05-test_idea.t ..................... ok ../test/recipes/05-test_md2.t ...................... skipped: md2 is not supported by this OpenSSL build ../test/recipes/05-test_mdc2.t ..................... ok ../test/recipes/05-test_rand.t ..................... ok ../test/recipes/05-test_rc2.t ...................... ok ../test/recipes/05-test_rc4.t ...................... ok ../test/recipes/05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build ../test/recipes/06-test-rdrand.t ................... ok ../test/recipes/10-test_bn.t ....................... ok ../test/recipes/10-test_exp.t ...................... ok ../test/recipes/15-test_dh.t ....................... ok ../test/recipes/15-test_dsa.t ...................... ok ../test/recipes/15-test_ec.t ....................... ok ../test/recipes/15-test_ecdsa.t .................... skipped: ec is not supported by this OpenSSL build ../test/recipes/15-test_ecparam.t .................. skipped: EC isn't supported in this build ../test/recipes/15-test_genrsa.t ................... ok ../test/recipes/15-test_mp_rsa.t ................... ok ../test/recipes/15-test_out_option.t ............... ok ../test/recipes/15-test_rsa.t ...................... ok ../test/recipes/15-test_rsapss.t ................... ok ../test/recipes/20-test_enc.t ...................... ok ../test/recipes/20-test_enc_more.t ................. ok ../test/recipes/20-test_passwd.t ................... ok ../test/recipes/25-test_crl.t ...................... ok ../test/recipes/25-test_d2i.t ...................... ok ../test/recipes/25-test_pkcs7.t .................... ok ../test/recipes/25-test_req.t ...................... ok ../test/recipes/25-test_sid.t ...................... skipped: test_sid needs EC to run ../test/recipes/25-test_verify.t ................... ok ../test/recipes/25-test_x509.t ..................... ok ../test/recipes/30-test_afalg.t .................... skipped: test_afalg not supported for this build ../test/recipes/30-test_engine.t ................... ok ../test/recipes/30-test_evp.t ...................... ok ../test/recipes/30-test_evp_extra.t ................ Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../test/recipes/30-test_pbelu.t .................... ok ../test/recipes/30-test_pkey_meth.t ................ ok ../test/recipes/30-test_pkey_meth_kdf.t ............ ok ../test/recipes/40-test_rehash.t ................... ok ../test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../test/recipes/60-test_x509_dup_cert.t ............ ok ../test/recipes/60-test_x509_store.t ............... ok ../test/recipes/60-test_x509_time.t ................ ok ../test/recipes/70-test_asyncio.t .................. ok ../test/recipes/70-test_bad_dtls.t ................. ok ../test/recipes/70-test_clienthello.t .............. ok ../test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../test/recipes/70-test_packet.t ................... ok ../test/recipes/70-test_recordlen.t ................ ok ../test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../test/recipes/70-test_servername.t ............... ok ../test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../test/recipes/70-test_verify_extra.t ............. ok ../test/recipes/70-test_wpacket.t .................. ok ../test/recipes/80-test_ca.t ....................... ok ../test/recipes/80-test_cipherbytes.t .............. ok ../test/recipes/80-test_cipherlist.t ............... ok ../test/recipes/80-test_ciphername.t ............... ok ../test/recipes/80-test_cms.t ...................... ok ../test/recipes/80-test_cmsapi.t ................... ok ../test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/80-test_dtls.t ..................... ok ../test/recipes/80-test_dtls_mtu.t ................. ok ../test/recipes/80-test_dtlsv1listen.t ............. ok ../test/recipes/80-test_ocsp.t ..................... ok ../test/recipes/80-test_pkcs12.t ................... ok ../test/recipes/80-test_ssl_new.t .................. ok ../test/recipes/80-test_ssl_old.t .................. ok ../test/recipes/80-test_ssl_test_ctx.t ............. ok ../test/recipes/80-test_sslcorrupt.t ............... ok ../test/recipes/80-test_tsa.t ...................... ok ../test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/90-test_asn1_time.t ................ ok ../test/recipes/90-test_async.t .................... ok ../test/recipes/90-test_bio_enc.t .................. ok ../test/recipes/90-test_constant_time.t ............ ok ../test/recipes/90-test_fatalerr.t ................. ok ../test/recipes/90-test_gmdiff.t ................... ok ../test/recipes/90-test_ige.t ...................... ok ../test/recipes/90-test_includes.t ................. ok ../test/recipes/90-test_memleak.t .................. ok ../test/recipes/90-test_overhead.t ................. ok ../test/recipes/90-test_secmem.t ................... ok ../test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../test/recipes/90-test_srp.t ...................... ok ../test/recipes/90-test_sslapi.t ................... ok ../test/recipes/90-test_sslbuffers.t ............... ok ../test/recipes/90-test_store.t .................... ok ../test/recipes/90-test_sysdefault.t ............... ok ../test/recipes/90-test_threads.t .................. ok ../test/recipes/90-test_time_offset.t .............. ok ../test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../test/recipes/90-test_v3name.t ................... ok ../test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../test/recipes/99-test_ecstress.t ................. ok ../test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../test/recipes/30-test_evp_extra.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1016, 111 wallclock secs ( 0.45 usr 0.08 sys + 42.71 cusr 8.78 csys = 52.02 CPU) Result: FAIL make[1]: *** [_tests] Error 1 make[1]: Leaving directory ` make: *** [tests] Error 2 Build step 'Execute shell' marked build as failure From matt at openssl.org Fri Jun 8 15:49:13 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 08 Jun 2018 15:49:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528472953.023919.12288.nullmailer@dev.openssl.org> The branch master has been updated via 896dcb80651bd92546b73f4eac62bc211fca5a7d (commit) from c8a56217f9e00430d4cf20b70246ee049f285da6 (commit) - Log ----------------------------------------------------------------- commit 896dcb80651bd92546b73f4eac62bc211fca5a7d Author: Matt Caswell Date: Fri Jun 8 11:20:34 2018 +0100 Fix no-ec Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6437) ----------------------------------------------------------------------- Summary of changes: test/evp_extra_test.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index fd461c9..640da7c 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -488,7 +488,9 @@ static struct keys_st { EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL }, { EVP_PKEY_SIPHASH, "0123456789012345", NULL - }, { + }, +#ifndef OPENSSL_NO_EC + { EVP_PKEY_X25519, "01234567890123456789012345678901", "abcdefghijklmnopqrstuvwxyzabcdef" }, { @@ -503,6 +505,7 @@ static struct keys_st { "012345678901234567890123456789012345678901234567890123456", "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" } +#endif }; static int test_set_get_raw_keys_int(int tst, int pub) From matt at openssl.org Fri Jun 8 15:57:04 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 08 Jun 2018 15:57:04 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528473424.160422.14510.nullmailer@dev.openssl.org> The branch master has been updated via 7cacbe9d66b3bcedb57ef87da051e69d6e5b7f14 (commit) from 896dcb80651bd92546b73f4eac62bc211fca5a7d (commit) - Log ----------------------------------------------------------------- commit 7cacbe9d66b3bcedb57ef87da051e69d6e5b7f14 Author: Dmitry Belyavskiy Date: Wed May 9 18:30:41 2018 +0300 Documentation for missing s_client/s_server options Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6209) ----------------------------------------------------------------------- Summary of changes: doc/man1/s_client.pod | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- doc/man1/s_server.pod | 46 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 95 insertions(+), 2 deletions(-) diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 373b2d7..69bae94 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -23,9 +23,19 @@ B B [B<-certform DER|PEM>] [B<-key filename>] [B<-keyform DER|PEM>] +[B<-cert_chain filename>] +[B<-build_chain>] +[B<-xkey>] +[B<-xcert>] +[B<-xchain>] +[B<-xchain_build>] +[B<-xcertform PEM|DER>] +[B<-xkeyform PEM|DER>] [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-chainCApath directory>] +[B<-chainCAfile filename>] [B<-no-CAfile>] [B<-no-CApath>] [B<-requestCAfile filename>] @@ -60,6 +70,7 @@ B B [B<-verify_hostname hostname>] [B<-verify_ip ip>] [B<-verify_name name>] +[B<-build_chain>] [B<-x509_strict>] [B<-reconnect>] [B<-showcerts>] @@ -212,6 +223,34 @@ be used. The private format to use: DER or PEM. PEM is the default. +=item B<-cert_chain> + +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +B<-cert> option. + +=item B<-build_chain> + +Specify whether the application should build the certificate chain to be +provided to the server. + +=item B<-xkey infile>, B<-xcert infile>, B<-xchain> + +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When +specified, the callback returning the first valid chain will be in use by the +client. + +=item B<-xchain_build> + +Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates provided via B<-xkey infile>, +B<-xcert infile>, B<-xchain> options. + +=item B<-xcertform PEM|DER>, B<-xkeyform PEM|DER> + +Extra certificate and private key format respectively. + =item B<-pass arg> the private key password source. For more information about the format of B @@ -240,7 +279,7 @@ set multiple options. See the L manual page for details. =item B<-CApath directory> The directory to use for server certificate verification. This directory -must be in "hash format", see B for more information. These are +must be in "hash format", see L for more information. These are also used when building the client certificate chain. =item B<-CAfile file> @@ -248,6 +287,16 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. +=item B<-chainCApath directory> + +The directory to use for building the chain provided to the server. This +directory must be in "hash format", see L for more information. + +=item B<-chainCAfile file> + +A file containing trusted certificates to use when attempting to build the +client certificate chain. + =item B<-no-CAfile> Do not load the trusted CA certificates from the default file location diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index f89d4de..2b7db63 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -246,6 +246,17 @@ certificate and some require a certificate with a certain public key type: for example the DSS cipher suites require a certificate containing a DSS (DSA) key. If not specified then the filename "server.pem" will be used. +=item B<-cert_chain> + +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +B<-cert> option. + +=item B<-build_chain> + +Specify whether the application should build the certificate chain to be +provided to the client. + =item B<-nameopt val> Option which determines how the subject or issuer names are displayed. The @@ -295,10 +306,33 @@ and some a DSS (DSA) key. By using RSA and DSS certificates and keys a server can support clients which only support RSA or DSS cipher suites by using an appropriate certificate. +=item B<-dcert_chain> + +A file containing trusted certificates to use when attempting to build the +server certificate chain when a certificate specified via the B<-dcert> option +is in use. + =item B<-dcertform PEM|DER>, B<-dkeyform PEM|DER>, B<-dpass val> Additional certificate and private key format and passphrase respectively. +=item B<-xkey infile>, B<-xcert infile>, B<-xchain> + +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When +specified, the callback returning the first valid chain will be in use by +the server. + +=item B<-xchain_build> + +Specify whether the application should build the certificate chain to be +provided to the client for the extra certificates provided via B<-xkey infile>, +B<-xcert infile>, B<-xchain> options. + +=item B<-xcertform PEM|DER>, B<-xkeyform PEM|DER> + +Extra certificate and private key format respectively. + =item B<-nbio_test> Tests non blocking I/O. @@ -333,9 +367,19 @@ a certificate is requested. =item B<-CApath dir> The directory to use for client certificate verification. This directory -must be in "hash format", see B for more information. These are +must be in "hash format", see L for more information. These are also used when building the server certificate chain. +=item B<-chainCApath dir> + +The directory to use for building the chain provided to the client. This +directory must be in "hash format", see L for more information. + +=item B<-chainCAfile file> + +A file containing trusted certificates to use when attempting to build the +server certificate chain. + =item B<-no-CAfile> Do not load the trusted CA certificates from the default file location. From rsalz at openssl.org Fri Jun 8 16:06:54 2018 From: rsalz at openssl.org (Rich Salz) Date: Fri, 08 Jun 2018 16:06:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528474014.363775.17948.nullmailer@dev.openssl.org> The branch master has been updated via 55fc247a699be33153f27c06d304e6e60eeff980 (commit) from 7cacbe9d66b3bcedb57ef87da051e69d6e5b7f14 (commit) - Log ----------------------------------------------------------------- commit 55fc247a699be33153f27c06d304e6e60eeff980 Author: Dmitry Belyavskiy Date: Fri Jun 8 09:14:16 2018 -0400 New GOST identificators Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6438) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.h | 98 +++++++++++++++++++++++++++++++++++++++++++--- crypto/objects/obj_mac.num | 20 ++++++++++ crypto/objects/objects.txt | 23 +++++++++++ fuzz/oids.txt | 14 +++++++ include/openssl/obj_mac.h | 77 ++++++++++++++++++++++++++++++++++++ 5 files changed, 227 insertions(+), 5 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 60c3826..6d66d07 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7626] = { +static const unsigned char so[7746] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1060,9 +1060,23 @@ static const unsigned char so[7626] = { 0x2B,0x6F, /* [ 7610] OBJ_ieee */ 0x2B,0x6F,0x02,0x8C,0x53, /* [ 7612] OBJ_ieee_siswg */ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D, /* [ 7617] OBJ_sm2 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01, /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01, /* [ 7633] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02, /* [ 7642] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02, /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01, /* [ 7659] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02, /* [ 7668] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07, /* [ 7677] OBJ_id_tc26_wrap */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01, /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02, /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */ + 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02, /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03, /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */ + 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */ }; -#define NUM_NID 1173 +#define NUM_NID 1193 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2237,9 +2251,29 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"ieee", "ieee", NID_ieee, 2, &so[7610]}, {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]}, {"SM2", "sm2", NID_sm2, 8, &so[7617]}, + {"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]}, + {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]}, + {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]}, + {"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]}, + {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]}, + {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 9, &so[7668]}, + {"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]}, + {"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]}, + {"id-tc26-wrap-gostr3412-2015-magma-kexp15", "id-tc26-wrap-gostr3412-2015-magma-kexp15", NID_id_tc26_wrap_gostr3412_2015_magma_kexp15, 9, &so[7692]}, + {"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]}, + {"id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15, 9, &so[7709]}, + {"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]}, + {"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]}, + {"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]}, + {"magma-ecb", "magma-ecb", NID_magma_ecb}, + {"magma-ctr", "magma-ctr", NID_magma_ctr}, + {"magma-ofb", "magma-ofb", NID_magma_ofb}, + {"magma-cbc", "magma-cbc", NID_magma_cbc}, + {"magma-cfb", "magma-cfb", NID_magma_cfb}, + {"magma-mac", "magma-mac", NID_magma_mac}, }; -#define NUM_SN 1164 +#define NUM_SN 1184 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2999,6 +3033,12 @@ static const unsigned int sn_objs[NUM_SN] = { 977, /* "id-tc26-algorithms" */ 990, /* "id-tc26-cipher" */ 1001, /* "id-tc26-cipher-constants" */ + 1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */ + 1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */ + 1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */ + 1173, /* "id-tc26-cipher-gostr3412-2015-magma" */ + 1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */ + 1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */ 994, /* "id-tc26-constants" */ 981, /* "id-tc26-digest" */ 1000, /* "id-tc26-digest-constants" */ @@ -3006,6 +3046,9 @@ static const unsigned int sn_objs[NUM_SN] = { 1003, /* "id-tc26-gost-28147-param-Z" */ 1147, /* "id-tc26-gost-3410-2012-256-constants" */ 1148, /* "id-tc26-gost-3410-2012-256-paramSetA" */ + 1184, /* "id-tc26-gost-3410-2012-256-paramSetB" */ + 1185, /* "id-tc26-gost-3410-2012-256-paramSetC" */ + 1186, /* "id-tc26-gost-3410-2012-256-paramSetD" */ 996, /* "id-tc26-gost-3410-2012-512-constants" */ 998, /* "id-tc26-gost-3410-2012-512-paramSetA" */ 999, /* "id-tc26-gost-3410-2012-512-paramSetB" */ @@ -3019,6 +3062,11 @@ static const unsigned int sn_objs[NUM_SN] = { 984, /* "id-tc26-signwithdigest" */ 985, /* "id-tc26-signwithdigest-gost3410-2012-256" */ 986, /* "id-tc26-signwithdigest-gost3410-2012-512" */ + 1179, /* "id-tc26-wrap" */ + 1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */ + 1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */ + 1180, /* "id-tc26-wrap-gostr3412-2015-magma" */ + 1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */ 676, /* "identified-organization" */ 1170, /* "ieee" */ 1171, /* "ieee-siswg" */ @@ -3045,6 +3093,12 @@ static const unsigned int sn_objs[NUM_SN] = { 476, /* "lastModifiedTime" */ 157, /* "localKeyID" */ 480, /* "mXRecord" */ + 1190, /* "magma-cbc" */ + 1191, /* "magma-cfb" */ + 1188, /* "magma-ctr" */ + 1187, /* "magma-ecb" */ + 1192, /* "magma-mac" */ + 1189, /* "magma-ofb" */ 460, /* "mail" */ 493, /* "mailPreferenceOption" */ 467, /* "manager" */ @@ -3407,7 +3461,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1164 +#define NUM_LN 1184 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3464,6 +3518,9 @@ static const unsigned int ln_objs[NUM_LN] = { 811, /* "GOST R 34.10-2001" */ 817, /* "GOST R 34.10-2001 DH" */ 1148, /* "GOST R 34.10-2012 (256 bit) ParamSet A" */ + 1184, /* "GOST R 34.10-2012 (256 bit) ParamSet B" */ + 1185, /* "GOST R 34.10-2012 (256 bit) ParamSet C" */ + 1186, /* "GOST R 34.10-2012 (256 bit) ParamSet D" */ 998, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */ 999, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */ 1149, /* "GOST R 34.10-2012 (512 bit) ParamSet C" */ @@ -4154,6 +4211,12 @@ static const unsigned int ln_objs[NUM_LN] = { 977, /* "id-tc26-algorithms" */ 990, /* "id-tc26-cipher" */ 1001, /* "id-tc26-cipher-constants" */ + 1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */ + 1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */ + 1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */ + 1173, /* "id-tc26-cipher-gostr3412-2015-magma" */ + 1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */ + 1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */ 994, /* "id-tc26-constants" */ 981, /* "id-tc26-digest" */ 1000, /* "id-tc26-digest-constants" */ @@ -4164,6 +4227,11 @@ static const unsigned int ln_objs[NUM_LN] = { 978, /* "id-tc26-sign" */ 995, /* "id-tc26-sign-constants" */ 984, /* "id-tc26-signwithdigest" */ + 1179, /* "id-tc26-wrap" */ + 1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */ + 1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */ + 1180, /* "id-tc26-wrap-gostr3412-2015-magma" */ + 1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */ 34, /* "idea-cbc" */ 35, /* "idea-cfb" */ 36, /* "idea-ecb" */ @@ -4201,6 +4269,12 @@ static const unsigned int ln_objs[NUM_LN] = { 157, /* "localKeyID" */ 15, /* "localityName" */ 480, /* "mXRecord" */ + 1190, /* "magma-cbc" */ + 1191, /* "magma-cfb" */ + 1188, /* "magma-ctr" */ + 1187, /* "magma-ecb" */ + 1192, /* "magma-mac" */ + 1189, /* "magma-ofb" */ 493, /* "mailPreferenceOption" */ 467, /* "manager" */ 3, /* "md2" */ @@ -4575,7 +4649,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1055 +#define NUM_OBJ 1069 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -4975,6 +5049,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 987, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */ 990, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */ 991, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */ + 1179, /* OBJ_id_tc26_wrap 1 2 643 7 1 1 7 */ 995, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */ 1000, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */ 1001, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */ @@ -5063,8 +5138,12 @@ static const unsigned int obj_objs[NUM_OBJ] = { 986, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */ 988, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */ 989, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */ + 1173, /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */ + 1176, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */ 992, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */ 993, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */ + 1180, /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */ + 1182, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */ 1147, /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */ 996, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */ 1002, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */ @@ -5270,7 +5349,16 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1120, /* OBJ_aria_128_ccm 1 2 410 200046 1 1 37 */ 1121, /* OBJ_aria_192_ccm 1 2 410 200046 1 1 38 */ 1122, /* OBJ_aria_256_ccm 1 2 410 200046 1 1 39 */ + 1174, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1 2 643 7 1 1 5 1 1 */ + 1175, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1 2 643 7 1 1 5 1 2 */ + 1177, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */ + 1178, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */ + 1181, /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */ + 1183, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */ 1148, /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */ + 1184, /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */ + 1185, /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */ + 1186, /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */ 997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */ 998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */ 999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index ca8fdfb..57caf3c 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1170,3 +1170,23 @@ uacurve9 1169 ieee 1170 ieee_siswg 1171 sm2 1172 +id_tc26_cipher_gostr3412_2015_magma 1173 +id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +id_tc26_wrap 1179 +id_tc26_wrap_gostr3412_2015_magma 1180 +id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +id_tc26_gost_3410_2012_256_paramSetB 1184 +id_tc26_gost_3410_2012_256_paramSetC 1185 +id_tc26_gost_3410_2012_256_paramSetD 1186 +magma_ecb 1187 +magma_ctr 1188 +magma_ofb 1189 +magma_cbc 1190 +magma_cfb 1191 +magma_mac 1192 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index e565864..d4d1daa 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1339,16 +1339,31 @@ id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit id-tc26-algorithms 5 : id-tc26-cipher +id-tc26-cipher 1 : id-tc26-cipher-gostr3412-2015-magma +id-tc26-cipher-gostr3412-2015-magma 1 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm +id-tc26-cipher-gostr3412-2015-magma 2 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac +id-tc26-cipher 2 : id-tc26-cipher-gostr3412-2015-kuznyechik +id-tc26-cipher-gostr3412-2015-kuznyechik 1 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm +id-tc26-cipher-gostr3412-2015-kuznyechik 2 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac id-tc26-algorithms 6 : id-tc26-agreement id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256 id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512 +id-tc26-algorithms 7 : id-tc26-wrap +id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma +id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-magma-kexp15 +id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik +id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15 + id-tc26 2 : id-tc26-constants id-tc26-constants 1 : id-tc26-sign-constants id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants id-tc26-gost-3410-2012-256-constants 1 : id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A +id-tc26-gost-3410-2012-256-constants 2 : id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B +id-tc26-gost-3410-2012-256-constants 3 : id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C +id-tc26-gost-3410-2012-256-constants 4 : id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A @@ -1374,6 +1389,14 @@ member-body 643 100 112 : issuerSignTool : Signing Tool of Issuer : grasshopper-cfb : grasshopper-mac +#GOST R34.13-2015 Magma + : magma-ecb + : magma-ctr + : magma-ofb + : magma-cbc + : magma-cfb + : magma-mac + # Definitions for Camellia cipher - CBC MODE 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc diff --git a/fuzz/oids.txt b/fuzz/oids.txt index 9251b55..842bb15 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1047,3 +1047,17 @@ OBJ_uacurve9="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x09" OBJ_ieee="\x2B\x6F" OBJ_ieee_siswg="\x2B\x6F\x02\x8C\x53" OBJ_sm2="\x2A\x81\x1C\xCF\x55\x01\x82\x2D" +OBJ_id_tc26_cipher_gostr3412_2015_magma="\x2A\x85\x03\x07\x01\x01\x05\x01" +OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm="\x2A\x85\x03\x07\x01\x01\x05\x01\x01" +OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac="\x2A\x85\x03\x07\x01\x01\x05\x01\x02" +OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik="\x2A\x85\x03\x07\x01\x01\x05\x02" +OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm="\x2A\x85\x03\x07\x01\x01\x05\x02\x01" +OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac="\x2A\x85\x03\x07\x01\x01\x05\x02\x02" +OBJ_id_tc26_wrap="\x2A\x85\x03\x07\x01\x01\x07" +OBJ_id_tc26_wrap_gostr3412_2015_magma="\x2A\x85\x03\x07\x01\x01\x07\x01" +OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x01\x01" +OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik="\x2A\x85\x03\x07\x01\x01\x07\x02" +OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15="\x2A\x85\x03\x07\x01\x01\x07\x01\x01" +OBJ_id_tc26_gost_3410_2012_256_paramSetB="\x2A\x85\x03\x07\x01\x02\x01\x01\x02" +OBJ_id_tc26_gost_3410_2012_256_paramSetC="\x2A\x85\x03\x07\x01\x02\x01\x01\x03" +OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04" diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 2078dc4..e95e369 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -4218,6 +4218,30 @@ #define NID_id_tc26_cipher 990 #define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L +#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma" +#define NID_id_tc26_cipher_gostr3412_2015_magma 1173 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L + +#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175 +#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L + +#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" +#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178 +#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L + #define SN_id_tc26_agreement "id-tc26-agreement" #define NID_id_tc26_agreement 991 #define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L @@ -4230,6 +4254,26 @@ #define NID_id_tc26_agreement_gost_3410_2012_512 993 #define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L +#define SN_id_tc26_wrap "id-tc26-wrap" +#define NID_id_tc26_wrap 1179 +#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L + +#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma" +#define NID_id_tc26_wrap_gostr3412_2015_magma 1180 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L + +#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181 +#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L + +#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" +#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183 +#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L + #define SN_id_tc26_constants "id-tc26-constants" #define NID_id_tc26_constants 994 #define OBJ_id_tc26_constants OBJ_id_tc26,2L @@ -4247,6 +4291,21 @@ #define NID_id_tc26_gost_3410_2012_256_paramSetA 1148 #define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L +#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB" +#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L + +#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC" +#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L + +#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD" +#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186 +#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L + #define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" #define NID_id_tc26_gost_3410_2012_512_constants 996 #define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L @@ -4331,6 +4390,24 @@ #define SN_grasshopper_mac "grasshopper-mac" #define NID_grasshopper_mac 1017 +#define SN_magma_ecb "magma-ecb" +#define NID_magma_ecb 1187 + +#define SN_magma_ctr "magma-ctr" +#define NID_magma_ctr 1188 + +#define SN_magma_ofb "magma-ofb" +#define NID_magma_ofb 1189 + +#define SN_magma_cbc "magma-cbc" +#define NID_magma_cbc 1190 + +#define SN_magma_cfb "magma-cfb" +#define NID_magma_cfb 1191 + +#define SN_magma_mac "magma-mac" +#define NID_magma_mac 1192 + #define SN_camellia_128_cbc "CAMELLIA-128-CBC" #define LN_camellia_128_cbc "camellia-128-cbc" #define NID_camellia_128_cbc 751 From appro at openssl.org Sat Jun 9 12:45:35 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 09 Jun 2018 12:45:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528548335.403228.8381.nullmailer@dev.openssl.org> The branch master has been updated via 913cebc8f44d50479704040c77d9ed20eea839bc (commit) via 46ceca3c91cc7b8e8f522009e7338a9a96952e6e (commit) from 55fc247a699be33153f27c06d304e6e60eeff980 (commit) - Log ----------------------------------------------------------------- commit 913cebc8f44d50479704040c77d9ed20eea839bc Author: Andy Polyakov Date: Fri Jun 8 11:38:22 2018 +0200 rand/rand_unix.c: bypass DSO_global_lookup on ELF systems. If built with no-dso, syscall_random remains "blind" to getentropy. Since it's possible to detect symbol availability on ELF-based systems without involving DSO module, bypass it. Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6436) commit 46ceca3c91cc7b8e8f522009e7338a9a96952e6e Author: Andy Polyakov Date: Fri Jun 8 11:03:32 2018 +0200 rand/rand_unix.c: omit error from DSO_global_lookup. If built with no-dso, DSO_global_lookup leaves "unsupported" message in error queue. Since there is a fall-back code, it's unnecessary distraction. Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6436) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 9f17494..7989081 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -229,17 +229,9 @@ static size_t sysctl_random(char *buf, size_t buflen) */ int syscall_random(void *buf, size_t buflen) { - union { - void *p; - int (*f)(void *buffer, size_t length); - } p_getentropy; - /* * Do runtime detection to find getentropy(). * - * We could cache the result of the lookup, but we normally don't - * call this function often. - * * Known OSs that should support this: * - Darwin since 16 (OSX 10.12, IOS 10.0). * - Solaris since 11.3 @@ -247,9 +239,27 @@ int syscall_random(void *buf, size_t buflen) * - Linux since 3.17 with glibc 2.25 * - FreeBSD since 12.0 (1200061) */ +# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) + extern int getentropy(void *bufer, size_t length) __attribute__((weak)); + + if (getentropy != NULL) + return getentropy(buf, buflen) == 0 ? buflen : 0; +# else + union { + void *p; + int (*f)(void *buffer, size_t length); + } p_getentropy; + + /* + * We could cache the result of the lookup, but we normally don't + * call this function often. + */ + ERR_set_mark(); p_getentropy.p = DSO_global_lookup("getentropy"); + ERR_pop_to_mark(); if (p_getentropy.p != NULL) return p_getentropy.f(buf, buflen) == 0 ? buflen : 0; +# endif /* Linux supports this since version 3.17 */ # if defined(__linux) && defined(SYS_getrandom) From appro at openssl.org Sat Jun 9 12:48:13 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 09 Jun 2018 12:48:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528548493.195458.9270.nullmailer@dev.openssl.org> The branch master has been updated via f55ef97b5c0f8559f393b72ebd4b2de32ad6d231 (commit) from 913cebc8f44d50479704040c77d9ed20eea839bc (commit) - Log ----------------------------------------------------------------- commit f55ef97b5c0f8559f393b72ebd4b2de32ad6d231 Author: Andy Polyakov Date: Fri Jun 8 15:02:39 2018 +0200 bn/asm/sparcv9-mont.pl: iron another glitch in squaring code path. This module is used only with odd input lengths, i.e. not used in normal PKI cases, on contemporary processors. The problem was "illuminated" by fuzzing tests. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6440) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/sparcv9-mont.pl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index c0407b1..b41903a 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -493,6 +493,9 @@ $code.=<<___; mulx $npj,$mul1,$acc1 add $tpj,$car1,$car1 ld [$np+$j],$npj ! np[j] + srlx $car1,32,$tmp0 + and $car1,$mask,$car1 + add $tmp0,$sbit,$sbit add $acc0,$car1,$car1 ld [$tp+8],$tpj ! tp[j] add $acc1,$car1,$car1 From appro at openssl.org Sat Jun 9 12:50:00 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 09 Jun 2018 12:50:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1528548600.667492.10223.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via bd45a8d1ef338027e6892a7c886a373a4fafbf7d (commit) from 278f65eeabb28279661927ecbcc23e95aad34948 (commit) - Log ----------------------------------------------------------------- commit bd45a8d1ef338027e6892a7c886a373a4fafbf7d Author: Andy Polyakov Date: Fri Jun 8 15:02:39 2018 +0200 bn/asm/sparcv9-mont.pl: iron another glitch in squaring code path. This module is used only with odd input lengths, i.e. not used in normal PKI cases, on contemporary processors. The problem was "illuminated" by fuzzing tests. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6440) (cherry picked from commit f55ef97b5c0f8559f393b72ebd4b2de32ad6d231) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/sparcv9-mont.pl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index 30db95e..2043ab0 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -483,6 +483,9 @@ $code.=<<___; mulx $npj,$mul1,$acc1 add $tpj,$car1,$car1 ld [$np+$j],$npj ! np[j] + srlx $car1,32,$tmp0 + and $car1,$mask,$car1 + add $tmp0,$sbit,$sbit add $acc0,$car1,$car1 ld [$tp+8],$tpj ! tp[j] add $acc1,$car1,$car1 From appro at openssl.org Sat Jun 9 12:50:00 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 09 Jun 2018 12:50:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1528548600.726858.10245.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via e13d8f7ba4681f904cba71558168965697b76a17 (commit) from 776ad43f9d5c50bd8f9d03c89b862d275835247a (commit) - Log ----------------------------------------------------------------- commit e13d8f7ba4681f904cba71558168965697b76a17 Author: Andy Polyakov Date: Fri Jun 8 15:02:39 2018 +0200 bn/asm/sparcv9-mont.pl: iron another glitch in squaring code path. This module is used only with odd input lengths, i.e. not used in normal PKI cases, on contemporary processors. The problem was "illuminated" by fuzzing tests. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6440) (cherry picked from commit f55ef97b5c0f8559f393b72ebd4b2de32ad6d231) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/sparcv9-mont.pl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index 55ceecb..ef434bc 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -493,6 +493,9 @@ $code.=<<___; mulx $npj,$mul1,$acc1 add $tpj,$car1,$car1 ld [$np+$j],$npj ! np[j] + srlx $car1,32,$tmp0 + and $car1,$mask,$car1 + add $tmp0,$sbit,$sbit add $acc0,$car1,$car1 ld [$tp+8],$tpj ! tp[j] add $acc1,$car1,$car1 From scan-admin at coverity.com Sun Jun 10 08:48:38 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 10 Jun 2018 08:48:38 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b1ce5e59e746_1c312ab1dd750f58714e1@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1gSBGN6rK43z47MDWj4HMtFKop0VLLSs5CSUL1UmVTyENnRq-2BIrjmwX3FnAuDWFOFdCMelS-2BJmExYBH7V4p234xzs47EgPnW1YpwlGOaZEpW-2B1a6h0kTh7jGeRmUPTbdUahwh4PYiM54wJFNJxnET8YRAFS3eFxGBohvNMm8jbxjtoOMQKKmk92BpuTSQIrxo-3D Build ID: 214850 Analysis Summary: New defects found: 6 Defects eliminated: 7 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6q227lMNIWoOb8ZgSjAjKcg-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1gSBGN6rK43z47MDWj4HMtFKop0VLLSs5CSUL1UmVTyNpXzyy7bJXsS-2B9AbKPrNdvc-2FY9lmdj-2FfO7GUT0cCvgAT0JI9GXJwg9kcVhWbfNbRxkwiDfpYcXc7bqbWEw8DK6LZryyhZx0s7DPDyZpiZawH7zEWm7bIXc2j84sqtw84rmGMPeLHnqxYe4XKkG1MTA-3D From scan-admin at coverity.com Sun Jun 10 08:56:25 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 10 Jun 2018 08:56:25 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b1ce7b9811d_21fe2ab1dd750f5871492@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2O-2B54SJhO7lO4v9YmhEcvTJtSjda99IIxxaTqaydfhabFkUAG59ZDYDzh-2FYj-2FCqXPZxfJ5YNHSDpe-2BtqUkmZyAfC6wgADYFZ0onS-2BFd-2FwYDs4LJosmFkSeqJHrDHROgfqRiyVN1OLxwX2jCp0KDIPf5Fq3NyGtcd3xKKmbBBQbBcXl-2B3b-2FC6-2BGp5hAQbZVlfQ-3D Build ID: 214855 Analysis Summary: New defects found: 0 Defects eliminated: 0 From no-reply at appveyor.com Sun Jun 10 21:06:48 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 10 Jun 2018 21:06:48 +0000 Subject: [openssl-commits] Build failed: openssl master.18386 Message-ID: <20180610210648.1.B0FFB2911F6A51C3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jun 10 21:33:44 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 10 Jun 2018 21:33:44 +0000 Subject: [openssl-commits] Build failed: openssl master.18388 Message-ID: <20180610213344.1.F56B520FCCD51990@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jun 10 22:08:59 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 10 Jun 2018 22:08:59 +0000 Subject: [openssl-commits] Build failed: openssl master.18390 Message-ID: <20180610220859.1.83B36B7405ABC49F@appveyor.com> An HTML attachment was scrubbed... URL: From osslsanity at gmail.com Mon Jun 11 09:27:34 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Mon, 11 Jun 2018 09:27:34 +0000 (UTC) Subject: [openssl-commits] Jenkins build is back to normal : master_noec #561 In-Reply-To: <1413986519.453.1528471640760.JavaMail.jenkins@ip-172-31-34-99> References: <1413986519.453.1528471640760.JavaMail.jenkins@ip-172-31-34-99> Message-ID: <510770540.454.1528709254584.JavaMail.jenkins@ip-172-31-34-99> See From matt at openssl.org Mon Jun 11 10:07:29 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 Jun 2018 10:07:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528711649.611413.29649.nullmailer@dev.openssl.org> The branch master has been updated via 387e5ac856454e81d82a4b83388994fecbfc229e (commit) from f55ef97b5c0f8559f393b72ebd4b2de32ad6d231 (commit) - Log ----------------------------------------------------------------- commit 387e5ac856454e81d82a4b83388994fecbfc229e Author: Todd Short Date: Wed Jun 6 17:28:13 2018 -0400 Add support for RSA-PSS to X509_certificate_type() Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6430) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509type.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 3374e3e..0e33b42 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -35,6 +35,9 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) /* if (!sign only extension) */ ret |= EVP_PKT_ENC; break; + case EVP_PKEY_RSA_PSS: + ret = EVP_PK_RSA | EVP_PKT_SIGN; + break; case EVP_PKEY_DSA: ret = EVP_PK_DSA | EVP_PKT_SIGN; break; From no-reply at appveyor.com Mon Jun 11 10:10:29 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 Jun 2018 10:10:29 +0000 Subject: [openssl-commits] Build failed: openssl master.18397 Message-ID: <20180611101029.1.F377FA1B690E2A0B@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jun 11 10:56:10 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 Jun 2018 10:56:10 +0000 Subject: [openssl-commits] Build completed: openssl master.18398 Message-ID: <20180611105610.1.0256E5E427CA5169@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Jun 11 14:44:44 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 11 Jun 2018 14:44:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1528728284.690379.30432.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 9a236d5a7158d38b933656cacc31dfd4ff4fcc08 (commit) from e13d8f7ba4681f904cba71558168965697b76a17 (commit) - Log ----------------------------------------------------------------- commit 9a236d5a7158d38b933656cacc31dfd4ff4fcc08 Author: Richard Levitte Date: Mon Jun 11 10:33:09 2018 +0200 VMS: have mkdef.pl parse lettered versions properly Fixes #6449 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6450) ----------------------------------------------------------------------- Summary of changes: util/mkdef.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkdef.pl b/util/mkdef.pl index eb303e6..823cb66 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -1336,7 +1336,7 @@ EOF } elsif ($VMS) { print OUT ")\n"; (my $libvmaj, my $libvmin, my $libvedit) = - $currversion =~ /^(\d+)_(\d+)_(\d+)$/; + $currversion =~ /^(\d+)_(\d+)_(\d+)[a-z]{0,2}$/; # The reason to multiply the edit number with 100 is to make space # for the possibility that we want to encode the patch letters print OUT "GSMATCH=LEQUAL,",($libvmaj * 100 + $libvmin),",",($libvedit * 100),"\n"; From levitte at openssl.org Mon Jun 11 14:46:01 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 11 Jun 2018 14:46:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528728361.837930.31457.nullmailer@dev.openssl.org> The branch master has been updated via 2285c0f624b2f5fd16b590511dc35f427053f89f (commit) from 387e5ac856454e81d82a4b83388994fecbfc229e (commit) - Log ----------------------------------------------------------------- commit 2285c0f624b2f5fd16b590511dc35f427053f89f Author: Richard Levitte Date: Mon Jun 11 10:33:09 2018 +0200 VMS: have mkdef.pl parse lettered versions properly Fixes #6449 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6450) (cherry picked from commit 9a236d5a7158d38b933656cacc31dfd4ff4fcc08) ----------------------------------------------------------------------- Summary of changes: util/mkdef.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkdef.pl b/util/mkdef.pl index 669589c..b7cf9b2 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -1288,7 +1288,7 @@ EOF } elsif ($VMS) { print OUT ")\n"; (my $libvmaj, my $libvmin, my $libvedit) = - $currversion =~ /^(\d+)_(\d+)_(\d+)$/; + $currversion =~ /^(\d+)_(\d+)_(\d+)[a-z]{0,2}$/; # The reason to multiply the edit number with 100 is to make space # for the possibility that we want to encode the patch letters print OUT "GSMATCH=LEQUAL,",($libvmaj * 100 + $libvmin),",",($libvedit * 100),"\n"; From matt at openssl.org Mon Jun 11 14:53:17 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 Jun 2018 14:53:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528728797.791953.488.nullmailer@dev.openssl.org> The branch master has been updated via bcf2907c685cf1bde9eb92928fad5e85c483563b (commit) via fb62e47c782397cadf607b92ce50f2bbe250d12e (commit) via 4aa5a5669c69a66fbd8b31c52014356f1e960501 (commit) from 2285c0f624b2f5fd16b590511dc35f427053f89f (commit) - Log ----------------------------------------------------------------- commit bcf2907c685cf1bde9eb92928fad5e85c483563b Author: Matt Caswell Date: Fri Jun 8 17:18:03 2018 +0100 Remodel the if sequence for handling alerts Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6370) commit fb62e47c782397cadf607b92ce50f2bbe250d12e Author: Matt Caswell Date: Fri May 18 09:08:19 2018 +0100 Don't send a warning alert in TLSv1.3 TLSv1.3 ignores the alert level, so we should suppress sending of warning only alerts. Fixes #6211 Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6370) commit 4aa5a5669c69a66fbd8b31c52014356f1e960501 Author: Matt Caswell Date: Fri May 18 09:07:42 2018 +0100 Fix TLSv1.3 alert handling In TLSv1.3 we should ignore the severity level of an alert according to the spec. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6370) ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_s3.c | 63 ++++++++++++++++++++++------------------------- ssl/statem/extensions.c | 4 ++- 2 files changed, 33 insertions(+), 34 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 61010f4..75b506b 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1209,6 +1209,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSL3_RECORD *rr; SSL3_BUFFER *rbuf; void (*cb) (const SSL *ssl, int type2, int val) = NULL; + int is_tls13 = SSL_IS_TLS13(s); rbuf = &s->rlayer.rbuf; @@ -1340,7 +1341,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, if (type == SSL3_RECORD_get_type(rr) || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC && type == SSL3_RT_HANDSHAKE && recvd_type != NULL - && !SSL_IS_TLS13(s))) { + && !is_tls13)) { /* * SSL3_RT_APPLICATION_DATA or * SSL3_RT_HANDSHAKE or @@ -1524,7 +1525,8 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == SSL3_AL_WARNING) { + if (alert_level == SSL3_AL_WARNING + || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) { s->s3->warn_alert = alert_descr; SSL3_RECORD_set_read(rr); @@ -1534,34 +1536,19 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSL_R_TOO_MANY_WARN_ALERTS); return -1; } + } - if (alert_descr == SSL_AD_CLOSE_NOTIFY) { - s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return 0; - } - /* - * Apart from close_notify the only other warning alert in TLSv1.3 - * is user_cancelled - which we just ignore. - */ - if (SSL_IS_TLS13(s) && alert_descr != SSL_AD_USER_CANCELLED) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES, - SSL_R_UNKNOWN_ALERT_TYPE); - return -1; - } - /* - * This is a warning but we receive it if we requested - * renegotiation and the peer denied it. Terminate with a fatal - * alert because if application tried to renegotiate it - * presumably had a good reason and expects it to succeed. In - * future we might have a renegotiation where we don't care if - * the peer refused it where we carry on. - */ - if (alert_descr == SSL_AD_NO_RENEGOTIATION) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES, - SSL_R_NO_RENEGOTIATION); - return -1; - } - } else if (alert_level == SSL3_AL_FATAL) { + /* + * Apart from close_notify the only other warning alert in TLSv1.3 + * is user_cancelled - which we just ignore. + */ + if (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED) { + goto start; + } else if (alert_descr == SSL_AD_CLOSE_NOTIFY + && (is_tls13 || alert_level == SSL3_AL_WARNING)) { + s->shutdown |= SSL_RECEIVED_SHUTDOWN; + return 0; + } else if (alert_level == SSL3_AL_FATAL || is_tls13) { char tmp[16]; s->rwstate = SSL_NOTHING; @@ -1574,13 +1561,23 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSL3_RECORD_set_read(rr); SSL_CTX_remove_session(s->session_ctx, s->session); return 0; - } else { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES, - SSL_R_UNKNOWN_ALERT_TYPE); + } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) { + /* + * This is a warning but we receive it if we requested + * renegotiation and the peer denied it. Terminate with a fatal + * alert because if application tried to renegotiate it + * presumably had a good reason and expects it to succeed. In + * future we might have a renegotiation where we don't care if + * the peer refused it where we carry on. + */ + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES, + SSL_R_NO_RENEGOTIATION); return -1; } - goto start; + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES, + SSL_R_UNKNOWN_ALERT_TYPE); + return -1; } if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 8885e5e..496039e 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -984,7 +984,9 @@ static int final_server_name(SSL *s, unsigned int context, int sent) return 0; case SSL_TLSEXT_ERR_ALERT_WARNING: - ssl3_send_alert(s, SSL3_AL_WARNING, altmp); + /* TLSv1.3 doesn't have warning alerts so we suppress this */ + if (!SSL_IS_TLS13(s)) + ssl3_send_alert(s, SSL3_AL_WARNING, altmp); return 1; case SSL_TLSEXT_ERR_NOACK: From levitte at openssl.org Mon Jun 11 15:02:00 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 11 Jun 2018 15:02:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528729320.443009.2710.nullmailer@dev.openssl.org> The branch master has been updated via fa92c69aafc40a87c9b0dded9c365348a8ac4b33 (commit) from bcf2907c685cf1bde9eb92928fad5e85c483563b (commit) - Log ----------------------------------------------------------------- commit fa92c69aafc40a87c9b0dded9c365348a8ac4b33 Author: David von Oheimb Date: Mon Jun 11 11:02:57 2018 +0200 export data_dir of Test.pm, which was forgotten in #5928 Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6451) ----------------------------------------------------------------------- Summary of changes: util/perl/OpenSSL/Test.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index 19141e9..d2f8190 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -20,7 +20,7 @@ $VERSION = "0.8"; perlapp perltest subtest)); @EXPORT_OK = (@Test::More::EXPORT_OK, qw(bldtop_dir bldtop_file srctop_dir srctop_file - data_file + data_file data_dir pipe with cmdstr quotify openssl_versions)); From levitte at openssl.org Mon Jun 11 15:53:01 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 11 Jun 2018 15:53:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528732381.481539.9803.nullmailer@dev.openssl.org> The branch master has been updated via a21180b70f6372fee836557df187d72f7a91b686 (commit) from fa92c69aafc40a87c9b0dded9c365348a8ac4b33 (commit) - Log ----------------------------------------------------------------- commit a21180b70f6372fee836557df187d72f7a91b686 Author: Richard Levitte Date: Mon Jun 11 16:26:19 2018 +0200 util/ck_errf.pl: add detection of unknown libcrypto and libssl libs The list of known libs are readily available in crypto/err/openssl.ec, so lets use it to figure out if all error function codes belong to known libs. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6455) ----------------------------------------------------------------------- Summary of changes: util/ck_errf.pl | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/util/ck_errf.pl b/util/ck_errf.pl index ada2352..a078427 100755 --- a/util/ck_errf.pl +++ b/util/ck_errf.pl @@ -19,6 +19,20 @@ use warnings; my $err_strict = 0; my $bad = 0; +# To detect if there is any error generation for a libcrypto/libssl libs +# we don't know, we need to find out what libs we do know. That list is +# readily available in crypto/err/openssl.ec, in form of lines starting +# with "L ". +my $config = "crypto/err/openssl.ec"; +my %libs = ( "SYS" => 1 ); +open my $cfh, $config or die "Trying to read $config: $!\n"; +while (<$cfh>) { + s|\R$||; # Better chomp + next unless m|^L ([0-9A-Z_]+)\s|; + next if $1 eq "NONE"; + $libs{$1} = 1; +} + foreach my $file (@ARGV) { if ( $file eq "-strict" ) { $err_strict = 1; @@ -33,17 +47,22 @@ foreach my $file (@ARGV) { $func = $1; $func =~ tr/A-Z/a-z/; } - if ( /([A-Z0-9]+)err\(([^,]+)/ && !/ckerr_ignore/ ) { + if ( /([A-Z0-9_]+[A-Z0-9])err\(([^,]+)/ && !/ckerr_ignore/ ) { my $errlib = $1; my $n = $2; + unless ( $libs{$errlib} ) { + print "$file:$.:$errlib unknown\n"; + $bad = 1; + } + if ( $func eq "" ) { print "$file:$.:???:$n\n"; $bad = 1; next; } - if ( $n !~ /([^_]+)_F_(.+)$/ ) { + if ( $n !~ /^(.+)_F_(.+)$/ ) { #print "check -$file:$.:$func:$n\n"; next; } From no-reply at appveyor.com Mon Jun 11 16:58:34 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 Jun 2018 16:58:34 +0000 Subject: [openssl-commits] Build failed: openssl master.18410 Message-ID: <20180611165834.1.E14D9A1CEF41AD51@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jun 11 17:31:01 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 11 Jun 2018 17:31:01 +0000 Subject: [openssl-commits] Build completed: openssl master.18411 Message-ID: <20180611173101.1.88476630ACC3CBEA@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Jun 12 07:20:03 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 12 Jun 2018 07:20:03 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1528788003.953896.29727.nullmailer@dev.openssl.org> The branch master has been updated via d04d28a092b7489bfe3831aa69e20ddc87b28bfa (commit) from 8241c47b948d2213e8cead94844fd23207716499 (commit) - Log ----------------------------------------------------------------- commit d04d28a092b7489bfe3831aa69e20ddc87b28bfa Author: Richard Levitte Date: Tue Jun 12 09:19:01 2018 +0200 Emilia K?sper has left us ----------------------------------------------------------------------- Summary of changes: community/omc-alumni.html | 5 +++++ community/omc.html | 7 ------- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/community/omc-alumni.html b/community/omc-alumni.html index 2f1fbd7..0581a62 100644 --- a/community/omc-alumni.html +++ b/community/omc-alumni.html @@ -38,6 +38,11 @@ + Emilia Käsper   + CH + + + Nils Larsch   DE diff --git a/community/omc.html b/community/omc.html index 6678dc7..dd78706 100644 --- a/community/omc.html +++ b/community/omc.html @@ -59,13 +59,6 @@ href="http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD">C1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD - - Emilia Käsper - emilia at openssl.org - CH -   - - Richard Levitte levitte at openssl.org From matt at openssl.org Tue Jun 12 09:11:02 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 12 Jun 2018 09:11:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528794662.780282.17679.nullmailer@dev.openssl.org> The branch master has been updated via 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe (commit) from a21180b70f6372fee836557df187d72f7a91b686 (commit) - Log ----------------------------------------------------------------- commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe Author: Guido Vranken Date: Mon Jun 11 19:38:54 2018 +0200 Reject excessively large primes in DH key generation. CVE-2018-0732 Signed-off-by: Guido Vranken Reviewed-by: Matthias St. Pierre Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6457) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_key.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 6901548..752542b 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -78,10 +78,15 @@ static int generate_key(DH *dh) int ok = 0; int generate_new_key = 0; unsigned l; - BN_CTX *ctx; + BN_CTX *ctx = NULL; BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; From osslsanity at gmail.com Tue Jun 12 09:14:05 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Tue, 12 Jun 2018 09:14:05 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_make_errors #565 Message-ID: <2099345960.455.1528794845412.JavaMail.jenkins@ip-172-31-34-99> See Changes: [levitte] util/ck_errf.pl: add detection of unknown libcrypto and libssl libs [matt] Reject excessively large primes in DH key generation. ------------------------------------------ Started by upstream project "master_basic" build number 576 originally caused by: Started by an SCM change Building in workspace [WS-CLEANUP] Deleting project workspace... [WS-CLEANUP] Done Cloning the remote Git repository Cloning repository https://github.com/openssl/openssl.git > git init # timeout=10 Fetching upstream changes from https://github.com/openssl/openssl.git > git --version # timeout=10 > git fetch --tags --progress https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/* > git config remote.origin.url https://github.com/openssl/openssl.git # timeout=10 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10 > git config remote.origin.url https://github.com/openssl/openssl.git # timeout=10 Fetching upstream changes from https://github.com/openssl/openssl.git > git fetch --tags --progress https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/* > git rev-parse refs/remotes/origin/master^{commit} # timeout=10 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10 Checking out Revision 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe (refs/remotes/origin/master) > git config core.sparsecheckout # timeout=10 > git checkout -f 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe > git rev-list fa92c69aafc40a87c9b0dded9c365348a8ac4b33 # timeout=10 [master_make_errors] $ /bin/sh -xe /tmp/jenkins2400646188663886536.sh + ./config Operating system: x86_64-whatever-linux2 Configuring OpenSSL version 1.1.1-pre8-dev (0x10101008L) for linux-x86_64 Using os-specific seed configuration Creating configdata.pm Creating Makefile ********************************************************************** *** *** *** If you want to report a building issue, please include the *** *** output from this command: *** *** *** *** perl configdata.pm --dump *** *** *** ********************************************************************** + make depend + make errors ( cd .; /usr/bin/perl util/ck_errf.pl -strict */*.c */*/*.c ) FATAL: error discrepancy engines/e_afalg.c:165:AFALG unknown engines/e_afalg.c:189:AFALG unknown engines/e_afalg.c:207:AFALG unknown engines/e_afalg.c:356:AFALG unknown engines/e_afalg.c:380:AFALG unknown engines/e_afalg.c:387:AFALG unknown engines/e_afalg.c:394:AFALG unknown engines/e_afalg.c:722:AFALG unknown engines/e_afalg.c:733:AFALG unknown engines/e_afalg.c:739:AFALG unknown engines/e_afalg.c:775:AFALG unknown engines/e_afalg.c:792:AFALG unknown engines/e_afalg.c:800:AFALG unknown engines/e_capi.c:290:CAPI unknown engines/e_capi.c:296:CAPI unknown engines/e_capi.c:323:CAPI unknown engines/e_capi.c:350:CAPI unknown engines/e_capi.c:370:CAPI unknown engines/e_capi.c:386:CAPI unknown engines/e_capi.c:489:CAPI unknown engines/e_capi.c:637:CAPI unknown engines/e_capi.c:648:CAPI unknown engines/e_capi.c:655:CAPI unknown engines/e_capi.c:667:CAPI unknown engines/e_capi.c:713:CAPI unknown engines/e_capi.c:760:CAPI unknown engines/e_capi.c:778:CAPI unknown engines/e_capi.c:792:CAPI unknown engines/e_capi.c:814:CAPI unknown engines/e_capi.c:835:CAPI unknown engines/e_capi.c:867:CAPI unknown engines/e_capi.c:875:CAPI unknown engines/e_capi.c:882:CAPI unknown engines/e_capi.c:890:CAPI unknown engines/e_capi.c:931:CAPI unknown engines/e_capi.c:938:CAPI unknown engines/e_capi.c:945:CAPI unknown engines/e_capi.c:954:CAPI unknown engines/e_capi.c:995:CAPI unknown engines/e_capi.c:1000:CAPI unknown engines/e_capi.c:1006:CAPI unknown engines/e_capi.c:1013:CAPI unknown engines/e_capi.c:1021:CAPI unknown engines/e_capi.c:1065:CAPI unknown engines/e_capi.c:1102:CAPI unknown engines/e_capi.c:1107:CAPI unknown engines/e_capi.c:1112:CAPI unknown engines/e_capi.c:1128:CAPI unknown engines/e_capi.c:1134:CAPI unknown engines/e_capi.c:1142:CAPI unknown engines/e_capi.c:1197:CAPI unknown engines/e_capi.c:1204:CAPI unknown engines/e_capi.c:1211:CAPI unknown engines/e_capi.c:1221:CAPI unknown engines/e_capi.c:1238:CAPI unknown engines/e_capi.c:1272:CAPI unknown engines/e_capi.c:1277:CAPI unknown engines/e_capi.c:1327:CAPI unknown engines/e_capi.c:1389:CAPI unknown engines/e_capi.c:1496:CAPI unknown engines/e_capi.c:1501:CAPI unknown engines/e_capi.c:1590:CAPI unknown engines/e_capi.c:1632:CAPI unknown engines/e_capi.c:1641:CAPI unknown engines/e_capi.c:1824:CAPI unknown engines/e_capi.c:1835:CAPI unknown engines/e_dasync.c:195:DASYNC unknown engines/e_dasync.c:210:DASYNC unknown engines/e_dasync.c:641:DASYNC unknown engines/e_ossltest.c:318:OSSLTEST unknown crypto/srp/srp_vfy.c:192:SRP unknown make: *** [errors] Error 1 Build step 'Execute shell' marked build as failure From matt at openssl.org Tue Jun 12 09:29:56 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 12 Jun 2018 09:29:56 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1528795796.177140.21819.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via ea7abeeabf92b7aca160bdd0208636d4da69f4f4 (commit) from 9a236d5a7158d38b933656cacc31dfd4ff4fcc08 (commit) - Log ----------------------------------------------------------------- commit ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Author: Guido Vranken Date: Mon Jun 11 19:38:54 2018 +0200 Reject excessively large primes in DH key generation. CVE-2018-0732 Signed-off-by: Guido Vranken (cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6457) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_key.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index fce9ff4..58003d7 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -78,10 +78,15 @@ static int generate_key(DH *dh) int ok = 0; int generate_new_key = 0; unsigned l; - BN_CTX *ctx; + BN_CTX *ctx = NULL; BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; From matt at openssl.org Tue Jun 12 09:33:23 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 12 Jun 2018 09:33:23 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1528796003.964347.23205.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 3984ef0b72831da8b3ece4745cac4f8575b19098 (commit) from bd45a8d1ef338027e6892a7c886a373a4fafbf7d (commit) - Log ----------------------------------------------------------------- commit 3984ef0b72831da8b3ece4745cac4f8575b19098 Author: Guido Vranken Date: Mon Jun 11 19:38:54 2018 +0200 Reject excessively large primes in DH key generation. CVE-2018-0732 Signed-off-by: Guido Vranken (cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6457) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_key.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 387558f..f235e0d 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -130,10 +130,15 @@ static int generate_key(DH *dh) int ok = 0; int generate_new_key = 0; unsigned l; - BN_CTX *ctx; + BN_CTX *ctx = NULL; BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; From matt at openssl.org Tue Jun 12 10:09:42 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 12 Jun 2018 10:09:42 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1528798182.897221.30327.nullmailer@dev.openssl.org> The branch master has been updated via 81d4522dd877e11b558579fdb89b447cf95606bb (commit) from d04d28a092b7489bfe3831aa69e20ddc87b28bfa (commit) - Log ----------------------------------------------------------------- commit 81d4522dd877e11b558579fdb89b447cf95606bb Author: Matt Caswell Date: Tue Jun 12 10:25:31 2018 +0100 Updates for CVE-2018-0732 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/58) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + news/secadv/20180612.txt | 35 +++++++++++++++++++++++++++++++++++ news/vulnerabilities.xml | 48 +++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20180612.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index cba57e2..ce931be 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +12-Jun-2018: Security Advisory: one low severity fix 29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please download and test it 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and test it 17-Apr-2018: Beta 3 of OpenSSL 1.1.1 is now available: please download and test it diff --git a/news/secadv/20180612.txt b/news/secadv/20180612.txt new file mode 100644 index 0000000..1864ace --- /dev/null +++ b/news/secadv/20180612.txt @@ -0,0 +1,35 @@ + +OpenSSL Security Advisory [12 June 2018] +======================================== + +Client DoS due to large DH parameter (CVE-2018-0732) +==================================================== + +Severity: Low + +During key agreement in a TLS handshake using a DH(E) based ciphersuite a +malicious server can send a very large prime value to the client. This will +cause the client to spend an unreasonably long period of time generating a key +for this prime resulting in a hang until the client has finished. This could be +exploited in a Denial Of Service attack. + +Due to the low severity of this issue we are not issuing a new release of +OpenSSL 1.1.0 or 1.0.2 at this time. The fix will be included in OpenSSL 1.1.0i +and OpenSSL 1.0.2p when they become available. The fix is also available in +commit ea7abeeab (for 1.1.0) and commit 3984ef0b7 (for 1.0.2) in the OpenSSL git +repository. + +This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken who also +developed the fix. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20180612.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index bb13b7f..145e1ef 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,53 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Client side Denial of Service + Client DoS due to large DH parameter + + During key agreement in a TLS handshake using a DH(E) based ciphersuite + a malicious server can send a very large prime value to the client. This + will cause the client to spend an unreasonably long period of time + generating a key for this prime resulting in a hang until the client has + finished. This could be exploited in a Denial Of Service attack. + + + + From levitte at openssl.org Tue Jun 12 10:32:07 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 12 Jun 2018 10:32:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528799527.238113.1780.nullmailer@dev.openssl.org> The branch master has been updated via 3ccfcd8a851b49c7e4b1e40bb1d7ccd326e6f94f (commit) via caf12bd6754987d99b9e27f2422136a48e53cc86 (commit) via aa6cc8d33c107c8b6d2e9bbffe52086e191f607b (commit) via b9def672b123ce3d1102683f13c61bc68a07c5b0 (commit) from 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe (commit) - Log ----------------------------------------------------------------- commit 3ccfcd8a851b49c7e4b1e40bb1d7ccd326e6f94f Author: Richard Levitte Date: Tue Jun 12 09:27:18 2018 +0200 Make ck_errf.pl ignore commented out error generation Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6461) commit caf12bd6754987d99b9e27f2422136a48e53cc86 Author: Richard Levitte Date: Tue Jun 12 08:57:43 2018 +0200 .travis.yml: give make update exit code meaning again Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6461) commit aa6cc8d33c107c8b6d2e9bbffe52086e191f607b Author: Richard Levitte Date: Tue Jun 12 08:56:21 2018 +0200 make errors: use the new util/ck_errf.pl options Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6461) commit b9def672b123ce3d1102683f13c61bc68a07c5b0 Author: Richard Levitte Date: Tue Jun 12 08:53:14 2018 +0200 util/ck_errf.pl: add functionality that brings it closer to util/mkerr.pl There was no option to give other config files than the default crypto/err/openssl.ec, and yet it tried to check the errors generated in engines (and failing, of course). Also added the same '-internal' option as util/mkerr.pl. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6461) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 4 +- Configurations/unix-Makefile.tmpl | 8 ++-- crypto/srp/srp_vfy.c | 2 +- util/ck_errf.pl | 78 ++++++++++++++++++++++++++++++++++----- 4 files changed, 76 insertions(+), 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7092953..34ccf80 100644 --- a/.travis.yml +++ b/.travis.yml @@ -186,8 +186,8 @@ script: echo -e '+\057 MAKE UPDATE OK'; else echo -e '+\057 MAKE UPDATE FAILED'; false; - fi; - git diff --exit-code + fi + - git diff --exit-code - if [ -n "$CHECKDOCS" ]; then if $make doc-nits; then echo -e '+\057\057 MAKE DOC-NITS OK'; diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 4451232..10deec6 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -760,11 +760,13 @@ generate_fuzz_oids: # Set to -force to force a rebuild ERROR_REBUILD= errors: - ( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c ) - ( b=`pwd`; cd $(SRCDIR); \ + ( b=`pwd`; set -e; cd $(SRCDIR); \ + $(PERL) util/ck_errf.pl -strict -internal; \ $(PERL) -I$$b util/mkerr.pl $(ERROR_REBUILD) -internal ) - ( b=`pwd`; cd $(SRCDIR)/engines; \ + ( b=`pwd`; set -e; cd $(SRCDIR)/engines; \ for E in *.ec ; do \ + $(PERL) ../util/ck_errf.pl -strict \ + -conf $$E `basename $$E .ec`.c; \ $(PERL) -I$$b ../util/mkerr.pl $(ERROR_REBUILD) -static \ -conf $$E `basename $$E .ec`.c ; \ done ) diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index b13c006..17b35c0 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -189,7 +189,7 @@ static SRP_user_pwd *SRP_user_pwd_new(void) SRP_user_pwd *ret; if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { - /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ + /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/ return NULL; } ret->N = NULL; diff --git a/util/ck_errf.pl b/util/ck_errf.pl index a078427..138dfb9 100755 --- a/util/ck_errf.pl +++ b/util/ck_errf.pl @@ -16,15 +16,75 @@ use strict; use warnings; +my $config; my $err_strict = 0; -my $bad = 0; +my $debug = 0; +my $internal = 0; + +sub help +{ + print STDERR <<"EOF"; +mkerr.pl [options] [files...] + +Options: + + -conf FILE Use the named config file FILE instead of the default. + + -debug Verbose output debugging on stderr. + + -internal Generate code that is to be built as part of OpenSSL itself. + Also scans internal list of files. + + -strict If any error was found, fail with exit code 1, otherwise 0. + + -help Show this help text. + + ... Additional arguments are added to the file list to scan, + if '-internal' was NOT specified on the command line. + +EOF +} + +while ( @ARGV ) { + my $arg = $ARGV[0]; + last unless $arg =~ /-.*/; + $arg = $1 if $arg =~ /-(-.*)/; + if ( $arg eq "-conf" ) { + $config = $ARGV[1]; + shift @ARGV; + } elsif ( $arg eq "-debug" ) { + $debug = 1; + } elsif ( $arg eq "-internal" ) { + $internal = 1; + } elsif ( $arg eq "-strict" ) { + $err_strict = 1; + } elsif ( $arg =~ /-*h(elp)?/ ) { + &help(); + exit; + } elsif ( $arg =~ /-.*/ ) { + die "Unknown option $arg; use -h for help.\n"; + } + shift @ARGV; +} + +my @source; +if ( $internal ) { + die "Extra parameters given.\n" if @ARGV; + $config = "crypto/err/openssl.ec" unless defined $config; + @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'), + glob('ssl/*.c'), glob('ssl/*/*.c') ); +} else { + die "Configuration file not given.\nSee '$0 -help' for information\n" + unless defined $config; + @source = @ARGV; +} # To detect if there is any error generation for a libcrypto/libssl libs # we don't know, we need to find out what libs we do know. That list is # readily available in crypto/err/openssl.ec, in form of lines starting -# with "L ". -my $config = "crypto/err/openssl.ec"; -my %libs = ( "SYS" => 1 ); +# with "L ". Note that we always rely on the modules SYS and ERR to be +# generally available. +my %libs = ( SYS => 1, ERR => 1 ); open my $cfh, $config or die "Trying to read $config: $!\n"; while (<$cfh>) { s|\R$||; # Better chomp @@ -33,11 +93,8 @@ while (<$cfh>) { $libs{$1} = 1; } -foreach my $file (@ARGV) { - if ( $file eq "-strict" ) { - $err_strict = 1; - next; - } +my $bad = 0; +foreach my $file (@source) { open( IN, "<$file" ) || die "Can't open $file, $!"; my $func = ""; while () { @@ -52,7 +109,8 @@ foreach my $file (@ARGV) { my $n = $2; unless ( $libs{$errlib} ) { - print "$file:$.:$errlib unknown\n"; + print "$file:$.:$errlib not listed in $config\n"; + $libs{$errlib} = 1; # To not display it again $bad = 1; } From osslsanity at gmail.com Tue Jun 12 11:14:06 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Tue, 12 Jun 2018 11:14:06 +0000 (UTC) Subject: [openssl-commits] Jenkins build is back to normal : master_make_errors #566 In-Reply-To: <2099345960.455.1528794845412.JavaMail.jenkins@ip-172-31-34-99> References: <2099345960.455.1528794845412.JavaMail.jenkins@ip-172-31-34-99> Message-ID: <283812649.456.1528802046804.JavaMail.jenkins@ip-172-31-34-99> See From matt at openssl.org Tue Jun 12 12:15:42 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 12 Jun 2018 12:15:42 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1528805742.954102.17362.nullmailer@dev.openssl.org> The branch master has been updated via b89fd121a046015bb70865060d6cf7f3268b36f0 (commit) from 81d4522dd877e11b558579fdb89b447cf95606bb (commit) - Log ----------------------------------------------------------------- commit b89fd121a046015bb70865060d6cf7f3268b36f0 Author: Matt Caswell Date: Tue Jun 12 13:10:13 2018 +0100 Fix advisory link Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/59) ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 145e1ef..97f818b 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -51,7 +51,7 @@ generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. - + From matt at openssl.org Tue Jun 12 12:30:20 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 12 Jun 2018 12:30:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528806620.020902.19852.nullmailer@dev.openssl.org> The branch master has been updated via 8fe4c0b001f85c5a918c6a6d4687813ea3d2945f (commit) from 3ccfcd8a851b49c7e4b1e40bb1d7ccd326e6f94f (commit) - Log ----------------------------------------------------------------- commit 8fe4c0b001f85c5a918c6a6d4687813ea3d2945f Author: Nicola Tuveri Date: Tue Jun 12 04:27:28 2018 +0300 Deprecate DSA_sign_setup() in the documentation Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6460) ----------------------------------------------------------------------- Summary of changes: doc/man3/DSA_sign.pod | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/doc/man3/DSA_sign.pod b/doc/man3/DSA_sign.pod index 458e16a..4ca7756 100644 --- a/doc/man3/DSA_sign.pod +++ b/doc/man3/DSA_sign.pod @@ -23,13 +23,12 @@ digest B using the private key B and places its ASN.1 DER encoding at B. The length of the signature is places in *B. B must point to DSA_size(B) bytes of memory. -DSA_sign_setup() may be used to precompute part of the signing -operation in case signature generation is time-critical. It expects -B to contain DSA parameters. It places the precomputed values -in newly allocated Bs at *B and *B, after freeing -the old ones unless *B and *B are NULL. These values may -be passed to DSA_sign() in Bkinv> and Br>. -B is a pre-allocated B or NULL. +DSA_sign_setup() is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the DSA type is opaque and the output of +DSA_sign_setup() cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre-)computation. DSA_verify() verifies that the signature B of size B matches a given message digest B of size B. From matt at openssl.org Tue Jun 12 12:30:30 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 12 Jun 2018 12:30:30 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1528806630.210315.20853.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via cd396d2a4767f186cc12e8c111599caeb35893bc (commit) from ea7abeeabf92b7aca160bdd0208636d4da69f4f4 (commit) - Log ----------------------------------------------------------------- commit cd396d2a4767f186cc12e8c111599caeb35893bc Author: Nicola Tuveri Date: Tue Jun 12 04:27:28 2018 +0300 Deprecate DSA_sign_setup() in the documentation Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6460) (cherry picked from commit 8fe4c0b001f85c5a918c6a6d4687813ea3d2945f) ----------------------------------------------------------------------- Summary of changes: doc/crypto/DSA_sign.pod | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod index ba0f6b8..2c50708 100644 --- a/doc/crypto/DSA_sign.pod +++ b/doc/crypto/DSA_sign.pod @@ -24,13 +24,12 @@ digest B using the private key B and places its ASN.1 DER encoding at B. The length of the signature is places in *B. B must point to DSA_size(B) bytes of memory. -DSA_sign_setup() may be used to precompute part of the signing -operation in case signature generation is time-critical. It expects -B to contain DSA parameters. It places the precomputed values -in newly allocated Bs at *B and *B, after freeing -the old ones unless *B and *B are NULL. These values may -be passed to DSA_sign() in Bkinv> and Br>. -B is a pre-allocated B or NULL. +DSA_sign_setup() is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the DSA type is opaque and the output of +DSA_sign_setup() cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre-)computation. DSA_verify() verifies that the signature B of size B matches a given message digest B of size B. From viktor at openssl.org Tue Jun 12 16:27:32 2018 From: viktor at openssl.org (Viktor Dukhovni) Date: Tue, 12 Jun 2018 16:27:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528820852.418711.26997.nullmailer@dev.openssl.org> The branch master has been updated via 0df65d82dbc41e8da00adb243de5918db532c8a6 (commit) from 8fe4c0b001f85c5a918c6a6d4687813ea3d2945f (commit) - Log ----------------------------------------------------------------- commit 0df65d82dbc41e8da00adb243de5918db532c8a6 Author: Viktor Dukhovni Date: Tue Jun 12 11:51:53 2018 -0400 Document return value of X509_add_ext and also X509_delete_ext() Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: doc/man3/X509v3_get_ext_by_NID.pod | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod index 81c938e..54dff3c 100644 --- a/doc/man3/X509v3_get_ext_by_NID.pod +++ b/doc/man3/X509v3_get_ext_by_NID.pod @@ -115,8 +115,8 @@ initial extension will not be checked. X509v3_get_ext_count() returns the extension count. -X509v3_get_ext() and X509v3_delete_ext() return an B pointer -or B if an error occurs. +X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an +B pointer or B if an error occurs. X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and X509v3_get_ext_by_critical() return the an extension index or B<-1> if an @@ -124,6 +124,8 @@ error occurs. X509v3_add_ext() returns a stack of extensions or B on error. +X509_add_ext() returns 1 on success and 0 on error. + =head1 SEE ALSO L From levitte at openssl.org Wed Jun 13 08:27:17 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 13 Jun 2018 08:27:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528878437.570656.20023.nullmailer@dev.openssl.org> The branch master has been updated via 55c5c1b63a5f2497e26d734d597c40e4a36fe4af (commit) from 0df65d82dbc41e8da00adb243de5918db532c8a6 (commit) - Log ----------------------------------------------------------------- commit 55c5c1b63a5f2497e26d734d597c40e4a36fe4af Author: Richard Levitte Date: Wed Jun 13 00:29:48 2018 +0200 doc/man7/passphrase-encoding.pod: Make consistent The man name didn't match the file name, and some places had 'password' instead of 'pass phrase'. Fixes #6474 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6476) ----------------------------------------------------------------------- Summary of changes: doc/man7/passphrase-encoding.pod | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/man7/passphrase-encoding.pod b/doc/man7/passphrase-encoding.pod index d5c9d1e..6810844 100644 --- a/doc/man7/passphrase-encoding.pod +++ b/doc/man7/passphrase-encoding.pod @@ -4,7 +4,7 @@ =head1 NAME -password encoding +passphrase-encoding - How diverse parts of OpenSSL treat pass phrases character encoding =head1 DESCRIPTION @@ -61,11 +61,11 @@ OpenSSL still does this, to be able to read files produced with older versions. It should be noted that this approach isn't entirely fault free. -A passphrase encoded in ISO-8859-2 could very well have a sequence such as +A pass phrase encoded in ISO-8859-2 could very well have a sequence such as 0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE" and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN -SMALL LETTER I WITH DIARESIS) I. A pass phrase that contains this kind of byte sequence will give a different outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. @@ -133,7 +133,7 @@ following: =item 1. -Try the password that you have as it is in the character encoding of your +Try the pass phrase that you have as it is in the character encoding of your environment. It's possible that its byte sequence is exactly right. From appro at openssl.org Wed Jun 13 08:46:13 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 13 Jun 2018 08:46:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528879573.832333.23150.nullmailer@dev.openssl.org> The branch master has been updated via dbb85890a85af25db35dbd710ac07b3c704a27f0 (commit) from 55c5c1b63a5f2497e26d734d597c40e4a36fe4af (commit) - Log ----------------------------------------------------------------- commit dbb85890a85af25db35dbd710ac07b3c704a27f0 Author: Andy Polyakov Date: Sun Jun 10 18:06:15 2018 +0200 Configurations/10-main.conf: reinstate soname on Solaris. The flag was apparently omitted in switch from Makefile.shared to shared-info.pl. Do put it back! And in the process move all solaris-shared flags from shared-info.pl to solaris-common. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6446) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 15 +++++++++------ Configurations/shared-info.pl | 4 ---- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index fed386b..b3fc488 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -211,8 +211,11 @@ my %targets = ( ex_libs => add("-lsocket -lnsl -ldl"), dso_scheme => "dlfcn", thread_scheme => "pthreads", - shared_target => "solaris-shared", + shared_target => "self", shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + shared_ldflag => "-Wl,-Bsymbolic", + shared_defflag => "-Wl,-M,", + shared_sonameflag=> "-Wl,-h,", }, #### Solaris x86 with GNU C setups "solaris-x86-gcc" => { @@ -229,7 +232,7 @@ my %targets = ( ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG", shared_cflag => "-fPIC", - shared_ldflag => "-shared -static-libgcc", + shared_ldflag => add("-shared -static-libgcc"), }, "solaris64-x86_64-gcc" => { # -shared -static-libgcc might appear controversial, but modules @@ -251,7 +254,7 @@ my %targets = ( bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", shared_cflag => "-fPIC", - shared_ldflag => "-shared -static-libgcc", + shared_ldflag => add("-shared -static-libgcc"), multilib => "/64", }, @@ -282,7 +285,7 @@ my %targets = ( bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", shared_cflag => "-KPIC", - shared_ldflag => "-G -dy -z text", + shared_ldflag => add("-G -dy -z text"), multilib => "/64", }, @@ -298,7 +301,7 @@ my %targets = ( ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG RC4_CHAR", shared_cflag => "-fPIC", - shared_ldflag => "-shared", + shared_ldflag => add("-shared"), }, "solaris-sparcv8-gcc" => { inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv8_asm") ], @@ -333,7 +336,7 @@ my %targets = ( ex_libs => add(threads("-lpthread")), bn_ops => "BN_LLONG RC4_CHAR", shared_cflag => "-KPIC", - shared_ldflag => "-G -dy -z text", + shared_ldflag => add("-G -dy -z text"), }, #### "solaris-sparcv8-cc" => { diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index f3c4cb6..eb919b1 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -65,10 +65,6 @@ my %shared_info; shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)', }; }, - 'solaris-shared' => { - shared_ldflag => '-Wl,-Bsymbolic', - shared_defflag => '-Wl,-M,', - }, 'svr3-shared' => sub { return $shared_info{'gnu-shared'} if detect_gnu_ld(); return { From appro at openssl.org Wed Jun 13 08:48:46 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 13 Jun 2018 08:48:46 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528879726.545857.24102.nullmailer@dev.openssl.org> The branch master has been updated via d3273ef6c549d1bf74d18c9056218c1d8b98a2b9 (commit) via 10aafed3ec8719442d0d3516a6a12a45d2a70a2f (commit) via 60aa6c1a590de47acdd290a60e25b87005a35b8f (commit) from dbb85890a85af25db35dbd710ac07b3c704a27f0 (commit) - Log ----------------------------------------------------------------- commit d3273ef6c549d1bf74d18c9056218c1d8b98a2b9 Author: Andy Polyakov Date: Mon Jun 11 12:50:25 2018 +0200 Configurations/10-main.conf: replace -bexpall with explicit list on AIX. [omit even -b:SRE, as it's implied by -G flag.] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6453) commit 10aafed3ec8719442d0d3516a6a12a45d2a70a2f Author: Andy Polyakov Date: Mon Jun 11 12:43:50 2018 +0200 Configurations/10-main.conf: AIX configs unification. Add aix-common template that covers even aix-shared from shared-info.pl, add -bsymbolic to shared_ldflags. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6453) commit 60aa6c1a590de47acdd290a60e25b87005a35b8f Author: Andy Polyakov Date: Mon Jun 11 12:22:29 2018 +0200 Configure: add shared() to facilitate shared-specific flags. This allows to specify flags specific to shared build, e.g. 'bin_lflags => shared("-Wl,-bsvr4")'. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6453) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 59 ++++++++++++++++++------------------------- Configurations/shared-info.pl | 4 --- Configure | 5 +++- build.info | 8 ++++++ util/mkdef.pl | 16 ++++++++---- 5 files changed, 47 insertions(+), 45 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index b3fc488..63862e7 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1117,85 +1117,74 @@ my %targets = ( # variable, then you should know that in OpenSSL case it's considered # only in ./config. Once configured, build procedure remains "deaf" to # current value of $OBJECT_MODE. + "aix-common" => { + inherit_from => [ "BASE_unix" ], + template => 1, + sys_id => "AIX", + lib_cppflags => "-DB_ENDIAN", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "self", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + bin_lflags => shared("-Wl,-bsvr4"), + module_ldflags => "-Wl,-G,-bsymbolic,-bexpall,-bnolibpath", + shared_ldflag => "-Wl,-G,-bsymbolic,-bnolibpath", + shared_defflag => "-Wl,-bE:", + }, "aix-gcc" => { - inherit_from => [ "BASE_unix", asm("ppc32_asm") ], + inherit_from => [ "aix-common", asm("ppc32_asm") ], CC => "gcc", CFLAGS => picker(debug => "-O0 -g", release => "-O"), cflags => add(threads("-pthread")), - lib_cppflags => "-DB_ENDIAN", - ex_libs => add(threads("-pthread")), - sys_id => "AIX", + ex_libs => threads("-pthread"), bn_ops => "BN_LLONG RC4_CHAR", - thread_scheme => "pthreads", perlasm_scheme => "aix32", - dso_scheme => "dlfcn", - shared_target => "aix-shared", - shared_ldflag => "-shared -static-libgcc -Wl,-G", - shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + shared_ldflag => add("-shared -static-libgcc"), AR => add("-X32"), RANLIB => add("-X32"), }, "aix64-gcc" => { - inherit_from => [ "BASE_unix", asm("ppc64_asm") ], + inherit_from => [ "aix-common", asm("ppc64_asm") ], CC => "gcc", CFLAGS => picker(debug => "-O0 -g", release => "-O"), cflags => combine("-maix64", threads("-pthread")), - lib_cppflags => "-DB_ENDIAN", - ex_libs => add(threads("-pthread")), - sys_id => "AIX", + ex_libs => threads("-pthread"), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - thread_scheme => "pthreads", perlasm_scheme => "aix64", - dso_scheme => "dlfcn", - shared_target => "aix-shared", - shared_ldflag => "-shared -static-libgcc -Wl,-G", - shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + shared_ldflag => add("-shared -static-libgcc"), AR => add("-X64"), RANLIB => add("-X64"), }, "aix-cc" => { - inherit_from => [ "BASE_unix", asm("ppc32_asm") ], + inherit_from => [ "aix-common", asm("ppc32_asm") ], CC => "cc", CFLAGS => picker(debug => "-O0 -g", release => "-O"), cflags => combine("-q32 -qmaxmem=16384 -qro -qroconst", threads("-qthreaded")), cppflags => threads("-D_THREAD_SAFE"), - lib_cppflags => "-DB_ENDIAN", - sys_id => "AIX", - bn_ops => "BN_LLONG RC4_CHAR", - thread_scheme => "pthreads", ex_libs => threads("-lpthreads"), + bn_ops => "BN_LLONG RC4_CHAR", perlasm_scheme => "aix32", - dso_scheme => "dlfcn", - shared_target => "aix-shared", shared_cflag => "-qpic", - shared_ldflag => "-G", - shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", AR => add("-X32"), RANLIB => add("-X32"), }, "aix64-cc" => { - inherit_from => [ "BASE_unix", asm("ppc64_asm") ], + inherit_from => [ "aix-common", asm("ppc64_asm") ], CC => "cc", CFLAGS => picker(debug => "-O0 -g", release => "-O"), cflags => combine("-q64 -qmaxmem=16384 -qro -qroconst", threads("-qthreaded")), cppflags => threads("-D_THREAD_SAFE"), - lib_cppflags => "-DB_ENDIAN", - sys_id => "AIX", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - thread_scheme => "pthreads", ex_libs => threads("-lpthreads"), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", perlasm_scheme => "aix64", dso_scheme => "dlfcn", - shared_target => "aix-shared", shared_cflag => "-qpic", - shared_ldflag => "-G", - shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", AR => add("-X64"), RANLIB => add("-X64"), }, diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index eb919b1..1a49100 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -91,8 +91,4 @@ my %shared_info; shared_ldflag => '-Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+cdp,../:,+cdp,./:', shared_sonameflag => '-Wl,+h,', }, - 'aix-shared' => { - bin_lflags => '-Wl,-bsvr4', - shared_ldflag => '-Wl,-bexpall,-bnolibpath,-bM:SRE', - }, ); diff --git a/Configure b/Configure index 62c354a..bcf2c04 100755 --- a/Configure +++ b/Configure @@ -2777,7 +2777,10 @@ sub threads { return sub { add($disabled{threads} ? () : @flags)->(); } } - +sub shared { + my @flags = @_; + return sub { add($disabled{shared} ? () : @flags)->(); } +} our $add_called = 0; # Helper function to implement adding values to already existing configuration diff --git a/build.info b/build.info index 13ca90d..3dda4e8 100644 --- a/build.info +++ b/build.info @@ -33,6 +33,14 @@ IF[{- defined $target{shared_defflag} -}] SHARED_SOURCE[libcrypto]=libcrypto.def SHARED_SOURCE[libssl]=libssl.def + ELSIF[{- $config{target} =~ /^aix/ -}] + GENERATE[libcrypto.map]=util/mkdef.pl crypto aix + DEPEND[libcrypto.map]=util/libcrypto.num + GENERATE[libssl.map]=util/mkdef.pl ssl aix + DEPEND[libssl.map]=util/libssl.num + + SHARED_SOURCE[libcrypto]=libcrypto.map + SHARED_SOURCE[libssl]=libssl.map ELSE GENERATE[libcrypto.map]=util/mkdef.pl crypto linux DEPEND[libcrypto.map]=util/libcrypto.num diff --git a/util/mkdef.pl b/util/mkdef.pl index b7cf9b2..327728e 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -126,6 +126,7 @@ my $W32=0; my $NT=0; my $UNIX=0; my $linux=0; +my $aix=0; # Set this to make typesafe STACK definitions appear in DEF my $safe_stack_def = 0; @@ -171,12 +172,15 @@ foreach (@ARGV, split(/ /, $config{options})) if($_ eq "NT") { $W32 = 1; $NT = 1; - } - if ($_ eq "linux") { + } elsif ($_ eq "linux") { $linux=1; $UNIX=1; + } elsif ($_ eq "aix") { + $aix=1; + $UNIX=1; + } elsif ($_ eq "VMS") { + $VMS=1; } - $VMS=1 if $_ eq "VMS"; if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic" || $_ eq "enable-zlib-dynamic") { $zlib = 1; @@ -204,11 +208,11 @@ if (!$libname) { } # If no platform is given, assume WIN32 -if ($W32 + $VMS + $linux == 0) { +if ($W32 + $VMS + $linux + $aix == 0) { $W32 = 1; } die "Please, only one platform at a time" - if ($W32 + $VMS + $linux > 1); + if ($W32 + $VMS + $linux + $aix > 1); if (!$do_ssl && !$do_crypto) { @@ -1237,6 +1241,8 @@ EOF $prevsymversion = $symversion; } print OUT " $s2;\n"; + } elsif ($aix) { + print OUT "$s2\n"; } elsif ($VMS) { while(++$prevnum < $n) { my $symline=" ,SPARE -\n ,SPARE -\n"; From matt at openssl.org Wed Jun 13 15:28:31 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 Jun 2018 15:28:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528903711.492238.20124.nullmailer@dev.openssl.org> The branch master has been updated via a3e9d5aa980f238805970f420adf5e903d35bf09 (commit) from d3273ef6c549d1bf74d18c9056218c1d8b98a2b9 (commit) - Log ----------------------------------------------------------------- commit a3e9d5aa980f238805970f420adf5e903d35bf09 Author: Matt Caswell Date: Fri May 25 12:10:13 2018 +0100 Add blinding to an ECDSA signature Keegan Ryan (NCC Group) has demonstrated a side channel attack on an ECDSA signature operation. During signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order The addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 +++ crypto/ec/ecdsa_ossl.c | 70 +++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 67 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 7a47852..fe3e13a 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,10 @@ release branch. Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Add blinding to an ECDSA signature to protect against side channel attacks + discovered by Keegan Ryan (NCC Group). + [Matt Caswell] + *) Enforce checking in the pkeyutl command line app to ensure that the input length does not exceed the maximum supported digest length when performing a sign, verify or verifyrecover operation. diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index 7842851..640593b 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -196,7 +196,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, EC_KEY *eckey) { int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL; + BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *blind = NULL; + BIGNUM *blindm = NULL; const BIGNUM *order, *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; @@ -229,8 +230,18 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } s = ret->s; - if ((ctx = BN_CTX_new()) == NULL || - (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { + ctx = BN_CTX_secure_new(); + if (ctx == NULL) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); + goto err; + } + + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + if (blindm == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); goto err; } @@ -270,18 +281,64 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } } - if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod order + * + * We will blind this to protect against side channel attacks + * + * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order + */ + + /* Generate a blinding value */ + do { + if (!BN_priv_rand(blind, BN_num_bits(order) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod order */ + if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - if (!BN_mod_add_quick(s, tmp, m, order)) { + if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } + + /* blindm := blind * m mod order */ + if (!BN_mod_mul(blindm, blind, m, order, ctx)) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + + /* s : = (blind * priv_key * r) + (blind * m) mod order */ + if (!BN_mod_add_quick(s, tmp, blindm, order)) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + + /* s:= s * blind^-1 mod order */ + if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(s, s, blind, order, ctx)) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + + /* s := s * k^-1 mod order */ if (!BN_mod_mul(s, s, ckinv, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } + if (BN_is_zero(s)) { /* * if kinv and r have been supplied by the caller, don't @@ -303,9 +360,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECDSA_SIG_free(ret); ret = NULL; } + BN_CTX_end(ctx); BN_CTX_free(ctx); - BN_clear_free(m); - BN_clear_free(tmp); BN_clear_free(kinv); return ret; } From matt at openssl.org Wed Jun 13 15:28:55 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 Jun 2018 15:28:55 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1528903735.387601.21171.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 0c27d793745c7837b13646302b6890a556b7017a (commit) from cd396d2a4767f186cc12e8c111599caeb35893bc (commit) - Log ----------------------------------------------------------------- commit 0c27d793745c7837b13646302b6890a556b7017a Author: Matt Caswell Date: Fri May 25 12:10:13 2018 +0100 Add blinding to an ECDSA signature Keegan Ryan (NCC Group) has demonstrated a side channel attack on an ECDSA signature operation. During signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order The addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 +++ crypto/ec/ecdsa_ossl.c | 70 +++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 67 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index bfd0bcd..b749d9e 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.0h and 1.1.0i [xx XXX xxxx] + *) Add blinding to an ECDSA signature to protect against side channel attacks + discovered by Keegan Ryan (NCC Group). + [Matt Caswell] + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. [Richard Levitte] diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index 72e2f0f..449be0e 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -210,7 +210,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, EC_KEY *eckey) { int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL; + BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *blind = NULL; + BIGNUM *blindm = NULL; const BIGNUM *order, *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; @@ -243,8 +244,18 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } s = ret->s; - if ((ctx = BN_CTX_new()) == NULL || - (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { + ctx = BN_CTX_secure_new(); + if (ctx == NULL) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); + goto err; + } + + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + if (blindm == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); goto err; } @@ -284,18 +295,64 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } } - if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod order + * + * We will blind this to protect against side channel attacks + * + * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order + */ + + /* Generate a blinding value */ + do { + if (!BN_rand(blind, BN_num_bits(order) - 1, BN_RAND_TOP_ANY, + BN_RAND_BOTTOM_ANY)) + goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod order */ + if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - if (!BN_mod_add_quick(s, tmp, m, order)) { + if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } + + /* blindm := blind * m mod order */ + if (!BN_mod_mul(blindm, blind, m, order, ctx)) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + + /* s : = (blind * priv_key * r) + (blind * m) mod order */ + if (!BN_mod_add_quick(s, tmp, blindm, order)) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + + /* s:= s * blind^-1 mod order */ + if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(s, s, blind, order, ctx)) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); + goto err; + } + + /* s := s * k^-1 mod order */ if (!BN_mod_mul(s, s, ckinv, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } + if (BN_is_zero(s)) { /* * if kinv and r have been supplied by the caller don't to @@ -317,9 +374,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECDSA_SIG_free(ret); ret = NULL; } + BN_CTX_end(ctx); BN_CTX_free(ctx); - BN_clear_free(m); - BN_clear_free(tmp); BN_clear_free(kinv); return ret; } From matt at openssl.org Wed Jun 13 15:29:10 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 Jun 2018 15:29:10 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1528903750.484512.22182.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 949ff36623eafc3523a9f91784992965018ffb05 (commit) from 3984ef0b72831da8b3ece4745cac4f8575b19098 (commit) - Log ----------------------------------------------------------------- commit 949ff36623eafc3523a9f91784992965018ffb05 Author: Matt Caswell Date: Fri May 25 12:10:13 2018 +0100 Add blinding to an ECDSA signature Keegan Ryan (NCC Group) has demonstrated a side channel attack on an ECDSA signature operation. During signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order The addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 +++ crypto/ecdsa/ecdsatest.c | 9 +++++- crypto/ecdsa/ecs_ossl.c | 82 +++++++++++++++++++++++++++++++++++++++--------- 3 files changed, 79 insertions(+), 16 deletions(-) diff --git a/CHANGES b/CHANGES index f17fbbf..a3861ab 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.0.2o and 1.0.2p [xx XXX xxxx] + *) Add blinding to an ECDSA signature to protect against side channel attacks + discovered by Keegan Ryan (NCC Group). + [Matt Caswell] + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. [Richard Levitte] diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 0f301f8..a130fc9 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -137,7 +137,7 @@ int restore_rand(void) return 1; } -static int fbytes_counter = 0; +static int fbytes_counter = 0, use_fake = 0; static const char *numbers[8] = { "651056770906015076056810763456358567190100156695615665659", "6140507067065001063065065565667405560006161556565665656654", @@ -158,6 +158,11 @@ int fbytes(unsigned char *buf, int num) int ret; BIGNUM *tmp = NULL; + if (use_fake == 0) + return old_rand->bytes(buf, num); + + use_fake = 0; + if (fbytes_counter >= 8) return 0; tmp = BN_new(); @@ -199,11 +204,13 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) /* create the key */ if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) goto x962_int_err; + use_fake = 1; if (!EC_KEY_generate_key(key)) goto x962_int_err; BIO_printf(out, "."); (void)BIO_flush(out); /* create the signature */ + use_fake = 1; signature = ECDSA_do_sign(digest, 20, key); if (signature == NULL) goto x962_int_err; diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 16d4f59..1d37551 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -252,6 +252,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, { int ok = 0, i; BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL; + BIGNUM *blind = NULL, *blindm = NULL; const BIGNUM *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; @@ -269,14 +270,25 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, } ret = ECDSA_SIG_new(); - if (!ret) { + if (ret == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); return NULL; } s = ret->s; - if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || - (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { + ctx = BN_CTX_new(); + if (ctx == NULL) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + BN_CTX_start(ctx); + order = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + if (blindm == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); goto err; } @@ -315,26 +327,70 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, } } - if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod order + * + * We will blind this to protect against side channel attacks + * + * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order + */ + + /* Generate a blinding value */ + do { + if (!BN_rand(blind, BN_num_bits(order) - 1, -1, 0)) + goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod order */ + if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + + /* blindm := blind * m mod order */ + if (!BN_mod_mul(blindm, blind, m, order, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + + /* s : = (blind * priv_key * r) + (blind * m) mod order */ + if (!BN_mod_add_quick(s, tmp, blindm, order)) { + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); + goto err; + } + + /* s:= s * blind^-1 mod order */ + if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - if (!BN_mod_add_quick(s, tmp, m, order)) { + if (!BN_mod_mul(s, s, blind, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } + + /* s := s * k^-1 mod order */ if (!BN_mod_mul(s, s, ckinv, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } + if (BN_is_zero(s)) { /* * if kinv and r have been supplied by the caller don't to * generate new kinv and r values */ if (in_kinv != NULL && in_r != NULL) { - ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, - ECDSA_R_NEED_NEW_SETUP_VALUES); + ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES); goto err; } } else @@ -349,15 +405,11 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSA_SIG_free(ret); ret = NULL; } - if (ctx) + if (ctx != NULL) { + BN_CTX_end(ctx); BN_CTX_free(ctx); - if (m) - BN_clear_free(m); - if (tmp) - BN_clear_free(tmp); - if (order) - BN_free(order); - if (kinv) + } + if (kinv != NULL) BN_clear_free(kinv); return ret; } From kurt at openssl.org Wed Jun 13 18:14:34 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Wed, 13 Jun 2018 18:14:34 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1528913674.357460.8289.nullmailer@dev.openssl.org> The branch master has been updated via 17e822e9f85e4cd65eba1dd4ba710749aa71793f (commit) from a3e9d5aa980f238805970f420adf5e903d35bf09 (commit) - Log ----------------------------------------------------------------- commit 17e822e9f85e4cd65eba1dd4ba710749aa71793f Author: Eric S. Raymond Date: Tue Jun 12 21:46:50 2018 +0200 Fix manpage problems CLA: trivial Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz Reviewed-by: Richard Levitte GH: #6472 ----------------------------------------------------------------------- Summary of changes: doc/man3/BUF_MEM_new.pod | 2 -- doc/man3/SSL_get_current_cipher.pod | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/doc/man3/BUF_MEM_new.pod b/doc/man3/BUF_MEM_new.pod index 1d89159..95d3a07 100644 --- a/doc/man3/BUF_MEM_new.pod +++ b/doc/man3/BUF_MEM_new.pod @@ -6,8 +6,6 @@ BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse - simple character array structure -standard C library equivalents - =head1 SYNOPSIS #include diff --git a/doc/man3/SSL_get_current_cipher.pod b/doc/man3/SSL_get_current_cipher.pod index e5b249f..1a484f6 100644 --- a/doc/man3/SSL_get_current_cipher.pod +++ b/doc/man3/SSL_get_current_cipher.pod @@ -15,7 +15,7 @@ SSL_get_pending_cipher - get SSL_CIPHER of a connection const char *SSL_get_cipher_name(const SSL *s); const char *SSL_get_cipher(const SSL *s); - int SSL_get_cipher_bits(const SSL *s, int *np) \ + int SSL_get_cipher_bits(const SSL *s, int *np); const char *SSL_get_cipher_version(const SSL *s); =head1 DESCRIPTION From levitte at openssl.org Thu Jun 14 07:45:29 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 Jun 2018 07:45:29 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1528962329.312963.29343.nullmailer@dev.openssl.org> The branch master has been updated via 574a269efd409a480d1eef665dddb7362156d70a (commit) from b89fd121a046015bb70865060d6cf7f3268b36f0 (commit) - Log ----------------------------------------------------------------- commit 574a269efd409a480d1eef665dddb7362156d70a Author: Richard Levitte Date: Wed Jun 13 19:19:13 2018 +0200 Generate OMC Members and OMC Alumni This simplifies our lives when we need to do changes, since we already have a personell database. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/60) ----------------------------------------------------------------------- Summary of changes: Makefile | 8 +++- bin/mk-omc | 95 +++++++++++++++++++++++++++++++++++++++++++++++ community/omc-alumni.html | 67 +-------------------------------- community/omc.html | 63 +------------------------------ 4 files changed, 104 insertions(+), 129 deletions(-) create mode 100755 bin/mk-omc diff --git a/Makefile b/Makefile index d53b50c..a495e0c 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,7 @@ RELEASEDIR = /var/www/openssl/source # All simple generated files. SIMPLE = newsflash.inc sitemap.txt \ community/committers.inc \ + community/omc.inc community/omc-alumni.inc \ docs/faq.inc docs/fips.inc \ news/changelog.inc news/changelog.txt \ news/cl102.txt news/cl110.txt news/cl111.txt \ @@ -78,7 +79,7 @@ manmaster: $(call newmakemanpages,$(CHECKOUTS)/openssl,master) ## $(SIMPLE) -- SIMPLE GENERATED FILES -.PHONY: sitemap community/committers.inc +.PHONY: sitemap community/committers.inc community/omc.inc community/omc-alumni.inc newsflash.inc: news/newsflash.inc @rm -f $@ head -7 $? >$@ @@ -92,6 +93,11 @@ community/committers.inc: ./bin/mk-committers $@ @rm -f Members +community/omc.inc: + ./bin/mk-omc -n -e -l -p -t 'OMC Members' omc omc-inactive > $@ +community/omc-alumni.inc: + ./bin/mk-omc -n -l -t 'OMC Alumni' omc-alumni omc-emeritus > $@ + docs/faq.inc: $(wildcard docs/faq-[0-9]-*.txt) bin/mk-faq @rm -f $@ ./bin/mk-faq docs/faq-[0-9]-*txt >$@ diff --git a/bin/mk-omc b/bin/mk-omc new file mode 100755 index 0000000..5832710 --- /dev/null +++ b/bin/mk-omc @@ -0,0 +1,95 @@ +#! /usr/bin/perl + +use strict; +use warnings; + +use Getopt::Long; +use Pod::Usage; +use OpenSSL::Query::REST; + +my %options = (); +GetOptions( + \%options, + 'name|n', # Show name + 'email|e', # Show email + 'locale|l', # Show locale + 'pgp|p', # Show PGP key ID + 'activity|a', # Show whether person is active + 'title|t=s', # Title of the resulting table + 'help|?', # Help + 'man', # Full manual + ) or pod2usage(2); + +pod2usage(1) unless $options{title}; +pod2usage(1) + unless ($options{name} || $options{email} || $options{locale} + || $options{activity} || $options{pgp}); +pod2usage(1) if $options{help}; +pod2usage(-exitval => 0, -verbose => 2) if $options{man}; + +my $query = OpenSSL::Query->new(); + +my %data = (); # Indexed by name, value is a hash table of vals +foreach my $groupname (@ARGV) { + my @members = $query->members_of($groupname); + foreach my $ids (@members) { + my $name = (grep m|\s|, @$ids)[0]; + my $email = (grep m|\@openssl\.org$|, @$ids)[0]; + my $locale = $query->find_person_tag($email, 'country'); + my $pgpid = $query->find_person_tag($email, 'pgp'); + $data{$name} = { email => $email, locale => $locale, pgpid => $pgpid, + active => !!($groupname !~ m|-inactive$|), + emeritus => !!($groupname =~ m|-emeritus$|) }; + } +} + +my @columns = (); +push @columns, 'Name' if $options{name}; +push @columns, 'Email' if $options{email}; +push @columns, 'Locale' if $options{locale}; +push @columns, 'PGP Key ID' if $options{pgp}; + +print "\n"; +print " \n"; +print join(" \n", + map { " \n" } @columns); +print " \n"; + +foreach my $key (sort { my $sortablename_a = + ($a =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|, + "$2, $1"); + my $sortablename_b = + ($b =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|, + "$2, $1"); + $sortablename_a cmp $sortablename_b } + keys %data) { + my $pgpurl = $data{$key}->{pgpid} if $options{pgp}; + $pgpurl =~ s|\s+||g if $pgpurl; + $pgpurl = + "http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x$pgpurl" + if $pgpurl; + + my @columndata = (); + push @columndata, + join('', + $data{$key}->{active} ? "" : "", + "$key", + $data{$key}->{active} ? "" : " (I)", + $data{$key}->{emeritus} ? " (OMC Emeritus)" : "") + if $options{name}; + push @columndata, + "$data{$key}->{email}" + if $options{email}; + push @columndata, $data{$key}->{locale} if $options{locale}; + push @columndata, + $data{$key}->{pgpid} + ? "$data{$key}->{pgpid}" : ' ' + if $options{pgp}; + + print " \n"; + print join(" \n", + map { " \n" } @columndata); + print " \n"; +} + +print "
  $_
  $_
\n"; diff --git a/community/omc-alumni.html b/community/omc-alumni.html index 0581a62..2c1416d 100644 --- a/community/omc-alumni.html +++ b/community/omc-alumni.html @@ -16,73 +16,8 @@ following alumni (who were previously in the OMC, or a team member or founder prior to creation of the OMC):

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameLocale 
Ralf S. Engelschall  DE
Dr. Stephen Henson (OMC Emeritus)  UK
Lutz Jänicke  DE
Emilia Käsper  CH
Nils Larsch  DE
Steve MarquessUS
Ben Laurie  UK
Bodo Möller  CH
Andy Polyakov  SE
Holger Reif  DE
Paul C. Sutton  UK
Geoff Thorpe  QC
+

 

diff --git a/community/omc.html b/community/omc.html index dd78706..2a4a01a 100644 --- a/community/omc.html +++ b/community/omc.html @@ -20,70 +20,9 @@

The current OMC consists of (in alphabetical order):

- - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameEmailLocale PGP Key ID
Matt Caswellmatt at openssl.orgUK8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
Mark J. Coxmark at openssl.orgUK5B25 45DA B219 95F4 088C EFAA 36CE E4DE B00C FE33
Viktor Dukhovniviktor at openssl.orgUS 
Tim Hudsontjh at openssl.orgAUC1F3 3DD8 CE1D 4CC6 13AF 14DA 9195 C482 41FB F7DD
Richard Levittelevitte at openssl.orgSE7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
Kurt Roeckxkurt at openssl.orgBEE5E5 2560 DD91 C556 DDBD A5D0 2064 C536 41C2 5E5D
Rich Salzrsalz at openssl.orgUSD099 684D C7C2 1E02 E14A 8AFE F234 7945 5C51 B27C
Names with an (I) are currently inactive as defined in our bylaws. From levitte at openssl.org Thu Jun 14 09:57:02 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 Jun 2018 09:57:02 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1528970222.877830.11768.nullmailer@dev.openssl.org> The branch master has been updated via 59e4ff330c6ff27e71c040f65d2918f4fb5c0692 (commit) via 6e56f7d522fa01f454e88a2ffd9c1df4527dad16 (commit) from 574a269efd409a480d1eef665dddb7362156d70a (commit) - Log ----------------------------------------------------------------- commit 59e4ff330c6ff27e71c040f65d2918f4fb5c0692 Author: Richard Levitte Date: Thu Jun 14 10:02:01 2018 +0200 OMC generation: account for titles when sorting names This moves the process of making names sortable to a separate function. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/61) commit 6e56f7d522fa01f454e88a2ffd9c1df4527dad16 Author: Richard Levitte Date: Thu Jun 14 10:01:10 2018 +0200 OMC generation: Make sure non-ASCII characters are made into entities Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/61) ----------------------------------------------------------------------- Summary of changes: bin/mk-omc | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/bin/mk-omc b/bin/mk-omc index 5832710..e6dee11 100755 --- a/bin/mk-omc +++ b/bin/mk-omc @@ -6,6 +6,7 @@ use warnings; use Getopt::Long; use Pod::Usage; use OpenSSL::Query::REST; +use HTML::Entities; my %options = (); GetOptions( @@ -55,14 +56,7 @@ print join("   \n", map { " $_\n" } @columns); print " \n"; -foreach my $key (sort { my $sortablename_a = - ($a =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|, - "$2, $1"); - my $sortablename_b = - ($b =~ m|^(\S+(?:\s\S\.)?)\s+(.*)$|, - "$2, $1"); - $sortablename_a cmp $sortablename_b } - keys %data) { +foreach my $key (sort { mk_sortable($a) cmp mk_sortable($b) } keys %data) { my $pgpurl = $data{$key}->{pgpid} if $options{pgp}; $pgpurl =~ s|\s+||g if $pgpurl; $pgpurl = @@ -73,7 +67,7 @@ foreach my $key (sort { my $sortablename_a = push @columndata, join('', $data{$key}->{active} ? "" : "", - "$key", + encode_entities($key), $data{$key}->{active} ? "" : " (I)", $data{$key}->{emeritus} ? " (OMC Emeritus)" : "") if $options{name}; @@ -93,3 +87,18 @@ foreach my $key (sort { my $sortablename_a = } print "\n"; + +sub mk_sortable { + my $name = shift; + + # Peel off any title + $name =~ s/(Dr|Mr|Mrs|Miss)\.?\s+//; + + # Split into first+middle name and last names and flip them over with + # a comma between. + # We work with the assumption that the middle name, if included, is + # given as a single letter followed by a possible period. + $name = ($name =~ m|^(\S+(?:\s\S\.?)?)\s+(.*)$|, "$2, $1"); + + return $name; +} From no-reply at appveyor.com Thu Jun 14 16:49:17 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 14 Jun 2018 16:49:17 +0000 Subject: [openssl-commits] Build failed: openssl master.18476 Message-ID: <20180614164917.1.FD8D1802395CA05C@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jun 14 17:15:27 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 14 Jun 2018 17:15:27 +0000 Subject: [openssl-commits] Build completed: openssl master.18477 Message-ID: <20180614171527.1.77EFC1FA39DB6D24@appveyor.com> An HTML attachment was scrubbed... URL: From appro at openssl.org Thu Jun 14 19:25:18 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 14 Jun 2018 19:25:18 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529004318.201638.11109.nullmailer@dev.openssl.org> The branch master has been updated via 82b6b0848cea95de821a7f901bd8b0b5dab17fa4 (commit) via 0ef40b76e745731a28f7340071c051316b8a1bae (commit) from 17e822e9f85e4cd65eba1dd4ba710749aa71793f (commit) - Log ----------------------------------------------------------------- commit 82b6b0848cea95de821a7f901bd8b0b5dab17fa4 Author: Andy Polyakov Date: Wed Jun 13 11:10:27 2018 +0200 Configurations/10-main.conf: improve Makefile readability on AIX and Solaris. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6477) commit 0ef40b76e745731a28f7340071c051316b8a1bae Author: Andy Polyakov Date: Wed Jun 13 10:57:51 2018 +0200 Configurations/10-main.conf: move hpux-shared flags to hpux-common. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6477) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 35 +++++++++++++++++++---------------- Configurations/shared-info.pl | 5 ----- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 63862e7..54f609d 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -232,7 +232,7 @@ my %targets = ( ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG", shared_cflag => "-fPIC", - shared_ldflag => add("-shared -static-libgcc"), + shared_ldflag => add_before("-shared -static-libgcc"), }, "solaris64-x86_64-gcc" => { # -shared -static-libgcc might appear controversial, but modules @@ -254,7 +254,7 @@ my %targets = ( bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", shared_cflag => "-fPIC", - shared_ldflag => add("-shared -static-libgcc"), + shared_ldflag => add_before("-shared -static-libgcc"), multilib => "/64", }, @@ -285,7 +285,7 @@ my %targets = ( bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", shared_cflag => "-KPIC", - shared_ldflag => add("-G -dy -z text"), + shared_ldflag => add_before("-G -dy -z text"), multilib => "/64", }, @@ -301,7 +301,7 @@ my %targets = ( ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG RC4_CHAR", shared_cflag => "-fPIC", - shared_ldflag => add("-shared"), + shared_ldflag => add_before("-shared"), }, "solaris-sparcv8-gcc" => { inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv8_asm") ], @@ -336,7 +336,7 @@ my %targets = ( ex_libs => add(threads("-lpthread")), bn_ops => "BN_LLONG RC4_CHAR", shared_cflag => "-KPIC", - shared_ldflag => add("-G -dy -z text"), + shared_ldflag => add_before("-G -dy -z text"), }, #### "solaris-sparcv8-cc" => { @@ -463,7 +463,10 @@ my %targets = ( lib_cppflags => "-DB_ENDIAN", thread_scheme => "pthreads", dso_scheme => "dlfcn", # overridden in 32-bit PA-RISC builds - shared_target => "hpux-shared", + shared_target => "self", + bin_lflags => "-Wl,+s,+cdp,../:,+cdp,./:", + shared_ldflag => "-Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+cdp,../:,+cdp,./:", + shared_sonameflag=> "-Wl,+h,", }, "hpux-parisc-gcc" => { inherit_from => [ "hpux-common" ], @@ -476,7 +479,7 @@ my %targets = ( bn_ops => "BN_LLONG RC4_CHAR", dso_scheme => "dl", shared_cflag => "-fPIC", - shared_ldflag => "-shared", + shared_ldflag => add_before("-shared"), shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", }, "hpux-parisc1_1-gcc" => { @@ -492,7 +495,7 @@ my %targets = ( ex_libs => add("-ldl", threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", shared_cflag => "-fpic", - shared_ldflag => "-shared", + shared_ldflag => add_before("-shared"), shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", multilib => "/pa20_64", }, @@ -510,7 +513,7 @@ my %targets = ( bn_ops => "RC4_CHAR", dso_scheme => "dl", shared_cflag => "+Z", - shared_ldflag => "-b", + shared_ldflag => add_before("-b"), shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", }, "hpux-parisc1_1-cc" => { @@ -529,7 +532,7 @@ my %targets = ( ex_libs => add("-ldl", threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", shared_cflag => "+Z", - shared_ldflag => "-b", + shared_ldflag => add_before("-b"), shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", multilib => "/pa20_64", }, @@ -545,7 +548,7 @@ my %targets = ( ex_libs => add("-ldl", threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT", shared_cflag => "+Z", - shared_ldflag => "-b", + shared_ldflag => add_before("-b"), shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "/hpux32", }, @@ -559,7 +562,7 @@ my %targets = ( ex_libs => add("-ldl", threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", shared_cflag => "+Z", - shared_ldflag => "-b", + shared_ldflag => add_before("-b"), shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "/hpux64", }, @@ -573,7 +576,7 @@ my %targets = ( ex_libs => add("-ldl", threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT", shared_cflag => "-fpic", - shared_ldflag => "-shared", + shared_ldflag => add_before("-shared"), shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "/hpux32", }, @@ -586,7 +589,7 @@ my %targets = ( ex_libs => add("-ldl", threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", shared_cflag => "-fpic", - shared_ldflag => "-shared", + shared_ldflag => add_before("-shared"), shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "/hpux64", }, @@ -1140,7 +1143,7 @@ my %targets = ( ex_libs => threads("-pthread"), bn_ops => "BN_LLONG RC4_CHAR", perlasm_scheme => "aix32", - shared_ldflag => add("-shared -static-libgcc"), + shared_ldflag => add_before("-shared -static-libgcc"), AR => add("-X32"), RANLIB => add("-X32"), }, @@ -1153,7 +1156,7 @@ my %targets = ( ex_libs => threads("-pthread"), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", perlasm_scheme => "aix64", - shared_ldflag => add("-shared -static-libgcc"), + shared_ldflag => add_before("-shared -static-libgcc"), AR => add("-X64"), RANLIB => add("-X64"), }, diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index 1a49100..6c5e338 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -86,9 +86,4 @@ my %shared_info; shared_sonameflag => '-Wl,-soname=', }; }, - 'hpux-shared' => { - bin_lflags => '-Wl,+s,+cdp,../:,+cdp,./:', - shared_ldflag => '-Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+cdp,../:,+cdp,./:', - shared_sonameflag => '-Wl,+h,', - }, ); From appro at openssl.org Thu Jun 14 19:28:11 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 14 Jun 2018 19:28:11 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529004491.332724.12122.nullmailer@dev.openssl.org> The branch master has been updated via 3f0c3d2263cd98dd3bcd366f199f0df7c9887d81 (commit) from 82b6b0848cea95de821a7f901bd8b0b5dab17fa4 (commit) - Log ----------------------------------------------------------------- commit 3f0c3d2263cd98dd3bcd366f199f0df7c9887d81 Author: Andy Polyakov Date: Wed Jun 13 14:00:04 2018 +0200 bn/bn_exp.c: harmonize all code paths with last commit. 848113a30b431c2fe21ae8de2a366b9b6146fb92 added mitigation for a side-channel attack. This commit extends approach to all code paths for consistency. [It also removes redundant white spaces introduced in last commit.] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6480) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_exp.c | 55 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 22 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 2dbf5b4..10d3912 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -850,20 +850,27 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, top /= 2; bn_flip_t4(np, mont->N.d, top); - bits--; - for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + /* + * The exponent may not have a whole number of fixed-size windows. + * To simplify the main loop, the initial window has between 1 and + * full-window-size bits such that what remains is always a whole + * number of windows + */ + window0 = (bits - 1) % 5 + 1; + wmask = (1 << window0) - 1; + bits -= window0; + wvalue = bn_get_bits(p, bits) & wmask; bn_gather5_t4(tmp.d, top, powerbuf, wvalue); /* * Scan the exponent one window at a time starting from the most * significant bits. */ - while (bits >= 0) { + while (bits > 0) { if (bits < stride) - stride = bits + 1; + stride = bits; bits -= stride; - wvalue = bn_get_bits(p, bits + 1); + wvalue = bn_get_bits(p, bits); if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) continue; @@ -971,32 +978,36 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bn_scatter5(tmp.d, top, powerbuf, i); } # endif - bits--; - for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + /* + * The exponent may not have a whole number of fixed-size windows. + * To simplify the main loop, the initial window has between 1 and + * full-window-size bits such that what remains is always a whole + * number of windows + */ + window0 = (bits - 1) % 5 + 1; + wmask = (1 << window0) - 1; + bits -= window0; + wvalue = bn_get_bits(p, bits) & wmask; bn_gather5(tmp.d, top, powerbuf, wvalue); /* * Scan the exponent one window at a time starting from the most * significant bits. */ - if (top & 7) - while (bits >= 0) { - for (wvalue = 0, i = 0; i < 5; i++, bits--) - wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); - + if (top & 7) { + while (bits > 0) { bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, - wvalue); + bn_get_bits5(p->d, bits -= 5)); + } } else { - while (bits >= 0) { - wvalue = bn_get_bits5(p->d, bits - 4); - bits -= 5; - bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue); + while (bits > 0) { + bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, + bn_get_bits5(p->d, bits -= 5)); } } @@ -1038,12 +1049,12 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } } - /* + /* * The exponent may not have a whole number of fixed-size windows. * To simplify the main loop, the initial window has between 1 and * full-window-size bits such that what remains is always a whole * number of windows - */ + */ window0 = (bits - 1) % window + 1; wmask = (1 << window0) - 1; bits -= window0; @@ -1064,7 +1075,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) goto err; - /* + /* * Get a window's worth of bits from the exponent * This avoids calling BN_is_bit_set for each bit, which * is not only slower but also makes each bit vulnerable to From paul.dale at oracle.com Thu Jun 14 23:11:45 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Thu, 14 Jun 2018 23:11:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529017905.543045.1590.nullmailer@dev.openssl.org> The branch master has been updated via 741f0c32b55e06208fba9a72497a017bdee8737c (commit) from 3f0c3d2263cd98dd3bcd366f199f0df7c9887d81 (commit) - Log ----------------------------------------------------------------- commit 741f0c32b55e06208fba9a72497a017bdee8737c Author: David Cooper Date: Fri Jun 15 09:10:30 2018 +1000 Update certificates in demos/bio, demos/cms, demos/smime This commit replaces the certificates in demos/bio with new certificates that don't expire until 2118. The same certificates appear in both demos/smime and demos/cms. This commit copies the new certificates and keys from demos/smime to demos/cms. This PR Fixes #6412 by updating cacert.pem and signer.pem in the openssl/demos/smime/ directory. It also updates all of the keys with longer key lengths. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6483) ----------------------------------------------------------------------- Summary of changes: demos/bio/intca.pem | 44 ++++++++-------- demos/bio/root.pem | 46 +++++++++------- demos/bio/server-ec.pem | 26 ++++----- demos/bio/server.pem | 136 ++++++++++++++++++++++++------------------------ demos/cms/cacert.pem | 43 +++++++++------ demos/cms/cakey.pem | 50 +++++++++++++----- demos/cms/signer.pem | 76 +++++++++++++++++---------- demos/cms/signer2.pem | 76 +++++++++++++++++---------- demos/smime/cacert.pem | 43 +++++++++------ demos/smime/cakey.pem | 50 +++++++++++++----- demos/smime/signer.pem | 76 +++++++++++++++++---------- demos/smime/signer2.pem | 76 +++++++++++++++++---------- 12 files changed, 451 insertions(+), 291 deletions(-) diff --git a/demos/bio/intca.pem b/demos/bio/intca.pem index 3551ea9..9f1cc02 100644 --- a/demos/bio/intca.pem +++ b/demos/bio/intca.pem @@ -1,23 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD -QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL -MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ -VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl -IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG -W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL -IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ -GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2 -ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds -ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr -VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD -VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz -audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg -j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt -CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR -gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I -RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN -thI= +MIIEPzCCAqegAwIBAgIILsaQqJAjK4IwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UE +BhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNU +SU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAMMFE9wZW5TU0wgVGVzdCBSb290IENB +MCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjBwMQswCQYDVQQGEwJV +SzEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcg +UFVSUE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0 +ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIpVng2wNFJp2kF +oJ6Yji25wy1YufnS8NxA82fk5OHdhGWj1CWqnQNotEqEQzcOUszQYrNxd8tEvoWk +Ik4JMBVoEcgBGedchftptTNulFWodWpi1yFaqA/Nz2BsVgcCJW4C+UWDT7VeHtGU +7tYKKr35lxp6io/a4jUDQXvO2nJA9YlrxOktunMqtoZSYqUz35ZXsdkn58o8Fbqm +dEpw6AqAr9aBgY5DSaGxbaX2lwNt9NvB+f9ucOqEnPP8AfTlPYc/ENwJ6u/H8RGw +d1im71mu2lHjcws3aHkbluH860U3vlKWx6Ff1qdQcH98e2HwElqxCK00xya8leu4 +u64nljkCAwEAAaNjMGEwHQYDVR0OBBYEFAoDRKVoOufDXW5Ui7L4ONxANVsFMB8G +A1UdIwQYMBaAFDZjTeLsQUG6KL9xuLhzXVdB4pkKMA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBgQDZQJLA90ewVaS3E3du +gSjPkQ1xsHm8H1am+7zr5oZ81J+R8XYIZgMR+9ShVo38OradiYNqDLso+4iuVdxh +hzoSoQELoDXCficzWKnlAtWvwDDoczyK+/p94g3VKx14n2+GvQzoZ4kwQQgaFH1w +YI6w0oH9zwoklCxvihj8D069QrYyuTT8JGZ2m0FHqVJg6teuQKFahSgwYR2CUoIb +6PrpSUQeCVCH8TPkzlRT6UgtM3ERt7+TlQ+zZ80dSf4YTAsDv9Z/CJXiF/5wZr6/ +lWuFjWmX2HkpEW6Wiv5KF8QP6Ft7Z+RYua7RMtELCYvqYbWDBs7fXWGBkZ5xhB09 +jCxz+F7zOeRbyzacfFq9DhxCWCRbIrdgGGE/Of2ujJtmK/2p4M6E5IsKNAI2SJBW +iJXvIgQgR22ehPqy6er2Gog5LkWUwqB0kHZJJpbp1IW01IGTpD6YAJyVCEAlyMbo +Kto9+wQFLT3Auv/W5h6OwxkNdfAyZBYy0ZSFk4EE8OdWWY4= -----END CERTIFICATE----- diff --git a/demos/bio/root.pem b/demos/bio/root.pem index 3bd0e9b..b1a1c21 100644 --- a/demos/bio/root.pem +++ b/demos/bio/root.pem @@ -1,22 +1,28 @@ -----BEGIN CERTIFICATE----- -MIIDtjCCAp6gAwIBAgIJAKkg71CjIAovMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD -QTAeFw0xNDAyMjMxMzA1MTNaFw0yNDAyMjExMzA1MTNaMGgxCzAJBgNVBAYTAlVL -MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ -VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs -vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H -q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG -juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu -R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r -77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA -AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA -FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCsoxVi49anYZ1aI/2rVJ5bvEd3ZvGn -wx1Y+l75SQVYU2qX9CHNBVg1t8reIBN8yPEfBM1WcFPEg7Vy3zFaklMPm/oYXwVI -/lX/LsfPUxdnQmONxLw4x/0booN1LV/dtRcebewUSqog6W9Z2fbTEe6srIBE4M5G -Wa943lthlmQM6HzlU4D606PQ3zQbX08mue4eqQB813r4uSoI1MpGLqxkziBRFGGN -T4VNYp8DeSVr3jHjNBmKCAPZxJIYElnLEK027OG00RH7sF7SGFDNsCjN1NmCvuRz -9AHnjVIBNzIvI3uiOn9tngRDXBRIcUBsdYG19tal8yWBgrr9SdlqFy/Y +MIIEwzCCAyugAwIBAgIUHKKc7fxVgQjWQ7IF6l7m/fHQHH8wDQYJKoZIhvcNAQEL +BQAwaDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNV +BAsMGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAMMFE9wZW5TU0wg +VGVzdCBSb290IENBMCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjBo +MQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZ +Rk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEAwwUT3BlblNTTCBUZXN0 +IFJvb3QgQ0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDaTVriXS5C +6C17OxGwWR4xxdLveLLkAb0+nSiYpzfCcEGX3qiBxHDA+Nj1kkihIJNkXmrKxa3w +1XIVoSUaVULuVxe3vqla+DScGC9MLVsfIwWe8UdGsKst4VvvtNvQUZ5CvLF4jv0V +nabvQhcjY5X7A/t8cZcjOHcaZ9fkThhG/7tJKwp4dLgPcXIimQ0UtP5gRBxnpEYd +l21mPjafqPt02lfOWTgnT5PeVoBDmN7QcrTlI7RzaeDglwFm10rNuYsRxrVsEfiG +Ejup/1eM/69zkV4Lb2RFbIpZ+oKqQ5AEemh6/IP9VwX08DOX3T1EqwthyB+yOZgp +BQ/MZ2M21E03sxlgPGKkRVTU520az84Tyft7T7sJ6BeGSMrdEZVUSJxsS/iFFwL2 +ubmhG6tq0ALIyoS+rUeHUeH2pVnEEcHIXAsLbCXfmsRpWU1fOHcpkTSzbMPhqMa3 +K8aKNHni0UtoD+ddOw0Zrx4uf3zlbPCzy2eQ2d8qb/TSynGxWmN8an8CAwEAAaNj +MGEwHQYDVR0OBBYEFDZjTeLsQUG6KL9xuLhzXVdB4pkKMB8GA1UdIwQYMBaAFDZj +TeLsQUG6KL9xuLhzXVdB4pkKMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMA0GCSqGSIb3DQEBCwUAA4IBgQCFbQA4yoXhxVQm+tEMpfKf2VEzQVNw0Tzd +Vy+zbscQ04RM4Hx4YbICdX+J7M2fYByU+KawllZJI++mfS9sbnuPIouD5NJLX5EH +//5rySOqA0OkN/Y8f41xp/YF5j96NUCjg3RoerefRSHZfNWJE1faQEHuhwDZK6OQ +GNgt246FZ7ittfe537MHUWY7CjKt6kILN03rVKSgRwwOw5Tv+VyUVyUtRppWl57L +Z+41g0gZ/r7h6ACd+n35nuzgbmqUF2VNYQLo7RzaxPvtkzJ4t96r+5NAr1cx8thr +3rnJWSgpm1ZKdtHMj1jCLxarn8gNz2gB35Tn2NdzHQI0/aEEcfLWpU9mrmhUW+yy +WEN2R8BqGsC++HhlUKKJZgR48SHF5MOBl4KyZPylBuPYcJFQdnEbioBLPlvt5bbt ++o/w3sCR3ZVHMB0n9OcQwd6tdN7aDiept6lJPlOp4dfFjkku8J5nM0oY/Xsg194A +rRK0SBUCVN/2NSHFl9LKEqQiQIUjOQM= -----END CERTIFICATE----- diff --git a/demos/bio/server-ec.pem b/demos/bio/server-ec.pem index a13fdc7..ce8dccc 100644 --- a/demos/bio/server-ec.pem +++ b/demos/bio/server-ec.pem @@ -1,17 +1,17 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/5kYU3PUlHwfdjEN -lC1xTZEx3o55RgtSOuOCTryDfomhRANCAARW/qUFg+qZzjcFWrST4bmkRCFu8/rn -KTHjW2vpBXYGXKDn4AbAfYXYhM9J7v1HkkrZBPPGx53eVzs61/Pgr6Rc +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsoKOpzTm/+VR5xOk +kgwtljzMFYtX4NGdqCkxjitXvLmhRANCAASsxTC21z8mDYAX/RgLK5XGJNmPlHcY +VMql6fSeS+9fTZnn1Ma12932/UBfFTITOuHviJYkQ5KxVSitmgMwnF3V -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIBsTCCAVegAwIBAgIJALChLe0vZzgoMAoGCCqGSM49BAMCMDUxHzAdBgNVBAsM -FlRlc3QgRUNEU0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x -NTEyMjIxNDUxMDRaFw00NDAxMDQxNDUxMDRaMDUxHzAdBgNVBAsMFlRlc3QgRUNE -U0EgQ2VydGlmaWNhdGUxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG -CCqGSM49AwEHA0IABFb+pQWD6pnONwVatJPhuaREIW7z+ucpMeNba+kFdgZcoOfg -BsB9hdiEz0nu/UeSStkE88bHnd5XOzrX8+CvpFyjUDBOMB0GA1UdDgQWBBROhkTJ -lsm8Qd8pEgrrapccfFY5gjAfBgNVHSMEGDAWgBROhkTJlsm8Qd8pEgrrapccfFY5 -gjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFhyU/WZRcihilTpwFVm -fly1JhwisouiZjLnPkRYZVzHAiEAgqxXfRQl1/phnEgO9gRcv2nFp9xvJiDgKPse -VktDYjE= +MIIBvjCCAWSgAwIBAgIURVOfyUojPPQMfDEVhKY4DIdeLY0wCgYIKoZIzj0EAwIw +NTEfMB0GA1UECwwWVGVzdCBFQ0RTQSBDZXJ0aWZpY2F0ZTESMBAGA1UEAwwJbG9j +YWxob3N0MCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjA1MR8wHQYD +VQQLDBZUZXN0IEVDRFNBIENlcnRpZmljYXRlMRIwEAYDVQQDDAlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASsxTC21z8mDYAX/RgLK5XGJNmPlHcY +VMql6fSeS+9fTZnn1Ma12932/UBfFTITOuHviJYkQ5KxVSitmgMwnF3Vo1AwTjAd +BgNVHQ4EFgQUA0dWehTLHzBYhzfXiTIVUOXDusMwHwYDVR0jBBgwFoAUA0dWehTL +HzBYhzfXiTIVUOXDusMwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEA +8/l8RyihzqlEnLjcyIEaXTZm4HyNgZRQKhNACCW3jd4CIEbMJAf/D0eY38EeP2xY +/BDy/BYXYmyDQeqiE+RDjG5X -----END CERTIFICATE----- diff --git a/demos/bio/server.pem b/demos/bio/server.pem index 8a4a51f..d4bc393 100644 --- a/demos/bio/server.pem +++ b/demos/bio/server.pem @@ -1,77 +1,79 @@ subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA -----BEGIN CERTIFICATE----- -MIIDyTCCArGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVSzEW -MBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcgUFVS -UE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0ZSBD -QTAgFw0xNjAxMDQwODU0NDZaGA8yMTE2MDEwNTA4NTQ0NlowZDELMAkGA1UEBhMC -VUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNUSU5H -IFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJKCLTuf7g -3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfiR7bfSdI/ -+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMvvPQGuI+O -EAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7TVcGVSEi -Jdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU41NEWAsu -/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8RAgMBAAGj -eDB2MB0GA1UdDgQWBBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2 -w2yI55X+sL3szj49hqshgYfa2jAJBgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUF -BwMBMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAC78R -sAr4uvkYOu/pSwQ3MYOFqZ0BnPuP0/AZW2zF7TLNy8g36GyH9rKxz2ffQEHRmPQN -Z11Ohg3z03jw/sVzkgt2U5Ipv923sSeCZcu0nuNex3v9/x72ldYikZNhQOsw+2kr -hx3OvE9R7xl9eyjz7BknsbY7PC3kiUY8SDdc5Fr/XMkHm3ge65oWYOHBjC5tAr5K -FGCEjM3syxS+Li5X6yfDGiVSjOU4gJuZDCYbl7cEQexU2deds8EmpJJrrI7s4JcQ -rraHI8+Hu8X9VLpZE1jl/fKJw3D0i53PoN2WhukIOg1Zv+ajMKQ4ubVfISH2ebox -+ybAZO8hxL6/I08/GQ== +MIID0DCCArigAwIBAgIIcsOElVeHzfYwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE +BhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNU +SU5HIFBVUlBPU0VTIE9OTFkxJTAjBgNVBAMMHE9wZW5TU0wgVGVzdCBJbnRlcm1l +ZGlhdGUgQ0EwIBcNMTgwNjE0MTI0NjI4WhgPMjExODA2MTQxMjQ2MjhaMGQxCzAJ +BgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1Ig +VEVTVElORyBQVVJQT1NFUyBPTkxZMRkwFwYDVQQDDBBUZXN0IFNlcnZlciBDZXJ0 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jIZ8IZ4dIzBc+ZfdmG5 +n8G3JzRX99QvIqv52s4hFVfdzoa+AciKJpo9zkegWPmfsAVNa4uVceg/ZQt6qJsu +G/pxbQSZVnyjDQGtt7rgaDEbyUP0XJCnzyRdWSUjFS8yNZn4NkmZU01GlHtXdzWy +dEa5PaiTIwW0HI+bjjOEhwJ1hFuFqzlKHVKHA6DBzNcl6ly0E/q2kyslbR+0hq7p +NMqKvvuAxqgc//W8KvLDlKAt9D3t5zgh2+BrMPemrzjEaM97yHTogJo7+SKVDdUw +YQ7Br3xfyki9u2bUYib1BMSvLezxNP0qf/iU91z4xyLmMvOXE6W0D1WHwya1CfE7 +vwIDAQABo3gwdjAdBgNVHQ4EFgQU3ulCbvgfxej6rHnddMpBidwnLIIwHwYDVR0j +BBgwFoAUCgNEpWg658NdblSLsvg43EA1WwUwCQYDVR0TBAIwADATBgNVHSUEDDAK +BggrBgEFBQcDATAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQAD +ggEBAENMzaqJtmWED++W4KXFVwNBkQ87errBXe4jVeYKpjNb0JGMm60MS5ty54fb +r27SsR2EEk3EK2rcd85RR7TEKZCn9SvPykVtVf0tru7nOptQJgSbRvxIzyyq1UcE +K+BXDgN/I0f1X6qbk4Stb6uJF7yyAUabacjwKqgVifOOeKF9WJhVA8qJKoVq7HLN +k+uvm0geO1I4LKeULXVnQy8kwB6twcxN8iPyO45ZxbYIVeEKaYtbj/XPoq6KsLIb +5fj+mK1r/LkWk352ksNhf73r3alF8TBcSLqnbMoy1/ZvzlI4ksp9IGWtIU+CzP/f +VUjh00NOwDLd5jJbPoWW0oNp9m4= -----END CERTIFICATE----- subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Root CA -----BEGIN CERTIFICATE----- -MIIDvjCCAqagAwIBAgIJAPzCy4CUW9/qMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD -QTAeFw0xNTA3MTQxMzIyMDVaFw0yNTA2MjExMzIyMDVaMHAxCzAJBgNVBAYTAlVL -MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ -VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl -IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG -W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL -IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ -GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2 -ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds -ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr -VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD -VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAANQT0pDWBQoT/RY76xz -audadGz/dfYnwvSwT0RMFcXLcMVVRNqP0HeR8OP8qLaP7onRbNnEXNfos9pxXYlg -j+/WjWTBLVcr3pX2Xtmcaqw3CGN9qbQI8B3JkYeijZmc5+3r5MzK/9R0w8Y/T9Xt -CXEiQhtWHpPrFEfrExeVy2kjJNRctEfq3OTd1bjgX64zvTU7eR+MHFYKPoyMqwIR -gjoVKinvovEwWoZe5kfMQwJNA3IgoJexX9BXbS8efAYF/ku3tS0laoZS/q6V/o5I -RvG0OqnNgxhul+96PE5ujSaprsyvBswIUKt+e/BCxGaS6f2AJ8RmtoPOSfT4b9qN -thI= +MIIEPzCCAqegAwIBAgIILsaQqJAjK4IwDQYJKoZIhvcNAQELBQAwaDELMAkGA1UE +BhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBURVNU +SU5HIFBVUlBPU0VTIE9OTFkxHTAbBgNVBAMMFE9wZW5TU0wgVGVzdCBSb290IENB +MCAXDTE4MDYxNDEyNDYyOFoYDzIxMTgwNjE0MTI0NjI4WjBwMQswCQYDVQQGEwJV +SzEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEiMCAGA1UECwwZRk9SIFRFU1RJTkcg +UFVSUE9TRVMgT05MWTElMCMGA1UEAwwcT3BlblNTTCBUZXN0IEludGVybWVkaWF0 +ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIpVng2wNFJp2kF +oJ6Yji25wy1YufnS8NxA82fk5OHdhGWj1CWqnQNotEqEQzcOUszQYrNxd8tEvoWk +Ik4JMBVoEcgBGedchftptTNulFWodWpi1yFaqA/Nz2BsVgcCJW4C+UWDT7VeHtGU +7tYKKr35lxp6io/a4jUDQXvO2nJA9YlrxOktunMqtoZSYqUz35ZXsdkn58o8Fbqm +dEpw6AqAr9aBgY5DSaGxbaX2lwNt9NvB+f9ucOqEnPP8AfTlPYc/ENwJ6u/H8RGw +d1im71mu2lHjcws3aHkbluH860U3vlKWx6Ff1qdQcH98e2HwElqxCK00xya8leu4 +u64nljkCAwEAAaNjMGEwHQYDVR0OBBYEFAoDRKVoOufDXW5Ui7L4ONxANVsFMB8G +A1UdIwQYMBaAFDZjTeLsQUG6KL9xuLhzXVdB4pkKMA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBgQDZQJLA90ewVaS3E3du +gSjPkQ1xsHm8H1am+7zr5oZ81J+R8XYIZgMR+9ShVo38OradiYNqDLso+4iuVdxh +hzoSoQELoDXCficzWKnlAtWvwDDoczyK+/p94g3VKx14n2+GvQzoZ4kwQQgaFH1w +YI6w0oH9zwoklCxvihj8D069QrYyuTT8JGZ2m0FHqVJg6teuQKFahSgwYR2CUoIb +6PrpSUQeCVCH8TPkzlRT6UgtM3ERt7+TlQ+zZ80dSf4YTAsDv9Z/CJXiF/5wZr6/ +lWuFjWmX2HkpEW6Wiv5KF8QP6Ft7Z+RYua7RMtELCYvqYbWDBs7fXWGBkZ5xhB09 +jCxz+F7zOeRbyzacfFq9DhxCWCRbIrdgGGE/Of2ujJtmK/2p4M6E5IsKNAI2SJBW +iJXvIgQgR22ehPqy6er2Gog5LkWUwqB0kHZJJpbp1IW01IGTpD6YAJyVCEAlyMbo +Kto9+wQFLT3Auv/W5h6OwxkNdfAyZBYy0ZSFk4EE8OdWWY4= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv -h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL -tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu -D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI -uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6 -qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn -zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3 -r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D -AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R -5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm -W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH -674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg -utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY -BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX -4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a -WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8 -bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH -6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex -4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa -WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g -n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB -JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+ -OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX -xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK -UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== +MIIEpQIBAAKCAQEA0jIZ8IZ4dIzBc+ZfdmG5n8G3JzRX99QvIqv52s4hFVfdzoa+ +AciKJpo9zkegWPmfsAVNa4uVceg/ZQt6qJsuG/pxbQSZVnyjDQGtt7rgaDEbyUP0 +XJCnzyRdWSUjFS8yNZn4NkmZU01GlHtXdzWydEa5PaiTIwW0HI+bjjOEhwJ1hFuF +qzlKHVKHA6DBzNcl6ly0E/q2kyslbR+0hq7pNMqKvvuAxqgc//W8KvLDlKAt9D3t +5zgh2+BrMPemrzjEaM97yHTogJo7+SKVDdUwYQ7Br3xfyki9u2bUYib1BMSvLezx +NP0qf/iU91z4xyLmMvOXE6W0D1WHwya1CfE7vwIDAQABAoIBAQC2HAo1RYvfDoQc +sh9LJWf5bZANO2Brqz4bP/x9AdHP+AyH/l1oliJ7R2785TmbXMppam6lGo4j3h/u +n39pzOip/NWAqldfgySRBD9Jy3LZUpLMUT/JYtrAsLTfozk+BWHu5rMR9boNXgok +Yqho8/DkpNGhBghUc4CUricLkL7laD3ziAHpx8yALL3tnLGOpgT9hNrA8Dm3yfUS +JEfiG12ILXvq1IP+vUNuaLpTLJZuqUmLpK8v+CBYgKxfd+TDnEjul4PqhhIIFK3A +xEZYQR2D/AXUwng9hP9uCbVm5lOY6vRbi9Fpbt+KRv+m25s1AnuhJFBOsL30h/Tb +iCKWm/nhAoGBAO0bFqMvZHjaT2KiwOwG/Ze9NsjynFPVltiuCqNj8HE5wM6imC5J +SdB+jMkgN6ERXALWrtr8Uf2pqzfeMsi6pekOOVTWLe/8c4bAZRxaCZn/BlZRysZI +vB9Gb7m7Oymw5iDSqrYywgOiUu+oIiCrmPOealhmn7zmHzHaETvdL9zDAoGBAOLy +DVT1csoexnuHVIWqnp7FK7lv6eOGZSdXpfJ3XYjmKJLK2hpVZe+J/mFOL1wsKSt4 +0k/V0dnkHR7V4Pa4ECiCthkWMWrBVIHe7+ZnZ0ocKQSC+EEecavOiZ57S/qnUlT6 +NtQP4cSy4DHzzFZdTZnn+2oymapPZpb2mvSN/GVVAoGADrIlHwwq8Aqn7Pclefuc +8DC8GoxfABs29EslQadKGdp4htYxFH1aY9/UHgsvJ36J82sW/1+wPUas5BOTljlr +WxyUlRuJUVyWVH3MRouWGMNjwynipZOQhWe6OQrPye+688Ha7twKhmsjNNN4+glo +u4DQGpaRxAWHXXGkq88zzj0CgYEAsICEceD7R8srnwMfb13FQ8IhQXWSuAvcO/7k +53CCZGhsgc4WVoi4YNY360G9f7gwxMiQ+NpY/Vd2dnbtIbUBjCAss9IY2OhHa0IR +3mXpZTAFjqa1oR+mVHKrgYBvFSBw3fpEDiXT9wEPcIomD709D0fmty9nZ5edOCfP +WAfdlokCgYEAqXuMuAg3NMMgEv+eBfsf43v3hRwBqPYanE26wcO3GoT/S8BpB6wy +vBoPZOlO5ZfsD2jaTec60GLay+MofxC7qNXIjzHOw50ry4bqHqqoQbn2cONE1k+0 +ov7H2keTcG9FEGgL7dRUq3pRUo/W12WmRuDN17IEgkzAeisJnoiPtaQ= -----END RSA PRIVATE KEY----- diff --git a/demos/cms/cacert.pem b/demos/cms/cacert.pem index 75cbb34..1949fc3 100644 --- a/demos/cms/cacert.pem +++ b/demos/cms/cacert.pem @@ -1,18 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3 -WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD -aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN -RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz -i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR -ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT -jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx -CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B -SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD -VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB -ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc -G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo -u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF -1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw== +MIIFBjCCA26gAwIBAgIUM/WihZJZUTZvqoyNaUlp59DOaWYwDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwN +T3BlblNTTCBHcm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0x +ODA2MTQxMjQ2MjhaGA8yMTE4MDYxNDEyNDYyOFowVzELMAkGA1UEBhMCVUsxEjAQ +BgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEcMBoGA1UE +AwwTVGVzdCBTL01JTUUgUm9vdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC +AYoCggGBAMzxOVHZFVxN9XQIVW3y1bK5ir3jKpKkU6zKrw8MdRvm233eqWSOYJvs +3rgdT59iv+CaPcBT5offbP0eH43H96CubJji/vQLMUzc/cLrJuCbLHREbSCsFNpf +lYw5mkT98dCFV66HuN6Nwqi5kW8TxGSXkD4OZqklbbicrXoXh5qhREID5hgbrijy +BiIHyp6bDq5zUCcmHP/Gdw2aTMEQZNsdw4MavtB65vI7dYxo2zEzdmJ3NnjlG7qZ +6Od6V4IW8yRAK9GLj0TUCZl28pq6rNio+F5Lst3clX9PDxh7LphNrXXYiHjXp2Kn +LZbOnz1SJSmCeisy/EFN6fRtwdwqcM1AcKNBU+UqFq0Mv0sgNdRwghYWGQht0mT9 ++Pg5HxTzDlOOmBT1kAduxJNLiRQlgysPDN94Os0EpzJyA87Z6yJRGvYGZ5mrdfx2 +8p6bHptf46h1WzCX4wDy2J86y+odgWMnSkmF9h8ySj66rgmLrz40n+mDm8bhUblK +AV8IqN8WmQIDAQABo4HHMIHEMB0GA1UdDgQWBBSkmMaBYQPTEGcqe1maU2IDOMLQ +ezCBlAYDVR0jBIGMMIGJgBSkmMaBYQPTEGcqe1maU2IDOMLQe6FbpFkwVzELMAkG +A1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBH +cm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQYIUM/WihZJZUTZvqoyN +aUlp59DOaWYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAqP1CQRGM +roHvk6dhI4ElNae5seRdSQNTtwAhlP1RoSoFz8xybMgDksKE07t77gDsKvU2SuXV +fdICqVpjpN9cRYKM6VmiREdU6OGsPQ74u4sOg4cT/tuou0RsD/uQaznb5NOvo2T0 +8rmX0Ai3+lbEuMBCaGNU0KYJifYy4QrSqEapq4W3NbqH85msOiKHEDh1vz9IWz6z +WKjdv9lst56XuLTZrJ/O0T0qD6aMXyqK6ZART/FELjDXc+9Ey4TH+msOEKq0uQWt +y7Grfmz52dTnAjBw+6/ggE9sA8Wo6DhwbEUaOA9BB5YP+XWsIkUUbiVHU7D8TyiE +KHt2DkaWvjl1/RdtzQUO/vGI4yuFTZfLf23KcwgtHJI3JxLNAMLM3I2jmoWhKm/d +GkVYsGH1GWonv0UTv/TKlOXaTYWK9fQVoYkFc+FrwUd2lev5FizJNigL9qatGyRZ +giJmWWlf0bMMIxwWZzQswxLyKdkNlvkKf9T6BjEmGLeOHZCn0x2sOyUi -----END CERTIFICATE----- diff --git a/demos/cms/cakey.pem b/demos/cms/cakey.pem index 3b53c5e..486c975 100644 --- a/demos/cms/cakey.pem +++ b/demos/cms/cakey.pem @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd -c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3 -dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB -AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5 -HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs -tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS -rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18 -9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u -jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is -uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU -+VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP -wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW -8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg== +MIIG5QIBAAKCAYEAzPE5UdkVXE31dAhVbfLVsrmKveMqkqRTrMqvDwx1G+bbfd6p +ZI5gm+zeuB1Pn2K/4Jo9wFPmh99s/R4fjcf3oK5smOL+9AsxTNz9wusm4JssdERt +IKwU2l+VjDmaRP3x0IVXroe43o3CqLmRbxPEZJeQPg5mqSVtuJyteheHmqFEQgPm +GBuuKPIGIgfKnpsOrnNQJyYc/8Z3DZpMwRBk2x3Dgxq+0Hrm8jt1jGjbMTN2Ync2 +eOUbupno53pXghbzJEAr0YuPRNQJmXbymrqs2Kj4Xkuy3dyVf08PGHsumE2tddiI +eNenYqctls6fPVIlKYJ6KzL8QU3p9G3B3CpwzUBwo0FT5SoWrQy/SyA11HCCFhYZ +CG3SZP34+DkfFPMOU46YFPWQB27Ek0uJFCWDKw8M33g6zQSnMnIDztnrIlEa9gZn +mat1/Hbynpsem1/jqHVbMJfjAPLYnzrL6h2BYydKSYX2HzJKPrquCYuvPjSf6YOb +xuFRuUoBXwio3xaZAgMBAAECggGBAJrqILzozke2ujpablEtBTITJHgC9lRgmMt9 +bjR+4ysTJ4kOvZbANPDIbVZY+a3uVEIv9UujYBgG4Hi4w3tF074G+xnaRIQuzbZf +OgaUABA527GLY74VtbGYHRAhHqbWGmrX0H6iIzE/kQw/MVr4YzTyiFsQQbPMEhNB +g7RNgvh0vIb2MYC5s71JrS8eGqAnb0KY8daV7ce9upJyt2Acx1AGQJqipegrbtVd +8q4PONkJIIyvtmJONNaprq8DAJDaTNdcZu7f7mymF5UFpp4Lh6raAvOZAZjgkPYW +PsX2uMAsYchXTmSDGOHNafqeyTS0UEaw6FRhpxzMoSxRXX4/RhjeShadYwHxbh7s +UwFU7S9EWlj8CjgGs00KFM1eMV0sEYsL8sRf7ZiWM5XJsmXKbRZjA5V+7OoSGElB +zJcERK6NFCISijApZlVveEVZS0qESivKd9bspOzbMdoJyjBW1LZdMH85YIwM8Dox +VqGR0QD3UP8RpZBRwTiFenqOpwARnQKBwQD1NBGcTxLLUUluEBG/TD9KM5sCnkm8 +cn5RomwTeBrUr9SXOJuUPa8RNLrAeosuWCrx9JkF25IBExQbbs1NRHuziOIOyI0+ +hvqP85zJln7kUDtiDMFfUdS8Q6PF3b3wJl6cbipowWwsahvUSkx3W8UWrzZHsvrO +LBtvEZdwetNWN50FK040uM6y/x71xfvUhlKBsuZBgDFU9aXJZAGpkCklZnByURN6 +LZudDQETdYo7/X8qqPlcHwHStGj9YXg/e38CgcEA1fdVA6s+KlRUGRTUDaUFPDji +MciTcvA3teXJWNAsFWd71oLT5eQNI50afF242ikTT6JuXFH0mMYKoVe/LFo7m2mf +uLcW4yM/FiKTkhnBQGm7KNqyvXB0T0DWTDSeS7hTzD6KjuJPf7JVH5I4In8jSKJd +3mzTA9keIosnxjX7EOsZNQd0+MKaJYHnvJsxYaoT9FXoONuyzQu96TQ8Q+fkVHXh +I/ENAw0qfoJ5mw5dQnU2UtjP6cSNVQ9Rsr48GNnnAoHBAJcI65AMZNc3yrMw0r2y +iYl7IBAMz/5zx7shANE9OcmoRJqhE7PMCvneMOo+kVyKkmlW8KrbBKQEzG3ZYjwl +4sxDlHrmrZnGKrBgrkK9oIuhn/JVSQcdsJwGTeqjG0vBVqWkdhrwiWESOvIYkeEz +dcLzScwAQtyb7ooLm+x8u5Bv0RhOBG4VJ7y5yKg6u1O9KTUarRnLjJd4eBYEs8Fu +Oun+n2TK6+RmE2Q5jmAeFne9PYdZbb+Ame7fkYwBbcAsoQKBwQC1KHQSZyp7LGsH +0Vq5Mr77/i2FeQ1eg4SnvaZ8S8UHWla/iIVgX3XAcYO7SJ76F00CX8SQ5dLyhrr5 +YBG8u6k8LHHPMzVtmqoPU7cePDAjGWIddQ1g15WihILsgqCD+8z3YPxvfa1RsOvh +jyt4Ca0WEmLnr7v5xhp9pNRIPewUpvjwrR+cfyeEGjjat4tX5Wh/tzym51y7vvVM +Pa3I0M3BtQyqIa2ip8MS2eWcIs1TN2qHOorOolwHaLEDZY38fIECgcAKns98A2G3 +tLvZaDZlVsJWZsdSDUrFCKvx9QbTZHbyOL5JU/8TgLBgfOgV2yxLXn9Pq+0Quvb2 +EjaFuA3GKOFi50WtfwR6Yo1DaFcx5n0bDShnaHOF+dUi0BVQd2V1DsqAwF5/Eh3A +lX+XuWeSam4/91WhmNMCZpfYv0GErs4ZBHHsl54jmvrrjbhg/efUvpWKi/9vlKm+ ++ITH+nG1xCnyEEVZ+vm9Qq57lCLBZGyGT4PetllpsRrGcdO4/gfK8lY= -----END RSA PRIVATE KEY----- diff --git a/demos/cms/signer.pem b/demos/cms/signer.pem index bac16ba..4bbf7a6 100644 --- a/demos/cms/signer.pem +++ b/demos/cms/signer.pem @@ -1,32 +1,52 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3 -WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT -TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl -bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz -jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L -ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y -gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 -2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX -MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn -+Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv -lDiQlgX0JtmLgA== +MIIELDCCApSgAwIBAgIIcsOElVeHzfQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDExIDAeBgkqhkiG9w0BCQEWEXRlc3QxQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vvSgaL1 +byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhhNo6SK1Mp8daQ0MZoMzbT1aKp +JTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6rirB390fuL4qt5PiAb571QFtu +L8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk5K37QYKaAB6ItWR5KhjiAuDt +zsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WWh+idKErtmYSinmhE0H7+yoJB +s1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+RjCgK8cRSCpg6VQr+ZTii6k7C +m9CP81QhUoV3QwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUg1DE7OaNqMQQ +8Z1bvjhnlisxfsMwHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAGxAivCwPsAYmMZfVJTELWNNMBzKzmeRvrp6k/6S74Pw +LDEhTnslCV4U1gTSd3nQ+LRm1fkzxLA12A/rlqN51P8B+hyVSMN9dj54YUcFd+KO +XhkSDrSpph6hRqGy8zqELzlb1Q8yoIBclEmyv+CkXMrpnm+4JL4kzyj/iBRkZTDz +ns15jJD9KHgrOnclaoDRkOT6lGbsd3j+aviKEj8ZILufSMw+W2YORy3nSAencjbO +ezivVujqm+pjkfqdCS1HcFB7LhQEILfFqkssw8YmtJVrM9LF8VIcqueXbVZmeS/1 +QV5B7OEmtsM+NkoLF5ldWdPQvmftbShh+AAlpcsmqiRefQgA3aQn6YOnOHnnQwgB +oQRNjQXsjgxV4t2HFYpwkK41kx4HToVGciPNMkndzfY/GJmgXsXfB6/AfUfhLTDv +tbws1MZhaCNOffw3/SVS2nLREMFCGn5uAgNkqssWqeWJu3910XF640tqPBj5YGFc +fykwWNhG5xS04EHpztgKdQ== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm -1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH -Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB -AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG -mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o -wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx -04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55 -qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc -YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY -sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4 -4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid -7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5 -xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw= +MIIEpQIBAAKCAQEA1vvSgaL1byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhh +No6SK1Mp8daQ0MZoMzbT1aKpJTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6r +irB390fuL4qt5PiAb571QFtuL8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk +5K37QYKaAB6ItWR5KhjiAuDtzsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WW +h+idKErtmYSinmhE0H7+yoJBs1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+R +jCgK8cRSCpg6VQr+ZTii6k7Cm9CP81QhUoV3QwIDAQABAoIBAQC6LCWmIisNcmgK +RmOvbszKc0sYYj7eOGl8EgbHR2xUA2hNNk4pYtnuLvzZ84hBZDCEeWyFS3HTRuql +z/QhDl6mc1k0pXtsXkNHQlIamksbVvHPnzIKzrt1J5N7FEt3SERhZXTZoNQRB6di +k7qdK+YmhdZtucnt0GrPisaJaf0yU/EjLuX+MU/0Xrc23lVhR3yqYhaOhWvrxTHM +evykI0kOL+gU58eN2eWE4ELjS2z+njKDqcEyeIy00FdBAtCoKjMsWpRytKNmcFm9 +LdtMmizskF8VS3+XsDbkseIODx1xJ65IFmHHMV2xLG5/+bQppkB8JuE3EDrtFiUJ +lGdfmBlxAoGBAP3Asg0drdunv7imeEOGpyj5JwF1hCVQ71IBGdqTr3aPqOlDH/io +up7t+VBuSLqj1P20HygNjow+ALw/Ko+a0icodg7QA2Co0/RiBwa+u2SgpYDqC9Kt +KIdRcv+NXkhXF/DLIn0jJvI53OtKsbgTv/C+aCipblofnO9sF4AhShq1AoGBANjj +Ou0czloNORbk3qAxLi4b5P/YOyZBJDa0zijFdD1jImfOeyNFXeg2ID+8ZjDkP/eP +pLy/Gt/8bVb+O+9wMOho3kWKZBN3O2VsLJYakAehDsC5ax7i2HtEqg1L1krW2duS +POiKg3qNjETM30zTA4pHwkNAETIktResze7SRm0XAoGABH7KaLMS5mZFXjcMwF19 +TpuDVmJHkgWqB7DfTWD6ZcZLvr4irdwHWlNq7ELX5P6MAmaTerkqwk9C4hLYZSzf +9jOgS8jhlm/HOXgXGcZ9OV4jMHJ0/Sl2I1eNCvvtJKjuUqS2mrLpuLbPtBdhqJoo +91HYNIgz3ULcG921WN6+GlUCgYEA066T6LDgxgt52NpwXrEhfWdETmDg+ilCCxLU +0/5DwVZsUhy5Gmeti+Kn/w0GQFnGBP1xr7ZlqI9auDlSjhNV6L/RkNXNbyJEGm1F +5wrt4ERVfcx6vJ5y43zU7D1EXa7s2t0UDXKDeK2GZe//UZ/yKJh5BeIV5nblOMI0 +DA+3JOkCgYEA80QGLjGlCvxKceVbuohbIZ1+/EoXPq993ER9S8D2MTGATsEcygtF +rM8JcHTv75sjycqu68BAQr1Z5qwwrMyY0vWVEorKzvAXEWolC67asR4cDutOd+qy +WlEIyojX45GwHCHpcbVRiGRWuj3kwkc+WzdgusBoAJrPCigES/Cr8uA= -----END RSA PRIVATE KEY----- diff --git a/demos/cms/signer2.pem b/demos/cms/signer2.pem index 25e23d1..5282729 100644 --- a/demos/cms/signer2.pem +++ b/demos/cms/signer2.pem @@ -1,32 +1,52 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0 -WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT -TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl -bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ -jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW -ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW -GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 -2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X -h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4 -aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR -2aX6rl2JEuJ5Yg== +MIIELDCCApSgAwIBAgIIcsOElVeHzfUwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDIxIDAeBgkqhkiG9w0BCQEWEXRlc3QyQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ledrM9R +3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjDAY5KswavKKa3vZxoUz2omNSg +4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr2DCdCdbRhCWoiS/ba5tKIhlb +gFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjDKhUi0ukVDYHDd9+FtNM3H1t3 +AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsEyzKesft3NFd1AcVY9W5MRCK4 +lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzALyT0LXNx6w3kSfx0TLdNjXLD +O9a2dzwhHhPtCQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYJEUXnMb/ux0 +WrzSh+bnhpi6GS0wHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAFbrwfsSciDFI97c7oqS8jtxOSa3c4B7xhmcgUkYCiaD +7mbZuqTUf4ltJJZXP/TJ44fhL0zVAvRXSXw1LE3YvLGOlBc6dM3D7DyL5pfUTUBY +ICt+NLfG5iHtkiZPPSfK2t5f4UGFwU/ERT62sLu4keLI5igi9J2jKSykN3u5SQ3s +Zsennow5zUsFkcz9hkB4RczlHRogA0SgVhELQbN1nYIqJJDRFZL+CmarDRTFMilk +7dXCacw6xt9vIc3ZXO+pu2g1ezgSPwOoUykQcL3UhAEIIyt+TRe3fafh5TXwd8tr +FAecAuz5Mqsmek5nEW9ZeYmxNz5VFwc4F61y4xFj7lI0frLCCAu3gVoqiQrW+WwR +e27z1Nm4uUcduFqj45Pu2eTyV3LZtLUbFvL5ZSPUCSk1wVmC2otX8ksFDDTO1rIy +l5Qd1g1P8bLuj8NG98J2zVOabtaxYCAIBPZ3dUh2eNrPKoLAvrgKh1MH+K2Eh5Oy +z1T4Eu+e5Kq/uQkZpI5QzA== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM -nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f -nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB -AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF -6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2 -CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf -m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX -2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr -upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4 -ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL -SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk -gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX -pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A= +MIIEogIBAAKCAQEA1ledrM9R3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjD +AY5KswavKKa3vZxoUz2omNSg4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr +2DCdCdbRhCWoiS/ba5tKIhlbgFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjD +KhUi0ukVDYHDd9+FtNM3H1t3AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsE +yzKesft3NFd1AcVY9W5MRCK4lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzA +LyT0LXNx6w3kSfx0TLdNjXLDO9a2dzwhHhPtCQIDAQABAoIBAGMEGJfTMiwS+979 +ph3GeJjRGO0JQAk1TYiDvcpbZiItJg9YSOV4GTP4u4PY+HqEPYFus2relu/mx2Iy +4kb9zCqNLmvSQ67M8pdrSJ093pEPJlvAPbmiQ3lfHmyghOnTDNb55tY3xphVZQmI +I7HxM9ydO4skva6NXNgGwLDvYBFc6z6d95ai/WEFWHOt5Mt7OVOWAHQ0lAOofWLA +2BwKmrQnCwMvm1TMoKaAU/ngTToUGBMIN1HwRcY6qDraZte5o3EDRABHB78OHrSu +I/Eoi//5C8A7iZ5Y189lMbahIN6xVMwHwwIqLptTV2GNZOKSiIXnM06vIf4CPZKl +3VlwBgECgYEA/BKnn23KtefA906QNkrIOXASLEE1T77NlTYIRDTsUoz6XTVSvOCI +ARxdsoLwFko5ICMhti9S/1G/MYH0BoJN8rbzvjmZDfwF612p0AYALyBlRgW+ID9L +41CJQcLWxeiQd/GcrUZmudVNUGXa8nsNHmFleGLchXeqU7M6fljJOkECgYEA2a56 +yvYQgMF/SIPkxU1+WcQC6+JGc+ax220/lysBsDb4SkXomfGtFWbenxwamuQu+n67 +DJWi9oJIi9Vj4eKOXS6vjCAkYeLgCpK6S26frPtxJuZwl/lF7mFl8Z4ZnJeiFJ4h +AXt5r9vqnOZtCnLqRRAlqF5OswWgv/mhJ6jpMMkCgYBMPaAxWlXLexMkOcDoiunQ +ZZM5i2eCfSVVEgiiCJfJyBYZhv1FX2wDWf8E9RGEzGJG1BloLxwdWS5I3RNfvJ2y +4Z8LVAR09Fsd+zBXWNlJZ7T53tbIjhx33m4FU9b9+P9pJ8zJo9eCMX+253e3i3xG +ShMUvGIShEUiF72DZXtHgQKBgDi867CfNmn5BW4nQqfSrQ5EsuY80lQ/WzhwX1TN +luERUuI5GomVnqGncHtUXfLlawFLqwF6t0E9cB9SfXhRDv5mvsbtUc5Zzj+zQu+K +ZAA4gaO8CLjz9jBOHr49kTtpootxM/Uo8+zMi3hd7yn8Def2b3pVKnorC10+eazW +sAFRAoGAet6fQbQD+4vZ1oukZcZhmVlIWTSZJ1vAGCcT/3E40pqpPY+Ho56Lcwh0 +9f4TAykuGwFgqvZvR8yD2gpuISYGYplWqa1N6qxMaiVzmY5q1XW+O74xRH5Kz5fr +D+3j2x4EiyG7AYyZMOphDtBd/TSQQMYmGW6PiyM9ceIVnDK1Dd4= -----END RSA PRIVATE KEY----- diff --git a/demos/smime/cacert.pem b/demos/smime/cacert.pem index 75cbb34..1949fc3 100644 --- a/demos/smime/cacert.pem +++ b/demos/smime/cacert.pem @@ -1,18 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3 -WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD -aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN -RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz -i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR -ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT -jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx -CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B -SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD -VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB -ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc -G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo -u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF -1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw== +MIIFBjCCA26gAwIBAgIUM/WihZJZUTZvqoyNaUlp59DOaWYwDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwN +T3BlblNTTCBHcm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0x +ODA2MTQxMjQ2MjhaGA8yMTE4MDYxNDEyNDYyOFowVzELMAkGA1UEBhMCVUsxEjAQ +BgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91cDEcMBoGA1UE +AwwTVGVzdCBTL01JTUUgUm9vdCBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC +AYoCggGBAMzxOVHZFVxN9XQIVW3y1bK5ir3jKpKkU6zKrw8MdRvm233eqWSOYJvs +3rgdT59iv+CaPcBT5offbP0eH43H96CubJji/vQLMUzc/cLrJuCbLHREbSCsFNpf +lYw5mkT98dCFV66HuN6Nwqi5kW8TxGSXkD4OZqklbbicrXoXh5qhREID5hgbrijy +BiIHyp6bDq5zUCcmHP/Gdw2aTMEQZNsdw4MavtB65vI7dYxo2zEzdmJ3NnjlG7qZ +6Od6V4IW8yRAK9GLj0TUCZl28pq6rNio+F5Lst3clX9PDxh7LphNrXXYiHjXp2Kn +LZbOnz1SJSmCeisy/EFN6fRtwdwqcM1AcKNBU+UqFq0Mv0sgNdRwghYWGQht0mT9 ++Pg5HxTzDlOOmBT1kAduxJNLiRQlgysPDN94Os0EpzJyA87Z6yJRGvYGZ5mrdfx2 +8p6bHptf46h1WzCX4wDy2J86y+odgWMnSkmF9h8ySj66rgmLrz40n+mDm8bhUblK +AV8IqN8WmQIDAQABo4HHMIHEMB0GA1UdDgQWBBSkmMaBYQPTEGcqe1maU2IDOMLQ +ezCBlAYDVR0jBIGMMIGJgBSkmMaBYQPTEGcqe1maU2IDOMLQe6FbpFkwVzELMAkG +A1UEBhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBH +cm91cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQYIUM/WihZJZUTZvqoyN +aUlp59DOaWYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAqP1CQRGM +roHvk6dhI4ElNae5seRdSQNTtwAhlP1RoSoFz8xybMgDksKE07t77gDsKvU2SuXV +fdICqVpjpN9cRYKM6VmiREdU6OGsPQ74u4sOg4cT/tuou0RsD/uQaznb5NOvo2T0 +8rmX0Ai3+lbEuMBCaGNU0KYJifYy4QrSqEapq4W3NbqH85msOiKHEDh1vz9IWz6z +WKjdv9lst56XuLTZrJ/O0T0qD6aMXyqK6ZART/FELjDXc+9Ey4TH+msOEKq0uQWt +y7Grfmz52dTnAjBw+6/ggE9sA8Wo6DhwbEUaOA9BB5YP+XWsIkUUbiVHU7D8TyiE +KHt2DkaWvjl1/RdtzQUO/vGI4yuFTZfLf23KcwgtHJI3JxLNAMLM3I2jmoWhKm/d +GkVYsGH1GWonv0UTv/TKlOXaTYWK9fQVoYkFc+FrwUd2lev5FizJNigL9qatGyRZ +giJmWWlf0bMMIxwWZzQswxLyKdkNlvkKf9T6BjEmGLeOHZCn0x2sOyUi -----END CERTIFICATE----- diff --git a/demos/smime/cakey.pem b/demos/smime/cakey.pem index 3b53c5e..486c975 100644 --- a/demos/smime/cakey.pem +++ b/demos/smime/cakey.pem @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd -c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3 -dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB -AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5 -HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs -tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS -rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18 -9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u -jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is -uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU -+VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP -wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW -8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg== +MIIG5QIBAAKCAYEAzPE5UdkVXE31dAhVbfLVsrmKveMqkqRTrMqvDwx1G+bbfd6p +ZI5gm+zeuB1Pn2K/4Jo9wFPmh99s/R4fjcf3oK5smOL+9AsxTNz9wusm4JssdERt +IKwU2l+VjDmaRP3x0IVXroe43o3CqLmRbxPEZJeQPg5mqSVtuJyteheHmqFEQgPm +GBuuKPIGIgfKnpsOrnNQJyYc/8Z3DZpMwRBk2x3Dgxq+0Hrm8jt1jGjbMTN2Ync2 +eOUbupno53pXghbzJEAr0YuPRNQJmXbymrqs2Kj4Xkuy3dyVf08PGHsumE2tddiI +eNenYqctls6fPVIlKYJ6KzL8QU3p9G3B3CpwzUBwo0FT5SoWrQy/SyA11HCCFhYZ +CG3SZP34+DkfFPMOU46YFPWQB27Ek0uJFCWDKw8M33g6zQSnMnIDztnrIlEa9gZn +mat1/Hbynpsem1/jqHVbMJfjAPLYnzrL6h2BYydKSYX2HzJKPrquCYuvPjSf6YOb +xuFRuUoBXwio3xaZAgMBAAECggGBAJrqILzozke2ujpablEtBTITJHgC9lRgmMt9 +bjR+4ysTJ4kOvZbANPDIbVZY+a3uVEIv9UujYBgG4Hi4w3tF074G+xnaRIQuzbZf +OgaUABA527GLY74VtbGYHRAhHqbWGmrX0H6iIzE/kQw/MVr4YzTyiFsQQbPMEhNB +g7RNgvh0vIb2MYC5s71JrS8eGqAnb0KY8daV7ce9upJyt2Acx1AGQJqipegrbtVd +8q4PONkJIIyvtmJONNaprq8DAJDaTNdcZu7f7mymF5UFpp4Lh6raAvOZAZjgkPYW +PsX2uMAsYchXTmSDGOHNafqeyTS0UEaw6FRhpxzMoSxRXX4/RhjeShadYwHxbh7s +UwFU7S9EWlj8CjgGs00KFM1eMV0sEYsL8sRf7ZiWM5XJsmXKbRZjA5V+7OoSGElB +zJcERK6NFCISijApZlVveEVZS0qESivKd9bspOzbMdoJyjBW1LZdMH85YIwM8Dox +VqGR0QD3UP8RpZBRwTiFenqOpwARnQKBwQD1NBGcTxLLUUluEBG/TD9KM5sCnkm8 +cn5RomwTeBrUr9SXOJuUPa8RNLrAeosuWCrx9JkF25IBExQbbs1NRHuziOIOyI0+ +hvqP85zJln7kUDtiDMFfUdS8Q6PF3b3wJl6cbipowWwsahvUSkx3W8UWrzZHsvrO +LBtvEZdwetNWN50FK040uM6y/x71xfvUhlKBsuZBgDFU9aXJZAGpkCklZnByURN6 +LZudDQETdYo7/X8qqPlcHwHStGj9YXg/e38CgcEA1fdVA6s+KlRUGRTUDaUFPDji +MciTcvA3teXJWNAsFWd71oLT5eQNI50afF242ikTT6JuXFH0mMYKoVe/LFo7m2mf +uLcW4yM/FiKTkhnBQGm7KNqyvXB0T0DWTDSeS7hTzD6KjuJPf7JVH5I4In8jSKJd +3mzTA9keIosnxjX7EOsZNQd0+MKaJYHnvJsxYaoT9FXoONuyzQu96TQ8Q+fkVHXh +I/ENAw0qfoJ5mw5dQnU2UtjP6cSNVQ9Rsr48GNnnAoHBAJcI65AMZNc3yrMw0r2y +iYl7IBAMz/5zx7shANE9OcmoRJqhE7PMCvneMOo+kVyKkmlW8KrbBKQEzG3ZYjwl +4sxDlHrmrZnGKrBgrkK9oIuhn/JVSQcdsJwGTeqjG0vBVqWkdhrwiWESOvIYkeEz +dcLzScwAQtyb7ooLm+x8u5Bv0RhOBG4VJ7y5yKg6u1O9KTUarRnLjJd4eBYEs8Fu +Oun+n2TK6+RmE2Q5jmAeFne9PYdZbb+Ame7fkYwBbcAsoQKBwQC1KHQSZyp7LGsH +0Vq5Mr77/i2FeQ1eg4SnvaZ8S8UHWla/iIVgX3XAcYO7SJ76F00CX8SQ5dLyhrr5 +YBG8u6k8LHHPMzVtmqoPU7cePDAjGWIddQ1g15WihILsgqCD+8z3YPxvfa1RsOvh +jyt4Ca0WEmLnr7v5xhp9pNRIPewUpvjwrR+cfyeEGjjat4tX5Wh/tzym51y7vvVM +Pa3I0M3BtQyqIa2ip8MS2eWcIs1TN2qHOorOolwHaLEDZY38fIECgcAKns98A2G3 +tLvZaDZlVsJWZsdSDUrFCKvx9QbTZHbyOL5JU/8TgLBgfOgV2yxLXn9Pq+0Quvb2 +EjaFuA3GKOFi50WtfwR6Yo1DaFcx5n0bDShnaHOF+dUi0BVQd2V1DsqAwF5/Eh3A +lX+XuWeSam4/91WhmNMCZpfYv0GErs4ZBHHsl54jmvrrjbhg/efUvpWKi/9vlKm+ ++ITH+nG1xCnyEEVZ+vm9Qq57lCLBZGyGT4PetllpsRrGcdO4/gfK8lY= -----END RSA PRIVATE KEY----- diff --git a/demos/smime/signer.pem b/demos/smime/signer.pem index bac16ba..4bbf7a6 100644 --- a/demos/smime/signer.pem +++ b/demos/smime/signer.pem @@ -1,32 +1,52 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3 -WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT -TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl -bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz -jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L -ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y -gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 -2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX -MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn -+Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv -lDiQlgX0JtmLgA== +MIIELDCCApSgAwIBAgIIcsOElVeHzfQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDExIDAeBgkqhkiG9w0BCQEWEXRlc3QxQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vvSgaL1 +byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhhNo6SK1Mp8daQ0MZoMzbT1aKp +JTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6rirB390fuL4qt5PiAb571QFtu +L8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk5K37QYKaAB6ItWR5KhjiAuDt +zsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WWh+idKErtmYSinmhE0H7+yoJB +s1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+RjCgK8cRSCpg6VQr+ZTii6k7C +m9CP81QhUoV3QwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUg1DE7OaNqMQQ +8Z1bvjhnlisxfsMwHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAGxAivCwPsAYmMZfVJTELWNNMBzKzmeRvrp6k/6S74Pw +LDEhTnslCV4U1gTSd3nQ+LRm1fkzxLA12A/rlqN51P8B+hyVSMN9dj54YUcFd+KO +XhkSDrSpph6hRqGy8zqELzlb1Q8yoIBclEmyv+CkXMrpnm+4JL4kzyj/iBRkZTDz +ns15jJD9KHgrOnclaoDRkOT6lGbsd3j+aviKEj8ZILufSMw+W2YORy3nSAencjbO +ezivVujqm+pjkfqdCS1HcFB7LhQEILfFqkssw8YmtJVrM9LF8VIcqueXbVZmeS/1 +QV5B7OEmtsM+NkoLF5ldWdPQvmftbShh+AAlpcsmqiRefQgA3aQn6YOnOHnnQwgB +oQRNjQXsjgxV4t2HFYpwkK41kx4HToVGciPNMkndzfY/GJmgXsXfB6/AfUfhLTDv +tbws1MZhaCNOffw3/SVS2nLREMFCGn5uAgNkqssWqeWJu3910XF640tqPBj5YGFc +fykwWNhG5xS04EHpztgKdQ== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm -1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH -Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB -AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG -mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o -wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx -04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55 -qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc -YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY -sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4 -4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid -7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5 -xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw= +MIIEpQIBAAKCAQEA1vvSgaL1byi9AE8Ep3v7Yv36JxYywaZhUy8dEFRiYn6NsVhh +No6SK1Mp8daQ0MZoMzbT1aKpJTLTgDJZHit2t1d6l3aWJG+cbcLua+XKowaZjj6r +irB390fuL4qt5PiAb571QFtuL8apcydwGEdkaPRuCnvctN8VcZPTKh+M8VEESyxk +5K37QYKaAB6ItWR5KhjiAuDtzsJbjEtOvGtmu2FRCU47GzfkdjYo7tY38WTY+2WW +h+idKErtmYSinmhE0H7+yoJBs1VCI+cq5tVW+oEO9HF4vEDEUykEFFPsCEkIWM+R +jCgK8cRSCpg6VQr+ZTii6k7Cm9CP81QhUoV3QwIDAQABAoIBAQC6LCWmIisNcmgK +RmOvbszKc0sYYj7eOGl8EgbHR2xUA2hNNk4pYtnuLvzZ84hBZDCEeWyFS3HTRuql +z/QhDl6mc1k0pXtsXkNHQlIamksbVvHPnzIKzrt1J5N7FEt3SERhZXTZoNQRB6di +k7qdK+YmhdZtucnt0GrPisaJaf0yU/EjLuX+MU/0Xrc23lVhR3yqYhaOhWvrxTHM +evykI0kOL+gU58eN2eWE4ELjS2z+njKDqcEyeIy00FdBAtCoKjMsWpRytKNmcFm9 +LdtMmizskF8VS3+XsDbkseIODx1xJ65IFmHHMV2xLG5/+bQppkB8JuE3EDrtFiUJ +lGdfmBlxAoGBAP3Asg0drdunv7imeEOGpyj5JwF1hCVQ71IBGdqTr3aPqOlDH/io +up7t+VBuSLqj1P20HygNjow+ALw/Ko+a0icodg7QA2Co0/RiBwa+u2SgpYDqC9Kt +KIdRcv+NXkhXF/DLIn0jJvI53OtKsbgTv/C+aCipblofnO9sF4AhShq1AoGBANjj +Ou0czloNORbk3qAxLi4b5P/YOyZBJDa0zijFdD1jImfOeyNFXeg2ID+8ZjDkP/eP +pLy/Gt/8bVb+O+9wMOho3kWKZBN3O2VsLJYakAehDsC5ax7i2HtEqg1L1krW2duS +POiKg3qNjETM30zTA4pHwkNAETIktResze7SRm0XAoGABH7KaLMS5mZFXjcMwF19 +TpuDVmJHkgWqB7DfTWD6ZcZLvr4irdwHWlNq7ELX5P6MAmaTerkqwk9C4hLYZSzf +9jOgS8jhlm/HOXgXGcZ9OV4jMHJ0/Sl2I1eNCvvtJKjuUqS2mrLpuLbPtBdhqJoo +91HYNIgz3ULcG921WN6+GlUCgYEA066T6LDgxgt52NpwXrEhfWdETmDg+ilCCxLU +0/5DwVZsUhy5Gmeti+Kn/w0GQFnGBP1xr7ZlqI9auDlSjhNV6L/RkNXNbyJEGm1F +5wrt4ERVfcx6vJ5y43zU7D1EXa7s2t0UDXKDeK2GZe//UZ/yKJh5BeIV5nblOMI0 +DA+3JOkCgYEA80QGLjGlCvxKceVbuohbIZ1+/EoXPq993ER9S8D2MTGATsEcygtF +rM8JcHTv75sjycqu68BAQr1Z5qwwrMyY0vWVEorKzvAXEWolC67asR4cDutOd+qy +WlEIyojX45GwHCHpcbVRiGRWuj3kwkc+WzdgusBoAJrPCigES/Cr8uA= -----END RSA PRIVATE KEY----- diff --git a/demos/smime/signer2.pem b/demos/smime/signer2.pem index 25e23d1..5282729 100644 --- a/demos/smime/signer2.pem +++ b/demos/smime/signer2.pem @@ -1,32 +1,52 @@ -----BEGIN CERTIFICATE----- -MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV -BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv -dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0 -WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT -TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl -bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ -jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW -ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW -GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 -2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X -h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4 -aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR -2aX6rl2JEuJ5Yg== +MIIELDCCApSgAwIBAgIIcsOElVeHzfUwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE +BhMCVUsxEjAQBgNVBAcMCVRlc3QgQ2l0eTEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEcMBoGA1UEAwwTVGVzdCBTL01JTUUgUm9vdCBDQTAgFw0xODA2MTQxMjQ2Mjha +GA8yMTE4MDYxNDEyNDYyOFowVjELMAkGA1UEBhMCVUsxJTAjBgNVBAMMHE9wZW5T +U0wgdGVzdCBTL01JTUUgc2lnbmVyIDIxIDAeBgkqhkiG9w0BCQEWEXRlc3QyQG9w +ZW5zc2wub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ledrM9R +3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjDAY5KswavKKa3vZxoUz2omNSg +4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr2DCdCdbRhCWoiS/ba5tKIhlb +gFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjDKhUi0ukVDYHDd9+FtNM3H1t3 +AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsEyzKesft3NFd1AcVY9W5MRCK4 +lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzALyT0LXNx6w3kSfx0TLdNjXLD +O9a2dzwhHhPtCQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P +cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYJEUXnMb/ux0 +WrzSh+bnhpi6GS0wHwYDVR0jBBgwFoAUpJjGgWED0xBnKntZmlNiAzjC0HswDQYJ +KoZIhvcNAQELBQADggGBAFbrwfsSciDFI97c7oqS8jtxOSa3c4B7xhmcgUkYCiaD +7mbZuqTUf4ltJJZXP/TJ44fhL0zVAvRXSXw1LE3YvLGOlBc6dM3D7DyL5pfUTUBY +ICt+NLfG5iHtkiZPPSfK2t5f4UGFwU/ERT62sLu4keLI5igi9J2jKSykN3u5SQ3s +Zsennow5zUsFkcz9hkB4RczlHRogA0SgVhELQbN1nYIqJJDRFZL+CmarDRTFMilk +7dXCacw6xt9vIc3ZXO+pu2g1ezgSPwOoUykQcL3UhAEIIyt+TRe3fafh5TXwd8tr +FAecAuz5Mqsmek5nEW9ZeYmxNz5VFwc4F61y4xFj7lI0frLCCAu3gVoqiQrW+WwR +e27z1Nm4uUcduFqj45Pu2eTyV3LZtLUbFvL5ZSPUCSk1wVmC2otX8ksFDDTO1rIy +l5Qd1g1P8bLuj8NG98J2zVOabtaxYCAIBPZ3dUh2eNrPKoLAvrgKh1MH+K2Eh5Oy +z1T4Eu+e5Kq/uQkZpI5QzA== -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM -nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f -nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB -AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF -6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2 -CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf -m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX -2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr -upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4 -ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL -SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk -gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX -pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A= +MIIEogIBAAKCAQEA1ledrM9R3x3bZypZAEi00DJYAmLS5F6Gg3+xpjE745UWKrjD +AY5KswavKKa3vZxoUz2omNSg4nYfLSowq7AI3VnZ8LwNo8lAeo7AX9elrsmzQzhr +2DCdCdbRhCWoiS/ba5tKIhlbgFnP+pB8jhC9qZuQJkpVaivywMW8rA9DRbeDcQjD +KhUi0ukVDYHDd9+FtNM3H1t3AUGWBecjWYa4hXC3CsH3+cFBZKjAepL74hqiEfsE +yzKesft3NFd1AcVY9W5MRCK4lUFiDbBtIgPkvPJeoEs/kFp3+OvJFDwi4K4Z6XzA +LyT0LXNx6w3kSfx0TLdNjXLDO9a2dzwhHhPtCQIDAQABAoIBAGMEGJfTMiwS+979 +ph3GeJjRGO0JQAk1TYiDvcpbZiItJg9YSOV4GTP4u4PY+HqEPYFus2relu/mx2Iy +4kb9zCqNLmvSQ67M8pdrSJ093pEPJlvAPbmiQ3lfHmyghOnTDNb55tY3xphVZQmI +I7HxM9ydO4skva6NXNgGwLDvYBFc6z6d95ai/WEFWHOt5Mt7OVOWAHQ0lAOofWLA +2BwKmrQnCwMvm1TMoKaAU/ngTToUGBMIN1HwRcY6qDraZte5o3EDRABHB78OHrSu +I/Eoi//5C8A7iZ5Y189lMbahIN6xVMwHwwIqLptTV2GNZOKSiIXnM06vIf4CPZKl +3VlwBgECgYEA/BKnn23KtefA906QNkrIOXASLEE1T77NlTYIRDTsUoz6XTVSvOCI +ARxdsoLwFko5ICMhti9S/1G/MYH0BoJN8rbzvjmZDfwF612p0AYALyBlRgW+ID9L +41CJQcLWxeiQd/GcrUZmudVNUGXa8nsNHmFleGLchXeqU7M6fljJOkECgYEA2a56 +yvYQgMF/SIPkxU1+WcQC6+JGc+ax220/lysBsDb4SkXomfGtFWbenxwamuQu+n67 +DJWi9oJIi9Vj4eKOXS6vjCAkYeLgCpK6S26frPtxJuZwl/lF7mFl8Z4ZnJeiFJ4h +AXt5r9vqnOZtCnLqRRAlqF5OswWgv/mhJ6jpMMkCgYBMPaAxWlXLexMkOcDoiunQ +ZZM5i2eCfSVVEgiiCJfJyBYZhv1FX2wDWf8E9RGEzGJG1BloLxwdWS5I3RNfvJ2y +4Z8LVAR09Fsd+zBXWNlJZ7T53tbIjhx33m4FU9b9+P9pJ8zJo9eCMX+253e3i3xG +ShMUvGIShEUiF72DZXtHgQKBgDi867CfNmn5BW4nQqfSrQ5EsuY80lQ/WzhwX1TN +luERUuI5GomVnqGncHtUXfLlawFLqwF6t0E9cB9SfXhRDv5mvsbtUc5Zzj+zQu+K +ZAA4gaO8CLjz9jBOHr49kTtpootxM/Uo8+zMi3hd7yn8Def2b3pVKnorC10+eazW +sAFRAoGAet6fQbQD+4vZ1oukZcZhmVlIWTSZJ1vAGCcT/3E40pqpPY+Ho56Lcwh0 +9f4TAykuGwFgqvZvR8yD2gpuISYGYplWqa1N6qxMaiVzmY5q1XW+O74xRH5Kz5fr +D+3j2x4EiyG7AYyZMOphDtBd/TSQQMYmGW6PiyM9ceIVnDK1Dd4= -----END RSA PRIVATE KEY----- From paul.dale at oracle.com Fri Jun 15 00:37:28 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Fri, 15 Jun 2018 00:37:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529023048.754486.11743.nullmailer@dev.openssl.org> The branch master has been updated via 86a92bcb13a843f820fae7f1a4c78a6e654fe069 (commit) from 741f0c32b55e06208fba9a72497a017bdee8737c (commit) - Log ----------------------------------------------------------------- commit 86a92bcb13a843f820fae7f1a4c78a6e654fe069 Author: Eric S. Raymond Date: Thu Jun 14 20:16:45 2018 -0400 Repair broken C syntax (missing close parens) in a manual page. Reviewed-by: Rich Salz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6491) ----------------------------------------------------------------------- Summary of changes: doc/man3/OPENSSL_LH_COMPFUNC.pod | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index 06908a4..2064040 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -19,13 +19,13 @@ lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error - dynamic hash table DECLARE_LHASH_OF(TYPE); LHASH *lh_TYPE_new(); - void lh_TYPE_free(LHASH_OF(TYPE *table); + void lh_TYPE_free(LHASH_OF(TYPE) *table); - TYPE *lh_TYPE_insert(LHASH_OF(TYPE *table, TYPE *data); - TYPE *lh_TYPE_delete(LHASH_OF(TYPE *table, TYPE *data); - TYPE *lh_retrieve(LHASH_OFTYPE *table, TYPE *data); + TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); + TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); + TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); - void lh_TYPE_doall(LHASH_OF(TYPE *table, OPENSSL_LH_DOALL_FUNC func); + void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, TYPE, TYPE *arg); From matthias.st.pierre at ncp-e.com Fri Jun 15 06:14:12 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 15 Jun 2018 06:14:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529043252.924999.13550.nullmailer@dev.openssl.org> The branch master has been updated via 748eb991f49585a609ec65b0d8d26835a2911045 (commit) from 86a92bcb13a843f820fae7f1a4c78a6e654fe069 (commit) - Log ----------------------------------------------------------------- commit 748eb991f49585a609ec65b0d8d26835a2911045 Author: Dr. Matthias St. Pierre Date: Tue Jun 5 23:22:06 2018 +0200 RAND_POOL: Add missing implementations for djgpp Calling the functions rand_pool_add_{additional,nonce}_data() in crypto/rand/rand_lib.c with no implementation for djgpp/MSDOS causees unresolved symbols when linking with djgpp. Reported and fixed by Gisle Vanem Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6421) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 7989081..fafa359 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -27,7 +27,8 @@ #if defined(__OpenBSD__) || defined(__NetBSD__) # include #endif -#ifdef OPENSSL_SYS_UNIX + +#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) # include # include # include @@ -70,7 +71,7 @@ static uint64_t get_timer_bits(void); # define OSSL_POSIX_TIMER_OKAY # endif # endif -#endif +#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ int syscall_random(void *buf, size_t buflen); @@ -392,7 +393,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # endif #endif -#ifdef OPENSSL_SYS_UNIX +#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) int rand_pool_add_nonce_data(RAND_POOL *pool) { struct { @@ -512,4 +513,4 @@ static uint64_t get_timer_bits(void) # endif return time(NULL); } -#endif +#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ From bernd.edlinger at hotmail.de Fri Jun 15 15:33:07 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 15 Jun 2018 15:33:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529076787.789717.4508.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 1eeb882e3309eac9248e6b998fcb8a0fef42126b (commit) from 0c27d793745c7837b13646302b6890a556b7017a (commit) - Log ----------------------------------------------------------------- commit 1eeb882e3309eac9248e6b998fcb8a0fef42126b Author: Bernd Edlinger Date: Tue Apr 3 23:47:10 2018 +0200 Backport of commit 6b49b30811f4afa0340342af9400b8d0357b5291 Prevent a possible recursion in ERR_get_state and fix the problem that was pointed out in commit aef84bb4efbddfd95d042f3f5f1d362ed7d4faeb differently. Fixes: #6493 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6494) ----------------------------------------------------------------------- Summary of changes: crypto/err/err.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 06f16d3..dfbf5cd 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -662,24 +662,23 @@ ERR_STATE *ERR_get_state(void) if (!RUN_ONCE(&err_init, err_do_init)) return NULL; - /* - * If base OPENSSL_init_crypto() hasn't been called yet, be sure to call - * it now to avoid state to be doubly allocated and thereby leak memory. - * Needed on any platform that doesn't define OPENSSL_USE_NODELETE. - */ - if (!OPENSSL_init_crypto(0, NULL)) - return NULL; - state = CRYPTO_THREAD_get_local(&err_thread_local); + if (state == (ERR_STATE*)-1) + return NULL; if (state == NULL) { - state = OPENSSL_zalloc(sizeof(*state)); - if (state == NULL) + if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) + return NULL; + + if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) { + CRYPTO_THREAD_set_local(&err_thread_local, NULL); return NULL; + } if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE) - || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { + || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { ERR_STATE_free(state); + CRYPTO_THREAD_set_local(&err_thread_local, NULL); return NULL; } From scan-admin at coverity.com Sun Jun 17 07:52:30 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 17 Jun 2018 07:52:30 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b26133d3f028_3dce2ab1dd750f587143e@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2eMNFA2ZnPtfeJoojQ9d6-2FoKq22b4FDukIOyhzwDporhHsAYNCLVIkS0Mtkzd1mPpG-2FUYtQix8cHkCr-2FAiTsBsa4y8nIHlLF8LHwpe1vEYW8OIZHtIC9J0kQpxnKEcN50oP9KjUkaqOoArg0eBBVGTiqV2jo-2BJwKJXU9Kw6Gqnnpmq3BieS3rjJ-2BHgvMGHdz8-3D Build ID: 216056 Analysis Summary: New defects found: 1 Defects eliminated: 0 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6q227lMNIWoOb8ZgSjAjKcg-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2eMNFA2ZnPtfeJoojQ9d6-2FoKq22b4FDukIOyhzwDporpV5gJs99p0i678el20puMDQNpDBOOgnM3ygk26wn9scovxDktBpIWD-2F7vmcNYlj1VYtyDWtgPdmc8SUfQa0B3fE-2B5XHPIeRnlA-2BuTt7LpvQ4DsCmZzQqa6rWXFZtsBaSKVTJPAMwNjLYzOS0gS1Rbc-3D From scan-admin at coverity.com Sun Jun 17 08:19:14 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 17 Jun 2018 08:19:14 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b261981e2e40_4e282ab1dd750f5871417@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0F3bG8sbAS3vywopiLw-2F8PIl0BPgxELpPNvpGGkXZl5zBpdubWWsnxNG8fPFzou2PntP8z92Kt-2FvZC3AT5C-2BWt-2FqXyx-2BogZk60oyOvhpTDCxN87ZX8O4eqkYYOE7w9VV6RkHaCxW6eocw1FNOpkQW9dIhObE2NC81aiZHQ6Aql4UZ1M8FPkWS8knZYuytND1Y-3D Build ID: 216061 Analysis Summary: New defects found: 0 Defects eliminated: 0 From matt at openssl.org Mon Jun 18 09:36:35 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 18 Jun 2018 09:36:35 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1529314595.886230.11766.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via fc4b2bf9ff2c98bd9dde487e41e0eb26664c08ff (commit) from 949ff36623eafc3523a9f91784992965018ffb05 (commit) - Log ----------------------------------------------------------------- commit fc4b2bf9ff2c98bd9dde487e41e0eb26664c08ff Author: Nicola Tuveri Date: Tue Jun 12 16:28:25 2018 +0300 Warn against nonce reuse in DSA_sign_setup() doc Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6465) ----------------------------------------------------------------------- Summary of changes: doc/crypto/DSA_do_sign.pod | 4 ++-- doc/crypto/DSA_sign.pod | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod index 5dfc733..340d195 100644 --- a/doc/crypto/DSA_do_sign.pod +++ b/doc/crypto/DSA_do_sign.pod @@ -20,8 +20,8 @@ digest B using the private key B and returns it in a newly allocated B structure. L may be used to precompute part -of the signing operation in case signature generation is -time-critical. +of the signing operation for each signature in case signature generation +is time-critical. DSA_do_verify() verifies that the signature B matches a given message digest B of size B. B is the signer's public diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod index 97389e8..cd45ec5 100644 --- a/doc/crypto/DSA_sign.pod +++ b/doc/crypto/DSA_sign.pod @@ -31,6 +31,10 @@ in newly allocated Bs at *B and *B, after freeing the old ones unless *B and *B are NULL. These values may be passed to DSA_sign() in Bkinv> and Br>. B is a pre-allocated B or NULL. +The precomputed values from DSA_sign_setup() B for +more than one signature: using the same Bkinv> and +Br> pair twice under the same private key on different +plaintexts will result in permanently exposing the DSA private key. DSA_verify() verifies that the signature B of size B matches a given message digest B of size B. From matt at openssl.org Mon Jun 18 09:51:12 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 18 Jun 2018 09:51:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529315472.228398.13929.nullmailer@dev.openssl.org> The branch master has been updated via 8263e6cb98a1b0067c13250890e4933e390b59e6 (commit) via 49c9c1b3d05782fe76bef2eef8c5224baf843240 (commit) via f2950a46a6217110a7f77b5acfe558a6fb4dfeeb (commit) from 748eb991f49585a609ec65b0d8d26835a2911045 (commit) - Log ----------------------------------------------------------------- commit 8263e6cb98a1b0067c13250890e4933e390b59e6 Author: David von Oheimb Date: Thu May 10 21:15:56 2018 +0200 add cast in test/x509aux.c preventing compiler warning for VC-WIN64A architecture Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6217) commit 49c9c1b3d05782fe76bef2eef8c5224baf843240 Author: David von Oheimb Date: Thu May 10 21:14:12 2018 +0200 add 'unsupported cipher mode' diagnostics to evp_lib.c and genpkey.c Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6217) commit f2950a46a6217110a7f77b5acfe558a6fb4dfeeb Author: David von Oheimb Date: Thu May 10 21:10:03 2018 +0200 remove needless and misleading malloc failure error messages of PKCS12_SAFEBAG_create_pkcs8_encrypt Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6217) ----------------------------------------------------------------------- Summary of changes: apps/genpkey.c | 7 +++++++ crypto/asn1/asn1_err.c | 2 ++ crypto/asn1/p5_pbev2.c | 2 +- crypto/asn1/p5_scrypt.c | 2 +- crypto/cms/cms_pwri.c | 2 +- crypto/err/openssl.txt | 3 +++ crypto/evp/evp_err.c | 4 ++++ crypto/evp/evp_lib.c | 16 ++++++++++++++-- crypto/pkcs12/p12_sbag.c | 12 ++---------- doc/man3/EVP_EncryptInit.pod | 2 +- doc/man3/PKCS12_create.pod | 3 ++- include/openssl/asn1err.h | 1 + include/openssl/evperr.h | 2 ++ test/x509aux.c | 2 +- 14 files changed, 42 insertions(+), 18 deletions(-) diff --git a/apps/genpkey.c b/apps/genpkey.c index ce6de94..39fa73c 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -120,6 +120,13 @@ int genpkey_main(int argc, char **argv) if (!opt_cipher(opt_unknown(), &cipher) || do_param == 1) goto opthelp; + if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE || + EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE || + EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE || + EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE) { + BIO_printf(bio_err, "%s: cipher mode not supported\n", prog); + goto end; + } } } argc = opt_num_rest(); diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 22bf06f..5907c94 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -322,6 +322,8 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), "unsupported any defined by type"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER), + "unsupported cipher"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "unsupported public key type"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index 14e8700..5b65adc 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -78,7 +78,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, /* Dummy cipherinit to just setup the IV, and PRF */ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) goto err; - if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { + if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); goto err; } diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c index 21d74da..1491d96 100644 --- a/crypto/asn1/p5_scrypt.c +++ b/crypto/asn1/p5_scrypt.c @@ -93,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, /* Dummy cipherinit to just setup the IV */ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0) goto err; - if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { + if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); goto err; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index a7e63c7..eac9c2f 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -326,7 +326,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) goto err; EVP_CIPHER_CTX_set_padding(kekctx, 0); - if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) { + if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index bd54c8b..2a9804c 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -716,9 +716,11 @@ EVP_F_DES_EDE3_WRAP_CIPHER:171:des_ede3_wrap_cipher EVP_F_DO_SIGVER_INIT:161:do_sigver_init EVP_F_ENC_NEW:199:enc_new EVP_F_EVP_CIPHERINIT_EX:123:EVP_CipherInit_ex +EVP_F_EVP_CIPHER_ASN1_TO_PARAM:202:EVP_CIPHER_asn1_to_param EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length +EVP_F_EVP_CIPHER_PARAM_TO_ASN1:203:EVP_CIPHER_param_to_asn1 EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF @@ -1831,6 +1833,7 @@ ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE:163:unknown public key type ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM:199:unknown signature algorithm ASN1_R_UNKNOWN_TAG:194:unknown tag ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE:164:unsupported any defined by type +ASN1_R_UNSUPPORTED_CIPHER:228:unsupported cipher ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE:167:unsupported public key type ASN1_R_UNSUPPORTED_TYPE:196:unsupported type ASN1_R_WRONG_INTEGER_TYPE:225:wrong integer type diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 809adff..4403fa5 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -35,12 +35,16 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_DO_SIGVER_INIT, 0), "do_sigver_init"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_ENC_NEW, 0), "enc_new"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_ASN1_TO_PARAM, 0), + "EVP_CIPHER_asn1_to_param"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_COPY, 0), "EVP_CIPHER_CTX_copy"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_CTRL, 0), "EVP_CIPHER_CTX_ctrl"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, 0), "EVP_CIPHER_CTX_set_key_length"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0), + "EVP_CIPHER_param_to_asn1"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0), "EVP_DecryptFinal_ex"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"}, diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index c337dca..8ef3f8e 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -32,7 +32,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) case EVP_CIPH_CCM_MODE: case EVP_CIPH_XTS_MODE: case EVP_CIPH_OCB_MODE: - ret = -1; + ret = -2; break; default: @@ -40,6 +40,12 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) } } else ret = -1; + if (ret <= 0) + EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ret == -2 ? + ASN1_R_UNSUPPORTED_CIPHER : + EVP_R_CIPHER_PARAMETER_ERROR); + if (ret < -1) + ret = -1; return ret; } @@ -60,7 +66,7 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) case EVP_CIPH_CCM_MODE: case EVP_CIPH_XTS_MODE: case EVP_CIPH_OCB_MODE: - ret = -1; + ret = -2; break; default: @@ -69,6 +75,12 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) } } else ret = -1; + if (ret <= 0) + EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, ret == -2 ? + EVP_R_UNSUPPORTED_CIPHER : + EVP_R_CIPHER_PARAMETER_ERROR); + if (ret < -1) + ret = -1; return ret; } diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index 4a3d259..2f1ce58 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -146,25 +146,17 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, X509_SIG *p8; pbe_ciph = EVP_get_cipherbynid(pbe_nid); - if (pbe_ciph) pbe_nid = -1; p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, p8inf); - - if (p8 == NULL) { - PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); + if (p8 == NULL) return NULL; - } bag = PKCS12_SAFEBAG_create0_pkcs8(p8); - - if (bag == NULL) { - PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); + if (bag == NULL) X509_SIG_free(p8); - return NULL; - } return bag; } diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 2e3a45a..5fdbc33 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -316,7 +316,7 @@ OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER. EVP_CIPHER_CTX_cipher() returns an B structure. EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater -than zero for success and zero or a negative number. +than zero for success and zero or a negative number on failure. EVP_CIPHER_CTX_rand_key() returns 1 for success. diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index 0dcd2ab..1587ea5 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -22,7 +22,8 @@ the structure and B its corresponding certificates. B, if not B is an optional set of certificates to also include in the structure. B and B are the encryption algorithms that should be used -for the key and certificate respectively. B is the encryption algorithm +for the key and certificate respectively. The modes +GCM, CCM, XTS, and OCB are unsupported. B is the encryption algorithm iteration count to use and B is the MAC iteration count to use. B is the type of key. diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h index 048a737..8001120 100644 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -241,6 +241,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 # define ASN1_R_UNKNOWN_TAG 194 # define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +# define ASN1_R_UNSUPPORTED_CIPHER 228 # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 # define ASN1_R_UNSUPPORTED_TYPE 196 # define ASN1_R_WRONG_INTEGER_TYPE 225 diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index a8f79c7..c742ea5 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -38,9 +38,11 @@ int ERR_load_EVP_strings(void); # define EVP_F_DO_SIGVER_INIT 161 # define EVP_F_ENC_NEW 199 # define EVP_F_EVP_CIPHERINIT_EX 123 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 202 # define EVP_F_EVP_CIPHER_CTX_COPY 163 # define EVP_F_EVP_CIPHER_CTX_CTRL 124 # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 203 # define EVP_F_EVP_DECRYPTFINAL_EX 101 # define EVP_F_EVP_DECRYPTUPDATE 166 # define EVP_F_EVP_DIGESTFINALXOF 174 diff --git a/test/x509aux.c b/test/x509aux.c index b66e1de..72e0082 100644 --- a/test/x509aux.c +++ b/test/x509aux.c @@ -161,6 +161,6 @@ int setup_tests(void) return 0; } - ADD_ALL_TESTS(test_certs, n); + ADD_ALL_TESTS(test_certs, (int)n); return 1; } From matt at openssl.org Mon Jun 18 09:55:31 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 18 Jun 2018 09:55:31 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529315731.244584.15402.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via f0f0abe7a5c23a00999d69e42362b60e22449c36 (commit) from 1eeb882e3309eac9248e6b998fcb8a0fef42126b (commit) - Log ----------------------------------------------------------------- commit f0f0abe7a5c23a00999d69e42362b60e22449c36 Author: Jack Bates Date: Thu Jan 5 09:58:18 2017 -0700 Convert _meth_get_ functions to const getters Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit 693be9a2cb0fc79fe856259feea54772c18a3637) (Merged from https://github.com/openssl/openssl/pull/5750) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bio_meth.c | 16 ++++++++-------- crypto/dh/dh_meth.c | 2 +- crypto/dsa/dsa_meth.c | 2 +- crypto/evp/pmeth_lib.c | 28 ++++++++++++++-------------- crypto/rsa/rsa_meth.c | 2 +- doc/crypto/BIO_meth_new.pod | 16 ++++++++-------- doc/crypto/DH_meth_new.pod | 2 +- doc/crypto/DSA_meth_new.pod | 2 +- doc/crypto/RSA_meth_new.pod | 2 +- include/openssl/bio.h | 16 ++++++++-------- include/openssl/dh.h | 2 +- include/openssl/dsa.h | 2 +- include/openssl/evp.h | 28 ++++++++++++++-------------- include/openssl/rsa.h | 2 +- 14 files changed, 61 insertions(+), 61 deletions(-) diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c index d1f3815..63a7ccc 100644 --- a/crypto/bio/bio_meth.c +++ b/crypto/bio/bio_meth.c @@ -55,7 +55,7 @@ void BIO_meth_free(BIO_METHOD *biom) } } -int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int) +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int) { return biom->bwrite; } @@ -67,7 +67,7 @@ int BIO_meth_set_write(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int) +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int) { return biom->bread; } @@ -79,7 +79,7 @@ int BIO_meth_set_read(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *) +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *) { return biom->bputs; } @@ -91,7 +91,7 @@ int BIO_meth_set_puts(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int) +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int) { return biom->bgets; } @@ -103,7 +103,7 @@ int BIO_meth_set_gets(BIO_METHOD *biom, return 1; } -long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *) +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *) { return biom->ctrl; } @@ -115,7 +115,7 @@ int BIO_meth_set_ctrl(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_create(BIO_METHOD *biom)) (BIO *) +int (*BIO_meth_get_create(const BIO_METHOD *biom)) (BIO *) { return biom->create; } @@ -126,7 +126,7 @@ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)) return 1; } -int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *) +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *) { return biom->destroy; } @@ -137,7 +137,7 @@ int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) return 1; } -long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *) +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *) { return biom->callback_ctrl; } diff --git a/crypto/dh/dh_meth.c b/crypto/dh/dh_meth.c index ce6114c..c5e16c4 100644 --- a/crypto/dh/dh_meth.c +++ b/crypto/dh/dh_meth.c @@ -75,7 +75,7 @@ int DH_meth_set1_name(DH_METHOD *dhm, const char *name) return 1; } -int DH_meth_get_flags(DH_METHOD *dhm) +int DH_meth_get_flags(const DH_METHOD *dhm) { return dhm->flags; } diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c index f0188f2..9bfed5f 100644 --- a/crypto/dsa/dsa_meth.c +++ b/crypto/dsa/dsa_meth.c @@ -83,7 +83,7 @@ int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name) return 1; } -int DSA_meth_get_flags(DSA_METHOD *dsam) +int DSA_meth_get_flags(const DSA_METHOD *dsam) { return dsam->flags; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 3975e90..0cc8d1b 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -565,26 +565,26 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl_str = ctrl_str; } -void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)) { *pinit = pmeth->init; } -void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)) { *pcopy = pmeth->copy; } -void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx)) { *pcleanup = pmeth->cleanup; } -void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) @@ -595,7 +595,7 @@ void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, *pparamgen = pmeth->paramgen; } -void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) @@ -606,7 +606,7 @@ void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, *pkeygen = pmeth->keygen; } -void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, @@ -619,7 +619,7 @@ void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, *psign = pmeth->sign; } -void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, @@ -633,7 +633,7 @@ void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, *pverify = pmeth->verify; } -void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), int (**pverify_recover) (EVP_PKEY_CTX @@ -651,7 +651,7 @@ void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, *pverify_recover = pmeth->verify_recover; } -void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**psignctx) (EVP_PKEY_CTX *ctx, @@ -665,7 +665,7 @@ void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, *psignctx = pmeth->signctx; } -void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**pverifyctx) (EVP_PKEY_CTX *ctx, @@ -679,7 +679,7 @@ void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, *pverifyctx = pmeth->verifyctx; } -void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -693,7 +693,7 @@ void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, *pencryptfn = pmeth->encrypt; } -void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -707,7 +707,7 @@ void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, *pdecrypt = pmeth->decrypt; } -void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, @@ -719,7 +719,7 @@ void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, *pderive = pmeth->derive; } -void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), int (**pctrl_str) (EVP_PKEY_CTX *ctx, diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c index 9480abd..104fc93 100644 --- a/crypto/rsa/rsa_meth.c +++ b/crypto/rsa/rsa_meth.c @@ -75,7 +75,7 @@ int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) return 1; } -int RSA_meth_get_flags(RSA_METHOD *meth) +int RSA_meth_get_flags(const RSA_METHOD *meth) { return meth->flags; } diff --git a/doc/crypto/BIO_meth_new.pod b/doc/crypto/BIO_meth_new.pod index f682c37..ed13cda 100644 --- a/doc/crypto/BIO_meth_new.pod +++ b/doc/crypto/BIO_meth_new.pod @@ -17,26 +17,26 @@ BIO_meth_set_callback_ctrl - Routines to build up BIO methods int BIO_get_new_index(void); BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); - int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); + int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); - int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); + int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); - int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); + int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); - int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); + int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int)); - long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); + long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); - int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); + int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); - int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); + int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); - long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) + long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, diff --git a/doc/crypto/DH_meth_new.pod b/doc/crypto/DH_meth_new.pod index d768da8..a9e978c 100644 --- a/doc/crypto/DH_meth_new.pod +++ b/doc/crypto/DH_meth_new.pod @@ -19,7 +19,7 @@ DH_meth_set_generate_params - Routines to build up DH methods DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); const char *DH_meth_get0_name(const DH_METHOD *dhm); int DH_meth_set1_name(DH_METHOD *dhm, const char *name); - int DH_meth_get_flags(DH_METHOD *dhm); + int DH_meth_get_flags(const DH_METHOD *dhm); int DH_meth_set_flags(DH_METHOD *dhm, int flags); void *DH_meth_get0_app_data(const DH_METHOD *dhm); int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); diff --git a/doc/crypto/DSA_meth_new.pod b/doc/crypto/DSA_meth_new.pod index 948ab29..41ceec5 100644 --- a/doc/crypto/DSA_meth_new.pod +++ b/doc/crypto/DSA_meth_new.pod @@ -21,7 +21,7 @@ DSA_meth_set_keygen - Routines to build up DSA methods DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); const char *DSA_meth_get0_name(const DSA_METHOD *dsam); int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); - int DSA_meth_get_flags(DSA_METHOD *dsam); + int DSA_meth_get_flags(const DSA_METHOD *dsam); int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); diff --git a/doc/crypto/RSA_meth_new.pod b/doc/crypto/RSA_meth_new.pod index 9970aa6..655cc59 100644 --- a/doc/crypto/RSA_meth_new.pod +++ b/doc/crypto/RSA_meth_new.pod @@ -24,7 +24,7 @@ RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); const char *RSA_meth_get0_name(const RSA_METHOD *meth); int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); - int RSA_meth_get_flags(RSA_METHOD *meth); + int RSA_meth_get_flags(const RSA_METHOD *meth); int RSA_meth_set_flags(RSA_METHOD *meth, int flags); void *RSA_meth_get0_app_data(const RSA_METHOD *meth); int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); diff --git a/include/openssl/bio.h b/include/openssl/bio.h index f435bd8..3a72862 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -730,26 +730,26 @@ __bio_h__attr__((__format__(__printf__, 3, 0))); BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); -int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); -int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); -int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); -int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int)); -long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); -int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); +int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); -int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); -long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, diff --git a/include/openssl/dh.h b/include/openssl/dh.h index fbd4790..76134da 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -187,7 +187,7 @@ void DH_meth_free(DH_METHOD *dhm); DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); const char *DH_meth_get0_name(const DH_METHOD *dhm); int DH_meth_set1_name(DH_METHOD *dhm, const char *name); -int DH_meth_get_flags(DH_METHOD *dhm); +int DH_meth_get_flags(const DH_METHOD *dhm); int DH_meth_set_flags(DH_METHOD *dhm, int flags); void *DH_meth_get0_app_data(const DH_METHOD *dhm); int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 5b8a3cf..e75c839 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -186,7 +186,7 @@ void DSA_meth_free(DSA_METHOD *dsam); DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); const char *DSA_meth_get0_name(const DSA_METHOD *dsam); int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); -int DSA_meth_get_flags(DSA_METHOD *dsam); +int DSA_meth_get_flags(const DSA_METHOD *dsam); int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 57c8231..36e2934 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1351,34 +1351,34 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); -void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)); -void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)); -void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx)); -void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, @@ -1386,7 +1386,7 @@ void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, const unsigned char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), int (**pverify_recover) (EVP_PKEY_CTX @@ -1398,7 +1398,7 @@ void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, char *tbs, size_t tbslen)); -void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**psignctx) (EVP_PKEY_CTX *ctx, @@ -1406,7 +1406,7 @@ void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, size_t *siglen, EVP_MD_CTX *mctx)); -void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**pverifyctx) (EVP_PKEY_CTX *ctx, @@ -1414,7 +1414,7 @@ void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, int siglen, EVP_MD_CTX *mctx)); -void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -1422,7 +1422,7 @@ void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, const unsigned char *in, size_t inlen)); -void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -1430,13 +1430,13 @@ void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, const unsigned char *in, size_t inlen)); -void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); -void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), int (**pctrl_str) (EVP_PKEY_CTX *ctx, diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index d97d6e0..cdc8d7c 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -374,7 +374,7 @@ void RSA_meth_free(RSA_METHOD *meth); RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); const char *RSA_meth_get0_name(const RSA_METHOD *meth); int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -int RSA_meth_get_flags(RSA_METHOD *meth); +int RSA_meth_get_flags(const RSA_METHOD *meth); int RSA_meth_set_flags(RSA_METHOD *meth, int flags); void *RSA_meth_get0_app_data(const RSA_METHOD *meth); int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); From osslsanity at gmail.com Mon Jun 18 11:14:07 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Mon, 18 Jun 2018 11:14:07 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_make_errors #571 Message-ID: <1115753492.457.1529320447708.JavaMail.jenkins@ip-172-31-34-99> See Changes: [matt] remove needless and misleading malloc failure error messages of [matt] add 'unsupported cipher mode' diagnostics to evp_lib.c and genpkey.c [matt] add cast in test/x509aux.c preventing compiler warning for VC-WIN64A ------------------------------------------ Started by upstream project "master_basic" build number 582 originally caused by: Started by an SCM change Building in workspace [WS-CLEANUP] Deleting project workspace... [WS-CLEANUP] Done Cloning the remote Git repository Cloning repository https://github.com/openssl/openssl.git > git init # timeout=10 Fetching upstream changes from https://github.com/openssl/openssl.git > git --version # timeout=10 > git fetch --tags --progress https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/* > git config remote.origin.url https://github.com/openssl/openssl.git # timeout=10 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10 > git config remote.origin.url https://github.com/openssl/openssl.git # timeout=10 Fetching upstream changes from https://github.com/openssl/openssl.git > git fetch --tags --progress https://github.com/openssl/openssl.git +refs/heads/*:refs/remotes/origin/* > git rev-parse refs/remotes/origin/master^{commit} # timeout=10 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10 Checking out Revision 8263e6cb98a1b0067c13250890e4933e390b59e6 (refs/remotes/origin/master) > git config core.sparsecheckout # timeout=10 > git checkout -f 8263e6cb98a1b0067c13250890e4933e390b59e6 > git rev-list 748eb991f49585a609ec65b0d8d26835a2911045 # timeout=10 [master_make_errors] $ /bin/sh -xe /tmp/jenkins3321426865388343955.sh + ./config Operating system: x86_64-whatever-linux2 Configuring OpenSSL version 1.1.1-pre8-dev (0x10101008L) for linux-x86_64 Using os-specific seed configuration Creating configdata.pm Creating Makefile ********************************************************************** *** *** *** If you want to report a building issue, please include the *** *** output from this command: *** *** *** *** perl configdata.pm --dump *** *** *** ********************************************************************** + make depend + make errors ( b=`pwd`; set -e; cd .; \ /usr/bin/perl util/ck_errf.pl -strict -internal; \ /usr/bin/perl -I$b util/mkerr.pl -internal ) EVP function code 202 collision at EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY make: *** [errors] Error 25 Build step 'Execute shell' marked build as failure From matt at openssl.org Mon Jun 18 13:38:03 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 18 Jun 2018 13:38:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529329083.519921.4342.nullmailer@dev.openssl.org> The branch master has been updated via a47f0a8507e054f8707129bf33455effd7201358 (commit) from 8263e6cb98a1b0067c13250890e4933e390b59e6 (commit) - Log ----------------------------------------------------------------- commit a47f0a8507e054f8707129bf33455effd7201358 Author: Matt Caswell Date: Mon Jun 18 13:13:20 2018 +0100 Fix error number clash Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6511) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 4 ++-- include/openssl/evperr.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 2a9804c..4b8e8c4 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -716,11 +716,11 @@ EVP_F_DES_EDE3_WRAP_CIPHER:171:des_ede3_wrap_cipher EVP_F_DO_SIGVER_INIT:161:do_sigver_init EVP_F_ENC_NEW:199:enc_new EVP_F_EVP_CIPHERINIT_EX:123:EVP_CipherInit_ex -EVP_F_EVP_CIPHER_ASN1_TO_PARAM:202:EVP_CIPHER_asn1_to_param +EVP_F_EVP_CIPHER_ASN1_TO_PARAM:204:EVP_CIPHER_asn1_to_param EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH:122:EVP_CIPHER_CTX_set_key_length -EVP_F_EVP_CIPHER_PARAM_TO_ASN1:203:EVP_CIPHER_param_to_asn1 +EVP_F_EVP_CIPHER_PARAM_TO_ASN1:205:EVP_CIPHER_param_to_asn1 EVP_F_EVP_DECRYPTFINAL_EX:101:EVP_DecryptFinal_ex EVP_F_EVP_DECRYPTUPDATE:166:EVP_DecryptUpdate EVP_F_EVP_DIGESTFINALXOF:174:EVP_DigestFinalXOF diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index c742ea5..8ab1765 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -38,11 +38,11 @@ int ERR_load_EVP_strings(void); # define EVP_F_DO_SIGVER_INIT 161 # define EVP_F_ENC_NEW 199 # define EVP_F_EVP_CIPHERINIT_EX 123 -# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 202 +# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM 204 # define EVP_F_EVP_CIPHER_CTX_COPY 163 # define EVP_F_EVP_CIPHER_CTX_CTRL 124 # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 203 +# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1 205 # define EVP_F_EVP_DECRYPTFINAL_EX 101 # define EVP_F_EVP_DECRYPTUPDATE 166 # define EVP_F_EVP_DIGESTFINALXOF 174 From osslsanity at gmail.com Mon Jun 18 15:14:04 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Mon, 18 Jun 2018 15:14:04 +0000 (UTC) Subject: [openssl-commits] Jenkins build is back to normal : master_make_errors #572 In-Reply-To: <1115753492.457.1529320447708.JavaMail.jenkins@ip-172-31-34-99> References: <1115753492.457.1529320447708.JavaMail.jenkins@ip-172-31-34-99> Message-ID: <1924817029.458.1529334844581.JavaMail.jenkins@ip-172-31-34-99> See From appro at openssl.org Mon Jun 18 17:59:31 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 18 Jun 2018 17:59:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529344771.529904.28289.nullmailer@dev.openssl.org> The branch master has been updated via 575045f59fc393abc9d49604d82ccd17c82925fa (commit) via 27635a4ecb1bc4852ccf456a9374a68931dc330f (commit) via b55e21b357902959ae8ec0255952402f5ccaa515 (commit) via 9e97f61dec312084abe03226e5c962d818c9fc2b (commit) from a47f0a8507e054f8707129bf33455effd7201358 (commit) - Log ----------------------------------------------------------------- commit 575045f59fc393abc9d49604d82ccd17c82925fa Author: Andy Polyakov Date: Sat Jun 16 16:25:40 2018 +0200 ec/asm/ecp_nistz256-avx2.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) commit 27635a4ecb1bc4852ccf456a9374a68931dc330f Author: Andy Polyakov Date: Sat Jun 16 16:24:55 2018 +0200 {chacha|poly1305}/asm/*-x64.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) commit b55e21b357902959ae8ec0255952402f5ccaa515 Author: Andy Polyakov Date: Sat Jun 16 16:23:34 2018 +0200 sha/asm/sha{1|256}-586.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) commit 9e97f61dec312084abe03226e5c962d818c9fc2b Author: Andy Polyakov Date: Sat Jun 16 16:22:19 2018 +0200 bn/asm/rsaz-avx2.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/rsaz-avx2.pl | 2 +- crypto/chacha/asm/chacha-x86.pl | 2 +- crypto/ec/asm/ecp_nistz256-avx2.pl | 2 +- crypto/poly1305/asm/poly1305-x86.pl | 2 +- crypto/sha/asm/sha1-586.pl | 2 +- crypto/sha/asm/sha256-586.pl | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index 8c56a91..154a762 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl index e177a22..8508346 100755 --- a/crypto/chacha/asm/chacha-x86.pl +++ b/crypto/chacha/asm/chacha-x86.pl @@ -62,7 +62,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && $1>=10); # first version supporting AVX $ymm=1 if ($xmm && !$ymm && - `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && + `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $a="eax"; diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl index 9fbc909..c113c13 100755 --- a/crypto/ec/asm/ecp_nistz256-avx2.pl +++ b/crypto/ec/asm/ecp_nistz256-avx2.pl @@ -47,7 +47,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl index ec1efd9..3020d8e 100755 --- a/crypto/poly1305/asm/poly1305-x86.pl +++ b/crypto/poly1305/asm/poly1305-x86.pl @@ -71,7 +71,7 @@ if ($sse2) { $avx = ($1>=2.09) + ($1>=2.10); } - if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { + if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } } diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index ca37639..996707c 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -144,7 +144,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index 4883072..e0ef028 100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -96,7 +96,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" && $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } From appro at openssl.org Mon Jun 18 18:03:48 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 18 Jun 2018 18:03:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529345028.433433.30193.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via c35608e5422d2718868d88439e22369d4aabb7c6 (commit) via 1d5e1085bdef69a360cb01f10fc03e5ffbc9feaf (commit) via 0e41c2a309509599478e5bdffd877e4d4f635308 (commit) via 3bce5b05cb31c25ac0a32eaa06f730e67ff32e13 (commit) from f0f0abe7a5c23a00999d69e42362b60e22449c36 (commit) - Log ----------------------------------------------------------------- commit c35608e5422d2718868d88439e22369d4aabb7c6 Author: Andy Polyakov Date: Sat Jun 16 16:25:40 2018 +0200 ec/asm/ecp_nistz256-avx2.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 575045f59fc393abc9d49604d82ccd17c82925fa) commit 1d5e1085bdef69a360cb01f10fc03e5ffbc9feaf Author: Andy Polyakov Date: Sat Jun 16 16:24:55 2018 +0200 {chacha|poly1305}/asm/*-x64.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 27635a4ecb1bc4852ccf456a9374a68931dc330f) commit 0e41c2a309509599478e5bdffd877e4d4f635308 Author: Andy Polyakov Date: Sat Jun 16 16:23:34 2018 +0200 sha/asm/sha{1|256}-586.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit b55e21b357902959ae8ec0255952402f5ccaa515) commit 3bce5b05cb31c25ac0a32eaa06f730e67ff32e13 Author: Andy Polyakov Date: Sat Jun 16 16:22:19 2018 +0200 bn/asm/rsaz-avx2.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 9e97f61dec312084abe03226e5c962d818c9fc2b) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/rsaz-avx2.pl | 2 +- crypto/chacha/asm/chacha-x86.pl | 2 +- crypto/ec/asm/ecp_nistz256-avx2.pl | 2 +- crypto/poly1305/asm/poly1305-x86.pl | 2 +- crypto/sha/asm/sha1-586.pl | 2 +- crypto/sha/asm/sha256-586.pl | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index 46d746b..c9450e7 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -104,7 +104,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl index 61b3286..db2b43b 100755 --- a/crypto/chacha/asm/chacha-x86.pl +++ b/crypto/chacha/asm/chacha-x86.pl @@ -61,7 +61,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && $1>=10); # first version supporting AVX $ymm=1 if ($xmm && !$ymm && - `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && + `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $a="eax"; diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl index 3bdd2cf..c5a1f0b 100755 --- a/crypto/ec/asm/ecp_nistz256-avx2.pl +++ b/crypto/ec/asm/ecp_nistz256-avx2.pl @@ -67,7 +67,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl index ab24dfc..8b30fda 100755 --- a/crypto/poly1305/asm/poly1305-x86.pl +++ b/crypto/poly1305/asm/poly1305-x86.pl @@ -70,7 +70,7 @@ if ($sse2) { $avx = ($1>=2.09) + ($1>=2.10); } - if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { + if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } } diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 5adca23..f6c859f 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -141,7 +141,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index 6af1d84..83cd18c 100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -93,7 +93,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" && $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } From appro at openssl.org Mon Jun 18 18:04:55 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 18 Jun 2018 18:04:55 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1529345095.530944.31086.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8b4e971f66779193281d6a3bf8ff7535e6ff13b4 (commit) via 7c17124650fead2effa32dc6c95c8c155c5615f9 (commit) from fc4b2bf9ff2c98bd9dde487e41e0eb26664c08ff (commit) - Log ----------------------------------------------------------------- commit 8b4e971f66779193281d6a3bf8ff7535e6ff13b4 Author: Andy Polyakov Date: Sat Jun 16 16:23:34 2018 +0200 sha/asm/sha{1|256}-586.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit b55e21b357902959ae8ec0255952402f5ccaa515) commit 7c17124650fead2effa32dc6c95c8c155c5615f9 Author: Andy Polyakov Date: Sat Jun 16 16:22:19 2018 +0200 bn/asm/rsaz-avx2.pl: harmonize clang version detection. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6499) (cherry picked from commit 9e97f61dec312084abe03226e5c962d818c9fc2b) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/rsaz-avx2.pl | 2 +- crypto/sha/asm/sha1-586.pl | 2 +- crypto/sha/asm/sha256-586.pl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index 2b3f8b0..d4124a8 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -97,7 +97,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index e0b5d83..e29c33a 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -131,7 +131,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index e907714..1c3fb00 100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -83,7 +83,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" && $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } From levitte at openssl.org Tue Jun 19 08:33:14 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 19 Jun 2018 08:33:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529397194.297365.12738.nullmailer@dev.openssl.org> The branch master has been updated via a9091c137bb21a247afa01ecf17bd5c75d9b0e65 (commit) via 973abf52304b454e8f2220a11aa8b6c6512c44fb (commit) from 575045f59fc393abc9d49604d82ccd17c82925fa (commit) - Log ----------------------------------------------------------------- commit a9091c137bb21a247afa01ecf17bd5c75d9b0e65 Author: Richard Levitte Date: Tue Jun 12 18:31:57 2018 +0200 Convert our own check of OPENSSL_NO_DEPRECATED ... to the check OPENSSL_API_COMPAT < 0x10100000L, to correspond with how it's declared. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6470) commit 973abf52304b454e8f2220a11aa8b6c6512c44fb Author: Richard Levitte Date: Tue Jun 12 18:26:37 2018 +0200 Configure option 'no-deprecated' means '-DOPENSSL_API_COMPAT=0x10100000L' (that is, until 1.2.0 comes along) Since we allow future deprecation (and that shouldn't be affected by 'no-deprecated'), we need to distinguish what to have deprecated on the value of OPENSSL_API_COMPAT, not the existence of OPENSSL_NO_DEPRECATED. Note that the macro OPENSSL_NO_DEPRECATED still exists, in case someone still uses it. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6470) ----------------------------------------------------------------------- Summary of changes: crypto/engine/eng_all.c | 2 +- include/openssl/opensslconf.h.in | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index c0d0b1c..5f06fe0 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -18,7 +18,7 @@ void ENGINE_load_builtin_engines(void) OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } -#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && !defined(OPENSSL_NO_DEPRECATED) +#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L void ENGINE_setup_bsd_cryptodev(void) { } diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index dc36a74..96f791e 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -68,9 +68,7 @@ extern "C" { * still won't see them if the library has been built to disable deprecated * functions. */ -#if defined(OPENSSL_NO_DEPRECATED) -# define DECLARE_DEPRECATED(f) -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); #else # define DECLARE_DEPRECATED(f) f; From matt at openssl.org Tue Jun 19 10:17:25 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 19 Jun 2018 10:17:25 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1529403445.927889.26563.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8fbbbdd5fcfeca62d339d1db11887da2a298ee8e (commit) from 8b4e971f66779193281d6a3bf8ff7535e6ff13b4 (commit) - Log ----------------------------------------------------------------- commit 8fbbbdd5fcfeca62d339d1db11887da2a298ee8e Author: Matt Caswell Date: Mon Jun 18 13:00:40 2018 +0100 Fix no-ssl3-method in 1.0.2 Fixes #5322 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6510) ----------------------------------------------------------------------- Summary of changes: test/testssl | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/test/testssl b/test/testssl index 21bc4d8..8bea40a 100644 --- a/test/testssl +++ b/test/testssl @@ -172,14 +172,18 @@ for protocol in TLSv1.2 SSLv3; do test_cipher $cipher $protocol done echo "testing connection with weak DH, expecting failure" - if [ $protocol = "SSLv3" ] ; then - $ssltest -cipher EDH -dhe512 -ssl3 + if [ $protocol = "SSLv3" ] && ../util/shlib_wrap.sh ../apps/openssl no-ssl3; then + echo "skipping weak DH test for disabled protocol" else - $ssltest -cipher EDH -dhe512 - fi - if [ $? -eq 0 ]; then - echo "FAIL: connection with weak DH succeeded" - exit 1 + if [ $protocol = "SSLv3" ] ; then + $ssltest -cipher EDH -dhe512 -ssl3 + else + $ssltest -cipher EDH -dhe512 + fi + if [ $? -eq 0 ]; then + echo "FAIL: connection with weak DH succeeded" + exit 1 + fi fi fi if ../util/shlib_wrap.sh ../apps/openssl no-ec; then From matt at openssl.org Tue Jun 19 10:35:01 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 19 Jun 2018 10:35:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529404501.981217.29628.nullmailer@dev.openssl.org> The branch master has been updated via ddb634fe6f9aeea34fe036cf804903b4240d38ac (commit) via 2f2e6b6278bc4cbf670e42ae9f4ff818529df37c (commit) from a9091c137bb21a247afa01ecf17bd5c75d9b0e65 (commit) - Log ----------------------------------------------------------------- commit ddb634fe6f9aeea34fe036cf804903b4240d38ac Author: Jack Lloyd Date: Mon Jun 18 15:51:56 2018 -0400 Move SM2 algos to SM2 specific PKEY method Use EVP_PKEY_set_alias_type to access Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6443) commit 2f2e6b6278bc4cbf670e42ae9f4ff818529df37c Author: Jack Lloyd Date: Mon Jun 18 15:49:15 2018 -0400 Add EVP_PKEY_set_alias_type Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6443) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/standard_methods.h | 3 + crypto/ec/ec_ameth.c | 8 + crypto/ec/ec_err.c | 6 + crypto/ec/ec_pmeth.c | 113 +------------- crypto/err/openssl.txt | 8 + crypto/evp/evp_err.c | 2 + crypto/evp/p_lib.c | 20 +++ crypto/evp/pmeth_lib.c | 8 +- crypto/include/internal/asn1_int.h | 1 + crypto/include/internal/evp_int.h | 1 + crypto/include/internal/sm2.h | 8 +- crypto/include/internal/sm2err.h | 7 + crypto/sm2/build.info | 3 +- crypto/sm2/sm2_err.c | 7 + crypto/sm2/sm2_pmeth.c | 245 ++++++++++++++++++++++++++++++ crypto/sm2/sm2_sign.c | 14 +- doc/man3/EVP_PKEY_set1_RSA.pod | 16 +- include/openssl/ecerr.h | 6 + include/openssl/evp.h | 1 + include/openssl/evperr.h | 1 + test/evp_extra_test.c | 124 +++++++++++++++ test/evp_test.c | 5 + test/recipes/30-test_evp_data/evppkey.txt | 10 ++ util/libcrypto.num | 1 + 24 files changed, 488 insertions(+), 130 deletions(-) create mode 100644 crypto/sm2/sm2_pmeth.c diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h index 0dcd6b8..e74de55 100644 --- a/crypto/asn1/standard_methods.h +++ b/crypto/asn1/standard_methods.h @@ -54,5 +54,8 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { &ed25519_asn1_meth, &ed448_asn1_meth, #endif +#ifndef OPENSSL_NO_SM2 + &sm2_asn1_meth, +#endif }; diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 0682bc3..4096cb3 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -602,6 +602,14 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { ec_pkey_param_check }; +#if !defined(OPENSSL_NO_SM2) +const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = { + EVP_PKEY_SM2, + EVP_PKEY_EC, + ASN1_PKEY_ALIAS +}; +#endif + int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) { int private = EC_KEY_get0_private_key(x) != NULL; diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 94a7207..6a1be2e 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -259,6 +259,12 @@ static const ERR_STRING_DATA EC_str_functs[] = { {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_KEYGEN, 0), "pkey_sm2_keygen"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_PARAMGEN, 0), "pkey_sm2_paramgen"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"}, {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"}, {0, NULL} }; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 0187adf..f4ea8b5 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -16,10 +16,6 @@ #include #include "internal/evp_int.h" -#if !defined(OPENSSL_NO_SM2) -# include "internal/sm2.h" -#endif - /* EC pkey context structure */ typedef struct { @@ -107,7 +103,6 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, unsigned int sltmp; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; - const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); if (!sig) { *siglen = ECDSA_size(ec); @@ -122,15 +117,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, else type = NID_sha1; - if (ec_nid == NID_sm2) { -#if defined(OPENSSL_NO_SM2) - return -1; -#else - ret = sm2_sign(type, tbs, tbslen, sig, &sltmp, ec); -#endif - } else { - ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); - } + ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); if (ret <= 0) return ret; @@ -145,22 +132,13 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, int ret, type; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; - const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); if (dctx->md) type = EVP_MD_type(dctx->md); else type = NID_sha1; - if (ec_nid == NID_sm2) { -#if defined(OPENSSL_NO_SM2) - ret = -1; -#else - ret = sm2_verify(type, tbs, tbslen, sig, siglen, ec); -#endif - } else { - ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); - } + ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); return ret; } @@ -202,86 +180,6 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) return 1; } -static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int ret; - EC_KEY *ec = ctx->pkey->pkey.ec; - const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - - if (ec_nid == NID_sm2) { -# if defined(OPENSSL_NO_SM2) - ret = -1; -# else - int md_type; - EC_PKEY_CTX *dctx = ctx->data; - - if (dctx->md) - md_type = EVP_MD_type(dctx->md); - else - md_type = NID_sm3; - - if (out == NULL) { - if (!sm2_ciphertext_size(ec, EVP_get_digestbynid(md_type), inlen, - outlen)) - ret = -1; - else - ret = 1; - } - else { - ret = sm2_encrypt(ec, EVP_get_digestbynid(md_type), - in, inlen, out, outlen); - } -# endif - } else { - /* standard ECIES not implemented */ - ret = -1; - } - - return ret; -} - -static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int ret; - EC_KEY *ec = ctx->pkey->pkey.ec; - const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - - if (ec_nid == NID_sm2) { -# if defined(OPENSSL_NO_SM2) - ret = -1; -# else - int md_type; - EC_PKEY_CTX *dctx = ctx->data; - - if (dctx->md) - md_type = EVP_MD_type(dctx->md); - else - md_type = NID_sm3; - - if (out == NULL) { - if (!sm2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen, - outlen)) - ret = -1; - else - ret = 1; - } - else { - ret = sm2_decrypt(ec, EVP_get_digestbynid(md_type), - in, inlen, out, outlen); - } -# endif - } else { - /* standard ECIES not implemented */ - ret = -1; - } - - return ret; -} - static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { @@ -420,8 +318,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha512 && - EVP_MD_type((const EVP_MD *)p2) != NID_sm3) { + EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); return 0; } @@ -552,10 +449,10 @@ const EVP_PKEY_METHOD ec_pkey_meth = { 0, 0, 0, 0, 0, - pkey_ecies_encrypt, + 0, 0, - pkey_ecies_decrypt, + 0, 0, #ifndef OPENSSL_NO_EC diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 4b8e8c4..23671a0 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -774,6 +774,7 @@ EVP_F_EVP_PKEY_PARAMGEN_INIT:149:EVP_PKEY_paramgen_init EVP_F_EVP_PKEY_PARAM_CHECK:189:EVP_PKEY_param_check EVP_F_EVP_PKEY_PUBLIC_CHECK:190:EVP_PKEY_public_check EVP_F_EVP_PKEY_SET1_ENGINE:187:EVP_PKEY_set1_engine +EVP_F_EVP_PKEY_SET_ALIAS_TYPE:206:EVP_PKEY_set_alias_type EVP_F_EVP_PKEY_SIGN:140:EVP_PKEY_sign EVP_F_EVP_PKEY_SIGN_INIT:141:EVP_PKEY_sign_init EVP_F_EVP_PKEY_VERIFY:142:EVP_PKEY_verify @@ -1067,6 +1068,10 @@ RSA_F_RSA_VERIFY:119:RSA_verify RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1 RSA_F_SETUP_TBUF:167:setup_tbuf +SM2_F_PKEY_SM2_CTRL:109:pkey_sm2_ctrl +SM2_F_PKEY_SM2_CTRL_STR:110:pkey_sm2_ctrl_str +SM2_F_PKEY_SM2_INIT:111:pkey_sm2_init +SM2_F_PKEY_SM2_SIGN:112:pkey_sm2_sign SM2_F_SM2_COMPUTE_MSG_HASH:100:sm2_compute_msg_hash SM2_F_SM2_COMPUTE_USERID_DIGEST:101:sm2_compute_userid_digest SM2_F_SM2_DECRYPT:102:sm2_decrypt @@ -2527,10 +2532,13 @@ RSA_R_VALUE_MISSING:147:value missing RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length SM2_R_ASN1_ERROR:100:asn1 error SM2_R_BAD_SIGNATURE:101:bad signature +SM2_R_BUFFER_TOO_SMALL:107:buffer too small +SM2_R_INVALID_CURVE:108:invalid curve SM2_R_INVALID_DIGEST:102:invalid digest SM2_R_INVALID_DIGEST_TYPE:103:invalid digest type SM2_R_INVALID_ENCODING:104:invalid encoding SM2_R_INVALID_FIELD:105:invalid field +SM2_R_NO_PARAMETERS_SET:109:no parameters set SM2_R_USER_ID_TOO_LARGE:106:user id too large SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\ diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 4403fa5..3e14a7b 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -122,6 +122,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = { "EVP_PKEY_public_check"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET1_ENGINE, 0), "EVP_PKEY_set1_engine"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET_ALIAS_TYPE, 0), + "EVP_PKEY_set_alias_type"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN, 0), "EVP_PKEY_sign"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN_INIT, 0), "EVP_PKEY_sign_init"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY, 0), "EVP_PKEY_verify"}, diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index d78f1d2..9429be9 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -356,6 +356,26 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) { return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len); } + +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type) +{ + if (pkey->type == type) { + return 1; /* it already is that type */ + } + + /* + * The application is requesting to alias this to a different pkey type, + * but not one that resolves to the base type. + */ + if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) { + EVPerr(EVP_F_EVP_PKEY_SET_ALIAS_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); + return 0; + } + + pkey->type = type; + return 1; +} + #ifndef OPENSSL_NO_ENGINE int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) { diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index cf4dd43..6a0fc81 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -64,6 +64,9 @@ static const EVP_PKEY_METHOD *standard_methods[] = { &ed25519_pkey_meth, &ed448_pkey_meth, #endif +#ifndef OPENSSL_NO_SM2 + &sm2_pkey_meth, +#endif }; DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, @@ -101,10 +104,9 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { EVP_PKEY_CTX *ret; const EVP_PKEY_METHOD *pmeth; + if (id == -1) { - if (!pkey || !pkey->ameth) - return NULL; - id = pkey->ameth->pkey_id; + id = pkey->type; } #ifndef OPENSSL_NO_ENGINE if (e == NULL && pkey != NULL) diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h index b8a6762..9c9b4d8 100644 --- a/crypto/include/internal/asn1_int.h +++ b/crypto/include/internal/asn1_int.h @@ -76,6 +76,7 @@ extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth; extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth; extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth; extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth; extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index 691b28b..daf2e45 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -90,6 +90,7 @@ extern const EVP_PKEY_METHOD dh_pkey_meth; extern const EVP_PKEY_METHOD dhx_pkey_meth; extern const EVP_PKEY_METHOD dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth; +extern const EVP_PKEY_METHOD sm2_pkey_meth; extern const EVP_PKEY_METHOD ecx25519_pkey_meth; extern const EVP_PKEY_METHOD ecx448_pkey_meth; extern const EVP_PKEY_METHOD ed25519_pkey_meth; diff --git a/crypto/include/internal/sm2.h b/crypto/include/internal/sm2.h index e0e2d75..613fa34 100644 --- a/crypto/include/internal/sm2.h +++ b/crypto/include/internal/sm2.h @@ -42,15 +42,15 @@ int sm2_do_verify(const EC_KEY *key, const char *user_id, const uint8_t *msg, size_t msg_len); /* - * SM2 signature generation. Assumes input is an SM3 digest + * SM2 signature generation. */ -int sm2_sign(int type, const unsigned char *dgst, int dgstlen, +int sm2_sign(const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); /* - * SM2 signature verification. Assumes input is an SM3 digest + * SM2 signature verification. */ -int sm2_verify(int type, const unsigned char *dgst, int dgstlen, +int sm2_verify(const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *eckey); diff --git a/crypto/include/internal/sm2err.h b/crypto/include/internal/sm2err.h index f2d60e1..9a7e2b6 100644 --- a/crypto/include/internal/sm2err.h +++ b/crypto/include/internal/sm2err.h @@ -23,6 +23,10 @@ int ERR_load_SM2_strings(void); /* * SM2 function codes. */ +# define SM2_F_PKEY_SM2_CTRL 109 +# define SM2_F_PKEY_SM2_CTRL_STR 110 +# define SM2_F_PKEY_SM2_INIT 111 +# define SM2_F_PKEY_SM2_SIGN 112 # define SM2_F_SM2_COMPUTE_MSG_HASH 100 # define SM2_F_SM2_COMPUTE_USERID_DIGEST 101 # define SM2_F_SM2_DECRYPT 102 @@ -38,10 +42,13 @@ int ERR_load_SM2_strings(void); */ # define SM2_R_ASN1_ERROR 100 # define SM2_R_BAD_SIGNATURE 101 +# define SM2_R_BUFFER_TOO_SMALL 107 +# define SM2_R_INVALID_CURVE 108 # define SM2_R_INVALID_DIGEST 102 # define SM2_R_INVALID_DIGEST_TYPE 103 # define SM2_R_INVALID_ENCODING 104 # define SM2_R_INVALID_FIELD 105 +# define SM2_R_NO_PARAMETERS_SET 109 # define SM2_R_USER_ID_TOO_LARGE 106 # endif diff --git a/crypto/sm2/build.info b/crypto/sm2/build.info index fbf8dba..c1e84f4 100644 --- a/crypto/sm2/build.info +++ b/crypto/sm2/build.info @@ -1,6 +1,5 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ - sm2_za.c sm2_sign.c sm2_crypt.c sm2_err.c - + sm2_za.c sm2_sign.c sm2_crypt.c sm2_err.c sm2_pmeth.c diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c index e36975f..035abdc 100644 --- a/crypto/sm2/sm2_err.c +++ b/crypto/sm2/sm2_err.c @@ -14,6 +14,10 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA SM2_str_functs[] = { + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"}, + {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"}, {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0), "sm2_compute_msg_hash"}, {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_USERID_DIGEST, 0), @@ -31,11 +35,14 @@ static const ERR_STRING_DATA SM2_str_functs[] = { static const ERR_STRING_DATA SM2_str_reasons[] = { {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE), "invalid digest type"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"}, + {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"}, {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"}, {0, NULL} }; diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c new file mode 100644 index 0000000..b027131 --- /dev/null +++ b/crypto/sm2/sm2_pmeth.c @@ -0,0 +1,245 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" +#include +#include +#include +#include "internal/evp_int.h" +#include "internal/sm2.h" +#include "internal/sm2err.h" + +/* EC pkey context structure */ + +typedef struct { + /* Key and paramgen group */ + EC_GROUP *gen_group; + /* message digest */ + const EVP_MD *md; +} SM2_PKEY_CTX; + +static int pkey_sm2_init(EVP_PKEY_CTX *ctx) +{ + SM2_PKEY_CTX *dctx; + + if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) { + SM2err(SM2_F_PKEY_SM2_INIT, ERR_R_MALLOC_FAILURE); + return 0; + } + + ctx->data = dctx; + return 1; +} + +static void pkey_sm2_cleanup(EVP_PKEY_CTX *ctx) +{ + SM2_PKEY_CTX *dctx = ctx->data; + + if (dctx != NULL) { + EC_GROUP_free(dctx->gen_group); + OPENSSL_free(dctx); + ctx->data = NULL; + } +} + +static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + SM2_PKEY_CTX *dctx, *sctx; + + if (!pkey_sm2_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + if (sctx->gen_group != NULL) { + dctx->gen_group = EC_GROUP_dup(sctx->gen_group); + if (dctx->gen_group == NULL) { + pkey_sm2_cleanup(dst); + return 0; + } + } + dctx->md = sctx->md; + + return 1; +} + +static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret; + unsigned int sltmp; + EC_KEY *ec = ctx->pkey->pkey.ec; + const int sig_sz = ECDSA_size(ctx->pkey->pkey.ec); + + if (sig_sz <= 0) { + return 0; + } + + if (sig == NULL) { + *siglen = (size_t)sig_sz; + return 1; + } + + if (*siglen < (size_t)sig_sz) { + SM2err(SM2_F_PKEY_SM2_SIGN, SM2_R_BUFFER_TOO_SMALL); + return 0; + } + + ret = sm2_sign(tbs, tbslen, sig, &sltmp, ec); + + if (ret <= 0) + return ret; + *siglen = (size_t)sltmp; + return 1; +} + +static int pkey_sm2_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + + return sm2_verify(tbs, tbslen, sig, siglen, ec); +} + +static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + SM2_PKEY_CTX *dctx = ctx->data; + const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + + if (out == NULL) { + if (!sm2_ciphertext_size(ec, md, inlen, outlen)) + return -1; + else + return 1; + } + + return sm2_encrypt(ec, md, in, inlen, out, outlen); +} + +static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + SM2_PKEY_CTX *dctx = ctx->data; + const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + + if (out == NULL) { + if (!sm2_plaintext_size(ec, md, inlen, outlen)) + return -1; + else + return 1; + } + + return sm2_decrypt(ec, md, in, inlen, out, outlen); +} + +static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + SM2_PKEY_CTX *dctx = ctx->data; + EC_GROUP *group; + + switch (type) { + case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: + group = EC_GROUP_new_by_curve_name(p1); + if (group == NULL) { + SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_INVALID_CURVE); + return 0; + } + EC_GROUP_free(dctx->gen_group); + dctx->gen_group = group; + return 1; + + case EVP_PKEY_CTRL_EC_PARAM_ENC: + if (dctx->gen_group == NULL) { + SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_NO_PARAMETERS_SET); + return 0; + } + EC_GROUP_set_asn1_flag(dctx->gen_group, p1); + return 1; + + case EVP_PKEY_CTRL_MD: + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_GET_MD: + *(const EVP_MD **)p2 = dctx->md; + return 1; + + default: + return -2; + + } +} + +static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) +{ + if (strcmp(type, "ec_paramgen_curve") == 0) { + int nid = NID_undef; + + if (((nid = EC_curve_nist2nid(value)) == NID_undef) + && ((nid = OBJ_sn2nid(value)) == NID_undef) + && ((nid = OBJ_ln2nid(value)) == NID_undef)) { + SM2err(SM2_F_PKEY_SM2_CTRL_STR, SM2_R_INVALID_CURVE); + return 0; + } + return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); + } else if (strcmp(type, "ec_param_enc") == 0) { + int param_enc; + + if (strcmp(value, "explicit") == 0) + param_enc = 0; + else if (strcmp(value, "named_curve") == 0) + param_enc = OPENSSL_EC_NAMED_CURVE; + else + return -2; + return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); + } + + return -2; +} + +const EVP_PKEY_METHOD sm2_pkey_meth = { + EVP_PKEY_SM2, + 0, + pkey_sm2_init, + pkey_sm2_copy, + pkey_sm2_cleanup, + + 0, + 0, + + 0, + 0, + + 0, + pkey_sm2_sign, + + 0, + pkey_sm2_verify, + + 0, 0, + + 0, 0, 0, 0, + + 0, + pkey_sm2_encrypt, + + 0, + pkey_sm2_decrypt, + + 0, + 0, + pkey_sm2_ctrl, + pkey_sm2_ctrl_str +}; diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 4ca0ca8..9d19054 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -282,7 +282,7 @@ int sm2_do_verify(const EC_KEY *key, return ret; } -int sm2_sign(int type, const unsigned char *dgst, int dgstlen, +int sm2_sign(const unsigned char *dgst, int dgstlen, unsigned char *sig, unsigned int *siglen, EC_KEY *eckey) { BIGNUM *e = NULL; @@ -290,11 +290,6 @@ int sm2_sign(int type, const unsigned char *dgst, int dgstlen, int sigleni; int ret = -1; - if (type != NID_sm3 || dgstlen != 32) { - SM2err(SM2_F_SM2_SIGN, SM2_R_INVALID_DIGEST_TYPE); - goto done; - } - e = BN_bin2bn(dgst, dgstlen, NULL); if (e == NULL) { SM2err(SM2_F_SM2_SIGN, ERR_R_BN_LIB); @@ -318,7 +313,7 @@ int sm2_sign(int type, const unsigned char *dgst, int dgstlen, return ret; } -int sm2_verify(int type, const unsigned char *dgst, int dgstlen, +int sm2_verify(const unsigned char *dgst, int dgstlen, const unsigned char *sig, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s = NULL; @@ -328,11 +323,6 @@ int sm2_verify(int type, const unsigned char *dgst, int dgstlen, int derlen = -1; int ret = -1; - if (type != NID_sm3) { - SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_DIGEST_TYPE); - goto done; - } - s = ECDSA_SIG_new(); if (s == NULL) { SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE); diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index 884cf91..2a1ec92 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -7,7 +7,7 @@ EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id, -EVP_PKEY_base_id, EVP_PKEY_set1_engine - EVP_PKEY assignment functions +EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine - EVP_PKEY assignment functions =head1 SYNOPSIS @@ -37,6 +37,7 @@ EVP_PKEY_base_id, EVP_PKEY_set1_engine - EVP_PKEY assignment functions int EVP_PKEY_id(const EVP_PKEY *pkey); int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_type(int type); + int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); @@ -78,6 +79,10 @@ must be called after the key algorithm and components are set up. If B does not include an B for B an error occurs. +EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a +different set of algorithms than the default. This is currently used +to support SM2 keys, which use an identical encoding to ECDSA. + =head1 NOTES In accordance with the OpenSSL naming convention the key obtained @@ -98,6 +103,13 @@ is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM key as part of its routine to load a private key. +=head1 EXAMPLES + +After loading an ECC key, it is possible to convert it to using SM2 +algorithms with EVP_PKEY_set_alias_type: + + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); + =head1 RETURN VALUES EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and @@ -115,6 +127,8 @@ type or B (equivalently B) on error. EVP_PKEY_set1_engine() returns 1 for success and 0 for failure. +EVP_PKEY_set_alias_type() returns 1 for success and 0 for error. + =head1 SEE ALSO L diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index fd5ce84..603efcc 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -182,6 +182,12 @@ int ERR_load_EC_strings(void); # define EC_F_PKEY_EC_KEYGEN 199 # define EC_F_PKEY_EC_PARAMGEN 219 # define EC_F_PKEY_EC_SIGN 218 +# define EC_F_PKEY_SM2_CTRL 284 +# define EC_F_PKEY_SM2_CTRL_STR 285 +# define EC_F_PKEY_SM2_INIT 287 +# define EC_F_PKEY_SM2_KEYGEN 288 +# define EC_F_PKEY_SM2_PARAMGEN 289 +# define EC_F_PKEY_SM2_SIGN 290 # define EC_F_VALIDATE_ECX_DERIVE 278 /* diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 33ff674..185cc29 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -995,6 +995,7 @@ int EVP_PKEY_security_bits(const EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); # ifndef OPENSSL_NO_ENGINE int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e); # endif diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 8ab1765..3484fa8 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -96,6 +96,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_PARAM_CHECK 189 # define EVP_F_EVP_PKEY_PUBLIC_CHECK 190 # define EVP_F_EVP_PKEY_SET1_ENGINE 187 +# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE 206 # define EVP_F_EVP_PKEY_SIGN 140 # define EVP_F_EVP_PKEY_SIGN_INIT 141 # define EVP_F_EVP_PKEY_VERIFY 142 diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 640da7c..deb8cfd 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -477,6 +477,127 @@ static int test_EVP_PKCS82PKEY(void) } #endif +#ifndef OPENSSL_NO_SM2 + +static int test_EVP_SM2(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_PKEY *params = NULL; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY_CTX *kctx = NULL; + size_t sig_len = 0; + unsigned char *sig = NULL; + EVP_MD_CTX *md_ctx = NULL; + EVP_MD_CTX *md_ctx_verify = NULL; + EVP_PKEY_CTX *cctx = NULL; + + uint8_t ciphertext[128]; + size_t ctext_len = sizeof(ciphertext); + + uint8_t plaintext[8]; + size_t ptext_len = sizeof(plaintext); + + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); + if (!TEST_ptr(pctx)) + goto done; + + if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) + goto done; + + if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) + goto done; + + if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))) + goto done; + + kctx = EVP_PKEY_CTX_new(params, NULL); + if (!TEST_ptr(kctx)) + goto done; + + if (!TEST_true(EVP_PKEY_keygen_init(kctx))) + goto done; + + if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) + goto done; + + if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) + goto done; + + if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) + goto done; + + if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) + goto done; + + if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey))) + goto done; + + if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) + goto done; + + /* Determine the size of the signature. */ + if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) + goto done; + + if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) + goto done; + + if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) + goto done; + + if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) + goto done; + + /* Ensure that the signature round-trips. */ + + if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey))) + goto done; + + if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) + goto done; + + if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) + goto done; + + /* now check encryption/decryption */ + + if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto done; + + if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) + goto done; + + if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg)))) + goto done; + + if (!TEST_true(EVP_PKEY_decrypt_init(cctx))) + goto done; + + if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len))) + goto done; + + if (!TEST_true(ptext_len == sizeof(kMsg))) + goto done; + + if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) + goto done; + + ret = 1; +done: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_CTX_free(kctx); + EVP_PKEY_CTX_free(cctx); + EVP_PKEY_free(pkey); + EVP_PKEY_free(params); + EVP_MD_CTX_free(md_ctx); + EVP_MD_CTX_free(md_ctx_verify); + OPENSSL_free(sig); + return ret; +} + +#endif + static struct keys_st { int type; char *priv; @@ -664,6 +785,9 @@ int setup_tests(void) #ifndef OPENSSL_NO_EC ADD_TEST(test_EVP_PKCS82PKEY); #endif +#ifndef OPENSSL_NO_SM2 + ADD_TEST(test_EVP_SM2); +#endif ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); if (!TEST_ptr(custom_pmeth)) diff --git a/test/evp_test.c b/test/evp_test.c index e2274d9..97239f2 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2530,6 +2530,11 @@ top: if (!TEST_ptr(key = OPENSSL_malloc(sizeof(*key)))) return 0; key->name = take_value(pp); + + /* Hack to detect SM2 keys */ + if(strstr(key->name, "SM2")) + EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); + key->key = pkey; key->next = *klist; *klist = key; diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index 6b50452..e191b6f 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -18384,6 +18384,16 @@ Ctrl = digest:SM3 Input = D7AD397F6FFA5D4F7F11E7217F241607DC30618C236D2C09C1B9EA8FDADEE2E8 Output = 3046022100AB1DB64DE7C40EDBDE6651C9B8EBDB804673DB836E5D5C7FE15DCF9ED2725037022100EBA714451FF69B0BB930B379E192E7CD5FA6E3C41C7FBD8303B799AB54A54621 +Verify = SM2_key1 +Ctrl = digest:SM3 +Input = B1139602C6ECC9E15E2F3F9C635A1AFE737058BC15387479C1EA0D0B3D90E9E5 +Output = 3045022100E6E0414EBD3A656C35602AF14AB20287DBF30D57AF75C49A188ED4B42391F22402202F54F277C606F4605E1CE9514947FFDDF94C67A539804A4ED17F852288BDBE2E + +Verify = SM2_key1 +Ctrl = digest:SHA512 +Input = 40AA1B203C9D8EE150B21C3C7CDA8261492E5420C5F2B9F7380700E094C303B48E62F319C1DA0E32EB40D113C5F1749CC61AEB499167890AB82F2CC9BB706971 +Output = 3046022100AE018933B9BA041784380069F2DDF609694DCD299FDBF23D09F4B711FBC103EC0221008440BB1A48C132DE4FB91BE9F43B958142FDD29FB9DABE01B17514023A2F638C + Decrypt = SM2_key1 Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197 Output = "The floofy bunnies hop at midnight" diff --git a/util/libcrypto.num b/util/libcrypto.num index a25f65f..f5122e2 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4567,3 +4567,4 @@ EVP_PKEY_get_raw_public_key 4518 1_1_1 EXIST::FUNCTION: EVP_PKEY_get_raw_private_key 4519 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_get_priv_key 4520 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_get_pub_key 4521 1_1_1 EXIST::FUNCTION: +EVP_PKEY_set_alias_type 4522 1_1_1 EXIST::FUNCTION: From matt at openssl.org Tue Jun 19 10:49:39 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 19 Jun 2018 10:49:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529405379.907545.32491.nullmailer@dev.openssl.org> The branch master has been updated via f667820c16a44245a4a898a568936c47a9b0ee6e (commit) from ddb634fe6f9aeea34fe036cf804903b4240d38ac (commit) - Log ----------------------------------------------------------------- commit f667820c16a44245a4a898a568936c47a9b0ee6e Author: Sohaib ul Hassan Date: Sat Jun 16 17:07:40 2018 +0300 Implement coordinate blinding for EC_POINT This commit implements coordinate blinding, i.e., it randomizes the representative of an elliptic curve point in its equivalence class, for prime curves implemented through EC_GFp_simple_method, EC_GFp_mont_method, and EC_GFp_nist_method. This commit is derived from the patch https://marc.info/?l=openssl-dev&m=131194808413635 by Billy Brumley. Coordinate blinding is a generally useful side-channel countermeasure and is (mostly) free. The function itself takes a few field multiplicationss, but is usually only necessary at the beginning of a scalar multiplication (as implemented in the patch). When used this way, it makes the values that variables take (i.e., field elements in an algorithm state) unpredictable. For instance, this mitigates chosen EC point side-channel attacks for settings such as ECDH and EC private key decryption, for the aforementioned curves. For EC_METHODs using different coordinate representations this commit does nothing, but the corresponding coordinate blinding function can be easily added in the future to extend these changes to such curves. Co-authored-by: Nicola Tuveri Co-authored-by: Billy Brumley Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6501) ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 +++++ crypto/ec/ec2_smpl.c | 4 +++- crypto/ec/ec_err.c | 2 ++ crypto/ec/ec_lcl.h | 5 +++++ crypto/ec/ec_lib.c | 18 +++++++++++++++ crypto/ec/ec_mult.c | 11 +++++++++ crypto/ec/ecp_mont.c | 4 +++- crypto/ec/ecp_nist.c | 4 +++- crypto/ec/ecp_nistp224.c | 4 +++- crypto/ec/ecp_nistp521.c | 4 +++- crypto/ec/ecp_nistz256.c | 3 ++- crypto/ec/ecp_smpl.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++- crypto/err/openssl.txt | 1 + include/openssl/ecerr.h | 1 + 14 files changed, 117 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index fe3e13a..a4beda6 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,11 @@ release branch. Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Add coordinate blinding for EC_POINT and implement projective + coordinate blinding for generic prime curves as a countermeasure to + chosen point SCA attacks. + [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley] + *) Add blinding to an ECDSA signature to protect against side channel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index b79e60b..cef6ba4 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -64,7 +64,9 @@ const EC_METHOD *EC_GF2m_simple_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + 0 /* blind_coordinates */ }; return &ret; diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 6a1be2e..342b84f 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -116,6 +116,8 @@ static const ERR_STRING_DATA EC_str_functs[] = { "ec_GFp_nist_field_sqr"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_GROUP_SET_CURVE, 0), "ec_GFp_nist_group_set_curve"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0), + "ec_GFp_simple_blind_coordinates"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0), "ec_GFp_simple_group_check_discriminant"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0), diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 5e14071..006e3b6 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -176,6 +176,7 @@ struct ec_method_st { /* Inverse modulo order */ int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, BIGNUM *x, BN_CTX *ctx); + int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); }; /* @@ -382,6 +383,8 @@ int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, + BN_CTX *ctx); /* method functions in ecp_mont.c */ int ec_GFp_mont_group_init(EC_GROUP *); @@ -635,3 +638,5 @@ void X25519_public_from_private(uint8_t out_public_value[32], int EC_GROUP_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, BIGNUM *x, BN_CTX *ctx); + +int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 30b11f7..d0393e8 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1025,3 +1025,21 @@ int EC_GROUP_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, else return 0; } + +/*- + * Coordinate blinding for EC_POINT. + * + * The underlying EC_METHOD can optionally implement this function: + * underlying implementations should return 0 on errors, or 1 on + * success. + * + * This wrapper returns 1 in case the underlying EC_METHOD does not + * support coordinate blinding. + */ +int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->blind_coordinates == NULL) + return 1; /* ignore if not implemented */ + + return group->meth->blind_coordinates(group, p, ctx); +} diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 05a3aca..b668e87 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -211,6 +211,17 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, || (bn_wexpand(r->Z, group_top) == NULL)) goto err; + /*- + * Apply coordinate blinding for EC_POINT. + * + * The underlying EC_METHOD can optionally implement this function: + * ec_point_blind_coordinates() returns 0 in case of errors or 1 on + * success or if coordinate blinding is not implemented for this + * group. + */ + if (!ec_point_blind_coordinates(group, s, ctx)) + goto err; + /* top bit is a 1, in a fixed pos */ if (!EC_POINT_copy(r, s)) goto err; diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 1a760d1..27ece3b 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -61,7 +61,9 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + ec_GFp_simple_blind_coordinates }; return &ret; diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 16c4cce..aaa73d6 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -63,7 +63,9 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + ec_GFp_simple_blind_coordinates }; return &ret; diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 364b7f2..6e7c687 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -290,7 +290,9 @@ const EC_METHOD *EC_GFp_nistp224_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + 0 /* blind_coordinates */ }; return &ret; diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 3f68ae3..43f3e2d 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1658,7 +1658,9 @@ const EC_METHOD *EC_GFp_nistp521_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + 0 /* blind_coordinates */ }; return &ret; diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index d3603fb..0292561 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1730,7 +1730,8 @@ const EC_METHOD *EC_GFp_nistz256_method(void) 0, /* keycopy */ 0, /* keyfinish */ ecdh_simple_compute_key, - ecp_nistz256_inv_mod_ord /* can be #define-d NULL */ + ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */ + 0 /* blind_coordinates */ }; return &ret; diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 35d15a6..e0e4996 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -62,7 +62,9 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + ec_GFp_simple_blind_coordinates }; return &ret; @@ -1363,3 +1365,57 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, { return BN_mod_sqr(r, a, group->field, ctx); } + +/*- + * Apply randomization of EC point projective coordinates: + * + * (X, Y ,Z ) = (lambda^2*X, lambda^3*Y, lambda*Z) + * lambda = [1,group->field) + * + */ +int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, + BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *lambda = NULL; + BIGNUM *temp = NULL; + + BN_CTX_start(ctx); + lambda = BN_CTX_get(ctx); + temp = BN_CTX_get(ctx); + if (temp == NULL) { + ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* make sure lambda is not zero */ + do { + if (!BN_priv_rand_range(lambda, group->field)) { + ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB); + goto err; + } + } while (BN_is_zero(lambda)); + + /* if field_encode defined convert between representations */ + if (group->meth->field_encode != NULL + && !group->meth->field_encode(group, lambda, lambda, ctx)) + goto err; + if (!group->meth->field_mul(group, p->Z, p->Z, lambda, ctx)) + goto err; + if (!group->meth->field_sqr(group, temp, lambda, ctx)) + goto err; + if (!group->meth->field_mul(group, p->X, p->X, temp, ctx)) + goto err; + if (!group->meth->field_mul(group, temp, temp, lambda, ctx)) + goto err; + if (!group->meth->field_mul(group, p->Y, p->Y, temp, ctx)) + goto err; + p->Z_is_one = 0; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 23671a0..e0580a8 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -550,6 +550,7 @@ EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES:235:\ EC_F_EC_GFP_NIST_FIELD_MUL:200:ec_GFp_nist_field_mul EC_F_EC_GFP_NIST_FIELD_SQR:201:ec_GFp_nist_field_sqr EC_F_EC_GFP_NIST_GROUP_SET_CURVE:202:ec_GFp_nist_group_set_curve +EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES:287:ec_GFp_simple_blind_coordinates EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT:165:\ ec_GFp_simple_group_check_discriminant EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE:166:ec_GFp_simple_group_set_curve diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index 603efcc..8db7967 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -87,6 +87,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_GFP_NIST_FIELD_MUL 200 # define EC_F_EC_GFP_NIST_FIELD_SQR 201 # define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +# define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES 287 # define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 # define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 # define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 From osslsanity at gmail.com Tue Jun 19 11:27:22 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Tue, 19 Jun 2018 11:27:22 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_noec #573 Message-ID: <1825497302.459.1529407642729.JavaMail.jenkins@ip-172-31-34-99> See Changes: [matt] Add EVP_PKEY_set_alias_type [matt] Move SM2 algos to SM2 specific PKEY method [matt] Implement coordinate blinding for EC_POINT ------------------------------------------ [...truncated 505.72 KB...] rm -f test/v3ext ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3ext test/v3ext.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/v3nametest.d.tmp -MT test/v3nametest.o -c -o test/v3nametest.o test/v3nametest.c rm -f test/v3nametest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3nametest test/v3nametest.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/verify_extra_test.d.tmp -MT test/verify_extra_test.o -c -o test/verify_extra_test.o test/verify_extra_test.c rm -f test/verify_extra_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/verify_extra_test test/verify_extra_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/versions.d.tmp -MT test/versions.o -c -o test/versions.o test/versions.c rm -f test/versions ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/versions test/versions.o \ -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/wpackettest.d.tmp -MT test/wpackettest.o -c -o test/wpackettest.o test/wpackettest.c rm -f test/wpackettest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/wpackettest test/wpackettest.o \ libssl.a test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test.o test/x509_check_cert_pkey_test.c rm -f test/x509_check_cert_pkey_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_check_cert_pkey_test test/x509_check_cert_pkey_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test.o -c -o test/x509_dup_cert_test.o test/x509_dup_cert_test.c rm -f test/x509_dup_cert_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_dup_cert_test test/x509_dup_cert_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -I. -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_internal_test.d.tmp -MT test/x509_internal_test.o -c -o test/x509_internal_test.o test/x509_internal_test.c rm -f test/x509_internal_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_internal_test test/x509_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_time_test.d.tmp -MT test/x509_time_test.o -c -o test/x509_time_test.o test/x509_time_test.c rm -f test/x509_time_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_time_test test/x509_time_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509aux.d.tmp -MT test/x509aux.o -c -o test/x509aux.o test/x509aux.c rm -f test/x509aux ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509aux test/x509aux.o \ test/libtestutil.a -lcrypto -ldl -pthread /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/CA.pl.in > "apps/CA.pl" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/tsget.in > "apps/tsget" chmod a+x apps/tsget /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" tools/c_rehash.in > "tools/c_rehash" chmod a+x tools/c_rehash /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x util/shlib_wrap.sh make[1]: Leaving directory ` + apps/openssl version -a OpenSSL 1.1.1-pre8-dev xx XXX xxxx built on: Tue Jun 19 11:22:08 2018 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib/engines-1.1" Seeding source: os-specific + make test make depend && make _tests make[1]: Entering directory ` make[1]: Leaving directory ` make[1]: Entering directory ` ( cd test; \ mkdir -p test-runs; \ SRCTOP=../. \ BLDTOP=../. \ RESULT_D=test-runs \ PERL="/usr/bin/perl" \ EXE_EXT= \ OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \ OPENSSL_DEBUG_MEMORY=on \ /usr/bin/perl .././test/run_tests.pl ) ../test/recipes/01-test_abort.t .................... ok ../test/recipes/01-test_sanity.t ................... ok ../test/recipes/01-test_symbol_presence.t .......... skipped: Only useful when building shared libraries ../test/recipes/01-test_test.t ..................... ok ../test/recipes/02-test_internal_ctype.t ........... ok ../test/recipes/02-test_lhash.t .................... ok ../test/recipes/02-test_ordinals.t ................. ok ../test/recipes/02-test_stack.t .................... ok ../test/recipes/03-test_exdata.t ................... ok ../test/recipes/03-test_internal_asn1.t ............ ok ../test/recipes/03-test_internal_chacha.t .......... ok ../test/recipes/03-test_internal_curve448.t ........ skipped: This test is unsupported in a no-ec build ../test/recipes/03-test_internal_mdc2.t ............ ok ../test/recipes/03-test_internal_modes.t ........... ok ../test/recipes/03-test_internal_poly1305.t ........ ok ../test/recipes/03-test_internal_siphash.t ......... ok ../test/recipes/03-test_internal_sm2.t ............. skipped: sm2 is not supported by this OpenSSL build ../test/recipes/03-test_internal_sm4.t ............. ok ../test/recipes/03-test_internal_ssl_cert_table.t .. ok ../test/recipes/03-test_internal_x509.t ............ ok ../test/recipes/03-test_ui.t ....................... ok ../test/recipes/04-test_asn1_encode.t .............. ok ../test/recipes/04-test_asn1_string_table.t ........ ok ../test/recipes/04-test_bio_callback.t ............. ok ../test/recipes/04-test_bioprint.t ................. ok ../test/recipes/04-test_err.t ...................... ok ../test/recipes/04-test_pem.t ...................... ok ../test/recipes/05-test_bf.t ....................... ok ../test/recipes/05-test_cast.t ..................... ok ../test/recipes/05-test_des.t ...................... ok ../test/recipes/05-test_hmac.t ..................... ok ../test/recipes/05-test_idea.t ..................... ok ../test/recipes/05-test_md2.t ...................... skipped: md2 is not supported by this OpenSSL build ../test/recipes/05-test_mdc2.t ..................... ok ../test/recipes/05-test_rand.t ..................... ok ../test/recipes/05-test_rc2.t ...................... ok ../test/recipes/05-test_rc4.t ...................... ok ../test/recipes/05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build ../test/recipes/06-test-rdrand.t ................... ok ../test/recipes/10-test_bn.t ....................... ok ../test/recipes/10-test_exp.t ...................... ok ../test/recipes/15-test_dh.t ....................... ok ../test/recipes/15-test_dsa.t ...................... ok ../test/recipes/15-test_ec.t ....................... ok ../test/recipes/15-test_ecdsa.t .................... skipped: ec is not supported by this OpenSSL build ../test/recipes/15-test_ecparam.t .................. skipped: EC isn't supported in this build ../test/recipes/15-test_genrsa.t ................... ok ../test/recipes/15-test_mp_rsa.t ................... ok ../test/recipes/15-test_out_option.t ............... ok ../test/recipes/15-test_rsa.t ...................... ok ../test/recipes/15-test_rsapss.t ................... ok ../test/recipes/20-test_enc.t ...................... ok ../test/recipes/20-test_enc_more.t ................. ok ../test/recipes/20-test_passwd.t ................... ok ../test/recipes/25-test_crl.t ...................... ok ../test/recipes/25-test_d2i.t ...................... ok ../test/recipes/25-test_pkcs7.t .................... ok ../test/recipes/25-test_req.t ...................... ok ../test/recipes/25-test_sid.t ...................... skipped: test_sid needs EC to run ../test/recipes/25-test_verify.t ................... ok ../test/recipes/25-test_x509.t ..................... ok ../test/recipes/30-test_afalg.t .................... skipped: test_afalg not supported for this build ../test/recipes/30-test_engine.t ................... ok ../test/recipes/30-test_evp.t ...................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/7 subtests ../test/recipes/30-test_evp_extra.t ................ ok ../test/recipes/30-test_pbelu.t .................... ok ../test/recipes/30-test_pkey_meth.t ................ ok ../test/recipes/30-test_pkey_meth_kdf.t ............ ok ../test/recipes/40-test_rehash.t ................... ok ../test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../test/recipes/60-test_x509_dup_cert.t ............ ok ../test/recipes/60-test_x509_store.t ............... ok ../test/recipes/60-test_x509_time.t ................ ok ../test/recipes/70-test_asyncio.t .................. ok ../test/recipes/70-test_bad_dtls.t ................. ok ../test/recipes/70-test_clienthello.t .............. ok ../test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../test/recipes/70-test_packet.t ................... ok ../test/recipes/70-test_recordlen.t ................ ok ../test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../test/recipes/70-test_servername.t ............... ok ../test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../test/recipes/70-test_verify_extra.t ............. ok ../test/recipes/70-test_wpacket.t .................. ok ../test/recipes/80-test_ca.t ....................... ok ../test/recipes/80-test_cipherbytes.t .............. ok ../test/recipes/80-test_cipherlist.t ............... ok ../test/recipes/80-test_ciphername.t ............... ok ../test/recipes/80-test_cms.t ...................... ok ../test/recipes/80-test_cmsapi.t ................... ok ../test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/80-test_dtls.t ..................... ok ../test/recipes/80-test_dtls_mtu.t ................. ok ../test/recipes/80-test_dtlsv1listen.t ............. ok ../test/recipes/80-test_ocsp.t ..................... ok ../test/recipes/80-test_pkcs12.t ................... ok ../test/recipes/80-test_ssl_new.t .................. ok ../test/recipes/80-test_ssl_old.t .................. ok ../test/recipes/80-test_ssl_test_ctx.t ............. ok ../test/recipes/80-test_sslcorrupt.t ............... ok ../test/recipes/80-test_tsa.t ...................... ok ../test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/90-test_asn1_time.t ................ ok ../test/recipes/90-test_async.t .................... ok ../test/recipes/90-test_bio_enc.t .................. ok ../test/recipes/90-test_constant_time.t ............ ok ../test/recipes/90-test_fatalerr.t ................. ok ../test/recipes/90-test_gmdiff.t ................... ok ../test/recipes/90-test_ige.t ...................... ok ../test/recipes/90-test_includes.t ................. ok ../test/recipes/90-test_memleak.t .................. ok ../test/recipes/90-test_overhead.t ................. ok ../test/recipes/90-test_secmem.t ................... ok ../test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../test/recipes/90-test_srp.t ...................... ok ../test/recipes/90-test_sslapi.t ................... ok ../test/recipes/90-test_sslbuffers.t ............... ok ../test/recipes/90-test_store.t .................... ok ../test/recipes/90-test_sysdefault.t ............... ok ../test/recipes/90-test_threads.t .................. ok ../test/recipes/90-test_time_offset.t .............. ok ../test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../test/recipes/90-test_v3name.t ................... ok ../test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../test/recipes/99-test_ecstress.t ................. ok ../test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../test/recipes/30-test_evp.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=149, Tests=1016, 106 wallclock secs ( 0.44 usr 0.08 sys + 39.22 cusr 9.00 csys = 48.74 CPU) Result: FAIL make[1]: *** [_tests] Error 1 make[1]: Leaving directory ` make: *** [tests] Error 2 Build step 'Execute shell' marked build as failure From matthias.st.pierre at ncp-e.com Tue Jun 19 15:08:42 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 19 Jun 2018 15:08:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529420922.883359.9152.nullmailer@dev.openssl.org> The branch master has been updated via b26befb541f8bc7d4f4e0beead50248b16949932 (commit) from f667820c16a44245a4a898a568936c47a9b0ee6e (commit) - Log ----------------------------------------------------------------- commit b26befb541f8bc7d4f4e0beead50248b16949932 Author: Nicola Tuveri Date: Mon Jun 18 19:13:36 2018 +0300 Fix & update documentation about RAND_priv_bytes() Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx Reviewed-by: Ben Kaduk Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6514) ----------------------------------------------------------------------- Summary of changes: doc/man3/BN_rand.pod | 45 +++++++++++++++++++++++++++++++++++++-------- doc/man3/RAND_bytes.pod | 32 ++++++++++++++++++++++++++------ doc/man7/RAND.pod | 21 ++++++++++++--------- 3 files changed, 75 insertions(+), 23 deletions(-) diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index 099dda4..eb0a6b1 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -2,7 +2,9 @@ =head1 NAME -BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-random number +BN_rand, BN_priv_rand, BN_pseudo_rand, +BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range +- generate pseudo-random number =head1 SYNOPSIS @@ -10,10 +12,14 @@ BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-r int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_rand_range(BIGNUM *rnd, BIGNUM *range); + int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); + int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); =head1 DESCRIPTION @@ -37,7 +43,16 @@ If B is 1 then B cannot also be B. BN_rand_range() generates a cryptographically strong pseudo-random number B in the range 0 E= B E B. -The PRNG must be seeded prior to calling BN_rand() or BN_rand_range(). +BN_priv_rand() and BN_priv_rand_range() have the same semantics as +BN_rand() and BN_rand_range() respectively. They are intended to be +used for generating values that should remain private, and mirror the +same difference between L and L. + +=head1 NOTES + +Always check the error return value of these functions and do not take +randomness for granted: an error occurs if the CSPRNG has not been +seeded with enough randomness to ensure an unpredictable byte sequence. =head1 RETURN VALUES @@ -46,20 +61,34 @@ The error codes can be obtained by L. =head1 HISTORY -Starting with OpenSSL release 1.1.0, -BN_pseudo_rand() has been identical to BN_rand() -and -BN_pseudo_rand_range() has been identical to BN_rand_range(). +=over 2 + +=item * + +Starting with OpenSSL release 1.1.0, BN_pseudo_rand() has been identical +to BN_rand() and BN_pseudo_rand_range() has been identical to +BN_rand_range(). The "pseudo" functions should not be used and may be deprecated in a future release. +=item * + +BN_priv_rand() and BN_priv_rand_range() were added in OpenSSL 1.1.1. + +=back + =head1 SEE ALSO -L, L, L +L, +L, +L, +L, +L, +L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index 284b9db..fca1ad6 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -20,13 +20,21 @@ Deprecated: =head1 DESCRIPTION RAND_bytes() puts B cryptographically strong pseudo-random bytes -into B. An error occurs if the CSPRNG has not been seeded with -enough randomness to ensure an unpredictable byte sequence. +into B. RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to -be used for generating long-term private keys. If using the default -RAND_METHOD, this function uses a separate instance of the PRNG so that -a compromise of the global generator will not affect such key generation. +be used for generating values that should remain private. If using the +default RAND_METHOD, this function uses a separate "private" PRNG +instance so that a compromise of the "public" PRNG instance will not +affect the secrecy of these private values, as described in L +and L. + +=head1 NOTES + +Always check the error return value of RAND_bytes() and +RAND_priv_bytes() and do not take randomness for granted: an error occurs +if the CSPRNG has not been seeded with enough randomness to ensure an +unpredictable byte sequence. =head1 RETURN VALUES @@ -37,14 +45,26 @@ obtained by L. =head1 HISTORY +=over 2 + +=item * + RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0; use RAND_bytes() instead. +=item * + +RAND_priv_bytes() was added in OpenSSL 1.1.1. + +=back + =head1 SEE ALSO L, L, +L, L, -L +L, +L =head1 COPYRIGHT diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod index 578018f..971b3cd 100644 --- a/doc/man7/RAND.pod +++ b/doc/man7/RAND.pod @@ -24,16 +24,19 @@ to be initialized ('seeded') explicitly. It seeds and reseeds itself automatically using trusted random sources provided by the operating system. -As a normal application developer, you don't have to worry about any details, +As a normal application developer, you do not have to worry about any details, just use L to obtain random data. Having said that, there is one important rule to obey: Always check the error -return value of L and don't take randomness for granted. +return value of L and do not take randomness for granted. -For long-term secrets, you can use L instead. +For values that should remain secret, you can use L +instead. This method does not provide 'better' randomness, it uses the same type of CSPRNG. -The intention behind using a dedicated CSPRNG exclusively for long-term secrets is -that none of its output should be visible to an attacker (e.g used as salt value), -in order to reveal as little information as possible about its internal state. +The intention behind using a dedicated CSPRNG exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the "public" +CSPRNG instance will not affect the secrecy of these private values. In the rare case where the default implementation does not satisfy your special requirements, there are two options: @@ -61,10 +64,10 @@ of cryptographic principles and understand the implications of your changes. L, L, L, -L -L +L, +L, L, -L, +L =head1 COPYRIGHT From matthias.st.pierre at ncp-e.com Tue Jun 19 15:14:32 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Tue, 19 Jun 2018 15:14:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529421272.868650.11125.nullmailer@dev.openssl.org> The branch master has been updated via c4fad5d348a5f57c4c08e63c444702c310ec891a (commit) from b26befb541f8bc7d4f4e0beead50248b16949932 (commit) - Log ----------------------------------------------------------------- commit c4fad5d348a5f57c4c08e63c444702c310ec891a Author: Dr. Matthias St. Pierre Date: Mon Jun 18 22:09:20 2018 +0200 Improve the output of `make doc-nits` - Print positive feedback in the case when 'make doc-nits' finds no errors. - Other than before, keep the 'doc-nits' output file only in case of errors and remove it if it is empty. - Declare 'doc-nits' as a phony make target to facilitate rerunning 'make doc-nits' without having to remove the output file first. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6517) ----------------------------------------------------------------------- Summary of changes: Configurations/unix-Makefile.tmpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 10deec6..42da98d 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -708,9 +708,11 @@ update: generate errors ordinals generate: generate_apps generate_crypto_bn generate_crypto_objects \ generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids +.PHONY: doc-nits doc-nits: (cd $(SRCDIR); $(PERL) util/find-doc-nits -n -p ) >doc-nits - if [ -s doc-nits ] ; then cat doc-nits; rm doc-nits ; exit 1; fi + @if [ -s doc-nits ] ; then cat doc-nits ; exit 1; \ + else echo 'doc-nits: no errors.'; rm doc-nits ; fi # Test coverage is a good idea for the future #coverage: $(PROGRAMS) $(TESTPROGRAMS) From osslsanity at gmail.com Tue Jun 19 15:27:31 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Tue, 19 Jun 2018 15:27:31 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_noec #574 In-Reply-To: <1825497302.459.1529407642729.JavaMail.jenkins@ip-172-31-34-99> References: <1825497302.459.1529407642729.JavaMail.jenkins@ip-172-31-34-99> Message-ID: <2047571367.460.1529422051316.JavaMail.jenkins@ip-172-31-34-99> See Changes: [Matthias.St.Pierre] Fix & update documentation about RAND_priv_bytes() [Matthias.St.Pierre] Improve the output of `make doc-nits` ------------------------------------------ [...truncated 505.72 KB...] rm -f test/v3ext ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3ext test/v3ext.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/v3nametest.d.tmp -MT test/v3nametest.o -c -o test/v3nametest.o test/v3nametest.c rm -f test/v3nametest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3nametest test/v3nametest.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/verify_extra_test.d.tmp -MT test/verify_extra_test.o -c -o test/verify_extra_test.o test/verify_extra_test.c rm -f test/verify_extra_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/verify_extra_test test/verify_extra_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/versions.d.tmp -MT test/versions.o -c -o test/versions.o test/versions.c rm -f test/versions ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/versions test/versions.o \ -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/wpackettest.d.tmp -MT test/wpackettest.o -c -o test/wpackettest.o test/wpackettest.c rm -f test/wpackettest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/wpackettest test/wpackettest.o \ libssl.a test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test.o test/x509_check_cert_pkey_test.c rm -f test/x509_check_cert_pkey_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_check_cert_pkey_test test/x509_check_cert_pkey_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test.o -c -o test/x509_dup_cert_test.o test/x509_dup_cert_test.c rm -f test/x509_dup_cert_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_dup_cert_test test/x509_dup_cert_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -I. -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_internal_test.d.tmp -MT test/x509_internal_test.o -c -o test/x509_internal_test.o test/x509_internal_test.c rm -f test/x509_internal_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_internal_test test/x509_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_time_test.d.tmp -MT test/x509_time_test.o -c -o test/x509_time_test.o test/x509_time_test.c rm -f test/x509_time_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_time_test test/x509_time_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509aux.d.tmp -MT test/x509aux.o -c -o test/x509aux.o test/x509aux.c rm -f test/x509aux ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509aux test/x509aux.o \ test/libtestutil.a -lcrypto -ldl -pthread /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/CA.pl.in > "apps/CA.pl" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/tsget.in > "apps/tsget" chmod a+x apps/tsget /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" tools/c_rehash.in > "tools/c_rehash" chmod a+x tools/c_rehash /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x util/shlib_wrap.sh make[1]: Leaving directory ` + apps/openssl version -a OpenSSL 1.1.1-pre8-dev xx XXX xxxx built on: Tue Jun 19 15:22:11 2018 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib/engines-1.1" Seeding source: os-specific + make test make depend && make _tests make[1]: Entering directory ` make[1]: Leaving directory ` make[1]: Entering directory ` ( cd test; \ mkdir -p test-runs; \ SRCTOP=../. \ BLDTOP=../. \ RESULT_D=test-runs \ PERL="/usr/bin/perl" \ EXE_EXT= \ OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \ OPENSSL_DEBUG_MEMORY=on \ /usr/bin/perl .././test/run_tests.pl ) ../test/recipes/01-test_abort.t .................... ok ../test/recipes/01-test_sanity.t ................... ok ../test/recipes/01-test_symbol_presence.t .......... skipped: Only useful when building shared libraries ../test/recipes/01-test_test.t ..................... ok ../test/recipes/02-test_internal_ctype.t ........... ok ../test/recipes/02-test_lhash.t .................... ok ../test/recipes/02-test_ordinals.t ................. ok ../test/recipes/02-test_stack.t .................... ok ../test/recipes/03-test_exdata.t ................... ok ../test/recipes/03-test_internal_asn1.t ............ ok ../test/recipes/03-test_internal_chacha.t .......... ok ../test/recipes/03-test_internal_curve448.t ........ skipped: This test is unsupported in a no-ec build ../test/recipes/03-test_internal_mdc2.t ............ ok ../test/recipes/03-test_internal_modes.t ........... ok ../test/recipes/03-test_internal_poly1305.t ........ ok ../test/recipes/03-test_internal_siphash.t ......... ok ../test/recipes/03-test_internal_sm2.t ............. skipped: sm2 is not supported by this OpenSSL build ../test/recipes/03-test_internal_sm4.t ............. ok ../test/recipes/03-test_internal_ssl_cert_table.t .. ok ../test/recipes/03-test_internal_x509.t ............ ok ../test/recipes/03-test_ui.t ....................... ok ../test/recipes/04-test_asn1_encode.t .............. ok ../test/recipes/04-test_asn1_string_table.t ........ ok ../test/recipes/04-test_bio_callback.t ............. ok ../test/recipes/04-test_bioprint.t ................. ok ../test/recipes/04-test_err.t ...................... ok ../test/recipes/04-test_pem.t ...................... ok ../test/recipes/05-test_bf.t ....................... ok ../test/recipes/05-test_cast.t ..................... ok ../test/recipes/05-test_des.t ...................... ok ../test/recipes/05-test_hmac.t ..................... ok ../test/recipes/05-test_idea.t ..................... ok ../test/recipes/05-test_md2.t ...................... skipped: md2 is not supported by this OpenSSL build ../test/recipes/05-test_mdc2.t ..................... ok ../test/recipes/05-test_rand.t ..................... ok ../test/recipes/05-test_rc2.t ...................... ok ../test/recipes/05-test_rc4.t ...................... ok ../test/recipes/05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build ../test/recipes/06-test-rdrand.t ................... ok ../test/recipes/10-test_bn.t ....................... ok ../test/recipes/10-test_exp.t ...................... ok ../test/recipes/15-test_dh.t ....................... ok ../test/recipes/15-test_dsa.t ...................... ok ../test/recipes/15-test_ec.t ....................... ok ../test/recipes/15-test_ecdsa.t .................... skipped: ec is not supported by this OpenSSL build ../test/recipes/15-test_ecparam.t .................. skipped: EC isn't supported in this build ../test/recipes/15-test_genrsa.t ................... ok ../test/recipes/15-test_mp_rsa.t ................... ok ../test/recipes/15-test_out_option.t ............... ok ../test/recipes/15-test_rsa.t ...................... ok ../test/recipes/15-test_rsapss.t ................... ok ../test/recipes/20-test_enc.t ...................... ok ../test/recipes/20-test_enc_more.t ................. ok ../test/recipes/20-test_passwd.t ................... ok ../test/recipes/25-test_crl.t ...................... ok ../test/recipes/25-test_d2i.t ...................... ok ../test/recipes/25-test_pkcs7.t .................... ok ../test/recipes/25-test_req.t ...................... ok ../test/recipes/25-test_sid.t ...................... skipped: test_sid needs EC to run ../test/recipes/25-test_verify.t ................... ok ../test/recipes/25-test_x509.t ..................... ok ../test/recipes/30-test_afalg.t .................... skipped: test_afalg not supported for this build ../test/recipes/30-test_engine.t ................... ok ../test/recipes/30-test_evp.t ...................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/7 subtests ../test/recipes/30-test_evp_extra.t ................ ok ../test/recipes/30-test_pbelu.t .................... ok ../test/recipes/30-test_pkey_meth.t ................ ok ../test/recipes/30-test_pkey_meth_kdf.t ............ ok ../test/recipes/40-test_rehash.t ................... ok ../test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../test/recipes/60-test_x509_dup_cert.t ............ ok ../test/recipes/60-test_x509_store.t ............... ok ../test/recipes/60-test_x509_time.t ................ ok ../test/recipes/70-test_asyncio.t .................. ok ../test/recipes/70-test_bad_dtls.t ................. ok ../test/recipes/70-test_clienthello.t .............. ok ../test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../test/recipes/70-test_packet.t ................... ok ../test/recipes/70-test_recordlen.t ................ ok ../test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../test/recipes/70-test_servername.t ............... ok ../test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../test/recipes/70-test_verify_extra.t ............. ok ../test/recipes/70-test_wpacket.t .................. ok ../test/recipes/80-test_ca.t ....................... ok ../test/recipes/80-test_cipherbytes.t .............. ok ../test/recipes/80-test_cipherlist.t ............... ok ../test/recipes/80-test_ciphername.t ............... ok ../test/recipes/80-test_cms.t ...................... ok ../test/recipes/80-test_cmsapi.t ................... ok ../test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/80-test_dtls.t ..................... ok ../test/recipes/80-test_dtls_mtu.t ................. ok ../test/recipes/80-test_dtlsv1listen.t ............. ok ../test/recipes/80-test_ocsp.t ..................... ok ../test/recipes/80-test_pkcs12.t ................... ok ../test/recipes/80-test_ssl_new.t .................. ok ../test/recipes/80-test_ssl_old.t .................. ok ../test/recipes/80-test_ssl_test_ctx.t ............. ok ../test/recipes/80-test_sslcorrupt.t ............... ok ../test/recipes/80-test_tsa.t ...................... ok ../test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/90-test_asn1_time.t ................ ok ../test/recipes/90-test_async.t .................... ok ../test/recipes/90-test_bio_enc.t .................. ok ../test/recipes/90-test_constant_time.t ............ ok ../test/recipes/90-test_fatalerr.t ................. ok ../test/recipes/90-test_gmdiff.t ................... ok ../test/recipes/90-test_ige.t ...................... ok ../test/recipes/90-test_includes.t ................. ok ../test/recipes/90-test_memleak.t .................. ok ../test/recipes/90-test_overhead.t ................. ok ../test/recipes/90-test_secmem.t ................... ok ../test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../test/recipes/90-test_srp.t ...................... ok ../test/recipes/90-test_sslapi.t ................... ok ../test/recipes/90-test_sslbuffers.t ............... ok ../test/recipes/90-test_store.t .................... ok ../test/recipes/90-test_sysdefault.t ............... ok ../test/recipes/90-test_threads.t .................. ok ../test/recipes/90-test_time_offset.t .............. ok ../test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../test/recipes/90-test_v3name.t ................... ok ../test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../test/recipes/99-test_ecstress.t ................. ok ../test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../test/recipes/30-test_evp.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=149, Tests=1016, 111 wallclock secs ( 0.43 usr 0.11 sys + 40.62 cusr 8.81 csys = 49.97 CPU) Result: FAIL make[1]: *** [_tests] Error 1 make[1]: Leaving directory ` make: *** [tests] Error 2 Build step 'Execute shell' marked build as failure From matt at openssl.org Tue Jun 19 17:21:51 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 19 Jun 2018 17:21:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529428911.522138.29577.nullmailer@dev.openssl.org> The branch master has been updated via fee33643a8aa64a8eb72ac92fd3a04d3aa7005d3 (commit) from c4fad5d348a5f57c4c08e63c444702c310ec891a (commit) - Log ----------------------------------------------------------------- commit fee33643a8aa64a8eb72ac92fd3a04d3aa7005d3 Author: Matt Caswell Date: Mon Jun 18 12:06:52 2018 +0100 Fix enable-ssl3 enable-ssl3-method Commit 4aa5a5669 accidentally missed off the catch all case of ignoring all warning alerts that are otherwise unhandled. This breaks the SSLv3 tests which send a "no certificate" warning alert. Fixes #6496 [extended tests] Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/6509) ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_s3.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 75b506b..8d5b53f 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1573,6 +1573,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION); return -1; + } else if (alert_level == SSL3_AL_WARNING) { + /* We ignore any other warning alert in TLSv1.2 and below */ + goto start; } SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES, From openssl at openssl.org Tue Jun 19 22:40:02 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 19 Jun 2018 22:40:02 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1529448002.748944.14927.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: fee3364 Fix enable-ssl3 enable-ssl3-method c4fad5d Improve the output of `make doc-nits` b26befb Fix & update documentation about RAND_priv_bytes() f667820 Implement coordinate blinding for EC_POINT ddb634f Move SM2 algos to SM2 specific PKEY method 2f2e6b6 Add EVP_PKEY_set_alias_type a9091c1 Convert our own check of OPENSSL_NO_DEPRECATED 973abf5 Configure option 'no-deprecated' means '-DOPENSSL_API_COMPAT=0x10100000L' Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_engine.t ................... ok ../../openssl/test/recipes/30-test_evp.t ...................... ok ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/03-test_internal_sm2.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1161, 524 wallclock secs ( 1.00 usr 0.29 sys + 446.06 cusr 54.28 csys = 501.63 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jun 20 01:14:47 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 20 Jun 2018 01:14:47 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1529457287.273842.24465.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: fee3364 Fix enable-ssl3 enable-ssl3-method c4fad5d Improve the output of `make doc-nits` b26befb Fix & update documentation about RAND_priv_bytes() f667820 Implement coordinate blinding for EC_POINT ddb634f Move SM2 algos to SM2 specific PKEY method 2f2e6b6 Add EVP_PKEY_set_alias_type a9091c1 Convert our own check of OPENSSL_NO_DEPRECATED 973abf5 Configure option 'no-deprecated' means '-DOPENSSL_API_COMPAT=0x10100000L' Build log ended with (last 100 lines): Dubious, test returned 1 (wstat 256, 0x100) Failed 1/7 subtests ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../../openssl/test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/30-test_evp.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=149, Tests=1131, 137 wallclock secs ( 1.87 usr 0.30 sys + 110.46 cusr 8.76 csys = 121.39 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ec' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From osslsanity at gmail.com Wed Jun 20 09:27:14 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Wed, 20 Jun 2018 09:27:14 +0000 (UTC) Subject: [openssl-commits] Build failed in Jenkins: master_noec #575 In-Reply-To: <2047571367.460.1529422051316.JavaMail.jenkins@ip-172-31-34-99> References: <2047571367.460.1529422051316.JavaMail.jenkins@ip-172-31-34-99> Message-ID: <230937724.461.1529486834527.JavaMail.jenkins@ip-172-31-34-99> See Changes: [matt] Fix enable-ssl3 enable-ssl3-method ------------------------------------------ [...truncated 505.72 KB...] rm -f test/v3ext ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3ext test/v3ext.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/v3nametest.d.tmp -MT test/v3nametest.o -c -o test/v3nametest.o test/v3nametest.c rm -f test/v3nametest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3nametest test/v3nametest.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/verify_extra_test.d.tmp -MT test/verify_extra_test.o -c -o test/verify_extra_test.o test/verify_extra_test.c rm -f test/verify_extra_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/verify_extra_test test/verify_extra_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/versions.d.tmp -MT test/versions.o -c -o test/versions.o test/versions.c rm -f test/versions ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/versions test/versions.o \ -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/wpackettest.d.tmp -MT test/wpackettest.o -c -o test/wpackettest.o test/wpackettest.c rm -f test/wpackettest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/wpackettest test/wpackettest.o \ libssl.a test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test.o test/x509_check_cert_pkey_test.c rm -f test/x509_check_cert_pkey_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_check_cert_pkey_test test/x509_check_cert_pkey_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test.o -c -o test/x509_dup_cert_test.o test/x509_dup_cert_test.c rm -f test/x509_dup_cert_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_dup_cert_test test/x509_dup_cert_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -I. -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_internal_test.d.tmp -MT test/x509_internal_test.o -c -o test/x509_internal_test.o test/x509_internal_test.c rm -f test/x509_internal_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_internal_test test/x509_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_time_test.d.tmp -MT test/x509_time_test.o -c -o test/x509_time_test.o test/x509_time_test.c rm -f test/x509_time_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_time_test test/x509_time_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509aux.d.tmp -MT test/x509aux.o -c -o test/x509aux.o test/x509aux.c rm -f test/x509aux ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509aux test/x509aux.o \ test/libtestutil.a -lcrypto -ldl -pthread /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/CA.pl.in > "apps/CA.pl" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/tsget.in > "apps/tsget" chmod a+x apps/tsget /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" tools/c_rehash.in > "tools/c_rehash" chmod a+x tools/c_rehash /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x util/shlib_wrap.sh make[1]: Leaving directory ` + apps/openssl version -a OpenSSL 1.1.1-pre8-dev xx XXX xxxx built on: Wed Jun 20 09:21:55 2018 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib/engines-1.1" Seeding source: os-specific + make test make depend && make _tests make[1]: Entering directory ` make[1]: Leaving directory ` make[1]: Entering directory ` ( cd test; \ mkdir -p test-runs; \ SRCTOP=../. \ BLDTOP=../. \ RESULT_D=test-runs \ PERL="/usr/bin/perl" \ EXE_EXT= \ OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \ OPENSSL_DEBUG_MEMORY=on \ /usr/bin/perl .././test/run_tests.pl ) ../test/recipes/01-test_abort.t .................... ok ../test/recipes/01-test_sanity.t ................... ok ../test/recipes/01-test_symbol_presence.t .......... skipped: Only useful when building shared libraries ../test/recipes/01-test_test.t ..................... ok ../test/recipes/02-test_internal_ctype.t ........... ok ../test/recipes/02-test_lhash.t .................... ok ../test/recipes/02-test_ordinals.t ................. ok ../test/recipes/02-test_stack.t .................... ok ../test/recipes/03-test_exdata.t ................... ok ../test/recipes/03-test_internal_asn1.t ............ ok ../test/recipes/03-test_internal_chacha.t .......... ok ../test/recipes/03-test_internal_curve448.t ........ skipped: This test is unsupported in a no-ec build ../test/recipes/03-test_internal_mdc2.t ............ ok ../test/recipes/03-test_internal_modes.t ........... ok ../test/recipes/03-test_internal_poly1305.t ........ ok ../test/recipes/03-test_internal_siphash.t ......... ok ../test/recipes/03-test_internal_sm2.t ............. skipped: sm2 is not supported by this OpenSSL build ../test/recipes/03-test_internal_sm4.t ............. ok ../test/recipes/03-test_internal_ssl_cert_table.t .. ok ../test/recipes/03-test_internal_x509.t ............ ok ../test/recipes/03-test_ui.t ....................... ok ../test/recipes/04-test_asn1_encode.t .............. ok ../test/recipes/04-test_asn1_string_table.t ........ ok ../test/recipes/04-test_bio_callback.t ............. ok ../test/recipes/04-test_bioprint.t ................. ok ../test/recipes/04-test_err.t ...................... ok ../test/recipes/04-test_pem.t ...................... ok ../test/recipes/05-test_bf.t ....................... ok ../test/recipes/05-test_cast.t ..................... ok ../test/recipes/05-test_des.t ...................... ok ../test/recipes/05-test_hmac.t ..................... ok ../test/recipes/05-test_idea.t ..................... ok ../test/recipes/05-test_md2.t ...................... skipped: md2 is not supported by this OpenSSL build ../test/recipes/05-test_mdc2.t ..................... ok ../test/recipes/05-test_rand.t ..................... ok ../test/recipes/05-test_rc2.t ...................... ok ../test/recipes/05-test_rc4.t ...................... ok ../test/recipes/05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build ../test/recipes/06-test-rdrand.t ................... ok ../test/recipes/10-test_bn.t ....................... ok ../test/recipes/10-test_exp.t ...................... ok ../test/recipes/15-test_dh.t ....................... ok ../test/recipes/15-test_dsa.t ...................... ok ../test/recipes/15-test_ec.t ....................... ok ../test/recipes/15-test_ecdsa.t .................... skipped: ec is not supported by this OpenSSL build ../test/recipes/15-test_ecparam.t .................. skipped: EC isn't supported in this build ../test/recipes/15-test_genrsa.t ................... ok ../test/recipes/15-test_mp_rsa.t ................... ok ../test/recipes/15-test_out_option.t ............... ok ../test/recipes/15-test_rsa.t ...................... ok ../test/recipes/15-test_rsapss.t ................... ok ../test/recipes/20-test_enc.t ...................... ok ../test/recipes/20-test_enc_more.t ................. ok ../test/recipes/20-test_passwd.t ................... ok ../test/recipes/25-test_crl.t ...................... ok ../test/recipes/25-test_d2i.t ...................... ok ../test/recipes/25-test_pkcs7.t .................... ok ../test/recipes/25-test_req.t ...................... ok ../test/recipes/25-test_sid.t ...................... skipped: test_sid needs EC to run ../test/recipes/25-test_verify.t ................... ok ../test/recipes/25-test_x509.t ..................... ok ../test/recipes/30-test_afalg.t .................... skipped: test_afalg not supported for this build ../test/recipes/30-test_engine.t ................... ok ../test/recipes/30-test_evp.t ...................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/7 subtests ../test/recipes/30-test_evp_extra.t ................ ok ../test/recipes/30-test_pbelu.t .................... ok ../test/recipes/30-test_pkey_meth.t ................ ok ../test/recipes/30-test_pkey_meth_kdf.t ............ ok ../test/recipes/40-test_rehash.t ................... ok ../test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../test/recipes/60-test_x509_dup_cert.t ............ ok ../test/recipes/60-test_x509_store.t ............... ok ../test/recipes/60-test_x509_time.t ................ ok ../test/recipes/70-test_asyncio.t .................. ok ../test/recipes/70-test_bad_dtls.t ................. ok ../test/recipes/70-test_clienthello.t .............. ok ../test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../test/recipes/70-test_packet.t ................... ok ../test/recipes/70-test_recordlen.t ................ ok ../test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../test/recipes/70-test_servername.t ............... ok ../test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../test/recipes/70-test_verify_extra.t ............. ok ../test/recipes/70-test_wpacket.t .................. ok ../test/recipes/80-test_ca.t ....................... ok ../test/recipes/80-test_cipherbytes.t .............. ok ../test/recipes/80-test_cipherlist.t ............... ok ../test/recipes/80-test_ciphername.t ............... ok ../test/recipes/80-test_cms.t ...................... ok ../test/recipes/80-test_cmsapi.t ................... ok ../test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/80-test_dtls.t ..................... ok ../test/recipes/80-test_dtls_mtu.t ................. ok ../test/recipes/80-test_dtlsv1listen.t ............. ok ../test/recipes/80-test_ocsp.t ..................... ok ../test/recipes/80-test_pkcs12.t ................... ok ../test/recipes/80-test_ssl_new.t .................. ok ../test/recipes/80-test_ssl_old.t .................. ok ../test/recipes/80-test_ssl_test_ctx.t ............. ok ../test/recipes/80-test_sslcorrupt.t ............... ok ../test/recipes/80-test_tsa.t ...................... ok ../test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/90-test_asn1_time.t ................ ok ../test/recipes/90-test_async.t .................... ok ../test/recipes/90-test_bio_enc.t .................. ok ../test/recipes/90-test_constant_time.t ............ ok ../test/recipes/90-test_fatalerr.t ................. ok ../test/recipes/90-test_gmdiff.t ................... ok ../test/recipes/90-test_ige.t ...................... ok ../test/recipes/90-test_includes.t ................. ok ../test/recipes/90-test_memleak.t .................. ok ../test/recipes/90-test_overhead.t ................. ok ../test/recipes/90-test_secmem.t ................... ok ../test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../test/recipes/90-test_srp.t ...................... ok ../test/recipes/90-test_sslapi.t ................... ok ../test/recipes/90-test_sslbuffers.t ............... ok ../test/recipes/90-test_store.t .................... ok ../test/recipes/90-test_sysdefault.t ............... ok ../test/recipes/90-test_threads.t .................. ok ../test/recipes/90-test_time_offset.t .............. ok ../test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../test/recipes/90-test_v3name.t ................... ok ../test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../test/recipes/99-test_ecstress.t ................. ok ../test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../test/recipes/30-test_evp.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=149, Tests=1016, 110 wallclock secs ( 0.45 usr 0.07 sys + 41.51 cusr 8.79 csys = 50.82 CPU) Result: FAIL make[1]: *** [_tests] Error 1 make[1]: Leaving directory ` make: *** [tests] Error 2 Build step 'Execute shell' marked build as failure From matt at openssl.org Wed Jun 20 13:27:59 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Jun 2018 13:27:59 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529501279.663577.8204.nullmailer@dev.openssl.org> The branch master has been updated via f73164ca1e3d221a580b3ea6298432c180075f26 (commit) from fee33643a8aa64a8eb72ac92fd3a04d3aa7005d3 (commit) - Log ----------------------------------------------------------------- commit f73164ca1e3d221a580b3ea6298432c180075f26 Author: Bernd Edlinger Date: Tue Jun 19 20:08:59 2018 +0200 Fix test sm2 test failure with ec blinding [extended tests] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6529) ----------------------------------------------------------------------- Summary of changes: test/sm2_internal_test.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index 4ae7303..d4ec01e 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -28,6 +28,7 @@ static const RAND_METHOD *saved_rand; static uint8_t *fake_rand_bytes = NULL; static size_t fake_rand_bytes_offset = 0; +static size_t fake_rand_size = 0; static int get_faked_bytes(unsigned char *buf, int num) { @@ -36,6 +37,9 @@ static int get_faked_bytes(unsigned char *buf, int num) if (fake_rand_bytes == NULL) return saved_rand->bytes(buf, num); + if (!TEST_size_t_le(fake_rand_bytes_offset + num, fake_rand_size)) + return 0; + for (i = 0; i != num; ++i) buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i]; fake_rand_bytes_offset += num; @@ -54,6 +58,7 @@ static int start_fake_rand(const char *hex_bytes) fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL); fake_rand_bytes_offset = 0; + fake_rand_size = strlen(hex_bytes) / 2; /* set new RAND_METHOD */ if (!TEST_true(RAND_set_rand_method(&fake_rand))) @@ -170,7 +175,8 @@ static int test_sm2_crypt(const EC_GROUP *group, start_fake_rand(k_hex); if (!TEST_true(sm2_encrypt(key, digest, (const uint8_t *)message, msg_len, - ctext, &ctext_len))) { + ctext, &ctext_len)) + || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) { restore_rand(); goto done; } @@ -222,7 +228,9 @@ static int sm2_crypt_test(void) EVP_sm3(), "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0", "encryption standard", - "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F", + "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F" + "0092e8ff62146873c258557548500ab2df2a365e0609ab67640a1f6d57d7b17820" + "008349312695a3e1d2f46905f39a766487f2432e95d6be0cb009fe8c69fd8825a7", "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF1" "7F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A2" "4B84400F01B804209C3D7360C30156FAB7C80A0276712DA9D8094A634B766D3A" @@ -235,7 +243,9 @@ static int sm2_crypt_test(void) EVP_sha256(), "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0", "encryption standard", - "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F", + "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F" + "003da18008784352192d70f22c26c243174a447ba272fec64163dd4742bae8bc98" + "00df17605cf304e9dd1dfeb90c015e93b393a6f046792f790a6fa4228af67d9588", "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF17F" "6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A24B84" "400F01B80420BE89139D07853100EFA763F60CBE30099EA3DF7F8F364F9D10A5E9" @@ -285,10 +295,12 @@ static int test_sm2_sign(const EC_GROUP *group, start_fake_rand(k_hex); sig = sm2_do_sign(key, EVP_sm3(), userid, (const uint8_t *)message, msg_len); - restore_rand(); - - if (!TEST_ptr(sig)) + if (!TEST_ptr(sig) + || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) { + restore_rand(); goto done; + } + restore_rand(); ECDSA_SIG_get0(sig, &sig_r, &sig_s); @@ -337,7 +349,8 @@ static int sm2_sig_test(void) "ALICE123 at YAHOO.COM", "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263", "message digest", - "006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F", + "006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F" + "007c47811054c6f99613a578eb8453706ccb96384fe7df5c171671e760bfa8be3a", "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1", "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7"))) goto done; From matt at openssl.org Wed Jun 20 13:33:48 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Jun 2018 13:33:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529501628.064640.9707.nullmailer@dev.openssl.org> The branch master has been updated via c86acc9f83f0c5c931519e861ba2ef37069f1ff4 (commit) from f73164ca1e3d221a580b3ea6298432c180075f26 (commit) - Log ----------------------------------------------------------------- commit c86acc9f83f0c5c931519e861ba2ef37069f1ff4 Author: Matt Caswell Date: Tue Jun 19 21:36:42 2018 +0100 Fix no-sm2 Fixes #6525 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6531) ----------------------------------------------------------------------- Summary of changes: test/evp_test.c | 29 +++++++---------------------- 1 file changed, 7 insertions(+), 22 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index 97239f2..667c945 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2413,23 +2413,6 @@ static char *take_value(PAIR *pp) return p; } -static int key_disabled(EVP_PKEY *pkey) -{ -#if defined(OPENSSL_NO_SM2) && !defined(OPENSSL_NO_EC) - int type = EVP_PKEY_base_id(pkey); - - if (type == EVP_PKEY_EC) { - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); - int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - - if (nid == NID_sm2) - return 1; - } -#endif /* OPENSSL_NO_SM2 */ - - return 0; -} - /* * Read and parse one test. Return 0 if failure, 1 if okay. */ @@ -2516,10 +2499,6 @@ top: } OPENSSL_free(keybin); } - if (pkey != NULL && key_disabled(pkey)) { - EVP_PKEY_free(pkey); - pkey = NULL; - } /* If we have a key add to list */ if (klist != NULL) { @@ -2532,8 +2511,14 @@ top: key->name = take_value(pp); /* Hack to detect SM2 keys */ - if(strstr(key->name, "SM2")) + if(pkey != NULL && strstr(key->name, "SM2") != NULL) { +#ifdef OPENSSL_NO_SM2 + EVP_PKEY_free(pkey); + pkey = NULL; +#else EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +#endif + } key->key = pkey; key->next = *klist; From matt at openssl.org Wed Jun 20 13:35:32 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Jun 2018 13:35:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529501732.045462.10811.nullmailer@dev.openssl.org> The branch master has been updated via c4a8eb624f8966846dc462c4bb10314674566952 (commit) from c86acc9f83f0c5c931519e861ba2ef37069f1ff4 (commit) - Log ----------------------------------------------------------------- commit c4a8eb624f8966846dc462c4bb10314674566952 Author: Paul Kehrer Date: Tue Jun 19 12:49:19 2018 -0500 update pyca/cryptography submodule Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6528) ----------------------------------------------------------------------- Summary of changes: pyca-cryptography | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyca-cryptography b/pyca-cryptography index c1f8e46..95820b4 160000 --- a/pyca-cryptography +++ b/pyca-cryptography @@ -1 +1 @@ -Subproject commit c1f8e460330b7ce83d4ea5a9b753a35321f0cf9e +Subproject commit 95820b4e4fe23e174cf212639a37df39a157db9d From matt at openssl.org Wed Jun 20 14:29:39 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Jun 2018 14:29:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529504979.315820.21762.nullmailer@dev.openssl.org> The branch master has been updated via fd38836ba8158cb30f0731f8a61780ed4b5a6825 (commit) from c4a8eb624f8966846dc462c4bb10314674566952 (commit) - Log ----------------------------------------------------------------- commit fd38836ba8158cb30f0731f8a61780ed4b5a6825 Author: Matt Caswell Date: Wed Jun 20 15:25:43 2018 +0100 Update copyright year Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6538) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/p5_pbev2.c | 2 +- crypto/bn/asm/rsaz-avx2.pl | 2 +- crypto/chacha/asm/chacha-x86.pl | 2 +- crypto/dh/dh_key.c | 2 +- crypto/ec/asm/ecp_nistz256-avx2.pl | 2 +- crypto/ec/ec_ameth.c | 2 +- crypto/ec/ecp_mont.c | 2 +- crypto/ec/ecp_nist.c | 2 +- crypto/engine/eng_all.c | 2 +- crypto/engine/tb_asnmth.c | 2 +- crypto/evp/evp_lib.c | 2 +- crypto/modes/gcm128.c | 2 +- crypto/modes/wrap128.c | 2 +- crypto/pkcs12/p12_sbag.c | 2 +- crypto/poly1305/asm/poly1305-x86.pl | 2 +- crypto/sha/asm/sha1-586.pl | 2 +- crypto/sha/asm/sha256-586.pl | 2 +- crypto/x509/x509_lcl.h | 2 +- doc/man3/BUF_MEM_new.pod | 2 +- doc/man3/DSA_sign.pod | 2 +- doc/man3/EVP_PKEY_set1_RSA.pod | 2 +- doc/man3/OPENSSL_LH_COMPFUNC.pod | 2 +- doc/man3/SSL_get_current_cipher.pod | 2 +- doc/man3/X509v3_get_ext_by_NID.pod | 2 +- test/evp_extra_test.c | 2 +- test/x509aux.c | 2 +- util/ck_errf.pl | 2 +- 27 files changed, 27 insertions(+), 27 deletions(-) diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index 5b65adc..f91ba08 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index 154a762..f1292cc 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2012, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl index 8508346..13c217d 100755 --- a/crypto/chacha/asm/chacha-x86.pl +++ b/crypto/chacha/asm/chacha-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 752542b..4f85be7 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl index c113c13..794e56a 100755 --- a/crypto/ec/asm/ecp_nistz256-avx2.pl +++ b/crypto/ec/asm/ecp_nistz256-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2014, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 4096cb3..6fc6146 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 27ece3b..358e998 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index aaa73d6..58669d3 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 5f06fe0..af306cc 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index ae99a37..4bcc761 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 8ef3f8e..6c48199 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 7a10eb2..15f76e3 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c index 5ebb517..d7e56cc 100644 --- a/crypto/modes/wrap128.c +++ b/crypto/modes/wrap128.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index 2f1ce58..a09c5b9 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl index 3020d8e..1e09ddc 100755 --- a/crypto/poly1305/asm/poly1305-x86.pl +++ b/crypto/poly1305/asm/poly1305-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 996707c..9d4ff7f 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index e0ef028..dccc771 100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index abd639a..c517a77 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BUF_MEM_new.pod b/doc/man3/BUF_MEM_new.pod index 95d3a07..6192250 100644 --- a/doc/man3/BUF_MEM_new.pod +++ b/doc/man3/BUF_MEM_new.pod @@ -65,7 +65,7 @@ BUF_MEM_new_ex() was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DSA_sign.pod b/doc/man3/DSA_sign.pod index 4ca7756..889c7a1 100644 --- a/doc/man3/DSA_sign.pod +++ b/doc/man3/DSA_sign.pod @@ -58,7 +58,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index 2a1ec92..749c52c 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -135,7 +135,7 @@ L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod index 2064040..ec21c79 100644 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -236,7 +236,7 @@ type checking. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_current_cipher.pod b/doc/man3/SSL_get_current_cipher.pod index 1a484f6..64ca819 100644 --- a/doc/man3/SSL_get_current_cipher.pod +++ b/doc/man3/SSL_get_current_cipher.pod @@ -61,7 +61,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod index 54dff3c..c81d463 100644 --- a/doc/man3/X509v3_get_ext_by_NID.pod +++ b/doc/man3/X509v3_get_ext_by_NID.pod @@ -132,7 +132,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index deb8cfd..b7b78f5 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/x509aux.c b/test/x509aux.c index 72e0082..c8bef00 100644 --- a/test/x509aux.c +++ b/test/x509aux.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. diff --git a/util/ck_errf.pl b/util/ck_errf.pl index 138dfb9..539736d 100755 --- a/util/ck_errf.pl +++ b/util/ck_errf.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy From matt at openssl.org Wed Jun 20 15:01:23 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Jun 2018 15:01:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529506883.314298.28218.nullmailer@dev.openssl.org> The branch master has been updated via 8d983739bba1c705d68786cadae58adb18f9eb2f (commit) via 3098c3bd12530b11d2944e0bc8115f6471e4d41c (commit) from fd38836ba8158cb30f0731f8a61780ed4b5a6825 (commit) - Log ----------------------------------------------------------------- commit 8d983739bba1c705d68786cadae58adb18f9eb2f Author: Matt Caswell Date: Wed Jun 20 15:49:35 2018 +0100 Prepare for 1.1.1-pre9-dev Reviewed-by: Richard Levitte commit 3098c3bd12530b11d2944e0bc8115f6471e4d41c Author: Matt Caswell Date: Wed Jun 20 15:48:08 2018 +0100 Prepare for 1.1.1-pre8 release Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: README | 2 +- include/openssl/opensslv.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README b/README index b1b615b..d6c3655 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1-pre8-dev + OpenSSL 1.1.1-pre9-dev Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index dd95416..a4e75db 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10101008L -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre8-dev xx XXX xxxx" +# define OPENSSL_VERSION_NUMBER 0x10101009L +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre9-dev xx XXX xxxx" /*- * The macros below are to be used for shared library (.so, .dll, ...) From matt at openssl.org Wed Jun 20 15:01:37 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Jun 2018 15:01:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_1-pre8 create Message-ID: <1529506897.803472.29097.nullmailer@dev.openssl.org> The annotated tag OpenSSL_1_1_1-pre8 has been created at 9e813c328275597e43b171da435d07af05160311 (tag) tagging 3098c3bd12530b11d2944e0bc8115f6471e4d41c (commit) replaces OpenSSL_1_1_1-pre7 tagged by Matt Caswell on Wed Jun 20 15:48:08 2018 +0100 - Log ----------------------------------------------------------------- OpenSSL 1.1.1-pre8 release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCgAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlsqaSgRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJHzqgf/QlmExYOUiE3f43Lk9XHX3fCwqHRjTqUK m7lHl3oizBFHPIEhgRFUBFgBs6dG+1VxIHacDW1fQBivWWHeP3qOpd4DcqAm3A8I 2BF2qZDFQ2hnlvc0sbiscybNkZUv5jBZvBbX21uSBWADbi5OiFTZ39KnXQpklx4/ N7a1FGaLHO+Lmpxzd580lKsaTHISwZgoob7vBr0G6W6FvZx6xxmbkDvPUsPgyUuc 4ALRKAc/EkepJVDpJ59K8eTLda1w4niZ+bpbZlHQkFUPzMWwqo0K+WBndnzEWK/M 4wEPSqFDvGtmvqvNXPXeQUqTetUB75+ipYJcB0qC/vM0bOFG1myfcw== =2eRu -----END PGP SIGNATURE----- Andy Polyakov (31): apps/speed.c: clean up SIGARM handling. apps/speed.c: add -aead flag. apps/speed.c: address asan failure with small -bytes and large -misalign. perlasm/ppc-xlate.pl: add new instructions and clean up. chacha/asm/chacha-ppc.pl: optimize AltiVec/VMX code path. evp/e_aes.c: replace calls to one-liners with references in GCM. modes/gcm128.c: coalesce calls to GHASH. {arm64|x86_64}cpuid.pl: add special 16-byte case to OPENSSL_memcmp. PPC assembly pack: correct POWER9 results. chacha/asm/chacha-ppc.pl: improve POWER8 performance by 15%. sha/asm/sha512p8-ppc.pl: improve POWER9 performance by ~10%. sha/asm/sha512p8-ppc.pl: fix build on Mac OS X. perlasm/ppc-xlate.pl: add vmrg[eo]w instructions. chacha/asm/chacha-ppc.pl: improve performance by 40/80% on POWER8/9. crypto/ppccap.c: wire new ChaCha20_ctr32_vsx. chacha/asm/chacha-ppc.pl: fix big-endian build. Configurations/*.conf: ios targets face-lift. rand/rand_unix.c: omit error from DSO_global_lookup. rand/rand_unix.c: bypass DSO_global_lookup on ELF systems. bn/asm/sparcv9-mont.pl: iron another glitch in squaring code path. Configurations/10-main.conf: reinstate soname on Solaris. Configure: add shared() to facilitate shared-specific flags. Configurations/10-main.conf: AIX configs unification. Configurations/10-main.conf: replace -bexpall with explicit list on AIX. Configurations/10-main.conf: move hpux-shared flags to hpux-common. Configurations/10-main.conf: improve Makefile readability on AIX and Solaris. bn/bn_exp.c: harmonize all code paths with last commit. bn/asm/rsaz-avx2.pl: harmonize clang version detection. sha/asm/sha{1|256}-586.pl: harmonize clang version detection. {chacha|poly1305}/asm/*-x64.pl: harmonize clang version detection. ec/asm/ecp_nistz256-avx2.pl: harmonize clang version detection. Bernd Edlinger (1): Fix test sm2 test failure with ec blinding David Cooper (1): Update certificates in demos/bio, demos/cms, demos/smime David von Oheimb (4): export data_dir of Test.pm, which was forgotten in #5928 remove needless and misleading malloc failure error messages of PKCS12_SAFEBAG_create_pkcs8_encrypt add 'unsupported cipher mode' diagnostics to evp_lib.c and genpkey.c add cast in test/x509aux.c preventing compiler warning for VC-WIN64A architecture Dmitry Belyavskiy (5): Bugfix: GOST2012 certificates for GOST ciphersuites were broken. Send GOST SignatureAlgorithms when TLS 1.2 in use Text description of GOST signature algorithms Documentation for missing s_client/s_server options New GOST identificators Dr. Matthias St. Pierre (2): RAND_POOL: Add missing implementations for djgpp Improve the output of `make doc-nits` Eric S. Raymond (2): Fix manpage problems Repair broken C syntax (missing close parens) in a manual page. Georg Schmidt (1): Issue warnings for large DSA and RSA keys Guido Vranken (1): Reject excessively large primes in DH key generation. Jack Lloyd (4): Make SM2 functions private Set SM2 error codes Add EVP_PKEY_set_alias_type Move SM2 algos to SM2 specific PKEY method Ken Goldman (1): Document failure return for ECDSA_SIG_new Kurt Roeckx (4): Add support for KERN_ARND to get random bytes on NetBSD Look up availability of getentropy() at runtime. Remove support for calling getrandom(), we now always call getentropy() Fix checking the return value of getentropy() Marcus Huewe (1): Do not free a session before calling the remove_session_cb Matt Caswell (38): Prepare for 1.1.1-pre8-dev Update the "Connected Commands" section of s_client/s_server docs The result of a ^ 0 mod -1 is 0 not 1 Test that a ^ 0 mod -1 is always 0 Remove some logically dead code Remove some logically dead code EVP_MD_size() can return an error Only set TCP_NODELAY if the protocol is TCP Free a variable on an error path Free a variable Fix a memory leak in an error path Don't call setsockopt with an invalid fd Add test recipes for internal SM2 tests Further work on SM2 error codes Improve use of the test framework in the SM2 internal tests More more on SM2 error codes and tidy up Remove non-existant functions from libcrypto.num Use lowercase for internal SM2 symbols Rebuild error codes Fix no-dsa Fix EAP-FAST Fix TLSv1.3 ticket nonces Don't store the ticket nonce in the session Reformulate the if condition in tls_process_new_session_ticket Add support getting raw private/public keys Document the raw key getter functions Add function for setting the EVP_PKEY_ASN1_METHOD raw key getter functions Add a test for the raw private/public key getters Fix no-ec Fix TLSv1.3 alert handling Don't send a warning alert in TLSv1.3 Remodel the if sequence for handling alerts Add blinding to an ECDSA signature Fix error number clash Fix enable-ssl3 enable-ssl3-method Fix no-sm2 Update copyright year Prepare for 1.1.1-pre8 release Mingtao Yang (2): Add APIs for custom X509_LOOKUP_METHOD creation modes/ocb128.c: Reset nonce-dependent variables on setiv Nicola Tuveri (2): Deprecate DSA_sign_setup() in the documentation Fix & update documentation about RAND_priv_bytes() Paul Kehrer (1): update pyca/cryptography submodule Rich Salz (2): Make OS/X more explicit, to avoid questions Improve wording Richard Levitte (15): OSSL_STORE: don't test file: URIs on Mingw apps: when the 'compat' nameopt has been set, leave it be ENGINE_pkey_asn1_find_str(): don't assume an engine implements ASN1 method STORE: split off the description of the 'file' scheme loader crypto/sm2/sm2_za.c: include internal/numbers.h Document UTF-8 expectation for pass phrases passed to OSSL_STORE VMS: have mkdef.pl parse lettered versions properly util/ck_errf.pl: add detection of unknown libcrypto and libssl libs util/ck_errf.pl: add functionality that brings it closer to util/mkerr.pl make errors: use the new util/ck_errf.pl options .travis.yml: give make update exit code meaning again Make ck_errf.pl ignore commented out error generation doc/man7/passphrase-encoding.pod: Make consistent Configure option 'no-deprecated' means '-DOPENSSL_API_COMPAT=0x10100000L' Convert our own check of OPENSSL_NO_DEPRECATED Sohaib ul Hassan (1): Implement coordinate blinding for EC_POINT Todd Short (3): Fix no-sm2 with clang Replace strdup() with OPENSSL_strdup() Add support for RSA-PSS to X509_certificate_type() User (1): bn/bn_exp.c: mitigation of the One-and-Done side-channel attack. Viktor Dukhovni (1): Document return value of X509_add_ext Yihong Wang (1): Reduce minimal out length in CRYPTO_128_unwrap_pad ----------------------------------------------------------------------- From matt at openssl.org Wed Jun 20 15:02:48 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 20 Jun 2018 15:02:48 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1529506968.584345.30682.nullmailer@dev.openssl.org> The branch master has been updated via 108c503eb0e909259ef0f1f68a07e74752c2f9a3 (commit) from 59e4ff330c6ff27e71c040f65d2918f4fb5c0692 (commit) - Log ----------------------------------------------------------------- commit 108c503eb0e909259ef0f1f68a07e74752c2f9a3 Author: Matt Caswell Date: Wed Jun 20 15:54:49 2018 +0100 Update newsflash for pre 8 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/web/pull/62) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index ce931be..dabc4fa 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +20-Jun-2018: Beta 6 of OpenSSL 1.1.1 (pre release 8) is now available: please download and test it 12-Jun-2018: Security Advisory: one low severity fix 29-May-2018: Beta 5 of OpenSSL 1.1.1 (pre release 7) is now available: please download and test it 01-May-2018: Beta 4 of OpenSSL 1.1.1 is now available: please download and test it From levitte at openssl.org Wed Jun 20 15:04:02 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 20 Jun 2018 15:04:02 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1529507042.464753.31339.nullmailer@dev.openssl.org> The branch master has been updated via 897f0887b4fecf22e522c248800b158c2e6a7422 (commit) via 7ab7e43a50c400c49bf3e0608a1d292e62d020f9 (commit) from ddda55afb15458bc21187ef80397134193a8982e (commit) - Log ----------------------------------------------------------------- commit 897f0887b4fecf22e522c248800b158c2e6a7422 Author: Richard Levitte Date: Tue May 29 15:20:11 2018 +0200 do-release.pl: Move old dist files before copying the new ones Also, extend the patterns we glob for to include pre-releases Fixes #17 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/18) commit 7ab7e43a50c400c49bf3e0608a1d292e62d020f9 Author: Richard Levitte Date: Tue May 29 15:07:11 2018 +0200 do-release.pl: make sure pre-releases contribute to the array of series Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/18) ----------------------------------------------------------------------- Summary of changes: release-tools/do-release.pl | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/release-tools/do-release.pl b/release-tools/do-release.pl index 1725055..9bc7137 100644 --- a/release-tools/do-release.pl +++ b/release-tools/do-release.pl @@ -9,6 +9,8 @@ use strict; use warnings; +use File::Basename; + my $homedir = glob("~openssl"); my $tmpdir = $ENV{"OPENSSL_TMP_DIR"} // $homedir . "/dist/new"; my $olddir = $ENV{"OPENSSL_OLD_DIR"} // $homedir . "/dist/old"; @@ -68,7 +70,7 @@ foreach (@files) { } } foreach (@versions) { - if (/^(\d+\.\d+\.\d+)[a-z]*$/) { + if (/^(\d+\.\d+\.\d+)[a-z]*(?:-pre\d+)$/) { my $serie = $1; push @series, $serie unless grep /^$serie/, @series; } @@ -125,32 +127,27 @@ print "Directory sanity check OK\n"; print "Starting release for OpenSSL @versions\n"; if ($do_copy) { - foreach (@distfiles) { - system("cp $tmpdir/$_ $srcdir/$_"); - die "Error copying $_ to source directory!" if $?; - system("cp $tmpdir/$_ $ftpdir/$_"); - die "Error copying $_ to ftp directory!" if $?; - } - print "Copied distributions files to source and ftp directories\n"; foreach my $serie (@series) { + my @glob_patterns = ( + "openssl-$serie.tar.gz", + "openssl-$serie?.tar.gz", + "openssl-$serie-pre[0-9].tar.gz", + "openssl-$serie?-pre[0-9].tar.gz", + "openssl-$serie-pre[0-9][0-9].tar.gz", + "openssl-$serie?-pre[0-9][0-9].tar.gz", + ); my $tomove_oldsrc = "$srcdir/old/$serie"; my @tomove_src = - map { - my $x = $_; - $x =~ s|.*/||g; - grep( /^$x$/, @distfiles ) ? () : $x - } + map { basename ($_) } grep { -f $_ } - glob("$srcdir/openssl-$serie.tar.gz $srcdir/openssl-$serie?.tar.gz"); + map { glob("$srcdir/$_") } + @glob_patterns; my $tomove_oldftp = "$ftpdir/old/$serie"; my @tomove_ftp = - map { - my $x = $_; - $x =~ s|.*/||g; - grep( /^$x$/, @distfiles ) ? () : $x - } + map { basename ($_) } grep { -f $_ } - glob("$ftpdir/openssl-$serie.tar.gz $ftpdir/openssl-$serie?.tar.gz"); + map { glob("$ftpdir/$_") } + @glob_patterns; mkdir $tomove_oldsrc or die "Couldn't mkdir $tomove_oldsrc : $!" @@ -169,6 +166,14 @@ if ($do_copy) { } print "Moved old distributions files to source/old and ftp/old directories\n"; + + foreach (@distfiles) { + system("cp $tmpdir/$_ $srcdir/$_"); + die "Error copying $_ to source directory!" if $?; + system("cp $tmpdir/$_ $ftpdir/$_"); + die "Error copying $_ to ftp directory!" if $?; + } + print "Copied distributions files to source and ftp directories\n"; } else { print "Test mode: no files copied\n"; From osslsanity at gmail.com Wed Jun 20 15:27:15 2018 From: osslsanity at gmail.com (osslsanity at gmail.com) Date: Wed, 20 Jun 2018 15:27:15 +0000 (UTC) Subject: [openssl-commits] Jenkins build is back to normal : master_noec #576 In-Reply-To: <230937724.461.1529486834527.JavaMail.jenkins@ip-172-31-34-99> References: <230937724.461.1529486834527.JavaMail.jenkins@ip-172-31-34-99> Message-ID: <769692010.462.1529508435938.JavaMail.jenkins@ip-172-31-34-99> See From levitte at openssl.org Wed Jun 20 20:39:09 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 20 Jun 2018 20:39:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529527149.493175.16354.nullmailer@dev.openssl.org> The branch master has been updated via 445bc8086172e889023b377dc05191ebddfff46e (commit) from 8d983739bba1c705d68786cadae58adb18f9eb2f (commit) - Log ----------------------------------------------------------------- commit 445bc8086172e889023b377dc05191ebddfff46e Author: Richard Levitte Date: Tue Jun 19 13:03:55 2018 +0200 NOTES.UNIX: expand the description of RPATHs Hopefully, this will make it more clear that it isn't only ELF specific, even though there is a part that is (or even more restrictively GNU ld.so specific). Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6520) ----------------------------------------------------------------------- Summary of changes: NOTES.UNIX | 105 ++++++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 77 insertions(+), 28 deletions(-) diff --git a/NOTES.UNIX b/NOTES.UNIX index 3236107..284da10 100644 --- a/NOTES.UNIX +++ b/NOTES.UNIX @@ -5,38 +5,87 @@ For Unix/POSIX runtime systems on Windows, please see NOTES.WIN. - Shared libraries and installation in non-standard locations - ----------------------------------------------------------- - - Binaries on Unix variants expect to find shared libraries in standard - locations, such as /usr/lib, /usr/local/lib and some other locations - configured in the system (for example /etc/ld.so.conf on some systems). - If the libraries are installed in non-standard locations, binaries - will not find them and therefore fail to run unless they get a bit of - help from a defined RPATH or RUNPATH. This can be applied by adding - the appropriate linker flags to the configuration command, such as - this (/usr/local/ssl was the default location for OpenSSL installation - in versions before 1.1.0): + OpenSSL uses the compiler to link programs and shared libraries + --------------------------------------------------------------- - $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ - -Wl,-rpath,/usr/local/ssl/lib + OpenSSL's generated Makefile uses the C compiler command line to + link programs, shared libraries and dynamically loadable shared + objects. Because of this, any linking option that's given to the + configuration scripts MUST be in a form that the compiler can accept. + This varies between systems, where some have compilers that accept + linker flags directly, while others take them in '-Wl,' form. You need + to read your compiler documentation to figure out what is acceptable, + and ld(1) to figure out what linker options are available. - Because the actual library location may vary further (for example on - multilib installations), there is a convenience variable in Makefile - that holds the exact installation directory and that can be used like - this: - $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ - -Wl,-rpath,'$(LIBRPATH)' + Shared libraries and installation in non-default locations + ---------------------------------------------------------- + + Every Unix system has its own set of default locations for shared + libraries, such as /lib, /usr/lib or possibly /usr/local/lib. If + libraries are installed in non-default locations, dynamically linked + binaries will not find them and therefore fail to run unless they get a + bit of help from a defined runtime shared library search path. + + For OpenSSL's application (the 'openssl' command), our configuration + scripts do NOT generally set the runtime shared library search path for + you. It's therefore advisable to set it explicitly when configuring + unless the libraries are to be installed in directories that you know + to be in the default list. + + Runtime shared library search paths are specified with different + linking options depending on operating system and versions thereof, and + are talked about differently in their respective documentation; + variations of RPATH are the most usual (note: ELF systems have two such + tags, more on that below). + + Possible options to set the runtime shared library search path include + the following: + + -Wl,-rpath,/whatever/path + -R /whatever/path + -rpath /whatever/path - On modern systems using GNU ld.so, a better choice may be to use the - new dtags, like this: + OpenSSL's configuration scripts recognise all these options and pass + them to the Makefile that they build. (In fact, it recognises anything + starting with '-Wl,' as a linker option, so for example, HP-UX' + '-Wl,+b,/whatever/path' would be used correctly) + + Please do not use verbatim directories in your runtime shared library + search path! Some OpenSSL config targets add an extra directory level + for multilib installations. To help with that, the produced Makefile + includes the variable LIBRPATH, which is a convenience variable to be + used with the runtime shared library search path options, as shown in + this example: $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ - -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' + '-Wl,-rpath,$(LIBRPATH)' + + On modern ELF based systems, there are two runtime search paths tags to + consider, DT_RPATH and DT_RUNPATH. Shared objects are searched for in + this order: + + 1. Using directories specified in DT_RPATH, unless DT_RUNPATH is + also set. + 2. Using the environment variable LD_LIBRARY_PATH + 3. Using directories specified in DT_RUNPATH. + 4. Using system shared object caches and default directories. + + This means that the values in the environment variable LD_LIBRARY_PATH + won't matter if the library is found in the paths given by DT_RPATH + (and DT_RUNPATH isn't set). - This sets DT_RUNPATH instead of DT_RPATH. DT_RUNPATH is considered after - the environment variable LD_LIBRARY_PATH, while DT_RPATH is considered - before that environment variable (which means that the values in that - environment variable won't matter if the library is found in the - paths given by DT_RPATH). + Exactly which of DT_RPATH or DT_RUNPATH is set by default appears to + depend on the system. For example, according to documentation, + DT_RPATH appears to be deprecated on Solaris in favor of DT_RUNPATH, + while on Debian GNU/Linux, either can be set, and DT_RPATH is the + default at the time of writing. + + How to choose which runtime search path tag is to be set depends on + your system, please refer to ld(1) for the exact information on your + system. As an example, the way to ensure the DT_RUNPATH is set on + Debian GNU/Linux systems rather than DT_RPATH is to tell the linker to + set new dtags, like this: + + $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ + '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)' From openssl at openssl.org Wed Jun 20 22:40:09 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 20 Jun 2018 22:40:09 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1529534409.138607.15306.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 445bc80 NOTES.UNIX: expand the description of RPATHs 8d98373 Prepare for 1.1.1-pre9-dev 3098c3b Prepare for 1.1.1-pre8 release fd38836 Update copyright year c4a8eb6 update pyca/cryptography submodule c86acc9 Fix no-sm2 f73164c Fix test sm2 test failure with ec blinding From openssl at openssl.org Thu Jun 21 01:15:52 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 21 Jun 2018 01:15:52 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ec Message-ID: <1529543752.133653.24909.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ec Commit log since last time: 445bc80 NOTES.UNIX: expand the description of RPATHs 8d98373 Prepare for 1.1.1-pre9-dev 3098c3b Prepare for 1.1.1-pre8 release fd38836 Update copyright year c4a8eb6 update pyca/cryptography submodule c86acc9 Fix no-sm2 f73164c Fix test sm2 test failure with ec blinding From paul.dale at oracle.com Thu Jun 21 04:55:08 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Thu, 21 Jun 2018 04:55:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529556908.349794.24548.nullmailer@dev.openssl.org> The branch master has been updated via 6e501c47191102b23912e2744929d4c630523ff7 (commit) from 445bc8086172e889023b377dc05191ebddfff46e (commit) - Log ----------------------------------------------------------------- commit 6e501c47191102b23912e2744929d4c630523ff7 Author: Pauli Date: Thu Jun 21 13:39:23 2018 +1000 Fix spelling errors in documentation. Also fix some clumsy wording. [skip_ci] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6545) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_sess_set_get_cb.pod | 6 +++--- doc/man3/SSL_CTX_set_cert_verify_callback.pod | 8 ++++---- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 +- doc/man7/RAND_DRBG.pod | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/doc/man3/SSL_CTX_sess_set_get_cb.pod b/doc/man3/SSL_CTX_sess_set_get_cb.pod index c66164e..774c4b1 100644 --- a/doc/man3/SSL_CTX_sess_set_get_cb.pod +++ b/doc/man3/SSL_CTX_sess_set_get_cb.pod @@ -43,9 +43,9 @@ L). (SSL/TLS server only.) SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and -SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the -provided callback functions. If a callback function has not been set, -the NULL pointer is returned. +SSL_CTX_sess_get_get_cb() retrieve the function pointers set by the +corresponding set callback functions. If a callback function has not been +set, the NULL pointer is returned. =head1 NOTES diff --git a/doc/man3/SSL_CTX_set_cert_verify_callback.pod b/doc/man3/SSL_CTX_set_cert_verify_callback.pod index 6a9c238..0c3378d 100644 --- a/doc/man3/SSL_CTX_set_cert_verify_callback.pod +++ b/doc/man3/SSL_CTX_set_cert_verify_callback.pod @@ -34,10 +34,10 @@ argument I is specified by the application when setting I. I should return 1 to indicate verification success and 0 to indicate verification failure. If SSL_VERIFY_PEER is set and I returns 0, the handshake will fail. As the verification procedure may -allow to continue the connection in case of failure (by always returning 1) -the verification result must be set in any case using the B -member of I so that the calling application will be informed -about the detailed result of the verification procedure! +allow the connection to continue in the case of failure (by always +returning 1) the verification result must be set in any case using the +B member of I so that the calling application +will be informed about the detailed result of the verification procedure! Within I, I has access to the I function set using L. diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 61b52ef..9b64e0a 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -155,7 +155,7 @@ B host flag, or because some DNS subject alternative names are present in the certificate, DNS name constraints in issuer certificates will not be applied to the subject DN. As described in X509_check_host(3) the B -flag takes precendence over the B flag. +flag takes precedence over the B flag. X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a call to X509_VERIFY_PARAM_set_hostflags(). diff --git a/doc/man7/RAND_DRBG.pod b/doc/man7/RAND_DRBG.pod index 9f7f124..b89c30d 100644 --- a/doc/man7/RAND_DRBG.pod +++ b/doc/man7/RAND_DRBG.pod @@ -222,7 +222,7 @@ This is in fact done automatically by L. In most cases OpenSSL will automatically choose a suitable seed source for automatically seeding and reseeding its DRBG. In some cases -however, it will be necessary to explicitely specify a seed source during +however, it will be necessary to explicitly specify a seed source during configuration, using the --with-rand-seed option. For more information, see the INSTALL instructions. There are also operating systems where no seed source is available and automatic reseeding is disabled by default. From levitte at openssl.org Thu Jun 21 04:56:47 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 21 Jun 2018 04:56:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529557007.373286.25879.nullmailer@dev.openssl.org> The branch master has been updated via 63871d9f810fec1e8a441d82c9ac79c58b19e2ad (commit) from 6e501c47191102b23912e2744929d4c630523ff7 (commit) - Log ----------------------------------------------------------------- commit 63871d9f810fec1e8a441d82c9ac79c58b19e2ad Author: Richard Levitte Date: Thu Jun 21 06:24:33 2018 +0200 openssl ca: open the output file as late as possible Fixes #6544 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6546) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 60c8f6c..4a8396e 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -726,10 +726,6 @@ end_of_options: output_der = 1; batch = 1; } - Sout = bio_open_default(outfile, 'w', - output_der ? FORMAT_ASN1 : FORMAT_TEXT); - if (Sout == NULL) - goto end; } if (md == NULL && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) @@ -1025,6 +1021,11 @@ end_of_options: if (verbose) BIO_printf(bio_err, "writing %s\n", new_cert); + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + Cout = BIO_new_file(new_cert, "w"); if (Cout == NULL) { perror(new_cert); @@ -1033,6 +1034,8 @@ end_of_options: write_new_certificate(Cout, xi, 0, notext); write_new_certificate(Sout, xi, output_der, notext); BIO_free_all(Cout); + BIO_free_all(Sout); + Sout = NULL; } if (sk_X509_num(cert_sk)) { @@ -1181,6 +1184,11 @@ end_of_options: if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts)) goto end; + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + PEM_write_bio_X509_CRL(Sout, crl); if (crlnumberfile != NULL) /* Rename the crlnumber file */ From levitte at openssl.org Thu Jun 21 05:00:17 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 21 Jun 2018 05:00:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529557217.797207.27287.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 56c91e6dda3252b40396fcecd4005a823a8c7bf5 (commit) from c35608e5422d2718868d88439e22369d4aabb7c6 (commit) - Log ----------------------------------------------------------------- commit 56c91e6dda3252b40396fcecd4005a823a8c7bf5 Author: Richard Levitte Date: Thu Jun 21 06:24:33 2018 +0200 openssl ca: open the output file as late as possible Fixes #6544 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6546) (cherry picked from commit 63871d9f810fec1e8a441d82c9ac79c58b19e2ad) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index fe9d29b..c69a2b5 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -729,10 +729,6 @@ end_of_options: output_der = 1; batch = 1; } - Sout = bio_open_default(outfile, 'w', - output_der ? FORMAT_ASN1 : FORMAT_TEXT); - if (Sout == NULL) - goto end; } if (md == NULL @@ -1020,6 +1016,11 @@ end_of_options: if (verbose) BIO_printf(bio_err, "writing %s\n", buf[2]); + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + Cout = BIO_new_file(buf[2], "w"); if (Cout == NULL) { perror(buf[2]); @@ -1028,6 +1029,8 @@ end_of_options: write_new_certificate(Cout, xi, 0, notext); write_new_certificate(Sout, xi, output_der, notext); BIO_free_all(Cout); + BIO_free_all(Sout); + Sout = NULL; } if (sk_X509_num(cert_sk)) { @@ -1176,6 +1179,11 @@ end_of_options: if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts)) goto end; + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + PEM_write_bio_X509_CRL(Sout, crl); if (crlnumberfile != NULL) /* Rename the crlnumber file */ From no-reply at appveyor.com Thu Jun 21 07:06:44 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 Jun 2018 07:06:44 +0000 Subject: [openssl-commits] Build failed: openssl master.18614 Message-ID: <20180621070644.1.6F8B5751889E4CF2@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jun 21 07:13:51 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 Jun 2018 07:13:51 +0000 Subject: [openssl-commits] Build failed: openssl master.18615 Message-ID: <20180621071351.1.66469CE796AFC125@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jun 21 07:20:35 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 Jun 2018 07:20:35 +0000 Subject: [openssl-commits] Build failed: openssl master.18617 Message-ID: <20180621072035.1.36FBF7A41CCEC380@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jun 21 07:41:51 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 Jun 2018 07:41:51 +0000 Subject: [openssl-commits] Build completed: openssl master.18618 Message-ID: <20180621074151.1.458B03EB04091DDB@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Thu Jun 21 09:11:12 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 21 Jun 2018 09:11:12 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1529572272.510369.8114.nullmailer@dev.openssl.org> The branch master has been updated via 3660c7ff2c23ae4d89e463f0abd5a359b6172775 (commit) from 897f0887b4fecf22e522c248800b158c2e6a7422 (commit) - Log ----------------------------------------------------------------- commit 3660c7ff2c23ae4d89e463f0abd5a359b6172775 Author: Matt Caswell Date: Tue Jun 19 21:43:07 2018 +0100 Test no-sm2, no-sm3, no-sm4 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/tools/pull/19) ----------------------------------------------------------------------- Summary of changes: run-checker/run-checker.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh index 843cccb..ab8910e 100755 --- a/run-checker/run-checker.sh +++ b/run-checker/run-checker.sh @@ -42,7 +42,8 @@ no-static-engine no-stdio no-threads no-ts enable-ubsan no-ui enable-unit-test no-whirlpool enable-weak-ssl-ciphers enable-zlib enable-zlib-dynamic 386 no-dtls no-tls no-ssl3 no-tls1 no-tls1_1 no-tls1_2 no-dtls1 no-dtls1_2 no-ssl3-method no-tls1-method no-tls1_1-method -no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 ) +no-tls1_2-method no-dtls1-method no-dtls1_2-method no-siphash no-tls1_3 no-sm2 +no-sm3 no-sm4 ) run-hook () { local hookname=$1; shift From matt at openssl.org Thu Jun 21 09:14:56 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 21 Jun 2018 09:14:56 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529572496.809438.9418.nullmailer@dev.openssl.org> The branch master has been updated via 95aec8641fb6f596f170f97852e1e2839f4ec2fc (commit) from 63871d9f810fec1e8a441d82c9ac79c58b19e2ad (commit) - Log ----------------------------------------------------------------- commit 95aec8641fb6f596f170f97852e1e2839f4ec2fc Author: Matt Caswell Date: Tue Jun 19 21:41:49 2018 +0100 Document no-sm2 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6532) ----------------------------------------------------------------------- Summary of changes: INSTALL | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/INSTALL b/INSTALL index b1a5868..51141ef 100644 --- a/INSTALL +++ b/INSTALL @@ -548,9 +548,9 @@ Build without support for the specified algorithm, where is one of: aria, bf, blake2, camellia, cast, chacha, cmac, des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, - poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm3, sm4 - or whirlpool. The "ripemd" algorithm is deprecated and if - used is synonymous with rmd160. + poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm2, sm3, + sm4 or whirlpool. The "ripemd" algorithm is deprecated and + if used is synonymous with rmd160. -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static These system specific options will be recognised and From matt at openssl.org Thu Jun 21 09:23:42 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 21 Jun 2018 09:23:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529573022.363442.11727.nullmailer@dev.openssl.org> The branch master has been updated via 7f9822a48213dd2feca845dbbb6bcb8beb9550de (commit) from 95aec8641fb6f596f170f97852e1e2839f4ec2fc (commit) - Log ----------------------------------------------------------------- commit 7f9822a48213dd2feca845dbbb6bcb8beb9550de Author: Matt Caswell Date: Tue Jun 19 15:07:02 2018 +0100 Add blinding to a DSA signature This extends the recently added ECDSA signature blinding to blind DSA too. This is based on side channel attacks demonstrated by Keegan Ryan (NCC Group) for ECDSA which are likely to be able to be applied to DSA. Normally, as in ECDSA, during signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order In ECDSA, the addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. This commit also tweaks the previous ECDSA blinding so that blinding is only removed at the last possible step. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6522) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 +-- crypto/dsa/dsa_ossl.c | 66 +++++++++++++++++++++++++++++++++++++------------- crypto/ec/ecdsa_ossl.c | 14 +++++------ 3 files changed, 58 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index a4beda6..4dc0659 100644 --- a/CHANGES +++ b/CHANGES @@ -13,8 +13,8 @@ chosen point SCA attacks. [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley] - *) Add blinding to an ECDSA signature to protect against side channel attacks - discovered by Keegan Ryan (NCC Group). + *) Add blinding to ECDSA and DSA signatures to protect against side channel + attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] *) Enforce checking in the pkeyutl command line app to ensure that the input diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index d78c5f0..5237794 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -59,19 +59,13 @@ const DSA_METHOD *DSA_OpenSSL(void) static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { BIGNUM *kinv = NULL; - BIGNUM *m; - BIGNUM *xr; + BIGNUM *m, *blind, *blindm, *tmp; BN_CTX *ctx = NULL; int reason = ERR_R_BN_LIB; DSA_SIG *ret = NULL; int rv = 0; - m = BN_new(); - xr = BN_new(); - if (m == NULL || xr == NULL) - goto err; - - if (!dsa->p || !dsa->q || !dsa->g) { + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { reason = DSA_R_MISSING_PARAMETERS; goto err; } @@ -87,6 +81,13 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ctx = BN_CTX_new(); if (ctx == NULL) goto err; + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) + goto err; + redo: if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen)) goto err; @@ -101,17 +102,50 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if (BN_bin2bn(dgst, dlen, m) == NULL) goto err; - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(xr, dsa->priv_key, ret->r, dsa->q, ctx)) - goto err; /* s = xr */ - if (!BN_add(ret->s, xr, m)) - goto err; /* s = m + xr */ - if (BN_cmp(ret->s, dsa->q) > 0) - if (!BN_sub(ret->s, ret->s, dsa->q)) + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod q + * + * We will blind this to protect against side channel attacks + * + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q + */ + + /* Generate a blinding value */ + do { + if (!BN_priv_rand(blind, BN_num_bits(dsa->q) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod q */ + if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx)) + goto err; + if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx)) + goto err; + + /* blindm := blind * m mod q */ + if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx)) + goto err; + + /* s : = (blind * priv_key * r) + (blind * m) mod q */ + if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q)) + goto err; + + /* s := s * k^-1 mod q */ if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx)) goto err; + /* s:= s * blind^-1 mod q */ + if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL) + goto err; + if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx)) + goto err; + /* * Redo if r or s is zero as required by FIPS 186-3: this is very * unlikely. @@ -128,8 +162,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ret = NULL; } BN_CTX_free(ctx); - BN_clear_free(m); - BN_clear_free(xr); BN_clear_free(kinv); return ret; } diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index 640593b..cdd0cf0 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -288,7 +288,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, * * We will blind this to protect against side channel attacks * - * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod order */ /* Generate a blinding value */ @@ -323,18 +323,18 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, goto err; } - /* s:= s * blind^-1 mod order */ - if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { + /* s := s * k^-1 mod order */ + if (!BN_mod_mul(s, s, ckinv, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, blind, order, ctx)) { + + /* s:= s * blind^-1 mod order */ + if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - - /* s := s * k^-1 mod order */ - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + if (!BN_mod_mul(s, s, blind, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } From matt at openssl.org Thu Jun 21 09:27:06 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 21 Jun 2018 09:27:06 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529573226.969837.13193.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 77b6b171a3b0a0f19ffcc8d4e682090fb88f0d10 (commit) from 56c91e6dda3252b40396fcecd4005a823a8c7bf5 (commit) - Log ----------------------------------------------------------------- commit 77b6b171a3b0a0f19ffcc8d4e682090fb88f0d10 Author: Matt Caswell Date: Tue Jun 19 15:07:02 2018 +0100 Add blinding to a DSA signature This extends the recently added ECDSA signature blinding to blind DSA too. This is based on side channel attacks demonstrated by Keegan Ryan (NCC Group) for ECDSA which are likely to be able to be applied to DSA. Normally, as in ECDSA, during signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order In ECDSA, the addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. This commit also tweaks the previous ECDSA blinding so that blinding is only removed at the last possible step. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6523) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 +-- crypto/dsa/dsa_ossl.c | 66 +++++++++++++++++++++++++++++++++++++------------- crypto/ec/ecdsa_ossl.c | 14 +++++------ 3 files changed, 58 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index b749d9e..b16a1be 100644 --- a/CHANGES +++ b/CHANGES @@ -9,8 +9,8 @@ Changes between 1.1.0h and 1.1.0i [xx XXX xxxx] - *) Add blinding to an ECDSA signature to protect against side channel attacks - discovered by Keegan Ryan (NCC Group). + *) Add blinding to ECDSA and DSA signatures to protect against side channel + attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 7f48cf2..f60ce70 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -61,19 +61,13 @@ const DSA_METHOD *DSA_OpenSSL(void) static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { BIGNUM *kinv = NULL; - BIGNUM *m; - BIGNUM *xr; + BIGNUM *m, *blind, *blindm, *tmp; BN_CTX *ctx = NULL; int reason = ERR_R_BN_LIB; DSA_SIG *ret = NULL; int rv = 0; - m = BN_new(); - xr = BN_new(); - if (m == NULL || xr == NULL) - goto err; - - if (!dsa->p || !dsa->q || !dsa->g) { + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { reason = DSA_R_MISSING_PARAMETERS; goto err; } @@ -89,6 +83,13 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ctx = BN_CTX_new(); if (ctx == NULL) goto err; + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) + goto err; + redo: if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen)) goto err; @@ -103,17 +104,50 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if (BN_bin2bn(dgst, dlen, m) == NULL) goto err; - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(xr, dsa->priv_key, ret->r, dsa->q, ctx)) - goto err; /* s = xr */ - if (!BN_add(ret->s, xr, m)) - goto err; /* s = m + xr */ - if (BN_cmp(ret->s, dsa->q) > 0) - if (!BN_sub(ret->s, ret->s, dsa->q)) + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod q + * + * We will blind this to protect against side channel attacks + * + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q + */ + + /* Generate a blinding value */ + do { + if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, BN_RAND_TOP_ANY, + BN_RAND_BOTTOM_ANY)) goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod q */ + if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx)) + goto err; + if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx)) + goto err; + + /* blindm := blind * m mod q */ + if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx)) + goto err; + + /* s : = (blind * priv_key * r) + (blind * m) mod q */ + if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q)) + goto err; + + /* s := s * k^-1 mod q */ if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx)) goto err; + /* s:= s * blind^-1 mod q */ + if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL) + goto err; + if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx)) + goto err; + /* * Redo if r or s is zero as required by FIPS 186-3: this is very * unlikely. @@ -130,8 +164,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ret = NULL; } BN_CTX_free(ctx); - BN_clear_free(m); - BN_clear_free(xr); BN_clear_free(kinv); return ret; } diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index 449be0e..c103917 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -302,7 +302,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, * * We will blind this to protect against side channel attacks * - * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod order */ /* Generate a blinding value */ @@ -337,18 +337,18 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, goto err; } - /* s:= s * blind^-1 mod order */ - if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { + /* s := s * k^-1 mod order */ + if (!BN_mod_mul(s, s, ckinv, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, blind, order, ctx)) { + + /* s:= s * blind^-1 mod order */ + if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - - /* s := s * k^-1 mod order */ - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + if (!BN_mod_mul(s, s, blind, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } From matt at openssl.org Thu Jun 21 09:31:21 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 21 Jun 2018 09:31:21 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1529573481.552958.14959.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 41d23d435221411b4d70c08b6c5424d0afcf4c19 (commit) from 8fbbbdd5fcfeca62d339d1db11887da2a298ee8e (commit) - Log ----------------------------------------------------------------- commit 41d23d435221411b4d70c08b6c5424d0afcf4c19 Author: Matt Caswell Date: Tue Jun 19 15:07:02 2018 +0100 Add blinding to a DSA signature This extends the recently added ECDSA signature blinding to blind DSA too. This is based on side channel attacks demonstrated by Keegan Ryan (NCC Group) for ECDSA which are likely to be able to be applied to DSA. Normally, as in ECDSA, during signing the signer calculates: s:= k^-1 * (m + r * priv_key) mod order In ECDSA, the addition operation above provides a sufficient signal for a flush+reload attack to derive the private key given sufficient signature operations. As a mitigation (based on a suggestion from Keegan) we add blinding to the operation so that: s := k^-1 * blind^-1 (blind * m + blind * r * priv_key) mod order Since this attack is a localhost side channel only no CVE is assigned. This commit also tweaks the previous ECDSA blinding so that blinding is only removed at the last possible step. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6524) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 +-- crypto/dsa/dsa_ossl.c | 73 +++++++++++++++++++++++++++++++++++-------------- crypto/ecdsa/ecs_ossl.c | 14 +++++----- 3 files changed, 61 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index a3861ab..f9562dd 100644 --- a/CHANGES +++ b/CHANGES @@ -9,8 +9,8 @@ Changes between 1.0.2o and 1.0.2p [xx XXX xxxx] - *) Add blinding to an ECDSA signature to protect against side channel attacks - discovered by Keegan Ryan (NCC Group). + *) Add blinding to ECDSA and DSA signatures to protect against side channel + attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index aa10dd1..2dcfede 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -133,17 +133,13 @@ const DSA_METHOD *DSA_OpenSSL(void) static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { BIGNUM *kinv = NULL, *r = NULL, *s = NULL; - BIGNUM m; - BIGNUM xr; + BIGNUM *m, *blind, *blindm, *tmp; BN_CTX *ctx = NULL; int reason = ERR_R_BN_LIB; DSA_SIG *ret = NULL; int noredo = 0; - BN_init(&m); - BN_init(&xr); - - if (!dsa->p || !dsa->q || !dsa->g) { + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { reason = DSA_R_MISSING_PARAMETERS; goto err; } @@ -154,6 +150,13 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ctx = BN_CTX_new(); if (ctx == NULL) goto err; + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) + goto err; + redo: if ((dsa->kinv == NULL) || (dsa->r == NULL)) { if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) @@ -173,20 +176,52 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) * 4.2 */ dlen = BN_num_bytes(dsa->q); - if (BN_bin2bn(dgst, dlen, &m) == NULL) + if (BN_bin2bn(dgst, dlen, m) == NULL) goto err; - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) - goto err; /* s = xr */ - if (!BN_add(s, &xr, &m)) - goto err; /* s = m + xr */ - if (BN_cmp(s, dsa->q) > 0) - if (!BN_sub(s, s, dsa->q)) + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod q + * + * We will blind this to protect against side channel attacks + * + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q + */ + + /* Generate a blinding value */ + do { + if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, -1, 0)) goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod q */ + if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx)) + goto err; + if (!BN_mod_mul(tmp, tmp, r, dsa->q, ctx)) + goto err; + + /* blindm := blind * m mod q */ + if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx)) + goto err; + + /* s : = (blind * priv_key * r) + (blind * m) mod q */ + if (!BN_mod_add_quick(s, tmp, blindm, dsa->q)) + goto err; + + /* s := s * k^-1 mod q */ if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) goto err; + /* s:= s * blind^-1 mod q */ + if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL) + goto err; + if (!BN_mod_mul(s, s, blind, dsa->q, ctx)) + goto err; + /* * Redo if r or s is zero as required by FIPS 186-3: this is very * unlikely. @@ -210,13 +245,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) BN_free(r); BN_free(s); } - if (ctx != NULL) - BN_CTX_free(ctx); - BN_clear_free(&m); - BN_clear_free(&xr); - if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ - BN_clear_free(kinv); - return (ret); + BN_CTX_free(ctx); + BN_clear_free(kinv); + return ret; } static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 1d37551..6115df7 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -334,7 +334,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, * * We will blind this to protect against side channel attacks * - * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod order */ /* Generate a blinding value */ @@ -368,18 +368,18 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, goto err; } - /* s:= s * blind^-1 mod order */ - if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { + /* s := s * k^-1 mod order */ + if (!BN_mod_mul(s, s, ckinv, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, blind, order, ctx)) { + + /* s:= s * blind^-1 mod order */ + if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } - - /* s := s * k^-1 mod order */ - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + if (!BN_mod_mul(s, s, blind, order, ctx)) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); goto err; } From no-reply at appveyor.com Thu Jun 21 09:55:27 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 Jun 2018 09:55:27 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.18624 Message-ID: <20180621095527.1.EA11ACDB12BCC79F@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jun 21 09:58:33 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 21 Jun 2018 09:58:33 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529575113.312709.19772.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 7b3e775a6a78650bbd3e8e19a5aa12981880402b (commit) via cc39f9250957dfe6e9f1b62a4eca1863e8451483 (commit) from 77b6b171a3b0a0f19ffcc8d4e682090fb88f0d10 (commit) - Log ----------------------------------------------------------------- commit 7b3e775a6a78650bbd3e8e19a5aa12981880402b Author: Billy Brumley Date: Wed Jun 20 10:56:37 2018 +0300 [crypto/ec] don't assume points are of order group->order (cherry picked from commit 01fd5df77d401c87f926552ec24c0a09e5735006) Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6549) commit cc39f9250957dfe6e9f1b62a4eca1863e8451483 Author: Andy Polyakov Date: Mon May 7 10:27:45 2018 +0200 ec/ec_mult.c: get BN_CTX_start,end sequence right. Triggered by Coverity analysis. Reviewed-by: Rich Salz (cherry picked from commit 7d859d1c8868b81c5d810021af0b40f355af4e1f) Reviewed-by: Bernd Edlinger Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6549) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_mult.c | 32 +++++++++++++++++--------------- test/evptests.txt | 29 +++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 15 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index cac9591..106e754 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -136,17 +136,18 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) { - int i, order_bits, group_top, kbit, pbit, Z_is_one; + int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; EC_POINT *s = NULL; BIGNUM *k = NULL; BIGNUM *lambda = NULL; + BIGNUM *cardinality = NULL; BN_CTX *new_ctx = NULL; int ret = 0; if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) - goto err; + return 0; - order_bits = BN_num_bits(group->order); + BN_CTX_start(ctx); s = EC_POINT_new(group); if (s == NULL) @@ -162,19 +163,20 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); - BN_CTX_start(ctx); + cardinality = BN_CTX_get(ctx); lambda = BN_CTX_get(ctx); k = BN_CTX_get(ctx); - if (k == NULL) + if (k == NULL || !BN_mul(cardinality, group->order, group->cofactor, ctx)) goto err; /* - * Group orders are often on a word boundary. + * Group cardinalities are often on a word boundary. * So when we pad the scalar, some timing diff might * pop if it needs to be expanded due to carries. * So expand ahead of time. */ - group_top = bn_get_top(group->order); + cardinality_bits = BN_num_bits(cardinality); + group_top = bn_get_top(cardinality); if ((bn_wexpand(k, group_top + 1) == NULL) || (bn_wexpand(lambda, group_top + 1) == NULL)) goto err; @@ -184,25 +186,25 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, BN_set_flags(k, BN_FLG_CONSTTIME); - if ((BN_num_bits(k) > order_bits) || (BN_is_negative(k))) { + if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) { /*- * this is an unusual input, and we don't guarantee * constant-timeness */ - if (!BN_nnmod(k, k, group->order, ctx)) + if (!BN_nnmod(k, k, cardinality, ctx)) goto err; } - if (!BN_add(lambda, k, group->order)) + if (!BN_add(lambda, k, cardinality)) goto err; BN_set_flags(lambda, BN_FLG_CONSTTIME); - if (!BN_add(k, lambda, group->order)) + if (!BN_add(k, lambda, cardinality)) goto err; /* - * lambda := scalar + order - * k := scalar + 2*order + * lambda := scalar + cardinality + * k := scalar + 2*cardinality */ - kbit = BN_is_bit_set(lambda, order_bits); + kbit = BN_is_bit_set(lambda, cardinality_bits); BN_consttime_swap(kbit, k, lambda, group_top + 1); group_top = bn_get_top(group->field); @@ -292,7 +294,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, * This is XOR. pbit tracks the previous bit of k. */ - for (i = order_bits - 1; i >= 0; i--) { + for (i = cardinality_bits - 1; i >= 0; i--) { kbit = BN_is_bit_set(k, i) ^ pbit; EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); if (!EC_POINT_add(group, s, r, s, ctx)) diff --git a/test/evptests.txt b/test/evptests.txt index fd8d98d..fea0a77 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -19144,6 +19144,35 @@ PeerKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC Ctrl=ecdh_cofactor_mode:1 SharedSecret=02da266a269bdc8d8b2a0c6bb5762f102fc801c8d5394a9271539136bd81d4b69cfbb7525cd0a983fb7f7e9deec583b8f8e574c6184b2d79831ec770649e484dc006fa35b0bffd0b +# for cofactor-order points, ECC CDH (co-factor ECDH) should fail. Test that. + +PrivateKey=ALICE_cf_sect283k1 +-----BEGIN PRIVATE KEY----- +MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAHtPwRfQZ9pWgSctyHdt +xt3pd8ESMI3ugVx8MDLkiVB8GkCRoUwDSgAEA+xpY5sDcgM2yYxoWOrzH7WUH+b3 +n68A32kODgcKu8PXRYEKBH8Xzbr974982ZJW1sGrDs+P81sIFH8tdp45Jkr+OtfM +8uKr +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA+xpY5sDcgM2yYxoWOrzH7WUH+b3n68A +32kODgcKu8PXRYEKBH8Xzbr974982ZJW1sGrDs+P81sIFH8tdp45Jkr+OtfM8uKr +-----END PUBLIC KEY----- + +PublicKey=BOB_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect283k1 +PeerKey=BOB_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result = DERIVE_ERROR # Test mismatches PrivPubKeyPair = Alice-25519:Bob-25519-PUBLIC From matt at openssl.org Thu Jun 21 10:05:55 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 21 Jun 2018 10:05:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529575555.013972.22142.nullmailer@dev.openssl.org> The branch master has been updated via 4f1b96f9fcd2545b42186832ce2354d005ebe468 (commit) from 7f9822a48213dd2feca845dbbb6bcb8beb9550de (commit) - Log ----------------------------------------------------------------- commit 4f1b96f9fcd2545b42186832ce2354d005ebe468 Author: Nicola Tuveri Date: Tue Jun 12 17:42:31 2018 +0300 Use DEPRECATEDIN_1_2_0 macro for DSA_sign_setup declaration Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6467) ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_sign.c | 2 ++ include/openssl/dsa.h | 2 +- util/libcrypto.num | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 7057ea5..d8e2781 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -16,7 +16,9 @@ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } +#if OPENSSL_API_COMPAT < 0x10200000L int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } +#endif diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index e1be0ad..f347f71 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -99,7 +99,7 @@ int DSA_size(const DSA *); int DSA_bits(const DSA *d); int DSA_security_bits(const DSA *d); /* next 4 return -1 on error */ -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)) int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa); int DSA_verify(int type, const unsigned char *dgst, int dgst_len, diff --git a/util/libcrypto.num b/util/libcrypto.num index f5122e2..9ca1476 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -728,7 +728,7 @@ BIO_snprintf 726 1_1_0 EXIST::FUNCTION: EC_POINT_hex2point 727 1_1_0 EXIST::FUNCTION:EC X509v3_get_ext_by_critical 728 1_1_0 EXIST::FUNCTION: ENGINE_get_default_RSA 729 1_1_0 EXIST::FUNCTION:ENGINE -DSA_sign_setup 730 1_1_0 EXIST::FUNCTION:DSA +DSA_sign_setup 730 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,DSA OPENSSL_sk_new_null 731 1_1_0 EXIST::FUNCTION: PEM_read_PKCS8 732 1_1_0 EXIST::FUNCTION:STDIO BN_mod_sqr 733 1_1_0 EXIST::FUNCTION: From matt at openssl.org Thu Jun 21 10:13:31 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 21 Jun 2018 10:13:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529576011.987188.23836.nullmailer@dev.openssl.org> The branch master has been updated via 27232cc3385260311e7fd2f6cd78db967cae650d (commit) from 4f1b96f9fcd2545b42186832ce2354d005ebe468 (commit) - Log ----------------------------------------------------------------- commit 27232cc3385260311e7fd2f6cd78db967cae650d Author: Matt Caswell Date: Mon Jun 18 11:30:21 2018 +0100 Don't use OPENSSL_strdup() for copying alpn_selected An alpn_selected value containing NUL bytes in it will result in ext.alpn_selected_len having a larger value than the number of bytes allocated in ext.alpn_selected. Issue found by OSS-fuzz. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6507) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_asn1.c | 10 ++++++---- ssl/ssl_sess.c | 10 ++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 9af4b84..b56c5e9 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -328,7 +328,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint; ret->ext.tick_age_add = as->tlsext_tick_age_add; - if (as->tlsext_tick) { + OPENSSL_free(ret->ext.tick); + if (as->tlsext_tick != NULL) { ret->ext.tick = as->tlsext_tick->data; ret->ext.ticklen = as->tlsext_tick->length; as->tlsext_tick->data = NULL; @@ -355,11 +356,11 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->flags = (int32_t)as->flags; ret->ext.max_early_data = as->max_early_data; + OPENSSL_free(ret->ext.alpn_selected); if (as->alpn_selected != NULL) { - if (!ssl_session_strndup((char **)&ret->ext.alpn_selected, - as->alpn_selected)) - goto err; + ret->ext.alpn_selected = as->alpn_selected->data; ret->ext.alpn_selected_len = as->alpn_selected->length; + as->alpn_selected->data = NULL; } else { ret->ext.alpn_selected = NULL; ret->ext.alpn_selected_len = 0; @@ -367,6 +368,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode; + OPENSSL_free(ret->ticket_appdata); if (as->ticket_appdata != NULL) { ret->ticket_appdata = as->ticket_appdata->data; ret->ticket_appdata_len = as->ticket_appdata->length; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 0723765..fde4187 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -220,13 +220,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) dest->ext.ticklen = 0; } - if (src->ext.alpn_selected) { - dest->ext.alpn_selected = - (unsigned char*)OPENSSL_strndup((char*)src->ext.alpn_selected, - src->ext.alpn_selected_len); - if (dest->ext.alpn_selected == NULL) { + if (src->ext.alpn_selected != NULL) { + dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected, + src->ext.alpn_selected_len); + if (dest->ext.alpn_selected == NULL) goto err; - } } #ifndef OPENSSL_NO_SRP From levitte at openssl.org Thu Jun 21 11:33:53 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 21 Jun 2018 11:33:53 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529580833.268408.5396.nullmailer@dev.openssl.org> The branch master has been updated via a766aab93a282774e63ba918d0bb1c6680a5f292 (commit) from 27232cc3385260311e7fd2f6cd78db967cae650d (commit) - Log ----------------------------------------------------------------- commit a766aab93a282774e63ba918d0bb1c6680a5f292 Author: Billy Brumley Date: Wed Jun 20 10:56:37 2018 +0300 [crypto/ec] don't assume points are of order group->order Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6535) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_mult.c | 29 +++++++++++++++-------------- test/recipes/30-test_evp_data/evppkey.txt | 29 +++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 14 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index b668e87..c821cb8 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -132,10 +132,11 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) { - int i, order_bits, group_top, kbit, pbit, Z_is_one; + int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; EC_POINT *s = NULL; BIGNUM *k = NULL; BIGNUM *lambda = NULL; + BIGNUM *cardinality = NULL; BN_CTX *new_ctx = NULL; int ret = 0; @@ -144,8 +145,6 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, BN_CTX_start(ctx); - order_bits = BN_num_bits(group->order); - s = EC_POINT_new(group); if (s == NULL) goto err; @@ -160,18 +159,20 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); + cardinality = BN_CTX_get(ctx); lambda = BN_CTX_get(ctx); k = BN_CTX_get(ctx); - if (k == NULL) + if (k == NULL || !BN_mul(cardinality, group->order, group->cofactor, ctx)) goto err; /* - * Group orders are often on a word boundary. + * Group cardinalities are often on a word boundary. * So when we pad the scalar, some timing diff might * pop if it needs to be expanded due to carries. * So expand ahead of time. */ - group_top = bn_get_top(group->order); + cardinality_bits = BN_num_bits(cardinality); + group_top = bn_get_top(cardinality); if ((bn_wexpand(k, group_top + 1) == NULL) || (bn_wexpand(lambda, group_top + 1) == NULL)) goto err; @@ -181,25 +182,25 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, BN_set_flags(k, BN_FLG_CONSTTIME); - if ((BN_num_bits(k) > order_bits) || (BN_is_negative(k))) { + if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) { /*- * this is an unusual input, and we don't guarantee * constant-timeness */ - if (!BN_nnmod(k, k, group->order, ctx)) + if (!BN_nnmod(k, k, cardinality, ctx)) goto err; } - if (!BN_add(lambda, k, group->order)) + if (!BN_add(lambda, k, cardinality)) goto err; BN_set_flags(lambda, BN_FLG_CONSTTIME); - if (!BN_add(k, lambda, group->order)) + if (!BN_add(k, lambda, cardinality)) goto err; /* - * lambda := scalar + order - * k := scalar + 2*order + * lambda := scalar + cardinality + * k := scalar + 2*cardinality */ - kbit = BN_is_bit_set(lambda, order_bits); + kbit = BN_is_bit_set(lambda, cardinality_bits); BN_consttime_swap(kbit, k, lambda, group_top + 1); group_top = bn_get_top(group->field); @@ -300,7 +301,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, * This is XOR. pbit tracks the previous bit of k. */ - for (i = order_bits - 1; i >= 0; i--) { + for (i = cardinality_bits - 1; i >= 0; i--) { kbit = BN_is_bit_set(k, i) ^ pbit; EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); if (!EC_POINT_add(group, s, r, s, ctx)) diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index e191b6f..7435125 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -17257,6 +17257,35 @@ PeerKey=KAS-ECC-CDH_B-571_C24-Peer-PUBLIC Ctrl=ecdh_cofactor_mode:1 SharedSecret=02da266a269bdc8d8b2a0c6bb5762f102fc801c8d5394a9271539136bd81d4b69cfbb7525cd0a983fb7f7e9deec583b8f8e574c6184b2d79831ec770649e484dc006fa35b0bffd0b +# for cofactor-order points, ECC CDH (co-factor ECDH) should fail. Test that. + +PrivateKey=ALICE_cf_sect283k1 +-----BEGIN PRIVATE KEY----- +MIGQAgEAMBAGByqGSM49AgEGBSuBBAAQBHkwdwIBAQQkAHtPwRfQZ9pWgSctyHdt +xt3pd8ESMI3ugVx8MDLkiVB8GkCRoUwDSgAEA+xpY5sDcgM2yYxoWOrzH7WUH+b3 +n68A32kODgcKu8PXRYEKBH8Xzbr974982ZJW1sGrDs+P81sIFH8tdp45Jkr+OtfM +8uKr +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEA+xpY5sDcgM2yYxoWOrzH7WUH+b3n68A +32kODgcKu8PXRYEKBH8Xzbr974982ZJW1sGrDs+P81sIFH8tdp45Jkr+OtfM8uKr +-----END PUBLIC KEY----- + +PublicKey=BOB_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +-----END PUBLIC KEY----- + +PrivPubKeyPair = ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect283k1 +PeerKey=BOB_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result = DERIVE_ERROR Title = Test keypair mistmatches From no-reply at appveyor.com Thu Jun 21 11:51:53 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 21 Jun 2018 11:51:53 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.18630 Message-ID: <20180621115153.1.8646F01889808834@appveyor.com> An HTML attachment was scrubbed... URL: From appro at openssl.org Thu Jun 21 12:02:29 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 21 Jun 2018 12:02:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529582549.294334.11524.nullmailer@dev.openssl.org> The branch master has been updated via 9be083ad36cd148bddaa11cee835e27b6f5e67df (commit) from a766aab93a282774e63ba918d0bb1c6680a5f292 (commit) - Log ----------------------------------------------------------------- commit 9be083ad36cd148bddaa11cee835e27b6f5e67df Author: Andy Polyakov Date: Mon Jun 18 12:50:53 2018 +0200 Remove some inline assembler and non-standard constructs. The goal is to minimize maintenance burden by eliminating somewhat obscure platform-specific tweaks that are not viewed as critical for contemporary applications. This affects Camellia and digest implementations that rely on md32_common.h, MD4, MD5, SHA1, SHA256. SHA256 is the only one that can be viewed as critical, but given the assembly coverage, the omission is considered appropriate. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6508) ----------------------------------------------------------------------- Summary of changes: crypto/camellia/camellia.c | 50 ++----------- crypto/include/internal/md32_common.h | 128 ++-------------------------------- 2 files changed, 10 insertions(+), 168 deletions(-) diff --git a/crypto/camellia/camellia.c b/crypto/camellia/camellia.c index 6641a62..45f2325 100644 --- a/crypto/camellia/camellia.c +++ b/crypto/camellia/camellia.c @@ -44,51 +44,11 @@ #include #include -/* 32-bit rotations */ -#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define RightRotate(x, s) _lrotr(x, s) -# define LeftRotate(x, s) _lrotl(x, s) -# if _MSC_VER >= 1400 -# define SWAP(x) _byteswap_ulong(x) -# else -# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) -# endif -# define GETU32(p) SWAP(*((u32 *)(p))) -# define PUTU32(p,v) (*((u32 *)(p)) = SWAP((v))) -# elif defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) || defined(__x86_64) -# define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) -# define LeftRotate(x,s) ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) -# if defined(B_ENDIAN) /* stratus.com does it */ -# define GETU32(p) (*(u32 *)(p)) -# define PUTU32(p,v) (*(u32 *)(p)=(v)) -# else -# define GETU32(p) ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; }) -# define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; }) -# endif -# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ - defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) -# define LeftRotate(x,s) ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; }) -# define RightRotate(x,s) LeftRotate(x,(32-s)) -# elif defined(__s390x__) -# define LeftRotate(x,s) ({u32 ret; asm ("rll %0,%1,%2":"=r"(ret):"r"(x),"I"(s)); ret; }) -# define RightRotate(x,s) LeftRotate(x,(32-s)) -# define GETU32(p) (*(u32 *)(p)) -# define PUTU32(p,v) (*(u32 *)(p)=(v)) -# endif -# endif -#endif - -#if !defined(RightRotate) && !defined(LeftRotate) -# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) ) -# define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) ) -#endif - -#if !defined(GETU32) && !defined(PUTU32) -# define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) -# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) -#endif +#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) ) +#define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) ) + +#define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) +#define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) /* S-box data */ #define SBOX1_1110 Camellia_SBOX[0] diff --git a/crypto/include/internal/md32_common.h b/crypto/include/internal/md32_common.h index e498cf3..2e9f893 100644 --- a/crypto/include/internal/md32_common.h +++ b/crypto/include/internal/md32_common.h @@ -93,149 +93,31 @@ # error "HASH_BLOCK_DATA_ORDER must be defined!" #endif -/* - * Engage compiler specific rotate intrinsic function if available. - */ -#undef ROTATE -#ifndef PEDANTIC -# if defined(_MSC_VER) -# define ROTATE(a,n) _lrotl(a,n) -# elif defined(__ICC) -# define ROTATE(a,n) _rotl(a,n) -# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) - /* - * Some GNU C inline assembler templates. Note that these are - * rotates by *constant* number of bits! But that's exactly - * what we need here... - */ -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "roll %1,%0" \ - : "=r"(ret) \ - : "I"(n), "0"((unsigned int)(a)) \ - : "cc"); \ - ret; \ - }) -# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ - defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "rlwinm %0,%1,%2,0,31" \ - : "=r"(ret) \ - : "r"(a), "I"(n)); \ - ret; \ - }) -# elif defined(__s390x__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ("rll %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a), "I"(n)); \ - ret; \ - }) -# endif -# endif -#endif /* PEDANTIC */ - -#ifndef ROTATE -# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) -#endif +#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) #if defined(DATA_ORDER_IS_BIG_ENDIAN) -# ifndef PEDANTIC -# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ - (defined(__x86_64) || defined(__x86_64__)) -# if !defined(B_ENDIAN) - /* - * This gives ~30-40% performance improvement in SHA-256 compiled - * with gcc [on P4]. Well, first macro to be frank. We can pull - * this trick on x86* platforms only, because these CPUs can fetch - * unaligned data without raising an exception. - */ -# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ - asm ("bswapl %0":"=r"(r):"0"(r)); \ - (c)+=4; (l)=r; }) -# define HOST_l2c(l,c) ({ unsigned int r=(l); \ - asm ("bswapl %0":"=r"(r):"0"(r)); \ - *((unsigned int *)(c))=r; (c)+=4; r; }) -# endif -# elif defined(__aarch64__) -# if defined(__BYTE_ORDER__) -# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -# define HOST_c2l(c,l) ({ unsigned int r; \ - asm ("rev %w0,%w1" \ - :"=r"(r) \ - :"r"(*((const unsigned int *)(c))));\ - (c)+=4; (l)=r; }) -# define HOST_l2c(l,c) ({ unsigned int r; \ - asm ("rev %w0,%w1" \ - :"=r"(r) \ - :"r"((unsigned int)(l)));\ - *((unsigned int *)(c))=r; (c)+=4; r; }) -# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) -# endif -# endif -# endif -# endif -# if defined(__s390__) || defined(__s390x__) -# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) -# endif -# endif - -# ifndef HOST_c2l -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++))) ) ) -# endif -# ifndef HOST_l2c -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff), \ l) -# endif #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# ifndef PEDANTIC -# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__s390x__) -# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \ - :"=d"(l) :"m"(*(const unsigned int *)(c)));\ - (c)+=4; (l); }) -# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \ - :"=m"(*(unsigned int *)(c)) :"d"(l));\ - (c)+=4; (l); }) -# endif -# endif -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# ifndef B_ENDIAN - /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ -# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) -# endif -# endif -# endif - -# ifndef HOST_c2l -# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ +# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<<24) ) -# endif -# ifndef HOST_l2c -# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ l) -# endif #endif From appro at openssl.org Thu Jun 21 12:06:15 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 21 Jun 2018 12:06:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529582775.802532.12972.nullmailer@dev.openssl.org> The branch master has been updated via 1b712f3fe4752ae1c770f06f957c0e5675b1801c (commit) from 9be083ad36cd148bddaa11cee835e27b6f5e67df (commit) - Log ----------------------------------------------------------------- commit 1b712f3fe4752ae1c770f06f957c0e5675b1801c Author: Andy Polyakov Date: Wed Jun 20 14:14:11 2018 +0200 Configurations/10-main.conf: IRIX configs unification. Add irix-common template that covers even irix-shared from shared-info.pl. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6536) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 53 ++++++++++++++++--------------------------- Configurations/shared-info.pl | 7 ------ 2 files changed, 19 insertions(+), 41 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 54f609d..a62abe2 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -356,75 +356,60 @@ my %targets = ( #### IRIX 6.x configs # Only N32 and N64 ABIs are supported. + "irix-common" => { + inherit_from => [ "BASE_unix" ], + template => 1, + cppflags => threads("-D_SGI_MP_SOURCE"), + lib_cppflags => "-DB_ENDIAN -DBN_DIV3W", + ex_libs => add(threads("-lpthread")), + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "self", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + shared_ldflag => "-shared -Wl,-Bsymbolic", + shared_sonameflag=> "-Wl,-soname,", + }, "irix-mips3-gcc" => { - inherit_from => [ "BASE_unix", asm("mips64_asm") ], + inherit_from => [ "irix-common", asm("mips64_asm") ], CC => "gcc", CFLAGS => picker(debug => "-g -O0", release => "-O3"), + LDFLAGS => "-static-libgcc", cflags => "-mabi=n32", - cppflags => combine("-DB_ENDIAN -DBN_DIV3W", - threads("-D_SGI_MP_SOURCE")), - cppflags => threads("-D_SGI_MP_SOURCE"), - lib_cppflags => "-DB_ENDIAN -DBN_DIV3W", - ex_libs => add(threads("-lpthread")), bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", - thread_scheme => "pthreads", perlasm_scheme => "n32", - dso_scheme => "dlfcn", - shared_target => "irix-shared", - shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "32", }, "irix-mips3-cc" => { - inherit_from => [ "BASE_unix", asm("mips64_asm") ], + inherit_from => [ "irix-common", asm("mips64_asm") ], CC => "cc", CFLAGS => picker(debug => "-g -O0", release => "-O2"), cflags => "-n32 -mips3 -use_readonly_const -G0 -rdata_shared", - cppflags => threads("-D_SGI_MP_SOURCE"), - lib_cppflags => "-DB_ENDIAN -DBN_DIV3W", - ex_libs => add(threads("-lpthread")), bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", - thread_scheme => "pthreads", perlasm_scheme => "n32", - dso_scheme => "dlfcn", - shared_target => "irix-shared", - shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "32", }, # N64 ABI builds. "irix64-mips4-gcc" => { - inherit_from => [ "BASE_unix", asm("mips64_asm") ], + inherit_from => [ "irix-common", asm("mips64_asm") ], CC => "gcc", CFLAGS => picker(debug => "-g -O0", release => "-O3"), + LDFLAGS => "-static-libgcc", cflags => "-mabi=64 -mips4", - cppflags => threads("-D_SGI_MP_SOURCE"), - lib_cppflags => "-DB_ENDIAN -DBN_DIV3W", - ex_libs => add(threads("-lpthread")), bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG", - thread_scheme => "pthreads", perlasm_scheme => "64", - dso_scheme => "dlfcn", - shared_target => "irix-shared", - shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "64", }, "irix64-mips4-cc" => { - inherit_from => [ "BASE_unix", asm("mips64_asm") ], + inherit_from => [ "irix-common", asm("mips64_asm") ], CC => "cc", CFLAGS => picker(debug => "-g -O0", release => "-O2"), cflags => "-64 -mips4 -use_readonly_const -G0 -rdata_shared", - cppflags => threads("-D_SGI_MP_SOURCE"), - lib_cppflags => "-DB_ENDIAN -DBN_DIV3W", - ex_libs => threads("-lpthread"), bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG", - thread_scheme => "pthreads", perlasm_scheme => "64", - dso_scheme => "dlfcn", - shared_target => "irix-shared", - shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", multilib => "64", }, diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index 6c5e338..47eddd6 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -79,11 +79,4 @@ my %shared_info; shared_sonameflag => '-h ', }; }, - 'irix-shared' => sub { - return $shared_info{'gnu-shared'} if detect_gnu_ld(); - return { - shared_ldflag => '-shared -Wl,-Bsymbolic', - shared_sonameflag => '-Wl,-soname=', - }; - }, ); From appro at openssl.org Thu Jun 21 13:15:03 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 21 Jun 2018 13:15:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529586903.891352.27016.nullmailer@dev.openssl.org> The branch master has been updated via 991f0355fb782f499e226a732c0099847048c91a (commit) from 1b712f3fe4752ae1c770f06f957c0e5675b1801c (commit) - Log ----------------------------------------------------------------- commit 991f0355fb782f499e226a732c0099847048c91a Author: FdaSilvaYY Date: Tue May 8 09:47:26 2018 +0200 apps/ca: fix useless get before delete. Small simplification by skipping effectively redundant step and not resuming search from point past deletion. Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6195) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 4a8396e..558809e 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1706,11 +1706,11 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } + i = -1; while ((i = X509_NAME_get_index_by_NID(dn_subject, NID_pkcs9_emailAddress, - -1)) >= 0) { - tmpne = X509_NAME_get_entry(dn_subject, i); - X509_NAME_delete_entry(dn_subject, i); + i)) >= 0) { + tmpne = X509_NAME_delete_entry(dn_subject, i--); X509_NAME_ENTRY_free(tmpne); } From rsalz at openssl.org Thu Jun 21 14:52:20 2018 From: rsalz at openssl.org (Rich Salz) Date: Thu, 21 Jun 2018 14:52:20 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1529592740.171340.11615.nullmailer@dev.openssl.org> The branch master has been updated via 805106fc21b3bb4337c68f736fe43518344862a8 (commit) from 3660c7ff2c23ae4d89e463f0abd5a359b6172775 (commit) - Log ----------------------------------------------------------------- commit 805106fc21b3bb4337c68f736fe43518344862a8 Author: Rich Salz Date: Mon May 21 08:50:06 2018 -0400 Better flag parsing; build by default Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/tools/pull/15) ----------------------------------------------------------------------- Summary of changes: review-tools/ghmerge | 69 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 42 insertions(+), 27 deletions(-) diff --git a/review-tools/ghmerge b/review-tools/ghmerge index 7f00b7c..1fb70c8 100755 --- a/review-tools/ghmerge +++ b/review-tools/ghmerge @@ -12,36 +12,49 @@ if [ ! -d .git ] ; then exit 1 fi -if [ "$1" = "--tools" ] ; then - WHAT=tools ; MERGE=yes ; BUILD=no ; shift -fi -if [ "$1" = "--web" ] ; then - WHAT=web ; MERGE=yes ; BUILD=no ; shift -fi -if [ "$1" == "--trivial" ] ; then - TRIVIAL="--trivial" ; shift -fi -if [ "$1" == "--merge" -o "$1" == "--squash" ] ; then - MERGE=yes ; shift -fi -if [ "$1" == "--nomerge" -o "$1" == "--nosquash" ] ; then - MERGE=no ; shift -fi +# Parse JCL. +while true ; do + case "$1" in + --tools) + WHAT=tools ; MERGE=yes ; BUILD=no ; shift + ;; + --web) + WHAT=web ; MERGE=yes ; BUILD=no ; shift + ;; + --trivial) + TRIVIAL="--trivial" ; shift + ;; + --merge | --squash) + MERGE=yes ; shift + ;; + --nomerge | --nosquash) + MERGE=no ; shift + ;; + --nobuild) + BUILD=no ; shift + ;; + --) + shift + break + ;; + -*) + echo "$0: Unknown flag $1" + exit 1 + ;; + *) + break + ;; + esac +done if [ $# -lt 2 ] ; then - echo Usage: `basename $0` '[--trivial] [--merge] prnum reviewer...' + echo "Usage: $0 [flags] prnum reviewer..." exit 1 fi PRNUM=$1 ; shift -case "$PRNUM" in - -*) - echo Usage: `basename $0` '[--trivial] [--[no]merge] prnum reviewer...' - exit 1 - ;; -esac +TEAM=$* curl -s https://api.github.com/repos/openssl/$WHAT/pulls/$PRNUM >/tmp/gh$$ -TEAM=$* set -- `python -c ' from __future__ import print_function import json, sys; @@ -69,13 +82,13 @@ function cleanup { } trap 'cleanup' EXIT - git pull --rebase https://github.com/$WHO/$WHAT.git $BRANCH git rebase $REL + echo Diff against $REL git diff $REL -echo -n Press return to merge to $REL and build: ; read foo +echo -n Press return to merge to $REL: ; read foo addrev $TRIVIAL --prnum=$PRNUM $TEAM ${REL}.. git checkout $REL if [ "$MERGE" == "yes" ] ; then @@ -86,8 +99,10 @@ else git rebase $WORK fi -# echo Rebuilding -# opensslbuild |& tail -3 +if [ "$BUILD" == "yes" ] ; then + echo Rebuilding + ( opensslbuild 2>&1 ) | tail -3 +fi while true ; do echo -n "Enter YES to push or NO to abort: " From levitte at openssl.org Thu Jun 21 16:51:26 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 21 Jun 2018 16:51:26 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529599886.236600.843.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 50d06d1c7d2682b0042e921a76beb509d7ea68e1 (commit) via e4b47f7f19392e3be604e44f6999de2bc9e7ecf3 (commit) from 7b3e775a6a78650bbd3e8e19a5aa12981880402b (commit) - Log ----------------------------------------------------------------- commit 50d06d1c7d2682b0042e921a76beb509d7ea68e1 Author: Nick Mathewson Date: Thu May 24 15:23:15 2018 -0400 Improve the example getpass() implementation to show an error return Also, modernize the code, so that it isn't trying to store a size_t into an int, and then check the int's sign. :/ Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6271) (cherry picked from commit c8c250333cd254ab3f4d709ebc5ed86a7c065721) commit e4b47f7f19392e3be604e44f6999de2bc9e7ecf3 Author: Nick Mathewson Date: Wed May 16 11:07:48 2018 -0400 Update documentation for PEM callback: error is now -1. In previous versions of OpenSSL, the documentation for PEM_read_* said: The callback B return the number of characters in the passphrase or 0 if an error occurred. But since c82c3462267afdbbaa5, 0 is now treated as a non-error return value. Applications that want to indicate an error need to return -1 instead. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6271) (cherry picked from commit bbbf752a3c8b5a966bcb48fc71a3dc03832e7b27) ----------------------------------------------------------------------- Summary of changes: doc/crypto/PEM_read_bio_PrivateKey.pod | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/doc/crypto/PEM_read_bio_PrivateKey.pod b/doc/crypto/PEM_read_bio_PrivateKey.pod index 6b3006e..f8d1d1a 100644 --- a/doc/crypto/PEM_read_bio_PrivateKey.pod +++ b/doc/crypto/PEM_read_bio_PrivateKey.pod @@ -294,7 +294,7 @@ for it twice) if B is 1. The B parameter has the same value as the B parameter passed to the PEM routine. It allows arbitrary data to be passed to the callback by the application (for example a window handle in a GUI application). The callback -B return the number of characters in the passphrase or 0 if +B return the number of characters in the passphrase or -1 if an error occurred. =head1 EXAMPLES @@ -348,17 +348,16 @@ Skeleton pass phrase callback: int pass_cb(char *buf, int size, int rwflag, void *u) { - int len; - char *tmp; /* We'd probably do something else if 'rwflag' is 1 */ printf("Enter pass phrase for \"%s\"\n", (char *)u); /* get pass phrase, length 'len' into 'tmp' */ - tmp = "hello"; - len = strlen(tmp); - if (len <= 0) - return 0; + char *tmp = "hello"; + if (tmp == NULL) /* An error occurred */ + return -1; + + size_t len = strlen(tmp); if (len > size) len = size; From bernd.edlinger at hotmail.de Thu Jun 21 17:06:00 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Thu, 21 Jun 2018 17:06:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529600760.037005.5116.nullmailer@dev.openssl.org> The branch master has been updated via 91860165820daf7a17836597f18752f094b887c8 (commit) from 991f0355fb782f499e226a732c0099847048c91a (commit) - Log ----------------------------------------------------------------- commit 91860165820daf7a17836597f18752f094b887c8 Author: Bernd Edlinger Date: Wed Jun 20 21:41:05 2018 +0200 Add -Wstrict-prototypes option to --strict-warnings [extended tests] Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6542) ----------------------------------------------------------------------- Summary of changes: Configure | 1 + crypto/ct/ct_log.c | 2 +- crypto/ec/curve25519.c | 2 +- test/testutil/driver.c | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Configure b/Configure index bcf2c04..9a60091 100755 --- a/Configure +++ b/Configure @@ -125,6 +125,7 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" . " -Wswitch" . " -Wsign-compare" . " -Wmissing-prototypes" + . " -Wstrict-prototypes" . " -Wshadow" . " -Wformat" . " -Wtype-limits" diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c index 3c9f979..be6681d 100644 --- a/crypto/ct/ct_log.c +++ b/crypto/ct/ct_log.c @@ -46,7 +46,7 @@ typedef struct ctlog_store_load_ctx_st { * Creates an empty context for loading a CT log store. * It should be populated before use. */ -static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(); +static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void); /* * Deletes a CT log store load context. diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index 0f18ff7..9666de1 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -150,7 +150,7 @@ void x25519_fe51_mul121666(fe51 h, fe51 f); typedef uint64_t fe64[4]; -int x25519_fe64_eligible(); +int x25519_fe64_eligible(void); /* * There are no reference C implementations for this radix. diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 9cdce7a..8d48333 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -26,7 +26,7 @@ */ typedef struct test_info { const char *test_case_name; - int (*test_fn) (); + int (*test_fn) (void); int (*param_test_fn)(int idx); int num; From levitte at openssl.org Thu Jun 21 17:12:01 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 21 Jun 2018 17:12:01 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1529601121.674376.7249.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8a8534620da8e13c8a7ab123ecd7fc0226f999bf (commit) via df70ef22c88eac65ee84201547084cf8f14d512e (commit) via d04e651feadebd13cbe6f6d58b78a08e7b8e2994 (commit) from 41d23d435221411b4d70c08b6c5424d0afcf4c19 (commit) - Log ----------------------------------------------------------------- commit 8a8534620da8e13c8a7ab123ecd7fc0226f999bf Author: Nick Mathewson Date: Thu May 24 15:23:15 2018 -0400 Improve the example getpass() implementation to show an error return Also, modernize the code, so that it isn't trying to store a size_t into an int, and then check the int's sign. :/ Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6271) (cherry picked from commit c8c250333cd254ab3f4d709ebc5ed86a7c065721) (cherry picked from commit 50d06d1c7d2682b0042e921a76beb509d7ea68e1) commit df70ef22c88eac65ee84201547084cf8f14d512e Author: Richard Levitte Date: Thu Jun 21 19:01:28 2018 +0200 doc/crypto/pem.pod: modernise the example code Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6552) commit d04e651feadebd13cbe6f6d58b78a08e7b8e2994 Author: Nick Mathewson Date: Wed May 16 11:07:48 2018 -0400 Update documentation for PEM callback: error is now -1. In previous versions of OpenSSL, the documentation for PEM_read_* said: The callback B return the number of characters in the passphrase or 0 if an error occurred. But since c82c3462267afdbbaa5, 0 is now treated as a non-error return value. Applications that want to indicate an error need to return -1 instead. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6271) (cherry picked from commit bbbf752a3c8b5a966bcb48fc71a3dc03832e7b27) (cherry picked from commit e4b47f7f19392e3be604e44f6999de2bc9e7ecf3) ----------------------------------------------------------------------- Summary of changes: doc/crypto/pem.pod | 93 +++++++++++++++++++++++++----------------------------- 1 file changed, 43 insertions(+), 50 deletions(-) diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index 763eb6f..de9ecca 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -342,7 +342,7 @@ for it twice) if B is 1. The B parameter has the same value as the B parameter passed to the PEM routine. It allows arbitrary data to be passed to the callback by the application (for example a window handle in a GUI application). The callback -B return the number of characters in the passphrase or 0 if +B return the number of characters in the passphrase or -1 if an error occurred. =head1 EXAMPLES @@ -354,84 +354,77 @@ Read a certificate in PEM format from a BIO: X509 *x; x = PEM_read_bio_X509(bp, NULL, 0, NULL); - if (x == NULL) - { - /* Error */ - } + if (x == NULL) { + /* Error */ + } Alternative method: X509 *x = NULL; - if (!PEM_read_bio_X509(bp, &x, 0, NULL)) - { - /* Error */ - } + if (!PEM_read_bio_X509(bp, &x, 0, NULL)) { + /* Error */ + } Write a certificate to a BIO: - if (!PEM_write_bio_X509(bp, x)) - { - /* Error */ - } + if (!PEM_write_bio_X509(bp, x)) { + /* Error */ + } Write an unencrypted private key to a FILE pointer: - if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) - { - /* Error */ - } + if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) { + /* Error */ + } Write a private key (using traditional format) to a BIO using triple DES encryption, the pass phrase is prompted for: - if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) - { - /* Error */ - } + if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) { + /* Error */ + } Write a private key (using PKCS#8 format) to a BIO using triple DES encryption, using the pass phrase "hello": - if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) - { - /* Error */ - } + if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) { + /* Error */ + } Read a private key from a BIO using the pass phrase "hello": key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello"); - if (key == NULL) - { - /* Error */ - } + if (key == NULL) { + /* Error */ + } Read a private key from a BIO using a pass phrase callback: key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); - if (key == NULL) - { - /* Error */ - } + if (key == NULL) { + /* Error */ + } Skeleton pass phrase callback: - int pass_cb(char *buf, int size, int rwflag, void *u); - { - int len; - char *tmp; - /* We'd probably do something else if 'rwflag' is 1 */ - printf("Enter pass phrase for \"%s\"\n", u); - - /* get pass phrase, length 'len' into 'tmp' */ - tmp = "hello"; - len = strlen(tmp); - - if (len <= 0) return 0; - /* if too long, truncate */ - if (len > size) len = size; - memcpy(buf, tmp, len); - return len; - } + int pass_cb(char *buf, int size, int rwflag, void *u) + { + + /* We'd probably do something else if 'rwflag' is 1 */ + printf("Enter pass phrase for \"%s\"\n", u); + + /* get pass phrase, length 'len' into 'tmp' */ + char *tmp = "hello"; + if (tmp == NULL) /* An error occurred */ + return -1; + + size_t len = strlen(tmp); + + if (len > size) + len = size; + memcpy(buf, tmp, len); + return len; + } =head1 NOTES From matt at openssl.org Thu Jun 21 17:12:09 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 21 Jun 2018 17:12:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529601129.858592.8190.nullmailer@dev.openssl.org> The branch master has been updated via 379f846387348b1090054b56f1d31cdbcbd64196 (commit) via 792546eb18c3088d7eca0c1ebeb86695bcae18d8 (commit) via 262dccc0d5946ea4add79e16882950dfbd8a4ab8 (commit) via c11d372b3b7080dc153902f14a0d4b402e2dfc92 (commit) from 91860165820daf7a17836597f18752f094b887c8 (commit) - Log ----------------------------------------------------------------- commit 379f846387348b1090054b56f1d31cdbcbd64196 Author: Nicola Tuveri Date: Tue Jun 19 16:55:29 2018 +0300 [fixup] Add CHANGES entry Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6116) commit 792546eb18c3088d7eca0c1ebeb86695bcae18d8 Author: Billy Brumley Date: Tue May 8 14:00:30 2018 +0300 [crypto/ec] default to FLT or error Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6116) commit 262dccc0d5946ea4add79e16882950dfbd8a4ab8 Author: Billy Brumley Date: Sat May 5 11:03:02 2018 +0300 [crypto/ec] remove blinding to support even orders Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6116) commit c11d372b3b7080dc153902f14a0d4b402e2dfc92 Author: Billy Brumley Date: Fri Apr 27 17:45:51 2018 +0300 make EC_GROUP_do_inverse_ord more robust Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6116) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 ++++++ crypto/ec/ec_lcl.h | 8 +++---- crypto/ec/ec_lib.c | 60 +++++++++++++++++++++++++++++++++++++++++++++--- crypto/ec/ecdsa_ossl.c | 41 ++++++--------------------------- crypto/ec/ecp_nistz256.c | 2 +- 5 files changed, 76 insertions(+), 42 deletions(-) diff --git a/CHANGES b/CHANGES index 4dc0659..8b4a8bb 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,13 @@ release branch. Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Make ec_group_do_inverse_ord() more robust and available to other + EC cryptosystems, so that irrespective of BN_FLG_CONSTTIME, SCA + mitigations are applied to the fallback BN_mod_inverse(). + When using this function rather than BN_mod_inverse() directly, new + EC cryptosystem implementations are then safer-by-default. + [Billy Bob Brumley] + *) Add coordinate blinding for EC_POINT and implement projective coordinate blinding for generic prime curves as a countermeasure to chosen point SCA attacks. diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 006e3b6..cf29c7c 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -174,8 +174,8 @@ struct ec_method_st { int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, const EC_POINT *pub_key, const EC_KEY *ecdh); /* Inverse modulo order */ - int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, BIGNUM *x, - BN_CTX *ctx); + int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, + const BIGNUM *x, BN_CTX *); int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); }; @@ -636,7 +636,7 @@ int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], void X25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]); -int EC_GROUP_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, - BIGNUM *x, BN_CTX *ctx); +int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, + const BIGNUM *x, BN_CTX *ctx); int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index d0393e8..6a2d1b5 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1017,13 +1017,67 @@ int ec_group_simple_order_bits(const EC_GROUP *group) return BN_num_bits(group->order); } -int EC_GROUP_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, - BIGNUM *x, BN_CTX *ctx) +static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, + const BIGNUM *x, BN_CTX *ctx) +{ + BIGNUM *e = NULL; + BN_CTX *new_ctx = NULL; + int ret = 0; + + if (group->mont_data == NULL) + return 0; + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) == NULL) + goto err; + + /*- + * We want inverse in constant time, therefore we utilize the fact + * order must be prime and use Fermats Little Theorem instead. + */ + if (!BN_set_word(e, 2)) + goto err; + if (!BN_sub(e, group->order, e)) + goto err; + /*- + * Exponent e is public. + * No need for scatter-gather or BN_FLG_CONSTTIME. + */ + if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data)) + goto err; + + ret = 1; + + err: + if (ctx != NULL) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + +/*- + * Default behavior, if group->meth->field_inverse_mod_ord is NULL: + * - When group->order is even, this function returns an error. + * - When group->order is otherwise composite, the correctness + * of the output is not guaranteed. + * - When x is outside the range [1, group->order), the correctness + * of the output is not guaranteed. + * - Otherwise, this function returns the multiplicative inverse in the + * range [1, group->order). + * + * EC_METHODs must implement their own field_inverse_mod_ord for + * other functionality. + */ +int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, + const BIGNUM *x, BN_CTX *ctx) { if (group->meth->field_inverse_mod_ord != NULL) return group->meth->field_inverse_mod_ord(group, res, x, ctx); else - return 0; + return ec_field_inverse_mod_ord(group, res, x, ctx); } /*- diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index cdd0cf0..277ac16 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -136,34 +136,10 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } while (BN_is_zero(r)); - /* Check if optimized inverse is implemented */ - if (EC_GROUP_do_inverse_ord(group, k, k, ctx) == 0) { - /* compute the inverse of k */ - if (group->mont_data != NULL) { - /* - * We want inverse in constant time, therefore we utilize the fact - * order must be prime and use Fermats Little Theorem instead. - */ - if (!BN_set_word(X, 2)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - if (!BN_mod_sub(X, order, X, order, ctx)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - BN_set_flags(X, BN_FLG_CONSTTIME); - if (!BN_mod_exp_mont_consttime(k, k, X, order, ctx, - group->mont_data)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - } else { - if (!BN_mod_inverse(k, k, order, ctx)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); - goto err; - } - } + /* compute the inverse of k */ + if (!ec_group_do_inverse_ord(group, k, k, ctx)) { + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); + goto err; } /* clear old values if necessary */ @@ -449,12 +425,9 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, goto err; } /* calculate tmp1 = inv(S) mod order */ - /* Check if optimized inverse is implemented */ - if (EC_GROUP_do_inverse_ord(group, u2, sig->s, ctx) == 0) { - if (!BN_mod_inverse(u2, sig->s, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); - goto err; - } + if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) { + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); + goto err; } /* digest -> m */ i = BN_num_bits(order); diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 0292561..045c2e7 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1512,7 +1512,7 @@ void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], int rep); static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, - BIGNUM *x, BN_CTX *ctx) + const BIGNUM *x, BN_CTX *ctx) { /* RR = 2^512 mod ord(p256) */ static const BN_ULONG RR[P256_LIMBS] = { From levitte at openssl.org Thu Jun 21 18:39:57 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 21 Jun 2018 18:39:57 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529606397.359245.24578.nullmailer@dev.openssl.org> The branch master has been updated via b8c32081e02b7008a90d878eccce46da256dfe86 (commit) from 379f846387348b1090054b56f1d31cdbcbd64196 (commit) - Log ----------------------------------------------------------------- commit b8c32081e02b7008a90d878eccce46da256dfe86 Author: David von Oheimb Date: Sat Feb 10 15:45:11 2018 +0100 add documentation for OCSP_basic_verify() Reviewed-by: Rich Salz Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6227) ----------------------------------------------------------------------- Summary of changes: doc/man3/OCSP_resp_find_status.pod | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod index af7fb1d..1bbc4e3 100644 --- a/doc/man3/OCSP_resp_find_status.pod +++ b/doc/man3/OCSP_resp_find_status.pod @@ -8,7 +8,8 @@ OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, -OCSP_single_get0_status, OCSP_check_validity +OCSP_single_get0_status, OCSP_check_validity, +OCSP_basic_verify - OCSP response utility functions =head1 SYNOPSIS @@ -48,6 +49,9 @@ OCSP_single_get0_status, OCSP_check_validity ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + =head1 DESCRIPTION OCSP_resp_find_status() searches B for an OCSP response for B. If it is @@ -100,6 +104,27 @@ OCSP_single_get0_status(). If B is non-zero it indicates how many seconds leeway should be allowed in the check. If B is positive it indicates the maximum age of B in seconds. +OCSP_basic_verify() checks that the basic response message B is correctly +signed and that the signer certificate can be validated. It takes B as +the trusted store and B as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in . It also searches the certificates the responder may have included +in B unless the B contain B. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of B and fails on error +unless the B contain B. Then the function already returns +success if the B contain B or if the signer certificate +was found in B and the B contain B. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in B and in B are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the B flag is set. After successful path +validation the function returns success if the B flag is set. +Otherwise it verifies that the signer certificate meets the OCSP issuer +criteria including potential delegation. If this does not succeed and the +B do not contain B the function checks for explicit +trust for OCSP signing in the root CA certificate. + =head1 RETURN VALUES OCSP_resp_find_status() returns 1 if B is found in B and 0 otherwise. @@ -119,6 +144,9 @@ occurred. OCSP_resp_get0_signer() returns 1 if the signing certificate was located, or 0 on error. +OCSP_basic_verify() returns 1 on success, 0 on error, or -1 on fatal error such +as malloc failure. + =head1 NOTES Applications will typically call OCSP_resp_find_status() using the certificate From levitte at openssl.org Thu Jun 21 18:41:58 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 21 Jun 2018 18:41:58 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529606518.443204.26088.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 2b451311ee5973907da650ed25393130310c3841 (commit) from 50d06d1c7d2682b0042e921a76beb509d7ea68e1 (commit) - Log ----------------------------------------------------------------- commit 2b451311ee5973907da650ed25393130310c3841 Author: David von Oheimb Date: Sat Feb 10 15:45:11 2018 +0100 add documentation for OCSP_basic_verify() Reviewed-by: Rich Salz Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6227) (cherry picked from commit b8c32081e02b7008a90d878eccce46da256dfe86) ----------------------------------------------------------------------- Summary of changes: doc/crypto/OCSP_resp_find_status.pod | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/doc/crypto/OCSP_resp_find_status.pod b/doc/crypto/OCSP_resp_find_status.pod index 5123f0a..3bb5728 100644 --- a/doc/crypto/OCSP_resp_find_status.pod +++ b/doc/crypto/OCSP_resp_find_status.pod @@ -7,7 +7,8 @@ OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get0_produced_at, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, -OCSP_single_get0_status, OCSP_check_validity +OCSP_single_get0_status, OCSP_check_validity, +OCSP_basic_verify - OCSP response utility functions =head1 SYNOPSIS @@ -44,6 +45,9 @@ OCSP_single_get0_status, OCSP_check_validity ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + =head1 DESCRIPTION OCSP_resp_find_status() searches B for an OCSP response for B. If it is @@ -93,6 +97,27 @@ OCSP_single_get0_status(). If B is non-zero it indicates how many seconds leeway should be allowed in the check. If B is positive it indicates the maximum age of B in seconds. +OCSP_basic_verify() checks that the basic response message B is correctly +signed and that the signer certificate can be validated. It takes B as +the trusted store and B as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in . It also searches the certificates the responder may have included +in B unless the B contain B. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of B and fails on error +unless the B contain B. Then the function already returns +success if the B contain B or if the signer certificate +was found in B and the B contain B. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in B and in B are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the B flag is set. After successful path +validation the function returns success if the B flag is set. +Otherwise it verifies that the signer certificate meets the OCSP issuer +criteria including potential delegation. If this does not succeed and the +B do not contain B the function checks for explicit +trust for OCSP signing in the root CA certificate. + =head1 RETURN VALUES OCSP_resp_find_status() returns 1 if B is found in B and 0 otherwise. @@ -112,6 +137,9 @@ occurred. OCSP_resp_get0_signer() returns 1 if the signing certificate was located, or 0 on error. +OCSP_basic_verify() returns 1 on success, 0 on error, or -1 on fatal error such +as malloc failure. + =head1 NOTES Applications will typically call OCSP_resp_find_status() using the certificate From paul.dale at oracle.com Thu Jun 21 21:08:15 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Thu, 21 Jun 2018 21:08:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529615295.413424.16946.nullmailer@dev.openssl.org> The branch master has been updated via 7d79d13a564d5c065318aa47f4cd511eece449e8 (commit) from b8c32081e02b7008a90d878eccce46da256dfe86 (commit) - Log ----------------------------------------------------------------- commit 7d79d13a564d5c065318aa47f4cd511eece449e8 Author: Shane Lontis Date: Thu Jun 21 13:37:52 2018 +1000 Fixed range of random produced in BN_is_prime_fasttest_ex() to be 1 < rand < w-1. It was using 1<= rand < w (which is wrong by 1 on both ends) Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6547) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_prime.c | 28 +++++++++++++--------------- test/bntest.c | 48 ++++++++++++++++++++++++++++++++++++------------ 2 files changed, 49 insertions(+), 27 deletions(-) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 03ccde9..b91b31b 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -154,19 +154,21 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, int i, j, ret = -1; int k; BN_CTX *ctx = NULL; - BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ + BIGNUM *A1, *A1_odd, *A3, *check; /* taken from ctx */ BN_MONT_CTX *mont = NULL; - if (BN_cmp(a, BN_value_one()) <= 0) + /* Take care of the really small primes 2 & 3 */ + if (BN_is_word(a, 2) || BN_is_word(a, 3)) + return 1; + + /* Check odd and bigger than 1 */ + if (!BN_is_odd(a) || BN_cmp(a, BN_value_one()) <= 0) return 0; if (checks == BN_prime_checks) checks = BN_prime_checks_for_size(BN_num_bits(a)); /* first look for small factors */ - if (!BN_is_odd(a)) - /* a is even => a is prime if and only if a == 2 */ - return BN_is_word(a, 2); if (do_trial_division) { for (i = 1; i < NUMPRIMES; i++) { BN_ULONG mod = BN_mod_word(a, primes[i]); @@ -186,20 +188,18 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_CTX_start(ctx); A1 = BN_CTX_get(ctx); + A3 = BN_CTX_get(ctx); A1_odd = BN_CTX_get(ctx); check = BN_CTX_get(ctx); if (check == NULL) goto err; /* compute A1 := a - 1 */ - if (!BN_copy(A1, a)) - goto err; - if (!BN_sub_word(A1, 1)) + if (!BN_copy(A1, a) || !BN_sub_word(A1, 1)) goto err; - if (BN_is_zero(A1)) { - ret = 0; + /* compute A3 := a - 3 */ + if (!BN_copy(A3, a) || !BN_sub_word(A3, 3)) goto err; - } /* write A1 as A1_odd * 2^k */ k = 1; @@ -216,11 +216,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, goto err; for (i = 0; i < checks; i++) { - if (!BN_priv_rand_range(check, A1)) - goto err; - if (!BN_add_word(check, 1)) + /* 1 < check < a-1 */ + if (!BN_priv_rand_range(check, A3) || !BN_add_word(check, 2)) goto err; - /* now 1 <= check < a */ j = witness(check, a, A1, A1_odd, k, ctx, mont); if (j == -1) diff --git a/test/bntest.c b/test/bntest.c index 3558778..0502497 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -2128,25 +2128,48 @@ err: return st; } -static int test_3_is_prime(void) +static int primes[] = { 2, 3, 5, 7, 17863 }; + +static int test_is_prime(int i) { int ret = 0; BIGNUM *r = NULL; + int trial; - /* - * For a long time, small primes were not considered prime when - * do_trial_division was set. - */ - if (!TEST_ptr(r = BN_new()) - || !TEST_true(BN_set_word(r, 3)) - || !TEST_int_eq(BN_is_prime_fasttest_ex(r, 3 /* nchecks */, ctx, - 0 /* do_trial_division */, NULL), 1) - || !TEST_int_eq(BN_is_prime_fasttest_ex(r, 3 /* nchecks */, ctx, - 1 /* do_trial_division */, NULL), 1)) + if (!TEST_ptr(r = BN_new())) goto err; + for (trial = 0; trial <= 1; ++trial) { + if (!TEST_true(BN_set_word(r, primes[i])) + || !TEST_int_eq(BN_is_prime_fasttest_ex(r, 1, ctx, trial, NULL), + 1)) + goto err; + } + ret = 1; +err: + BN_free(r); + return ret; +} +static int not_primes[] = { -1, 0, 1, 4 }; + +static int test_not_prime(int i) +{ + int ret = 0; + BIGNUM *r = NULL; + int trial; + + if (!TEST_ptr(r = BN_new())) + goto err; + + for (trial = 0; trial <= 1; ++trial) { + if (!TEST_true(BN_set_word(r, not_primes[i])) + || !TEST_false(BN_is_prime_fasttest_ex(r, 1, ctx, trial, NULL))) + goto err; + } + + ret = 1; err: BN_free(r); return ret; @@ -2250,7 +2273,8 @@ int setup_tests(void) ADD_TEST(test_gf2m_modsqrt); ADD_TEST(test_gf2m_modsolvequad); #endif - ADD_TEST(test_3_is_prime); + ADD_ALL_TESTS(test_is_prime, (int)OSSL_NELEM(primes)); + ADD_ALL_TESTS(test_not_prime, (int)OSSL_NELEM(not_primes)); } else { ADD_ALL_TESTS(run_file_tests, n); } From matthias.st.pierre at ncp-e.com Thu Jun 21 23:05:44 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Thu, 21 Jun 2018 23:05:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529622345.002899.1264.nullmailer@dev.openssl.org> The branch master has been updated via 12bd4e141eac30543a790156154deca195ace1b7 (commit) from 7d79d13a564d5c065318aa47f4cd511eece449e8 (commit) - Log ----------------------------------------------------------------- commit 12bd4e141eac30543a790156154deca195ace1b7 Author: Dr. Matthias St. Pierre Date: Thu Jun 21 23:32:38 2018 +0200 testutil/driver.c: Fix function prototype warning [-Wstrict-prototypes] (introduced by commit 91860165820d, which added -Wstrict-prototypes) Reviewed-by: Richard Levitte Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6555) ----------------------------------------------------------------------- Summary of changes: test/testutil/driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 8d48333..0990734 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -74,7 +74,7 @@ int subtest_level(void) } #ifndef OPENSSL_NO_CRYPTO_MDEBUG -static int should_report_leaks() +static int should_report_leaks(void) { /* * When compiled with enable-crypto-mdebug, OPENSSL_DEBUG_MEMORY=0 From matthias.st.pierre at ncp-e.com Fri Jun 22 06:08:46 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 22 Jun 2018 06:08:46 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529647726.341821.28210.nullmailer@dev.openssl.org> The branch master has been updated via 3f5abab94104574c32991243668ac633a8d8e525 (commit) from 12bd4e141eac30543a790156154deca195ace1b7 (commit) - Log ----------------------------------------------------------------- commit 3f5abab94104574c32991243668ac633a8d8e525 Author: Nicola Tuveri Date: Fri Jun 22 00:59:58 2018 +0300 enable-ec_nistp_64_gcc_128: Fix function prototype warning [-Wstrict-prototypes] Fix prototype warnings triggered by -Wstrict-prototypes when configuring with `enable-ec_nistp_64_gcc_128` Reviewed-by: Kurt Roeckx Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6556) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecp_nistp224.c | 2 +- crypto/ec/ecp_nistp256.c | 2 +- crypto/ec/ecp_nistp521.c | 2 +- engines/e_padlock.c | 4 ++-- test/ectest.c | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 6e7c687..6155b54 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1212,7 +1212,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, * FUNCTIONS TO MANAGE PRECOMPUTATION */ -static NISTP224_PRE_COMP *nistp224_pre_comp_new() +static NISTP224_PRE_COMP *nistp224_pre_comp_new(void) { NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 19caa03..00fcfd5 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1832,7 +1832,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void) * FUNCTIONS TO MANAGE PRECOMPUTATION */ -static NISTP256_PRE_COMP *nistp256_pre_comp_new() +static NISTP256_PRE_COMP *nistp256_pre_comp_new(void) { NISTP256_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 43f3e2d..4e6c0f9 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1671,7 +1671,7 @@ const EC_METHOD *EC_GFp_nistp521_method(void) * FUNCTIONS TO MANAGE PRECOMPUTATION */ -static NISTP521_PRE_COMP *nistp521_pre_comp_new() +static NISTP521_PRE_COMP *nistp521_pre_comp_new(void) { NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); diff --git a/engines/e_padlock.c b/engines/e_padlock.c index b86f165..43944ab 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -199,10 +199,10 @@ struct padlock_cipher_data { }; /* Interface to assembler module */ -unsigned int padlock_capability(); +unsigned int padlock_capability(void); void padlock_key_bswap(AES_KEY *key); void padlock_verify_context(struct padlock_cipher_data *ctx); -void padlock_reload_key(); +void padlock_reload_key(void); void padlock_aes_block(void *out, const void *inp, struct padlock_cipher_data *ctx); int padlock_ecb_encrypt(void *out, const void *inp, diff --git a/test/ectest.c b/test/ectest.c index 73e8aa8..ead23d7 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1167,7 +1167,7 @@ static int internal_curve_test_method(int n) * implementations of several NIST curves with characteristic > 3. */ struct nistp_test_params { - const EC_METHOD *(*meth) (); + const EC_METHOD *(*meth) (void); int degree; /* * Qx, Qy and D are taken from From appro at openssl.org Fri Jun 22 08:58:20 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 22 Jun 2018 08:58:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529657900.482753.21480.nullmailer@dev.openssl.org> The branch master has been updated via 8b2f413e8f2f85e5bcc229e3b63c7f32c7c3c1fd (commit) via bd3d8c12606c48388be61db0681ac759804b6100 (commit) via 8f29569ef384d0f6f107bb8b1262e36d874a3cc7 (commit) via cff89b179c91c7c1f6f08b2c1f1697005c1804d2 (commit) via b48d4397b8ee4256f0b0a115eb99f27ae89995e0 (commit) from 3f5abab94104574c32991243668ac633a8d8e525 (commit) - Log ----------------------------------------------------------------- commit 8b2f413e8f2f85e5bcc229e3b63c7f32c7c3c1fd Author: Andy Polyakov Date: Tue Jun 19 18:25:19 2018 +0200 CHANGES: mention AIX shared library support overhaul. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6487) commit bd3d8c12606c48388be61db0681ac759804b6100 Author: Andy Polyakov Date: Fri Jun 15 15:41:07 2018 +0200 recipes/90-test_shlibload.t: disable tests on AIX till further notice. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6487) commit 8f29569ef384d0f6f107bb8b1262e36d874a3cc7 Author: Andy Polyakov Date: Fri Jun 15 15:24:14 2018 +0200 Configurations/10-main.conf: always pass -bsrv4 to AIX linker. This makes AIX build procedure behave more like e.g. Solaris. Most notably this makes it possible to pass -Wl,-R,'$(LIBRPATH)' at config time to embed installation destination as library search path into openssl binary. This doesn't imply that other applications have to be linked with -bsvr4, they are free to choose whatever appropriate for given circumstances. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6487) commit cff89b179c91c7c1f6f08b2c1f1697005c1804d2 Author: Andy Polyakov Date: Thu Jun 14 11:45:15 2018 +0200 Configurations/unix-Makefile.tmpl: switch to "natural" AIX shared libraries. AIX treats its shared libraries in unique manner, by placing multiple shared objects of different versions and bitnesses, into .a file. So far we have been naively linking with version-less libcrypto|ssl.so, which poses long-term maintenance problems. One could choose to link straight with libcrypto.so.X.Y [or libcrypto.X.Y.so], but it would be inconsistent with the way AIX [or Unix] does things. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6487) commit b48d4397b8ee4256f0b0a115eb99f27ae89995e0 Author: Andy Polyakov Date: Thu Jun 14 22:07:48 2018 +0200 Configure: allow some file extensions to be overridden by target config. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6487) ----------------------------------------------------------------------- Summary of changes: CHANGES | 9 ++++++++ Configurations/10-main.conf | 13 ++++++++---- Configurations/unix-Makefile.tmpl | 44 ++++++++++++++++++++++++++++++--------- Configure | 5 +++-- test/recipes/90-test_shlibload.t | 1 + 5 files changed, 56 insertions(+), 16 deletions(-) diff --git a/CHANGES b/CHANGES index 8b4a8bb..c272e8d 100644 --- a/CHANGES +++ b/CHANGES @@ -8,6 +8,15 @@ release branch. Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + + *) AIX shared library support overhaul. Switch to AIX "natural" way of + handling shared libraries, which means collecting shared objects of + different versions and bitnesses in one common archive. This allows to + mitigate conflict between 1.0 and 1.1 side-by-side installations. It + doesn't affect the way 3rd party applications are linked, only how + multi-version installation is managed. + [Andy Polyakov] + *) Make ec_group_do_inverse_ord() more robust and available to other EC cryptosystems, so that irrespective of BN_FLG_CONSTTIME, SCA mitigations are applied to the fallback BN_mod_inverse(). diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index a62abe2..62b4c9d 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1110,14 +1110,17 @@ my %targets = ( template => 1, sys_id => "AIX", lib_cppflags => "-DB_ENDIAN", + lflags => "-Wl,-bsvr4", thread_scheme => "pthreads", dso_scheme => "dlfcn", shared_target => "self", - shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", - bin_lflags => shared("-Wl,-bsvr4"), - module_ldflags => "-Wl,-G,-bsymbolic,-bexpall,-bnolibpath", - shared_ldflag => "-Wl,-G,-bsymbolic,-bnolibpath", + module_ldflags => "-Wl,-G,-bsymbolic,-bexpall", + shared_ldflag => "-Wl,-G,-bsymbolic", shared_defflag => "-Wl,-bE:", + shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", + dso_extension => ".so", + lib_extension => shared("_a.a"), + shared_extension_simple => shared(".a"), }, "aix-gcc" => { inherit_from => [ "aix-common", asm("ppc32_asm") ], @@ -1142,6 +1145,7 @@ my %targets = ( bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", perlasm_scheme => "aix64", shared_ldflag => add_before("-shared -static-libgcc"), + shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", AR => add("-X64"), RANLIB => add("-X64"), }, @@ -1173,6 +1177,7 @@ my %targets = ( perlasm_scheme => "aix64", dso_scheme => "dlfcn", shared_cflag => "-qpic", + shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", AR => add("-X64"), RANLIB => add("-X64"), }, diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 42da98d..8d33e84 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -16,6 +16,10 @@ sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ } + # Shared AIX support is special. We put libcrypto[64].so.ver into + # libcrypto.a and use libcrypto_a.a as static one. + sub sharedaix { !$disabled{shared} && $config{target} =~ /^aix/ } + our $sover_dirname = $config{shlib_version_number}; $sover_dirname =~ s|\.|_|g if $config{target} =~ /^mingw/; @@ -506,7 +510,7 @@ install_dev: s2=`echo "$$s" | cut -f2 -d";"`; \ fn1=`basename $$s1`; \ fn2=`basename $$s2`; \ - : {- output_off() if windowsdll(); "" -}; \ + : {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \ $(ECHO) "install $$s1 -> $(DESTDIR)$(libdir)/$$fn1"; \ cp $$s1 $(DESTDIR)$(libdir)/$$fn1.new; \ chmod 755 $(DESTDIR)$(libdir)/$$fn1.new; \ @@ -516,13 +520,28 @@ install_dev: $(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \ ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \ fi; \ - : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ + : {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \ $(ECHO) "install $$s2 -> $(DESTDIR)$(libdir)/$$fn2"; \ cp $$s2 $(DESTDIR)$(libdir)/$$fn2.new; \ chmod 755 $(DESTDIR)$(libdir)/$$fn2.new; \ mv -f $(DESTDIR)$(libdir)/$$fn2.new \ $(DESTDIR)$(libdir)/$$fn2; \ - : {- output_on() unless windowsdll(); "" -}; \ + : {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \ + a=$(DESTDIR)$(libdir)/$$fn2; \ + $(ECHO) "install $$s1 -> $$a"; \ + if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \ + mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \ + cp -f $$a $$a.new; \ + for so in `$(AR) t $$a`; do \ + $(AR) x $$a $$so; \ + chmod u+w $$so; \ + strip -X32_64 -e $$so; \ + $(AR) r $$a.new $$so; \ + done; \ + )); fi; \ + $(AR) r $$a.new $$s1; \ + mv -f $$a.new $$a; \ + : {- output_off() if sharedaix(); output_on(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig @@ -562,11 +581,11 @@ uninstall_dev: fn1=`basename $$s1`; \ fn2=`basename $$s2`; \ : {- output_off() if windowsdll(); "" -}; \ - $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn1; \ - if [ "$$fn1" != "$$fn2" ]; then \ - $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn2; \ + $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ + $(RM) $(DESTDIR)$(libdir)/$$fn2; \ + if [ "$$fn1" != "$$fn2" -a -f "$(DESTDIR)$(libdir)/$$fn1" ]; then \ + $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \ + $(RM) $(DESTDIR)$(libdir)/$$fn1; \ fi; \ : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ @@ -1105,6 +1124,11 @@ EOF cp -p $shlib'\$(SHLIB_EXT)' test/ cp -p $shlib'\$(SHLIB_EXT)' fuzz/ EOF + } elsif (sharedaix()) { + $recipe .= <<"EOF"; + rm -f $target && \\ + \$(AR) r $target $target_full +EOF } else { $recipe .= <<"EOF"; if [ '$target' != '$target_full' ]; then \\ @@ -1168,8 +1192,8 @@ EOF push @linkdirs, $d unless grep { $d eq $_ } @linkdirs; } my $linkflags = join("", map { "-L$_ " } @linkdirs); - my $linklibs = join("", map { if ($_ =~ /\.a$/) { - " $_"; + my $linklibs = join("", map { if ($_ =~ s/\.a$//) { + " $_$libext"; } else { my $f = basename($_); (my $l = $f) =~ s/^lib//; diff --git a/Configure b/Configure index 9a60091..2e1902a 100755 --- a/Configure +++ b/Configure @@ -1111,8 +1111,9 @@ $target{exe_extension}=".exe" if ($config{target} eq "DJGPP" $target{exe_extension}=".pm" if ($config{target} =~ /vos/); ($target{shared_extension_simple}=$target{shared_extension}) - =~ s|\.\$\(SHLIB_VERSION_NUMBER\)||; -$target{dso_extension}=$target{shared_extension_simple}; + =~ s|\.\$\(SHLIB_VERSION_NUMBER\)|| + unless defined($target{shared_extension_simple}); +$target{dso_extension}//=$target{shared_extension_simple}; ($target{shared_import_extension}=$target{shared_extension_simple}.".a") if ($config{target} =~ /^(?:Cygwin|mingw)/); diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t index 04d5265..368dea3 100644 --- a/test/recipes/90-test_shlibload.t +++ b/test/recipes/90-test_shlibload.t @@ -19,6 +19,7 @@ use lib bldtop_dir('.'); use configdata; plan skip_all => "Test only supported in a shared build" if disabled("shared"); +plan skip_all => "Test is disabled on AIX" if config('target') =~ m|^aix|; plan tests => 4; From appro at openssl.org Fri Jun 22 09:18:48 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 22 Jun 2018 09:18:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529659128.739796.25476.nullmailer@dev.openssl.org> The branch master has been updated via 07e4dc341fa73e8521b7964a1eebdd811c96a160 (commit) from 8b2f413e8f2f85e5bcc229e3b63c7f32c7c3c1fd (commit) - Log ----------------------------------------------------------------- commit 07e4dc341fa73e8521b7964a1eebdd811c96a160 Author: Andy Polyakov Date: Mon Jun 18 19:08:50 2018 +0200 Configure,util/shlib_wrap.sh: harmonize -Wl and -rpath handling. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6515) ----------------------------------------------------------------------- Summary of changes: Configure | 12 ++++++------ util/shlib_wrap.sh.in | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Configure b/Configure index 2e1902a..05b798b 100755 --- a/Configure +++ b/Configure @@ -823,11 +823,7 @@ while (@argvcopy) { read_config $1; } - elsif (/^-L(.*)$/) - { - push @{$useradd{LDFLAGS}}, $_; - } - elsif (/^-l(.*)$/ or /^-Wl,/) + elsif (/^-l(.*)$/) { push @{$useradd{LDLIBS}}, $_; } @@ -835,6 +831,10 @@ while (@argvcopy) { push @{$useradd{LDLIBS}}, $_, shift(@argvcopy); } + elsif (/^-L(.*)$/ or /^-Wl,/) + { + push @{$useradd{LDFLAGS}}, $_; + } elsif (/^-rpath$/ or /^-R$/) # -rpath is the OSF1 rpath flag # -R is the old Solaris rpath flag @@ -954,7 +954,7 @@ foreach (keys %user) { } } -if (grep { $_ =~ /(^|\s)-Wl,-rpath,/ } ($user{LDLIBS} ? @{$user{LDLIBS}} : ()) +if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFLAGS}} : ()) && !$disabled{shared} && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) { die "***** Cannot simultaneously use -rpath, shared libraries, and\n", diff --git a/util/shlib_wrap.sh.in b/util/shlib_wrap.sh.in index b9e3ddf..9199d12 100755 --- a/util/shlib_wrap.sh.in +++ b/util/shlib_wrap.sh.in @@ -101,7 +101,7 @@ SunOS|IRIX*) ;; esac -{- output_off() if $config{ex_libs} !~ /,-rpath,/; ""; -} +{- output_off() unless grep (/-rpath\b/, @{$config{LDFLAGS}}); ""; -} if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then # Following three lines are major excuse for isolating them into # this wrapper script. Original reason for setting LD_PRELOAD @@ -117,7 +117,7 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then DYLD_INSERT_LIBRARIES="$LIBCRYPTOSO:$LIBSSLSO" # MacOS X export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES fi -{- output_on() if $config{ex_libs} !~ /,-rpath,/; ""; -} +{- output_on() unless grep (/-rpath\b/, @{$config{LDFLAGS}}); ""; -} cmd="$1"; [ -x "$cmd" ] || cmd="$cmd${EXE_EXT}" shift From matthias.st.pierre at ncp-e.com Fri Jun 22 10:27:15 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 22 Jun 2018 10:27:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529663235.149688.454.nullmailer@dev.openssl.org> The branch master has been updated via 34446a852457600fc1297edce81e14da4e287191 (commit) from 07e4dc341fa73e8521b7964a1eebdd811c96a160 (commit) - Log ----------------------------------------------------------------- commit 34446a852457600fc1297edce81e14da4e287191 Author: Nicola Tuveri Date: Thu Jun 21 23:24:34 2018 +0300 Remove __cplusplus preamble from internal headers These headers are internal and never exposed to a cpp compiler, hence no need for the preamble. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz Reviewed-by: Paul Dale Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6554) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lcl.h | 8 -------- crypto/cms/cms_lcl.h | 7 ------- crypto/engine/eng_int.h | 8 -------- crypto/hmac/hmac_lcl.h | 11 ----------- crypto/include/internal/aria.h | 8 -------- crypto/include/internal/bn_int.h | 8 -------- crypto/include/internal/chacha.h | 7 ------- crypto/include/internal/sm2.h | 8 -------- crypto/include/internal/sm2err.h | 3 --- crypto/include/internal/store_int.h | 7 ------- crypto/seed/seed_locl.h | 8 -------- crypto/x509v3/v3_admis.h | 7 ------- e_os.h | 8 -------- include/internal/conf.h | 9 --------- include/internal/constant_time_locl.h | 8 -------- include/internal/cryptlib.h | 8 -------- include/internal/dso.h | 7 ------- include/internal/dsoerr.h | 3 --- include/internal/o_dir.h | 8 -------- ssl/packet_locl.h | 8 -------- 20 files changed, 149 deletions(-) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index bab2c9d..f57c87d 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -23,10 +23,6 @@ # include "internal/bn_int.h" -#ifdef __cplusplus -extern "C" { -#endif - /* * These preprocessor symbols control various aspects of the bignum headers * and library code. They're not defined by any "normal" configuration, as @@ -659,8 +655,4 @@ static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); } -#ifdef __cplusplus -} -#endif - #endif diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h index c277f71..dd5a585 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_lcl.h @@ -10,10 +10,6 @@ #ifndef HEADER_CMS_LCL_H # define HEADER_CMS_LCL_H -#ifdef __cplusplus -extern "C" { -#endif - # include /* @@ -438,7 +434,4 @@ DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) DECLARE_ASN1_ITEM(CMS_SignedData) DECLARE_ASN1_ITEM(CMS_CompressedData) -#ifdef __cplusplus -} -#endif #endif diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 60fdf82..7c41da2 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -16,10 +16,6 @@ # include "internal/thread_once.h" # include "internal/refcount.h" -#ifdef __cplusplus -extern "C" { -#endif - extern CRYPTO_RWLOCK *global_engine_lock; /* @@ -172,8 +168,4 @@ typedef struct st_engine_pile ENGINE_PILE; DEFINE_LHASH_OF(ENGINE_PILE); -#ifdef __cplusplus -} -#endif - #endif /* HEADER_ENGINE_INT_H */ diff --git a/crypto/hmac/hmac_lcl.h b/crypto/hmac/hmac_lcl.h index 4c156dc..7ba0aac 100644 --- a/crypto/hmac/hmac_lcl.h +++ b/crypto/hmac/hmac_lcl.h @@ -10,13 +10,6 @@ #ifndef HEADER_HMAC_LCL_H # define HEADER_HMAC_LCL_H -#ifdef __cplusplus -extern "C" { -#endif -#if 0 /* emacs indentation fix */ -} -#endif - struct hmac_ctx_st { const EVP_MD *md; EVP_MD_CTX *md_ctx; @@ -26,8 +19,4 @@ struct hmac_ctx_st { unsigned char key[HMAC_MAX_MD_CBLOCK]; }; -#ifdef __cplusplus -} /* extern "C" */ -#endif - #endif diff --git a/crypto/include/internal/aria.h b/crypto/include/internal/aria.h index 0738271..e402b8e 100644 --- a/crypto/include/internal/aria.h +++ b/crypto/include/internal/aria.h @@ -25,10 +25,6 @@ # define ARIA_BLOCK_SIZE 16 /* Size of each encryption/decryption block */ # define ARIA_MAX_KEYS 17 /* Number of keys needed in the worst case */ -# ifdef __cplusplus -extern "C" { -# endif - typedef union { unsigned char c[ARIA_BLOCK_SIZE]; unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)]; @@ -51,8 +47,4 @@ int aria_set_decrypt_key(const unsigned char *userKey, const int bits, void aria_encrypt(const unsigned char *in, unsigned char *out, const ARIA_KEY *key); -# ifdef __cplusplus -} -# endif - #endif diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h index ac49d1e..9379951 100644 --- a/crypto/include/internal/bn_int.h +++ b/crypto/include/internal/bn_int.h @@ -13,10 +13,6 @@ # include # include -#ifdef __cplusplus -extern "C" { -#endif - BIGNUM *bn_wexpand(BIGNUM *a, int words); BIGNUM *bn_expand2(BIGNUM *a, int words); @@ -64,8 +60,4 @@ void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); */ int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words); -#ifdef __cplusplus -} -#endif - #endif diff --git a/crypto/include/internal/chacha.h b/crypto/include/internal/chacha.h index 7d4366e..119361d 100644 --- a/crypto/include/internal/chacha.h +++ b/crypto/include/internal/chacha.h @@ -12,10 +12,6 @@ #include -#ifdef __cplusplus -extern "C" { -#endif - /* * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and * nonce and writes the result to |out|, which may be equal to |inp|. @@ -43,7 +39,4 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, #define CHACHA_CTR_SIZE 16 #define CHACHA_BLK_SIZE 64 -#ifdef __cplusplus -} -#endif #endif diff --git a/crypto/include/internal/sm2.h b/crypto/include/internal/sm2.h index 613fa34..23e3895 100644 --- a/crypto/include/internal/sm2.h +++ b/crypto/include/internal/sm2.h @@ -15,10 +15,6 @@ # ifndef OPENSSL_NO_SM2 -# ifdef __cplusplus -extern "C" { -# endif - # include /* The default user id as specified in GM/T 0009-2012 */ @@ -74,9 +70,5 @@ int sm2_decrypt(const EC_KEY *key, const uint8_t *ciphertext, size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len); -# ifdef __cplusplus -} -# endif - # endif /* OPENSSL_NO_SM2 */ #endif diff --git a/crypto/include/internal/sm2err.h b/crypto/include/internal/sm2err.h index 9a7e2b6..f32d26c 100644 --- a/crypto/include/internal/sm2err.h +++ b/crypto/include/internal/sm2err.h @@ -15,9 +15,6 @@ # ifndef OPENSSL_NO_SM2 -# ifdef __cplusplus -extern "C" -# endif int ERR_load_SM2_strings(void); /* diff --git a/crypto/include/internal/store_int.h b/crypto/include/internal/store_int.h index 9966aef..0125aae 100644 --- a/crypto/include/internal/store_int.h +++ b/crypto/include/internal/store_int.h @@ -14,10 +14,6 @@ # include # include -# ifdef __cplusplus -extern "C" { -# endif - /* * Two functions to read PEM data off an already opened BIO. To be used * instead of OSSLSTORE_open() and OSSLSTORE_close(). Everything is done @@ -27,7 +23,4 @@ OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, void *ui_data); int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx); -# ifdef __cplusplus -} -# endif #endif diff --git a/crypto/seed/seed_locl.h b/crypto/seed/seed_locl.h index d4a03fc..97c43ef 100644 --- a/crypto/seed/seed_locl.h +++ b/crypto/seed/seed_locl.h @@ -45,10 +45,6 @@ typedef unsigned int seed_word; # endif -#ifdef __cplusplus -extern "C" { -#endif - # define char2word(c, i) \ (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3])) @@ -113,8 +109,4 @@ extern "C" { (X1) ^= (T0); \ (X2) ^= (T1) -#ifdef __cplusplus -} -#endif - #endif /* HEADER_SEED_LOCL_H */ diff --git a/crypto/x509v3/v3_admis.h b/crypto/x509v3/v3_admis.h index 2f1e76d..fa23fc7 100644 --- a/crypto/x509v3/v3_admis.h +++ b/crypto/x509v3/v3_admis.h @@ -10,10 +10,6 @@ #ifndef HEADER_V3_ADMISSION_H # define HEADER_V3_ADMISSION_H -#ifdef __cplusplus -extern "C" { -#endif - struct NamingAuthority_st { ASN1_OBJECT* namingAuthorityId; ASN1_IA5STRING* namingAuthorityUrl; @@ -39,7 +35,4 @@ struct AdmissionSyntax_st { STACK_OF(ADMISSIONS)* contentsOfAdmissions; }; -#ifdef __cplusplus -} -#endif #endif diff --git a/e_os.h b/e_os.h index 5071af6..5769029 100644 --- a/e_os.h +++ b/e_os.h @@ -22,10 +22,6 @@ * outside; this file e_os.h is not part of the exported interface. */ -#ifdef __cplusplus -extern "C" { -#endif - # ifndef DEVRANDOM /* * set this to a comma-separated list of 'random' device files to try out. By @@ -325,8 +321,4 @@ struct servent *getservbyname(const char *name, const char *proto); # define CRYPTO_memcmp memcmp #endif -#ifdef __cplusplus -} -#endif - #endif diff --git a/include/internal/conf.h b/include/internal/conf.h index ada3f92..23a9c3b 100644 --- a/include/internal/conf.h +++ b/include/internal/conf.h @@ -12,11 +12,6 @@ #include -#ifdef __cplusplus -extern "C" { -#endif - - struct ossl_init_settings_st { char *appname; }; @@ -25,8 +20,4 @@ void openssl_config_int(const char *appname); void openssl_no_config_int(void); void conf_modules_free_int(void); -#ifdef __cplusplus -} -#endif - #endif diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time_locl.h index d23f515..82ff746 100644 --- a/include/internal/constant_time_locl.h +++ b/include/internal/constant_time_locl.h @@ -14,10 +14,6 @@ # include # include /* For 'ossl_inline' */ -#ifdef __cplusplus -extern "C" { -#endif - /*- * The boolean methods return a bitmask of all ones (0xff...f) for true * and 0 for false. This is useful for choosing a value based on the result @@ -328,8 +324,4 @@ static ossl_inline void constant_time_lookup(void *out, } } -#ifdef __cplusplus -} -#endif - #endif /* HEADER_CONSTANT_TIME_LOCL_H */ diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 8a96de9..2808fe7 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -25,10 +25,6 @@ # include # include "internal/nelem.h" -#ifdef __cplusplus -extern "C" { -#endif - #ifdef NDEBUG # define ossl_assert(x) ((x) != 0) #else @@ -96,8 +92,4 @@ void *openssl_fopen(const char *filename, const char *mode); uint32_t OPENSSL_rdtsc(void); -#ifdef __cplusplus -} -#endif - #endif diff --git a/include/internal/dso.h b/include/internal/dso.h index 402a76f..3e67d50 100644 --- a/include/internal/dso.h +++ b/include/internal/dso.h @@ -13,10 +13,6 @@ # include # include "internal/dsoerr.h" -#ifdef __cplusplus -extern "C" { -#endif - /* These values are used as commands to DSO_ctrl() */ # define DSO_CTRL_GET_FLAGS 1 # define DSO_CTRL_SET_FLAGS 2 @@ -166,7 +162,4 @@ void *DSO_global_lookup(const char *name); int ERR_load_DSO_strings(void); -# ifdef __cplusplus -} -# endif #endif diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h index a54a185..ac6bdcd 100644 --- a/include/internal/dsoerr.h +++ b/include/internal/dsoerr.h @@ -15,9 +15,6 @@ # ifndef OPENSSL_NO_DSO -# ifdef __cplusplus -extern "C" -# endif int ERR_load_DSO_strings(void); /* diff --git a/include/internal/o_dir.h b/include/internal/o_dir.h index f18fc67..f892687 100644 --- a/include/internal/o_dir.h +++ b/include/internal/o_dir.h @@ -39,10 +39,6 @@ #ifndef O_DIR_H # define O_DIR_H -#ifdef __cplusplus -extern "C" { -#endif - typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; /* @@ -53,8 +49,4 @@ const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); /* returns 1 on success, 0 on error */ int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); -#ifdef __cplusplus -} -#endif - #endif /* LPDIR_H */ diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h index 8e553e6..fd32a64 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_locl.h @@ -18,10 +18,6 @@ # include "internal/numbers.h" -# ifdef __cplusplus -extern "C" { -# endif - typedef struct { /* Pointer to where we are currently reading from */ const unsigned char *curr; @@ -875,8 +871,4 @@ unsigned char *WPACKET_get_curr(WPACKET *pkt); /* Release resources in a WPACKET if a failure has occurred. */ void WPACKET_cleanup(WPACKET *pkt); -# ifdef __cplusplus -} -# endif - #endif /* HEADER_PACKET_LOCL_H */ From matt at openssl.org Fri Jun 22 10:38:05 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 Jun 2018 10:38:05 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529663886.003408.2293.nullmailer@dev.openssl.org> The branch master has been updated via 3aab9c40118f6a9d92d3a9d9fa1724421515e09f (commit) from 34446a852457600fc1297edce81e14da4e287191 (commit) - Log ----------------------------------------------------------------- commit 3aab9c40118f6a9d92d3a9d9fa1724421515e09f Author: Matt Caswell Date: Thu Jun 21 10:37:54 2018 +0100 Add a high level note about the various SCA mitigations Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6550) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGES b/CHANGES index c272e8d..4cdcf52 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,12 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Numerous side-channel attack mitigations have been applied. This may have + performance impacts for some algorithms for the benefit of improved + security. Specific changes are noted in this change log by their respective + authors. + [Matt Caswell] + *) AIX shared library support overhaul. Switch to AIX "natural" way of handling shared libraries, which means collecting shared objects of different versions and bitnesses in one common archive. This allows to From appro at openssl.org Fri Jun 22 12:28:41 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 22 Jun 2018 12:28:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529670521.890440.19224.nullmailer@dev.openssl.org> The branch master has been updated via 2e51557bc93f90ca2274230b042acb53cc3a268d (commit) from 3aab9c40118f6a9d92d3a9d9fa1724421515e09f (commit) - Log ----------------------------------------------------------------- commit 2e51557bc93f90ca2274230b042acb53cc3a268d Author: Andy Polyakov Date: Thu Jun 21 13:52:04 2018 +0200 sha/asm/sha{256|512}-armv4.pl: harmonize thumb2 support with the rest. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/sha/asm/sha256-armv4.pl | 2 +- crypto/sha/asm/sha512-armv4.pl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index 55d30cb..509aa2c 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -254,7 +254,7 @@ for($i=0;$i<16;$i++) { &BODY_00_15($i, at V); unshift(@V,pop(@V)); } $code.=".Lrounds_16_xx:\n"; for (;$i<32;$i++) { &BODY_16_XX($i, at V); unshift(@V,pop(@V)); } $code.=<<___; -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ ite eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t3,[sp,#16*4] @ pull ctx diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index 22b5a9d..872c27f 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -157,7 +157,7 @@ $code.=<<___; teq $t0,#$magic ldr $t3,[sp,#$Coff+0] @ c.lo -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ it eq @ Thumb2 thing, sanity check in ARM #endif orreq $Ktbl,$Ktbl,#1 @@ -411,7 +411,7 @@ $code.=<<___; ___ &BODY_00_15(0x17); $code.=<<___; -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ ittt eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0] From appro at openssl.org Fri Jun 22 12:30:23 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 22 Jun 2018 12:30:23 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529670623.038384.20241.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 1f3f79e55a9c8257efb406a43d0a925f1fba25e6 (commit) from 2b451311ee5973907da650ed25393130310c3841 (commit) - Log ----------------------------------------------------------------- commit 1f3f79e55a9c8257efb406a43d0a925f1fba25e6 Author: Andy Polyakov Date: Thu Jun 21 13:52:04 2018 +0200 sha/asm/sha{256|512}-armv4.pl: harmonize thumb2 support with the rest. Reviewed-by: Richard Levitte (cherry picked from commit 2e51557bc93f90ca2274230b042acb53cc3a268d) ----------------------------------------------------------------------- Summary of changes: crypto/sha/asm/sha256-armv4.pl | 2 +- crypto/sha/asm/sha512-armv4.pl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index 55d30cb..509aa2c 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -254,7 +254,7 @@ for($i=0;$i<16;$i++) { &BODY_00_15($i, at V); unshift(@V,pop(@V)); } $code.=".Lrounds_16_xx:\n"; for (;$i<32;$i++) { &BODY_16_XX($i, at V); unshift(@V,pop(@V)); } $code.=<<___; -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ ite eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t3,[sp,#16*4] @ pull ctx diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index 22b5a9d..872c27f 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -157,7 +157,7 @@ $code.=<<___; teq $t0,#$magic ldr $t3,[sp,#$Coff+0] @ c.lo -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ it eq @ Thumb2 thing, sanity check in ARM #endif orreq $Ktbl,$Ktbl,#1 @@ -411,7 +411,7 @@ $code.=<<___; ___ &BODY_00_15(0x17); $code.=<<___; -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ ittt eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0] From bernd.edlinger at hotmail.de Fri Jun 22 12:58:24 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Fri, 22 Jun 2018 12:58:24 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529672304.156641.25036.nullmailer@dev.openssl.org> The branch master has been updated via 09fb65d5e413b7b87bf26f01ec441b44a03d4ee2 (commit) from 2e51557bc93f90ca2274230b042acb53cc3a268d (commit) - Log ----------------------------------------------------------------- commit 09fb65d5e413b7b87bf26f01ec441b44a03d4ee2 Author: Bernd Edlinger Date: Thu Jun 21 08:07:48 2018 +0200 Fix negative test result in sm2 test Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6548) ----------------------------------------------------------------------- Summary of changes: test/sm2_internal_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index d4ec01e..ea8ac7d 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -209,7 +209,7 @@ static int test_sm2_crypt(const EC_GROUP *group, static int sm2_crypt_test(void) { - int testresult = 1; + int testresult = 0; EC_GROUP *test_group = create_EC_group ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", From no-reply at appveyor.com Fri Jun 22 13:28:21 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 22 Jun 2018 13:28:21 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.18679 Message-ID: <20180622132821.1.2F81DF76C515E8F9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jun 22 14:18:00 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 22 Jun 2018 14:18:00 +0000 Subject: [openssl-commits] Build completed: openssl master.18680 Message-ID: <20180622141800.1.CEC4DA9813C8008A@appveyor.com> An HTML attachment was scrubbed... URL: From kaduk at mit.edu Fri Jun 22 18:01:54 2018 From: kaduk at mit.edu (kaduk at mit.edu) Date: Fri, 22 Jun 2018 18:01:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529690514.928558.4258.nullmailer@dev.openssl.org> The branch master has been updated via 5295b99b5606e3502b9af06a2cf54acf2187a34a (commit) from 09fb65d5e413b7b87bf26f01ec441b44a03d4ee2 (commit) - Log ----------------------------------------------------------------- commit 5295b99b5606e3502b9af06a2cf54acf2187a34a Author: Benjamin Kaduk Date: Sun Jun 17 20:00:02 2018 -0500 ecdsa_ossl: address coverity nit BN_CTX_end() does not handle NULL input, so we must manually check before calling from the cleanup handler. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6502) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecdsa_ossl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index 277ac16..dfb0d19 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -336,7 +336,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECDSA_SIG_free(ret); ret = NULL; } - BN_CTX_end(ctx); + if (ctx != NULL) + BN_CTX_end(ctx); BN_CTX_free(ctx); BN_clear_free(kinv); return ret; From levitte at openssl.org Sat Jun 23 05:59:24 2018 From: levitte at openssl.org (Richard Levitte) Date: Sat, 23 Jun 2018 05:59:24 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529733564.609884.27714.nullmailer@dev.openssl.org> The branch master has been updated via 8973112884e67feb46384b573db14e62ad18d4cb (commit) from 5295b99b5606e3502b9af06a2cf54acf2187a34a (commit) - Log ----------------------------------------------------------------- commit 8973112884e67feb46384b573db14e62ad18d4cb Author: Richard Levitte Date: Fri Jun 22 09:33:29 2018 +0200 OpenSSL-II style for emacs: don't indent because of extern block We don't want an indentation step inside a 'extern "C" {' .. '}' block. Apparently, cc-mode has a c-offsets-alist keyword to allow exactly this. Reviewed-by: Rich Salz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6557) ----------------------------------------------------------------------- Summary of changes: doc/openssl-c-indent.el | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/openssl-c-indent.el b/doc/openssl-c-indent.el index 38e7a4f..59dec44 100644 --- a/doc/openssl-c-indent.el +++ b/doc/openssl-c-indent.el @@ -54,6 +54,7 @@ (arglist-close . c-lineup-arglist) ; From "gnu" style (inline-open . 0) ; From "gnu" style (brace-list-open . +) ; From "gnu" style + (inextern-lang . 0) ; Don't indent inside extern block (topmost-intro-cont first c-lineup-topmost-intro-cont c-lineup-gnu-DEFUN-intro-cont) ; From "gnu" style ) From levitte at openssl.org Sat Jun 23 06:00:25 2018 From: levitte at openssl.org (Richard Levitte) Date: Sat, 23 Jun 2018 06:00:25 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529733625.285985.30617.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 7fe760161df54cfbb2bdbc90a09a20ef0e7a6b30 (commit) from 1f3f79e55a9c8257efb406a43d0a925f1fba25e6 (commit) - Log ----------------------------------------------------------------- commit 7fe760161df54cfbb2bdbc90a09a20ef0e7a6b30 Author: Richard Levitte Date: Fri Jun 22 09:33:29 2018 +0200 OpenSSL-II style for emacs: don't indent because of extern block We don't want an indentation step inside a 'extern "C" {' .. '}' block. Apparently, cc-mode has a c-offsets-alist keyword to allow exactly this. Reviewed-by: Rich Salz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6557) (cherry picked from commit 8973112884e67feb46384b573db14e62ad18d4cb) ----------------------------------------------------------------------- Summary of changes: doc/openssl-c-indent.el | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/openssl-c-indent.el b/doc/openssl-c-indent.el index cca1183..852f794 100644 --- a/doc/openssl-c-indent.el +++ b/doc/openssl-c-indent.el @@ -54,6 +54,7 @@ (arglist-close . c-lineup-arglist) ; From "gnu" style (inline-open . 0) ; From "gnu" style (brace-list-open . +) ; From "gnu" style + (inextern-lang . 0) ; Don't indent inside extern block (topmost-intro-cont first c-lineup-topmost-intro-cont c-lineup-gnu-DEFUN-intro-cont) ; From "gnu" style ) From no-reply at appveyor.com Sat Jun 23 07:08:13 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 Jun 2018 07:08:13 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.18689 Message-ID: <20180623070813.1.F11A117DDC3CF04E@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jun 23 07:29:52 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 Jun 2018 07:29:52 +0000 Subject: [openssl-commits] Build completed: openssl master.18690 Message-ID: <20180623072952.1.3D444B0EFBADCAC9@appveyor.com> An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Sat Jun 23 16:33:28 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 23 Jun 2018 16:33:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529771608.116520.10569.nullmailer@dev.openssl.org> The branch master has been updated via a6efd86241861a85d75c3b564501e34f74a4ebdb (commit) from 8973112884e67feb46384b573db14e62ad18d4cb (commit) - Log ----------------------------------------------------------------- commit a6efd86241861a85d75c3b564501e34f74a4ebdb Author: Paul Kehrer Date: Wed Jun 20 10:56:57 2018 -0500 fix pyca/cryptography test suite failure [extended tests] Reviewed-by: Rich Salz Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/6540) ----------------------------------------------------------------------- Summary of changes: pyca-cryptography | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyca-cryptography b/pyca-cryptography index 95820b4..58fd9c4 160000 --- a/pyca-cryptography +++ b/pyca-cryptography @@ -1 +1 @@ -Subproject commit 95820b4e4fe23e174cf212639a37df39a157db9d +Subproject commit 58fd9c412ad8e91f1453f86ba1fc16479f5b11d0 From bernd.edlinger at hotmail.de Sat Jun 23 17:21:37 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sat, 23 Jun 2018 17:21:37 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529774497.196547.19937.nullmailer@dev.openssl.org> The branch master has been updated via 24fa4b8df03c3fc8f100c1fbc44a7157b138d44a (commit) from a6efd86241861a85d75c3b564501e34f74a4ebdb (commit) - Log ----------------------------------------------------------------- commit 24fa4b8df03c3fc8f100c1fbc44a7157b138d44a Author: Bernd Edlinger Date: Fri Jun 22 09:41:29 2018 +0200 Replace accidentally used C99 macro __func__ with __FILE__/__LINE__ Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6558) ----------------------------------------------------------------------- Summary of changes: engines/e_afalg.c | 74 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 40 insertions(+), 34 deletions(-) diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 54cecdd..f09c396 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -148,7 +148,7 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) /* Async mode */ waitctx = ASYNC_get_wait_ctx(job); if (waitctx == NULL) { - ALG_WARN("%s: ASYNC_get_wait_ctx error", __func__); + ALG_WARN("%s(%d): ASYNC_get_wait_ctx error", __FILE__, __LINE__); return 0; } /* Get waitfd from ASYNC_WAIT_CTX if it is already set */ @@ -161,7 +161,8 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) */ aio->efd = eventfd(0); if (aio->efd == -1) { - ALG_PERR("%s: Failed to get eventfd : ", __func__); + ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, + __LINE__); AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, AFALG_R_EVENTFD_FAILED); return 0; @@ -170,14 +171,14 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) aio->efd, custom, afalg_waitfd_cleanup); if (ret == 0) { - ALG_WARN("%s: Failed to set wait fd", __func__); + ALG_WARN("%s(%d): Failed to set wait fd", __FILE__, __LINE__); close(aio->efd); return 0; } /* make fd non-blocking in async mode */ if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) { - ALG_WARN("%s: Failed to set event fd as NONBLOCKING", - __func__); + ALG_WARN("%s(%d): Failed to set event fd as NONBLOCKING", + __FILE__, __LINE__); } } aio->mode = MODE_ASYNC; @@ -185,7 +186,7 @@ static int afalg_setup_async_event_notification(afalg_aio *aio) /* Sync mode */ aio->efd = eventfd(0); if (aio->efd == -1) { - ALG_PERR("%s: Failed to get eventfd : ", __func__); + ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, AFALG_R_EVENTFD_FAILED); return 0; @@ -203,7 +204,7 @@ static int afalg_init_aio(afalg_aio *aio) aio->aio_ctx = 0; r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx); if (r < 0) { - ALG_PERR("%s: io_setup error : ", __func__); + ALG_PERR("%s(%d): io_setup error : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED); return 0; } @@ -257,7 +258,7 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, */ r = io_read(aio->aio_ctx, 1, &cb); if (r < 0) { - ALG_PWARN("%s: io_read failed : ", __func__); + ALG_PWARN("%s(%d): io_read failed : ", __FILE__, __LINE__); return 0; } @@ -270,11 +271,11 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, if (r < 0) { if (errno == EAGAIN || errno == EWOULDBLOCK) continue; - ALG_PERR("%s: read failed for event fd : ", __func__); + ALG_PERR("%s(%d): read failed for event fd : ", __FILE__, __LINE__); return 0; } else if (r == 0 || eval <= 0) { - ALG_WARN("%s: eventfd read %d bytes, eval = %lu\n", __func__, r, - eval); + ALG_WARN("%s(%d): eventfd read %d bytes, eval = %lu\n", __FILE__, + __LINE__, r, eval); } if (eval > 0) { @@ -294,8 +295,8 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, if (events[0].res == -EBUSY && retry++ < 3) { r = io_read(aio->aio_ctx, 1, &cb); if (r < 0) { - ALG_PERR("%s: retry %d for io_read failed : ", - __func__, retry); + ALG_PERR("%s(%d): retry %d for io_read failed : ", + __FILE__, __LINE__, retry); return 0; } continue; @@ -305,18 +306,19 @@ static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf, * condition for this instance of operation. */ ALG_WARN - ("%s: Crypto Operation failed with code %lld\n", - __func__, events[0].res); + ("%s(%d): Crypto Operation failed with code %lld\n", + __FILE__, __LINE__, events[0].res); return 0; } } /* Operation successful. */ done = 1; } else if (r < 0) { - ALG_PERR("%s: io_getevents failed : ", __func__); + ALG_PERR("%s(%d): io_getevents failed : ", __FILE__, __LINE__); return 0; } else { - ALG_WARN("%s: io_geteventd read 0 bytes\n", __func__); + ALG_WARN("%s(%d): io_geteventd read 0 bytes\n", __FILE__, + __LINE__); } } } while (!done); @@ -352,7 +354,7 @@ static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key, int ret; ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen); if (ret < 0) { - ALG_PERR("%s: Failed to set socket option : ", __func__); + ALG_PERR("%s(%d): Failed to set socket option : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED); return 0; } @@ -376,21 +378,21 @@ static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype, actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0); if (actx->bfd == -1) { - ALG_PERR("%s: Failed to open socket : ", __func__); + ALG_PERR("%s(%d): Failed to open socket : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED); goto err; } r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa)); if (r < 0) { - ALG_PERR("%s: Failed to bind socket : ", __func__); + ALG_PERR("%s(%d): Failed to bind socket : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED); goto err; } actx->sfd = accept(actx->bfd, NULL, 0); if (actx->sfd < 0) { - ALG_PERR("%s: Socket Accept Failed : ", __func__); + ALG_PERR("%s(%d): Socket Accept Failed : ", __FILE__, __LINE__); AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED); goto err; } @@ -452,8 +454,8 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, /* Sendmsg() sends iv and cipher direction to the kernel */ sbytes = sendmsg(actx->sfd, &msg, 0); if (sbytes < 0) { - ALG_PERR("%s: sendmsg failed for zero copy cipher operation : ", - __func__); + ALG_PERR("%s(%d): sendmsg failed for zero copy cipher operation : ", + __FILE__, __LINE__); return 0; } @@ -463,13 +465,13 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, */ ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT); if (ret < 0) { - ALG_PERR("%s: vmsplice failed : ", __func__); + ALG_PERR("%s(%d): vmsplice failed : ", __FILE__, __LINE__); return 0; } ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0); if (ret < 0) { - ALG_PERR("%s: splice failed : ", __func__); + ALG_PERR("%s(%d): splice failed : ", __FILE__, __LINE__); return 0; } # else @@ -479,7 +481,8 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, /* Sendmsg() sends iv, cipher direction and input data to the kernel */ sbytes = sendmsg(actx->sfd, &msg, 0); if (sbytes < 0) { - ALG_PERR("%s: sendmsg failed for cipher operation : ", __func__); + ALG_PERR("%s(%d): sendmsg failed for cipher operation : ", __FILE__, + __LINE__); return 0; } @@ -502,18 +505,18 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, char ciphername[ALG_MAX_SALG_NAME]; if (ctx == NULL || key == NULL) { - ALG_WARN("%s: Null Parameter\n", __func__); + ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__); return 0; } if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { - ALG_WARN("%s: Cipher object NULL\n", __func__); + ALG_WARN("%s(%d): Cipher object NULL\n", __FILE__, __LINE__); return 0; } actx = EVP_CIPHER_CTX_get_cipher_data(ctx); if (actx == NULL) { - ALG_WARN("%s: Cipher data NULL\n", __func__); + ALG_WARN("%s(%d): Cipher data NULL\n", __FILE__, __LINE__); return 0; } @@ -525,14 +528,15 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, strncpy(ciphername, "cbc(aes)", ALG_MAX_SALG_NAME); break; default: - ALG_WARN("%s: Unsupported Cipher type %d\n", __func__, ciphertype); + ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__, + ciphertype); return 0; } ciphername[ALG_MAX_SALG_NAME-1]='\0'; if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) { - ALG_WARN("%s: Unsupported IV length :%d\n", __func__, - EVP_CIPHER_CTX_iv_length(ctx)); + ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__, + EVP_CIPHER_CTX_iv_length(ctx)); return 0; } @@ -572,7 +576,8 @@ static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, char nxtiv[ALG_AES_IV_LEN] = { 0 }; if (ctx == NULL || out == NULL || in == NULL) { - ALG_WARN("NULL parameter passed to function %s\n", __func__); + ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__, + __LINE__); return 0; } @@ -619,7 +624,8 @@ static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx) afalg_ctx *actx; if (ctx == NULL) { - ALG_WARN("NULL parameter passed to function %s\n", __func__); + ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__, + __LINE__); return 0; } From kurt at openssl.org Sat Jun 23 18:29:21 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 23 Jun 2018 18:29:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529778561.029029.30802.nullmailer@dev.openssl.org> The branch master has been updated via eaf39a9fe6f55feb5251e235069e02f7f50d9a49 (commit) from 24fa4b8df03c3fc8f100c1fbc44a7157b138d44a (commit) - Log ----------------------------------------------------------------- commit eaf39a9fe6f55feb5251e235069e02f7f50d9a49 Author: Kurt Roeckx Date: Sat Jun 23 10:24:00 2018 +0200 Fix prototype of ASN1_INTEGER_get and ASN1_INTEGER_set The parameters where switched Reviewed-by: Rich Salz GH: #6578 ----------------------------------------------------------------------- Summary of changes: doc/man3/ASN1_INTEGER_get_int64.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod index f61268d..7ed1cca 100644 --- a/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/doc/man3/ASN1_INTEGER_get_int64.pod @@ -11,10 +11,10 @@ ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_s #include int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); - int ASN1_INTEGER_get(const ASN1_INTEGER *a, long v); + long ASN1_INTEGER_get(const ASN1_INTEGER *a); int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); - long ASN1_INTEGER_set(const ASN1_INTEGER *a); + int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); From kurt at openssl.org Sat Jun 23 18:30:09 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 23 Jun 2018 18:30:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529778609.226169.32076.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 2ab5cb01d4d44f570b8e11384635149d38867eb2 (commit) from 7fe760161df54cfbb2bdbc90a09a20ef0e7a6b30 (commit) - Log ----------------------------------------------------------------- commit 2ab5cb01d4d44f570b8e11384635149d38867eb2 Author: Kurt Roeckx Date: Sat Jun 23 10:24:00 2018 +0200 Fix prototype of ASN1_INTEGER_get and ASN1_INTEGER_set The parameters where switched Reviewed-by: Rich Salz GH: #6578 (cherry picked from commit eaf39a9fe6f55feb5251e235069e02f7f50d9a49) ----------------------------------------------------------------------- Summary of changes: doc/crypto/ASN1_INTEGER_get_int64.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/ASN1_INTEGER_get_int64.pod b/doc/crypto/ASN1_INTEGER_get_int64.pod index f61268d..7ed1cca 100644 --- a/doc/crypto/ASN1_INTEGER_get_int64.pod +++ b/doc/crypto/ASN1_INTEGER_get_int64.pod @@ -11,10 +11,10 @@ ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_s #include int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); - int ASN1_INTEGER_get(const ASN1_INTEGER *a, long v); + long ASN1_INTEGER_get(const ASN1_INTEGER *a); int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); - long ASN1_INTEGER_set(const ASN1_INTEGER *a); + int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); From no-reply at appveyor.com Sat Jun 23 19:41:16 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 Jun 2018 19:41:16 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.18700 Message-ID: <20180623194116.1.4EB5DA452C8B44C6@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jun 23 21:42:02 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 23 Jun 2018 21:42:02 +0000 Subject: [openssl-commits] Build completed: openssl master.18701 Message-ID: <20180623214202.1.AB5834352F680C30@appveyor.com> An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Jun 24 08:59:08 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 24 Jun 2018 08:59:08 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b2f5d5bbaf6b_51582ab1dd750f58714c3@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2NQPNDrEfYHH4jvVtH43yea3-2FAVzJqvyE31TAlI9P6yx4l-2F1oSM8Gr8BH2ZkQ4oXERkCddaIHvfzq7D4GrNsfIVUXYMmd90C8xRd8d94ZQhqID9ny0NTy0tlKDc0U92xZC7EFTaxLeEYNDq2gHjHUERHL5AMXXXXU3PQxBsAnCZct7QheeztE9fWyDCHLBNfY-3D Build ID: 217313 Analysis Summary: New defects found: 1 Defects eliminated: 5 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6q227lMNIWoOb8ZgSjAjKcg-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2NQPNDrEfYHH4jvVtH43yea3-2FAVzJqvyE31TAlI9P6y9h5ipr-2F1ALKoT8VU2JdFX792JyVPj7lRyOJeC-2Flr7nED-2F8MdkN7YCjsh3xUXx6RgMN76pMrXkk-2BQ0N7G66MUaejJMNbL7MwDrb-2FCOYB5Y1QLweblWtUk16aO-2FopuiFjwGqkeGhUpXAt2gOJqV3doI8-3D From scan-admin at coverity.com Sun Jun 24 09:03:08 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 24 Jun 2018 09:03:08 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b2f5e4c7e416_54752ab1dd750f587145b@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I29hdMXJXAErW1vX7gJYHg82TzixH5cCyf8oJAc0s3hNwbkTJdovelntkXniKv6a-2F55nkkyUoojbfRsROjfyvuYZgqBJgDNNraH7tZQbiSkDLflhIZDNkgMWFLYoVUXPUFQXIg-2FQShEOeTElOeOLQIE9QOaGlkl-2B9GULJR9QNez1Mrz2mNwZs5L4iLvEh05rQc-3D Build ID: 217316 Analysis Summary: New defects found: 0 Defects eliminated: 0 From matthias.st.pierre at ncp-e.com Sun Jun 24 13:43:39 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sun, 24 Jun 2018 13:43:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529847819.148698.27028.nullmailer@dev.openssl.org> The branch master has been updated via f223e8fd1c89d0e47e2acafe14d7f3a4e8a05742 (commit) from eaf39a9fe6f55feb5251e235069e02f7f50d9a49 (commit) - Log ----------------------------------------------------------------- commit f223e8fd1c89d0e47e2acafe14d7f3a4e8a05742 Author: Ana Mar?a Mart?nez G?mez Date: Sat Jun 23 00:01:17 2018 +0200 Support directories with "." in x509_load_serial() Use `strrchr` to get a pointer to the last occurrence of `.` in the path string, instead of the first one with `strchr`. This prevent the path to be wrongly split if it contains several `.`, and not only the one for the extension. Fixes https://github.com/openssl/openssl/issues/6489. CLA: trivial Reviewed-by: Tim Hudson Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6566) ----------------------------------------------------------------------- Summary of changes: apps/x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/x509.c b/apps/x509.c index 1136642..d40960c 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -916,7 +916,7 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, BIGNUM *serial = NULL; if (serialfile == NULL) { - const char *p = strchr(CAfile, '.'); + const char *p = strrchr(CAfile, '.'); size_t len = p != NULL ? (size_t)(p - CAfile) : strlen(CAfile); buf = app_malloc(len + sizeof(POSTFIX), "serial# buffer"); From bernd.edlinger at hotmail.de Sun Jun 24 16:03:54 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 24 Jun 2018 16:03:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529856234.852885.26140.nullmailer@dev.openssl.org> The branch master has been updated via dc6c374bdb4872f6d5d727e73a2ed834e972842c (commit) from f223e8fd1c89d0e47e2acafe14d7f3a4e8a05742 (commit) - Log ----------------------------------------------------------------- commit dc6c374bdb4872f6d5d727e73a2ed834e972842c Author: Bernd Edlinger Date: Sat Jun 23 22:17:19 2018 +0200 Fix a new gcc-9 warning [-Wstringop-truncation] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6581) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 0376919..4324f24 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -200,7 +200,7 @@ static int slg_write(BIO *b, const char *in, int inl) BIOerr(BIO_F_SLG_WRITE, ERR_R_MALLOC_FAILURE); return 0; } - strncpy(buf, in, inl); + memcpy(buf, in, inl); buf[inl] = '\0'; i = 0; From bernd.edlinger at hotmail.de Sun Jun 24 16:05:37 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 24 Jun 2018 16:05:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529856337.919401.27284.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via ad6edb21e1aa368e2e0d62659f124be67cab52a7 (commit) from 2ab5cb01d4d44f570b8e11384635149d38867eb2 (commit) - Log ----------------------------------------------------------------- commit ad6edb21e1aa368e2e0d62659f124be67cab52a7 Author: Bernd Edlinger Date: Sat Jun 23 22:17:19 2018 +0200 Fix a new gcc-9 warning [-Wstringop-truncation] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6581) (cherry picked from commit dc6c374bdb4872f6d5d727e73a2ed834e972842c) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 5221acc..83dae64 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -196,7 +196,7 @@ static int slg_write(BIO *b, const char *in, int inl) if ((buf = OPENSSL_malloc(inl + 1)) == NULL) { return (0); } - strncpy(buf, in, inl); + memcpy(buf, in, inl); buf[inl] = '\0'; i = 0; From bernd.edlinger at hotmail.de Sun Jun 24 16:06:07 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Sun, 24 Jun 2018 16:06:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1529856367.575509.28219.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via e78c4f531d44d2454ba44b9de615920d340e77ce (commit) from 8a8534620da8e13c8a7ab123ecd7fc0226f999bf (commit) - Log ----------------------------------------------------------------- commit e78c4f531d44d2454ba44b9de615920d340e77ce Author: Bernd Edlinger Date: Sat Jun 23 22:17:19 2018 +0200 Fix a new gcc-9 warning [-Wstringop-truncation] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6581) (cherry picked from commit dc6c374bdb4872f6d5d727e73a2ed834e972842c) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 1283a52..69c6e20 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -242,7 +242,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) { return (0); } - strncpy(buf, in, inl); + memcpy(buf, in, inl); buf[inl] = '\0'; i = 0; From matthias.st.pierre at ncp-e.com Sun Jun 24 18:26:49 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Sun, 24 Jun 2018 18:26:49 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529864809.820932.23948.nullmailer@dev.openssl.org> The branch master has been updated via 3445872e22735ff864d6b363d2d2b8acde740912 (commit) from dc6c374bdb4872f6d5d727e73a2ed834e972842c (commit) - Log ----------------------------------------------------------------- commit 3445872e22735ff864d6b363d2d2b8acde740912 Author: ??? Date: Sun Jun 24 15:28:33 2018 +0800 apps/speed.c: add missing checks for RAND_bytes() Function RAND_bytes() may return 0 or -1 on error, simply goto end label when it fails. Fixes #6567 Reviewed-by: Rich Salz Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6582) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 768e3a1..181873c 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2557,7 +2557,8 @@ int speed_main(int argc, char **argv) } for (i = 0; i < loopargs_len; i++) - RAND_bytes(loopargs[i].buf, 36); + if (RAND_bytes(loopargs[i].buf, 36) <= 0) + goto end; #ifndef OPENSSL_NO_RSA for (testnum = 0; testnum < RSA_NUM; testnum++) { @@ -2653,7 +2654,8 @@ int speed_main(int argc, char **argv) #endif /* OPENSSL_NO_RSA */ for (i = 0; i < loopargs_len; i++) - RAND_bytes(loopargs[i].buf, 36); + if (RAND_bytes(loopargs[i].buf, 36) <= 0) + goto end; #ifndef OPENSSL_NO_DSA for (testnum = 0; testnum < DSA_NUM; testnum++) { From matt at openssl.org Mon Jun 25 11:15:23 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 25 Jun 2018 11:15:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529925323.702888.25762.nullmailer@dev.openssl.org> The branch master has been updated via c35e96691ff3415e68531076ff9f011703524c0a (commit) from 3445872e22735ff864d6b363d2d2b8acde740912 (commit) - Log ----------------------------------------------------------------- commit c35e96691ff3415e68531076ff9f011703524c0a Author: Matt Caswell Date: Fri Jun 22 14:15:33 2018 +0100 Don't change a session once its in the cache Sessions should be immutable once they are in the cache because they could be shared with other threads. If you change them then this can cause corruptions and races Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6561) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_srvr.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index c2976b7..df3f15a 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3796,10 +3796,11 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) cb(s, SSL_CB_HANDSHAKE_START, 1); } /* - * If we already sent one NewSessionTicket then we need to take a copy - * of it and create a new session from it. + * If we already sent one NewSessionTicket, or we resumed then + * s->session may already be in a cache and so we must not modify it. + * Instead we need to take a copy of it and modify that. */ - if (s->sent_tickets != 0) { + if (s->sent_tickets != 0 || s->hit) { SSL_SESSION *new_sess = ssl_session_dup(s->session, 0); if (new_sess == NULL) { From appro at openssl.org Mon Jun 25 14:41:17 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 25 Jun 2018 14:41:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529937677.628662.29691.nullmailer@dev.openssl.org> The branch master has been updated via 469c2c4a455007ca3465b64e88a1dcfc864e3f0e (commit) via 5a2124620cb2893b2d5c40be75579cd9c35c839c (commit) from c35e96691ff3415e68531076ff9f011703524c0a (commit) - Log ----------------------------------------------------------------- commit 469c2c4a455007ca3465b64e88a1dcfc864e3f0e Author: Nicola Tuveri Date: Thu Jun 21 19:15:50 2018 +0300 Use ec_group_do_inverse_ord() in SM2 Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6521) commit 5a2124620cb2893b2d5c40be75579cd9c35c839c Author: Nicola Tuveri Date: Thu Jun 21 19:08:50 2018 +0300 Add inter-module private header for EC functions Internal submodules of libcrypto may require non-public functions from the EC submodule. In preparation to use `ec_group_do_inverse_ord()` (from #6116) inside the SM2 submodule to apply a SCA mitigation on the modular inversion, this commit moves the `ec_group_do_inverse_ord()` prototype declaration from the EC-local `crypto/ec/ec_lcl.h` header to the `crypto/include/internal/ec_int.h` inter-module private header. Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6521) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_lcl.h | 4 +--- crypto/include/internal/ec_int.h | 45 ++++++++++++++++++++++++++++++++++++++++ crypto/sm2/sm2_sign.c | 3 ++- 3 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 crypto/include/internal/ec_int.h diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index cf29c7c..ae38029 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -14,6 +14,7 @@ #include #include #include "internal/refcount.h" +#include "internal/ec_int.h" #include "curve448/curve448_lcl.h" #if defined(__SUNPRO_C) @@ -636,7 +637,4 @@ int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], void X25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]); -int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, - const BIGNUM *x, BN_CTX *ctx); - int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); diff --git a/crypto/include/internal/ec_int.h b/crypto/include/internal/ec_int.h new file mode 100644 index 0000000..bb4b512 --- /dev/null +++ b/crypto/include/internal/ec_int.h @@ -0,0 +1,45 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal EC functions for other submodules: not for application use */ + +#ifndef HEADER_OSSL_EC_INTERNAL_H +# define HEADER_OSSL_EC_INTERNAL_H +# include + +# ifndef OPENSSL_NO_EC + +# include + +/*- + * Computes the multiplicative inverse of x in the range + * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the + * subgroup generated by the generator G: + * + * res := x^(-1) (mod EC_GROUP::order). + * + * This function expects the following two conditions to hold: + * - the EC_GROUP order is prime, and + * - x is included in the range [1, EC_GROUP::order). + * + * This function returns 1 on success, 0 on error. + * + * If the EC_GROUP order is even, this function explicitly returns 0 as + * an error. + * In case any of the two conditions stated above is not satisfied, + * the correctness of its output is not guaranteed, even if the return + * value could still be 1 (as primality testing and a conditional modular + * reduction round on the input can be omitted by the underlying + * implementations for better SCA properties on regular input values). + */ +__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, + const BIGNUM *x, BN_CTX *ctx); + +# endif /* OPENSSL_NO_EC */ +#endif diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 9d19054..14576ca 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -11,6 +11,7 @@ #include "internal/sm2.h" #include "internal/sm2err.h" +#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */ #include #include #include @@ -133,7 +134,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) continue; if (!BN_add(s, dA, BN_value_one()) - || !BN_mod_inverse(s, s, order, ctx) + || !ec_group_do_inverse_ord(group, s, s, ctx) || !BN_mod_mul(tmp, dA, r, order, ctx) || !BN_sub(tmp, k, tmp) || !BN_mod_mul(s, s, tmp, order, ctx)) { From appro at openssl.org Mon Jun 25 14:43:44 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 25 Jun 2018 14:43:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529937824.773822.30986.nullmailer@dev.openssl.org> The branch master has been updated via 95a3705745aee42c6a6ef991707664c644541283 (commit) from 469c2c4a455007ca3465b64e88a1dcfc864e3f0e (commit) - Log ----------------------------------------------------------------- commit 95a3705745aee42c6a6ef991707664c644541283 Author: Andy Polyakov Date: Fri Jun 22 15:37:26 2018 +0200 ec/ec_pmeth.c: minor cleanups and readability fixes. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6562) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_pmeth.c | 53 +++++++++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index f4ea8b5..5bee031 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -88,11 +88,12 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) { EC_PKEY_CTX *dctx = ctx->data; - if (dctx) { + if (dctx != NULL) { EC_GROUP_free(dctx->gen_group); EC_KEY_free(dctx->co_key); OPENSSL_free(dctx->kdf_ukm); OPENSSL_free(dctx); + ctx->data = NULL; } } @@ -103,19 +104,23 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, unsigned int sltmp; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; + const int sig_sz = ECDSA_size(ec); - if (!sig) { - *siglen = ECDSA_size(ec); + /* ensure cast to size_t is safe */ + if (!ossl_assert(sig_sz > 0)) + return 0; + + if (sig == NULL) { + *siglen = (size_t)sig_sz; return 1; - } else if (*siglen < (size_t)ECDSA_size(ec)) { + } + + if (*siglen < (size_t)sig_sz) { ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); return 0; } - if (dctx->md) - type = EVP_MD_type(dctx->md); - else - type = NID_sha1; + type = (dctx->md != NULL) ? EVP_MD_type(dctx->md) : NID_sha1; ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); @@ -386,7 +391,8 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { EC_KEY *ec = NULL; EC_PKEY_CTX *dctx = ctx->data; - int ret = 0; + int ret; + if (dctx->gen_group == NULL) { ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET); return 0; @@ -394,10 +400,8 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) ec = EC_KEY_new(); if (ec == NULL) return 0; - ret = EC_KEY_set_group(ec, dctx->gen_group); - if (ret) - EVP_PKEY_assign_EC_KEY(pkey, ec); - else + if (!(ret = EC_KEY_set_group(ec, dctx->gen_group)) + || !ossl_assert(ret = EVP_PKEY_assign_EC_KEY(pkey, ec))) EC_KEY_free(ec); return ret; } @@ -406,23 +410,26 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { EC_KEY *ec = NULL; EC_PKEY_CTX *dctx = ctx->data; + int ret; + if (ctx->pkey == NULL && dctx->gen_group == NULL) { ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET); return 0; } ec = EC_KEY_new(); - if (!ec) + if (ec == NULL) + return 0; + if (!ossl_assert(EVP_PKEY_assign_EC_KEY(pkey, ec))) { + EC_KEY_free(ec); return 0; - EVP_PKEY_assign_EC_KEY(pkey, ec); - if (ctx->pkey) { - /* Note: if error return, pkey is freed by parent routine */ - if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - } else { - if (!EC_KEY_set_group(ec, dctx->gen_group)) - return 0; } - return EC_KEY_generate_key(pkey->pkey.ec); + /* Note: if error is returned, we count on caller to free pkey->pkey.ec */ + if (ctx->pkey != NULL) + ret = EVP_PKEY_copy_parameters(pkey, ctx->pkey); + else + ret = EC_KEY_set_group(ec, dctx->gen_group); + + return ret ? EC_KEY_generate_key(ec) : 0; } const EVP_PKEY_METHOD ec_pkey_meth = { From appro at openssl.org Mon Jun 25 14:46:00 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 25 Jun 2018 14:46:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529937960.158105.32002.nullmailer@dev.openssl.org> The branch master has been updated via 1753d1237429bace72a944f7654ce4b1c4364f60 (commit) via 8d58f0171e743ebda2b676016800f0a4cd66a1da (commit) from 95a3705745aee42c6a6ef991707664c644541283 (commit) - Log ----------------------------------------------------------------- commit 1753d1237429bace72a944f7654ce4b1c4364f60 Author: Andy Polyakov Date: Sun Jun 24 13:29:29 2018 +0200 PA-RISC assembly pack: make it work with GNU assembler for HP-UX. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6583) commit 8d58f0171e743ebda2b676016800f0a4cd66a1da Author: Andy Polyakov Date: Sun Jun 24 13:24:27 2018 +0200 rand/rand_unix.c: mask getentropy ELF detection on HP-UX. Unlike other ELF systems, HP-UX run-time linker fails to detect symbol availability through weak declaration. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6583) ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aes-parisc.pl | 9 +++++++++ crypto/bn/asm/parisc-mont.pl | 10 +++++++++- crypto/modes/asm/ghash-parisc.pl | 12 +++++++++++- crypto/pariscid.pl | 21 +++++++++++++++++---- crypto/rand/rand_unix.c | 2 +- crypto/rc4/asm/rc4-parisc.pl | 20 ++++++++++++++++---- crypto/sha/asm/sha1-parisc.pl | 20 ++++++++++++++++---- crypto/sha/asm/sha512-parisc.pl | 13 ++++++++++--- 8 files changed, 89 insertions(+), 18 deletions(-) diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl index b688ab3..93ed09c 100644 --- a/crypto/aes/asm/aes-parisc.pl +++ b/crypto/aes/asm/aes-parisc.pl @@ -1012,6 +1012,11 @@ L\$AES_Td .STRINGZ "AES for PA-RISC, CRYPTOGAMS by " ___ +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; @@ -1022,8 +1027,12 @@ foreach (split("\n",$code)) { $SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2) : sprintf("extrd,u%s,%d,8,",$1,63-$2)/e; + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); s/,\*/,/ if ($SIZE_T==4); s/\bbv\b(.*\(%r2\))/bve$1/ if ($SIZE_T==8); + print $_,"\n"; } close STDOUT; diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl index 78ab2dc..aa9f626 100644 --- a/crypto/bn/asm/parisc-mont.pl +++ b/crypto/bn/asm/parisc-mont.pl @@ -984,6 +984,11 @@ sub assemble { ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; } +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; # flip word order in 64-bit mode... @@ -991,7 +996,10 @@ foreach (split("\n",$code)) { # assemble 2.0 instructions in 32-bit mode... s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4); - s/\bbv\b/bve/gm if ($SIZE_T==8); + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/\bbv\b/bve/ if ($SIZE_T==8); print $_,"\n"; } diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl index fef2db1..654d9e9 100644 --- a/crypto/modes/asm/ghash-parisc.pl +++ b/crypto/modes/asm/ghash-parisc.pl @@ -724,6 +724,11 @@ sub assemble { ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; } +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; if ($SIZE_T==4) { @@ -731,7 +736,12 @@ foreach (split("\n",$code)) { s/cmpb,\*/comb,/; s/,\*/,/; } - s/\bbv\b/bve/ if ($SIZE_T==8); + + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/\bbv\b/bve/ if ($SIZE_T==8); + print $_,"\n"; } diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl index 3d4a5f8..5a231c4 100644 --- a/crypto/pariscid.pl +++ b/crypto/pariscid.pl @@ -255,9 +255,22 @@ L\$done2 .PROCEND ___ } -$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); -$code =~ s/,\*/,/gm if ($SIZE_T==4); -$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); -print $code; + +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + +foreach(split("\n",$code)) { + + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/cmpib,\*/comib,/ if ($SIZE_T==4); + s/,\*/,/ if ($SIZE_T==4); + s/\bbv\b/bve/ if ($SIZE_T==8); + + print $_,"\n"; +} close STDOUT; diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index fafa359..a545e08 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -240,7 +240,7 @@ int syscall_random(void *buf, size_t buflen) * - Linux since 3.17 with glibc 2.25 * - FreeBSD since 12.0 (1200061) */ -# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) +# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) extern int getentropy(void *bufer, size_t length) __attribute__((weak)); if (getentropy != NULL) diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl index 229c6c7..b9927da 100644 --- a/crypto/rc4/asm/rc4-parisc.pl +++ b/crypto/rc4/asm/rc4-parisc.pl @@ -313,9 +313,21 @@ L\$opts .STRINGZ "rc4(4x,`$SZ==1?"char":"int"`)" .STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by " ___ -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); -$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); -print $code; +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + +foreach(split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/cmpib,\*/comib,/ if ($SIZE_T==4); + s/\bbv\b/bve/ if ($SIZE_T==8); + + print $_,"\n"; +} close STDOUT; diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl index 822288e..88f4f2e 100644 --- a/crypto/sha/asm/sha1-parisc.pl +++ b/crypto/sha/asm/sha1-parisc.pl @@ -260,8 +260,20 @@ $code.=<<___; .STRINGZ "SHA1 block transform for PA-RISC, CRYPTOGAMS by " ___ -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/,\*/,/gm if ($SIZE_T==4); -$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); -print $code; +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + +foreach(split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/,\*/,/ if ($SIZE_T==4); + s/\bbv\b/bve/ if ($SIZE_T==8); + + print $_,"\n"; +} close STDOUT; diff --git a/crypto/sha/asm/sha512-parisc.pl b/crypto/sha/asm/sha512-parisc.pl index 5a082ba..d9933f0 100755 --- a/crypto/sha/asm/sha512-parisc.pl +++ b/crypto/sha/asm/sha512-parisc.pl @@ -767,6 +767,11 @@ sub assemble { ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; } +if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler/) { + $gnuas = 1; +} + foreach (split("\n",$code)) { s/\`([^\`]*)\`/eval $1/ge; @@ -790,9 +795,11 @@ foreach (split("\n",$code)) { s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($SIZE_T==4); - s/cmpb,\*/comb,/ if ($SIZE_T==4); - - s/\bbv\b/bve/ if ($SIZE_T==8); + s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); + s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); + s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); + s/cmpb,\*/comb,/ if ($SIZE_T==4); + s/\bbv\b/bve/ if ($SIZE_T==8); print $_,"\n"; } From appro at openssl.org Mon Jun 25 14:48:12 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 25 Jun 2018 14:48:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529938092.155941.790.nullmailer@dev.openssl.org> The branch master has been updated via fa339c69a6441ab79623c73f637e25018c735b49 (commit) from 1753d1237429bace72a944f7654ce4b1c4364f60 (commit) - Log ----------------------------------------------------------------- commit fa339c69a6441ab79623c73f637e25018c735b49 Author: Andy Polyakov Date: Sun Jun 24 16:43:21 2018 +0200 store/loader_file.c: fix char-subscripts warning. This happens on systems that perform is* character classifictions as array lookup, e.g. NetBSD. Reviewed-by: Rich Salz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6584) ----------------------------------------------------------------------- Summary of changes: crypto/store/loader_file.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 1d36cd2..25ada81 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -1216,9 +1216,9 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) * Last, check that the rest of the extension is a decimal number, at * least one digit long. */ - if (!isdigit(*p)) + if (!ossl_isdigit(*p)) return 0; - while (isdigit(*p)) + while (ossl_isdigit(*p)) p++; # ifdef __VMS @@ -1227,7 +1227,7 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) */ if (*p == ';') for (p++; *p != '\0'; p++) - if (!isdigit(*p)) + if (!ossl_isdigit(*p)) break; # endif From levitte at openssl.org Mon Jun 25 15:17:20 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 25 Jun 2018 15:17:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1529939840.028950.6324.nullmailer@dev.openssl.org> The branch master has been updated via 71419442a279a12c2e19a097b5c7e01c29d1fc9c (commit) from fa339c69a6441ab79623c73f637e25018c735b49 (commit) - Log ----------------------------------------------------------------- commit 71419442a279a12c2e19a097b5c7e01c29d1fc9c Author: Richard Levitte Date: Mon Jun 25 17:08:20 2018 +0200 OpenSSL_add_ssl_algorithm-is-deprecated() is deprecated, make it so This function is documented to be deprecated since OpenSSL 1.1.0. We need to make it so in openssl/ssl.h as well. Fixes #6565 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6588) ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 280250a..943a8d6 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1079,8 +1079,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_CLIENT_ONCE 0x04 # define SSL_VERIFY_POST_HANDSHAKE 0x08 -# define OpenSSL_add_ssl_algorithms() SSL_library_init() # if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() # endif From levitte at openssl.org Mon Jun 25 15:18:19 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 25 Jun 2018 15:18:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529939899.178443.7495.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via a6c1b411d328ce2326fae8cbe64f9dbf8c7f6861 (commit) from ad6edb21e1aa368e2e0d62659f124be67cab52a7 (commit) - Log ----------------------------------------------------------------- commit a6c1b411d328ce2326fae8cbe64f9dbf8c7f6861 Author: Richard Levitte Date: Mon Jun 25 17:08:20 2018 +0200 OpenSSL_add_ssl_algorithm-is-deprecated() is deprecated, make it so This function is documented to be deprecated since OpenSSL 1.1.0. We need to make it so in openssl/ssl.h as well. Fixes #6565 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6588) (cherry picked from commit 71419442a279a12c2e19a097b5c7e01c29d1fc9c) ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 70c1603..56e2056 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -967,8 +967,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 # define SSL_VERIFY_CLIENT_ONCE 0x04 -# define OpenSSL_add_ssl_algorithms() SSL_library_init() # if OPENSSL_API_COMPAT < 0x10100000L +# define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() # endif From levitte at openssl.org Mon Jun 25 15:51:38 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 25 Jun 2018 15:51:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1529941898.825164.14116.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 2f1ad5c81bd1856061cfe1c2d36b0af85f05ddf7 (commit) from a6c1b411d328ce2326fae8cbe64f9dbf8c7f6861 (commit) - Log ----------------------------------------------------------------- commit 2f1ad5c81bd1856061cfe1c2d36b0af85f05ddf7 Author: Richard Levitte Date: Mon Jun 25 17:14:12 2018 +0200 Move documentation to its correct location for this branch The 1.1.1 branch has a different location for documentation, this is the obvious result of a cherry-pick from there. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6589) ----------------------------------------------------------------------- Summary of changes: doc/{man3 => crypto}/X509_LOOKUP_meth_new.pod | 0 doc/{man3 => crypto}/X509_cmp_time.pod | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename doc/{man3 => crypto}/X509_LOOKUP_meth_new.pod (100%) rename doc/{man3 => crypto}/X509_cmp_time.pod (100%) diff --git a/doc/man3/X509_LOOKUP_meth_new.pod b/doc/crypto/X509_LOOKUP_meth_new.pod similarity index 100% rename from doc/man3/X509_LOOKUP_meth_new.pod rename to doc/crypto/X509_LOOKUP_meth_new.pod diff --git a/doc/man3/X509_cmp_time.pod b/doc/crypto/X509_cmp_time.pod similarity index 100% rename from doc/man3/X509_cmp_time.pod rename to doc/crypto/X509_cmp_time.pod From matt at openssl.org Tue Jun 26 09:11:22 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 Jun 2018 09:11:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530004282.174929.15004.nullmailer@dev.openssl.org> The branch master has been updated via 32f803d88ec3df7f95dfbf840c271f7438ce3357 (commit) via 20c0bce50654b5dfa70d8cec4fed719b3cce65fb (commit) from 71419442a279a12c2e19a097b5c7e01c29d1fc9c (commit) - Log ----------------------------------------------------------------- commit 32f803d88ec3df7f95dfbf840c271f7438ce3357 Author: Matt Caswell Date: Mon Jun 25 17:52:01 2018 +0100 Update SSL_SESSION_print for TLSv1.3 Make SSL_SESSION_print() show a bit more information for TLSv1.3 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6590) commit 20c0bce50654b5dfa70d8cec4fed719b3cce65fb Author: Matt Caswell Date: Mon Jun 25 16:46:57 2018 +0100 Only dump session data after we have received it s_client was dumping session data at the end of the handshake. In TLSv1.3 we don't have session data until receipt of a NewSessionTicket message which happens post-handshake. Therefore we delay dumping the session data until that message has arrived if TLSv1.3 has been negotiated. Fixes #6482 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6590) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 54 +++++++++++++++++++++++++++++++++++++++--------------- ssl/ssl_txt.c | 12 +++++++++++- 2 files changed, 50 insertions(+), 16 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 09f5340..8f9ad9d 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -844,15 +844,29 @@ static void freeandcopy(char **dest, const char *source) *dest = OPENSSL_strdup(source); } -static int new_session_cb(SSL *S, SSL_SESSION *sess) +static int new_session_cb(SSL *s, SSL_SESSION *sess) { - BIO *stmp = BIO_new_file(sess_out, "w"); - if (stmp == NULL) { - BIO_printf(bio_err, "Error writing session file %s\n", sess_out); - } else { - PEM_write_bio_SSL_SESSION(stmp, sess); - BIO_free(stmp); + if (sess_out != NULL) { + BIO *stmp = BIO_new_file(sess_out, "w"); + + if (stmp == NULL) { + BIO_printf(bio_err, "Error writing session file %s\n", sess_out); + } else { + PEM_write_bio_SSL_SESSION(stmp, sess); + BIO_free(stmp); + } + } + + /* + * Session data gets dumped on connection for TLSv1.2 and below, and on + * arrival of the NewSessionTicket for TLSv1.3. + */ + if (SSL_version(s) == TLS1_3_VERSION) { + BIO_printf(bio_c_out, + "---\nPost-Handshake New Session Ticket arrived:\n"); + SSL_SESSION_print(bio_c_out, sess); + BIO_printf(bio_c_out, "---\n"); } /* @@ -1919,11 +1933,9 @@ int s_client_main(int argc, char **argv) * come at any time. Therefore we use a callback to write out the session * when we know about it. This approach works for < TLSv1.3 as well. */ - if (sess_out != NULL) { - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT - | SSL_SESS_CACHE_NO_INTERNAL_STORE); - SSL_CTX_sess_set_new_cb(ctx, new_session_cb); - } + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_sess_set_new_cb(ctx, new_session_cb); if (set_keylog_file(ctx, keylog_file)) goto end; @@ -3125,7 +3137,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) X509 *peer = NULL; STACK_OF(X509) *sk; const SSL_CIPHER *c; - int i; + int i, istls13 = (SSL_version(s) == TLS1_3_VERSION); + long verify_result; #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; #endif @@ -3282,7 +3295,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif - if (SSL_version(s) == TLS1_3_VERSION) { + if (istls13) { switch (SSL_get_early_data_status(s)) { case SSL_EARLY_DATA_NOT_SENT: BIO_printf(bio, "Early data was not sent\n"); @@ -3297,9 +3310,20 @@ static void print_stuff(BIO *bio, SSL *s, int full) break; } + + /* + * We also print the verify results when we dump session information, + * but in TLSv1.3 we may not get that right away (or at all) depending + * on when we get a NewSessionTicket. Therefore we print it now as well. + */ + verify_result = SSL_get_verify_result(s); + BIO_printf(bio, "Verify return code: %ld (%s)\n", verify_result, + X509_verify_cert_error_string(verify_result)); + } else { + /* In TLSv1.3 we do this on arrival of a NewSessionTicket */ + SSL_SESSION_print(bio, SSL_get_session(s)); } - SSL_SESSION_print(bio, SSL_get_session(s)); if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) { BIO_printf(bio, "Keying material exporter:\n"); BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index fdaf21e..3856491 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -33,6 +33,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { size_t i; const char *s; + int istls13 = (x->ssl_version == TLS1_3_VERSION); if (x == NULL) goto err; @@ -70,7 +71,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) goto err; } - if (BIO_puts(bp, "\n Master-Key: ") <= 0) + if (istls13) { + if (BIO_puts(bp, "\n Resumption PSK: ") <= 0) + goto err; + } else if (BIO_puts(bp, "\n Master-Key: ") <= 0) goto err; for (i = 0; i < x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) @@ -145,6 +149,12 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0) goto err; + if (istls13) { + if (BIO_printf(bp, " Max Early Data: %u\n", + x->ext.max_early_data) <= 0) + goto err; + } + return 1; err: return 0; From appro at openssl.org Tue Jun 26 10:29:13 2018 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 Jun 2018 10:29:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530008953.488369.29826.nullmailer@dev.openssl.org> The branch master has been updated via 2c879241baaf9115e8ebbe228e1a624564eea64c (commit) from 32f803d88ec3df7f95dfbf840c271f7438ce3357 (commit) - Log ----------------------------------------------------------------- commit 2c879241baaf9115e8ebbe228e1a624564eea64c Author: Andy Polyakov Date: Fri Jun 22 14:13:59 2018 +0200 NOTES.UNIX: add "Linking your application" paragraph ... and mention more runtime search path flags. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6587) ----------------------------------------------------------------------- Summary of changes: NOTES.UNIX | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/NOTES.UNIX b/NOTES.UNIX index 284da10..6c291cb 100644 --- a/NOTES.UNIX +++ b/NOTES.UNIX @@ -24,12 +24,12 @@ Every Unix system has its own set of default locations for shared libraries, such as /lib, /usr/lib or possibly /usr/local/lib. If libraries are installed in non-default locations, dynamically linked - binaries will not find them and therefore fail to run unless they get a - bit of help from a defined runtime shared library search path. + binaries will not find them and therefore fail to run, unless they get + a bit of help from a defined runtime shared library search path. For OpenSSL's application (the 'openssl' command), our configuration scripts do NOT generally set the runtime shared library search path for - you. It's therefore advisable to set it explicitly when configuring + you. It's therefore advisable to set it explicitly when configuring, unless the libraries are to be installed in directories that you know to be in the default list. @@ -42,14 +42,15 @@ Possible options to set the runtime shared library search path include the following: - -Wl,-rpath,/whatever/path - -R /whatever/path - -rpath /whatever/path + -Wl,-rpath,/whatever/path # Linux, *BSD, etc. + -R /whatever/path # Solaris + -Wl,-R,/whatever/path # AIX (-bsvr4 is passed internally) + -Wl,+b,/whatever/path # HP-UX + -rpath /whatever/path # Tru64, IRIX OpenSSL's configuration scripts recognise all these options and pass - them to the Makefile that they build. (In fact, it recognises anything - starting with '-Wl,' as a linker option, so for example, HP-UX' - '-Wl,+b,/whatever/path' would be used correctly) + them to the Makefile that they build. (In fact, all arguments starting + with '-Wl,' are recognised as linker options.) Please do not use verbatim directories in your runtime shared library search path! Some OpenSSL config targets add an extra directory level @@ -89,3 +90,28 @@ $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)' + + It might be worth noting that some/most ELF systems implement support + for runtime search path relative to the directory containing current + executable, by interpreting $ORIGIN along with some other internal + variables. Consult your system documentation. + + Linking your application + ------------------------ + + Third-party applications dynamically linked with OpenSSL (or any other) + shared library face exactly the same problem with non-default locations. + The OpenSSL config options mentioned above might or might not have bearing + on linking of the target application. "Might" means that under some + circumstances it would be sufficient to link with OpenSSL shared library + "naturally", i.e. with -L/whatever/path -lssl -lcrypto. But there are + also cases when you'd have to explicitly specify runtime search path + when linking your application. Consult your system documentation and use + above section as inspiration... + + Shared OpenSSL builds also install static libraries. Linking with the + latter is likely to require special care, because linkers usually look + for shared libraries first and tend to remain "blind" to static OpenSSL + libraries. Referring to system documentation would suffice, if not for + a corner case. On AIX static libraries (in shared build) are named + differently, add _a suffix to link with them, e.g. -lcrypto_a. From bernd.edlinger at hotmail.de Tue Jun 26 13:51:36 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 26 Jun 2018 13:51:36 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1530021096.840139.735.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via da0bbdd62614df6d6a33f91142a3e72525f7186e (commit) from e78c4f531d44d2454ba44b9de615920d340e77ce (commit) - Log ----------------------------------------------------------------- commit da0bbdd62614df6d6a33f91142a3e72525f7186e Author: Bernd Edlinger Date: Mon Jun 25 09:53:46 2018 +0200 Fix some more gcc-9 warnings [-Wstringop-truncation] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6586) ----------------------------------------------------------------------- Summary of changes: apps/passwd.c | 6 +++--- ssl/s3_srvr.c | 9 +++++---- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/apps/passwd.c b/apps/passwd.c index 56e10ad..718f0e0 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) out_buf[0] = '$'; out_buf[1] = 0; assert(strlen(magic) <= 4); /* "1" or "apr1" */ - strncat(out_buf, magic, 4); - strncat(out_buf, "$", 1); - strncat(out_buf, salt, 8); + BUF_strlcat(out_buf, magic, sizeof(out_buf)); + BUF_strlcat(out_buf, "$", sizeof(out_buf)); + BUF_strlcat(out_buf, salt, sizeof(out_buf)); assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */ salt_out = out_buf + 2 + strlen(magic); salt_len = strlen(salt_out); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 96d973c..753b804 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1959,11 +1959,12 @@ int ssl3_send_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { + size_t len = strlen(s->ctx->psk_identity_hint); + /* copy PSK identity hint */ - s2n(strlen(s->ctx->psk_identity_hint), p); - strncpy((char *)p, s->ctx->psk_identity_hint, - strlen(s->ctx->psk_identity_hint)); - p += strlen(s->ctx->psk_identity_hint); + s2n(len, p); + memcpy(p, s->ctx->psk_identity_hint, len); + p += len; } #endif From no-reply at appveyor.com Tue Jun 26 16:09:37 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 26 Jun 2018 16:09:37 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.18745 Message-ID: <20180626160937.1.76CD508FCE3F372A@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Jun 26 17:13:50 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 Jun 2018 17:13:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530033230.011857.1443.nullmailer@dev.openssl.org> The branch master has been updated via 41145c35bfee8f2b0822288fcb23a807d06d8e89 (commit) via e880d4e58d1afe4d6e2d76646a8fbbe95fe05d40 (commit) via 6cc0b3c2171e26379e898574cb6d42b8d8dcc113 (commit) via 6a11d5c5ededa1543c2eeb2f9edcbe39bc58bb70 (commit) from 2c879241baaf9115e8ebbe228e1a624564eea64c (commit) - Log ----------------------------------------------------------------- commit 41145c35bfee8f2b0822288fcb23a807d06d8e89 Author: Matt Caswell Date: Fri Jun 22 15:05:27 2018 +0100 Document changes to SSL_OP_NO_TICKET for TLSv1.3 Reviewed-by: Rich Salz Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6563) commit e880d4e58d1afe4d6e2d76646a8fbbe95fe05d40 Author: Matt Caswell Date: Thu Jun 21 16:54:55 2018 +0100 Use stateful tickets if we are doing anti-replay During anti-replay we cache the ticket anyway, so there is no point in using a full stateless ticket. Fixes #6391 Reviewed-by: Rich Salz Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6563) commit 6cc0b3c2171e26379e898574cb6d42b8d8dcc113 Author: Matt Caswell Date: Wed Jun 13 15:57:39 2018 +0100 Respect SSL_OP_NO_TICKET in TLSv1.3 Implement support for stateful TLSv1.3 tickets, and use them if SSL_OP_NO_TICKET is set. Reviewed-by: Rich Salz Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6563) commit 6a11d5c5ededa1543c2eeb2f9edcbe39bc58bb70 Author: Matt Caswell Date: Wed Jun 13 11:59:43 2018 +0100 Restructure the ticket construction code Separate out as a new function the code to write out data which is specific to a stateless ticket. Reviewed-by: Rich Salz Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/6563) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 3 + doc/man3/SSL_CTX_set_options.pod | 40 +++- doc/man3/SSL_read_early_data.pod | 14 +- include/openssl/sslerr.h | 3 + ssl/ssl_err.c | 6 + ssl/ssl_lib.c | 9 +- ssl/ssl_locl.h | 2 + ssl/ssl_sess.c | 134 ++++++------ ssl/statem/extensions_srvr.c | 42 +++- ssl/statem/statem_srvr.c | 380 ++++++++++++++++++++------------- test/handshake_helper.c | 26 ++- test/ssl-tests/10-resumption.conf | 32 +++ test/ssl-tests/11-dtls_resumption.conf | 8 + test/ssl-tests/protocol_version.pm | 1 + test/sslapitest.c | 3 +- 15 files changed, 464 insertions(+), 239 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index e0580a8..e65a806 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1089,7 +1089,10 @@ SSL_F_CHECK_SUITEB_CIPHER_LIST:331:check_suiteb_cipher_list SSL_F_CIPHERSUITE_CB:622:ciphersuite_cb SSL_F_CONSTRUCT_CA_NAMES:552:construct_ca_names SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS:553:construct_key_exchange_tbs +SSL_F_CONSTRUCT_STATEFUL_TICKET:636:construct_stateful_ticket +SSL_F_CONSTRUCT_STATELESS_TICKET:637:construct_stateless_ticket SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH:539:create_synthetic_message_hash +SSL_F_CREATE_TICKET_PREQUEL:638:create_ticket_prequel SSL_F_CT_MOVE_SCTS:345:ct_move_scts SSL_F_CT_STRICT:349:ct_strict SSL_F_CUSTOM_EXT_ADD:554:custom_ext_add diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 552de07..f04de32 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -145,13 +145,39 @@ DTLS connections. =item SSL_OP_NO_TICKET -Normally clients and servers will, where possible, transparently make use -of RFC4507bis tickets for stateless session resumption. - -If this option is set this functionality is disabled and tickets will -not be used by clients or servers. - -This option only applies to TLSv1.2 and below. It is ignored for TLSv1.3. +SSL/TLS supports two mechanisms for resuming sessions: session ids and stateless +session tickets. + +When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache. + +When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a "ticket". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly - no session +information needs to be cached locally. + +The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache. + +By default OpenSSL will use stateless tickets. The SSL_OP_NO_TICKET option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only. + +In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling L or +L. =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index bc5bd0a..6a76ec2 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -226,12 +226,14 @@ was submitted will be ignored). Note that single use tickets are enforced even if a client does not send any early data. The replay protection mechanism relies on the internal OpenSSL server session -cache (see L). By default sessions will be -added to the cache whenever a session ticket is issued. When a client attempts -to resume the session OpenSSL will check for its presence in the internal cache. -If it exists then the resumption is allowed and the session is removed from the -cache. If it does not exist then the resumption is not allowed and a full -handshake will occur. +cache (see L). When replay protection is +being used the server will operate as if the SSL_OP_NO_TICKET option had been +selected (see L). Sessions will be added to the cache +whenever a session ticket is issued. When a client attempts to resume the +session, OpenSSL will check for its presence in the internal cache. If it exists +then the resumption is allowed and the session is removed from the cache. If it +does not exist then the resumption is not allowed and a full handshake will +occur. Note that some applications may maintain an external cache of sessions (see L and similar functions). It is the application's diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 8e395cd..b2c6c1e 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -26,7 +26,10 @@ int ERR_load_SSL_strings(void); # define SSL_F_CIPHERSUITE_CB 622 # define SSL_F_CONSTRUCT_CA_NAMES 552 # define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS 553 +# define SSL_F_CONSTRUCT_STATEFUL_TICKET 636 +# define SSL_F_CONSTRUCT_STATELESS_TICKET 637 # define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH 539 +# define SSL_F_CREATE_TICKET_PREQUEL 638 # define SSL_F_CT_MOVE_SCTS 345 # define SSL_F_CT_STRICT 349 # define SSL_F_CUSTOM_EXT_ADD 554 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index bce2036..03c5bf2 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -24,8 +24,14 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0), "construct_key_exchange_tbs"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATEFUL_TICKET, 0), + "construct_stateful_ticket"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATELESS_TICKET, 0), + "construct_stateless_ticket"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH, 0), "create_synthetic_message_hash"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_TICKET_PREQUEL, 0), + "create_ticket_prequel"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_MOVE_SCTS, 0), "ct_move_scts"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_STRICT, 0), "ct_strict"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_ADD, 0), "custom_ext_add"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 22f729c..6ced147 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3369,18 +3369,21 @@ void ssl_update_cache(SSL *s, int mode) && (!s->hit || SSL_IS_TLS13(s))) { /* * Add the session to the internal cache. In server side TLSv1.3 we - * normally don't do this because its a full stateless ticket with only - * a dummy session id so there is no reason to cache it, unless: + * normally don't do this because by default it's a full stateless ticket + * with only a dummy session id so there is no reason to cache it, + * unless: * - we are doing early_data, in which case we cache so that we can * detect replays * - the application has set a remove_session_cb so needs to know about * session timeout events + * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket */ if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 && (!SSL_IS_TLS13(s) || !s->server || s->max_early_data > 0 - || s->session_ctx->remove_session_cb != NULL)) + || s->session_ctx->remove_session_cb != NULL + || (s->options & SSL_OP_NO_TICKET) != 0)) SSL_CTX_add_session(s->session_ctx, s->session); /* diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 86c250b..a4d1376 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2212,6 +2212,8 @@ void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); __owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss); __owur int ssl_get_new_session(SSL *s, int session); +__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, + size_t sess_id_len); __owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); __owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index fde4187..628b9f0 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -12,6 +12,7 @@ #include #include #include "internal/refcount.h" +#include "internal/cryptlib.h" #include "ssl_locl.h" #include "statem/statem_locl.h" @@ -452,6 +453,73 @@ int ssl_get_new_session(SSL *s, int session) return 1; } +SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, + size_t sess_id_len) +{ + SSL_SESSION *ret = NULL; + int discard; + + if ((s->session_ctx->session_cache_mode + & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) { + SSL_SESSION data; + + data.ssl_version = s->version; + if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH)) + return NULL; + + memcpy(data.session_id, sess_id, sess_id_len); + data.session_id_length = sess_id_len; + + CRYPTO_THREAD_read_lock(s->session_ctx->lock); + ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); + if (ret != NULL) { + /* don't allow other threads to steal it: */ + SSL_SESSION_up_ref(ret); + } + CRYPTO_THREAD_unlock(s->session_ctx->lock); + if (ret == NULL) + CRYPTO_atomic_add(&s->session_ctx->stats.sess_miss, 1, &discard, + s->session_ctx->lock); + } + + if (ret == NULL && s->session_ctx->get_session_cb != NULL) { + int copy = 1; + + ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); + + if (ret != NULL) { + CRYPTO_atomic_add(&s->session_ctx->stats.sess_cb_hit, 1, &discard, + s->session_ctx->lock); + + /* + * Increment reference count now if the session callback asks us + * to do so (note that if the session structures returned by the + * callback are shared between threads, it must handle the + * reference count itself [i.e. copy == 0], or things won't be + * thread-safe). + */ + if (copy) + SSL_SESSION_up_ref(ret); + + /* + * Add the externally cached session to the internal cache as + * well if and only if we are supposed to. + */ + if ((s->session_ctx->session_cache_mode & + SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) { + /* + * Either return value of SSL_CTX_add_session should not + * interrupt the session resumption process. The return + * value is intentionally ignored. + */ + (void)SSL_CTX_add_session(s->session_ctx, ret); + } + } + } + + return ret; +} + /*- * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this * connection. It is only called by servers. @@ -504,8 +572,11 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) goto err; case SSL_TICKET_NONE: case SSL_TICKET_EMPTY: - if (hello->session_id_len > 0) + if (hello->session_id_len > 0) { try_session_cache = 1; + ret = lookup_sess_in_cache(s, hello->session_id, + hello->session_id_len); + } break; case SSL_TICKET_NO_DECRYPT: case SSL_TICKET_SUCCESS: @@ -514,67 +585,6 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) } } - if (try_session_cache && - ret == NULL && - !(s->session_ctx->session_cache_mode & - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { - SSL_SESSION data; - - data.ssl_version = s->version; - memcpy(data.session_id, hello->session_id, hello->session_id_len); - data.session_id_length = hello->session_id_len; - - CRYPTO_THREAD_read_lock(s->session_ctx->lock); - ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data); - if (ret != NULL) { - /* don't allow other threads to steal it: */ - SSL_SESSION_up_ref(ret); - } - CRYPTO_THREAD_unlock(s->session_ctx->lock); - if (ret == NULL) - CRYPTO_atomic_add(&s->session_ctx->stats.sess_miss, 1, &discard, - s->session_ctx->lock); - } - - if (try_session_cache && - ret == NULL && s->session_ctx->get_session_cb != NULL) { - int copy = 1; - - ret = s->session_ctx->get_session_cb(s, hello->session_id, - hello->session_id_len, - ©); - - if (ret != NULL) { - CRYPTO_atomic_add(&s->session_ctx->stats.sess_cb_hit, 1, &discard, - s->session_ctx->lock); - - /* - * Increment reference count now if the session callback asks us - * to do so (note that if the session structures returned by the - * callback are shared between threads, it must handle the - * reference count itself [i.e. copy == 0], or things won't be - * thread-safe). - */ - if (copy) - SSL_SESSION_up_ref(ret); - - /* - * Add the externally cached session to the internal cache as - * well if and only if we are supposed to. - */ - if (! - (s->session_ctx->session_cache_mode & - SSL_SESS_CACHE_NO_INTERNAL_STORE)) { - /* - * Either return value of SSL_CTX_add_session should not - * interrupt the session resumption process. The return - * value is intentionally ignored. - */ - SSL_CTX_add_session(s->session_ctx, ret); - } - } - } - if (ret == NULL) goto err; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 7c756c0..f58ed0b 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1009,6 +1009,33 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, return 1; } +static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, + SSL_SESSION **sess) +{ + SSL_SESSION *tmpsess = NULL; + + switch (PACKET_remaining(tick)) { + case 0: + return SSL_TICKET_EMPTY; + + case SSL_MAX_SSL_SESSION_ID_LENGTH: + break; + + default: + return SSL_TICKET_NO_DECRYPT; + } + + tmpsess = lookup_sess_in_cache(s, PACKET_data(tick), + SSL_MAX_SSL_SESSION_ID_LENGTH); + + if (tmpsess == NULL) + return SSL_TICKET_NO_DECRYPT; + + s->ext.ticket_expected = 1; + *sess = tmpsess; + return SSL_TICKET_SUCCESS; +} + int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { @@ -1132,9 +1159,18 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, uint32_t ticket_age = 0, now, agesec, agems; int ret; - ret = tls_decrypt_ticket(s, PACKET_data(&identity), - PACKET_remaining(&identity), NULL, 0, - &sess); + /* + * If we are using anti-replay protection then we behave as if + * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there + * is no point in using full stateless tickets. + */ + if ((s->options & SSL_OP_NO_TICKET) != 0 + || s->max_early_data > 0) + ret = tls_get_stateful_ticket(s, &identity, &sess); + else + ret = tls_decrypt_ticket(s, PACKET_data(&identity), + PACKET_remaining(&identity), NULL, 0, + &sess); if (ret == SSL_TICKET_EMPTY) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index df3f15a..9c44be0 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3739,7 +3739,44 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt) return 1; } -int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) +static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, + unsigned char *tick_nonce) +{ + /* + * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this + * unspecified for resumed session (for simplicity). + * In TLSv1.3 we reset the "time" field above, and always specify the + * timeout. + */ + if (!WPACKET_put_bytes_u32(pkt, + (s->hit && !SSL_IS_TLS13(s)) + ? 0 : s->session->timeout)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL, + ERR_R_INTERNAL_ERROR); + return 0; + } + + if (SSL_IS_TLS13(s)) { + if (!WPACKET_put_bytes_u32(pkt, age_add) + || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL, + ERR_R_INTERNAL_ERROR); + return 0; + } + } + + /* Start the sub-packet for the actual ticket data */ + if (!WPACKET_start_sub_packet_u16(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL, + ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, + unsigned char *tick_nonce) { unsigned char *senc = NULL; EVP_CIPHER_CTX *ctx = NULL; @@ -3752,115 +3789,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) SSL_CTX *tctx = s->session_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[TLSEXT_KEYNAME_LENGTH]; - int iv_len; - unsigned char tick_nonce[TICKET_NONCE_SIZE]; + int iv_len, ok = 0; size_t macoffset, macendoffset; - union { - unsigned char age_add_c[sizeof(uint32_t)]; - uint32_t age_add; - } age_add_u; - - if (SSL_IS_TLS13(s)) { - size_t i, hashlen; - uint64_t nonce; - static const unsigned char nonce_label[] = "resumption"; - const EVP_MD *md = ssl_handshake_md(s); - void (*cb) (const SSL *ssl, int type, int val) = NULL; - int hashleni = EVP_MD_size(md); - - /* Ensure cast to size_t is safe */ - if (!ossl_assert(hashleni >= 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, - ERR_R_INTERNAL_ERROR); - goto err; - } - hashlen = (size_t)hashleni; - - if (s->info_callback != NULL) - cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; - - if (cb != NULL) { - /* - * We don't start and stop the handshake in between each ticket when - * sending more than one - but it should appear that way to the info - * callback. - */ - if (s->sent_tickets != 0) { - ossl_statem_set_in_init(s, 0); - cb(s, SSL_CB_HANDSHAKE_DONE, 1); - ossl_statem_set_in_init(s, 1); - } - cb(s, SSL_CB_HANDSHAKE_START, 1); - } - /* - * If we already sent one NewSessionTicket, or we resumed then - * s->session may already be in a cache and so we must not modify it. - * Instead we need to take a copy of it and modify that. - */ - if (s->sent_tickets != 0 || s->hit) { - SSL_SESSION *new_sess = ssl_session_dup(s->session, 0); - - if (new_sess == NULL) { - /* SSLfatal already called */ - goto err; - } - - SSL_SESSION_free(s->session); - s->session = new_sess; - } - - if (!ssl_generate_session_id(s, s->session)) { - /* SSLfatal() already called */ - goto err; - } - if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, - ERR_R_INTERNAL_ERROR); - goto err; - } - s->session->ext.tick_age_add = age_add_u.age_add; - - nonce = s->next_ticket_nonce; - for (i = TICKET_NONCE_SIZE; i > 0; i--) { - tick_nonce[i - 1] = (unsigned char)(nonce & 0xff); - nonce >>= 8; - } - - if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, - nonce_label, - sizeof(nonce_label) - 1, - tick_nonce, - TICKET_NONCE_SIZE, - s->session->master_key, - hashlen)) { - /* SSLfatal() already called */ - goto err; - } - s->session->master_key_length = hashlen; - - s->session->time = (long)time(NULL); - if (s->s3->alpn_selected != NULL) { - OPENSSL_free(s->session->ext.alpn_selected); - s->session->ext.alpn_selected = - OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); - if (s->session->ext.alpn_selected == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, - ERR_R_MALLOC_FAILURE); - goto err; - } - s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; - } - s->session->ext.max_early_data = s->max_early_data; - } - - if (tctx->generate_ticket_cb != NULL && - tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) - goto err; /* get session encoding length */ slen_full = i2d_SSL_SESSION(s->session, NULL); @@ -3869,29 +3799,29 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) * long */ if (slen_full == 0 || slen_full > 0xFF00) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); goto err; } senc = OPENSSL_malloc(slen_full); if (senc == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_MALLOC_FAILURE); goto err; } ctx = EVP_CIPHER_CTX_new(); hctx = HMAC_CTX_new(); if (ctx == NULL || hctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_MALLOC_FAILURE); goto err; } p = senc; if (!i2d_SSL_SESSION(s->session, &p)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); goto err; } @@ -3901,23 +3831,23 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) const_p = senc; sess = d2i_SSL_SESSION(NULL, &const_p, slen_full); if (sess == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); goto err; } slen = i2d_SSL_SESSION(sess, NULL); if (slen == 0 || slen > slen_full) { /* shouldn't ever happen */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); SSL_SESSION_free(sess); goto err; } p = senc; if (!i2d_SSL_SESSION(sess, &p)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); SSL_SESSION_free(sess); goto err; } @@ -3938,7 +3868,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) if (!WPACKET_put_bytes_u32(pkt, 0) || !WPACKET_put_bytes_u16(pkt, 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR); goto err; } @@ -3948,8 +3878,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) return 1; } if (ret < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, SSL_R_CALLBACK_FAILED); goto err; } @@ -3964,8 +3893,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key, sizeof(tctx->ext.secure->tick_hmac_key), EVP_sha256(), NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR); goto err; } @@ -3973,22 +3901,12 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) sizeof(tctx->ext.tick_key_name)); } - /* - * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this - * unspecified for resumed session (for simplicity). - * In TLSv1.3 we reset the "time" field above, and always specify the - * timeout. - */ - if (!WPACKET_put_bytes_u32(pkt, - (s->hit && !SSL_IS_TLS13(s)) - ? 0 : s->session->timeout) - || (SSL_IS_TLS13(s) - && (!WPACKET_put_bytes_u32(pkt, age_add_u.age_add) - || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, - TICKET_NONCE_SIZE))) - /* Now the actual ticket data */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_get_total_written(pkt, &macoffset) + if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { + /* SSLfatal() already called */ + goto err; + } + + if (!WPACKET_get_total_written(pkt, &macoffset) /* Output key name */ || !WPACKET_memcpy(pkt, key_name, sizeof(key_name)) /* output IV */ @@ -4011,12 +3929,176 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) || !HMAC_Final(hctx, macdata1, &hlen) || hlen > EVP_MAX_MD_SIZE || !WPACKET_allocate_bytes(pkt, hlen, &macdata2) - || macdata1 != macdata2 - || !WPACKET_close(pkt)) { + || macdata1 != macdata2) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); + SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Close the sub-packet created by create_ticket_prequel() */ + if (!WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET, + ERR_R_INTERNAL_ERROR); goto err; } + + ok = 1; + err: + OPENSSL_free(senc); + EVP_CIPHER_CTX_free(ctx); + HMAC_CTX_free(hctx); + return ok; +} + +static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, + unsigned char *tick_nonce) +{ + if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) { + /* SSLfatal() already called */ + return 0; + } + + if (!WPACKET_memcpy(pkt, s->session->session_id, + s->session->session_id_length) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATEFUL_TICKET, + ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) +{ + SSL_CTX *tctx = s->session_ctx; + unsigned char tick_nonce[TICKET_NONCE_SIZE]; + union { + unsigned char age_add_c[sizeof(uint32_t)]; + uint32_t age_add; + } age_add_u; + + age_add_u.age_add = 0; + + if (SSL_IS_TLS13(s)) { + size_t i, hashlen; + uint64_t nonce; + static const unsigned char nonce_label[] = "resumption"; + const EVP_MD *md = ssl_handshake_md(s); + void (*cb) (const SSL *ssl, int type, int val) = NULL; + int hashleni = EVP_MD_size(md); + + /* Ensure cast to size_t is safe */ + if (!ossl_assert(hashleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); + goto err; + } + hashlen = (size_t)hashleni; + + if (s->info_callback != NULL) + cb = s->info_callback; + else if (s->ctx->info_callback != NULL) + cb = s->ctx->info_callback; + + if (cb != NULL) { + /* + * We don't start and stop the handshake in between each ticket when + * sending more than one - but it should appear that way to the info + * callback. + */ + if (s->sent_tickets != 0) { + ossl_statem_set_in_init(s, 0); + cb(s, SSL_CB_HANDSHAKE_DONE, 1); + ossl_statem_set_in_init(s, 1); + } + cb(s, SSL_CB_HANDSHAKE_START, 1); + } + /* + * If we already sent one NewSessionTicket, or we resumed then + * s->session may already be in a cache and so we must not modify it. + * Instead we need to take a copy of it and modify that. + */ + if (s->sent_tickets != 0 || s->hit) { + SSL_SESSION *new_sess = ssl_session_dup(s->session, 0); + + if (new_sess == NULL) { + /* SSLfatal already called */ + goto err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + + if (!ssl_generate_session_id(s, s->session)) { + /* SSLfatal() already called */ + goto err; + } + if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); + goto err; + } + s->session->ext.tick_age_add = age_add_u.age_add; + + nonce = s->next_ticket_nonce; + for (i = TICKET_NONCE_SIZE; i > 0; i--) { + tick_nonce[i - 1] = (unsigned char)(nonce & 0xff); + nonce >>= 8; + } + + if (!tls13_hkdf_expand(s, md, s->resumption_master_secret, + nonce_label, + sizeof(nonce_label) - 1, + tick_nonce, + TICKET_NONCE_SIZE, + s->session->master_key, + hashlen)) { + /* SSLfatal() already called */ + goto err; + } + s->session->master_key_length = hashlen; + + s->session->time = (long)time(NULL); + if (s->s3->alpn_selected != NULL) { + OPENSSL_free(s->session->ext.alpn_selected); + s->session->ext.alpn_selected = + OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); + if (s->session->ext.alpn_selected == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_MALLOC_FAILURE); + goto err; + } + s->session->ext.alpn_selected_len = s->s3->alpn_selected_len; + } + s->session->ext.max_early_data = s->max_early_data; + } + + if (tctx->generate_ticket_cb != NULL && + tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) + goto err; + + /* + * If we are using anti-replay protection then we behave as if + * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there + * is no point in using full stateless tickets. + */ + if (((s->options & SSL_OP_NO_TICKET) != 0 || s->max_early_data > 0) + && SSL_IS_TLS13(s)) { + if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) { + /* SSLfatal() already called */ + goto err; + } + } else if (!construct_stateless_ticket(s, pkt, age_add_u.age_add, + tick_nonce)) { + /* SSLfatal() already called */ + goto err; + } + if (SSL_IS_TLS13(s)) { if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_NEW_SESSION_TICKET, @@ -4033,15 +4115,9 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) s->next_ticket_nonce++; ssl_update_cache(s, SSL_SESS_CACHE_SERVER); } - EVP_CIPHER_CTX_free(ctx); - HMAC_CTX_free(hctx); - OPENSSL_free(senc); return 1; err: - OPENSSL_free(senc); - EVP_CIPHER_CTX_free(ctx); - HMAC_CTX_free(hctx); return 0; } diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 3ebf64d..c40a0e7 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -1396,7 +1396,8 @@ static int create_sctp_socks(int *ssock, int *csock) static HANDSHAKE_RESULT *do_handshake_internal( SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx, const SSL_TEST_CTX *test_ctx, const SSL_TEST_EXTRA_CONF *extra, - SSL_SESSION *session_in, SSL_SESSION **session_out) + SSL_SESSION *session_in, SSL_SESSION *serv_sess_in, + SSL_SESSION **session_out, SSL_SESSION **serv_sess_out) { PEER server, client; BIO *client_to_server = NULL, *server_to_client = NULL; @@ -1452,10 +1453,14 @@ static HANDSHAKE_RESULT *do_handshake_internal( configure_handshake_ssl(server.ssl, client.ssl, extra); if (session_in != NULL) { + SSL_SESSION_get_id(serv_sess_in, &sess_id_len); /* In case we're testing resumption without tickets. */ - if (!TEST_true(SSL_CTX_add_session(server_ctx, session_in)) + if ((sess_id_len > 0 + && !TEST_true(SSL_CTX_add_session(server_ctx, + serv_sess_in))) || !TEST_true(SSL_set_session(client.ssl, session_in))) goto err; + sess_id_len = 0; } ret->result = SSL_TEST_INTERNAL_ERROR; @@ -1657,6 +1662,16 @@ static HANDSHAKE_RESULT *do_handshake_internal( if (session_out != NULL) *session_out = SSL_get1_session(client.ssl); + if (serv_sess_out != NULL) { + SSL_SESSION *tmp = SSL_get_session(server.ssl); + + /* + * We create a fresh copy that is not in the server session ctx linked + * list. + */ + if (tmp != NULL) + *serv_sess_out = SSL_SESSION_dup(tmp); + } if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) { ret->tmp_key_type = pkey_type(tmp_key); @@ -1699,11 +1714,11 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, const SSL_TEST_CTX *test_ctx) { HANDSHAKE_RESULT *result; - SSL_SESSION *session = NULL; + SSL_SESSION *session = NULL, *serv_sess = NULL; result = do_handshake_internal(server_ctx, server2_ctx, client_ctx, test_ctx, &test_ctx->extra, - NULL, &session); + NULL, NULL, &session, &serv_sess); if (result == NULL || test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME || result->result == SSL_TEST_INTERNAL_ERROR) @@ -1718,8 +1733,9 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, /* We don't support SNI on second handshake yet, so server2_ctx is NULL. */ result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx, test_ctx, &test_ctx->resume_extra, - session, NULL); + session, serv_sess, NULL, NULL); end: SSL_SESSION_free(session); + SSL_SESSION_free(serv_sess); return result; } diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf index 73955de..73de974 100644 --- a/test/ssl-tests/10-resumption.conf +++ b/test/ssl-tests/10-resumption.conf @@ -90,6 +90,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-resumption-client] @@ -126,6 +127,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-resumption-client] @@ -162,6 +164,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-resumption-client] @@ -198,6 +201,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-resumption-client] @@ -234,6 +238,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-resumption-client] @@ -270,6 +275,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-resumption-client] @@ -306,6 +312,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.3 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-resumption-client] @@ -342,6 +349,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.3 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-resumption-client] @@ -378,6 +386,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-resumption-client] @@ -414,6 +423,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-resumption-client] @@ -450,6 +460,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-resumption-client] @@ -486,6 +497,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-resumption-client] @@ -522,6 +534,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-resumption-client] @@ -558,6 +571,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-resumption-client] @@ -594,6 +608,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.3 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-resumption-client] @@ -630,6 +645,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.3 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-resumption-client] @@ -666,6 +682,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-resumption-client] @@ -702,6 +719,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-resumption-client] @@ -738,6 +756,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-resumption-client] @@ -774,6 +793,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-resumption-client] @@ -810,6 +830,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-resumption-client] @@ -846,6 +867,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-resumption-client] @@ -882,6 +904,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.3 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-resumption-client] @@ -918,6 +941,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.3 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-resumption-client] @@ -954,6 +978,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-resumption-client] @@ -990,6 +1015,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-resumption-client] @@ -1026,6 +1052,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-resumption-client] @@ -1062,6 +1089,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-resumption-client] @@ -1098,6 +1126,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-resumption-client] @@ -1134,6 +1163,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [29-resumption-client] @@ -1170,6 +1200,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.3 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [30-resumption-client] @@ -1206,6 +1237,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.3 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [31-resumption-client] diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.conf index ceed959..a981fa5 100644 --- a/test/ssl-tests/11-dtls_resumption.conf +++ b/test/ssl-tests/11-dtls_resumption.conf @@ -41,6 +41,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-resumption-client] @@ -78,6 +79,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-resumption-client] @@ -115,6 +117,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-resumption-client] @@ -152,6 +155,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-resumption-client] @@ -189,6 +193,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-resumption-client] @@ -226,6 +231,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-resumption-client] @@ -263,6 +269,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1.2 +Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-resumption-client] @@ -300,6 +307,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = DTLSv1.2 +Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-resumption-client] diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm index 215f9e8..943719e 100644 --- a/test/ssl-tests/protocol_version.pm +++ b/test/ssl-tests/protocol_version.pm @@ -210,6 +210,7 @@ sub generate_resumption_tests { }, "resume_server" => { "MaxProtocol" => $protocols[$resume_protocol], + "Options" => $ticket, }, "test" => { "ExpectedProtocol" => $protocols[$resume_protocol], diff --git a/test/sslapitest.c b/test/sslapitest.c index 9b0237e..61619a3 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1062,7 +1062,8 @@ static int execute_test_session(int maxprot, int use_int_cache, sess2 = NULL; SSL_CTX_set_max_proto_version(sctx, maxprot); - SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); + if (maxprot == TLS1_2_VERSION) + SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); new_called = remove_called = get_called = 0; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, NULL)) From no-reply at appveyor.com Tue Jun 26 18:07:59 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 26 Jun 2018 18:07:59 +0000 Subject: [openssl-commits] Build completed: openssl master.18746 Message-ID: <20180626180759.1.6A6E0FA19D4A496A@appveyor.com> An HTML attachment was scrubbed... URL: From bfussell at cisco.com Tue Jun 26 18:32:36 2018 From: bfussell at cisco.com (Barry Fussell (bfussell)) Date: Tue, 26 Jun 2018 18:32:36 +0000 Subject: [openssl-commits] Build failed in Jenkins: master_noec #574 In-Reply-To: <2047571367.460.1529422051316.JavaMail.jenkins@ip-172-31-34-99> References: <1825497302.459.1529407642729.JavaMail.jenkins@ip-172-31-34-99> <2047571367.460.1529422051316.JavaMail.jenkins@ip-172-31-34-99> Message-ID: <932ef019d3644767a9b17effafcc19f8@XCH-ALN-004.cisco.com> The evp_test is failing intermittently because there is an attempt to malloc zero bytes when running the new test that came in with this commit. https://bitbucket-eng-rtp1.cisco.com/bitbucket/projects/TS/repos/ciscossl/commits/7b3e775a6a78650bbd3e8e19a5aa12981880402b#test/evptests.txt static int pderive_test_run(struct evp_test *t) { struct pkey_data *kdata = t->data; unsigned char *out = NULL; size_t out_len; const char *err = "INTERNAL_ERROR"; out_len = kdata->output_len; out = OPENSSL_malloc(out_len); <----- out is zero because there is no SharedSecret if (!out) { -----Original Message----- From: osslsanity at gmail.com [mailto:osslsanity at gmail.com] Sent: Tuesday, June 19, 2018 11:28 AM To: Barry Fussell (bfussell) ; openssl-commits at openssl.org Subject: Build failed in Jenkins: master_noec #574 See Changes: [Matthias.St.Pierre] Fix & update documentation about RAND_priv_bytes() [Matthias.St.Pierre] Improve the output of `make doc-nits` ------------------------------------------ [...truncated 505.72 KB...] rm -f test/v3ext ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3ext test/v3ext.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/v3nametest.d.tmp -MT test/v3nametest.o -c -o test/v3nametest.o test/v3nametest.c rm -f test/v3nametest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/v3nametest test/v3nametest.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/verify_extra_test.d.tmp -MT test/verify_extra_test.o -c -o test/verify_extra_test.o test/verify_extra_test.c rm -f test/verify_extra_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/verify_extra_test test/verify_extra_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/versions.d.tmp -MT test/versions.o -c -o test/versions.o test/versions.c rm -f test/versions ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/versions test/versions.o \ -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/wpackettest.d.tmp -MT test/wpackettest.o -c -o test/wpackettest.o test/wpackettest.c rm -f test/wpackettest ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/wpackettest test/wpackettest.o \ libssl.a test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_check_cert_pkey_test.d.tmp -MT test/x509_check_cert_pkey_test.o -c -o test/x509_check_cert_pkey_test.o test/x509_check_cert_pkey_test.c rm -f test/x509_check_cert_pkey_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_check_cert_pkey_test test/x509_check_cert_pkey_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_dup_cert_test.d.tmp -MT test/x509_dup_cert_test.o -c -o test/x509_dup_cert_test.o test/x509_dup_cert_test.c rm -f test/x509_dup_cert_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_dup_cert_test test/x509_dup_cert_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -I. -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_internal_test.d.tmp -MT test/x509_internal_test.o -c -o test/x509_internal_test.o test/x509_internal_test.c rm -f test/x509_internal_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_internal_test test/x509_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509_time_test.d.tmp -MT test/x509_time_test.o -c -o test/x509_time_test.o test/x509_time_test.c rm -f test/x509_time_test ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509_time_test test/x509_time_test.o \ test/libtestutil.a -lcrypto -ldl -pthread gcc -Iinclude -pthread -m64 -Wa,--noexecstack -Wall -O3 -DNDEBUG -MMD -MF test/x509aux.d.tmp -MT test/x509aux.o -c -o test/x509aux.o test/x509aux.c rm -f test/x509aux ${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. \ -o test/x509aux test/x509aux.o \ test/libtestutil.a -lcrypto -ldl -pthread /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/CA.pl.in > "apps/CA.pl" chmod a+x apps/CA.pl /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" apps/tsget.in > "apps/tsget" chmod a+x apps/tsget /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" tools/c_rehash.in > "tools/c_rehash" chmod a+x tools/c_rehash /usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \ "-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh" chmod a+x util/shlib_wrap.sh make[1]: Leaving directory ` + apps/openssl version -a OpenSSL 1.1.1-pre8-dev xx XXX xxxx built on: Tue Jun 19 15:22:11 2018 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib/engines-1.1" Seeding source: os-specific + make test make depend && make _tests make[1]: Entering directory ` make[1]: Leaving directory ` make[1]: Entering directory ` ( cd test; \ mkdir -p test-runs; \ SRCTOP=../. \ BLDTOP=../. \ RESULT_D=test-runs \ PERL="/usr/bin/perl" \ EXE_EXT= \ OPENSSL_ENGINES=`cd .././engines 2>/dev/null && pwd` \ OPENSSL_DEBUG_MEMORY=on \ /usr/bin/perl .././test/run_tests.pl ) ../test/recipes/01-test_abort.t .................... ok ../test/recipes/01-test_sanity.t ................... ok ../test/recipes/01-test_symbol_presence.t .......... skipped: Only useful when building shared libraries ../test/recipes/01-test_test.t ..................... ok ../test/recipes/02-test_internal_ctype.t ........... ok ../test/recipes/02-test_lhash.t .................... ok ../test/recipes/02-test_ordinals.t ................. ok ../test/recipes/02-test_stack.t .................... ok ../test/recipes/03-test_exdata.t ................... ok ../test/recipes/03-test_internal_asn1.t ............ ok ../test/recipes/03-test_internal_chacha.t .......... ok ../test/recipes/03-test_internal_curve448.t ........ skipped: This test is unsupported in a no-ec build ../test/recipes/03-test_internal_mdc2.t ............ ok ../test/recipes/03-test_internal_modes.t ........... ok ../test/recipes/03-test_internal_poly1305.t ........ ok ../test/recipes/03-test_internal_siphash.t ......... ok ../test/recipes/03-test_internal_sm2.t ............. skipped: sm2 is not supported by this OpenSSL build ../test/recipes/03-test_internal_sm4.t ............. ok ../test/recipes/03-test_internal_ssl_cert_table.t .. ok ../test/recipes/03-test_internal_x509.t ............ ok ../test/recipes/03-test_ui.t ....................... ok ../test/recipes/04-test_asn1_encode.t .............. ok ../test/recipes/04-test_asn1_string_table.t ........ ok ../test/recipes/04-test_bio_callback.t ............. ok ../test/recipes/04-test_bioprint.t ................. ok ../test/recipes/04-test_err.t ...................... ok ../test/recipes/04-test_pem.t ...................... ok ../test/recipes/05-test_bf.t ....................... ok ../test/recipes/05-test_cast.t ..................... ok ../test/recipes/05-test_des.t ...................... ok ../test/recipes/05-test_hmac.t ..................... ok ../test/recipes/05-test_idea.t ..................... ok ../test/recipes/05-test_md2.t ...................... skipped: md2 is not supported by this OpenSSL build ../test/recipes/05-test_mdc2.t ..................... ok ../test/recipes/05-test_rand.t ..................... ok ../test/recipes/05-test_rc2.t ...................... ok ../test/recipes/05-test_rc4.t ...................... ok ../test/recipes/05-test_rc5.t ...................... skipped: rc5 is not supported by this OpenSSL build ../test/recipes/06-test-rdrand.t ................... ok ../test/recipes/10-test_bn.t ....................... ok ../test/recipes/10-test_exp.t ...................... ok ../test/recipes/15-test_dh.t ....................... ok ../test/recipes/15-test_dsa.t ...................... ok ../test/recipes/15-test_ec.t ....................... ok ../test/recipes/15-test_ecdsa.t .................... skipped: ec is not supported by this OpenSSL build ../test/recipes/15-test_ecparam.t .................. skipped: EC isn't supported in this build ../test/recipes/15-test_genrsa.t ................... ok ../test/recipes/15-test_mp_rsa.t ................... ok ../test/recipes/15-test_out_option.t ............... ok ../test/recipes/15-test_rsa.t ...................... ok ../test/recipes/15-test_rsapss.t ................... ok ../test/recipes/20-test_enc.t ...................... ok ../test/recipes/20-test_enc_more.t ................. ok ../test/recipes/20-test_passwd.t ................... ok ../test/recipes/25-test_crl.t ...................... ok ../test/recipes/25-test_d2i.t ...................... ok ../test/recipes/25-test_pkcs7.t .................... ok ../test/recipes/25-test_req.t ...................... ok ../test/recipes/25-test_sid.t ...................... skipped: test_sid needs EC to run ../test/recipes/25-test_verify.t ................... ok ../test/recipes/25-test_x509.t ..................... ok ../test/recipes/30-test_afalg.t .................... skipped: test_afalg not supported for this build ../test/recipes/30-test_engine.t ................... ok ../test/recipes/30-test_evp.t ...................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/7 subtests ../test/recipes/30-test_evp_extra.t ................ ok ../test/recipes/30-test_pbelu.t .................... ok ../test/recipes/30-test_pkey_meth.t ................ ok ../test/recipes/30-test_pkey_meth_kdf.t ............ ok ../test/recipes/40-test_rehash.t ................... ok ../test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../test/recipes/60-test_x509_dup_cert.t ............ ok ../test/recipes/60-test_x509_store.t ............... ok ../test/recipes/60-test_x509_time.t ................ ok ../test/recipes/70-test_asyncio.t .................. ok ../test/recipes/70-test_bad_dtls.t ................. ok ../test/recipes/70-test_clienthello.t .............. ok ../test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../test/recipes/70-test_packet.t ................... ok ../test/recipes/70-test_recordlen.t ................ ok ../test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../test/recipes/70-test_servername.t ............... ok ../test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../test/recipes/70-test_verify_extra.t ............. ok ../test/recipes/70-test_wpacket.t .................. ok ../test/recipes/80-test_ca.t ....................... ok ../test/recipes/80-test_cipherbytes.t .............. ok ../test/recipes/80-test_cipherlist.t ............... ok ../test/recipes/80-test_ciphername.t ............... ok ../test/recipes/80-test_cms.t ...................... ok ../test/recipes/80-test_cmsapi.t ................... ok ../test/recipes/80-test_ct.t ....................... skipped: ct and ec are not supported by this OpenSSL build ../test/recipes/80-test_dane.t ..................... skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/80-test_dtls.t ..................... ok ../test/recipes/80-test_dtls_mtu.t ................. ok ../test/recipes/80-test_dtlsv1listen.t ............. ok ../test/recipes/80-test_ocsp.t ..................... ok ../test/recipes/80-test_pkcs12.t ................... ok ../test/recipes/80-test_ssl_new.t .................. ok ../test/recipes/80-test_ssl_old.t .................. ok ../test/recipes/80-test_ssl_test_ctx.t ............. ok ../test/recipes/80-test_sslcorrupt.t ............... ok ../test/recipes/80-test_tsa.t ...................... ok ../test/recipes/80-test_x509aux.t .................. skipped: test_dane uses ec which is not supported by this OpenSSL build ../test/recipes/90-test_asn1_time.t ................ ok ../test/recipes/90-test_async.t .................... ok ../test/recipes/90-test_bio_enc.t .................. ok ../test/recipes/90-test_constant_time.t ............ ok ../test/recipes/90-test_fatalerr.t ................. ok ../test/recipes/90-test_gmdiff.t ................... ok ../test/recipes/90-test_ige.t ...................... ok ../test/recipes/90-test_includes.t ................. ok ../test/recipes/90-test_memleak.t .................. ok ../test/recipes/90-test_overhead.t ................. ok ../test/recipes/90-test_secmem.t ................... ok ../test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../test/recipes/90-test_srp.t ...................... ok ../test/recipes/90-test_sslapi.t ................... ok ../test/recipes/90-test_sslbuffers.t ............... ok ../test/recipes/90-test_store.t .................... ok ../test/recipes/90-test_sysdefault.t ............... ok ../test/recipes/90-test_threads.t .................. ok ../test/recipes/90-test_time_offset.t .............. ok ../test/recipes/90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build ../test/recipes/90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build ../test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../test/recipes/90-test_v3name.t ................... ok ../test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../test/recipes/99-test_ecstress.t ................. ok ../test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../test/recipes/30-test_evp.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=149, Tests=1016, 111 wallclock secs ( 0.43 usr 0.11 sys + 40.62 cusr 8.81 csys = 49.97 CPU) Result: FAIL make[1]: *** [_tests] Error 1 make[1]: Leaving directory ` make: *** [tests] Error 2 Build step 'Execute shell' marked build as failure From paul.dale at oracle.com Tue Jun 26 21:16:03 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Tue, 26 Jun 2018 21:16:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530047763.191136.11380.nullmailer@dev.openssl.org> The branch master has been updated via c7504aeb640a88949dfe3146f7e0f275f517464c (commit) from 41145c35bfee8f2b0822288fcb23a807d06d8e89 (commit) - Log ----------------------------------------------------------------- commit c7504aeb640a88949dfe3146f7e0f275f517464c Author: Pauli Date: Thu Jun 7 09:31:44 2018 +1000 Modify the DEVRANDOM source so that the files are kept open persistently. This allows operation inside a chroot environment without having the random device present. A new call, RAND_keep_random_devices_open(), has been introduced that can be used to control file descriptor use by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a chroot(2) jail without the associated device nodes being available. Reviewed-by: Matt Caswell Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6432) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 ++ crypto/include/internal/rand_int.h | 17 ++++ crypto/rand/rand_lib.c | 15 ++++ crypto/rand/rand_unix.c | 172 +++++++++++++++++++++++++++++++++---- crypto/rand/rand_vms.c | 13 +++ crypto/rand/rand_win.c | 13 +++ doc/man3/RAND_add.pod | 14 ++- include/openssl/rand.h | 1 + util/libcrypto.num | 1 + 9 files changed, 236 insertions(+), 17 deletions(-) diff --git a/CHANGES b/CHANGES index 4cdcf52..2eb90a9 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,13 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Modified the random device based seed sources to keep the relevant + file descriptors open rather than reopening them on each access. + This allows such sources to operate in a chroot() jail without + the associated device nodes being available. This behaviour can be + controlled using RAND_keep_random_devices_open(). + [Paul Dale] + *) Numerous side-channel attack mitigations have been applied. This may have performance impacts for some algorithms for the benefit of improved security. Specific changes are noted in this change log by their respective diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index daec926..d91ee4c 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -111,4 +111,21 @@ int rand_pool_add_nonce_data(RAND_POOL *pool); */ int rand_pool_add_additional_data(RAND_POOL *pool); +/* + * Initialise the random pool reseeding sources. + * + * Returns 1 on success and 0 on failure. + */ +int rand_pool_init(void); + +/* + * Finalise the random pool reseeding sources. + */ +void rand_pool_cleanup(void); + +/* + * Control the random pool use of open file descriptors. + */ +void rand_pool_keep_random_devices_open(int keep); + #endif diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 1a9a7d2..d31735c 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -324,8 +324,13 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) if (rand_nonce_lock == NULL) goto err2; + if (!rand_pool_init()) + goto err3; + return 1; +err3: + rand_pool_cleanup(); err2: CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; @@ -343,6 +348,7 @@ void rand_cleanup_int(void) if (meth != NULL && meth->cleanup != NULL) meth->cleanup(); + rand_pool_cleanup(); RAND_set_rand_method(NULL); #ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); @@ -355,6 +361,15 @@ void rand_cleanup_int(void) } /* + * RAND_close_seed_files() ensures that any seed file decriptors are + * closed after use. + */ +void RAND_keep_random_devices_open(int keep) +{ + rand_pool_keep_random_devices_open(keep); +} + +/* * RAND_poll() reseeds the default RNG using random input * * The random input is obtained from polling various entropy diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index a545e08..b64cf27 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -30,6 +30,8 @@ #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) # include +# include +# include # include # include @@ -154,6 +156,14 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) return rand_pool_entropy_available(pool); } +void rand_pool_cleanup(void) +{ +} + +void rand_pool_keep_random_devices_open(int keep) +{ +} + # else # if defined(OPENSSL_RAND_SEED_EGD) && \ @@ -274,6 +284,134 @@ int syscall_random(void *buf, size_t buflen) return -1; } +#if !defined(OPENSSL_RAND_SEED_NONE) && defined(OPENSSL_RAND_SEED_DEVRANDOM) +static const char *random_device_paths[] = { DEVRANDOM }; +static struct random_device { + int fd; + dev_t dev; + ino_t ino; + mode_t mode; + dev_t rdev; +} random_devices[OSSL_NELEM(random_device_paths)]; +static int keep_random_devices_open = 1; + +/* + * Verify that the file descriptor associated with the random source is + * still valid. The rationale for doing this is the fact that it is not + * uncommon for daemons to close all open file handles when daemonizing. + * So the handle might have been closed or even reused for opening + * another file. + */ +static int check_random_device(struct random_device * rd) +{ + struct stat st; + + return rd->fd != -1 + && fstat(rd->fd, &st) != -1 + && rd->dev == st.st_dev + && rd->ino == st.st_ino + && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0 + && rd->rdev == st.st_rdev; +} + +/* + * Open a random device if required and return its file descriptor or -1 on error + */ +static int get_random_device(size_t n) +{ + struct stat st; + struct random_device * rd = &random_devices[n]; + + /* reuse existing file descriptor if it is (still) valid */ + if (check_random_device(rd)) + return rd->fd; + + /* open the random device ... */ + if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1) + return rd->fd; + + /* ... and cache its relevant stat(2) data */ + if (fstat(rd->fd, &st) != -1) { + rd->dev = st.st_dev; + rd->ino = st.st_ino; + rd->mode = st.st_mode; + rd->rdev = st.st_rdev; + } else { + close(rd->fd); + rd->fd = -1; + } + + return rd->fd; +} + +/* + * Close a random device making sure it is a random device + */ +static void close_random_device(size_t n) +{ + struct random_device * rd = &random_devices[n]; + + if (check_random_device(rd)) + close(rd->fd); + rd->fd = -1; +} + +static void open_random_devices(void) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(random_devices); i++) + (void)get_random_device(i); +} + +int rand_pool_init(void) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(random_devices); i++) + random_devices[i].fd = -1; + open_random_devices(); + return 1; +} + +void rand_pool_cleanup(void) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(random_devices); i++) + close_random_device(i); +} + +void rand_pool_keep_random_devices_open(int keep) +{ + if (keep) + open_random_devices(); + else + rand_pool_cleanup(); + keep_random_devices_open = keep; +} + +# else /* defined(OPENSSL_RAND_SEED_NONE) + * || !defined(OPENSSL_RAND_SEED_DEVRANDOM) + */ + +int rand_pool_init(void) +{ + return 1; +} + +void rand_pool_cleanup(void) +{ +} + +void rand_pool_keep_random_devices_open(int keep) +{ +} + +# endif /* !defined(OPENSSL_RAND_SEED_NONE) + * && defined(OPENSSL_RAND_SEED_DEVRANDOM) + */ + /* * Try the various seeding methods in turn, exit when successful. * @@ -324,30 +462,33 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) # ifdef OPENSSL_RAND_SEED_DEVRANDOM bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); - if (bytes_needed > 0) { - static const char *paths[] = { DEVRANDOM, NULL }; - FILE *fp; - int i; + { + size_t i; - for (i = 0; paths[i] != NULL; i++) { - if ((fp = fopen(paths[i], "rb")) == NULL) + for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) { + const int fd = get_random_device(i); + + if (fd == -1) continue; - setbuf(fp, NULL); buffer = rand_pool_add_begin(pool, bytes_needed); if (buffer != NULL) { - size_t bytes = 0; - if (fread(buffer, 1, bytes_needed, fp) == bytes_needed) - bytes = bytes_needed; + const ssize_t n = read(fd, buffer, bytes_needed); - rand_pool_add_end(pool, bytes, 8 * bytes); - entropy_available = rand_pool_entropy_available(pool); + if (n <= 0) { + close_random_device(i); + continue; + } + + rand_pool_add_end(pool, n, 8 * n); } - fclose(fp); - if (entropy_available > 0) - return entropy_available; + if (!keep_random_devices_open) + close_random_device(i); bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); } + entropy_available = rand_pool_entropy_available(pool); + if (entropy_available > 0) + return entropy_available; } # endif @@ -433,7 +574,6 @@ int rand_pool_add_additional_data(RAND_POOL *pool) } - /* * Get the current time with the highest possible resolution * diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c index b263f94..43dddf3 100644 --- a/crypto/rand/rand_vms.c +++ b/crypto/rand/rand_vms.c @@ -507,4 +507,17 @@ int rand_pool_add_additional_data(RAND_POOL *pool) return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } +int rand_pool_init(void) +{ + return 1; +} + +void rand_pool_cleanup(void) +{ +} + +void rand_pool_keep_random_devices_open(int keep) +{ +} + #endif diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index f2059eb..34c2a8b 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -169,4 +169,17 @@ void RAND_screen(void) } # endif +int rand_pool_init(void) +{ + return 1; +} + +void rand_pool_cleanup(void) +{ +} + +void rand_pool_keep_random_devices_open(int keep) +{ +} + #endif diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod index 1b06d1b..b6753fd 100644 --- a/doc/man3/RAND_add.pod +++ b/doc/man3/RAND_add.pod @@ -2,7 +2,8 @@ =head1 NAME -RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen +RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, +RAND_keep_random_devices_open - add randomness to the PRNG or get its status =head1 SYNOPSIS @@ -15,6 +16,8 @@ RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen void RAND_add(const void *buf, int num, double randomness); void RAND_seed(const void *buf, int num); + void RAND_keep_random_devices_open(int keep); + Deprecated: #if OPENSSL_API_COMPAT < 0x10100000L @@ -54,6 +57,15 @@ should consider using L instead. RAND_seed() is equivalent to RAND_add() with B set to B. +RAND_keep_random_devices_open() is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +chroot(2) jail without the associated device nodes being available. When +the B argument is zero, this call disables the retention of file +descriptors. Conversely, a non-zero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately. + RAND_event() and RAND_screen() are equivalent to RAND_poll() and exist for compatibility reasons only. See HISTORY section below. diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 058ece6..38a2a27 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -44,6 +44,7 @@ int RAND_priv_bytes(unsigned char *buf, int num); DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) void RAND_seed(const void *buf, int num); +void RAND_keep_random_devices_open(int keep); # if defined(__ANDROID__) && defined(__NDK_FPABI__) __NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ diff --git a/util/libcrypto.num b/util/libcrypto.num index 9ca1476..f193729 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4568,3 +4568,4 @@ EVP_PKEY_get_raw_private_key 4519 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_get_priv_key 4520 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_get_pub_key 4521 1_1_1 EXIST::FUNCTION: EVP_PKEY_set_alias_type 4522 1_1_1 EXIST::FUNCTION: +RAND_keep_random_devices_open 4523 1_1_1 EXIST::FUNCTION: From matt at openssl.org Wed Jun 27 09:08:00 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 27 Jun 2018 09:08:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530090480.700817.29969.nullmailer@dev.openssl.org> The branch master has been updated via 358ffa05cd3a088822c7d06256bc87516d918798 (commit) via ba70904949d2f9eec160043bf9a97182b33a2b82 (commit) via c748834ff7af7949519d2820a79ec35e809b5a71 (commit) via 93f528f36eb9423c31b2d75669cea85da97f9633 (commit) from c7504aeb640a88949dfe3146f7e0f275f517464c (commit) - Log ----------------------------------------------------------------- commit 358ffa05cd3a088822c7d06256bc87516d918798 Author: Matt Caswell Date: Mon Jun 25 14:51:11 2018 +0100 Return a fatal error if application data is encountered during shutdown Currently if you encounter application data while waiting for a close_notify from the peer, and you have called SSL_shutdown() then you will get a -1 return (fatal error) and SSL_ERROR_SYSCALL from SSL_get_error(). This isn't accurate (it should be SSL_ERROR_SSL) and isn't persistent (you can call SSL_shutdown() again and it might then work). We change this into a proper fatal error that is persistent. Reviewed-by: Bernd Edlinger Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6340) commit ba70904949d2f9eec160043bf9a97182b33a2b82 Author: Matt Caswell Date: Thu Jun 21 13:30:38 2018 +0100 Return SSL_ERROR_WANT_READ if SSL_shutdown() encounters handshake data In the case where we are shutdown for writing and awaiting a close_notify back from a subsequent SSL_shutdown() call we skip over handshake data that is received. This should not be treated as an error - instead it should be signalled with SSL_ERROR_WANT_READ. Reviewed-by: Bernd Edlinger Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6340) commit c748834ff7af7949519d2820a79ec35e809b5a71 Author: Matt Caswell Date: Wed May 23 12:11:15 2018 +0100 Add a bi-directional shutdown test Reviewed-by: Bernd Edlinger Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6340) commit 93f528f36eb9423c31b2d75669cea85da97f9633 Author: Matt Caswell Date: Wed May 23 12:00:10 2018 +0100 Auto retry if we ditch records during shutdown If we've sent a close_notify and we're waiting for one back we drop incoming records until we see the close_notify we're looking for. If SSL_MODE_AUTO_RETRY is on, then we should immediately try and read the next record. Fixes #6262 Reviewed-by: Bernd Edlinger Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6340) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 2 + include/openssl/sslerr.h | 1 + ssl/record/rec_layer_s3.c | 100 +++++++++++++++++++++-------------- ssl/ssl_err.c | 2 + test/sslapitest.c | 130 ++++++++++++++++++++++++++++++++++++++++++++++ test/ssltestlib.c | 26 ++++++++-- test/ssltestlib.h | 1 + 7 files changed, 220 insertions(+), 42 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index e65a806..ee68388 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2544,6 +2544,8 @@ SM2_R_INVALID_ENCODING:104:invalid encoding SM2_R_INVALID_FIELD:105:invalid field SM2_R_NO_PARAMETERS_SET:109:no parameters set SM2_R_USER_ID_TOO_LARGE:106:user id too large +SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\ + application data after close notify SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\ attempt to reuse session in different context diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index b2c6c1e..9eba6d8 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -449,6 +449,7 @@ int ERR_load_SSL_strings(void); /* * SSL reason codes. */ +# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291 # define SSL_R_APP_DATA_IN_HANDSHAKE 100 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 # define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 8d5b53f..1628ac8 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1457,40 +1457,6 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } - /* - * In case of record types for which we have 'fragment' storage, fill - * that so that we can process the data at a fixed place. - */ - { - size_t dest_maxlen = 0; - unsigned char *dest = NULL; - size_t *dest_len = NULL; - - if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof(s->rlayer.handshake_fragment); - dest = s->rlayer.handshake_fragment; - dest_len = &s->rlayer.handshake_fragment_len; - } - - if (dest_maxlen > 0) { - n = dest_maxlen - *dest_len; /* available space in 'dest' */ - if (SSL3_RECORD_get_length(rr) < n) - n = SSL3_RECORD_get_length(rr); /* available bytes */ - - /* now move 'n' bytes: */ - memcpy(dest + *dest_len, - SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n); - SSL3_RECORD_add_off(rr, n); - SSL3_RECORD_sub_length(rr, n); - *dest_len += n; - if (SSL3_RECORD_get_length(rr) == 0) - SSL3_RECORD_set_read(rr); - - if (*dest_len < dest_maxlen) - goto start; /* fragment was too small */ - } - } - /*- * s->rlayer.handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) @@ -1583,12 +1549,70 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, return -1; } - if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a - * shutdown */ - s->rwstate = SSL_NOTHING; + /* + * If we've sent a close_notify but not yet received one back then ditch + * anything we read. + */ + if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) { + /* + * In TLSv1.3 this could get problematic if we receive a KeyUpdate + * message after we sent a close_notify because we're about to ditch it, + * so we won't be able to read a close_notify sent afterwards! We don't + * support that. + */ SSL3_RECORD_set_length(rr, 0); SSL3_RECORD_set_read(rr); - return 0; + + if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { + BIO *rbio; + + if ((s->mode & SSL_MODE_AUTO_RETRY) != 0) + goto start; + + s->rwstate = SSL_READING; + rbio = SSL_get_rbio(s); + BIO_clear_retry_flags(rbio); + BIO_set_retry_read(rbio); + } else { + /* + * The peer is continuing to send application data, but we have + * already sent close_notify. If this was expected we should have + * been called via SSL_read() and this would have been handled + * above. + * No alert sent because we already sent close_notify + */ + SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES, + SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY); + } + return -1; + } + + /* + * For handshake data we have 'fragment' storage, so fill that so that we + * can process the header at a fixed place. This is done after the + * "SHUTDOWN" code above to avoid filling the fragment storage with data + * that we're just going to discard. + */ + if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) { + size_t dest_maxlen = sizeof(s->rlayer.handshake_fragment); + unsigned char *dest = s->rlayer.handshake_fragment; + size_t *dest_len = &s->rlayer.handshake_fragment_len; + + n = dest_maxlen - *dest_len; /* available space in 'dest' */ + if (SSL3_RECORD_get_length(rr) < n) + n = SSL3_RECORD_get_length(rr); /* available bytes */ + + /* now move 'n' bytes: */ + memcpy(dest + *dest_len, + SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n); + SSL3_RECORD_add_off(rr, n); + SSL3_RECORD_sub_length(rr, n); + *dest_len += n; + if (SSL3_RECORD_get_length(rr) == 0) + SSL3_RECORD_set_read(rr); + + if (*dest_len < dest_maxlen) + goto start; /* fragment was too small */ } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 03c5bf2..9ce643a 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -726,6 +726,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { }; static const ERR_STRING_DATA SSL_str_reasons[] = { + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY), + "application data after close notify"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE), "app data in handshake"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), diff --git a/test/sslapitest.c b/test/sslapitest.c index 61619a3..baf0881 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4972,6 +4972,135 @@ static int test_ticket_callbacks(int tst) return testresult; } +/* + * Test bi-directional shutdown. + * Test 0: TLSv1.2 + * Test 1: TLSv1.2, server continues to read/write after client shutdown + * Test 2: TLSv1.3, no pending NewSessionTicket messages + * Test 3: TLSv1.3, pending NewSessionTicket messages + * Test 4: TLSv1.3, server continues to read/write after client shutdown, client + * reads it + * Test 5: TLSv1.3, server continues to read/write after client shutdown, client + * doesn't read it + */ +static int test_shutdown(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char msg[] = "A test message"; + char buf[80]; + size_t written, readbytes; + +#ifdef OPENSSL_NO_TLS1_2 + if (tst == 0) + return 1; +#endif +#ifdef OPENSSL_NO_TLS1_3 + if (tst != 0) + return 1; +#endif + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + (tst <= 1) ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (tst == 3) { + if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + } else if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) { + goto end; + } + + if (!TEST_int_eq(SSL_shutdown(clientssl), 0)) + goto end; + + if (tst >= 4) { + /* + * Reading on the server after the client has sent close_notify should + * fail and provide SSL_ERROR_ZERO_RETURN + */ + if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_int_eq(SSL_get_error(serverssl, 0), + SSL_ERROR_ZERO_RETURN) + || !TEST_int_eq(SSL_get_shutdown(serverssl), + SSL_RECEIVED_SHUTDOWN) + /* + * Even though we're shutdown on receive we should still be + * able to write. + */ + || !TEST_true(SSL_write(serverssl, msg, sizeof(msg))) + || !TEST_int_eq(SSL_shutdown(serverssl), 1)) + goto end; + if (tst == 4) { + /* Should still be able to read data from server */ + if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), + &readbytes)) + || !TEST_size_t_eq(readbytes, sizeof(msg)) + || !TEST_int_eq(memcmp(msg, buf, readbytes), 0)) + goto end; + } + } + + /* Writing on the client after sending close_notify shouldn't be possible */ + if (!TEST_false(SSL_write_ex(clientssl, msg, sizeof(msg), &written))) + goto end; + + if (tst < 4) { + /* + * For these tests the client has sent close_notify but it has not yet + * been received by the server. The server has not sent close_notify + * yet. + */ + if (!TEST_int_eq(SSL_shutdown(serverssl), 0) + /* + * Writing on the server after sending close_notify shouldn't + * be possible. + */ + || !TEST_false(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) + || !TEST_int_eq(SSL_shutdown(clientssl), 1) + || !TEST_int_eq(SSL_shutdown(serverssl), 1)) + goto end; + } else if (tst == 4) { + /* + * In this test the client has sent close_notify and it has been + * received by the server which has responded with a close_notify. The + * client needs to read the close_notify sent by the server. + */ + if (!TEST_int_eq(SSL_shutdown(clientssl), 1)) + goto end; + } else { + /* + * tst == 5 + * + * The client has sent close_notify and is expecting a close_notify + * back, but instead there is application data first. The shutdown + * should fail with a fatal error. + */ + if (!TEST_int_eq(SSL_shutdown(clientssl), -1) + || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL)) + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) @@ -5069,6 +5198,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_ssl_pending, 2); ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); ADD_ALL_TESTS(test_ticket_callbacks, 12); + ADD_ALL_TESTS(test_shutdown, 6); return 1; } diff --git a/test/ssltestlib.c b/test/ssltestlib.c index 2ef4b5d..a055d3b 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -680,12 +680,14 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, return 0; } -int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) +/* + * Create an SSL connection, but does not ready any post-handshake + * NewSessionTicket messages. + */ +int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want) { - int retc = -1, rets = -1, err, abortctr = 0, i; + int retc = -1, rets = -1, err, abortctr = 0; int clienterr = 0, servererr = 0; - unsigned char buf; - size_t readbytes; int isdtls = SSL_is_dtls(serverssl); do { @@ -738,6 +740,22 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) } } while (retc <=0 || rets <= 0); + return 1; +} + +/* + * Create an SSL connection including any post handshake NewSessionTicket + * messages. + */ +int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) +{ + int i; + unsigned char buf; + size_t readbytes; + + if (!create_bare_ssl_connection(serverssl, clientssl, want)) + return 0; + /* * We attempt to read some data on the client side which we expect to fail. * This will ensure we have received the NewSessionTicket in TLSv1.3 where diff --git a/test/ssltestlib.h b/test/ssltestlib.h index c96dff5..31e3037 100644 --- a/test/ssltestlib.h +++ b/test/ssltestlib.h @@ -18,6 +18,7 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, char *privkeyfile); int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio); +int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want); int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want); void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl); From openssl at openssl.org Thu Jun 28 11:15:39 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 28 Jun 2018 11:15:39 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1530184539.522281.18680.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 358ffa0 Return a fatal error if application data is encountered during shutdown ba70904 Return SSL_ERROR_WANT_READ if SSL_shutdown() encounters handshake data c748834 Add a bi-directional shutdown test 93f528f Auto retry if we ditch records during shutdown Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1266, 221 wallclock secs ( 1.56 usr 0.32 sys + 196.06 cusr 9.18 csys = 207.12 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jun 28 11:54:38 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 28 Jun 2018 11:54:38 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1530186878.905005.6993.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 358ffa0 Return a fatal error if application data is encountered during shutdown ba70904 Return SSL_ERROR_WANT_READ if SSL_shutdown() encounters handshake data c748834 Add a bi-directional shutdown test 93f528f Auto retry if we ditch records during shutdown Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1266, 222 wallclock secs ( 1.62 usr 0.28 sys + 197.37 cusr 8.96 csys = 208.23 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From rsalz at openssl.org Thu Jun 28 23:46:24 2018 From: rsalz at openssl.org (Rich Salz) Date: Thu, 28 Jun 2018 23:46:24 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530229584.756239.30413.nullmailer@dev.openssl.org> The branch master has been updated via 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c (commit) from 358ffa05cd3a088822c7d06256bc87516d918798 (commit) - Log ----------------------------------------------------------------- commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c Author: Rich Salz Date: Thu Jun 28 18:13:54 2018 -0400 Zero-fill IV by default. Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6603) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 7c82561..5c21a86 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -488,6 +488,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) char *dekinfostart, c; cipher->cipher = NULL; + memset(cipher->iv, 0, sizeof(cipher->iv)); if ((header == NULL) || (*header == '\0') || (*header == '\n')) return 1; From rsalz at openssl.org Thu Jun 28 23:47:03 2018 From: rsalz at openssl.org (Rich Salz) Date: Thu, 28 Jun 2018 23:47:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1530229623.331792.31371.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via e21602857e79becb64eb8cba3673830bd7a304e3 (commit) from 2f1ad5c81bd1856061cfe1c2d36b0af85f05ddf7 (commit) - Log ----------------------------------------------------------------- commit e21602857e79becb64eb8cba3673830bd7a304e3 Author: Rich Salz Date: Thu Jun 28 18:13:54 2018 -0400 Zero-fill IV by default. Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6603) (cherry picked from commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 33c03ee..735cd54 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -466,6 +466,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) char *dekinfostart, c; cipher->cipher = NULL; + memset(cipher->iv, 0, sizeof(cipher->iv)); if ((header == NULL) || (*header == '\0') || (*header == '\n')) return 1; From rsalz at openssl.org Thu Jun 28 23:47:22 2018 From: rsalz at openssl.org (Rich Salz) Date: Thu, 28 Jun 2018 23:47:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1530229642.684638.32192.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 2c739f72e5236a8e0c351c00047c77083dcdb77f (commit) from da0bbdd62614df6d6a33f91142a3e72525f7186e (commit) - Log ----------------------------------------------------------------- commit 2c739f72e5236a8e0c351c00047c77083dcdb77f Author: Rich Salz Date: Thu Jun 28 18:13:54 2018 -0400 Zero-fill IV by default. Fixes uninitialized memory read reported by Nick Mathewson Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6603) (cherry picked from commit 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index eb59050..4ccc676 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -487,6 +487,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) char **header_pp = &header; cipher->cipher = NULL; + memset(cipher->iv, 0, sizeof(cipher->iv)); if ((header == NULL) || (*header == '\0') || (*header == '\n')) return (1); if (strncmp(header, "Proc-Type: ", 11) != 0) { From no-reply at appveyor.com Fri Jun 29 00:58:28 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 29 Jun 2018 00:58:28 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.18767 Message-ID: <20180629005828.1.DDE57FAB73266D09@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jun 29 01:49:50 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 29 Jun 2018 01:49:50 +0000 Subject: [openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.18768 Message-ID: <20180629014950.1.BC6ECE24D15A9BDA@appveyor.com> An HTML attachment was scrubbed... URL: From paul.dale at oracle.com Fri Jun 29 03:21:31 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Fri, 29 Jun 2018 03:21:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530242491.358201.27680.nullmailer@dev.openssl.org> The branch master has been updated via 8eab767a718f44ccba9888eeb81a5328cff47bab (commit) from 10c3c1c1ec41ce16e51b92bb18fab92d1a42b49c (commit) - Log ----------------------------------------------------------------- commit 8eab767a718f44ccba9888eeb81a5328cff47bab Author: Pauli Date: Fri Jun 29 09:55:23 2018 +1000 Check return from BN_set_word. In ssl/t1_lib.c. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6613) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1826dd2..abf523e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2309,13 +2309,16 @@ DH *ssl_get_auto_dh(SSL *s) if (dhp == NULL) return NULL; g = BN_new(); - if (g != NULL) - BN_set_word(g, 2); + if (g == NULL || !BN_set_word(g, 2)) { + DH_free(dhp); + BN_free(g); + return NULL; + } if (dh_secbits >= 192) p = BN_get_rfc3526_prime_8192(NULL); else p = BN_get_rfc3526_prime_3072(NULL); - if (p == NULL || g == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { + if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { DH_free(dhp); BN_free(p); BN_free(g); From paul.dale at oracle.com Fri Jun 29 03:26:27 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Fri, 29 Jun 2018 03:26:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1530242787.408883.29581.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via c7b9e7be89c987fbf065852d846ac4982a32941b (commit) from e21602857e79becb64eb8cba3673830bd7a304e3 (commit) - Log ----------------------------------------------------------------- commit c7b9e7be89c987fbf065852d846ac4982a32941b Author: Pauli Date: Fri Jun 29 09:55:23 2018 +1000 Check return from BN_set_word. In ssl/t1_lib.c. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6613) (cherry picked from commit 8eab767a718f44ccba9888eeb81a5328cff47bab) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3dddd9c..95711fb 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -4141,13 +4141,16 @@ DH *ssl_get_auto_dh(SSL *s) if (dhp == NULL) return NULL; g = BN_new(); - if (g != NULL) - BN_set_word(g, 2); + if (g == NULL || !BN_set_word(g, 2)) { + DH_free(dhp); + BN_free(g); + return NULL; + } if (dh_secbits >= 192) p = BN_get_rfc3526_prime_8192(NULL); else p = BN_get_rfc3526_prime_3072(NULL); - if (p == NULL || g == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { + if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { DH_free(dhp); BN_free(p); BN_free(g); From appro at openssl.org Fri Jun 29 10:35:02 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 29 Jun 2018 10:35:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530268502.215986.27277.nullmailer@dev.openssl.org> The branch master has been updated via 249330de0250bc598d20d383bab37d150cdad239 (commit) from 8eab767a718f44ccba9888eeb81a5328cff47bab (commit) - Log ----------------------------------------------------------------- commit 249330de0250bc598d20d383bab37d150cdad239 Author: Billy Brumley Date: Thu Jun 28 10:59:08 2018 +0300 More EVP ECC testing: positive and negative 1. For every named curve, two "golden" keypair positive tests. 2. Also two "golden" stock ECDH positive tests. 3. For named curves with non-trivial cofactors, additionally two "golden" ECC CDH positive tests. 4. For named curves with non-trivial cofactors, additionally two negative tests. There is some overlap with existing EVP tests, especially for the NIST curves (for example, positive testing ECC CDH KATs for NIST curves). "Golden" here means all the values are independent from OpenSSL's ECC code. I used sage to calculate them. What comes from OpenSSL is: 1. The OIDs (parsed by tooling) 2. The curve parameters (parsing ecparam output with tooling) The values inside the PEMs (private keys, public keys) and shared keys are from sage. The PEMs themselves are the output of asn1parse, with input taken from sage. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6608) ----------------------------------------------------------------------- Summary of changes: test/recipes/30-test_evp.t | 2 +- test/recipes/30-test_evp_data/evppkey_ecc.txt | 4366 +++++++++++++++++++++++++ 2 files changed, 4367 insertions(+), 1 deletion(-) create mode 100644 test/recipes/30-test_evp_data/evppkey_ecc.txt diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index b498244..4fca366 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT data_file/; setup("test_evp"); my @files = ( "evpciph.txt", "evpdigest.txt", "evpencod.txt", "evpkdf.txt", - "evpmac.txt", "evppbe.txt", "evppkey.txt" ); + "evpmac.txt", "evppbe.txt", "evppkey.txt", "evppkey_ecc.txt" ); plan tests => scalar(@files); diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt new file mode 100644 index 0000000..685af17 --- /dev/null +++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt @@ -0,0 +1,4366 @@ +Title=brainpoolP160r1 curve tests + +PrivateKey=ALICE_cf_brainpoolP160r1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEBBBswGQIBAQQUo0UiM85512uHsr2DkIOYgyxSQxk= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP160r1_PUB +-----BEGIN PUBLIC KEY----- +MEIwFAYHKoZIzj0CAQYJKyQDAwIIAQEBAyoABI7OZhLqr+8c3D9Tn6++CqQtc9jG5a1COb1okeZb +wKJUkmWn6NvNCQQ= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP160r1:ALICE_cf_brainpoolP160r1_PUB + +PrivateKey=BOB_cf_brainpoolP160r1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEBBBswGQIBAQQUmr0Vq3Z/feXq9tg9s8dxJXne1dU= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP160r1_PUB +-----BEGIN PUBLIC KEY----- +MEIwFAYHKoZIzj0CAQYJKyQDAwIIAQEBAyoABAu+ovBXBFQuw3Rt9qeImT6mLh9rerLFnTRL0+LH +sptS1Mbd0R4+5HM= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP160r1:BOB_cf_brainpoolP160r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP160r1 +PeerKey=BOB_cf_brainpoolP160r1_PUB +SharedSecret=2e75cb6a8f13951b437e04a0ed1d714a610036cc + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP160r1 +PeerKey=ALICE_cf_brainpoolP160r1_PUB +SharedSecret=2e75cb6a8f13951b437e04a0ed1d714a610036cc + +Title=brainpoolP160t1 curve tests + +PrivateKey=ALICE_cf_brainpoolP160t1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQECBBswGQIBAQQU1P/o5GQx5PA0kQoiwUtaXBUASUY= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP160t1_PUB +-----BEGIN PUBLIC KEY----- +MEIwFAYHKoZIzj0CAQYJKyQDAwIIAQECAyoABANetsUNsxVmDo7X4LQ9yPYTcjN1HvLTo9GEEQtV +lG71NyzLPQwPDwM= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP160t1:ALICE_cf_brainpoolP160t1_PUB + +PrivateKey=BOB_cf_brainpoolP160t1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQECBBswGQIBAQQUck4Sh9X3JjSUIRoxxKv8qLM6Ijc= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP160t1_PUB +-----BEGIN PUBLIC KEY----- +MEIwFAYHKoZIzj0CAQYJKyQDAwIIAQECAyoABEtd7DRUMYXeoxhxpWgPz/esQkXtoTAAune8CAAo +HqNNlR11VDctfkw= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP160t1:BOB_cf_brainpoolP160t1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP160t1 +PeerKey=BOB_cf_brainpoolP160t1_PUB +SharedSecret=6ea603a6a1a83812b967c83ef1867bd807be761e + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP160t1 +PeerKey=ALICE_cf_brainpoolP160t1_PUB +SharedSecret=6ea603a6a1a83812b967c83ef1867bd807be761e + +Title=brainpoolP192r1 curve tests + +PrivateKey=ALICE_cf_brainpoolP192r1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEDBB8wHQIBAQQYlF5JxzV9Doezn3hLoiidvy5TnIA7 +aR+j +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP192r1_PUB +-----BEGIN PUBLIC KEY----- +MEowFAYHKoZIzj0CAQYJKyQDAwIIAQEDAzIABELUMqBZrH66DIJ1a3a42k86THdH1DevigK0dc57 +8XEZ3HcuSQ+ycrMmit1PUQItbg== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP192r1:ALICE_cf_brainpoolP192r1_PUB + +PrivateKey=BOB_cf_brainpoolP192r1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEDBB8wHQIBAQQYjdu95CL1DQMGpsOmsfYOAjF5cW99 +bQie +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP192r1_PUB +-----BEGIN PUBLIC KEY----- +MEowFAYHKoZIzj0CAQYJKyQDAwIIAQEDAzIABInqyC1mAfyF7LU5tX/dRF5S/S9uPlQjNAhTRP6/ +/kAbKsXmABQXFeM0+P3hMw4UxQ== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP192r1:BOB_cf_brainpoolP192r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP192r1 +PeerKey=BOB_cf_brainpoolP192r1_PUB +SharedSecret=2b34396d02a40df0b9f8f9c0b8623be05b41249fbd69e02a + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP192r1 +PeerKey=ALICE_cf_brainpoolP192r1_PUB +SharedSecret=2b34396d02a40df0b9f8f9c0b8623be05b41249fbd69e02a + +Title=brainpoolP192t1 curve tests + +PrivateKey=ALICE_cf_brainpoolP192t1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEEBB8wHQIBAQQYKkFNgJ5sJKNIyYPK1h+gdPw04bxa +zIV7 +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP192t1_PUB +-----BEGIN PUBLIC KEY----- +MEowFAYHKoZIzj0CAQYJKyQDAwIIAQEEAzIABAzDb+niXBQFn9f0zXf8z+kfdBIYTws8FSfdWFdU +NGo4haY9+fL8D40kNNShgBnlKw== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP192t1:ALICE_cf_brainpoolP192t1_PUB + +PrivateKey=BOB_cf_brainpoolP192t1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEEBB8wHQIBAQQYFpxTrRJBEpyCePM20Fmw0uYPoxTm +T/sq +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP192t1_PUB +-----BEGIN PUBLIC KEY----- +MEowFAYHKoZIzj0CAQYJKyQDAwIIAQEEAzIABC6CPE1t5PwHpXSS1u4R0JTs1IeDW8hiqarIn3pM +I9wh+oCRjVcqvB4WDaql1bHCYg== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP192t1:BOB_cf_brainpoolP192t1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP192t1 +PeerKey=BOB_cf_brainpoolP192t1_PUB +SharedSecret=84049068441a342d7c2951ff159cdc9d05c4bddf2a6e6309 + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP192t1 +PeerKey=ALICE_cf_brainpoolP192t1_PUB +SharedSecret=84049068441a342d7c2951ff159cdc9d05c4bddf2a6e6309 + +Title=brainpoolP224r1 curve tests + +PrivateKey=ALICE_cf_brainpoolP224r1 +-----BEGIN PRIVATE KEY----- +MD4CAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEFBCMwIQIBAQQcHhlSkNTFJbZSy79CADDwo855nH2+ +cWxwSl6BpQ== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP224r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwFAYHKoZIzj0CAQYJKyQDAwIIAQEFAzoABBF4+KObaB0yJTPHPrCN6EOnr5M8zKb5CHa7SSyL +4L9nRjgA8TfoU03LQsrtE9beREkxK3EHc25Z +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP224r1:ALICE_cf_brainpoolP224r1_PUB + +PrivateKey=BOB_cf_brainpoolP224r1 +-----BEGIN PRIVATE KEY----- +MD4CAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEFBCMwIQIBAQQczslMgGENRTriMWvDfGrM/ilLpzy0 +Js79UiVzLA== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP224r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwFAYHKoZIzj0CAQYJKyQDAwIIAQEFAzoABIGGu4+PPMwOihplm2tLO7dLcDqXZB1MQHloOU8a +taeDvYHIck4z08+1DATvPqpIDzyn9WtXRqmG +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP224r1:BOB_cf_brainpoolP224r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP224r1 +PeerKey=BOB_cf_brainpoolP224r1_PUB +SharedSecret=477240c0587dea6aecfcac5a154d7ba3a5d4eb1ab30a69012d4401de + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP224r1 +PeerKey=ALICE_cf_brainpoolP224r1_PUB +SharedSecret=477240c0587dea6aecfcac5a154d7ba3a5d4eb1ab30a69012d4401de + +Title=brainpoolP224t1 curve tests + +PrivateKey=ALICE_cf_brainpoolP224t1 +-----BEGIN PRIVATE KEY----- +MD4CAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEGBCMwIQIBAQQca9rhmcgHV6etILVB9ccK2jIFXw4N +YrvlljcGFw== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP224t1_PUB +-----BEGIN PUBLIC KEY----- +MFIwFAYHKoZIzj0CAQYJKyQDAwIIAQEGAzoABHA9XoULjM967710RPgT1ICW0b+y9pFpm2yCUq2m +kSiy/JZvuWXhTJ+KmXGnAOTIlyiOUG8tZm39 +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP224t1:ALICE_cf_brainpoolP224t1_PUB + +PrivateKey=BOB_cf_brainpoolP224t1 +-----BEGIN PRIVATE KEY----- +MD4CAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEGBCMwIQIBAQQcFaiqaheY0xBo5lUY8hOXMUICdOAu +NWP/Uw3l+Q== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP224t1_PUB +-----BEGIN PUBLIC KEY----- +MFIwFAYHKoZIzj0CAQYJKyQDAwIIAQEGAzoABLvPkrvyCeS/QdTX5D/AFfF0lTuPpXhSRPKocViS +nUIZAEziCuOsgx+BqAOxNg+CN/tNzHsG1srf +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP224t1:BOB_cf_brainpoolP224t1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP224t1 +PeerKey=BOB_cf_brainpoolP224t1_PUB +SharedSecret=2c8dd0dbf3a62a202150e12443461d348be57bc58db0f2f7d8938933 + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP224t1 +PeerKey=ALICE_cf_brainpoolP224t1_PUB +SharedSecret=2c8dd0dbf3a62a202150e12443461d348be57bc58db0f2f7d8938933 + +Title=brainpoolP256r1 curve tests + +PrivateKey=ALICE_cf_brainpoolP256r1 +-----BEGIN PRIVATE KEY----- +MEICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEHBCcwJQIBAQQgcH7I5THTXm+bu+vwtyNt+XBxk/uJ +R5V/zzRyMoXjuek= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP256r1_PUB +-----BEGIN PUBLIC KEY----- +MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEHA0IABDFYVAzLX03nHXeFY7aJspsp525bbgzfnT68kJXB +HhChZmPaa5BAV5Cn4DXJ5HQ5N/V8Z8Dz0aux0SWtl6ctENM= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP256r1:ALICE_cf_brainpoolP256r1_PUB + +PrivateKey=BOB_cf_brainpoolP256r1 +-----BEGIN PRIVATE KEY----- +MEICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEHBCcwJQIBAQQgDEj/wLk/4z4Wcv8rOc9lNnRQ6hpr +XfiuUSRqgedZkRU= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP256r1_PUB +-----BEGIN PUBLIC KEY----- +MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEHA0IABHJdRWXtaxwI0AdvDXEk+a6XuQp72Zi+wxCrxFFW +NgJbmH0yr4jDklp4oiC2UHkapvT6XanGMKFo2ZSziltas0A= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP256r1:BOB_cf_brainpoolP256r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP256r1 +PeerKey=BOB_cf_brainpoolP256r1_PUB +SharedSecret=2fdd9d97efdcba3f5b181df53331db0ee42a3b1072147325ce8521dbaeafc3e4 + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP256r1 +PeerKey=ALICE_cf_brainpoolP256r1_PUB +SharedSecret=2fdd9d97efdcba3f5b181df53331db0ee42a3b1072147325ce8521dbaeafc3e4 + +Title=brainpoolP256t1 curve tests + +PrivateKey=ALICE_cf_brainpoolP256t1 +-----BEGIN PRIVATE KEY----- +MEICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEIBCcwJQIBAQQgBDlYKiUEsm+tEN/DDQBhlWKJhF4J +We+4fqVSaPNT3VY= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP256t1_PUB +-----BEGIN PUBLIC KEY----- +MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEIA0IABE6XKfvmlGKrXKN/FHhW9cMThPFUIq6Au3cCujPI +rHejQQJnsz9mSRBtzRkMM1abUc4Mf9xhkWbrT+QuJ3FcLWI= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP256t1:ALICE_cf_brainpoolP256t1_PUB + +PrivateKey=BOB_cf_brainpoolP256t1 +-----BEGIN PRIVATE KEY----- +MEICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEIBCcwJQIBAQQgDUCTqTrVwouIU3hFoO3hwiME17PF +X7ntzOWKS2ebqGs= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP256t1_PUB +-----BEGIN PUBLIC KEY----- +MFowFAYHKoZIzj0CAQYJKyQDAwIIAQEIA0IABBwxGpomQmgqgsUYHmpYt3qGKRVT/pJfyU+lpLXi +/XAibEp/IvX3oFMEolSoy39poO6Zkq6npAniBqer+bS9Jpw= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP256t1:BOB_cf_brainpoolP256t1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP256t1 +PeerKey=BOB_cf_brainpoolP256t1_PUB +SharedSecret=7f177af329a4b377aea6e80bddf14f09c17c4fe81598703898fb62c929cbff04 + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP256t1 +PeerKey=ALICE_cf_brainpoolP256t1_PUB +SharedSecret=7f177af329a4b377aea6e80bddf14f09c17c4fe81598703898fb62c929cbff04 + +Title=brainpoolP320r1 curve tests + +PrivateKey=ALICE_cf_brainpoolP320r1 +-----BEGIN PRIVATE KEY----- +MEoCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEJBC8wLQIBAQQophG1zB+U2lRdetiZlk9C4+q7APJ9 +xqGQ0+GPq68+WmyZon1lDRQ5/g== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP320r1_PUB +-----BEGIN PUBLIC KEY----- +MGowFAYHKoZIzj0CAQYJKyQDAwIIAQEJA1IABM9TaT9Q2j+VTlQ1pfcXx9SjlU1fEk0RvEbaY1O8 +pq8OgkQeulcgSXiI1rJI0wjV/qJoi0coZUHhsJ7bXmdO8vSTdgCMbavZScCkN6iFsALm +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP320r1:ALICE_cf_brainpoolP320r1_PUB + +PrivateKey=BOB_cf_brainpoolP320r1 +-----BEGIN PRIVATE KEY----- +MEoCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEJBC8wLQIBAQQoO6MtFhs8dwul0iRbyfssxtFF6Ubt +q2oHlzvkFL5q4uLSY7pRcDz4vw== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP320r1_PUB +-----BEGIN PUBLIC KEY----- +MGowFAYHKoZIzj0CAQYJKyQDAwIIAQEJA1IABM50yDpoBMhirlHQqjMmVj/KZR0dfvmudoDt02qY +3lKei94evfTHmPG/9BjMYQGQcRM4CDGHR0iUIUJa99e/rxj9IguPkkNiAmDZQaKsqmKB +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP320r1:BOB_cf_brainpoolP320r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP320r1 +PeerKey=BOB_cf_brainpoolP320r1_PUB +SharedSecret=4ee386c231d0a7c9bb6dc05362f56ca70bf7ba5dcb66d8c4574c0497fdab6a5b79818a64ff5dc87e + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP320r1 +PeerKey=ALICE_cf_brainpoolP320r1_PUB +SharedSecret=4ee386c231d0a7c9bb6dc05362f56ca70bf7ba5dcb66d8c4574c0497fdab6a5b79818a64ff5dc87e + +Title=brainpoolP320t1 curve tests + +PrivateKey=ALICE_cf_brainpoolP320t1 +-----BEGIN PRIVATE KEY----- +MEoCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEKBC8wLQIBAQQoMsI2lsl5Sj0I4A3J0I5XStMSLT4P +hMxwrbFdtKQh+At6RN2s12W4Kg== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP320t1_PUB +-----BEGIN PUBLIC KEY----- +MGowFAYHKoZIzj0CAQYJKyQDAwIIAQEKA1IABAvtZgehjOIdjsYKMcK08LaS8zVb6znYb6Qa9Fzf +LhLUSH5S728KJHWXMh7RqZMI3yTC5I0ESqB0CvG5N0hR+3y8L3eQJisCNdnzAgMyy0ab +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP320t1:ALICE_cf_brainpoolP320t1_PUB + +PrivateKey=BOB_cf_brainpoolP320t1 +-----BEGIN PRIVATE KEY----- +MEoCAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEKBC8wLQIBAQQoNtZiGbwSl0NNHBmTaJKf7/VMqZjo +yWavjg6CPa6ZgpKRR7vIQt5d9Q== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP320t1_PUB +-----BEGIN PUBLIC KEY----- +MGowFAYHKoZIzj0CAQYJKyQDAwIIAQEKA1IABHlS/OtqhHctabDCsDexScvQ2DGXhBuypaEeKOUq +vbLUovatBoreEj1j5YrOl9mKpd9Hj6YqYGWH+7KKjua+5DBn9rlxlmmkst+gb+vm3UE/ +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP320t1:BOB_cf_brainpoolP320t1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP320t1 +PeerKey=BOB_cf_brainpoolP320t1_PUB +SharedSecret=079d62bad81ceeab9f213818faf249f7b29b87a81b56a33b774b2631860f90a25f5377da504cb619 + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP320t1 +PeerKey=ALICE_cf_brainpoolP320t1_PUB +SharedSecret=079d62bad81ceeab9f213818faf249f7b29b87a81b56a33b774b2631860f90a25f5377da504cb619 + +Title=brainpoolP384r1 curve tests + +PrivateKey=ALICE_cf_brainpoolP384r1 +-----BEGIN PRIVATE KEY----- +MFICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQELBDcwNQIBAQQwUW3EKrK8Rr80Jn5wwvTLC+HDTApA +ndycbRYiQkew7SgijhNO+cV0pE0sNpMZY+Wo +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP384r1_PUB +-----BEGIN PUBLIC KEY----- +MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABBvE/fg0tIrsrIiAL07MlREd5zYk52mW7oQ+jPky +PmGeUoZq1LtpEzQCE1uuruOuyQH1M2c7flVA8Gh3IbSCupwVBCR2QObolwk1w5qK/l/KR26tMeXI +qL2Sy85NCUpMDw== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP384r1:ALICE_cf_brainpoolP384r1_PUB + +PrivateKey=BOB_cf_brainpoolP384r1 +-----BEGIN PRIVATE KEY----- +MFICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQELBDcwNQIBAQQwdG7bSygpM2GpxDPAb4hOTtFZrP2n +qbyf7v3jFe8/ERpzREPcSntkNDyu/iAsmQKj +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP384r1_PUB +-----BEGIN PUBLIC KEY----- +MHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABIIxQfeqZ+uWNKAwZtxAt4ieZW7lCg7Bezpn1dG/ +VDvy/Dd5YpAuDtVxFCLfCUVH+gXfC2wUpWj8j8lgPhP1wBat/hu/PN/AQPg9C/J2EcQRVQXwyZvQ +PzgiZeo1aWw2+w== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP384r1:BOB_cf_brainpoolP384r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP384r1 +PeerKey=BOB_cf_brainpoolP384r1_PUB +SharedSecret=35e9a3f86a38888d183cc343801dcdaecb664d5b37f7fbc0459fd4612da6b29831bd2d8e5b599376ca510fcc3ac78be6 + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP384r1 +PeerKey=ALICE_cf_brainpoolP384r1_PUB +SharedSecret=35e9a3f86a38888d183cc343801dcdaecb664d5b37f7fbc0459fd4612da6b29831bd2d8e5b599376ca510fcc3ac78be6 + +Title=brainpoolP384t1 curve tests + +PrivateKey=ALICE_cf_brainpoolP384t1 +-----BEGIN PRIVATE KEY----- +MFICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEMBDcwNQIBAQQwGyCfuKlQDK4EflGVc01hBKW+OB/L +ojNz6kgnAWMuWoCyOM8SOkSTbOCimaVqZrlq +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP384t1_PUB +-----BEGIN PUBLIC KEY----- +MHowFAYHKoZIzj0CAQYJKyQDAwIIAQEMA2IABE1O0qNzgozAxaQC7qX2wS+HNfKIAMc7eX4G4Z0w +M30kgGyCn4CtWCBFgG15laf6OnYcdJgC8284B2smZiqHuvssw12SZwOlaXoLGyIsqygTitCO3Ebd +k2dmuYdWzxj5/g== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP384t1:ALICE_cf_brainpoolP384t1_PUB + +PrivateKey=BOB_cf_brainpoolP384t1 +-----BEGIN PRIVATE KEY----- +MFICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEMBDcwNQIBAQQwbpabbL6g9HZUZ4VusnNGHsHujUsA +cDuviAZTBaHWJsCd5jA64hVFZXlZ9Jj/nSLs +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP384t1_PUB +-----BEGIN PUBLIC KEY----- +MHowFAYHKoZIzj0CAQYJKyQDAwIIAQEMA2IABAyawWqAcNlcwOauu2b93XXqpZQeRM26AYcDcHIf +tZahQrwFpLgt6Tn7tzA2CgRGvSvBGZTxkzuHasxJn+dBDGLraias3U/sLD3P4TQuP9v8cO6i7g4x +T+DZbNUQQ3ePDQ== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP384t1:BOB_cf_brainpoolP384t1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP384t1 +PeerKey=BOB_cf_brainpoolP384t1_PUB +SharedSecret=030113dd1662230f1e47418c3044a0852dcd74fa508dbabb02d1fe5d788aa49d8047d02a802f796af21473ab17f6f85f + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP384t1 +PeerKey=ALICE_cf_brainpoolP384t1_PUB +SharedSecret=030113dd1662230f1e47418c3044a0852dcd74fa508dbabb02d1fe5d788aa49d8047d02a802f796af21473ab17f6f85f + +Title=brainpoolP512r1 curve tests + +PrivateKey=ALICE_cf_brainpoolP512r1 +-----BEGIN PRIVATE KEY----- +MGICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQENBEcwRQIBAQRAagAsEAU5t/T4yI0MvyTWuPcrQfaa +1xZr99hRfeY7+pDV4yooxTIXUESqk/dBQlFSrVUkdvMQHq/8vm5V/w97LQ== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP512r1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDQOBggAEJLmN88iMClNBtyLHzmSgIE9d+v/GRtBr1+r+ +Wvz5XOwsiHWWFTRO5Um+3HUVZH+S3nky6n/3Yjn4DFA4lhxV+y40g8p+kkXYKwpXTByQhERcPPPS +wKh/S7Y3k3KSLkphjiBExzlBcj9r3gLww9+0nVer/fnUgRz7YwWldv4PR2E= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP512r1:ALICE_cf_brainpoolP512r1_PUB + +PrivateKey=BOB_cf_brainpoolP512r1 +-----BEGIN PRIVATE KEY----- +MGICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQENBEcwRQIBAQRAgHKjBCUMVJTF41vKv+Lp2xVz6bsF +P1Aqc+2ehlxlEoYL4H8CbUBh89F1QPjGjIOLEebJcN/KnnpyRGVdx4UV2g== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP512r1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDQOBggAElWuk6uPxVgBSLSK9Zfqbid/ipXbIFKVaetCI +YsYOdzkbjGIWLd2MFZIjZ9r7ePEcHXqQiwGvW+8itGM/xwLpA4qZ2QYazqtAbT187d5cdyZf4PQT +/kv/ZTvXTl7xHDtaujQ1re00Z3liEKgKstI80BkA6eA4Jfy4G2F7CX/WuSQ= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP512r1:BOB_cf_brainpoolP512r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP512r1 +PeerKey=BOB_cf_brainpoolP512r1_PUB +SharedSecret=84269a8f2932b7e09b23deabaeab26eda6bbdee8846153b0c62b7d2663506a9e71d32cf0cc127ec130f6880612f4e054bc79adb57ddbee97949508ce1eda0bb1 + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP512r1 +PeerKey=ALICE_cf_brainpoolP512r1_PUB +SharedSecret=84269a8f2932b7e09b23deabaeab26eda6bbdee8846153b0c62b7d2663506a9e71d32cf0cc127ec130f6880612f4e054bc79adb57ddbee97949508ce1eda0bb1 + +Title=brainpoolP512t1 curve tests + +PrivateKey=ALICE_cf_brainpoolP512t1 +-----BEGIN PRIVATE KEY----- +MGICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEOBEcwRQIBAQRAd92o2JLX5lk2v6fGr1pH5TT8KUKR +6FaCm6CRk0dC/xK6h0rpONjx+37VuH3uS+HoRlru83maSoeHQneWCc32XA== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_brainpoolP512t1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDgOBggAEob+TJkhNP6D+HoQtlWcLITI3MM25Axi++awv +HnMoclRLLur7CjQsKd0v6aEzmG2+4WZSZFGLA9L8Z5sh9L916p5CD5nk1pNfy5QKNi2H5R3QC/oc +RfNNxhXdVVekfTaAiqhe8UF3aMngmDAc7sq794DVZvCf1sqq8v5cHrnqRcQ= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_brainpoolP512t1:ALICE_cf_brainpoolP512t1_PUB + +PrivateKey=BOB_cf_brainpoolP512t1 +-----BEGIN PRIVATE KEY----- +MGICAQAwFAYHKoZIzj0CAQYJKyQDAwIIAQEOBEcwRQIBAQRAVW4ZQKgDeHAkubwYYlp2JKklrbpp +gvez/prOdyHJXJbVriU4lCH/MpH2I+nXjaZ9zLcl9JbnrUOJ6xGPHfZJrw== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_brainpoolP512t1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDgOBggAEJbQFKxq27CuY7/mgNwEnH3GSYGXy9s6n48qq +gbMrp5uREi8JXZ+BuLQmzZuF15ZPOOmh+EJFjbD8i9NDiUkYLnm1oy/EuE1f5VUNoXFeFFIa21vZ +2kzPYYKYyUNOdG8p/s4rPBFyCMf6Tizt0D4XA4oLptKUUIX2SC1Sd+qakKA= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_brainpoolP512t1:BOB_cf_brainpoolP512t1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_brainpoolP512t1 +PeerKey=BOB_cf_brainpoolP512t1_PUB +SharedSecret=48bc4ebdb9a88ca38bed58f5e547eb11d803fd01b6eadff1761ecb48c54525cba43bdb0ee4a4d7aa6701985e0bc12fd32382c035d80acc7ec26adfcb108a07cb + +# ECDH Bob with Alice peer +Derive=BOB_cf_brainpoolP512t1 +PeerKey=ALICE_cf_brainpoolP512t1_PUB +SharedSecret=48bc4ebdb9a88ca38bed58f5e547eb11d803fd01b6eadff1761ecb48c54525cba43bdb0ee4a4d7aa6701985e0bc12fd32382c035d80acc7ec26adfcb108a07cb + +Title=c2pnb163v1 curve tests + +PrivateKey=ALICE_cf_c2pnb163v1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUD1JfG8cLNP9418YW+hVhriqH6O5Y= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2pnb163v1_PUB +-----BEGIN PUBLIC KEY----- +MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBXgoOgVlWTLQnrQZXgQuSBcIS3bQAlXQ+yJhS03B +4G8rKQXbrc0mvWsF +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2pnb163v1:ALICE_cf_c2pnb163v1_PUB + +PrivateKey=BOB_cf_c2pnb163v1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAEEHDAaAgEBBBUAc3EaoMmMORTzQhMkhPIXY+/jUSI= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2pnb163v1_PUB +-----BEGIN PUBLIC KEY----- +MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBn9J0jo39aFVZqhBsAKZ6bViAu6zBC8WaFGExnpZ +KuBh8tP8VSTHPCHF +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2pnb163v1:BOB_cf_c2pnb163v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2pnb163v1 +PeerKey=BOB_cf_c2pnb163v1_PUB +SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2pnb163v1 +PeerKey=ALICE_cf_c2pnb163v1_PUB +SharedSecret=065dd38fb6de7f394778e1bf65d840a2c0e7219acd + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2pnb163v1 +PeerKey=BOB_cf_c2pnb163v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2pnb163v1 +PeerKey=ALICE_cf_c2pnb163v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=066fc46e8cc4327634dd127748020f2de6aab67585 + +PublicKey=MALICE_cf_c2pnb163v1_PUB +-----BEGIN PUBLIC KEY----- +MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN +/piKdhDD3dDKXUih +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2pnb163v1 +PeerKey=MALICE_cf_c2pnb163v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2pnb163v1 +PeerKey=MALICE_cf_c2pnb163v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2pnb163v2 curve tests + +PrivateKey=ALICE_cf_c2pnb163v2 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUA4KFv7c1dygtVbdp/g2z2TqLAHkI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2pnb163v2_PUB +-----BEGIN PUBLIC KEY----- +MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVnlL7lMBaASwCIJaf9x2LgNPVmEAb43huHQlo3Q +4PzawHXQoYm/qgDd +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2pnb163v2:ALICE_cf_c2pnb163v2_PUB + +PrivateKey=BOB_cf_c2pnb163v2 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAIEHDAaAgEBBBUCEdYqClRWIl2m+X34e+DB2iZSxmQ= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2pnb163v2_PUB +-----BEGIN PUBLIC KEY----- +MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVWNIKn7/WMfzuNnd5ws9J0DI2CfBkEJizZHAFqy +kBF3juAQuARgxuT6 +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2pnb163v2:BOB_cf_c2pnb163v2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2pnb163v2 +PeerKey=BOB_cf_c2pnb163v2_PUB +SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2pnb163v2 +PeerKey=ALICE_cf_c2pnb163v2_PUB +SharedSecret=0078ebb986d4f9b0aa0bc4af99e82c2bd24130f3f4 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2pnb163v2 +PeerKey=BOB_cf_c2pnb163v2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2pnb163v2 +PeerKey=ALICE_cf_c2pnb163v2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=069a80bcd45987fd1c874cd9dc5453207a09b61d41 + +PublicKey=MALICE_cf_c2pnb163v2_PUB +-----BEGIN PUBLIC KEY----- +MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAABuVBl1V5uysY +n6HANPEoMoK+7Sv0 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2pnb163v2 +PeerKey=MALICE_cf_c2pnb163v2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2pnb163v2 +PeerKey=MALICE_cf_c2pnb163v2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2pnb163v3 curve tests + +PrivateKey=ALICE_cf_c2pnb163v3 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUBItB0y/QeJ+cCh9yoHf0zqLVyMZc= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2pnb163v3_PUB +-----BEGIN PUBLIC KEY----- +MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBx1HRyjuBMjt+vlbWaQbKOpNvWKFAslzEbPv6MpK +YnObLnq34LRuWznb +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2pnb163v3:ALICE_cf_c2pnb163v3_PUB + +PrivateKey=BOB_cf_c2pnb163v3 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAMEHDAaAgEBBBUAXVHUHeP8Ioz7IqXOWbjaUXEHE5M= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2pnb163v3_PUB +-----BEGIN PUBLIC KEY----- +MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAqXF7rsAZ40Z1PT4TeeC45RKTxP4AJBAdfuknJ/J +DZnBLhxBwtqnfUpA +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2pnb163v3:BOB_cf_c2pnb163v3_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2pnb163v3 +PeerKey=BOB_cf_c2pnb163v3_PUB +SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2pnb163v3 +PeerKey=ALICE_cf_c2pnb163v3_PUB +SharedSecret=07fd2ffe9b18973c51caeadbc2154b97a9a0390be9 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2pnb163v3 +PeerKey=BOB_cf_c2pnb163v3_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2pnb163v3 +PeerKey=ALICE_cf_c2pnb163v3_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=06f7daf1c963594e1a13f9f17b62aaab2934872c16 + +PublicKey=MALICE_cf_c2pnb163v3_PUB +-----BEGIN PUBLIC KEY----- +MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7jRlUg9oaLK +LwAuHF8g5Y0JjJnI +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2pnb163v3 +PeerKey=MALICE_cf_c2pnb163v3_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2pnb163v3 +PeerKey=MALICE_cf_c2pnb163v3_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2pnb176v1 curve tests + +PrivateKey=ALICE_cf_c2pnb176v1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAaZ1jV1jM9meV5iiNGPU/WMSfWOM= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2pnb176v1_PUB +-----BEGIN PUBLIC KEY----- +MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEPjME7IV6Tuz2P++wIT60hRxTkk0M0PNgvqYcUoCI +iw3girDLhNzOu3IQ8Ac= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2pnb176v1:ALICE_cf_c2pnb176v1_PUB + +PrivateKey=BOB_cf_c2pnb176v1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAQEHDAaAgEBBBUAreyYbcF+ONIf64KmeSzV82OI/50= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2pnb176v1_PUB +-----BEGIN PUBLIC KEY----- +MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEpJn1IDmFj5LceLGfY2wlhI1VHq5vJ+qNIAOXVZhX +uMtp6pzy63rCEK53bgs= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2pnb176v1:BOB_cf_c2pnb176v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2pnb176v1 +PeerKey=BOB_cf_c2pnb176v1_PUB +SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2pnb176v1 +PeerKey=ALICE_cf_c2pnb176v1_PUB +SharedSecret=3a8021848ee0b2c1c377404267a515225781c181e6ab + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2pnb176v1 +PeerKey=BOB_cf_c2pnb176v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2pnb176v1 +PeerKey=ALICE_cf_c2pnb176v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=b06cdc633b56e813d63326c69d2cfa335352279540ac + +PublicKey=MALICE_cf_c2pnb176v1_PUB +-----BEGIN PUBLIC KEY----- +MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAE4ePri2opCoAUJIUQnaQlvDaxZd9bsdKnjWSvh+FL +zXV3l5j8K3pow+GJBE4= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2pnb176v1 +PeerKey=MALICE_cf_c2pnb176v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2pnb176v1 +PeerKey=MALICE_cf_c2pnb176v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2pnb208w1 curve tests + +PrivateKey=ALICE_cf_c2pnb208w1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAiENroXMYNbK/7DQQwCpbXk00gnVd +XF2k +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2pnb208w1_PUB +-----BEGIN PUBLIC KEY----- +ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEL+IHOL2IfeLRiE6Wqsc0Frqjq7t/JnBmhN1lMB9Y +Yj3+Btcne4CPWf8KvfGjAdMs6JKP4A== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2pnb208w1:ALICE_cf_c2pnb208w1_PUB + +PrivateKey=BOB_cf_c2pnb208w1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAoEIDAeAgEBBBkAY1GZLynO/IDWwOOjEWUE7k+I/MkP +cJot +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2pnb208w1_PUB +-----BEGIN PUBLIC KEY----- +ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAENBvdzCDOIvu9zo7reJq1ummhR+0jaDc+EoSlW984 +cl9FTi/JJznwC+RNgwVfJ1WKJun1YA== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2pnb208w1:BOB_cf_c2pnb208w1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2pnb208w1 +PeerKey=BOB_cf_c2pnb208w1_PUB +SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2pnb208w1 +PeerKey=ALICE_cf_c2pnb208w1_PUB +SharedSecret=ba32bf80c0f7ab53cb083f267a902a1ad6396eb283237fad91cd + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2pnb208w1 +PeerKey=BOB_cf_c2pnb208w1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2pnb208w1 +PeerKey=ALICE_cf_c2pnb208w1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=f09f5fc8bf20677558bc65939bf1b7fbbbe2579702729304258b + +PublicKey=MALICE_cf_c2pnb208w1_PUB +-----BEGIN PUBLIC KEY----- +ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEfuWB9pBZQin+VnmqgYVpbUpKxSQsnXxNqiDtVwqJ +oPkHxRWnu5e7qI2idMcqaKDeeniUaA== +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2pnb208w1 +PeerKey=MALICE_cf_c2pnb208w1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2pnb208w1 +PeerKey=MALICE_cf_c2pnb208w1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2pnb272w1 curve tests + +PrivateKey=ALICE_cf_c2pnb272w1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEA0SoHwKAgKb7WQ+s0w1iNBemDZ3+f +StHU67fpP7YoF8U= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2pnb272w1_PUB +-----BEGIN PUBLIC KEY----- +MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAE0IH60bGi46FDzEprGZ8EBK5uMMcVke/txeBRNGHQ +DzG68r3EMLZkOfE1+g04MN7HgY7zt3jMYb8ImyLRmvqR2abjs6c= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2pnb272w1:ALICE_cf_c2pnb272w1_PUB + +PrivateKey=BOB_cf_c2pnb272w1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEwYHKoZIzj0CAQYIKoZIzj0DABAEKDAmAgEBBCEAFqB5GbPJ4d+X7ye7m05l/OirDqfn +MOsOJ6xObBph3zQ= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2pnb272w1_PUB +-----BEGIN PUBLIC KEY----- +MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEIeIkcMHAuOgvHt2Wp52vVe0DYPNnUX79t/mLSx03 +cUlDmcxL7vIXdx9hB4OmQBYbm+YLDNfTFGAIlDfr2tELpVVPWPo= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2pnb272w1:BOB_cf_c2pnb272w1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2pnb272w1 +PeerKey=BOB_cf_c2pnb272w1_PUB +SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2pnb272w1 +PeerKey=ALICE_cf_c2pnb272w1_PUB +SharedSecret=cfebd65006520a40f081d8940edf0ebb8e54491ba1499d9f3c63deecee84ddc07142 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2pnb272w1 +PeerKey=BOB_cf_c2pnb272w1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2pnb272w1 +PeerKey=ALICE_cf_c2pnb272w1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=756fc20b27352ac74e5135359c63d375d2732c6d02f25cd526155bac0882a9211dd4 + +PublicKey=MALICE_cf_c2pnb272w1_PUB +-----BEGIN PUBLIC KEY----- +MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEvID3AM7qzpKDnOLFY00+E7EKZz/vS/pXgsUA3bWN +oJF8ElXFXv59s/SykQBCTHPqzmUbVmrXmtD44Kt1wUBRJfuwxy4= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2pnb272w1 +PeerKey=MALICE_cf_c2pnb272w1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2pnb272w1 +PeerKey=MALICE_cf_c2pnb272w1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2pnb304w1 curve tests + +PrivateKey=ALICE_cf_c2pnb304w1 +-----BEGIN PRIVATE KEY----- +MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAqJxh50ZIUXOJ1HE3cVkech9OTTPJ +8jy/v5cFcO0X6dykHgnZ +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2pnb304w1_PUB +-----BEGIN PUBLIC KEY----- +MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEvoaqRX6qiNQiFH1BhgLCPTpYszoRhmlLirkvlw/Q +iXBlfQ7U4g+iRR/kmu2RlwwOHgNNL+mWcvLkFfS8Kr4jzv1EY1Ecx96n21l0YQ== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2pnb304w1:ALICE_cf_c2pnb304w1_PUB + +PrivateKey=BOB_cf_c2pnb304w1 +-----BEGIN PRIVATE KEY----- +MEYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABEELDAqAgEBBCUAOScHepX+IwqC8TjyAJI1bkR3cYYt +X9BbqYM9GQfVNSLHntTg +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2pnb304w1_PUB +-----BEGIN PUBLIC KEY----- +MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEYuAq/6Yw5HxMeMohlWmwl+ZK4ZQucfr1tWDKwhDb +kAOUO2P/Q/H+uelM3VVwxeu6A1kaX7K0UZpNa96NRBwI4aevc+vOxCgYkGt9BA== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2pnb304w1:BOB_cf_c2pnb304w1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2pnb304w1 +PeerKey=BOB_cf_c2pnb304w1_PUB +SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2pnb304w1 +PeerKey=ALICE_cf_c2pnb304w1_PUB +SharedSecret=bfddf9f923210e8231a702e3a1c987cf27661de1bc243c1890e437d67d9f49c6ccfadc035d9d + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2pnb304w1 +PeerKey=BOB_cf_c2pnb304w1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2pnb304w1 +PeerKey=ALICE_cf_c2pnb304w1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0c7afb3143f93ef2166c05437a1757a62c916ff1751c6d456dd7f2356dcbc75df48015eb5ce8 + +PublicKey=MALICE_cf_c2pnb304w1_PUB +-----BEGIN PUBLIC KEY----- +MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEBZ5FuthQt0mxTJ8NQWN2J37kYT8ySD893IXEmXYP +fMTr+CSNkf/sfF/13GEdVGnHmBgCH61sPWG69RgzdjRPprZFZxXjubIWYkp0DQ== +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2pnb304w1 +PeerKey=MALICE_cf_c2pnb304w1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2pnb304w1 +PeerKey=MALICE_cf_c2pnb304w1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2pnb368w1 curve tests + +PrivateKey=ALICE_cf_c2pnb368w1 +-----BEGIN PRIVATE KEY----- +ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0AXeSTXsHb2PEH12tZL8w2q6evA2mi +KfLLIa1c29BTmM//oWdKpqeuvwMIBto= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2pnb368w1_PUB +-----BEGIN PUBLIC KEY----- +MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEmEBXcvMgnHwJW7wAKM4cqboco6zF01J9ntUwoACI +euvf3cpPXBvxUawJXfO9FwFRQabDRagGP99Walidd2JW8nWDWZgZMKj15Wh+4bp2dZHc2tPIIHHd +3makbwQ= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2pnb368w1:ALICE_cf_c2pnb368w1_PUB + +PrivateKey=BOB_cf_c2pnb368w1 +-----BEGIN PRIVATE KEY----- +ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABMENDAyAgEBBC0Aq1R9M/mCMbJMj6VBUpBkS4HXywEz +Qun6d6uXgyU4LZRszA7Dz9+eKbXEMsk= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2pnb368w1_PUB +-----BEGIN PUBLIC KEY----- +MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEJOSnsaXA9wb5p8CGLPvYI47Yf3IdZSbWQ3Sn6G2v +At+zYlpzGax1oJ1CW8fGA0Gu0RnvAfDeW9vgrtzshH1Vy/Ni6a7LPho99PtUP2nzUBnv+hfhFSra +gqfRaOs= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2pnb368w1:BOB_cf_c2pnb368w1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2pnb368w1 +PeerKey=BOB_cf_c2pnb368w1_PUB +SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2pnb368w1 +PeerKey=ALICE_cf_c2pnb368w1_PUB +SharedSecret=008d20ede3961be3b01051d6fdae63db43865664804d432293a2edb13dcc8be0fe5b0c655297a84b9067a29c2a6f + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2pnb368w1 +PeerKey=BOB_cf_c2pnb368w1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2pnb368w1 +PeerKey=ALICE_cf_c2pnb368w1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=df32ddeeffa029aeadabad000a79c3154a0ddd0aeacf4e3de426f5c10096eff8912038c64d4c899131dcd4df2561 + +PublicKey=MALICE_cf_c2pnb368w1_PUB +-----BEGIN PUBLIC KEY----- +MHUwEwYHKoZIzj0CAQYIKoZIzj0DABMDXgAEWDn/U9rymClM/a0Q1mawHjQjvpxSehRWstSE+2Sd +ubcZowJ+rw5LsEZteQyeVrCpKYUiIBmIVuFb2LDjtNLIJD1lr8C+vdco24ciLS9RzF/Dc9X+tcIj +726e1BE= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2pnb368w1 +PeerKey=MALICE_cf_c2pnb368w1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2pnb368w1 +PeerKey=MALICE_cf_c2pnb368w1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2tnb191v1 curve tests + +PrivateKey=ALICE_cf_c2tnb191v1 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBgXyG7A4BvSmjKEl3aU+FQUt02p9U7x +Jk4= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2tnb191v1_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEG9iuZmnhz2H/YQKmVUaO//fm7hvV+CP5c2iszpR3 +7lRimqLWHPyvKgcP+PRCIUom +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2tnb191v1:ALICE_cf_c2tnb191v1_PUB + +PrivateKey=BOB_cf_c2tnb191v1 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAUEHzAdAgEBBBg4+2hv9x9HxFy0c2c1XESDdgOamHu0 +MTU= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2tnb191v1_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEdO/4ii8gi8eQfBrv3XmsOETwIfT8OIpBW/kUoHD+ +adqalcB6SIWOfoJReDLcpxAD +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2tnb191v1:BOB_cf_c2tnb191v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2tnb191v1 +PeerKey=BOB_cf_c2tnb191v1_PUB +SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2tnb191v1 +PeerKey=ALICE_cf_c2tnb191v1_PUB +SharedSecret=2ee8a85151c397600984285307c14f0ea0e4c2071d753a99 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2tnb191v1 +PeerKey=BOB_cf_c2tnb191v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2tnb191v1 +PeerKey=ALICE_cf_c2tnb191v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=334051dfd62237e69e280ce2fab979bd77260f8dfe4df989 + +PublicKey=MALICE_cf_c2tnb191v1_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPEwZ1wj +iNoFyzyANZl8IDB0fF1RmZD6 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2tnb191v1 +PeerKey=MALICE_cf_c2tnb191v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2tnb191v1 +PeerKey=MALICE_cf_c2tnb191v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2tnb191v2 curve tests + +PrivateKey=ALICE_cf_c2tnb191v2 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgQZHIQIPrAsbJqq4ZX3JdMrZAkaIGP +jbo= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2tnb191v2_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEAyQdwZYRIiv7O4/WRLDKJ249TM8dr2Y+Oz8rSxCI +UVvJT/Jv9m462J6Iz1XOohhP +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2tnb191v2:ALICE_cf_c2tnb191v2_PUB + +PrivateKey=BOB_cf_c2tnb191v2 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAYEHzAdAgEBBBgThhW6d5QDaqM8yhm16q6Pu/VFBpf7 +wcs= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2tnb191v2_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEBVkB4O6fFvGzMHv4BF51muFA0npOGKoOdKbIIMQY +JBIoz1RNNXTcgdpguLcrvcPJ +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2tnb191v2:BOB_cf_c2tnb191v2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2tnb191v2 +PeerKey=BOB_cf_c2tnb191v2_PUB +SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2tnb191v2 +PeerKey=ALICE_cf_c2tnb191v2_PUB +SharedSecret=711f90cb2aaea65e939065cbd1896affe1d490ba14571400 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2tnb191v2 +PeerKey=BOB_cf_c2tnb191v2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2tnb191v2 +PeerKey=ALICE_cf_c2tnb191v2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=1740db5b771fa2889d3ec7c1ba8eeffa7741f0ee62433dce + +PublicKey=MALICE_cf_c2tnb191v2_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEA3yPV6Ilx7PU7dWIDzgKzFV07LNsn1EhMyLQaa5U +2vqunpWef+/CaO2pFBcwwW+x +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2tnb191v2 +PeerKey=MALICE_cf_c2tnb191v2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2tnb191v2 +PeerKey=MALICE_cf_c2tnb191v2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2tnb191v3 curve tests + +PrivateKey=ALICE_cf_c2tnb191v3 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgTPjf06B01Jq59qU1iczNuA29WfW+b +erU= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2tnb191v3_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEL4NGEUX2CXY18MyoH1inKq5kde9RGr25ODm/0BEX +HWsGvDE2HC+6pL2BMl3MRCty +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2tnb191v3:ALICE_cf_c2tnb191v3_PUB + +PrivateKey=BOB_cf_c2tnb191v3 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAcEHzAdAgEBBBgUC2bC465JTXYLUaaET/r5n7X85gRH +iSQ= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2tnb191v3_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEPKekNkT9mQ8KRCTR2RwCFkhNvsjL+/mLHYzbMrYe +QFIb5QwXAdbg2tEOl7yj9qkk +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2tnb191v3:BOB_cf_c2tnb191v3_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2tnb191v3 +PeerKey=BOB_cf_c2tnb191v3_PUB +SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2tnb191v3 +PeerKey=ALICE_cf_c2tnb191v3_PUB +SharedSecret=196200f7ea06c43c35516b995cf4a4dd4151dbd0ed998561 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2tnb191v3 +PeerKey=BOB_cf_c2tnb191v3_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2tnb191v3 +PeerKey=ALICE_cf_c2tnb191v3_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=311939377670a8a1ed1ee17f9dd182167da00c5a19e2e109 + +PublicKey=MALICE_cf_c2tnb191v3_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAESvPjWlLnANK2j38hHZ0uqueaniovkhwwdJZjrmUk +n5vQBTxUzkIkMjL33v6Lr3z7 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2tnb191v3 +PeerKey=MALICE_cf_c2tnb191v3_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2tnb191v3 +PeerKey=MALICE_cf_c2tnb191v3_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2tnb239v1 curve tests + +PrivateKey=ALICE_cf_c2tnb239v1 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4fMJDhCEiuEf/RF6oGjHVcNwN+wCYG +rJMnJLIXiCI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2tnb239v1_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEUgG/uMWy4k0R/kbVJEapF6r5ik4Q9WPsDXAd0856 +dVL8PvBXgixk2tKfyY1xUVebcEVlgdZP1pN1Xyvi +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2tnb239v1:ALICE_cf_c2tnb239v1_PUB + +PrivateKey=BOB_cf_c2tnb239v1 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAsEJTAjAgEBBB4JLDwVJQw3+00FiZBDWFErd7PXnchH +sfpZeV3i5FM= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2tnb239v1_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEcwKt31cWaoFUd7QxYSdwgMDOqEhjPbD3Z9AfR3tc +G77/MY5z1oQegqImBog645vtPWI8lZd1zcl6QYRS +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2tnb239v1:BOB_cf_c2tnb239v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2tnb239v1 +PeerKey=BOB_cf_c2tnb239v1_PUB +SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2tnb239v1 +PeerKey=ALICE_cf_c2tnb239v1_PUB +SharedSecret=413ea943cdf40c45795c77aeea7099b81cc42566067924d1fdbae42ddf99 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2tnb239v1 +PeerKey=BOB_cf_c2tnb239v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2tnb239v1 +PeerKey=ALICE_cf_c2tnb239v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=1f1e5a6084492e895c35d76a5d2b4a3fafbd96c4b2230ea71cc1c711fa38 + +PublicKey=MALICE_cf_c2tnb239v1_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEJFn89FF7xaa5m+XGxWKFwCH+Mu4rbxwi6lvhuEuT +Itl/OAosALFh8xpt+N5gmKtUdhpjyok2udC4B/mY +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2tnb239v1 +PeerKey=MALICE_cf_c2tnb239v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2tnb239v1 +PeerKey=MALICE_cf_c2tnb239v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2tnb239v2 curve tests + +PrivateKey=ALICE_cf_c2tnb239v2 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4KU4YKdzFOkl6M1biHkxtVGD2uNXr6 +GbEcp4PbJKU= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2tnb239v2_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEKzpycflUrsyqVV/+fzvC2+AuX3r0b0Syn8acvn78 +VnKA9mZKwPLWhnMJcLyzarIzc/6/UcfYGNmTyUlG +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2tnb239v2:ALICE_cf_c2tnb239v2_PUB + +PrivateKey=BOB_cf_c2tnb239v2 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAAwEJTAjAgEBBB4HZQLKGKBpIKiyTq6XYZWQNph1oGP+ +JLwCwn7lYx0= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2tnb239v2_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAETPSkhMs3JW3BG66FSfCov76JKdcRiBhMCW453Wku +N7yBxBmWjeclHhnXIzfc4qM4qf9n3KzMSXejPVYg +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2tnb239v2:BOB_cf_c2tnb239v2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2tnb239v2 +PeerKey=BOB_cf_c2tnb239v2_PUB +SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2tnb239v2 +PeerKey=ALICE_cf_c2tnb239v2_PUB +SharedSecret=2e738f14795b2e19ee791c1bf30c5e462ca6c6ed0ec5c6c6402d0730cf4c + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2tnb239v2 +PeerKey=BOB_cf_c2tnb239v2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2tnb239v2 +PeerKey=ALICE_cf_c2tnb239v2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=7662d8b94d3f0d20eb8e112ca8b7d5699d81f35902df5b77561977df3946 + +PublicKey=MALICE_cf_c2tnb239v2_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAES8fLc5mtVI0HqgKRJ7mN8MU1B0FBkiim6jCHYJf3 +JYUX3Gn3Ai11cHie+nVb3z51jSkpDQENHESTv5K2 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2tnb239v2 +PeerKey=MALICE_cf_c2tnb239v2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2tnb239v2 +PeerKey=MALICE_cf_c2tnb239v2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2tnb239v3 curve tests + +PrivateKey=ALICE_cf_c2tnb239v3 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BZZXtcMw5GrpgHJLx4D8z7M6ocWdv +rDl2fV9ObC8= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2tnb239v3_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEOu2HIAUX+r6IbRlrPUJUBDL814dR++maVAAkUIjD +H33ewqcI9ZLtpvuR8P8hgRNUTXlh1GWgrB6F21Eo +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2tnb239v3:ALICE_cf_c2tnb239v3_PUB + +PrivateKey=BOB_cf_c2tnb239v3 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAA0EJTAjAgEBBB4BDxw3SA54y6uYOW1n4yZaUK22J9ef +XG3HcQX+4i0= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2tnb239v3_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEVaEi76wyzlpzkkSElf4SmGZ7kf1ghHMP82HkGk7K +BC10zUyppoSOAr0eX4pHAkDUF1m/KGoJa7QcJJww +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2tnb239v3:BOB_cf_c2tnb239v3_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2tnb239v3 +PeerKey=BOB_cf_c2tnb239v3_PUB +SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2tnb239v3 +PeerKey=ALICE_cf_c2tnb239v3_PUB +SharedSecret=6a756022ec2ea89b0fa757824909707102acf3b7da39dc625c6252eb4c48 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2tnb239v3 +PeerKey=BOB_cf_c2tnb239v3_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2tnb239v3 +PeerKey=ALICE_cf_c2tnb239v3_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=3240e19dd8c290e5e1749df60ad0166dd9dbfad645e518b4948e14f774ce + +PublicKey=MALICE_cf_c2tnb239v3_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAELe/znC87/2ucKX7mXUUyiUvg67slWRdH+WHDct9d +LcXDyB342ZN1nm0NCAmBMcLjohX0Zza0ji3YNjT1 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2tnb239v3 +PeerKey=MALICE_cf_c2tnb239v3_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2tnb239v3 +PeerKey=MALICE_cf_c2tnb239v3_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2tnb359v1 curve tests + +PrivateKey=ALICE_cf_c2tnb359v1 +-----BEGIN PRIVATE KEY----- +ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Afea/a1NrRf6rRRr/UDsI559ADTFP +Bd5HaS33laTZkCdNLITw1UUrESUIOiU= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2tnb359v1_PUB +-----BEGIN PUBLIC KEY----- +MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEZMJU3QF9UJJp2m6qyCnhPuVlPKPHtav3DCgH27SY +RLMN7C4rRmqiJakD11QtOforOgbPW5r/v7t4TUWIlq8jV7kapJNtxQtg/S87L0NQGgHBq/lnJL8x +fN3Y +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2tnb359v1:ALICE_cf_c2tnb359v1_PUB + +PrivateKey=BOB_cf_c2tnb359v1 +-----BEGIN PRIVATE KEY----- +ME4CAQAwEwYHKoZIzj0CAQYIKoZIzj0DABIENDAyAgEBBC0Aaw+yr7Atz8CXjLsbI5msXLqxFoMr +esHVfU53i6ucCsnPTWSDWSb5CePtI9g= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2tnb359v1_PUB +-----BEGIN PUBLIC KEY----- +MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEUQde0iyDHbsFJZ459d4zUhsrJYAkqndmEBRwSlg5 +ZNX8SSS79Zf2HsQl+LWIZyzeYzoHobKXufChw9/H4ThS58VwV5/0hoE929PIgJ1MSEqr5LvJXi+b +R8fe +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2tnb359v1:BOB_cf_c2tnb359v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2tnb359v1 +PeerKey=BOB_cf_c2tnb359v1_PUB +SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2tnb359v1 +PeerKey=ALICE_cf_c2tnb359v1_PUB +SharedSecret=623a71122b5acad467d40d97ef8d8fd46541d8c41d7de6ba181c24e2714c1bc35bcefcf089af69c406eedecc12 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2tnb359v1 +PeerKey=BOB_cf_c2tnb359v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2tnb359v1 +PeerKey=ALICE_cf_c2tnb359v1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=1c9c4cea3251dace2cb763eabf60f106cc1b03f2491e6f20d7bea78e062f8f14c4e82e4d43786eefa44d33f7e9 + +PublicKey=MALICE_cf_c2tnb359v1_PUB +-----BEGIN PUBLIC KEY----- +MHMwEwYHKoZIzj0CAQYIKoZIzj0DABIDXAAEDW1DxeJfyPPnxX4WiLM5ZnX9AypqqeKj7FTHxanl +++A6FgVFjUCatt8Sr4xnSc3zDE0kh6f/wS9SbtCAi74i8HAX5SJiccCMPRkw6kBuHZgiG8EmFJ53 +OEQw +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2tnb359v1 +PeerKey=MALICE_cf_c2tnb359v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2tnb359v1 +PeerKey=MALICE_cf_c2tnb359v1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=c2tnb431r1 curve tests + +PrivateKey=ALICE_cf_c2tnb431r1 +-----BEGIN PRIVATE KEY----- +MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUAG1rgUnH3+PSxqlzt9+QTWv7PrYxz +Qgqj5A2Mqi0LbdixVDciVSSgrU6keVu72oCmHVP+OQ== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_c2tnb431r1_PUB +-----BEGIN PUBLIC KEY----- +MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABFcQEDic9pYxtxStk/oBxafqyUux1kvEOOwR4FxJ +pGEMTh8B+YfkWuq+IDY5zSqNKtg7cRlAFX2dlHhRSvNxrN3DJCrhe/TQq8SIYawcqEQnM39F8hHM +7VQJLEsBpJ/WUonwMJXknjgfONP7GA== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_c2tnb431r1:ALICE_cf_c2tnb431r1_PUB + +PrivateKey=BOB_cf_c2tnb431r1 +-----BEGIN PRIVATE KEY----- +MFYCAQAwEwYHKoZIzj0CAQYIKoZIzj0DABQEPDA6AgEBBDUBOsZrpI6hTgImR8DBhKOOrh2SvcT/ +VwmzYnbuCRrtr/zwIQcqKKI1ztlrl+kxFxJfk5L7UQ== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_c2tnb431r1_PUB +-----BEGIN PUBLIC KEY----- +MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABHeTG6xjbsKKxn4oYQt9qUM9LrSPZfY11XsBmROc +fb9kEbBLU+QixSbYZOrqPasesDV9dApDXF+w6EfIeNyJEK5Lk+aXamrn7fRMUAQ2m7+Odp87GgA+ +8Cg6YpgbK314SK5STziqoZwzEISJ9w== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_c2tnb431r1:BOB_cf_c2tnb431r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_c2tnb431r1 +PeerKey=BOB_cf_c2tnb431r1_PUB +SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 + +# ECDH Bob with Alice peer +Derive=BOB_cf_c2tnb431r1 +PeerKey=ALICE_cf_c2tnb431r1_PUB +SharedSecret=1c9a64de0b706f0e562d5144ceeb4806ce8782865dc0e3fab694967955bd40afc79bf9241ef4a173fbf9baeac0d416392fb13bdc6978 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_c2tnb431r1 +PeerKey=BOB_cf_c2tnb431r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_c2tnb431r1 +PeerKey=ALICE_cf_c2tnb431r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=059e2ea2d0d8bad5005a9401196ebb1633377c7ded8ec58a0398cf1d0f42ea82614f68cb836ecfc33612b8a705b4c3b7b4ed12eb6e22 + +PublicKey=MALICE_cf_c2tnb431r1_PUB +-----BEGIN PUBLIC KEY----- +MIGFMBMGByqGSM49AgEGCCqGSM49AwAUA24ABA/cHJ1bNJ2l3GcrT67WEoU0w/Ajy28T9X4XLv8a +5EpnkembeFlRG8ILplDcZimE8kjNQWynAk+NbJRsIU/XLzcm7VXkkqEkx/yCQ/TOcbeB3qrpzWYr +F3Cls9x60wuFYNc9d6eIe4B+puz9IQ== +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_c2tnb431r1 +PeerKey=MALICE_cf_c2tnb431r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_c2tnb431r1 +PeerKey=MALICE_cf_c2tnb431r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=prime192v1 curve tests + +PrivateKey=ALICE_cf_prime192v1 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhQFYLaobJ47BVWWZv/ByY8Ti69m/U9 +TeI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_prime192v1_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEHYbt14KzucSpmKMrlDx1IGz/a28nDs21OjKgx3BK +PZ78UrllIr69kgrYUKsRg4sd +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_prime192v1:ALICE_cf_prime192v1_PUB + +PrivateKey=BOB_cf_prime192v1 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEHzAdAgEBBBhsbmKHAtygIqirkmUXSbniDJOx0/fI +CWM= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_prime192v1_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJA+FQcXq5Axzv8pLDslxq1QVt1hjN2i0TgoO6Yxp +bAekMot69VorE8ibSzgJixXJ +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_prime192v1:BOB_cf_prime192v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_prime192v1 +PeerKey=BOB_cf_prime192v1_PUB +SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 + +# ECDH Bob with Alice peer +Derive=BOB_cf_prime192v1 +PeerKey=ALICE_cf_prime192v1_PUB +SharedSecret=e36cad3b0f8d00f60f090440a76df47896713ae61421c354 + +Title=prime192v2 curve tests + +PrivateKey=ALICE_cf_prime192v2 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBh6rcgPFDmA2P4CGSrC7ii9DAjepljX +sMM= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_prime192v2_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAET6wOPoDU3BeU7VKozsGEvDeJs//9Z/aNEcbbLQ0d +g5IzsS/XMJzifjCJZgNsb7mi +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_prime192v2:ALICE_cf_prime192v2_PUB + +PrivateKey=BOB_cf_prime192v2 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQIEHzAdAgEBBBja4R9iZuiu95XEuM1558ArTwNnAl7M +xqI= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_prime192v2_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEcgWNAOL4pZCmouZl+be+rC0yLAJkm2YuPWs+FX2u +Y6OU1aHkkspZTC1uUVWjchy5 +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_prime192v2:BOB_cf_prime192v2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_prime192v2 +PeerKey=BOB_cf_prime192v2_PUB +SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 + +# ECDH Bob with Alice peer +Derive=BOB_cf_prime192v2 +PeerKey=ALICE_cf_prime192v2_PUB +SharedSecret=ae2ff9f1f9f24e6d281dc78993d9f71913e1e105965000a1 + +Title=prime192v3 curve tests + +PrivateKey=ALICE_cf_prime192v3 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBij5blPQRKM1/9c57YDZXIIue80MDqx +Igw= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_prime192v3_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE1+mLeiT/jjHO71IL/C/ZcnF6+yj9FV6eqfuPdHAi +MsDRFCB6/h8TcCUFuospu5l0 +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_prime192v3:ALICE_cf_prime192v3_PUB + +PrivateKey=BOB_cf_prime192v3 +-----BEGIN PRIVATE KEY----- +MDkCAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQMEHzAdAgEBBBhgFP4fFLtm/yk5tsosBUBKTg370FOu +92g= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_prime192v3_PUB +-----BEGIN PUBLIC KEY----- +MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEv35bOz0xqLeJqpZdZ8LyiUgsJMBEtN2UMJm8blX2 +vMWAgEeLhzar86BUlS7dZwS7 +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_prime192v3:BOB_cf_prime192v3_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_prime192v3 +PeerKey=BOB_cf_prime192v3_PUB +SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 + +# ECDH Bob with Alice peer +Derive=BOB_cf_prime192v3 +PeerKey=ALICE_cf_prime192v3_PUB +SharedSecret=9e562ecbe29c510a13b0daea822ec864c2a9684d2a382812 + +Title=prime239v1 curve tests + +PrivateKey=ALICE_cf_prime239v1 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5nH2mt/GUx+I/60NlcuQlrdupDXwMY +SF/w+SUTNqY= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_prime239v1_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEMqQLCgDR9njkq9QELuOu+J/9YGcxJHULdvxHImLW +RXqBUM5Xea+Qk2SKIpWcogxr2zFeQyeLj2bQysuo +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_prime239v1:ALICE_cf_prime239v1_PUB + +PrivateKey=BOB_cf_prime239v1 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQQEJTAjAgEBBB5RZgYV+j+zhwI12zCzB+mdPofMx0kB +jZ9gplgXxzk= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_prime239v1_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEBR5m/kllh025oO4GvqALkjRliVv7q4x8ro/tkYnT +L2U4hkT6xUeRu9QC4KOz7KUVH+nBbQASL4XQg/3C +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_prime239v1:BOB_cf_prime239v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_prime239v1 +PeerKey=BOB_cf_prime239v1_PUB +SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 + +# ECDH Bob with Alice peer +Derive=BOB_cf_prime239v1 +PeerKey=ALICE_cf_prime239v1_PUB +SharedSecret=196b1d0206d4f87c313c266bfb12c90dd1f1f64b89bfc16518086b9801b8 + +Title=prime239v2 curve tests + +PrivateKey=ALICE_cf_prime239v2 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5uLCwofbD2Suc/iIRhXJsPqZ4me87h ++tFevsg1pPE= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_prime239v2_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAETH77jXHBItV673gTNK/HTFldo4VxPiscbideUgKd +CWjdVsXebgAZbqQwf0h9QWcIgM7K7ODdW5kCuZ1G +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_prime239v2:ALICE_cf_prime239v2_PUB + +PrivateKey=BOB_cf_prime239v2 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQUEJTAjAgEBBB5nlF+ouuw3Ljkgy3pHkCN+/JoHAMyT +KY0wlvJdo/w= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_prime239v2_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAELUQYo0UH8HbK/RMD2jVphBU+iB4OTOfvaaTlHq06 +dcJ8a9a+mAQKhb1OZVEq1n4nQsgRiI1rPxugVERM +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_prime239v2:BOB_cf_prime239v2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_prime239v2 +PeerKey=BOB_cf_prime239v2_PUB +SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf + +# ECDH Bob with Alice peer +Derive=BOB_cf_prime239v2 +PeerKey=ALICE_cf_prime239v2_PUB +SharedSecret=1d18ca6366bceba3c1477daa0e08202088abcf14fc2b8fbf98ba95858fcf + +Title=prime239v3 curve tests + +PrivateKey=ALICE_cf_prime239v3 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5J95JRhBDTzlyAPAfu6T2Pb9vK0NKu +Y9AfhA2G+mI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_prime239v3_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEZEN48pqgLF08Yjj/8BLM2Nr5ZhpYxyBurbzKRuBb +GLpzZLteJN9vZjN7ouNpMxLVUFQxTOwpsvUw86Lk +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_prime239v3:ALICE_cf_prime239v3_PUB + +PrivateKey=BOB_cf_prime239v3 +-----BEGIN PRIVATE KEY----- +MD8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQYEJTAjAgEBBB5Z7rMZML1xeryBaYYr+QuMiQxHT44I +d9bmIVvG3dM= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_prime239v3_PUB +-----BEGIN PUBLIC KEY----- +MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEQUWKqohAPAoIYEZOvc1QwSlcB+gW0febaNxGOy47 +LaIWdsNM7GJVP9xpdSwm/L+Dip/oH4E59f3SiOAd +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_prime239v3:BOB_cf_prime239v3_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_prime239v3 +PeerKey=BOB_cf_prime239v3_PUB +SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 + +# ECDH Bob with Alice peer +Derive=BOB_cf_prime239v3 +PeerKey=ALICE_cf_prime239v3_PUB +SharedSecret=4dcc2c67c5993162ed71ebb33077bbb85395b0d3eec2311aa404e45901a0 + +Title=prime256v1 curve tests + +PrivateKey=ALICE_cf_prime256v1 +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDZE0NZiGAFJX6JQxumKTFRT+XFCQqJ +gHCUxmU2fRcn9Q== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_prime256v1_PUB +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5kDOrX6kmk1/jHfEdMBluFos6dyCbzKVOX3v2aa2 +y5IhlhTKtCJdydX+XWLDXWW9sbtIRNP94R3iOOpRPBqpGg== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_prime256v1:ALICE_cf_prime256v1_PUB + +PrivateKey=BOB_cf_prime256v1 +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAxJgV1dLJw/o2Dmh1fIY1KpBd88WCP +23wZzR8DzhyCrA== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_prime256v1_PUB +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5J6yA+j0zrGi6RilUhjrcL7OUMzYTwpnw5DdRXr0 +creHgE03EFV//7xqadB4BDwFIGM9MV2sE6qREEomWhZFeg== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_prime256v1:BOB_cf_prime256v1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_prime256v1 +PeerKey=BOB_cf_prime256v1_PUB +SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a + +# ECDH Bob with Alice peer +Derive=BOB_cf_prime256v1 +PeerKey=ALICE_cf_prime256v1_PUB +SharedSecret=ee63690b553dcd9bccb066137725f0489395a83f4d280f309339d606c969734a + +Title=secp112r1 curve tests + +PrivateKey=ALICE_cf_secp112r1 +-----BEGIN PRIVATE KEY----- +MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6zC5ZzEIIdvY4Q7DS0uw== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp112r1_PUB +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEYIawfjH3qRrJJWwuG3Ys5ZhDJsmdWi34aHgKAA== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp112r1:ALICE_cf_secp112r1_PUB + +PrivateKey=BOB_cf_secp112r1 +-----BEGIN PRIVATE KEY----- +MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAYEFTATAgEBBA6WPx4YxBODium8BKDw0A== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp112r1_PUB +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEchh3iQdPN1rrzrpdZRQ95G6tvdwEBQ+gfu1tvA== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp112r1:BOB_cf_secp112r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp112r1 +PeerKey=BOB_cf_secp112r1_PUB +SharedSecret=4ddd1d504b444d4be67ba2e4610a + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp112r1 +PeerKey=ALICE_cf_secp112r1_PUB +SharedSecret=4ddd1d504b444d4be67ba2e4610a + +Title=secp112r2 curve tests + +PrivateKey=ALICE_cf_secp112r2 +-----BEGIN PRIVATE KEY----- +MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4GcvIx97ePHdAiH0Z9EA== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp112r2_PUB +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEHK9uNAILHBmPZdKKh79/nzYE0HbvC//rA7i0Xw== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp112r2:ALICE_cf_secp112r2_PUB + +PrivateKey=BOB_cf_secp112r2 +-----BEGIN PRIVATE KEY----- +MCwCAQAwEAYHKoZIzj0CAQYFK4EEAAcEFTATAgEBBA4WzpVFZnZv9mvtpnYNyw== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp112r2_PUB +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEUzBLNQupqUpGgmZl9JVjKBpwusl52rFg5OVFJA== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp112r2:BOB_cf_secp112r2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp112r2 +PeerKey=BOB_cf_secp112r2_PUB +SharedSecret=a6d05c7ba5128a9685c705b5030b + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp112r2 +PeerKey=ALICE_cf_secp112r2_PUB +SharedSecret=a6d05c7ba5128a9685c705b5030b + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_secp112r2 +PeerKey=BOB_cf_secp112r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=04f3280e92c269d794aa779efcef + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_secp112r2 +PeerKey=ALICE_cf_secp112r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=04f3280e92c269d794aa779efcef + +PublicKey=MALICE_cf_secp112r2_PUB +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEsf2N4SfUZWtXPrUTmEyr71I/JSn8VtzQsFHuqQ== +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_secp112r2 +PeerKey=MALICE_cf_secp112r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_secp112r2 +PeerKey=MALICE_cf_secp112r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=secp128r1 curve tests + +PrivateKey=ALICE_cf_secp128r1 +-----BEGIN PRIVATE KEY----- +MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB+RX18d0+gKpdcKbJJTrEZ +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp128r1_PUB +-----BEGIN PUBLIC KEY----- +MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEG0XMAdrAZOPUW6L9ADU8XK8sZr7dtIcDinSWU1zSV9s= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp128r1:ALICE_cf_secp128r1_PUB + +PrivateKey=BOB_cf_secp128r1 +-----BEGIN PRIVATE KEY----- +MC4CAQAwEAYHKoZIzj0CAQYFK4EEABwEFzAVAgEBBBB/J9/eClt9mimGwOcOsjJF +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp128r1_PUB +-----BEGIN PUBLIC KEY----- +MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAE82nknsOS+u8mybP0KJqQhvm83gbPNTZOcvm0ZDVR5sU= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp128r1:BOB_cf_secp128r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp128r1 +PeerKey=BOB_cf_secp128r1_PUB +SharedSecret=5020f1b759da1f737a61a29a268d7669 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp128r1 +PeerKey=ALICE_cf_secp128r1_PUB +SharedSecret=5020f1b759da1f737a61a29a268d7669 + +Title=secp128r2 curve tests + +PrivateKey=ALICE_cf_secp128r2 +-----BEGIN PRIVATE KEY----- +MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBALPaUYCnPgNiLhez93Z1Gi +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp128r2_PUB +-----BEGIN PUBLIC KEY----- +MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEOKiPRGtZXwxmvTr35NmUkNsAGGk9RKNA4D5BE9ZrjZQ= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp128r2:ALICE_cf_secp128r2_PUB + +PrivateKey=BOB_cf_secp128r2 +-----BEGIN PRIVATE KEY----- +MC4CAQAwEAYHKoZIzj0CAQYFK4EEAB0EFzAVAgEBBBARg3vb436QgyHdyt6l/b6G +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp128r2_PUB +-----BEGIN PUBLIC KEY----- +MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAELph7h27BYjIINC2EddcpIOxKbdz8Xe7h3Az1ZuR9bAI= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp128r2:BOB_cf_secp128r2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp128r2 +PeerKey=BOB_cf_secp128r2_PUB +SharedSecret=8f4d8c75141e9b084328222440eb5dfa + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp128r2 +PeerKey=ALICE_cf_secp128r2_PUB +SharedSecret=8f4d8c75141e9b084328222440eb5dfa + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_secp128r2 +PeerKey=BOB_cf_secp128r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=baaa0c16e16eef291001475d638e4830 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_secp128r2 +PeerKey=ALICE_cf_secp128r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=baaa0c16e16eef291001475d638e4830 + +PublicKey=MALICE_cf_secp128r2_PUB +-----BEGIN PUBLIC KEY----- +MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAE6h6RzJIp6HLR6RDOPtyzGDurkuE9aAaZqHosPTnkLxQ= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_secp128r2 +PeerKey=MALICE_cf_secp128r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_secp128r2 +PeerKey=MALICE_cf_secp128r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=secp160k1 curve tests + +PrivateKey=ALICE_cf_secp160k1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAlxTBO50KwFwWKPtk1rutu68m+zI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp160k1_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEcVWIjtPZn1cHckclpn5jKDCphQUVHxFN5tSeFG9wsJZT +EvqPyLS64w== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp160k1:ALICE_cf_secp160k1_PUB + +PrivateKey=BOB_cf_secp160k1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAkEHDAaAgEBBBUAdrPkoNkRVUloiuwzruQszSUuwpY= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp160k1_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAESGN41cAj8Fg4pAJM7FUKHiawbCR0b9unMpZWxqOKeW1/ +bxT/CqEkyw== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp160k1:BOB_cf_secp160k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp160k1 +PeerKey=BOB_cf_secp160k1_PUB +SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp160k1 +PeerKey=ALICE_cf_secp160k1_PUB +SharedSecret=b738a0bf17f3271a9a155bfdfe2f0f1d51494d42 + +Title=secp160r1 curve tests + +PrivateKey=ALICE_cf_secp160r1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUAR6m1+jIBuJnSKx9fHmyAYhsnYe8= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp160r1_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEO78GZuBaCfJjHK97c9N21z+4mm37b5x7/Hr3Xc4pUbtb +OoNj/A+W9w== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp160r1:ALICE_cf_secp160r1_PUB + +PrivateKey=BOB_cf_secp160r1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAgEHDAaAgEBBBUATqvd54Jj7TbnrLAd2dMYCpExLws= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp160r1_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEBKDbBSPTwmb00MFvMtJMxQ2YDmcPOZHE8YbVr5hp8s5J +Jwy17FaNNg== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp160r1:BOB_cf_secp160r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp160r1 +PeerKey=BOB_cf_secp160r1_PUB +SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp160r1 +PeerKey=ALICE_cf_secp160r1_PUB +SharedSecret=1912ea7b9bb1de5b8d3cef83e7a6e7a917816541 + +Title=secp160r2 curve tests + +PrivateKey=ALICE_cf_secp160r2 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUA3IsVg4R4paXaPATDHvzfnvM+vjQ= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp160r2_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAE4V+25YCpVkKF6NF/UPc1SYxohYWcf3qT3JDoPRhnm/rj +mSqCCA6gUw== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp160r2:ALICE_cf_secp160r2_PUB + +PrivateKey=BOB_cf_secp160r2 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAB4EHDAaAgEBBBUAYT/5C7UpD17DnZm4ObswmGFMI1Q= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp160r2_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEB7YVzBmzhnIdouvN/nb8VMXCqO8dkhmebyVzoD0oAzuH +nN+SfWr6aQ== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp160r2:BOB_cf_secp160r2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp160r2 +PeerKey=BOB_cf_secp160r2_PUB +SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp160r2 +PeerKey=ALICE_cf_secp160r2_PUB +SharedSecret=ccb9cae5c9487ff60c487bd1b39a62eb4680e9b6 + +Title=secp192k1 curve tests + +PrivateKey=ALICE_cf_secp192k1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBikVZrCZQB7ZtkhNfQYpjKHZ9KxXgooJ90= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp192k1_PUB +-----BEGIN PUBLIC KEY----- +MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEyV4EzMZglBXtYdn38hNTrCGflAsJprMkxkOlw58chZ25 +6EAu7gVvYDTpnRkymKyH +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp192k1:ALICE_cf_secp192k1_PUB + +PrivateKey=BOB_cf_secp192k1 +-----BEGIN PRIVATE KEY----- +MDYCAQAwEAYHKoZIzj0CAQYFK4EEAB8EHzAdAgEBBBiJQ/PunKGk9QPUyqIBGMgHKKg+yxJr5io= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp192k1_PUB +-----BEGIN PUBLIC KEY----- +MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAE990Tnmh9QQQHVHuLpfrAsgjvB9R2MJXzhBZN1WvtxLqF +OZ2oFMP0Kfcr7HbI7a5j +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp192k1:BOB_cf_secp192k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp192k1 +PeerKey=BOB_cf_secp192k1_PUB +SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp192k1 +PeerKey=ALICE_cf_secp192k1_PUB +SharedSecret=a46a6bfb279d4dc30cffac585d1fbec905dbe46aca5e3c9d + +Title=secp224k1 curve tests + +PrivateKey=ALICE_cf_secp224k1 +-----BEGIN PRIVATE KEY----- +MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AZPk3TzxGhX7TljBBhJDLBfulAMp6Bh3W +w40Qyg== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp224k1_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACADOgAE4o7LGdJDixqJZ5imnqaX4IeE55NG4W0HEe72LVC7pmn2 +e3m7uC92ZQhduF9lJli4dXD5en/1wkE= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp224k1:ALICE_cf_secp224k1_PUB + +PrivateKey=BOB_cf_secp224k1 +-----BEGIN PRIVATE KEY----- +MDsCAQAwEAYHKoZIzj0CAQYFK4EEACAEJDAiAgEBBB0AdQ02GguRy3yHOjLkpoWb27QA/L1abfWe +q2xUfA== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp224k1_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACADOgAEzp00m0DaADn1mGiDCT7K1LZnoj/vCxHPowUDC9yQd17K +KpJM5sGILrTkkgxqtt5pBeYE1NC1QUQ= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp224k1:BOB_cf_secp224k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp224k1 +PeerKey=BOB_cf_secp224k1_PUB +SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp224k1 +PeerKey=ALICE_cf_secp224k1_PUB +SharedSecret=6f7b9d16c9c1d3a5c84b6028f2a4fed9ae8e02455e678a27243bcc48 + +Title=secp224r1 curve tests + +PrivateKey=ALICE_cf_secp224r1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBzeo7Y0HMfrIqKNm3r997jcfVAa4osa0AR2 +JA28 +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp224r1_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAExZc6o84XjBGLOosGj2t0QctgiyzF3NcVgy+DeW7stkVs +yS2tRzMPBpwnApRzoRsdJR99sb3eM2s= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp224r1:ALICE_cf_secp224r1_PUB + +PrivateKey=BOB_cf_secp224r1 +-----BEGIN PRIVATE KEY----- +MDoCAQAwEAYHKoZIzj0CAQYFK4EEACEEIzAhAgEBBBy2LsqxHhdlSiAmMYKQAEmjJWT22T42GYKo +ZvXM +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp224r1_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFK4EEACEDOgAE71Eh6hwTKUrmyl2PdkY787GwxiohIcaqB4eK2Mwg6tU4 +LeJHWcgY18CgPKCaeldUgnkMcJzKj20= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp224r1:BOB_cf_secp224r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp224r1 +PeerKey=BOB_cf_secp224r1_PUB +SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp224r1 +PeerKey=ALICE_cf_secp224r1_PUB +SharedSecret=29d8b75934d74d5153bbb94e0370437c63ecc30bf3d2800ed1cb7eb5 + +Title=secp256k1 curve tests + +PrivateKey=ALICE_cf_secp256k1 +-----BEGIN PRIVATE KEY----- +MD4CAQAwEAYHKoZIzj0CAQYFK4EEAAoEJzAlAgEBBCDV8jMZ/aJfiMEkW7HsYqbT57Y7vmvm5KN/ +QEXqsNCSpw== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp256k1_PUB +-----BEGIN PUBLIC KEY----- +MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAElytZZZHc9CelGzZkNGpzY2CHQ+3z6tUnfsQxUmtiZnUg +7oKfQC5BV8pZ5WYNPWnbT0RRg5kyBtzry9oQIhO5Lw== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp256k1:ALICE_cf_secp256k1_PUB + +PrivateKey=BOB_cf_secp256k1 +-----BEGIN PRIVATE KEY----- +MD4CAQAwEAYHKoZIzj0CAQYFK4EEAAoEJzAlAgEBBCBh7awFyPey/w4pKBycpAlhvT4DlLQsi1TT +BxJPHrAjrA== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp256k1_PUB +-----BEGIN PUBLIC KEY----- +MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE2BQeSJOa7kJAQsAPUbLseHjHhMe3tUOAl3bqoDqtrfO+ +2m2MP/IC/R9Kof2nmaiQ6DostdbS8kB+CnnprK375w== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp256k1:BOB_cf_secp256k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp256k1 +PeerKey=BOB_cf_secp256k1_PUB +SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp256k1 +PeerKey=ALICE_cf_secp256k1_PUB +SharedSecret=a4745cc4d19cabb9e5cb0abdd5c604cab2846a4638ad844ed9175f3cadda2da1 + +Title=secp384r1 curve tests + +PrivateKey=ALICE_cf_secp384r1 +-----BEGIN PRIVATE KEY----- +ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAp1ErG6wVjuJs90qVbUBxNpQK1wtV4ieX1 +bIU/4HssZK6WjOOTyYguyEBCOf/rUnw= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp384r1_PUB +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEx5rt+yujIuPoIXpHGmExKSi/P+58sGYoqgdpdOJUXzn2 +Rc4alCpSxVJeC55xvwaFHc3pzNyRGwnhPmN6oU/KMP6XjBvR4wq35mr/Sym5s0B2blAzkJU37idq +nTi3xGHx +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp384r1:ALICE_cf_secp384r1_PUB + +PrivateKey=BOB_cf_secp384r1 +-----BEGIN PRIVATE KEY----- +ME4CAQAwEAYHKoZIzj0CAQYFK4EEACIENzA1AgEBBDAUjVgPpiI+xXye0nfRhc8+12hLdWY4fpsO +Jq2MCp+W85xJwtXsEPrHj1XFnKVpM4c= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp384r1_PUB +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+JUBXRSHixH0TrcvYvIzep7+/WNpEhWdCPsLMygigW5j +pzP30MF41GnQYgfJu5wI/gu1C/jFTv1X6Dgmla3JxBYlPeD+1L0lEMT3evmHKMM/BFe3WKBuXyhP +ilrNtfee +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp384r1:BOB_cf_secp384r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp384r1 +PeerKey=BOB_cf_secp384r1_PUB +SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp384r1 +PeerKey=ALICE_cf_secp384r1_PUB +SharedSecret=b3cfe488126e2731fb7c19f82e94fcc05e1dd303649a9257e858030b795c2d344a054b0c44a24fd7f5821f531a9b8cfb + +Title=secp521r1 curve tests + +PrivateKey=ALICE_cf_secp521r1 +-----BEGIN PRIVATE KEY----- +MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIBsYIcUKeN2evB626LCdYWH/xzUiEDCdRP +rEENsC8//dowKnOCtlLtawh0DXTIZ/HhpUREuaoffdsmYb6+Oq1TRjc= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_secp521r1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBufYxJf/4Ds6g7LlFRVS62ljm3xApV2T79hfWH8Lv +iroIaCFjLBIfOVDF8jvj2PO1ar3yCLiSA2RiLZz1Y+tv/tcATHE0nS7l3SfGiGmEnVycEnhgqlKM +UM3kpdd7eNkQn5/GO8KAPQqA/sOnvTavg5S01t0ub+PY/w0Y6oBgthaUAW0= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_secp521r1:ALICE_cf_secp521r1_PUB + +PrivateKey=BOB_cf_secp521r1 +-----BEGIN PRIVATE KEY----- +MGACAQAwEAYHKoZIzj0CAQYFK4EEACMESTBHAgEBBEIB+3/adZnNwr6GFUzZpi8So7pC/5FYQ0+0 +lMmoUjGvy8DNADcHaPpW68hX/M+z7LrK0Jpnonb9JSEXlgjOPVe4Ea8= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_secp521r1_PUB +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBLq2fjyCalnvr24tjaz87ijIWlLMoCH7Hmyq1t2l8 +PFbyBIZbngDC0gwFM5ZI582QSWlW79G3clJP9VxlJOsms50BYBYgd6o2JF4w8AnShVXxFSJU1py4 +klCDNhTFybRHFXpujfuUeNnFxAGIUb4edJ0fAqqc7kkERhYe8EPEZYMKp3Q= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_secp521r1:BOB_cf_secp521r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_secp521r1 +PeerKey=BOB_cf_secp521r1_PUB +SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 + +# ECDH Bob with Alice peer +Derive=BOB_cf_secp521r1 +PeerKey=ALICE_cf_secp521r1_PUB +SharedSecret=01dd4aa9037bb4ad298b420998dcd32b3a9af1cda8b7919e372aeb4e54ccfb4d2409a340ed896bfbc5dd462f8d96b8784bc17b29db3ca04700e6ec752f9bec777695 + +Title=sect113r1 curve tests + +PrivateKey=ALICE_cf_sect113r1 +-----BEGIN PRIVATE KEY----- +MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8ALw9CgsuNBkkhhUHE8bQ= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect113r1_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEASO9jcamlg1pRE7JffrTAe9kyRZO2xrymHXoGdnA +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect113r1:ALICE_cf_sect113r1_PUB + +PrivateKey=BOB_cf_sect113r1 +-----BEGIN PRIVATE KEY----- +MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAQEFjAUAgEBBA8A/9qbs8sTFNkjS9/4CuM= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect113r1_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEATykaf/cvJzLOUto1EbbAEz/3++nut6q0dcJOQeV +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect113r1:BOB_cf_sect113r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect113r1 +PeerKey=BOB_cf_sect113r1_PUB +SharedSecret=01ed16f1948dcb368a54004237842d + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect113r1 +PeerKey=ALICE_cf_sect113r1_PUB +SharedSecret=01ed16f1948dcb368a54004237842d + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect113r1 +PeerKey=BOB_cf_sect113r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=012e5f3e348c2a8a88d9590a639219 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect113r1 +PeerKey=ALICE_cf_sect113r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=012e5f3e348c2a8a88d9590a639219 + +PublicKey=MALICE_cf_sect113r1_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect113r1 +PeerKey=MALICE_cf_sect113r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect113r1 +PeerKey=MALICE_cf_sect113r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect113r2 curve tests + +PrivateKey=ALICE_cf_sect113r2 +-----BEGIN PRIVATE KEY----- +MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8AvovirHrqTxoKJ3l+7y0= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect113r2_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAFvQ4JgQTS8kjGeVfuITAS81qNcOQvt3PYa1HuCk +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect113r2:ALICE_cf_sect113r2_PUB + +PrivateKey=BOB_cf_sect113r2 +-----BEGIN PRIVATE KEY----- +MC0CAQAwEAYHKoZIzj0CAQYFK4EEAAUEFjAUAgEBBA8ArUjgvp/goxRYb4WuQ80= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect113r2_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAUoS3of8y28meYu/NoI5AVdhJZCuDjMqFHTriWY4 +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect113r2:BOB_cf_sect113r2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect113r2 +PeerKey=BOB_cf_sect113r2_PUB +SharedSecret=0057a287ba1ea05cb4735e673647e1 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect113r2 +PeerKey=ALICE_cf_sect113r2_PUB +SharedSecret=0057a287ba1ea05cb4735e673647e1 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect113r2 +PeerKey=BOB_cf_sect113r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00fec2454e46732aca42b22b6d4f13 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect113r2 +PeerKey=ALICE_cf_sect113r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00fec2454e46732aca42b22b6d4f13 + +PublicKey=MALICE_cf_sect113r2_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAAAAAAAAAAAAAAAAAAAAAR3dbPHrhFekzJ7Azskr +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect113r2 +PeerKey=MALICE_cf_sect113r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect113r2 +PeerKey=MALICE_cf_sect113r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect131r1 curve tests + +PrivateKey=ALICE_cf_sect131r1 +-----BEGIN PRIVATE KEY----- +MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEA5C6zHMQM7pXPZ6cJz72Niw== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect131r1_PUB +-----BEGIN PUBLIC KEY----- +MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEBXCuXD6wOOif91GUlJNKXf8FBNw8crgqi5aEJEZbCdBJ +Ag== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect131r1:ALICE_cf_sect131r1_PUB + +PrivateKey=BOB_cf_sect131r1 +-----BEGIN PRIVATE KEY----- +MC8CAQAwEAYHKoZIzj0CAQYFK4EEABYEGDAWAgEBBBEDYZmjiokBJ/SnTv8sskBR3A== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect131r1_PUB +-----BEGIN PUBLIC KEY----- +MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEB8vGy3OQXwWKcJUSSJbCtpMBjFgJeZxzAaI420+B1B+1 +5A== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect131r1:BOB_cf_sect131r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect131r1 +PeerKey=BOB_cf_sect131r1_PUB +SharedSecret=05346248f77f81fff50cc656e119976871 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect131r1 +PeerKey=ALICE_cf_sect131r1_PUB +SharedSecret=05346248f77f81fff50cc656e119976871 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect131r1 +PeerKey=BOB_cf_sect131r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01f151ae26efa507acc2597356baf7e8ab + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect131r1 +PeerKey=ALICE_cf_sect131r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01f151ae26efa507acc2597356baf7e8ab + +PublicKey=MALICE_cf_sect131r1_PUB +-----BEGIN PUBLIC KEY----- +MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEAAAAAAAAAAAAAAAAAAAAAAABfiJEFG0vRzEGxk2BxjmK +zw== +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect131r1 +PeerKey=MALICE_cf_sect131r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect131r1 +PeerKey=MALICE_cf_sect131r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect131r2 curve tests + +PrivateKey=ALICE_cf_sect131r2 +-----BEGIN PRIVATE KEY----- +MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnZRUKAQetk5kyUwhIaAyxg== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect131r2_PUB +-----BEGIN PUBLIC KEY----- +MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEA5+Y20L8q989I4jnKknZ7hcGlQ6RUIGni9RahT88kB/d +dw== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect131r2:ALICE_cf_sect131r2_PUB + +PrivateKey=BOB_cf_sect131r2 +-----BEGIN PRIVATE KEY----- +MC8CAQAwEAYHKoZIzj0CAQYFK4EEABcEGDAWAgEBBBEBnafx9vcMeoCqj/1YNuflzw== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect131r2_PUB +-----BEGIN PUBLIC KEY----- +MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEB2G2uNkhQNjjl0/Ov6UYpxoFaWNXO+qy7poV6cdrFN7z +pA== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect131r2:BOB_cf_sect131r2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect131r2 +PeerKey=BOB_cf_sect131r2_PUB +SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect131r2 +PeerKey=ALICE_cf_sect131r2_PUB +SharedSecret=058d8a8be33068ed8c1dc9f551ef2c3f3c + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect131r2 +PeerKey=BOB_cf_sect131r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect131r2 +PeerKey=ALICE_cf_sect131r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=037b16d85f27c2c878ef96c79a536f89a5 + +PublicKey=MALICE_cf_sect131r2_PUB +-----BEGIN PUBLIC KEY----- +MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEAAAAAAAAAAAAAAAAAAAAAAAGG5fiIbgziwBZHVzTYqCY +1w== +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect131r2 +PeerKey=MALICE_cf_sect131r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect131r2 +PeerKey=MALICE_cf_sect131r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect163k1 curve tests + +PrivateKey=ALICE_cf_sect163k1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUB905PYfmej8LzbzX6Bg51GJzXQjQ= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect163k1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBfvs5A1hD8YySP9O2ub8GEUfotVuBpfRx4GIHdAfx8wV +1UVeTRnyAlWU +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect163k1:ALICE_cf_sect163k1_PUB + +PrivateKey=BOB_cf_sect163k1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAEEHDAaAgEBBBUCHPtCjJ4/K8ylQBcLlb5VE0bkaUE= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect163k1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEBvgfX1mTRlt6Z4TE1D1MNWo4loH4AoeYa6oowK104LKk +nsdg7isQ8XBD +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect163k1:BOB_cf_sect163k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect163k1 +PeerKey=BOB_cf_sect163k1_PUB +SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect163k1 +PeerKey=ALICE_cf_sect163k1_PUB +SharedSecret=04d0e40788c5ce5220818055277cae53eac55c1e6b + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect163k1 +PeerKey=BOB_cf_sect163k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect163k1 +PeerKey=ALICE_cf_sect163k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=04c902a91110244d89110034dd2b099c49cbab6c77 + +PublicKey=MALICE_cf_sect163k1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAEDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAB +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect163k1 +PeerKey=MALICE_cf_sect163k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect163k1 +PeerKey=MALICE_cf_sect163k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect163r1 curve tests + +PrivateKey=ALICE_cf_sect163r1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAlbn4x1UGJnAimsXufB/UvUaxU5U= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect163r1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA0f195HCcD4D+7wWyl3QuPkRovG/ATy5l7fpMl4BNIg/ +sbtEXluCzANF +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect163r1:ALICE_cf_sect163r1_PUB + +PrivateKey=BOB_cf_sect163r1 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAAIEHDAaAgEBBBUAoStq6Fjb7nB2PNL6WrzKKqhCGdE= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect163r1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAul/oBKr9B5MsPHWGF+q07j0JC+WAxj1JzfcIXR98n+r +9FHWU5LC5pDM +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect163r1:BOB_cf_sect163r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect163r1 +PeerKey=BOB_cf_sect163r1_PUB +SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect163r1 +PeerKey=ALICE_cf_sect163r1_PUB +SharedSecret=06135eef489fe613c0d8bd522a2a640ff7ae6fb73d + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect163r1 +PeerKey=BOB_cf_sect163r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect163r1 +PeerKey=ALICE_cf_sect163r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0580f5e8efb242a19ae1023acbcab8702c799751e7 + +PublicKey=MALICE_cf_sect163r1_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkXolVuGFa8fqmk +cs0Bv7iJuVg1 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect163r1 +PeerKey=MALICE_cf_sect163r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect163r1 +PeerKey=MALICE_cf_sect163r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect163r2 curve tests + +PrivateKey=ALICE_cf_sect163r2 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBjCs/M3N31jsAueYrOq21vdETwAI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect163r2_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBd8Z1/HpA+89hF4I98EST3svWns3BAEbhWmL/fgxk2uu +YwVrmqhgqH/C +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect163r2:ALICE_cf_sect163r2_PUB + +PrivateKey=BOB_cf_sect163r2 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFK4EEAA8EHDAaAgEBBBUBsiouT9Df+mwHWrpPg1JSrY9nqlI= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect163r2_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEBULqBZ+nhLhDEMYY8NEEzZ126MdxAcFXWv8zmPEH9505 +8vT5zU3aq6HV +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect163r2:BOB_cf_sect163r2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect163r2 +PeerKey=BOB_cf_sect163r2_PUB +SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect163r2 +PeerKey=ALICE_cf_sect163r2_PUB +SharedSecret=019f829a53c4e6544bdec1395a23082169efaf369d + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect163r2 +PeerKey=BOB_cf_sect163r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect163r2 +PeerKey=ALICE_cf_sect163r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=048870d39235ecbc16a000ee478833509b9318a53f + +PublicKey=MALICE_cf_sect163r2_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFK4EEAA8DLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsJbhbrfiSdZPSHD +ZtqJwDlp802l +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect163r2 +PeerKey=MALICE_cf_sect163r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect163r2 +PeerKey=MALICE_cf_sect163r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect193r1 curve tests + +PrivateKey=ALICE_cf_sect193r1 +-----BEGIN PRIVATE KEY----- +MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkACmcvidKWLtPFB2xqg76F8VhM1Njzrkgo +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect193r1_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAeqP0VQobenduwtf4MPmlYQVDjUmxKq50QFHnaBfzwXY +1TYShZZgBr0R6a5dUGCbiF0= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect193r1:ALICE_cf_sect193r1_PUB + +PrivateKey=BOB_cf_sect193r1 +-----BEGIN PRIVATE KEY----- +MDcCAQAwEAYHKoZIzj0CAQYFK4EEABgEIDAeAgEBBBkAKlSknQ66vpuLjC1mbQyfHOTdJ5Kw5jMh +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect193r1_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAaFZVIeqfV9wbPydaBSJKSWJjVyFVSB/QQB5rHonYQmK +f40zok8PJS6ratIcZwk/n20= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect193r1:BOB_cf_sect193r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect193r1 +PeerKey=BOB_cf_sect193r1_PUB +SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect193r1 +PeerKey=ALICE_cf_sect193r1_PUB +SharedSecret=012b8849991814f8c7ed9d40cf9dc204c3a83e0b10675543a5 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect193r1 +PeerKey=BOB_cf_sect193r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect193r1 +PeerKey=ALICE_cf_sect193r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0110180a18844859c52f6f012909522a2d87b5ab143bc80a55 + +PublicKey=MALICE_cf_sect193r1_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHeX7PX3e5n +zROUg6/STkLp1D+L51L9+wY= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect193r1 +PeerKey=MALICE_cf_sect193r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect193r1 +PeerKey=MALICE_cf_sect193r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect193r2 curve tests + +PrivateKey=ALICE_cf_sect193r2 +-----BEGIN PRIVATE KEY----- +MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAhjkv8lXK/nPp3Qc4IwL/29JUKWi2VBMp +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect193r2_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAIn7oSu3adu4ChNXniHKkMIv9gT24rpzzwAeCTDPIkUT +kJ+Tit6e4RpgkB/dph4V+uI= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect193r2:ALICE_cf_sect193r2_PUB + +PrivateKey=BOB_cf_sect193r2 +-----BEGIN PRIVATE KEY----- +MDcCAQAwEAYHKoZIzj0CAQYFK4EEABkEIDAeAgEBBBkAwGkR3qSQdfh7Q6KbJ4lH5FShGsX8o/jD +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect193r2_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAFdSLKI0tlwZDpkndutOLsnHii1aJO8snwEJ0m/AZgMp +xiDevOQ/xE9SpMX25W7YqkU= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect193r2:BOB_cf_sect193r2_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect193r2 +PeerKey=BOB_cf_sect193r2_PUB +SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect193r2 +PeerKey=ALICE_cf_sect193r2_PUB +SharedSecret=01e2f66a63c24c1de8a399c484228a5ad5b6d911c6e5e83ae3 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect193r2 +PeerKey=BOB_cf_sect193r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect193r2 +PeerKey=ALICE_cf_sect193r2_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00bc82d393bd74406683aea003977a86a109f444a833652e43 + +PublicKey=MALICE_cf_sect193r2_PUB +-----BEGIN PUBLIC KEY----- +MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfdLEkrvsO +Y7+6QpEvOay9A4MJCUZfZmI= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect193r2 +PeerKey=MALICE_cf_sect193r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect193r2 +PeerKey=MALICE_cf_sect193r2_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect233k1 curve tests + +PrivateKey=ALICE_cf_sect233k1 +-----BEGIN PRIVATE KEY----- +MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB0z/3heNFjJL+2sAT/38yRsN3kt2iXz7u+y +Gua8Kw== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect233k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEALQyn0zJmOrHm4S2EIjxRe899PadBnfpYjLKWGvpAIzf +MEG861Nv1IYJkmkO1xlfNHeeRtqFgsQVFKZh +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect233k1:ALICE_cf_sect233k1_PUB + +PrivateKey=BOB_cf_sect233k1 +-----BEGIN PRIVATE KEY----- +MDsCAQAwEAYHKoZIzj0CAQYFK4EEABoEJDAiAgEBBB1I0ucrC4d9i6Z+0cbar5r7uKpF5iiQkSJA +DFMTUA== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect233k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAatdqazxSghJ568CBFyMXhEvVeAiLewOY/jk9H5DAOB4 +ufNGbdd131KLaKPivB38a6n5Y+2BVSJangow +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect233k1:BOB_cf_sect233k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect233k1 +PeerKey=BOB_cf_sect233k1_PUB +SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect233k1 +PeerKey=ALICE_cf_sect233k1_PUB +SharedSecret=012145026e8de65973c154e085456fc5539ba9e25663e7f5816abfcab310 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect233k1 +PeerKey=BOB_cf_sect233k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect233k1 +PeerKey=ALICE_cf_sect233k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00ff7d6c6b80f39d2ae68fbd00adbcd75fa599ed0bc1aac0e3f49c1c164d + +PublicKey=MALICE_cf_sect233k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect233k1 +PeerKey=MALICE_cf_sect233k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect233k1 +PeerKey=MALICE_cf_sect233k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect233r1 curve tests + +PrivateKey=ALICE_cf_sect233r1 +-----BEGIN PRIVATE KEY----- +MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ATcy7zVpIsJ9rl5EIDmzRz5wxjrDIQyDm +HP3Pt8Y= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect233r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAQMQHiJ44LiCnZkEg1zyww1h+idTbsw8E07P33WUAUfD +NeQ4hWEhTXPnytIbEhFKpnd3j/FbyZnJqxh8 +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect233r1:ALICE_cf_sect233r1_PUB + +PrivateKey=BOB_cf_sect233r1 +-----BEGIN PRIVATE KEY----- +MDwCAQAwEAYHKoZIzj0CAQYFK4EEABsEJTAjAgEBBB4ALpOlFn4OfiIAkRAZGOsn7L6W3XoQBSV8 +mQVC2pw= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect233r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAJQw+NWqFJXYw4dVMovzvw76OYnYOTaDaEPNW8ECAQbl +TzzbBSTp5iqM13mP0/Bo4OO66NS3lA9e/GTO +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect233r1:BOB_cf_sect233r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect233r1 +PeerKey=BOB_cf_sect233r1_PUB +SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect233r1 +PeerKey=ALICE_cf_sect233r1_PUB +SharedSecret=00209d2995a63f1e8b7a5c33dee5abb602e32e1835ae8bb57eb264d8d795 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect233r1 +PeerKey=BOB_cf_sect233r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect233r1 +PeerKey=ALICE_cf_sect233r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00c3cd1d38a65f5e421399409a76cec1136bc84149f054a7f55e7980c612 + +PublicKey=MALICE_cf_sect233r1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEABsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 +Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect233r1 +PeerKey=MALICE_cf_sect233r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect233r1 +PeerKey=MALICE_cf_sect233r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect239k1 curve tests + +PrivateKey=ALICE_cf_sect239k1 +-----BEGIN PRIVATE KEY----- +MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4G4nbQDUtTnkrPOvDGIlhH9XdjirUSbTI5 +5z6lf7o= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect239k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEf5paOMjzcnpVAPMQnIkikE4K2jne3ubX2TD1P3aedknF +lUr6tOU4BsiUQJACF90rQ9/KdeR5mYvYHzvI +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect239k1:ALICE_cf_sect239k1_PUB + +PrivateKey=BOB_cf_sect239k1 +-----BEGIN PRIVATE KEY----- +MDwCAQAwEAYHKoZIzj0CAQYFK4EEAAMEJTAjAgEBBB4e0F0NpepAF+iNrEtoZeo4TrQFspkUNLcx +Ly4Klfg= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect239k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEKnjJ4RHe+EiElXMrF4ou7VGy1pn0ZiO17FouF31Zbvjc +TcbhfE6ziXM8sekQJBwcwRKQ9+G/Qzq/2A9x +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect239k1:BOB_cf_sect239k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect239k1 +PeerKey=BOB_cf_sect239k1_PUB +SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect239k1 +PeerKey=ALICE_cf_sect239k1_PUB +SharedSecret=0ef54c7b7dbf55d4278e7a6924dc4833c63ec708e820d501cacdfb4935d5 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect239k1 +PeerKey=BOB_cf_sect239k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect239k1 +PeerKey=ALICE_cf_sect239k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=592e4b33ac99624fe7f2f879cf52f12a70f189c5d90785db26a12e0a46c0 + +PublicKey=MALICE_cf_sect239k1_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect239k1 +PeerKey=MALICE_cf_sect239k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect239k1 +PeerKey=MALICE_cf_sect239k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect283k1 curve tests + +PrivateKey=ALICE_cf_sect283k1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQAY1Mi9rST7PiP1t03qYRczV/kSZ+VjQu8 +5EFCgxyvkaLManw= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEBMjBO8WoxHS/vz8po52WZGxS+RK5yolrUe6tfbAMA3Sd +5/JjBDVjOz95vM4gUnqzUWHN5nKBQtj6HiU9Q/R+zqg98OiQKTyA +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect283k1:ALICE_cf_sect283k1_PUB + +PrivateKey=BOB_cf_sect283k1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEAYHKoZIzj0CAQYFK4EEABAEKzApAgEBBCQBCZC8Is+YSjgXJBBDioEl6gu14QpGHllD +1J6957vBTPSQdH0= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAGEQKZVHYAlvtjHrFyZVm12qUb5j+T5/WNoC962+kwUM +QkBYA5BpuG8Knlugq1iB31whPAgRCZfdLKHpHRPJSfXvKyUIdeUm +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect283k1:BOB_cf_sect283k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect283k1 +PeerKey=BOB_cf_sect283k1_PUB +SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect283k1 +PeerKey=ALICE_cf_sect283k1_PUB +SharedSecret=03f67c88bdc230b43773d17fdb4d0a980556d074ceccee726932160e4ed965e3be72803c + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect283k1 +PeerKey=BOB_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect283k1 +PeerKey=ALICE_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0677ba01c84d139609ca145cb5b6079fc9ca67f59c9c913e47cad1073f1d1dfaddde0169 + +PublicKey=MALICE_cf_sect283k1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABADSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect283k1 +PeerKey=MALICE_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect283k1 +PeerKey=MALICE_cf_sect283k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect283r1 curve tests + +PrivateKey=ALICE_cf_sect283r1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQCQ5pqKvPxDysd1pi2Bv8Z11cFhsRZfuaf +4Pi0hpGr4ubZcHE= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect283r1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBcsrGDgO7pbGybQX/00gRHtQq3+X9XrGb7Uzv9Nabwc/ +kntnBMF0I2KU+aaTjQx1GVtmNf7CvFwPLEBnfKjJAjekjsGyIqoq +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect283r1:ALICE_cf_sect283r1_PUB + +PrivateKey=BOB_cf_sect283r1 +-----BEGIN PRIVATE KEY----- +MEICAQAwEAYHKoZIzj0CAQYFK4EEABEEKzApAgEBBCQDxItnY3cDCrX/jGnVuAKDPaySZCr3E83Q +UdFnP6YIykt7+Pg= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect283r1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEBJ2C9BCkX0YRfs2ufgUKvreUXFWp2AGK+iHlZB4N3LqO +PKpmAkrAeCMty6mw2mEnOR5HA1d4Ee+z7/NJgJJ80Ra9bFnreOW3 +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect283r1:BOB_cf_sect283r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect283r1 +PeerKey=BOB_cf_sect283r1_PUB +SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect283r1 +PeerKey=ALICE_cf_sect283r1_PUB +SharedSecret=0424259cf09727574fb863cab7c27d8fe3835e96433110a45a951f94347fc81939ec4773 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect283r1 +PeerKey=BOB_cf_sect283r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect283r1 +PeerKey=ALICE_cf_sect283r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01c2a542654ce85b17456ed75b6bca6b6eb761580913670debc426a3525f236df0e875c8 + +PublicKey=MALICE_cf_sect283r1_PUB +-----BEGIN PUBLIC KEY----- +MF4wEAYHKoZIzj0CAQYFK4EEABEDSgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAByvMnFeSsevoGYMIn7b4NaL9IgowRCTKF8CCrhdEKu3pubP2 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect283r1 +PeerKey=MALICE_cf_sect283r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect283r1 +PeerKey=MALICE_cf_sect283r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect409k1 curve tests + +PrivateKey=ALICE_cf_sect409k1 +-----BEGIN PRIVATE KEY----- +MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMOthcLahkXFgM0wjOzm767D1A72sFRGlhb +bVH+EB7z2WpIcPX4OD+M4Y1pf/a7wSaoSAo= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect409k1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAbiYYpeFgCMsZFMzQaiwMJDrC+mCMT7KmhYtD5EMMgLW +5OvhaqYdpRf49A8LOtVcRT7J5gGcMrXQgmQeS3FenA5owWnB2NIgrTNf5d8AAEtrOupsJ4c3kL6e +aAzayZ1+UCEj8skbC9U= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect409k1:ALICE_cf_sect409k1_PUB + +PrivateKey=BOB_cf_sect409k1 +-----BEGIN PRIVATE KEY----- +MFECAQAwEAYHKoZIzj0CAQYFK4EEACQEOjA4AgEBBDMO43ldQllTewdZwffH4OEXdzBrLwabKsn4 +6/hjgIAaYda/pt4yCEQLMp18QgtfMey5ENI= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect409k1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAVTQj6hRizVmOx4Z6vroN/zMkmAY+QhkQ0CnFeJ0AydY +Fv+f+/420vMC1Mhqsc9VzPMmIAH6ZrgGKDsd4Ce9JUtYE0rVhGeiG2RaN1U5RlhVK4avkWhFlyQ5 +vuu4aApQiWE3yQd9v/I= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect409k1:BOB_cf_sect409k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect409k1 +PeerKey=BOB_cf_sect409k1_PUB +SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect409k1 +PeerKey=ALICE_cf_sect409k1_PUB +SharedSecret=01fbe13188588c9d1ac3a8a2680ea9a009b28e4b7d7fa4efcb1a22553876fb7973616819fd87c75e5b8ce6e3628595e4ce12edb0 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect409k1 +PeerKey=BOB_cf_sect409k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect409k1 +PeerKey=ALICE_cf_sect409k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=007e9485f7234bb2255bb40e51f4be867cb0ef31f8e489a697b31b51c4d5346daaee51e96ae6f9636e6e3af56095fe28755325ee + +PublicKey=MALICE_cf_sect409k1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACQDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAA= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect409k1 +PeerKey=MALICE_cf_sect409k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect409k1 +PeerKey=MALICE_cf_sect409k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect409r1 curve tests + +PrivateKey=ALICE_cf_sect409r1 +-----BEGIN PRIVATE KEY----- +MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQAxSC9lST5dtfXQI1Ug9VMMoue3GGni5ON ++gieyXK2KKbd29KAPs4/AOd8kX2wQDsZPO7E +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect409r1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEASAvXAM15DJerAu1JttpBuMJK1/fEfFohu2iEpt3r7Ui +iQoER6HUsWiw1hhcJyTv7WzpJQHFWrOlJMe/KjmQa/CygSc65YHDzG27oUL+KGdQUGc79ZRSwl/q +fGZqa3D+bDVMwrhmZto= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect409r1:ALICE_cf_sect409r1_PUB + +PrivateKey=BOB_cf_sect409r1 +-----BEGIN PRIVATE KEY----- +MFICAQAwEAYHKoZIzj0CAQYFK4EEACUEOzA5AgEBBDQARen+1P3JQzBgOv0pUYwsZTPRVLpqqDAU +7mKL2lk9eH7zSGmtNoMvP2m1S2dBnXxFY/bV +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect409r1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAbDUw066TtdfOpDvrlKosEyqUNEG7rY+AKvDqKw+HOzf +sUTYee6cEf71oqJ1sCKPQiYzlwCu/HLQeWPxISE6Uo+53kkeJml2xpMBwoE25Gq/DSS61dR7SRTZ ++sUmumbIuGzbrjtMRmw= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect409r1:BOB_cf_sect409r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect409r1 +PeerKey=BOB_cf_sect409r1_PUB +SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect409r1 +PeerKey=ALICE_cf_sect409r1_PUB +SharedSecret=00a751259cdb3b445ce71a40a01a2189dfce70226111190505fc6eabe4e5a05bff7af55f2015e1ffcab6aea7ea9a6e74905da2a1 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect409r1 +PeerKey=BOB_cf_sect409r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect409r1 +PeerKey=ALICE_cf_sect409r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=0115a31aed416c5089d74a263ec300aff13a5329c6ad27de950ae0b0917b40a3464fccf5691ac9633a51e5177a82b15cfc434aad + +PublicKey=MALICE_cf_sect409r1_PUB +-----BEGIN PUBLIC KEY----- +MH4wEAYHKoZIzj0CAQYFK4EEACUDagAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAACZNffkdo7i7yL5tKKfU8tdk6su0K185XwbJkn96JWVDPZXZ3My +bFKKSOJ7hyrM8Lwl1e8= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect409r1 +PeerKey=MALICE_cf_sect409r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect409r1 +PeerKey=MALICE_cf_sect409r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect571k1 curve tests + +PrivateKey=ALICE_cf_sect571k1 +-----BEGIN PRIVATE KEY----- +MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgB4agvk7Qdf9bVb9aMVdtXL0MuVw6dTleB +zrpPMYty/piI5GWkQEGVp4OJSjF1BGgWmtYSYlV0oI8jJ7hfWTjVGfVWix4ipb8= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect571k1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDUZq0ZrgYpTXNpOptjExaur0K9FAYHv1j9cvAptwX +dcmQf3VqekMkGZCfNdqNeqCajG3QHRkBHe4FZhWr3FXi8whvvr463lUDf+t46un1kE6FTYfhILGa +sBZm7OdfkarYd9TXBbmnkFA+XkyPlkM1+6daM3/WmnegK+TYghFDXLgwiyF8s0ElllF7z38Gmc4= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect571k1:ALICE_cf_sect571k1_PUB + +PrivateKey=BOB_cf_sect571k1 +-----BEGIN PRIVATE KEY----- +MGYCAQAwEAYHKoZIzj0CAQYFK4EEACYETzBNAgEBBEgA3pINxGOI7L9M+Mil+bm/udPwI4xu7ubJ +p3aoOepTXW94laf8wjFLcQnRUwH87Vbq9VLQEfCAFvr2vZoBc+5asnNuDhRNNeQ= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect571k1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQDZRr5GCSq2uzGxmWNB+bED7zye18Rr/KehwXrbn1r +rKtR8fe+dg2V15FieC3qZe/wCpMtyp79VmEabGi6iGLlAN/rUE81URsA/K7GVpmklslV5gmwryR0 +3E7jGKPFesun9iNtmpgM18P9y3aJd4Qr4hMlwW2Nyw187l6QB/W2e/i+8vKXFTLHlz5WLAyAcpA= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect571k1:BOB_cf_sect571k1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect571k1 +PeerKey=BOB_cf_sect571k1_PUB +SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect571k1 +PeerKey=ALICE_cf_sect571k1_PUB +SharedSecret=02b79c92cee50dc5b9fdddce36d4fa2e28d7d178cd74e575961f39429496305b38815c840c2e66327435c044ed885ec964068531251a2112717602532e8b6d5411db2fe05c1ac18c + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect571k1 +PeerKey=BOB_cf_sect571k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect571k1 +PeerKey=ALICE_cf_sect571k1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=063aea789492c9727a5a6b7f24e8d3d377c70ee8e86b13664e191a53b1905e90e78b85960b1881db5160c7c5cacca0d686d9e104140d565eeeec17426f93d3a7ba639ecd716b43d2 + +PublicKey=MALICE_cf_sect571k1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAmA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect571k1 +PeerKey=MALICE_cf_sect571k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect571k1 +PeerKey=MALICE_cf_sect571k1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=sect571r1 curve tests + +PrivateKey=ALICE_cf_sect571r1 +-----BEGIN PRIVATE KEY----- +MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAxfL2/gUsmJonvDMR95Azq1ySgXMlKSRk ++PL+WaS92ZyOo45HaC7RpH5sdkf4b948u6y1BXOxGZuORXy6lgbgZ1Zx2UgL3cI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_sect571r1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQBK5L9ccIWacU2A1srZ35opPu6kcbEOsBPmvj/rlMS +fFrdMOcagOYfcD0/ouYHPhvkHbr9k87IlQJfnV6ZNRA4PmWSp/FjkNwETm/fqTCUQHti/qqnKH7R +Ed4fYROLFGvz+PX6E20SryOt1vrmoRyC7Z5FVmgMVOQQ1AaBNAHi3+IPtKx41YdXdbqHJxuI5jE= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_sect571r1:ALICE_cf_sect571r1_PUB + +PrivateKey=BOB_cf_sect571r1 +-----BEGIN PRIVATE KEY----- +MGYCAQAwEAYHKoZIzj0CAQYFK4EEACcETzBNAgEBBEgAzcRvASPpWi0ybpOGlj0Lozz01C2a5oDA +G5alib1EmZKcpVULxJXn75FQlTKpkUEuWUgA4yk5X5DTiScUuh4LDhaF3AFhsEY= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_sect571r1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQH3dnL22NajtqDWTX6qD14w1BOlpHFBUPTr24VySlh +kiiBlOF95u7hFr/hSb7gm/3f+IVKyE18Sh2kR4KaxWcPWKY5xKTiqiICT7hCistuzNRt8gR+kNOT +c1rETMV6ZruZinwzEWWWjwJf6612oy2HG3CX3B8Rm+a3sS0q6IzowEwqmDv6v9bMTFk8bsCv0Fk= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_sect571r1:BOB_cf_sect571r1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_sect571r1 +PeerKey=BOB_cf_sect571r1_PUB +SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 + +# ECDH Bob with Alice peer +Derive=BOB_cf_sect571r1 +PeerKey=ALICE_cf_sect571r1_PUB +SharedSecret=0031f9879fa75b8c67ba81ee861be634e2b53aa79f834e9a8ca4df7f4461bcb02f083d9fa5b4767f881a710caa6524b58eb626623ba394961d46535204c26d165089e7d4f7be1827 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_sect571r1 +PeerKey=BOB_cf_sect571r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_sect571r1 +PeerKey=ALICE_cf_sect571r1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=012e8c2c1554988fe20c5ae7d11cdcfe15c7c6e8d2b6f46a43a45d724bfc7b415ea7594d5c16f770a95d6e65bbcb1f34619db95e89f4fecbcb0bc6a3f92d52df6a49b0e7773e0ac0 + +PublicKey=MALICE_cf_sect571r1_PUB +-----BEGIN PUBLIC KEY----- +MIGnMBAGByqGSM49AgEGBSuBBAAnA4GSAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMtVWZAwgtd1zmgWN/9WC +aNQcWRNUKesEHXqhJVkC5jYsSACodKsLYFNrWEYM0gwG8DQONZSn93G+38EM45tkaZsIRDt2HEM= +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_sect571r1 +PeerKey=MALICE_cf_sect571r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_sect571r1 +PeerKey=MALICE_cf_sect571r1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=wap-wsg-idm-ecid-wtls10 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls10 +-----BEGIN PRIVATE KEY----- +MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1zvDMHGgcytka5KvlvQvJzTA4l2ts2NzBp +SJiGyw== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAZkrhWBz/Q4GB8DY4Ia114ew6H7Eg7ri2uxwxd3rAZs5 +/ShvunNyndjCt3Qaq8sulBM0nUyERSDakyD+ +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls10:ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls10 +-----BEGIN PRIVATE KEY----- +MDsCAQAwEAYHKoZIzj0CAQYFZysBBAoEJDAiAgEBBB1SowkHU79PqokOfgllN53rNS8a3h1wFBY0 +dKPkQg== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAGavw4ChHCoWplAumMEBwJgJ2aYtw+utu4vhWnscAPIT +IJ4IiIGj18rCFBap1sgVbpXjhEBLYg6Itwv2 +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls10:BOB_cf_wap-wsg-idm-ecid-wtls10_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +SharedSecret=0194ef5d80fdfe9df366b2273b983c3dbd440faf76964fcfc06c509f289d + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls10_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01bedc5cdf63fbf18c3e2bc9765e12f7990c0c0c64f0267ae7c37b9f49f0 + +PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls10 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls10 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls10_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=wap-wsg-idm-ecid-wtls11 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls11 +-----BEGIN PRIVATE KEY----- +MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AkzS3zoqHNCLug/nwoYMQW3UigmZ9t56k +5jp+FiY= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEABttgKKYeGZRmcH/5UZR56lOSgbU4TH2AuIhvj88AL6H +zTCX9elzXpck+u22bnmkuvL2A8XKB5+fabMR +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls11:ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls11 +-----BEGIN PRIVATE KEY----- +MDwCAQAwEAYHKoZIzj0CAQYFZysBBAsEJTAjAgEBBB4AWU05mbqPxsB749llNON1//l0w8RJJ3z5 +h/kzfNM= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAL6Xj/KCmXAQAAo847t0bl0wqBrteWRg93OvIJsPAAOE +ehdIgJyruc3KsH0RFlipu5QD8pnGSIXvif19 +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls11:BOB_cf_wap-wsg-idm-ecid-wtls11_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +SharedSecret=01ac8a23ddeeafb4d3bb243fe409f2f9c8b1a3fc11d4690da583f2e21637 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls11_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=01b9992992572d3a59d424f8c9cc195576461ed6c1dadf6fb523717fab19 + +PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +-----BEGIN PUBLIC KEY----- +MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYf4 +Vie5eHTnR+4x4G1xyq7qUvISU+X5RtBh2pE4 +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls11 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls11 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls11_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=wap-wsg-idm-ecid-wtls12 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls12 +-----BEGIN PRIVATE KEY----- +MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBxwvll9Eb9mm2Xadq1evIi1zIK+6u0Nv8bP +LI9a +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAE0t0WqG/pFsiCt6agmebw3FCEWAzf9BpNLuzoCkPEe0Li +bqn5udrckL6s3stwCTVFaZUfY2qS9QE= +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls12:ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls12 +-----BEGIN PRIVATE KEY----- +MDoCAQAwEAYHKoZIzj0CAQYFZysBBAwEIzAhAgEBBBz+5P6gpqXxbeXvvaD5W9Ft69BTxcn7zc6q +K3Ax +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +-----BEGIN PUBLIC KEY----- +ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEvyxedqaWkoAOMjaV5W3/tJpheiHAR0zV6BlIeUuGP2mx ++xsOK9/QB7hzipq9cXx1K/dXu58EoSY= +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls12:BOB_cf_wap-wsg-idm-ecid-wtls12_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls12 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls12_PUB +SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls12 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB +SharedSecret=a3b3f20af8c33a0f5c246b4b9d9dda1cd40c294d1f53365d18a8b54b + +Title=wap-wsg-idm-ecid-wtls1 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls1 +-----BEGIN PRIVATE KEY----- +MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA5ZNASTt4/g6XPQwRiQ0Q== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEACBNPI48xxsPVQBy07jRAAcWzbIkMo8BQotxpfGJ +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls1:ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls1 +-----BEGIN PRIVATE KEY----- +MCwCAQAwEAYHKoZIzj0CAQYFZysBBAEEFTATAgEBBA6+0x9qk0NIKHSRvlTemQ== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAEeHMSBTx/EtOu+bjBinALHSkQuJyiP3mg1tu+I2 +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls1:BOB_cf_wap-wsg-idm-ecid-wtls1_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +SharedSecret=0040ba2fadc1da97c973e5e59ade31 + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +SharedSecret=0040ba2fadc1da97c973e5e59ade31 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=008919696215a89e03d6c4c9265d6b + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=008919696215a89e03d6c4c9265d6b + +PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls1 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls1 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls1_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=wap-wsg-idm-ecid-wtls3 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls3 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUDO2cHbqQBUxuJBl6UT9UrasuRVrI= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEBRIzvK9o7eO2NGmtPFV/zo9/1mlvBwjG7+e6hbPG1KdI +01f8oGBuXMQH +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls3:ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls3 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFZysBBAMEHDAaAgEBBBUAhZv9WZ00bDnU9MOaqEegP771nes= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAYOspjEbzyZw61jCtUrxARr+w66nBH+73QIvlaRVSG/4 +hlBUf5kmG4Yn +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls3:BOB_cf_wap-wsg-idm-ecid-wtls3_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +SharedSecret=0311924428a839b7dcada662722945e62bf1131f4f + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls3_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=047f1aee6a1a1d7c9c1f0e8dce4349429f737aa658 + +PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAB +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls3 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls3 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls3_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=wap-wsg-idm-ecid-wtls4 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls4 +-----BEGIN PRIVATE KEY----- +MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8ACFOrBbOh5LjNtJQCuEE= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAW3K4Mus5+KAJVGLzEYrAYuCJSEYXFTo17aW0TwN +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls4:ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls4 +-----BEGIN PRIVATE KEY----- +MC0CAQAwEAYHKoZIzj0CAQYFZysBBAQEFjAUAgEBBA8Auz4XRc3Rg0bNcbrray8= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAI0F7ixGqOhnYpsuR80nAdTdSXM+YbcUbLe/U/xG +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls4:BOB_cf_wap-wsg-idm-ecid-wtls4_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +SharedSecret=0077378ddfdadff704a0b6646949e7 + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +SharedSecret=0077378ddfdadff704a0b6646949e7 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=008f3713fe1ff1fa5d5041899817d1 + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=008f3713fe1ff1fa5d5041899817d1 + +PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +-----BEGIN PUBLIC KEY----- +MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAAAAAAAAAAAAAAAAAAAAAd+TqiBXnTd/lyA/OFsR +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls4 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls4 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls4_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=wap-wsg-idm-ecid-wtls5 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls5 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUD9gVh3zbLTA7BuRVVi9T8QKZ1uco= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAH5xyUrvbuN+tWmRhwqrQfFHPHNUBKtAGvJuvSFVwTKk +uFzn9fPvIDe6 +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls5:ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls5 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFZysBBAUEHDAaAgEBBBUAr9ZlmuO7bNfqB42xUivJXyVHKNI= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEBdXxEk0L2XAVzRNLPcnMxGXXyDfZAoA1Qw2XpOfVWIVR +jdoMGRgUuJmO +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls5:BOB_cf_wap-wsg-idm-ecid-wtls5_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +SharedSecret=0190c68d80e94fbe9f193ae7d9a156bf0b8d097c23 + +# ECC CDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls5_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea + +# ECC CDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +Ctrl=ecdh_cofactor_mode:1 +SharedSecret=00aabc9b45c200e41294aa922ab06da6655731e0ea + +PublicKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +-----BEGIN PUBLIC KEY----- +MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8JxepS05nN/piK +dhDD3dDKXUih +-----END PUBLIC KEY----- + +# ECC CDH Bob with Malice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls5 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +# ECC CDH Alice with Malice peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls5 +PeerKey=MALICE_cf_wap-wsg-idm-ecid-wtls5_PUB +Ctrl=ecdh_cofactor_mode:1 +Result=DERIVE_ERROR + +Title=wap-wsg-idm-ecid-wtls6 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls6 +-----BEGIN PRIVATE KEY----- +MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA4ayMbswPbvYMwpwo80jA== +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAERPw/8Ip/RrXr0gMgLGRQeiQ4Qd6W+Li0ylGKzg== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls6:ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls6 +-----BEGIN PRIVATE KEY----- +MCwCAQAwEAYHKoZIzj0CAQYFZysBBAYEFTATAgEBBA6kbCpFt3tX2hYBQHMXbg== +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAEhJXqpYGxE/l1X/LiBeyRbIcyzqPxUP5Tkv3U3w== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls6:BOB_cf_wap-wsg-idm-ecid-wtls6_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls6 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB +SharedSecret=b4cae255268f11a1e46fecad04c2 + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls6 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB +SharedSecret=b4cae255268f11a1e46fecad04c2 + +Title=wap-wsg-idm-ecid-wtls7 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls7 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUABcyzh4ot9ck/j4/3ehK0aYngYoM= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEwQLnZ70n45RLqRtAGNzEa3Rl/9nwyjqYUtw2eeHhnNLT +feGY4CNH0w== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls7:ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls7 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFZysBBAcEHDAaAgEBBBUAPyrGRY1SR13hKQswS6yXs8w8PUQ= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEZGN44YbN5r3zcNtOHrvbQLt8/lE7BHp4D/9eKLmwFDn1 +QneRu3xwPA== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls7:BOB_cf_wap-wsg-idm-ecid-wtls7_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls7 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls7_PUB +SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls7 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB +SharedSecret=ae9f5bcc6457c0422866bf855921eabc42b7121a + +Title=wap-wsg-idm-ecid-wtls8 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls8 +-----BEGIN PRIVATE KEY----- +MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AnkC18b3pH2O5TIYIqAQ= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEJD0h4HEfchwxqhp9eMHh9gczQKHX4MtWVoAxKQ== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls8:ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls8 +-----BEGIN PRIVATE KEY----- +MC0CAQAwEAYHKoZIzj0CAQYFZysBBAgEFjAUAgEBBA8AXxPMnqbl3rOuIM5nsvc= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +-----BEGIN PUBLIC KEY----- +MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEZawmRmzr9P+jihImUi6ykOzaSH484JhMKNdrgw== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls8:BOB_cf_wap-wsg-idm-ecid-wtls8_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls8 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB +SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls8 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB +SharedSecret=48baf4f1f5e8a0eb5dae28ef6290 + +Title=wap-wsg-idm-ecid-wtls9 curve tests + +PrivateKey=ALICE_cf_wap-wsg-idm-ecid-wtls9 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUALwvuKs3RLthMAsChbqKjXw6vTYo= +-----END PRIVATE KEY----- + +PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAET0ppOvd9DU4v+tkKDQ5wRBrN1FwD9+F9t5l3Im+mz3rw +DB/RYdZuUg== +-----END PUBLIC KEY----- + +PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls9:ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB + +PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls9 +-----BEGIN PRIVATE KEY----- +MDMCAQAwEAYHKoZIzj0CAQYFZysBBAkEHDAaAgEBBBUAgeb/vqEM7X5AAAxyBu3M+C8pWLM= +-----END PRIVATE KEY----- + +PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +-----BEGIN PUBLIC KEY----- +MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAEWc37LGt6lt90iF4lhtDYNFdjAqoczebuNgzGff/Uq8ov +a3EVJ9yK1A== +-----END PUBLIC KEY----- + +PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls9:BOB_cf_wap-wsg-idm-ecid-wtls9_PUB + +# ECDH Alice with Bob peer +Derive=ALICE_cf_wap-wsg-idm-ecid-wtls9 +PeerKey=BOB_cf_wap-wsg-idm-ecid-wtls9_PUB +SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 + +# ECDH Bob with Alice peer +Derive=BOB_cf_wap-wsg-idm-ecid-wtls9 +PeerKey=ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB +SharedSecret=948d3030e95cead39a1bb3d8a01c2be178517ba7 + +# tests: 484 From appro at openssl.org Fri Jun 29 10:40:03 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 29 Jun 2018 10:40:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530268803.225346.30959.nullmailer@dev.openssl.org> The branch master has been updated via a091e212fc55244fe03a4c7db7d8978c5b5014cb (commit) from 249330de0250bc598d20d383bab37d150cdad239 (commit) - Log ----------------------------------------------------------------- commit a091e212fc55244fe03a4c7db7d8978c5b5014cb Author: Andy Polyakov Date: Wed Jun 27 12:16:52 2018 +0200 evp/e_chacha20_poly1305.c: improve performance for short TLS records. Inputs not longer than 64 bytes are processed ~10% faster, longer lengths not divisble by 64, e.g. 255, up to ~20%. Unfortunately it's impossible to measure with apps/speed.c, -aead benchmarks TLS-like call sequence, but not exact. It took specially crafted code path... Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6597) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_chacha20_poly1305.c | 158 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 148 insertions(+), 10 deletions(-) diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 9bf98f1..47d5e50 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -150,6 +150,7 @@ typedef struct { EVP_CHACHA_KEY key; unsigned int nonce[12/4]; unsigned char tag[POLY1305_BLOCK_SIZE]; + unsigned char tls_aad[POLY1305_BLOCK_SIZE]; struct { uint64_t aad, text; } len; int aad, mac_inited, tag_len, nonce_len; size_t tls_payload_length; @@ -179,7 +180,8 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, /* pad on the left */ if (actx->nonce_len <= CHACHA_CTR_SIZE) - memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); + memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, + actx->nonce_len); chacha_init_key(ctx, inkey, temp, enc); @@ -193,23 +195,158 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, return 1; } +# if !defined(OPENSSL_SMALL_FOOTPRINT) +static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 }; + +static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); + size_t i, tail, tohash_len, plen = actx->tls_payload_length; + unsigned char *buf, *tohash, *ctr, storage[2 * CHACHA_BLK_SIZE + 32]; + + if (len != plen + POLY1305_BLOCK_SIZE) + return -1; + + buf = storage + ((0 - (size_t)storage) & 15); /* align */ + ctr = buf + CHACHA_BLK_SIZE; + tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE; + + if (plen <= CHACHA_BLK_SIZE) { + actx->key.counter[0] = 0; + ChaCha20_ctr32(buf, zero, 2 * CHACHA_BLK_SIZE, actx->key.key.d, + actx->key.counter); + Poly1305_Init(POLY1305_ctx(actx), buf); + actx->key.partial_len = 0; + memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); + tohash_len = POLY1305_BLOCK_SIZE; + actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; + actx->len.text = plen; + + if (ctx->encrypt) { + for (i = 0; i < plen; i++) { + out[i] = ctr[i] ^= in[i]; + } + } else { + for (i = 0; i < plen; i++) { + unsigned char c = in[i]; + out[i] = ctr[i] ^ c; + ctr[i] = c; + } + } + + in += i; + out += i; + + tail = (0 - i) & (POLY1305_BLOCK_SIZE - 1); + memset(ctr + i, 0, tail); + ctr += i + tail; + tohash_len += i + tail; + } else { + actx->key.counter[0] = 0; + ChaCha20_ctr32(buf, zero, CHACHA_BLK_SIZE, actx->key.key.d, + actx->key.counter); + Poly1305_Init(POLY1305_ctx(actx), buf); + actx->key.counter[0] = 1; + actx->key.partial_len = 0; + Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE); + tohash = ctr; + tohash_len = 0; + actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; + actx->len.text = plen; + + if (ctx->encrypt) { + ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter); + Poly1305_Update(POLY1305_ctx(actx), out, plen); + } else { + Poly1305_Update(POLY1305_ctx(actx), in, plen); + ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter); + } + + in += plen; + out += plen; + tail = (0 - plen) & (POLY1305_BLOCK_SIZE - 1); + Poly1305_Update(POLY1305_ctx(actx), zero, tail); + } + + { + const union { + long one; + char little; + } is_endian = { 1 }; + + if (is_endian.little) { + memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); + } else { + ctr[0] = (unsigned char)(actx->len.aad); + ctr[1] = (unsigned char)(actx->len.aad>>8); + ctr[2] = (unsigned char)(actx->len.aad>>16); + ctr[3] = (unsigned char)(actx->len.aad>>24); + ctr[4] = (unsigned char)(actx->len.aad>>32); + ctr[5] = (unsigned char)(actx->len.aad>>40); + ctr[6] = (unsigned char)(actx->len.aad>>48); + ctr[7] = (unsigned char)(actx->len.aad>>56); + + ctr[8] = (unsigned char)(actx->len.text); + ctr[9] = (unsigned char)(actx->len.text>>8); + ctr[10] = (unsigned char)(actx->len.text>>16); + ctr[11] = (unsigned char)(actx->len.text>>24); + ctr[12] = (unsigned char)(actx->len.text>>32); + ctr[13] = (unsigned char)(actx->len.text>>40); + ctr[14] = (unsigned char)(actx->len.text>>48); + ctr[15] = (unsigned char)(actx->len.text>>56); + } + tohash_len += POLY1305_BLOCK_SIZE; + } + + Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len); + OPENSSL_cleanse(buf, 2 * CHACHA_BLK_SIZE); + Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag + : tohash); + + actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + + if (ctx->encrypt) { + memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); + } else { + if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) { + memset(out - (len - POLY1305_BLOCK_SIZE), 0, + len - POLY1305_BLOCK_SIZE); + return -1; + } + } + + return len; +} +# else +static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 }; +# endif + static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); size_t rem, plen = actx->tls_payload_length; - static const unsigned char zero[POLY1305_BLOCK_SIZE] = { 0 }; if (!actx->mac_inited) { +# if !defined(OPENSSL_SMALL_FOOTPRINT) + if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL) + return chacha20_poly1305_tls_cipher(ctx, out, in, len); +# endif actx->key.counter[0] = 0; - memset(actx->key.buf, 0, sizeof(actx->key.buf)); - ChaCha20_ctr32(actx->key.buf, actx->key.buf, CHACHA_BLK_SIZE, + ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE, actx->key.key.d, actx->key.counter); Poly1305_Init(POLY1305_ctx(actx), actx->key.buf); actx->key.counter[0] = 1; actx->key.partial_len = 0; actx->len.aad = actx->len.text = 0; actx->mac_inited = 1; + if (plen != NO_TLS_PAYLOAD_LENGTH) { + Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, + EVP_AEAD_TLS1_AAD_LEN); + actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; + actx->aad = 1; + } } if (in) { /* aad or text */ @@ -341,6 +478,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, actx->tag_len = 0; actx->nonce_len = 12; actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; + memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE); return 1; case EVP_CTRL_COPY: @@ -393,18 +531,18 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, return 0; { unsigned int len; - unsigned char *aad = ptr, temp[POLY1305_BLOCK_SIZE]; + unsigned char *aad = ptr; + memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN); len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | aad[EVP_AEAD_TLS1_AAD_LEN - 1]; + aad = actx->tls_aad; if (!ctx->encrypt) { if (len < POLY1305_BLOCK_SIZE) return 0; len -= POLY1305_BLOCK_SIZE; /* discount attached tag */ - memcpy(temp, aad, EVP_AEAD_TLS1_AAD_LEN - 2); - aad = temp; - temp[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); - temp[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; + aad[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); + aad[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; } actx->tls_payload_length = len; @@ -415,7 +553,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); actx->mac_inited = 0; - chacha20_poly1305_cipher(ctx, NULL, aad, EVP_AEAD_TLS1_AAD_LEN); + return POLY1305_BLOCK_SIZE; /* tag length */ }