From pauli at openssl.org Tue Jun 1 05:05:18 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 01 Jun 2021 05:05:18 +0000 Subject: [openssl] master update Message-ID: <1622523918.506508.30007.nullmailer@dev.openssl.org> The branch master has been updated via d11dd381c561db5c5144e575ac6db63e07d5507b (commit) via 64fac96de81d3dc19cc0c9045c341f0dec818075 (commit) via a7981653ea61b587bbb963985e30394177945e8e (commit) from e378be2a29f8bc5e679e63d5f5e9766d2f4dfc4b (commit) - Log ----------------------------------------------------------------- commit d11dd381c561db5c5144e575ac6db63e07d5507b Author: Pauli Date: Mon May 31 10:29:55 2021 +1000 add some cross compilation builds Add some cross compiling builds to test things aren't broken. Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15535) commit 64fac96de81d3dc19cc0c9045c341f0dec818075 Author: Pauli Date: Mon May 31 15:33:22 2021 +1000 sparc: fix cross compile build Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15535) commit a7981653ea61b587bbb963985e30394177945e8e Author: Pauli Date: Mon May 31 15:16:16 2021 +1000 ppc: fix ambiguous if if else statement Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15535) ----------------------------------------------------------------------- Summary of changes: .github/workflows/cross-compiles.yml | 66 ++++++++++++++++++++++++++++++++++++ crypto/ppccap.c | 3 +- crypto/sparcv9cap.c | 1 + include/crypto/aes_platform.h | 12 +++---- include/crypto/cmll_platform.h | 8 ++--- 5 files changed, 79 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/cross-compiles.yml diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml new file mode 100644 index 0000000000..668ef6a658 --- /dev/null +++ b/.github/workflows/cross-compiles.yml @@ -0,0 +1,66 @@ +name: Cross Compile + +on: [pull_request, push] + +jobs: + cross-compilation: + strategy: + fail-fast: false + matrix: + # The platform matrix specifies the package to be loaded by apt, + # then the cross compilation prefix and finally the configuration + # target. + platform: [ + { + package: gcc-aarch64-linux-gnu libc6-dev-arm64-cross, + cross: aarch64-linux-gnu-, + target: linux-aarch64 + }, { + package: gcc-alpha-linux-gnu libc6.1-dev-alpha-cross, + cross: alpha-linux-gnu-, + target: linux-alpha-gcc + }, { + package: gcc-arm-linux-gnueabi libc6-dev-armel-cross, + cross: arm-linux-gnueabi-, + target: linux-armv4 + }, { + package: gcc-arm-linux-gnueabihf libc6-dev-armhf-cross, + cross: arm-linux-gnueabihf-, + target: linux-armv4 + }, { + package: gcc-mips-linux-gnu libc6-dev-mips-cross, + cross: mips-linux-gnu-, + target: linux-mips32 + }, { + package: gcc-mipsel-linux-gnu libc6-dev-mipsel-cross, + cross: mipsel-linux-gnu-, + target: linux-mips32 + }, { + package: gcc-powerpc64le-linux-gnu libc6-dev-ppc64el-cross, + cross: powerpc64le-linux-gnu-, + target: linux-ppc64le + }, { + package: gcc-riscv64-linux-gnu libc6-dev-riscv64-cross, + cross: riscv64-linux-gnu-, + target: linux64-riscv64 + }, { + package: gcc-s390x-linux-gnu libc6-dev-s390x-cross, + cross: s390x-linux-gnu-, + target: linux64-s390x + }, { + package: gcc-sparc64-linux-gnu libc6-dev-sparc64-cross, + cross: sparc64-linux-gnu-, + target: linux64-sparcv9 + } + ] + runs-on: ubuntu-latest + steps: + - name: install packages + run: | + sudo apt-get update + sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install ${{ matrix.platform.package }} + - uses: actions/checkout at v2 + - name: config + run: ./config --banner=Configured --strict-warnings enable-fips --cross-compile-prefix=${{ matrix.platform.cross }} ${{ matrix.platform.target }} && perl configdata.pm --dump + - name: make + run: make -s -j4 diff --git a/crypto/ppccap.c b/crypto/ppccap.c index 4d28d84cae..27f048686e 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -68,11 +68,12 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, * no opportunity to figure it out... */ - if (num == 6) + if (num == 6) { if (OPENSSL_ppccap_P & PPC_MADD300) return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num); else return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num); + } return bn_mul_mont_int(rp, ap, bp, np, n0, num); } diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index 4c39362e40..44e74b309b 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -16,6 +16,7 @@ #include #include #include "internal/cryptlib.h" +#include "bn/bn_local.h" /* for definition of bn_mul_mont */ #include "sparc_arch.h" diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h index 431aef908b..a50bdbe069 100644 --- a/include/crypto/aes_platform.h +++ b/include/crypto/aes_platform.h @@ -264,22 +264,22 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out, */ void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const AES_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, unsigned char *ivec); diff --git a/include/crypto/cmll_platform.h b/include/crypto/cmll_platform.h index 527f216ca8..fe2f789173 100644 --- a/include/crypto/cmll_platform.h +++ b/include/crypto/cmll_platform.h @@ -29,16 +29,16 @@ void cmll_t4_decrypt(const unsigned char *in, unsigned char *out, void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec); + unsigned char *ivec, int /*unused*/); void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, size_t blocks, const CAMELLIA_KEY *key, unsigned char *ivec); From shane.lontis at oracle.com Tue Jun 1 05:27:51 2021 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Tue, 01 Jun 2021 05:27:51 +0000 Subject: [openssl] master update Message-ID: <1622525271.773261.10277.nullmailer@dev.openssl.org> The branch master has been updated via 9ff4b7b0c7b445bcc9b98fde9107fa9520d17f04 (commit) via 7f9537d57adf74eb6147bc19b5b579b95a8866e9 (commit) via 17b209da4925ada855259ff5b746aaa684def0f5 (commit) via e2311445bbfc9e2a6ff05e467cf13475b058d0a2 (commit) from d11dd381c561db5c5144e575ac6db63e07d5507b (commit) - Log ----------------------------------------------------------------- commit 9ff4b7b0c7b445bcc9b98fde9107fa9520d17f04 Author: Shane Lontis Date: Sat May 29 12:47:19 2021 +1000 Migration guide updates for flags and controls. Provided a section that links to the ctrl/flags mappings to parameters for digests and ciphers. Added "EVP_CIPHER_CTX_set_flags() ordering" to changes section. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15496) commit 7f9537d57adf74eb6147bc19b5b579b95a8866e9 Author: Shane Lontis Date: Sat May 29 12:41:43 2021 +1000 Document Settable EVP_CIPHER_CTX parameter "use-bits" Added docs for EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags(). Added section for "FLAGS" to show parameter mappings. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15496) commit 17b209da4925ada855259ff5b746aaa684def0f5 Author: Shane Lontis Date: Thu May 27 18:13:24 2021 +1000 Fix param indentation in ciphercommon_hw.c Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15496) commit e2311445bbfc9e2a6ff05e467cf13475b058d0a2 Author: Shane Lontis Date: Thu May 27 18:08:53 2021 +1000 Fix aes cfb1 so that it can operate in bit mode. The code to handle the cipher operation was already in the provider. It just needed a OSSL_PARAM in order to set this into the algorithm. EVP_CIPHER_CTX_set_flags() has been modified to pass the OSSL_PARAM. Issue reported by Mark Powers from Acumen. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15496) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_lib.c | 17 ++++ doc/man3/EVP_EncryptInit.pod | 109 +++++++++++++++++++-- doc/man7/migration_guide.pod | 19 ++++ include/openssl/core_names.h | 1 + providers/implementations/ciphers/ciphercommon.c | 11 +++ .../implementations/ciphers/ciphercommon_hw.c | 20 ++-- test/acvp_test.c | 49 +++++++++ util/missingcrypto.txt | 3 - 8 files changed, 210 insertions(+), 19 deletions(-) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index adae97b8f5..bc872c0e79 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -1058,14 +1058,31 @@ int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) return (ctx->flags & flags); } +static int evp_cipher_ctx_enable_use_bits(EVP_CIPHER_CTX *ctx, + unsigned int enable) +{ + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_USE_BITS, &enable); + return EVP_CIPHER_CTX_set_params(ctx, params); +} + void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) { + int oldflags = ctx->flags; + ctx->flags |= flags; + if (((oldflags ^ ctx->flags) & EVP_CIPH_FLAG_LENGTH_BITS) != 0) + evp_cipher_ctx_enable_use_bits(ctx, 1); } void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) { + int oldflags = ctx->flags; + ctx->flags &= ~flags; + if (((oldflags ^ ctx->flags) & EVP_CIPH_FLAG_LENGTH_BITS) != 0) + evp_cipher_ctx_enable_use_bits(ctx, 0); } int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 52b8736d07..0fc7b1e82c 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -66,6 +66,9 @@ EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_set_flags, +EVP_CIPHER_CTX_clear_flags, +EVP_CIPHER_CTX_test_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, @@ -134,6 +137,9 @@ EVP_CIPHER_do_all_provided int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int cmd, int p1, void *p2); int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); + void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); + int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_CIPHER *EVP_get_cipherbynid(int nid); @@ -381,10 +387,12 @@ must be called to free any context resources. Encrypts or decrypts a maximum I amount of bytes from I and leaves the result in I. -If the cipher doesn't have the flag B set, -then I must be a multiple of EVP_CIPHER_block_size(). If it isn't, -the result is undefined. If the cipher has that flag set, then I -can be any size. + +For legacy ciphers - If the cipher doesn't have the flag +B set, then I must be a multiple of +EVP_CIPHER_block_size(). If it isn't, the result is undefined. If the cipher +has that flag set, then I can be any size. + Due to the constraints of the API contract of this function it shouldn't be used in applications, please consider using EVP_CipherUpdate() and EVP_CipherFinal_ex() instead. @@ -400,6 +408,14 @@ Return the NID of a cipher when passed an B or B structure. The actual NID value is an internal value which may not have a corresponding OBJECT IDENTIFIER. +=item EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags() + +Sets, clears and tests I flags. See L below for more information. + +For provided ciphers EVP_CIPHER_CTX_set_flags() should be called only after the +fetched cipher has been assigned to the I. It is recommended to use +L instead. + =item EVP_CIPHER_CTX_set_padding() Enables or disables padding. This function should be called after the context @@ -499,7 +515,7 @@ If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned. =item EVP_CIPHER_flags() -Returns any flags associated with the cipher. See EVP_CIPHER_meth_set_flags() +Returns any flags associated with the cipher. See L for a list of currently defined flags. =item EVP_CIPHER_param_to_asn1() @@ -783,6 +799,15 @@ by AES SIV ciphers which disallow multiple operations by default. Setting "speed" to 1 allows another encrypt or decrypt operation to be performed. This is used for performance testing. +=item "use-bits" (B) + +Determines if the input length I passed to EVP_EncryptUpdate(), +EVP_DecryptUpdate() and EVP_CipherUpdate() is the number of bits or number of bytes. +Setting "use-bits" to 1 uses bits. The default is in bytes. +This is only used for B ciphers. + +This can be set using EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS). + =item "tls-version" (B) Sets the TLS version. @@ -990,6 +1015,78 @@ followed by EVP_CIPHER_CTX_get_params() with a key of =back +=head1 FLAGS + +EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags(). +can be used to manipulate and test these B flags: + +=over 4 + +=item EVP_CIPH_NO_PADDING + +Used by EVP_CIPHER_CTX_set_padding(). + +See also L "padding" + +=item EVP_CIPH_FLAG_LENGTH_BITS + +See L "use-bits". + +=item EVP_CIPHER_CTX_FLAG_WRAP_ALLOW + +Used for Legacy purposes only. This flag needed to be set to indicate the +cipher handled wrapping. + +=back + +EVP_CIPHER_flags() uses the following flags that +have mappings to L: + +=over 4 + +=item EVP_CIPH_FLAG_AEAD_CIPHER + +See L "aead". + +=item EVP_CIPH_CUSTOM_IV + +See L "custom-iv". + +=item EVP_CIPH_FLAG_CTS + +See L "cts". + +=item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; + +See L "tls-multi". + +=back + +EVP_CIPHER_flags() uses the following flags for legacy purposes only: + +=over 4 + +=item EVP_CIPH_VARIABLE_LENGTH + +=item EVP_CIPH_FLAG_CUSTOM_CIPHER + +=item EVP_CIPH_ALWAYS_CALL_INIT + +=item EVP_CIPH_CTRL_INIT + +=item EVP_CIPH_CUSTOM_KEY_LENGTH + +=item EVP_CIPH_RAND_KEY + +=item EVP_CIPH_CUSTOM_COPY + +=item EVP_CIPH_FLAG_DEFAULT_ASN1 + +See L for further information related to the above +flags. + +=back + =head1 RETURN VALUES EVP_CIPHER_fetch() returns a pointer to a B for success @@ -1010,7 +1107,7 @@ EVP_CipherInit_ex2() and EVP_CipherUpdate() return 1 for success and 0 for failu EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. EVP_Cipher() returns the amount of encrypted / decrypted bytes, or -1 -on failure, if the flag B is set for the +on failure if the flag B is set for the cipher. EVP_Cipher() returns 1 on success or 0 on failure, if the flag B is not set for the cipher. diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 89ef74f0a1..b230eb7839 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -423,6 +423,12 @@ Previously (in 1.1.1) these conflicting parameters were allowed, but will now result in errors. See L for further details. This affects the behaviour of L for DH parameter generation. +=head4 EVP_CIPHER_CTX_set_flags() ordering change + +If using a cipher from a provider the B flag can only +be set B the cipher has been assigned to the cipher context. +See L for more information. + =head2 Installation and Compilation Please refer to the INSTALL.md file in the top of the distribution for @@ -869,6 +875,19 @@ See also L. Implicit and Explicit Fetching is described in detail here L. +=head3 Mapping EVP controls and flags to provider B parameters + +The existing functions for controls (such as L) and +manipulating flags (such as L)internally use +B to pass information to/from provider objects. +See L for additional information related to parameters. + +For ciphers see L, L and +L. + +For digests see L, L and +L. + =head3 Deprecation of Low Level Functions A significant number of APIs have been deprecated in OpenSSL 3.0. diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index e4601a51ab..5ecde3c994 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -65,6 +65,7 @@ extern "C" { /* cipher parameters */ #define OSSL_CIPHER_PARAM_PADDING "padding" /* uint */ +#define OSSL_CIPHER_PARAM_USE_BITS "use-bits" /* uint */ #define OSSL_CIPHER_PARAM_TLS_VERSION "tls-version" /* uint */ #define OSSL_CIPHER_PARAM_TLS_MAC "tls-mac" /* octet_ptr */ #define OSSL_CIPHER_PARAM_TLS_MAC_SIZE "tls-mac-size" /* size_t */ diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index f84f7a36c2..3c8ea8c03c 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -95,6 +95,7 @@ CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(ossl_cipher_generic) CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(ossl_cipher_generic) CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_START(ossl_cipher_generic) +OSSL_PARAM_uint(OSSL_CIPHER_PARAM_USE_BITS, NULL), OSSL_PARAM_uint(OSSL_CIPHER_PARAM_TLS_VERSION, NULL), OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, NULL), CIPHER_DEFAULT_SETTABLE_CTX_PARAMS_END(ossl_cipher_generic) @@ -598,6 +599,16 @@ int ossl_cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } ctx->pad = pad ? 1 : 0; } + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_USE_BITS); + if (p != NULL) { + unsigned int bits; + + if (!OSSL_PARAM_get_uint(p, &bits)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + ctx->use_bits = bits ? 1 : 0; + } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_TLS_VERSION); if (p != NULL) { if (!OSSL_PARAM_get_uint(p, &ctx->tlsversion)) { diff --git a/providers/implementations/ciphers/ciphercommon_hw.c b/providers/implementations/ciphers/ciphercommon_hw.c index 8452338da7..e73416a1c5 100644 --- a/providers/implementations/ciphers/ciphercommon_hw.c +++ b/providers/implementations/ciphers/ciphercommon_hw.c @@ -14,7 +14,7 @@ * Used if there is no special hardware implementations. */ int ossl_cipher_hw_generic_cbc(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { if (dat->stream.cbc) (*dat->stream.cbc) (in, out, len, dat->ks, dat->iv, dat->enc); @@ -27,7 +27,7 @@ int ossl_cipher_hw_generic_cbc(PROV_CIPHER_CTX *dat, unsigned char *out, } int ossl_cipher_hw_generic_ecb(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { size_t i, bl = dat->blocksize; @@ -46,7 +46,7 @@ int ossl_cipher_hw_generic_ecb(PROV_CIPHER_CTX *dat, unsigned char *out, } int ossl_cipher_hw_generic_ofb128(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int num = dat->num; @@ -69,7 +69,7 @@ int ossl_cipher_hw_generic_cfb128(PROV_CIPHER_CTX *dat, unsigned char *out, } int ossl_cipher_hw_generic_cfb8(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int num = dat->num; @@ -81,7 +81,7 @@ int ossl_cipher_hw_generic_cfb8(PROV_CIPHER_CTX *dat, unsigned char *out, } int ossl_cipher_hw_generic_cfb1(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { int num = dat->num; @@ -109,7 +109,7 @@ int ossl_cipher_hw_generic_cfb1(PROV_CIPHER_CTX *dat, unsigned char *out, } int ossl_cipher_hw_generic_ctr(PROV_CIPHER_CTX *dat, unsigned char *out, - const unsigned char *in, size_t len) + const unsigned char *in, size_t len) { unsigned int num = dat->num; @@ -130,7 +130,7 @@ int ossl_cipher_hw_generic_ctr(PROV_CIPHER_CTX *dat, unsigned char *out, */ int ossl_cipher_hw_chunked_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= MAXCHUNK) { ossl_cipher_hw_generic_cbc(ctx, out, in, MAXCHUNK); @@ -144,7 +144,7 @@ int ossl_cipher_hw_chunked_cbc(PROV_CIPHER_CTX *ctx, unsigned char *out, } int ossl_cipher_hw_chunked_cfb8(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { size_t chunk = MAXCHUNK; @@ -162,7 +162,7 @@ int ossl_cipher_hw_chunked_cfb8(PROV_CIPHER_CTX *ctx, unsigned char *out, } int ossl_cipher_hw_chunked_cfb128(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { size_t chunk = MAXCHUNK; @@ -180,7 +180,7 @@ int ossl_cipher_hw_chunked_cfb128(PROV_CIPHER_CTX *ctx, unsigned char *out, } int ossl_cipher_hw_chunked_ofb128(PROV_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) + const unsigned char *in, size_t inl) { while (inl >= MAXCHUNK) { ossl_cipher_hw_generic_ofb128(ctx, out, in, MAXCHUNK); diff --git a/test/acvp_test.c b/test/acvp_test.c index 339c2fb965..84009193c2 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c @@ -1387,6 +1387,54 @@ err: return res; } +static int aes_cfb1_bits_test(void) +{ + int ret = 0; + EVP_CIPHER *cipher = NULL; + EVP_CIPHER_CTX *ctx = NULL; + unsigned char out[16] = { 0 }; + int outlen; + const OSSL_PARAM *params, *p; + + static const unsigned char key[] = { + 0x12, 0x22, 0x58, 0x2F, 0x1C, 0x1A, 0x8A, 0x88, + 0x30, 0xFC, 0x18, 0xB7, 0x24, 0x89, 0x7F, 0xC0 + }; + static const unsigned char iv[] = { + 0x05, 0x28, 0xB5, 0x2B, 0x58, 0x27, 0x63, 0x5C, + 0x81, 0x86, 0xD3, 0x63, 0x60, 0xB0, 0xAA, 0x2B + }; + static const unsigned char pt[] = { + 0xB4 + }; + static const unsigned char expected[] = { + 0x6C + }; + + if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, "AES-128-CFB1", "fips=yes"))) + goto err; + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto err; + if (!TEST_int_gt(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1), 0)) + goto err; + if (!TEST_ptr(params = EVP_CIPHER_CTX_settable_params(ctx)) + || !TEST_ptr(p = OSSL_PARAM_locate_const(params, + OSSL_CIPHER_PARAM_USE_BITS))) + goto err; + EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS); + if (!TEST_int_gt(EVP_CipherUpdate(ctx, out, &outlen, pt, 7), 0)) + goto err; + if (!TEST_int_eq(outlen, 7)) + goto err; + if (!TEST_mem_eq(out, (outlen + 7) / 8, expected, sizeof(expected))) + goto err; + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + int setup_tests(void) { char *config_file = NULL; @@ -1411,6 +1459,7 @@ int setup_tests(void) OSSL_SELF_TEST_set_callback(libctx, self_test_events, &self_test_args); + ADD_TEST(aes_cfb1_bits_test); ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data)); ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data)); ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data)); diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 00083c834d..04eace5da7 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -630,14 +630,11 @@ ERR_load_strings_const(3) ERR_set_error_data(3) ERR_unload_strings(3) EVP_CIPHER_CTX_buf_noconst(3) -EVP_CIPHER_CTX_clear_flags(3) EVP_CIPHER_CTX_copy(3) EVP_CIPHER_CTX_encrypting(3) EVP_CIPHER_CTX_num(3) EVP_CIPHER_CTX_rand_key(3) -EVP_CIPHER_CTX_set_flags(3) EVP_CIPHER_CTX_set_num(3) -EVP_CIPHER_CTX_test_flags(3) EVP_CIPHER_do_all(3) EVP_CIPHER_do_all_sorted(3) EVP_CIPHER_get_asn1_iv(3) From shane.lontis at oracle.com Tue Jun 1 05:31:37 2021 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Tue, 01 Jun 2021 05:31:37 +0000 Subject: [openssl] master update Message-ID: <1622525497.825070.22394.nullmailer@dev.openssl.org> The branch master has been updated via 3c15d677054b952c707aeaf781aec42b86a54ebb (commit) from 9ff4b7b0c7b445bcc9b98fde9107fa9520d17f04 (commit) - Log ----------------------------------------------------------------- commit 3c15d677054b952c707aeaf781aec42b86a54ebb Author: Shane Lontis Date: Sat May 29 17:16:22 2021 +1000 Fix error stack for some fetch calls. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15532) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_pbe.c | 7 ++++++- crypto/evp/p5_crpt2.c | 3 +++ crypto/evp/p_lib.c | 9 +++++++-- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 6347a0635f..129888f2f7 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -117,28 +117,33 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, passlen = strlen(pass); if (cipher_nid != -1) { + (void)ERR_set_mark(); cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq); /* Fallback to legacy method */ if (cipher == NULL) cipher = EVP_get_cipherbynid(cipher_nid); - if (cipher == NULL) { + (void)ERR_clear_last_mark(); ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER, OBJ_nid2sn(cipher_nid)); goto err; } + (void)ERR_pop_to_mark(); } if (md_nid != -1) { + (void)ERR_set_mark(); md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq); /* Fallback to legacy method */ if (md == NULL) EVP_get_digestbynid(md_nid); if (md == NULL) { + (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST); goto err; } + (void)ERR_pop_to_mark(); } /* Try extended keygen with libctx/propq first, fall back to legacy keygen */ diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index e7a2b51091..54773304fd 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -141,15 +141,18 @@ int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } + (void)ERR_set_mark(); cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq); /* Fallback to legacy method */ if (cipher == NULL) cipher = EVP_get_cipherbyname(ciph_name); if (cipher == NULL) { + (void)ERR_clear_last_mark(); ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER); goto err; } + (void)ERR_pop_to_mark(); /* Fixup cipher based on AlgorithmIdentifier */ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 9b31c58288..d2c871179e 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1268,10 +1268,15 @@ static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op, int mdnum; OSSL_LIB_CTX *libctx = ossl_provider_libctx(pkey->keymgmt->prov); /* Make sure the MD is in the namemap if available */ - EVP_MD *md = EVP_MD_fetch(libctx, mdname, NULL); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + EVP_MD *md; + OSSL_NAMEMAP *namemap; int nid = NID_undef; + (void)ERR_set_mark(); + md = EVP_MD_fetch(libctx, mdname, NULL); + (void)ERR_pop_to_mark(); + namemap = ossl_namemap_stored(libctx); + /* * The only reason to fetch the MD was to make sure it is in the * namemap. We can immediately free it. From shane.lontis at oracle.com Tue Jun 1 05:34:51 2021 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Tue, 01 Jun 2021 05:34:51 +0000 Subject: [openssl] master update Message-ID: <1622525691.450273.6504.nullmailer@dev.openssl.org> The branch master has been updated via f7c1b472bf0a790b9c87e1c87e48897d6413ec45 (commit) from 3c15d677054b952c707aeaf781aec42b86a54ebb (commit) - Log ----------------------------------------------------------------- commit f7c1b472bf0a790b9c87e1c87e48897d6413ec45 Author: Shane Lontis Date: Mon May 31 18:45:44 2021 +1000 Move provider der_XXX.h.in files to the include directory. Fixes #15506 The .in and generated .h files are now in the same directory. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15544) ----------------------------------------------------------------------- Summary of changes: providers/common/der/build.info | 14 +++++++------- providers/common/{der => include/prov}/der_digests.h.in | 0 providers/common/{der => include/prov}/der_dsa.h.in | 0 providers/common/{der => include/prov}/der_ec.h.in | 0 providers/common/{der => include/prov}/der_ecx.h.in | 0 providers/common/{der => include/prov}/der_rsa.h.in | 0 providers/common/{der => include/prov}/der_sm2.h.in | 0 providers/common/{der => include/prov}/der_wrap.h.in | 0 8 files changed, 7 insertions(+), 7 deletions(-) rename providers/common/{der => include/prov}/der_digests.h.in (100%) rename providers/common/{der => include/prov}/der_dsa.h.in (100%) rename providers/common/{der => include/prov}/der_ec.h.in (100%) rename providers/common/{der => include/prov}/der_ecx.h.in (100%) rename providers/common/{der => include/prov}/der_rsa.h.in (100%) rename providers/common/{der => include/prov}/der_sm2.h.in (100%) rename providers/common/{der => include/prov}/der_wrap.h.in (100%) diff --git a/providers/common/der/build.info b/providers/common/der/build.info index 87ac2eb11c..b849a79bee 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -6,7 +6,7 @@ GENERATE[$DER_DIGESTS_GEN]=der_digests_gen.c.in DEPEND[$DER_DIGESTS_GEN]=oids_to_c.pm NIST.asn1 DIGESTS.asn1 DEPEND[${DER_DIGESTS_GEN/.c/.o}]=$DER_DIGESTS_H -GENERATE[$DER_DIGESTS_H]=der_digests.h.in +GENERATE[$DER_DIGESTS_H]=../include/prov/der_digests.h.in DEPEND[$DER_DIGESTS_H]=oids_to_c.pm NIST.asn1 DIGESTS.asn1 #----- RSA @@ -21,7 +21,7 @@ DEPEND[$DER_RSA_GEN]=oids_to_c.pm NIST.asn1 RSA.asn1 DEPEND[${DER_RSA_AUX/.c/.o}]=$DER_RSA_H $DER_DIGESTS_H DEPEND[${DER_RSA_GEN/.c/.o}]=$DER_RSA_H -GENERATE[$DER_RSA_H]=der_rsa.h.in +GENERATE[$DER_RSA_H]=../include/prov/der_rsa.h.in DEPEND[$DER_RSA_H]=oids_to_c.pm NIST.asn1 RSA.asn1 #----- DSA @@ -35,7 +35,7 @@ IF[{- !$disabled{dsa} -}] DEPEND[${DER_DSA_AUX/.c/.o}]=$DER_DSA_H $DER_DIGESTS_H DEPEND[${DER_DSA_GEN/.c/.o}]=$DER_DSA_H - GENERATE[$DER_DSA_H]=der_dsa.h.in + GENERATE[$DER_DSA_H]=../include/prov/der_dsa.h.in DEPEND[$DER_DSA_H]=oids_to_c.pm DSA.asn1 ENDIF @@ -50,7 +50,7 @@ IF[{- !$disabled{ec} -}] DEPEND[${DER_EC_AUX/.c/.o}]=$DER_EC_H $DER_DIGESTS_H DEPEND[${DER_EC_GEN/.c/.o}]=$DER_EC_H - GENERATE[$DER_EC_H]=der_ec.h.in + GENERATE[$DER_EC_H]=../include/prov/der_ec.h.in DEPEND[$DER_EC_H]=oids_to_c.pm EC.asn1 ENDIF @@ -65,7 +65,7 @@ IF[{- !$disabled{ec} -}] DEPEND[${DER_ECX_AUX/.c/.o}]=$DER_ECX_H DEPEND[${DER_ECX_GEN/.c/.o}]=$DER_ECX_H - GENERATE[$DER_ECX_H]=der_ecx.h.in + GENERATE[$DER_ECX_H]=../include/prov/der_ecx.h.in DEPEND[$DER_ECX_H]=oids_to_c.pm ECX.asn1 ENDIF @@ -77,7 +77,7 @@ GENERATE[$DER_WRAP_GEN]=der_wrap_gen.c.in DEPEND[$DER_WRAP_GEN]=oids_to_c.pm wrap.asn1 DEPEND[${DER_WRAP_GEN/.c/.o}]=$DER_WRAP_H -GENERATE[$DER_WRAP_H]=der_wrap.h.in +GENERATE[$DER_WRAP_H]=../include/prov/der_wrap.h.in DEPEND[$DER_WRAP_H]=oids_to_c.pm wrap.asn1 #----- SM2 @@ -91,7 +91,7 @@ IF[{- !$disabled{sm2} -}] DEPEND[${DER_SM2_AUX/.c/.o}]=$DER_SM2_H $DER_EC_H DEPEND[${DER_SM2_GEN/.c/.o}]=$DER_SM2_H - GENERATE[$DER_SM2_H]=der_sm2.h.in + GENERATE[$DER_SM2_H]=../include/prov/der_sm2.h.in DEPEND[$DER_SM2_H]=oids_to_c.pm SM2.asn1 ENDIF diff --git a/providers/common/der/der_digests.h.in b/providers/common/include/prov/der_digests.h.in similarity index 100% rename from providers/common/der/der_digests.h.in rename to providers/common/include/prov/der_digests.h.in diff --git a/providers/common/der/der_dsa.h.in b/providers/common/include/prov/der_dsa.h.in similarity index 100% rename from providers/common/der/der_dsa.h.in rename to providers/common/include/prov/der_dsa.h.in diff --git a/providers/common/der/der_ec.h.in b/providers/common/include/prov/der_ec.h.in similarity index 100% rename from providers/common/der/der_ec.h.in rename to providers/common/include/prov/der_ec.h.in diff --git a/providers/common/der/der_ecx.h.in b/providers/common/include/prov/der_ecx.h.in similarity index 100% rename from providers/common/der/der_ecx.h.in rename to providers/common/include/prov/der_ecx.h.in diff --git a/providers/common/der/der_rsa.h.in b/providers/common/include/prov/der_rsa.h.in similarity index 100% rename from providers/common/der/der_rsa.h.in rename to providers/common/include/prov/der_rsa.h.in diff --git a/providers/common/der/der_sm2.h.in b/providers/common/include/prov/der_sm2.h.in similarity index 100% rename from providers/common/der/der_sm2.h.in rename to providers/common/include/prov/der_sm2.h.in diff --git a/providers/common/der/der_wrap.h.in b/providers/common/include/prov/der_wrap.h.in similarity index 100% rename from providers/common/der/der_wrap.h.in rename to providers/common/include/prov/der_wrap.h.in From no-reply at appveyor.com Tue Jun 1 06:29:48 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Jun 2021 06:29:48 +0000 Subject: Build failed: openssl master.42209 Message-ID: <20210601062948.1.21B7049AC30E60FA@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 1 07:54:57 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Jun 2021 07:54:57 +0000 Subject: Build failed: openssl master.42210 Message-ID: <20210601075457.1.BABDF51F6C20DEC2@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Jun 1 08:14:51 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 01 Jun 2021 08:14:51 +0000 Subject: [openssl] master update Message-ID: <1622535291.418914.663.nullmailer@dev.openssl.org> The branch master has been updated via 28cab20916731c188180628330de27f6ce5f684e (commit) via dfefa4c16424cb3628b2a75b53c11e0be5247baa (commit) via 528685fe7767b376fe299a602217f3a3a7e1d21d (commit) from f7c1b472bf0a790b9c87e1c87e48897d6413ec45 (commit) - Log ----------------------------------------------------------------- commit 28cab20916731c188180628330de27f6ce5f684e Author: Pauli Date: Mon May 31 16:31:18 2021 +1000 crypto: updates to pass size_t to RAND_bytes_ex() Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15540) commit dfefa4c16424cb3628b2a75b53c11e0be5247baa Author: Pauli Date: Mon May 31 16:31:04 2021 +1000 ssl: ass size_t to RAND_bytes_ex() Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15540) commit 528685fe7767b376fe299a602217f3a3a7e1d21d Author: Pauli Date: Mon May 31 16:30:50 2021 +1000 rand: use size_t for size argument to RAND_bytes_ex() Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15540) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/p5_pbev2.c | 10 +++++----- crypto/crmf/crmf_pbm.c | 2 +- crypto/ec/ec_err.c | 3 ++- crypto/ec/ecp_s390x_nistp.c | 6 +++++- crypto/err/openssl.txt | 2 ++ crypto/ffc/ffc_params_generate.c | 4 ++-- crypto/pkcs12/p12_mutl.c | 4 +++- crypto/rand/rand_lib.c | 12 ++++++++---- crypto/rsa/rsa_err.c | 1 + crypto/rsa/rsa_oaep.c | 4 ++++ crypto/rsa/rsa_pk1.c | 3 +++ doc/man3/RAND_bytes.pod | 4 ++-- include/crypto/ecerr.h | 2 +- include/openssl/ecerr.h | 1 + include/openssl/rand.h | 4 ++-- include/openssl/rsaerr.h | 1 + ssl/statem/statem_clnt.c | 6 +++--- ssl/statem/statem_srvr.c | 3 ++- 18 files changed, 48 insertions(+), 24 deletions(-) diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index d16fb8cfe3..162e31d7ba 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -45,7 +45,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, OSSL_LIB_CTX *libctx) { X509_ALGOR *scheme = NULL, *ret = NULL; - int alg_nid, keylen; + int alg_nid, keylen, ivlen; EVP_CIPHER_CTX *ctx = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; PBE2PARAM *pbe2 = NULL; @@ -66,11 +66,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, goto merr; /* Create random IV */ - if (EVP_CIPHER_iv_length(cipher)) { + ivlen = EVP_CIPHER_iv_length(cipher); + if (ivlen > 0) { if (aiv) - memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); - else if (RAND_bytes_ex(libctx, iv, EVP_CIPHER_iv_length(cipher), - 0) <= 0) + memcpy(iv, aiv, ivlen); + else if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) goto err; } diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 21808d014b..5641bee65a 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -55,7 +55,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, */ if ((salt = OPENSSL_malloc(slen)) == NULL) goto err; - if (RAND_bytes_ex(libctx, salt, (int)slen, 0) <= 0) { + if (RAND_bytes_ex(libctx, salt, slen, 0) <= 0) { ERR_raise(ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM); goto err; } diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 9e21968499..9dc143c2ac 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -62,6 +62,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GENERATOR), "invalid generator"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_LENGTH), "invalid length"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_NAMED_GROUP_CONVERSION), "invalid named group conversion"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH), diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c index 4a676c37ad..5c70b2d678 100644 --- a/crypto/ec/ecp_s390x_nistp.c +++ b/crypto/ec/ecp_s390x_nistp.c @@ -173,6 +173,10 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, } if (r == NULL || kinv == NULL) { + if (len < 0) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH); + goto ret; + } /* * Generate random k and copy to param param block. RAND_priv_bytes_ex * is used instead of BN_priv_rand_range or BN_generate_dsa_nonce @@ -180,7 +184,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, * internally implementing counter-measures for RNG weakness. */ if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), - len, 0) != 1) { + (size_t)len, 0) != 1) { ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto ret; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 48d1175bce..eb0ace5474 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -555,6 +555,7 @@ EC_R_INVALID_FORM:104:invalid form EC_R_INVALID_GENERATOR:173:invalid generator EC_R_INVALID_GROUP_ORDER:122:invalid group order EC_R_INVALID_KEY:116:invalid key +EC_R_INVALID_LENGTH:117:invalid length EC_R_INVALID_NAMED_GROUP_CONVERSION:174:invalid named group conversion EC_R_INVALID_OUTPUT_LENGTH:161:invalid output length EC_R_INVALID_P:172:invalid p @@ -1152,6 +1153,7 @@ RSA_R_INVALID_HEADER:137:invalid header RSA_R_INVALID_KEYPAIR:171:invalid keypair RSA_R_INVALID_KEY_LENGTH:173:invalid key length RSA_R_INVALID_LABEL:160:invalid label +RSA_R_INVALID_LENGTH:181:invalid length RSA_R_INVALID_MESSAGE_LENGTH:131:invalid message length RSA_R_INVALID_MGF1_MD:156:invalid mgf1 md RSA_R_INVALID_MODULUS:174:invalid modulus diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 3c6f789c3e..85ae524015 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -329,7 +329,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, /* A.1.1.2 Step (5) : generate seed with size seed_len */ if (generate_seed - && RAND_bytes_ex(libctx, seed, (int)seedlen, 0) < 0) + && RAND_bytes_ex(libctx, seed, seedlen, 0) < 0) goto err; /* * A.1.1.2 Step (6) AND @@ -399,7 +399,7 @@ static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, if (!BN_GENCB_call(cb, 0, m++)) goto err; - if (generate_seed && RAND_bytes_ex(libctx, seed, (int)qsize, 0) <= 0) + if (generate_seed && RAND_bytes_ex(libctx, seed, qsize, 0) <= 0) goto err; memcpy(buf, seed, qsize); diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 041711d7d4..be4ed16ab7 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -259,8 +259,10 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, } p12->mac->salt->length = saltlen; if (!salt) { + if (saltlen < 0) + return 0; if (RAND_bytes_ex(p12->authsafes->ctx.libctx, p12->mac->salt->data, - saltlen, 0) <= 0) + (size_t)saltlen, 0) <= 0) return 0; } else memcpy(p12->mac->salt->data, salt, saltlen); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 7ad05ea008..56e615f6b9 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -315,7 +315,7 @@ const RAND_METHOD *RAND_get_rand_method(void) * the default method, then just call RAND_bytes(). Otherwise make * sure we're instantiated and use the private DRBG. */ -int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num, +int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, unsigned int strength) { EVP_RAND_CTX *rand; @@ -339,10 +339,12 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num, int RAND_priv_bytes(unsigned char *buf, int num) { - return RAND_priv_bytes_ex(NULL, buf, num, 0); + if (num < 0) + return 0; + return RAND_priv_bytes_ex(NULL, buf, (size_t)num, 0); } -int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num, +int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, unsigned int strength) { EVP_RAND_CTX *rand; @@ -366,7 +368,9 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num, int RAND_bytes(unsigned char *buf, int num) { - return RAND_bytes_ex(NULL, buf, num, 0); + if (num < 0) + return 0; + return RAND_bytes_ex(NULL, buf, (size_t)num, 0); } typedef struct rand_global_st { diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 85bee965fc..269971c07b 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -57,6 +57,7 @@ static const ERR_STRING_DATA RSA_str_reasons[] = { {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEYPAIR), "invalid keypair"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"}, + {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LENGTH), "invalid length"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"}, {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"}, diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 5068057fd1..00646648c7 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -77,6 +77,10 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, mgf1md = md; mdlen = EVP_MD_size(md); + if (mdlen <= 0) { + ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); + return 0; + } /* step 2b: check KLen > nLen - 2 HLen - 2 */ if (flen > emlen - 2 * mdlen - 1) { diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 9094b1ac50..f1eabf177c 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -128,6 +128,9 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; + } else if (flen < 0) { + ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); + return 0; } p = (unsigned char *)to; diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index 832790fb95..3267d8fbb1 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -12,9 +12,9 @@ RAND_pseudo_bytes - generate random data int RAND_bytes(unsigned char *buf, int num); int RAND_priv_bytes(unsigned char *buf, int num); - int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num, + int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, unsigned int strength); - int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num, + int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, unsigned int strength); Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining diff --git a/include/crypto/ecerr.h b/include/crypto/ecerr.h index e08a4dba97..07b6c7aa62 100644 --- a/include/crypto/ecerr.h +++ b/include/crypto/ecerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index a017fbeb76..49088d208b 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -56,6 +56,7 @@ # define EC_R_INVALID_GENERATOR 173 # define EC_R_INVALID_GROUP_ORDER 122 # define EC_R_INVALID_KEY 116 +# define EC_R_INVALID_LENGTH 117 # define EC_R_INVALID_NAMED_GROUP_CONVERSION 174 # define EC_R_INVALID_OUTPUT_LENGTH 161 # define EC_R_INVALID_P 172 diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 304fd9fe1e..ad3054fd57 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -65,14 +65,14 @@ int RAND_priv_bytes(unsigned char *buf, int num); * Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX and * a strength. */ -int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num, +int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, unsigned int strength); /* * Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX and * a strength. */ -int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num, +int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, unsigned int strength); # ifndef OPENSSL_NO_DEPRECATED_1_1_0 diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h index 4335f1cb33..c58463c7c1 100644 --- a/include/openssl/rsaerr.h +++ b/include/openssl/rsaerr.h @@ -48,6 +48,7 @@ # define RSA_R_INVALID_KEYPAIR 171 # define RSA_R_INVALID_KEY_LENGTH 173 # define RSA_R_INVALID_LABEL 160 +# define RSA_R_INVALID_LENGTH 181 # define RSA_R_INVALID_MESSAGE_LENGTH 131 # define RSA_R_INVALID_MGF1_MD 156 # define RSA_R_INVALID_MODULUS 174 diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index c10a1e46b2..82bb013865 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2853,7 +2853,7 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; /* TODO(size_t): Convert this function */ - if (RAND_bytes_ex(s->ctx->libctx, pms + 2, (int)(pmslen - 2), 0) <= 0) { + if (RAND_bytes_ex(s->ctx->libctx, pms + 2, pmslen - 2, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; } @@ -3060,7 +3060,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) /* Generate session key * TODO(size_t): Convert this function */ - || RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) { + || RAND_bytes_ex(s->ctx->libctx, pms, pmslen, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; }; @@ -3185,7 +3185,7 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt) goto err; } - if (RAND_bytes_ex(s->ctx->libctx, pms, (int)pmslen, 0) <= 0) { + if (RAND_bytes_ex(s->ctx->libctx, pms, pmslen, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index bf4a486a8d..15bcdae387 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3778,7 +3778,8 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, } iv_len = EVP_CIPHER_iv_length(cipher); - if (RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0 + if (iv_len < 0 + || RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0 || !EVP_EncryptInit_ex(ctx, cipher, NULL, tctx->ext.secure->tick_aes_key, iv) || !ssl_hmac_init(hctx, tctx->ext.secure->tick_hmac_key, From pauli at openssl.org Tue Jun 1 08:47:03 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 01 Jun 2021 08:47:03 +0000 Subject: [openssl] master update Message-ID: <1622537223.973901.6384.nullmailer@dev.openssl.org> The branch master has been updated via 8ee66a092c07e618191ef49c8912f8235b08bb95 (commit) from 28cab20916731c188180628330de27f6ce5f684e (commit) - Log ----------------------------------------------------------------- commit 8ee66a092c07e618191ef49c8912f8235b08bb95 Author: Pauli Date: Mon May 31 09:26:05 2021 +1000 req: fix Coverity 1485137 Explicit null dereference Add a check for a non-existent file name when specifying params via file. Add a check for a failure to determine key type. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15534) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/apps/req.c b/apps/req.c index a9769b7452..3b0545fd6e 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1522,6 +1522,12 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, if (strncmp(gstr, "param", len) == 0) { expect_paramfile = 1; + if (p == NULL) { + BIO_printf(bio_err, + "Parameter file requested but no path given: %s\n", + gstr); + return NULL; + } } else { keytype = gstr; keytypelen = len; @@ -1569,6 +1575,11 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, } if (keytype == NULL) { keytype = EVP_PKEY_get0_type_name(param); + if (keytype == NULL) { + EVP_PKEY_free(param); + BIO_puts(bio_err, "Unable to determine key type\n"); + return NULL; + } } } From no-reply at appveyor.com Tue Jun 1 09:24:11 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Jun 2021 09:24:11 +0000 Subject: Build failed: openssl master.42211 Message-ID: <20210601092411.1.502E07728626BAF0@appveyor.com> An HTML attachment was scrubbed... URL: From tomas at openssl.org Tue Jun 1 10:17:01 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Tue, 01 Jun 2021 10:17:01 +0000 Subject: [openssl] master update Message-ID: <1622542621.147900.10905.nullmailer@dev.openssl.org> The branch master has been updated via 5e2d22d53ed322a7124e26a4fbd116a8210eb77a (commit) via e3c7595521c88579b9eaf02fc11025a2ecdb6ad5 (commit) via 169eca602c67f37abf0a44e1605998d5e7f04fa6 (commit) from 8ee66a092c07e618191ef49c8912f8235b08bb95 (commit) - Log ----------------------------------------------------------------- commit 5e2d22d53ed322a7124e26a4fbd116a8210eb77a Author: Jon Spillett Date: Tue May 18 13:37:35 2021 +1000 Pass library context and property query into private key decoders Reviewed-by: Shane Lontis Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14587) commit e3c7595521c88579b9eaf02fc11025a2ecdb6ad5 Author: Jon Spillett Date: Thu May 6 11:55:42 2021 +1000 Fix up encoder/decoder issues caused by not passing a library context to the PKCS8 encrypt/decrypt Reviewed-by: Shane Lontis Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14587) commit 169eca602c67f37abf0a44e1605998d5e7f04fa6 Author: Jon Spillett Date: Mon Mar 15 14:26:09 2021 +1000 Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers Reviewed-by: Shane Lontis Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14587) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pvkfmt.c | 115 +++++++++----- doc/build.info | 6 + doc/man3/b2i_PVK_bio_ex.pod | 69 +++++++++ include/crypto/pem.h | 4 + include/openssl/pem.h | 5 + .../implementations/encode_decode/decode_der2key.c | 2 +- .../implementations/encode_decode/decode_pvk2key.c | 10 +- .../implementations/encode_decode/encode_key2any.c | 3 +- .../implementations/encode_decode/encode_key2ms.c | 5 +- test/endecode_test.c | 166 ++++++++++++++++----- test/evp_libctx_test.c | 2 +- test/recipes/04-test_encoder_decoder.t | 43 ++++-- test/testutil.h | 7 + test/testutil/provider.c | 14 +- util/libcrypto.num | 2 + util/missingcrypto.txt | 2 - 16 files changed, 357 insertions(+), 98 deletions(-) create mode 100644 doc/man3/b2i_PVK_bio_ex.pod diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 51d3ec476b..1ff68e2158 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -792,22 +792,27 @@ int ossl_do_PVK_header(const unsigned char **in, unsigned int length, #ifndef OPENSSL_NO_RC4 static int derive_pvk_key(unsigned char *key, const unsigned char *salt, unsigned int saltlen, - const unsigned char *pass, int passlen) + const unsigned char *pass, int passlen, + OSSL_LIB_CTX *libctx, const char *propq) { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - EVP_MD *md = EVP_MD_fetch(NULL, SN_sha1, NULL); - int rv = 1; + int rv = 0; + EVP_MD *sha1 = NULL; - if (md == NULL - || mctx == NULL - || !EVP_DigestInit_ex(mctx, md, NULL) + if ((sha1 = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL) + goto err; + + if (mctx == NULL + || !EVP_DigestInit_ex(mctx, sha1, NULL) || !EVP_DigestUpdate(mctx, salt, saltlen) || !EVP_DigestUpdate(mctx, pass, passlen) || !EVP_DigestFinal_ex(mctx, key, NULL)) - rv = 0; + goto err; + rv = 1; +err: EVP_MD_CTX_free(mctx); - EVP_MD_free(md); + EVP_MD_free(sha1); return rv; } #endif @@ -815,14 +820,18 @@ static int derive_pvk_key(unsigned char *key, static void *do_PVK_body_key(const unsigned char **in, unsigned int saltlen, unsigned int keylen, pem_password_cb *cb, void *u, - int *isdss, int *ispub) + int *isdss, int *ispub, + OSSL_LIB_CTX *libctx, const char *propq) { const unsigned char *p = *in; unsigned char *enctmp = NULL; unsigned char keybuf[20]; void *key = NULL; - +#ifndef OPENSSL_NO_RC4 + EVP_CIPHER *rc4 = NULL; +#endif EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new(); + if (saltlen) { #ifndef OPENSSL_NO_RC4 unsigned int magic; @@ -844,7 +853,7 @@ static void *do_PVK_body_key(const unsigned char **in, goto err; } if (!derive_pvk_key(keybuf, p, saltlen, - (unsigned char *)psbuf, inlen)) + (unsigned char *)psbuf, inlen, libctx, propq)) goto err; p += saltlen; /* Copy BLOBHEADER across, decrypt rest */ @@ -856,7 +865,9 @@ static void *do_PVK_body_key(const unsigned char **in, } inlen = keylen - 8; q = enctmp + 8; - if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) + if ((rc4 = EVP_CIPHER_fetch(libctx, "RC4", propq)) == NULL) + goto err; + if (!EVP_DecryptInit_ex(cctx, rc4, NULL, keybuf, NULL)) goto err; if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) goto err; @@ -866,7 +877,7 @@ static void *do_PVK_body_key(const unsigned char **in, if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { q = enctmp + 8; memset(keybuf + 5, 0, 11); - if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) + if (!EVP_DecryptInit_ex(cctx, rc4, NULL, keybuf, NULL)) goto err; if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) goto err; @@ -888,6 +899,9 @@ static void *do_PVK_body_key(const unsigned char **in, key = do_b2i_key(&p, keylen, isdss, ispub); err: EVP_CIPHER_CTX_free(cctx); +#ifndef OPENSSL_NO_RC4 + EVP_CIPHER_free(rc4); +#endif if (enctmp != NULL) { OPENSSL_cleanse(keybuf, sizeof(keybuf)); OPENSSL_free(enctmp); @@ -896,7 +910,8 @@ static void *do_PVK_body_key(const unsigned char **in, } static void *do_PVK_key_bio(BIO *in, pem_password_cb *cb, void *u, - int *isdss, int *ispub) + int *isdss, int *ispub, + OSSL_LIB_CTX *libctx, const char *propq) { unsigned char pvk_hdr[24], *buf = NULL; const unsigned char *p; @@ -923,7 +938,7 @@ static void *do_PVK_key_bio(BIO *in, pem_password_cb *cb, void *u, ERR_raise(ERR_LIB_PEM, PEM_R_PVK_DATA_TOO_SHORT); goto err; } - key = do_PVK_body_key(&p, saltlen, keylen, cb, u, isdss, ispub); + key = do_PVK_body_key(&p, saltlen, keylen, cb, u, isdss, ispub, libctx, propq); err: OPENSSL_clear_free(buf, buflen); @@ -931,40 +946,61 @@ static void *do_PVK_key_bio(BIO *in, pem_password_cb *cb, void *u, } #ifndef OPENSSL_NO_DSA -DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u) +DSA *b2i_DSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq) { int isdss = 1; int ispub = 0; /* PVK keys are always private */ - return do_PVK_key_bio(in, cb, u, &isdss, &ispub); + return do_PVK_key_bio(in, cb, u, &isdss, &ispub, libctx, propq); +} + +DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u) +{ + return b2i_DSA_PVK_bio_ex(in, cb, u, NULL, NULL); } #endif -RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u) +RSA *b2i_RSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq) { int isdss = 0; int ispub = 0; /* PVK keys are always private */ - return do_PVK_key_bio(in, cb, u, &isdss, &ispub); + return do_PVK_key_bio(in, cb, u, &isdss, &ispub, libctx, propq); } -EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) +RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u) +{ + return b2i_RSA_PVK_bio_ex(in, cb, u, NULL, NULL); +} + +EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq) { int isdss = -1; int ispub = -1; - void *key = do_PVK_key_bio(in, cb, u, &isdss, &ispub); + void *key = do_PVK_key_bio(in, cb, u, &isdss, &ispub, NULL, NULL); return evp_pkey_new0_key(key, isdss_to_evp_type(isdss)); } +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) +{ + return b2i_PVK_bio_ex(in, cb, u, NULL, NULL); +} + static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, + const char *propq) { + int ret = -1; int outlen = 24, pklen; unsigned char *p = NULL, *start = NULL; EVP_CIPHER_CTX *cctx = NULL; #ifndef OPENSSL_NO_RC4 unsigned char *salt = NULL; + EVP_CIPHER *rc4 = NULL; #endif if (enclevel) @@ -1002,7 +1038,7 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, write_ledword(&p, pklen); if (enclevel) { #ifndef OPENSSL_NO_RC4 - if (RAND_bytes(p, PVK_SALTLEN) <= 0) + if (RAND_bytes_ex(libctx, p, PVK_SALTLEN, 0) <= 0) goto error; salt = p; p += PVK_SALTLEN; @@ -1014,7 +1050,6 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, char psbuf[PEM_BUFSIZE]; unsigned char keybuf[20]; int enctmplen, inlen; - if (cb) inlen = cb(psbuf, PEM_BUFSIZE, 1, u); else @@ -1024,12 +1059,14 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, goto error; } if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, - (unsigned char *)psbuf, inlen)) + (unsigned char *)psbuf, inlen, libctx, propq)) + goto error; + if ((rc4 = EVP_CIPHER_fetch(libctx, "RC4", propq)) == NULL) goto error; if (enclevel == 1) memset(keybuf + 5, 0, 11); p = salt + PVK_SALTLEN + 8; - if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) + if (!EVP_EncryptInit_ex(cctx, rc4, NULL, keybuf, NULL)) goto error; OPENSSL_cleanse(keybuf, 20); if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) @@ -1042,27 +1079,28 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, #endif } - EVP_CIPHER_CTX_free(cctx); - if (*out == NULL) *out = start; - - return outlen; - + ret = outlen; error: EVP_CIPHER_CTX_free(cctx); +#ifndef OPENSSL_NO_RC4 + EVP_CIPHER_free(rc4); +#endif if (*out == NULL) OPENSSL_free(start); - return -1; + + return ret; } -int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u) +int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, + const char *propq) { unsigned char *tmp = NULL; int outlen, wrlen; - outlen = i2b_PVK(&tmp, pk, enclevel, cb, u); + outlen = i2b_PVK(&tmp, pk, enclevel, cb, u, libctx, propq); if (outlen < 0) return -1; wrlen = BIO_write(out, tmp, outlen); @@ -1073,3 +1111,10 @@ int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, ERR_raise(ERR_LIB_PEM, PEM_R_BIO_WRITE_FAILURE); return -1; } + +int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u) +{ + return i2b_PVK_bio_ex(out, pk, enclevel, cb, u, NULL, NULL); +} + diff --git a/doc/build.info b/doc/build.info index b77c04d2b6..42c1804d6c 100644 --- a/doc/build.info +++ b/doc/build.info @@ -2779,6 +2779,10 @@ DEPEND[html/man3/X509v3_get_ext_by_NID.html]=man3/X509v3_get_ext_by_NID.pod GENERATE[html/man3/X509v3_get_ext_by_NID.html]=man3/X509v3_get_ext_by_NID.pod DEPEND[man/man3/X509v3_get_ext_by_NID.3]=man3/X509v3_get_ext_by_NID.pod GENERATE[man/man3/X509v3_get_ext_by_NID.3]=man3/X509v3_get_ext_by_NID.pod +DEPEND[html/man3/b2i_PVK_bio_ex.html]=man3/b2i_PVK_bio_ex.pod +GENERATE[html/man3/b2i_PVK_bio_ex.html]=man3/b2i_PVK_bio_ex.pod +DEPEND[man/man3/b2i_PVK_bio_ex.3]=man3/b2i_PVK_bio_ex.pod +GENERATE[man/man3/b2i_PVK_bio_ex.3]=man3/b2i_PVK_bio_ex.pod DEPEND[html/man3/d2i_PKCS8PrivateKey_bio.html]=man3/d2i_PKCS8PrivateKey_bio.pod GENERATE[html/man3/d2i_PKCS8PrivateKey_bio.html]=man3/d2i_PKCS8PrivateKey_bio.pod DEPEND[man/man3/d2i_PKCS8PrivateKey_bio.3]=man3/d2i_PKCS8PrivateKey_bio.pod @@ -3398,6 +3402,7 @@ html/man3/X509_sign.html \ html/man3/X509_verify.html \ html/man3/X509_verify_cert.html \ html/man3/X509v3_get_ext_by_NID.html \ +html/man3/b2i_PVK_bio_ex.html \ html/man3/d2i_PKCS8PrivateKey_bio.html \ html/man3/d2i_PrivateKey.html \ html/man3/d2i_RSAPrivateKey.html \ @@ -3986,6 +3991,7 @@ man/man3/X509_sign.3 \ man/man3/X509_verify.3 \ man/man3/X509_verify_cert.3 \ man/man3/X509v3_get_ext_by_NID.3 \ +man/man3/b2i_PVK_bio_ex.3 \ man/man3/d2i_PKCS8PrivateKey_bio.3 \ man/man3/d2i_PrivateKey.3 \ man/man3/d2i_RSAPrivateKey.3 \ diff --git a/doc/man3/b2i_PVK_bio_ex.pod b/doc/man3/b2i_PVK_bio_ex.pod new file mode 100644 index 0000000000..bd670b2614 --- /dev/null +++ b/doc/man3/b2i_PVK_bio_ex.pod @@ -0,0 +1,69 @@ +=pod + +=head1 NAME + +b2i_PVK_bio, b2i_PVK_bio_ex, i2b_PVK_bio, i2b_PVK_bio_ex - Decode and encode +functions for reading and writing MSBLOB format private keys + +=head1 SYNOPSIS + + #include + + EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); + EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); + int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); + int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); + +=head1 DESCRIPTION + +b2i_PVK_bio_ex() decodes a private key of MSBLOB format read from a B. It +attempts to automatically determine the key type. If the key is encrypted then +I is called with the user data I in order to obtain a password to decrypt +the key. The supplied library context I and property query +string I are used in any decrypt operation. + +b2i_PVK_bio() does the same as b2i_PVK_bio_ex() except that the default +library context and property query string are used. + +i2b_PVK_bio_ex() encodes I using MSBLOB format. If I is 1 then +a password obtained via I is used to encrypt the private key. +If I is 0 then no encryption is applied. The user data in I is +passed to the password callback. The supplied library context I and +property query string I are used in any decrypt operation. + +i2b_PVK_bio() does the same as i2b_PVK_bio_ex() except that the default +library context and property query string are used. + +=head1 RETURN VALUES + +The b2i_PVK_bio() and b2i_PVK_bio_ex() functions return a valid B +structure or B if an error occurs. The error code can be obtained by calling +L. + +i2b_PVK_bio() and i2b_PVK_bio_ex() return the number of bytes successfully +encoded or a negative value if an error occurs. The error code can be obtained +by calling L. + +=head1 SEE ALSO + +L, +L + +=head1 HISTORY + +b2i_PVK_bio_ex() and i2b_PVK_bio_ex() were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/include/crypto/pem.h b/include/crypto/pem.h index 2a0e6424a5..840dc18f06 100644 --- a/include/crypto/pem.h +++ b/include/crypto/pem.h @@ -40,8 +40,12 @@ EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub); # ifndef OPENSSL_NO_DEPRECATED_3_0 # ifndef OPENSSL_NO_DSA DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +DSA *b2i_DSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); # endif RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +RSA *b2i_RSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); # endif #endif diff --git a/include/openssl/pem.h b/include/openssl/pem.h index aaf4e262af..80940dfa96 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -524,8 +524,13 @@ EVP_PKEY *b2i_PublicKey_bio(BIO *in); int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk); int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk); EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u); +int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); # ifdef __cplusplus } diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 01c050ccb0..b3fd87ca05 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -134,7 +134,7 @@ static void *der2key_decode_p8(const unsigned char **input_der, if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); else - p8inf = PKCS8_decrypt(p8, pbuf, plen); + p8inf = PKCS8_decrypt_ex(p8, pbuf, plen, PROV_LIBCTX_OF(ctx->provctx), NULL); if (p8inf == NULL) ctx->flag_fatal = 1; X509_SIG_free(p8); diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c index 702c89a928..b69b2416a5 100644 --- a/providers/implementations/encode_decode/decode_pvk2key.c +++ b/providers/implementations/encode_decode/decode_pvk2key.c @@ -33,7 +33,8 @@ struct pvk2key_ctx_st; /* Forward declaration */ typedef int check_key_fn(void *, struct pvk2key_ctx_st *ctx); typedef void adjust_key_fn(void *, struct pvk2key_ctx_st *ctx); -typedef void *b2i_PVK_of_bio_pw_fn(BIO *in, pem_password_cb *cb, void *u); +typedef void *b2i_PVK_of_bio_pw_fn(BIO *in, pem_password_cb *cb, void *u, + OSSL_LIB_CTX *libctx, const char *propq); typedef void free_key_fn(void *); struct keytype_desc_st { int type; /* EVP key type */ @@ -118,7 +119,8 @@ static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg)) goto end; - key = ctx->desc->read_private_key(in, ossl_pw_pem_password, &pwdata); + key = ctx->desc->read_private_key(in, ossl_pw_pem_password, &pwdata, + PROV_LIBCTX_OF(ctx->provctx), NULL); /* * Because the PVK API doesn't have a separate decrypt call, we need @@ -204,13 +206,13 @@ static int pvk2key_export_object(void *vctx, /* ---------------------------------------------------------------------- */ -#define dsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_DSA_PVK_bio +#define dsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_DSA_PVK_bio_ex #define dsa_adjust NULL #define dsa_free (void (*)(void *))DSA_free /* ---------------------------------------------------------------------- */ -#define rsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_RSA_PVK_bio +#define rsa_private_key_bio (b2i_PVK_of_bio_pw_fn *)b2i_RSA_PVK_bio_ex static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx) { diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index 93f725d906..f95c785522 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -106,6 +106,7 @@ static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, X509_SIG *p8 = NULL; char kstr[PEM_BUFSIZE]; size_t klen = 0; + OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); if (ctx->cipher == NULL) return NULL; @@ -116,7 +117,7 @@ static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, return NULL; } /* First argument == -1 means "standard" */ - p8 = PKCS8_encrypt(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info); + p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); OPENSSL_cleanse(kstr, klen); return p8; } diff --git a/providers/implementations/encode_decode/encode_key2ms.c b/providers/implementations/encode_decode/encode_key2ms.c index 81dfcd0ecc..79012e673e 100644 --- a/providers/implementations/encode_decode/encode_key2ms.c +++ b/providers/implementations/encode_decode/encode_key2ms.c @@ -52,10 +52,11 @@ static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout, { BIO *out = NULL; int ret = 0; + OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); out = ossl_bio_new_from_core_bio(ctx->provctx, cout); - ret = i2b_PVK_bio(out, pkey, ctx->pvk_encr_level, - ossl_pw_pem_password, &ctx->pwdata); + ret = i2b_PVK_bio_ex(out, pkey, ctx->pvk_encr_level, + ossl_pw_pem_password, &ctx->pwdata, libctx, NULL); BIO_free(out); return ret; diff --git a/test/endecode_test.c b/test/endecode_test.c index f851f73ffd..f800d7738c 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -41,6 +41,17 @@ # define OPENSSL_NO_KEYPARAMS #endif +static int default_libctx = 1; +static int is_fips = 0; + +static OSSL_LIB_CTX *testctx = NULL; +static OSSL_LIB_CTX *keyctx = NULL; +static char *testpropq = NULL; + +static OSSL_PROVIDER *nullprov = NULL; +static OSSL_PROVIDER *deflprov = NULL; +static OSSL_PROVIDER *keyprov = NULL; + #ifndef OPENSSL_NO_EC static BN_CTX *bnctx = NULL; static OSSL_PARAM_BLD *bld_prime_nc = NULL; @@ -68,16 +79,17 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) * for testing only. Use a minimum key size of 2048 for security purposes. */ if (strcmp(type, "DH") == 0) - return get_dh512(NULL); + return get_dh512(keyctx); + if (strcmp(type, "X9.42 DH") == 0) - return get_dhx512(NULL); + return get_dhx512(keyctx); # endif /* * No real need to check the errors other than for the cascade * effect. |pkey| will simply remain NULL if something goes wrong. */ - (void)((ctx = EVP_PKEY_CTX_new_from_name(NULL, type, NULL)) != NULL + (void)((ctx = EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq)) != NULL && EVP_PKEY_paramgen_init(ctx) > 0 && (genparams == NULL || EVP_PKEY_CTX_set_params(ctx, genparams) > 0) @@ -95,8 +107,8 @@ static EVP_PKEY *make_key(const char *type, EVP_PKEY *template, EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = template != NULL - ? EVP_PKEY_CTX_new(template, NULL) - : EVP_PKEY_CTX_new_from_name(NULL, type, NULL); + ? EVP_PKEY_CTX_new_from_pkey(keyctx, template, testpropq) + : EVP_PKEY_CTX_new_from_name(keyctx, type, testpropq); /* * No real need to check the errors other than for the cascade @@ -215,7 +227,7 @@ static int encode_EVP_PKEY_prov(const char *file, const int line, if (!TEST_FL_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, output_type, output_structure, - NULL)) + testpropq)) || !TEST_FL_int_gt(OSSL_ENCODER_CTX_get_num_encoders(ectx), 0) || (pass != NULL && !TEST_FL_true(OSSL_ENCODER_CTX_set_passphrase(ectx, upass, @@ -278,7 +290,7 @@ static int decode_EVP_PKEY_prov(const char *file, const int line, structure_type, keytype, selection, - NULL, NULL)) + testctx, testpropq)) || (pass != NULL && !OSSL_DECODER_CTX_set_passphrase(dctx, upass, strlen(pass))) || !TEST_FL_int_gt(BIO_reset(encoded_bio), 0) @@ -331,7 +343,7 @@ static int encode_EVP_PKEY_legacy_PEM(const char *file, const int line, if (pcipher != NULL && pass != NULL) { passlen = strlen(pass); - if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(NULL, pcipher, NULL))) + if (!TEST_FL_ptr(cipher = EVP_CIPHER_fetch(testctx, pcipher, testpropq))) goto end; } if (!TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) @@ -416,8 +428,8 @@ static int encode_EVP_PKEY_PVK(const char *file, const int line, if (!TEST_FL_true(ossl_assert((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)) || !TEST_FL_ptr(mem_ser = BIO_new(BIO_s_mem())) - || !TEST_FL_int_ge(i2b_PVK_bio(mem_ser, pkey, enc, - pass_pw, (void *)pass), 0) + || !TEST_FL_int_ge(i2b_PVK_bio_ex(mem_ser, pkey, enc, + pass_pw, (void *)pass, testctx, testpropq), 0) || !TEST_FL_true(BIO_get_mem_ptr(mem_ser, &mem_buf) > 0) || !TEST_FL_ptr(*encoded = mem_buf->data) || !TEST_FL_long_gt(*encoded_len = mem_buf->length, 0)) @@ -491,7 +503,7 @@ static int check_unprotected_PKCS8_DER(const char *file, const int line, int ok = 0; if (TEST_FL_ptr(p8inf)) { - EVP_PKEY *pkey = EVP_PKCS82PKEY(p8inf); + EVP_PKEY *pkey = EVP_PKCS82PKEY_ex(p8inf, testctx, testpropq); char *namelist = NULL; if (TEST_FL_ptr(pkey)) { @@ -513,7 +525,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, "DER", "pkcs8", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_unprotected_PKCS8_DER, @@ -533,8 +545,9 @@ static int check_unprotected_PKCS8_PEM(const char *file, const int line, static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) { - return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + return test_encode_decode(__FILE__, __LINE__, type, key, + OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, "PEM", "pkcs8", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_unprotected_PKCS8_PEM, @@ -615,6 +628,9 @@ static int check_unprotected_legacy_PEM(const char *file, const int line, static int test_unprotected_via_legacy_PEM(const char *type, EVP_PKEY *key) { + if (!default_libctx || is_fips) + return TEST_skip("Test not available if using a non-default library context or FIPS provider"); + return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, @@ -731,6 +747,9 @@ static int check_protected_legacy_PEM(const char *file, const int line, static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key) { + if (!default_libctx || is_fips) + return TEST_skip("Test not available if using a non-default library context or FIPS provider"); + return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, @@ -743,12 +762,19 @@ static int test_protected_via_legacy_PEM(const char *type, EVP_PKEY *key) #ifndef OPENSSL_NO_RC4 static int test_protected_via_PVK(const char *type, EVP_PKEY *key) { - return test_encode_decode(__FILE__, __LINE__, type, key, + int ret = 0; + OSSL_PROVIDER *lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); + if (lgcyprov == NULL) + return TEST_skip("Legacy provider not available"); + + ret = test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, "PVK", NULL, pass, NULL, encode_EVP_PKEY_PVK, decode_EVP_PKEY_prov, test_mem, check_PVK, dump_der, 0); + OSSL_PROVIDER_unload(lgcyprov); + return ret; } #endif @@ -756,7 +782,7 @@ static int check_public_DER(const char *file, const int line, const char *type, const void *data, size_t data_len) { const unsigned char *datap = data; - EVP_PKEY *pkey = d2i_PUBKEY(NULL, &datap, data_len); + EVP_PKEY *pkey = d2i_PUBKEY_ex(NULL, &datap, data_len, testctx, testpropq); int ok = (TEST_FL_ptr(pkey) && TEST_FL_true(EVP_PKEY_is_a(pkey, type))); EVP_PKEY_free(pkey); @@ -767,7 +793,7 @@ static int test_public_via_DER(const char *type, EVP_PKEY *key) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, "DER", "SubjectPublicKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_public_DER, dump_der, 0); @@ -788,7 +814,7 @@ static int test_public_via_PEM(const char *type, EVP_PKEY *key) { return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_PUBLIC_KEY - | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, + | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, "PEM", "SubjectPublicKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_public_PEM, dump_pem, 0); @@ -1184,14 +1210,42 @@ static int create_ec_explicit_trinomial_params(OSSL_PARAM_BLD *bld) # endif /* OPENSSL_NO_EC2M */ #endif /* OPENSSL_NO_EC */ -#define USAGE "rsa-key.pem rsa-pss-key.pem\n" -OPT_TEST_DECLARE_USAGE(USAGE) +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_CONTEXT, + OPT_RSA_FILE, + OPT_RSA_PSS_FILE, + OPT_CONFIG_FILE, + OPT_PROVIDER_NAME, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "context", OPT_CONTEXT, '-', + "Explicitly use a non-default library context" }, + { "rsa", OPT_RSA_FILE, '<', + "PEM format RSA key file to encode/decode" }, + { "pss", OPT_RSA_PSS_FILE, '<', + "PEM format RSA-PSS key file to encode/decode" }, + { "config", OPT_CONFIG_FILE, '<', + "The configuration file to use for the library context" }, + { "provider", OPT_PROVIDER_NAME, 's', + "The provider to load (The default value is 'default')" }, + { NULL } + }; + return options; +} int setup_tests(void) { -# ifndef OPENSSL_NO_RC4 - int use_legacy = OSSL_PROVIDER_available(NULL, "legacy"); -#endif + const char *rsa_file = NULL; + const char *rsa_pss_file = NULL; + const char *prov_name = "default"; + char *config_file = NULL; int ok = 1; #ifndef OPENSSL_NO_DSA @@ -1212,17 +1266,51 @@ int setup_tests(void) }; #endif - if (!test_skip_common_options()) { - TEST_error("Error parsing test options\n"); - return 0; + OPTION_CHOICE o; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_CONTEXT: + default_libctx = 0; + break; + case OPT_PROVIDER_NAME: + prov_name = opt_arg(); + break; + case OPT_CONFIG_FILE: + config_file = opt_arg(); + break; + case OPT_RSA_FILE: + rsa_file = opt_arg(); + break; + case OPT_RSA_PSS_FILE: + rsa_pss_file = opt_arg(); + break; + case OPT_TEST_CASES: + break; + default: + return 0; + } } - if (test_get_argument_count() != 2) { - TEST_error("usage: endecode_test %s", USAGE); - return 0; + + if (strcmp(prov_name, "fips") == 0) + is_fips = 1; + + if (default_libctx) { + if (!test_get_libctx(NULL, NULL, config_file, &deflprov, prov_name)) + return 0; + } else { + if (!test_get_libctx(&testctx, &nullprov, config_file, &deflprov, prov_name)) + return 0; } + /* Separate provider/ctx for generating the test data */ + if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new())) + return 0; + if (!TEST_ptr(keyprov = OSSL_PROVIDER_load(keyctx, "default"))) + return 0; + #ifndef OPENSSL_NO_EC - if (!TEST_ptr(bnctx = BN_CTX_new_ex(NULL)) + if (!TEST_ptr(bnctx = BN_CTX_new_ex(testctx)) || !TEST_ptr(bld_prime_nc = OSSL_PARAM_BLD_new()) || !TEST_ptr(bld_prime = OSSL_PARAM_BLD_new()) || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc) @@ -1267,9 +1355,9 @@ int setup_tests(void) MAKE_KEYS(X448, "X448", NULL); #endif TEST_info("Loading RSA key..."); - ok = ok && TEST_ptr(key_RSA = load_pkey_pem(test_get_argument(0), NULL)); + ok = ok && TEST_ptr(key_RSA = load_pkey_pem(rsa_file, keyctx)); TEST_info("Loading RSA_PSS key..."); - ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(test_get_argument(1), NULL)); + ok = ok && TEST_ptr(key_RSA_PSS = load_pkey_pem(rsa_pss_file, keyctx)); TEST_info("Generating keys done"); if (ok) { @@ -1290,9 +1378,7 @@ int setup_tests(void) ADD_TEST_SUITE_MSBLOB(DSA); ADD_TEST_SUITE_UNPROTECTED_PVK(DSA); # ifndef OPENSSL_NO_RC4 - if (use_legacy) { - ADD_TEST_SUITE_PROTECTED_PVK(DSA); - } + ADD_TEST_SUITE_PROTECTED_PVK(DSA); # endif #endif #ifndef OPENSSL_NO_EC @@ -1328,9 +1414,7 @@ int setup_tests(void) ADD_TEST_SUITE_MSBLOB(RSA); ADD_TEST_SUITE_UNPROTECTED_PVK(RSA); # ifndef OPENSSL_NO_RC4 - if (use_legacy) { - ADD_TEST_SUITE_PROTECTED_PVK(RSA); - } + ADD_TEST_SUITE_PROTECTED_PVK(RSA); # endif } @@ -1375,4 +1459,10 @@ void cleanup_tests(void) #endif FREE_KEYS(RSA); FREE_KEYS(RSA_PSS); + + OSSL_PROVIDER_unload(nullprov); + OSSL_PROVIDER_unload(deflprov); + OSSL_PROVIDER_unload(keyprov); + OSSL_LIB_CTX_free(testctx); + OSSL_LIB_CTX_free(keyctx); } diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index 5e8f436cca..f51de88c55 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -55,7 +55,7 @@ const OPTIONS *test_get_options(void) { "config", OPT_CONFIG_FILE, '<', "The configuration file to use for the libctx" }, { "provider", OPT_PROVIDER_NAME, 's', - "The provider to load (The default value is 'default'" }, + "The provider to load (The default value is 'default')" }, { NULL } }; return test_options; diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/04-test_encoder_decoder.t index 0152519716..19541610a9 100644 --- a/test/recipes/04-test_encoder_decoder.t +++ b/test/recipes/04-test_encoder_decoder.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,18 +9,43 @@ use strict; use warnings; -use OpenSSL::Test::Simple; -use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/; -use Cwd qw(abs_path); +use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/; +use OpenSSL::Test::Utils; -setup("test_encoder_decoder"); +BEGIN { + setup("test_encoder_decoder"); +} -plan tests => 1; +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; -$ENV{OPENSSL_MODULES} = abs_path(bldtop_dir("providers")); -$ENV{OPENSSL_CONF} = abs_path(srctop_file("test", "default-and-legacy.cnf")); +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my $rsa_key = srctop_file("test", "certs", "ee-key.pem"); my $pss_key = srctop_file("test", "certs", "ca-pss-key.pem"); -ok(run(test(["endecode_test", $rsa_key, $pss_key]))); +plan tests => ($no_fips ? 0 : 1) + 2; # FIPS install test + test + +my $conf = srctop_file("test", "default.cnf"); +ok(run(test(["endecode_test", "-rsa", $rsa_key, + "-pss", $pss_key, + "-config", $conf, + "-provider", "default"]))); + +# Run with non-default library context +ok(run(test(["endecode_test", "-rsa", $rsa_key, + "-pss", $pss_key, + "-context", + "-config", $conf, + "-provider", "default"]))); + +unless ($no_fips) { + # Run with fips library context + my $conf = srctop_file("test", "fips-and-base.cnf"); + ok(run(test(["endecode_test", "-rsa", $rsa_key, + "-pss", $pss_key, + "-config", $conf, + "-provider", "fips"]))); +} + diff --git a/test/testutil.h b/test/testutil.h index 9311e2ce58..710f51c147 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -206,6 +206,13 @@ size_t test_get_argument_count(void); */ int test_skip_common_options(void); +/* + * Get a library context for the tests, populated with the specified provider + * and configuration. If default_null_prov is not NULL, a "null" provider is + * loaded into the default library context to prevent it being used. + * If libctx is NULL, the specified provider is loaded into the default library + * context. + */ int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, const char *config_file, OSSL_PROVIDER **provider, const char *module_name); diff --git a/test/testutil/provider.c b/test/testutil/provider.c index c50ef035fc..5a571bf5de 100644 --- a/test/testutil/provider.c +++ b/test/testutil/provider.c @@ -15,9 +15,13 @@ int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, const char *config_file, OSSL_PROVIDER **provider, const char *module_name) { - if ((*libctx = OSSL_LIB_CTX_new()) == NULL) { - opt_printf_stderr("Failed to create libctx\n"); - goto err; + OSSL_LIB_CTX *new_libctx = NULL; + + if (libctx != NULL) { + if ((new_libctx = *libctx = OSSL_LIB_CTX_new()) == NULL) { + opt_printf_stderr("Failed to create libctx\n"); + goto err; + } } if (default_null_prov != NULL @@ -27,13 +31,13 @@ int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, } if (config_file != NULL - && !OSSL_LIB_CTX_load_config(*libctx, config_file)) { + && !OSSL_LIB_CTX_load_config(new_libctx, config_file)) { opt_printf_stderr("Error loading config from file %s\n", config_file); goto err; } if (module_name != NULL - && (*provider = OSSL_PROVIDER_load(*libctx, module_name)) == NULL) { + && (*provider = OSSL_PROVIDER_load(new_libctx, module_name)) == NULL) { opt_printf_stderr("Failed to load provider %s\n", module_name); goto err; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 1016d9c327..c7d89421a2 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5416,3 +5416,5 @@ OSSL_PROVIDER_get0_dispatch 5543 3_0_0 EXIST::FUNCTION: PKCS5_PBE_keyivgen_ex 5544 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_get_block_size 5545 3_0_0 EXIST::FUNCTION: BIO_debug_callback_ex 5546 3_0_0 EXIST::FUNCTION: +b2i_PVK_bio_ex 5547 3_0_0 EXIST::FUNCTION: +i2b_PVK_bio_ex 5548 3_0_0 EXIST::FUNCTION: diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 04eace5da7..df71963deb 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -1413,7 +1413,6 @@ a2i_ASN1_STRING(3) a2i_GENERAL_NAME(3) a2i_IPADDRESS(3) a2i_IPADDRESS_NC(3) -b2i_PVK_bio(3) b2i_PrivateKey(3) b2i_PrivateKey_bio(3) b2i_PublicKey(3) @@ -1429,7 +1428,6 @@ i2a_ASN1_ENUMERATED(3) i2a_ASN1_INTEGER(3) i2a_ASN1_OBJECT(3) i2a_ASN1_STRING(3) -i2b_PVK_bio(3) i2b_PrivateKey_bio(3) i2b_PublicKey_bio(3) i2d_X509_bio(3) From tomas at openssl.org Tue Jun 1 10:44:31 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Tue, 01 Jun 2021 10:44:31 +0000 Subject: [openssl] master update Message-ID: <1622544271.951983.22010.nullmailer@dev.openssl.org> The branch master has been updated via 31b7f23d2f958491d46c8a8e61c2b77b1b546f3e (commit) via c4e91674371404accba3891cbe9d7f976926a337 (commit) via ed576acdf591d4164905ab98e89ca5a3b99d90ab (commit) from 5e2d22d53ed322a7124e26a4fbd116a8210eb77a (commit) - Log ----------------------------------------------------------------- commit 31b7f23d2f958491d46c8a8e61c2b77b1b546f3e Author: Tomas Mraz Date: Fri May 28 17:36:16 2021 +0200 Add documentation of the old names kept as alias macros Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15405) commit c4e91674371404accba3891cbe9d7f976926a337 Author: Tomas Mraz Date: Fri May 28 16:57:22 2021 +0200 Rename also the OSSL_PROVIDER_name() function Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15405) commit ed576acdf591d4164905ab98e89ca5a3b99d90ab Author: Tomas Mraz Date: Fri May 21 16:58:08 2021 +0200 Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15405) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 11 +- apps/cms.c | 2 +- apps/crl.c | 3 +- apps/dgst.c | 8 +- apps/dsa.c | 2 +- apps/ec.c | 2 +- apps/enc.c | 32 +-- apps/gendsa.c | 4 +- apps/genpkey.c | 2 +- apps/lib/s_cb.c | 14 +- apps/list.c | 161 +++++++------- apps/pkeyutl.c | 6 +- apps/rehash.c | 2 +- apps/req.c | 2 +- apps/rsa.c | 2 +- apps/rsautl.c | 2 +- apps/s_client.c | 6 +- apps/speed.c | 34 +-- apps/ts.c | 6 +- crypto/asn1/a_digest.c | 6 +- crypto/asn1/a_sign.c | 10 +- crypto/asn1/a_verify.c | 4 +- crypto/asn1/d2i_param.c | 2 +- crypto/asn1/d2i_pr.c | 2 +- crypto/asn1/d2i_pu.c | 4 +- crypto/asn1/i2d_evp.c | 2 +- crypto/asn1/p5_pbev2.c | 6 +- crypto/asn1/p5_scrypt.c | 12 +- crypto/asn1/x_algor.c | 2 +- crypto/cmac/cmac.c | 10 +- crypto/cmp/cmp_ctx.c | 4 +- crypto/cmp/cmp_protect.c | 6 +- crypto/cms/cms_dh.c | 15 +- crypto/cms/cms_ec.c | 12 +- crypto/cms/cms_enc.c | 15 +- crypto/cms/cms_env.c | 10 +- crypto/cms/cms_kari.c | 14 +- crypto/cms/cms_lib.c | 4 +- crypto/cms/cms_pwri.c | 8 +- crypto/cms/cms_sd.c | 9 +- crypto/cms/cms_smime.c | 2 +- crypto/core_namemap.c | 4 +- crypto/crmf/crmf_lib.c | 10 +- crypto/dh/dh_kdf.c | 4 +- crypto/dh/dh_pmeth.c | 2 +- crypto/dsa/dsa_pmeth.c | 34 +-- crypto/ec/ec_ameth.c | 2 +- crypto/ec/ec_pmeth.c | 26 +-- crypto/ec/ecdh_kdf.c | 2 +- crypto/ec/ecx_meth.c | 20 +- crypto/encode_decode/decoder_lib.c | 2 +- crypto/encode_decode/decoder_meth.c | 14 +- crypto/encode_decode/decoder_pkey.c | 6 +- crypto/encode_decode/encoder_lib.c | 2 +- crypto/encode_decode/encoder_meth.c | 14 +- crypto/encode_decode/encoder_pkey.c | 10 +- crypto/engine/eng_openssl.c | 18 +- crypto/evp/asymcipher.c | 16 +- crypto/evp/bio_enc.c | 4 +- crypto/evp/bio_md.c | 2 +- crypto/evp/bio_ok.c | 12 +- crypto/evp/ctrl_params_translate.c | 28 +-- crypto/evp/digest.c | 12 +- crypto/evp/e_aes.c | 214 +++++++++--------- crypto/evp/e_aes_cbc_hmac_sha1.c | 10 +- crypto/evp/e_aes_cbc_hmac_sha256.c | 10 +- crypto/evp/e_aria.c | 53 +++-- crypto/evp/e_bf.c | 2 +- crypto/evp/e_camellia.c | 47 ++-- crypto/evp/e_cast.c | 2 +- crypto/evp/e_des.c | 26 +-- crypto/evp/e_des3.c | 32 +-- crypto/evp/e_idea.c | 4 +- crypto/evp/e_rc2.c | 8 +- crypto/evp/e_rc4.c | 2 +- crypto/evp/e_rc4_hmac_md5.c | 6 +- crypto/evp/e_rc5.c | 4 +- crypto/evp/e_sm4.c | 2 +- crypto/evp/e_xcbc_d.c | 4 +- crypto/evp/evp_enc.c | 48 ++-- crypto/evp/evp_key.c | 6 +- crypto/evp/evp_lib.c | 90 ++++---- crypto/evp/evp_local.h | 2 +- crypto/evp/evp_pbe.c | 4 +- crypto/evp/evp_pkey.c | 2 +- crypto/evp/evp_rand.c | 24 +- crypto/evp/exchange.c | 16 +- crypto/evp/kdf_lib.c | 8 +- crypto/evp/kdf_meth.c | 10 +- crypto/evp/kem.c | 14 +- crypto/evp/keymgmt_lib.c | 4 +- crypto/evp/keymgmt_meth.c | 18 +- crypto/evp/legacy_md5_sha1.c | 2 +- crypto/evp/legacy_meth.h | 12 +- crypto/evp/legacy_sha.c | 10 +- crypto/evp/m_sigver.c | 8 +- crypto/evp/mac_lib.c | 8 +- crypto/evp/mac_meth.c | 12 +- crypto/evp/p5_crpt.c | 6 +- crypto/evp/p5_crpt2.c | 6 +- crypto/evp/p_dec.c | 2 +- crypto/evp/p_enc.c | 2 +- crypto/evp/p_legacy.c | 2 +- crypto/evp/p_lib.c | 26 +-- crypto/evp/p_seal.c | 6 +- crypto/evp/p_sign.c | 2 +- crypto/evp/pmeth_lib.c | 24 +- crypto/evp/signature.c | 16 +- crypto/ffc/ffc_params_generate.c | 10 +- crypto/hmac/hmac.c | 16 +- crypto/modes/siv128.c | 2 +- crypto/ocsp/ocsp_lib.c | 2 +- crypto/ocsp/ocsp_srv.c | 6 +- crypto/ocsp/ocsp_vfy.c | 2 +- crypto/pem/pem_info.c | 18 +- crypto/pem/pem_lib.c | 17 +- crypto/pem/pem_local.h | 2 +- crypto/pem/pem_pk8.c | 3 +- crypto/pem/pem_sign.c | 2 +- crypto/pem/pvkfmt.c | 2 +- crypto/pkcs12/p12_crpt.c | 8 +- crypto/pkcs12/p12_decr.c | 10 +- crypto/pkcs12/p12_key.c | 3 +- crypto/pkcs12/p12_mutl.c | 6 +- crypto/pkcs7/pk7_doit.c | 24 +- crypto/pkcs7/pk7_lib.c | 6 +- crypto/provider.c | 2 +- crypto/provider_core.c | 2 +- crypto/rand/rand_lib.c | 2 +- crypto/rand/rand_meth.c | 2 +- crypto/rsa/rsa_ameth.c | 23 +- crypto/rsa/rsa_backend.c | 4 +- crypto/rsa/rsa_oaep.c | 6 +- crypto/rsa/rsa_pmeth.c | 28 +-- crypto/rsa/rsa_pss.c | 4 +- crypto/rsa/rsa_sp800_56b_gen.c | 2 +- crypto/sm2/sm2_crypt.c | 10 +- crypto/sm2/sm2_sign.c | 4 +- crypto/store/store_lib.c | 13 +- crypto/store/store_meth.c | 8 +- crypto/store/store_result.c | 4 +- crypto/ts/ts_rsp_sign.c | 6 +- crypto/ts/ts_rsp_verify.c | 2 +- crypto/x509/x509_set.c | 2 +- crypto/x509/x509_vfy.c | 4 +- crypto/x509/x509type.c | 2 +- crypto/x509/x_pubkey.c | 12 +- demos/digest/BIO_f_md.c | 2 +- demos/digest/EVP_MD_demo.c | 4 +- demos/digest/EVP_MD_stdin.c | 4 +- doc/build.info | 12 +- doc/man3/BIO_f_md.pod | 2 +- doc/man3/DH_size.pod | 6 +- doc/man3/DSA_size.pod | 10 +- doc/man3/EVP_ASYM_CIPHER_free.pod | 25 ++- doc/man3/EVP_CIPHER_CTX_get_original_iv.pod | 11 +- doc/man3/EVP_DigestInit.pod | 120 ++++++---- doc/man3/EVP_DigestSignInit.pod | 4 +- doc/man3/EVP_EncryptInit.pod | 247 ++++++++++++++------- doc/man3/EVP_KDF.pod | 31 +-- doc/man3/EVP_KEM_free.pod | 24 +- doc/man3/EVP_KEYEXCH_free.pod | 31 +-- doc/man3/EVP_KEYMGMT.pod | 44 ++-- doc/man3/EVP_MAC.pod | 35 +-- doc/man3/EVP_MD_meth_new.pod | 4 +- doc/man3/EVP_PKEY_ASN1_METHOD.pod | 4 +- doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod | 8 +- .../{EVP_PKEY_size.pod => EVP_PKEY_get_size.pod} | 37 +-- doc/man3/EVP_PKEY_new.pod | 10 +- doc/man3/EVP_PKEY_set1_RSA.pod | 35 +-- doc/man3/EVP_PKEY_set_type.pod | 6 +- doc/man3/EVP_RAND.pod | 55 ++--- doc/man3/EVP_SIGNATURE_free.pod | 27 +-- doc/man3/EVP_SealInit.pod | 4 +- doc/man3/EVP_SignInit.pod | 11 +- doc/man3/OSSL_DECODER.pod | 42 ++-- doc/man3/OSSL_ENCODER.pod | 40 ++-- doc/man3/OSSL_PROVIDER.pod | 6 +- doc/man3/OSSL_STORE_LOADER.pod | 38 ++-- doc/man3/PEM_read_bio_PrivateKey.pod | 4 +- doc/man3/RSA_size.pod | 4 +- doc/man7/EVP_MD-common.pod | 6 +- doc/man7/crypto.pod | 2 +- doc/man7/fips_module.pod | 6 +- doc/man7/migration_guide.pod | 11 +- engines/e_afalg.c | 14 +- engines/e_dasync.c | 4 +- engines/e_devcrypto.c | 28 +-- engines/e_ossltest.c | 14 +- engines/e_padlock.c | 14 +- include/crypto/evp.h | 14 +- include/internal/packet.h | 2 +- include/openssl/decoder.h | 10 +- include/openssl/encoder.h | 10 +- include/openssl/evp.h | 198 ++++++++++------- include/openssl/kdf.h | 11 +- include/openssl/provider.h | 2 +- include/openssl/store.h | 8 +- providers/fips/self_test_kats.c | 2 +- providers/implementations/asymciphers/rsa_enc.c | 4 +- providers/implementations/asymciphers/sm2_enc.c | 2 +- providers/implementations/exchange/dh_exch.c | 2 +- providers/implementations/exchange/ecdh_exch.c | 2 +- providers/implementations/kdfs/hkdf.c | 12 +- providers/implementations/kdfs/kbkdf.c | 4 +- providers/implementations/kdfs/krb5kdf.c | 10 +- providers/implementations/kdfs/pbkdf2.c | 2 +- providers/implementations/kdfs/pkcs12kdf.c | 4 +- providers/implementations/kdfs/sskdf.c | 8 +- providers/implementations/kdfs/x942kdf.c | 4 +- .../implementations/keymgmt/mac_legacy_kmgmt.c | 4 +- providers/implementations/macs/cmac_prov.c | 2 +- providers/implementations/macs/gmac_prov.c | 4 +- providers/implementations/macs/kmac_prov.c | 6 +- providers/implementations/rands/drbg_ctr.c | 5 +- providers/implementations/rands/drbg_hash.c | 6 +- providers/implementations/rands/drbg_hmac.c | 8 +- providers/implementations/signature/dsa_sig.c | 2 +- providers/implementations/signature/ecdsa_sig.c | 4 +- .../implementations/signature/mac_legacy_sig.c | 2 +- providers/implementations/signature/rsa_sig.c | 20 +- providers/implementations/signature/sm2_sig.c | 6 +- ssl/ktls.c | 23 +- ssl/record/rec_layer_d1.c | 6 +- ssl/record/rec_layer_s3.c | 10 +- ssl/record/ssl3_record.c | 60 ++--- ssl/record/ssl3_record_tls13.c | 2 +- ssl/s3_enc.c | 16 +- ssl/ssl_ciph.c | 15 +- ssl/ssl_lib.c | 16 +- ssl/statem/extensions.c | 4 +- ssl/statem/extensions_clnt.c | 6 +- ssl/statem/extensions_srvr.c | 5 +- ssl/statem/statem_clnt.c | 11 +- ssl/statem/statem_dtls.c | 8 +- ssl/statem/statem_lib.c | 17 +- ssl/statem/statem_srvr.c | 10 +- ssl/t1_enc.c | 32 +-- ssl/t1_lib.c | 26 +-- ssl/tls13_enc.c | 26 +-- test/acvp_test.c | 2 +- test/aesgcmtest.c | 4 +- test/bad_dtls_test.c | 2 +- test/defltfips_test.c | 3 +- test/drbgtest.c | 2 +- test/ecdsatest.c | 2 +- test/endecoder_legacy_test.c | 2 +- test/enginetest.c | 2 +- test/evp_extra_test.c | 14 +- test/evp_extra_test2.c | 2 +- test/evp_fetch_prov_test.c | 4 +- test/evp_kdf_test.c | 4 +- test/evp_libctx_test.c | 18 +- test/evp_pkey_provided_test.c | 36 +-- test/evp_test.c | 41 ++-- test/helpers/handshake.c | 2 +- test/provider_fallback_test.c | 4 +- test/provider_internal_test.c | 2 +- test/ssl_old_test.c | 6 +- test/sslapitest.c | 2 +- test/tls13encryptiontest.c | 2 +- test/tls13secretstest.c | 2 +- util/libcrypto.num | 174 +++++++-------- util/missingcrypto.txt | 2 - util/other.syms | 43 +++- 265 files changed, 2082 insertions(+), 1815 deletions(-) rename doc/man3/{EVP_PKEY_size.pod => EVP_PKEY_get_size.pod} (62%) diff --git a/CHANGES.md b/CHANGES.md index 203deac7f2..0eb7f14289 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -104,6 +104,13 @@ breaking changes, and mappings for the large list of deprecated functions. *Shane Lontis* + * Many functions in the EVP_ namespace that are getters of values from + implementations or contexts were renamed to include get or get0 in their + names. Old names are provided as macro aliases for compatibility and + are not deprecated. + + *Tom?? Mr?z* + * The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT, EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT, EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations @@ -641,8 +648,8 @@ breaking changes, and mappings for the large list of deprecated functions. *Richard Levitte* - * Enhanced the documentation of EVP_PKEY_size(), EVP_PKEY_bits() - and EVP_PKEY_security_bits(). Especially EVP_PKEY_size() needed + * Enhanced the documentation of EVP_PKEY_get_size(), EVP_PKEY_get_bits() + and EVP_PKEY_get_security_bits(). Especially EVP_PKEY_get_size() needed a new formulation to include all the things it can be used for, as well as words of caution. diff --git a/apps/cms.c b/apps/cms.c index da00ece93b..81112c5a38 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1013,7 +1013,7 @@ int cms_main(int argc, char **argv) res = EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_CIPHER, - EVP_CIPHER_nid(cipher), NULL); + EVP_CIPHER_get_nid(cipher), NULL); if (res <= 0 && res != -2) goto end; diff --git a/apps/crl.c b/apps/crl.c index 8904cc08c7..ff7c314717 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -347,7 +347,8 @@ int crl_main(int argc, char **argv) BIO_printf(bio_err, "out of memory\n"); goto end; } - BIO_printf(bio_out, "%s Fingerprint=", EVP_MD_name(digest)); + BIO_printf(bio_out, "%s Fingerprint=", + EVP_MD_get0_name(digest)); for (j = 0; j < (int)n; j++) { BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':'); diff --git a/apps/dgst.c b/apps/dgst.c index e39d645cb8..36a8c6fb08 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -287,7 +287,7 @@ int dgst_main(int argc, char **argv) */ goto end; } - type = EVP_PKEY_id(sigkey); + type = EVP_PKEY_get_id(sigkey); if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) { /* * We implement PureEdDSA for these which doesn't have a separate @@ -381,7 +381,7 @@ int dgst_main(int argc, char **argv) BIO_printf(bio_err, "Error opening signature file %s\n", sigfile); goto end; } - siglen = EVP_PKEY_size(sigkey); + siglen = EVP_PKEY_get_size(sigkey); sigbuf = app_malloc(siglen, "signature buffer"); siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); @@ -399,10 +399,10 @@ int dgst_main(int argc, char **argv) md = EVP_MD_CTX_get1_md(tctx); } if (md != NULL) - md_name = EVP_MD_name(md); + md_name = EVP_MD_get0_name(md); if (xoflen > 0) { - if (!(EVP_MD_flags(md) & EVP_MD_FLAG_XOF)) { + if (!(EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF)) { BIO_printf(bio_err, "Length can only be specified for XOF\n"); goto end; } diff --git a/apps/dsa.c b/apps/dsa.c index abb422132a..51c0284353 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -269,7 +269,7 @@ int dsa_main(int argc, char **argv) /* Passphrase setup */ if (enc != NULL) - OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL); + OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL); /* Default passphrase prompter */ if (enc != NULL || outformat == FORMAT_PVK) { diff --git a/apps/ec.c b/apps/ec.c index 3a7f505474..dcbef104ee 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -260,7 +260,7 @@ int ec_main(int argc, char **argv) output_type, output_structure, NULL); if (enc != NULL) { - OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL); + OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL); /* Default passphrase prompter */ OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL); if (passout != NULL) diff --git a/apps/enc.c b/apps/enc.c index cda0022ebb..f136c3f8df 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -300,11 +300,11 @@ int enc_main(int argc, char **argv) if (!opt_cipher(ciphername, &cipher)) goto opthelp; } - if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { + if (cipher && EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); goto end; } - if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) { + if (cipher && (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE)) { BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog); goto end; } @@ -360,7 +360,7 @@ int enc_main(int argc, char **argv) char prompt[200]; BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:", - EVP_CIPHER_name(cipher), + EVP_CIPHER_get0_name(cipher), (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc); @@ -492,8 +492,8 @@ int enc_main(int argc, char **argv) * concatenated into a temporary buffer */ unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; - int iklen = EVP_CIPHER_key_length(cipher); - int ivlen = EVP_CIPHER_iv_length(cipher); + int iklen = EVP_CIPHER_get_key_length(cipher); + int ivlen = EVP_CIPHER_get_iv_length(cipher); /* not needed if HASH_UPDATE() is fixed : */ int islen = (sptr != NULL ? sizeof(salt) : 0); if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen, @@ -525,7 +525,7 @@ int enc_main(int argc, char **argv) OPENSSL_cleanse(str, str_len); } if (hiv != NULL) { - int siz = EVP_CIPHER_iv_length(cipher); + int siz = EVP_CIPHER_get_iv_length(cipher); if (siz == 0) { BIO_printf(bio_err, "warning: iv not used by this cipher\n"); } else if (!set_hex(hiv, iv, siz)) { @@ -534,7 +534,7 @@ int enc_main(int argc, char **argv) } } if ((hiv == NULL) && (str == NULL) - && EVP_CIPHER_iv_length(cipher) != 0) { + && EVP_CIPHER_get_iv_length(cipher) != 0) { /* * No IV was explicitly set and no IV was generated. * Hence the IV is undefined, making correct decryption impossible. @@ -543,7 +543,7 @@ int enc_main(int argc, char **argv) goto end; } if (hkey != NULL) { - if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { + if (!set_hex(hkey, key, EVP_CIPHER_get_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } @@ -563,7 +563,7 @@ int enc_main(int argc, char **argv) if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(cipher)); + EVP_CIPHER_get0_name(cipher)); ERR_print_errors(bio_err); goto end; } @@ -573,7 +573,7 @@ int enc_main(int argc, char **argv) if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_name(cipher)); + EVP_CIPHER_get0_name(cipher)); ERR_print_errors(bio_err); goto end; } @@ -590,15 +590,15 @@ int enc_main(int argc, char **argv) printf("%02X", salt[i]); printf("\n"); } - if (EVP_CIPHER_key_length(cipher) > 0) { + if (EVP_CIPHER_get_key_length(cipher) > 0) { printf("key="); - for (i = 0; i < EVP_CIPHER_key_length(cipher); i++) + for (i = 0; i < EVP_CIPHER_get_key_length(cipher); i++) printf("%02X", key[i]); printf("\n"); } - if (EVP_CIPHER_iv_length(cipher) > 0) { + if (EVP_CIPHER_get_iv_length(cipher) > 0) { printf("iv ="); - for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++) + for (i = 0; i < EVP_CIPHER_get_iv_length(cipher); i++) printf("%02X", iv[i]); printf("\n"); } @@ -661,8 +661,8 @@ static void show_ciphers(const OBJ_NAME *name, void *arg) /* Filter out ciphers that we cannot use */ cipher = EVP_get_cipherbyname(name->name); if (cipher == NULL || - (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || - EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) + (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || + EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE) return; BIO_printf(dec->bio, "-%-25s", name->name); diff --git a/apps/gendsa.c b/apps/gendsa.c index a7857c478c..e5c9bc22ad 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -127,12 +127,12 @@ int gendsa_main(int argc, char **argv) if (out == NULL) goto end2; - nbits = EVP_PKEY_bits(pkey); + nbits = EVP_PKEY_get_bits(pkey); if (nbits > OPENSSL_DSA_MAX_MODULUS_BITS) BIO_printf(bio_err, "Warning: It is not recommended to use more than %d bit for DSA keys.\n" " Your key size is %d! Larger key size may behave not as expected.\n", - OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_bits(pkey)); + OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_get_bits(pkey)); ctx = EVP_PKEY_CTX_new(pkey, NULL); if (ctx == NULL) { diff --git a/apps/genpkey.c b/apps/genpkey.c index 38b1100658..5cde41b98b 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -166,7 +166,7 @@ int genpkey_main(int argc, char **argv) if (ciphername != NULL) { if (!opt_cipher(ciphername, &cipher) || do_param == 1) goto opthelp; - m = EVP_CIPHER_mode(cipher); + m = EVP_CIPHER_get_mode(cipher); if (m == EVP_CIPH_GCM_MODE || m == EVP_CIPH_CCM_MODE || m == EVP_CIPH_XTS_MODE || m == EVP_CIPH_OCB_MODE) { BIO_printf(bio_err, "%s: cipher mode not supported\n", prog); diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index ba883996ba..ef431c98ea 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -386,13 +386,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s) if (!SSL_get_peer_tmp_key(s, &key)) return 1; BIO_puts(out, "Server Temp Key: "); - switch (EVP_PKEY_id(key)) { + switch (EVP_PKEY_get_id(key)) { case EVP_PKEY_RSA: - BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key)); + BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_get_bits(key)); break; case EVP_PKEY_DH: - BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); + BIO_printf(out, "DH, %d bits\n", EVP_PKEY_get_bits(key)); break; #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: @@ -403,13 +403,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s) if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME, name, sizeof(name), &name_len)) strcpy(name, "?"); - BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_bits(key)); + BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_get_bits(key)); } break; #endif default: - BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(key)), - EVP_PKEY_bits(key)); + BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_get_id(key)), + EVP_PKEY_get_bits(key)); } EVP_PKEY_free(key); return 1; @@ -1426,7 +1426,7 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &algname, EVP_PKEY_get0_asn1(pkey)); BIO_printf(sdb->out, "%s, bits=%d", - algname, EVP_PKEY_bits(pkey)); + algname, EVP_PKEY_get_bits(pkey)); } break; } diff --git a/apps/list.c b/apps/list.c index 6ffc36b9e2..2b2676b2cd 100644 --- a/apps/list.c +++ b/apps/list.c @@ -36,7 +36,7 @@ static const char *select_name = NULL; { \ TYPE *impl; \ const char *propq = app_get0_propq(); \ - const char *name = TYPE ## _name(alg); \ + const char *name = TYPE ## _get0_name(alg); \ \ ERR_set_mark(); \ impl = TYPE ## _fetch(NULL, name, propq); \ @@ -70,10 +70,10 @@ static void legacy_cipher_fn(const EVP_CIPHER *c, { if (select_name != NULL && (c == NULL - || strcasecmp(select_name, EVP_CIPHER_name(c)) != 0)) + || strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) return; if (c != NULL) { - BIO_printf(arg, " %s\n", EVP_CIPHER_name(c)); + BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c)); } else { if (from == NULL) from = ""; @@ -88,11 +88,11 @@ DEFINE_STACK_OF(EVP_CIPHER) static int cipher_cmp(const EVP_CIPHER * const *a, const EVP_CIPHER * const *b) { - int ret = EVP_CIPHER_number(*a) - EVP_CIPHER_number(*b); + int ret = EVP_CIPHER_get_number(*a) - EVP_CIPHER_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_CIPHER_provider(*a)), - OSSL_PROVIDER_name(EVP_CIPHER_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b))); return ret; } @@ -138,10 +138,10 @@ static void list_ciphers(void) print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_name(EVP_CIPHER_provider(c))); + OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(c))); if (verbose) { - const char *desc = EVP_CIPHER_description(c); + const char *desc = EVP_CIPHER_get0_description(c); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -163,7 +163,7 @@ static void legacy_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg) { if (m != NULL) { - BIO_printf(arg, " %s\n", EVP_MD_name(m)); + BIO_printf(arg, " %s\n", EVP_MD_get0_name(m)); } else { if (from == NULL) from = ""; @@ -177,11 +177,11 @@ static void legacy_md_fn(const EVP_MD *m, DEFINE_STACK_OF(EVP_MD) static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b) { - int ret = EVP_MD_number(*a) - EVP_MD_number(*b); + int ret = EVP_MD_get_number(*a) - EVP_MD_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_MD_provider(*a)), - OSSL_PROVIDER_name(EVP_MD_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*b))); return ret; } @@ -226,10 +226,11 @@ static void list_digests(void) BIO_printf(bio_out, " "); print_names(bio_out, names); - BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_MD_provider(m))); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(m))); if (verbose) { - const char *desc = EVP_MD_description(m); + const char *desc = EVP_MD_get0_description(m); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -249,11 +250,11 @@ static void list_digests(void) DEFINE_STACK_OF(EVP_MAC) static int mac_cmp(const EVP_MAC * const *a, const EVP_MAC * const *b) { - int ret = EVP_MAC_number(*a) - EVP_MAC_number(*b); + int ret = EVP_MAC_get_number(*a) - EVP_MAC_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_MAC_provider(*a)), - OSSL_PROVIDER_name(EVP_MAC_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*b))); return ret; } @@ -291,10 +292,11 @@ static void list_macs(void) BIO_printf(bio_out, " "); print_names(bio_out, names); - BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_MAC_provider(m))); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(m))); if (verbose) { - const char *desc = EVP_MAC_description(m); + const char *desc = EVP_MAC_get0_description(m); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -317,11 +319,11 @@ static void list_macs(void) DEFINE_STACK_OF(EVP_KDF) static int kdf_cmp(const EVP_KDF * const *a, const EVP_KDF * const *b) { - int ret = EVP_KDF_number(*a) - EVP_KDF_number(*b); + int ret = EVP_KDF_get_number(*a) - EVP_KDF_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_KDF_provider(*a)), - OSSL_PROVIDER_name(EVP_KDF_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*b))); return ret; } @@ -359,10 +361,11 @@ static void list_kdfs(void) BIO_printf(bio_out, " "); print_names(bio_out, names); - BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_KDF_provider(k))); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(k))); if (verbose) { - const char *desc = EVP_KDF_description(k); + const char *desc = EVP_KDF_get0_description(k); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -386,11 +389,11 @@ DEFINE_STACK_OF(EVP_RAND) static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b) { - int ret = strcasecmp(EVP_RAND_name(*a), EVP_RAND_name(*b)); + int ret = strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_RAND_provider(*a)), - OSSL_PROVIDER_name(EVP_RAND_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*b))); return ret; } @@ -420,13 +423,14 @@ static void list_random_generators(void) const EVP_RAND *m = sk_EVP_RAND_value(rands, i); if (select_name != NULL - && strcasecmp(EVP_RAND_name(m), select_name) != 0) + && strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) continue; - BIO_printf(bio_out, " %s", EVP_RAND_name(m)); - BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_RAND_provider(m))); + BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m)); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(m))); if (verbose) { - const char *desc = EVP_RAND_description(m); + const char *desc = EVP_RAND_get0_description(m); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -452,13 +456,13 @@ static void display_random(const char *name, EVP_RAND_CTX *drbg) BIO_printf(bio_out, "%s:\n", name); if (drbg != NULL) { - rand = EVP_RAND_CTX_rand(drbg); + rand = EVP_RAND_CTX_get0_rand(drbg); - BIO_printf(bio_out, " %s", EVP_RAND_name(rand)); + BIO_printf(bio_out, " %s", EVP_RAND_get0_name(rand)); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_name(EVP_RAND_provider(rand))); + OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(rand))); - switch (EVP_RAND_state(drbg)) { + switch (EVP_RAND_get_state(drbg)) { case EVP_RAND_STATE_UNINITIALISED: p = "uninitialised"; break; @@ -516,11 +520,11 @@ DEFINE_STACK_OF(OSSL_ENCODER) static int encoder_cmp(const OSSL_ENCODER * const *a, const OSSL_ENCODER * const *b) { - int ret = OSSL_ENCODER_number(*a) - OSSL_ENCODER_number(*b); + int ret = OSSL_ENCODER_get_number(*a) - OSSL_ENCODER_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(OSSL_ENCODER_provider(*a)), - OSSL_PROVIDER_name(OSSL_ENCODER_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*b))); return ret; } @@ -560,11 +564,11 @@ static void list_encoders(void) print_names(bio_out, names); BIO_printf(bio_out, " @ %s (%s)\n", - OSSL_PROVIDER_name(OSSL_ENCODER_provider(k)), - OSSL_ENCODER_properties(k)); + OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(k)), + OSSL_ENCODER_get0_properties(k)); if (verbose) { - const char *desc = OSSL_ENCODER_description(k); + const char *desc = OSSL_ENCODER_get0_description(k); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -584,11 +588,11 @@ DEFINE_STACK_OF(OSSL_DECODER) static int decoder_cmp(const OSSL_DECODER * const *a, const OSSL_DECODER * const *b) { - int ret = OSSL_DECODER_number(*a) - OSSL_DECODER_number(*b); + int ret = OSSL_DECODER_get_number(*a) - OSSL_DECODER_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(OSSL_DECODER_provider(*a)), - OSSL_PROVIDER_name(OSSL_DECODER_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*b))); return ret; } @@ -629,11 +633,11 @@ static void list_decoders(void) print_names(bio_out, names); BIO_printf(bio_out, " @ %s (%s)\n", - OSSL_PROVIDER_name(OSSL_DECODER_provider(k)), - OSSL_DECODER_properties(k)); + OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(k)), + OSSL_DECODER_get0_properties(k)); if (verbose) { - const char *desc = OSSL_DECODER_description(k); + const char *desc = OSSL_DECODER_get0_description(k); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -650,11 +654,11 @@ DEFINE_STACK_OF(EVP_KEYMGMT) static int keymanager_cmp(const EVP_KEYMGMT * const *a, const EVP_KEYMGMT * const *b) { - int ret = EVP_KEYMGMT_number(*a) - EVP_KEYMGMT_number(*b); + int ret = EVP_KEYMGMT_get_number(*a) - EVP_KEYMGMT_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_KEYMGMT_provider(*a)), - OSSL_PROVIDER_name(EVP_KEYMGMT_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*b))); return ret; } @@ -684,7 +688,7 @@ static void list_keymanagers(void) names = sk_OPENSSL_CSTRING_new(name_cmp); if (names != NULL && EVP_KEYMGMT_names_do_all(k, collect_names, names)) { - const char *desc = EVP_KEYMGMT_description(k); + const char *desc = EVP_KEYMGMT_get0_description(k); BIO_printf(bio_out, " Name: "); if (desc != NULL) @@ -696,7 +700,7 @@ static void list_keymanagers(void) BIO_printf(bio_out, " IDs: "); print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_name(EVP_KEYMGMT_provider(k))); + OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(k))); if (verbose) { print_param_types("settable key generation parameters", @@ -716,11 +720,11 @@ DEFINE_STACK_OF(EVP_SIGNATURE) static int signature_cmp(const EVP_SIGNATURE * const *a, const EVP_SIGNATURE * const *b) { - int ret = EVP_SIGNATURE_number(*a) - EVP_SIGNATURE_number(*b); + int ret = EVP_SIGNATURE_get_number(*a) - EVP_SIGNATURE_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_SIGNATURE_provider(*a)), - OSSL_PROVIDER_name(EVP_SIGNATURE_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b))); return ret; } @@ -755,10 +759,10 @@ static void list_signatures(void) print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_name(EVP_SIGNATURE_provider(k))); + OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(k))); if (verbose) { - const char *desc = EVP_SIGNATURE_description(k); + const char *desc = EVP_SIGNATURE_get0_description(k); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -779,11 +783,11 @@ DEFINE_STACK_OF(EVP_KEM) static int kem_cmp(const EVP_KEM * const *a, const EVP_KEM * const *b) { - int ret = EVP_KEM_number(*a) - EVP_KEM_number(*b); + int ret = EVP_KEM_get_number(*a) - EVP_KEM_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_KEM_provider(*a)), - OSSL_PROVIDER_name(EVP_KEM_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b))); return ret; } @@ -817,10 +821,11 @@ static void list_kems(void) BIO_printf(bio_out, " "); print_names(bio_out, names); - BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_KEM_provider(k))); + BIO_printf(bio_out, " @ %s\n", + OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(k))); if (verbose) { - const char *desc = EVP_KEM_description(k); + const char *desc = EVP_KEM_get0_description(k); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -841,11 +846,11 @@ DEFINE_STACK_OF(EVP_ASYM_CIPHER) static int asymcipher_cmp(const EVP_ASYM_CIPHER * const *a, const EVP_ASYM_CIPHER * const *b) { - int ret = EVP_ASYM_CIPHER_number(*a) - EVP_ASYM_CIPHER_number(*b); + int ret = EVP_ASYM_CIPHER_get_number(*a) - EVP_ASYM_CIPHER_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_ASYM_CIPHER_provider(*a)), - OSSL_PROVIDER_name(EVP_ASYM_CIPHER_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*b))); return ret; } @@ -882,10 +887,10 @@ static void list_asymciphers(void) print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_name(EVP_ASYM_CIPHER_provider(k))); + OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(k))); if (verbose) { - const char *desc = EVP_ASYM_CIPHER_description(k); + const char *desc = EVP_ASYM_CIPHER_get0_description(k); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -906,11 +911,11 @@ DEFINE_STACK_OF(EVP_KEYEXCH) static int kex_cmp(const EVP_KEYEXCH * const *a, const EVP_KEYEXCH * const *b) { - int ret = EVP_KEYEXCH_number(*a) - EVP_KEYEXCH_number(*b); + int ret = EVP_KEYEXCH_get_number(*a) - EVP_KEYEXCH_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(EVP_KEYEXCH_provider(*a)), - OSSL_PROVIDER_name(EVP_KEYEXCH_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*b))); return ret; } @@ -945,10 +950,10 @@ static void list_keyexchanges(void) print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_name(EVP_KEYEXCH_provider(k))); + OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(k))); if (verbose) { - const char *desc = EVP_KEYEXCH_description(k); + const char *desc = EVP_KEYEXCH_get0_description(k); if (desc != NULL) BIO_printf(bio_out, " description: %s\n", desc); @@ -1191,11 +1196,11 @@ DEFINE_STACK_OF(OSSL_STORE_LOADER) static int store_cmp(const OSSL_STORE_LOADER * const *a, const OSSL_STORE_LOADER * const *b) { - int ret = OSSL_STORE_LOADER_number(*a) - OSSL_STORE_LOADER_number(*b); + int ret = OSSL_STORE_LOADER_get_number(*a) - OSSL_STORE_LOADER_get_number(*b); if (ret == 0) - ret = strcmp(OSSL_PROVIDER_name(OSSL_STORE_LOADER_provider(*a)), - OSSL_PROVIDER_name(OSSL_STORE_LOADER_provider(*b))); + ret = strcmp(OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*b))); return ret; } @@ -1234,7 +1239,7 @@ static void list_store_loaders(void) print_names(bio_out, names); BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_name(OSSL_STORE_LOADER_provider(m))); + OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(m))); } sk_OPENSSL_CSTRING_free(names); } @@ -1245,7 +1250,7 @@ DEFINE_STACK_OF(OSSL_PROVIDER) static int provider_cmp(const OSSL_PROVIDER * const *a, const OSSL_PROVIDER * const *b) { - return strcmp(OSSL_PROVIDER_name(*a), OSSL_PROVIDER_name(*b)); + return strcmp(OSSL_PROVIDER_get0_name(*a), OSSL_PROVIDER_get0_name(*b)); } static int collect_providers(OSSL_PROVIDER *provider, void *stack) @@ -1290,7 +1295,7 @@ static void list_provider_info(void) } /* Print out the provider information, the params order matches above */ - BIO_printf(bio_out, " %s\n", OSSL_PROVIDER_name(prov)); + BIO_printf(bio_out, " %s\n", OSSL_PROVIDER_get0_name(prov)); if (OSSL_PARAM_modified(params)) BIO_printf(bio_out, " name: %s\n", name); if (OSSL_PARAM_modified(params + 1)) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 0424e556c1..bf9db2fa5a 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -592,7 +592,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, if (pkey == NULL) goto end; - *pkeysize = EVP_PKEY_size(pkey); + *pkeysize = EVP_PKEY_get_size(pkey); if (impl != NULL) ctx = EVP_PKEY_CTX_new(pkey, impl); else @@ -726,8 +726,8 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, int buf_len = 0; /* Some algorithms only support oneshot digests */ - if (EVP_PKEY_id(pkey) == EVP_PKEY_ED25519 - || EVP_PKEY_id(pkey) == EVP_PKEY_ED448) { + if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED25519 + || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) { if (filesize < 0) { BIO_printf(bio_err, "Error: unable to determine file size for oneshot operation\n"); diff --git a/apps/rehash.c b/apps/rehash.c index 65ccacc0a8..7fe01de11c 100644 --- a/apps/rehash.c +++ b/apps/rehash.c @@ -534,7 +534,7 @@ int rehash_main(int argc, char **argv) argv = opt_rest(); evpmd = EVP_sha1(); - evpmdsize = EVP_MD_size(evpmd); + evpmdsize = EVP_MD_get_size(evpmd); if (*argv != NULL) { while (*argv != NULL) diff --git a/apps/req.c b/apps/req.c index 3b0545fd6e..284d03f40d 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1601,7 +1601,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, else gctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), param, app_get0_propq()); - *pkeylen = EVP_PKEY_bits(param); + *pkeylen = EVP_PKEY_get_bits(param); EVP_PKEY_free(param); } else { if (keygen_engine != NULL) { diff --git a/apps/rsa.c b/apps/rsa.c index 83fd8350df..5710893c7a 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -337,7 +337,7 @@ int rsa_main(int argc, char **argv) /* Passphrase setup */ if (enc != NULL) - OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL); + OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL); /* Default passphrase prompter */ if (enc != NULL || outformat == FORMAT_PVK) { diff --git a/apps/rsautl.c b/apps/rsautl.c index c2bc1af89b..ae0206014d 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -214,7 +214,7 @@ int rsautl_main(int argc, char **argv) if (out == NULL) goto end; - keysize = EVP_PKEY_size(pkey); + keysize = EVP_PKEY_get_size(pkey); rsa_in = app_malloc(keysize * 2, "hold rsa key"); rsa_out = app_malloc(keysize, "output rsa key"); diff --git a/apps/s_client.c b/apps/s_client.c index 85789eed23..2b8f274433 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -3099,8 +3099,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) public_key = X509_get_pubkey(sk_X509_value(sk, i)); if (public_key != NULL) { BIO_printf(bio, " a:PKEY: %s, %d (bit); sigalg: %s\n", - OBJ_nid2sn(EVP_PKEY_base_id(public_key)), - EVP_PKEY_bits(public_key), + OBJ_nid2sn(EVP_PKEY_get_base_id(public_key)), + EVP_PKEY_get_bits(public_key), OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i)))); EVP_PKEY_free(public_key); } @@ -3180,7 +3180,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) pktmp = X509_get0_pubkey(peer); BIO_printf(bio, "Server public key is %d bit\n", - EVP_PKEY_bits(pktmp)); + EVP_PKEY_get_bits(pktmp)); } BIO_printf(bio, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); diff --git a/apps/speed.c b/apps/speed.c index 0892b60369..6822b83db6 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1038,7 +1038,7 @@ static int SM2_sign_loop(void *args) size_t sm2sigsize; int ret, count; EVP_PKEY **sm2_pkey = tempargs->sm2_pkey; - const size_t max_size = EVP_PKEY_size(sm2_pkey[testnum]); + const size_t max_size = EVP_PKEY_get_size(sm2_pkey[testnum]); for (count = 0; COND(sm2_c[testnum][0]); count++) { sm2sigsize = max_size; @@ -1715,10 +1715,10 @@ int speed_main(int argc, char **argv) if (evp_cipher == NULL) { BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n"); goto end; - } else if (!(EVP_CIPHER_flags(evp_cipher) & + } else if (!(EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { BIO_printf(bio_err, "%s is not an AEAD cipher\n", - EVP_CIPHER_name(evp_cipher)); + EVP_CIPHER_get0_name(evp_cipher)); goto end; } } @@ -1727,10 +1727,10 @@ int speed_main(int argc, char **argv) BIO_printf(bio_err, "-mb can be used only with a multi-block" " capable cipher\n"); goto end; - } else if (!(EVP_CIPHER_flags(evp_cipher) & + } else if (!(EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { BIO_printf(bio_err, "%s is not a multi-block capable\n", - EVP_CIPHER_name(evp_cipher)); + EVP_CIPHER_get0_name(evp_cipher)); goto end; } else if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported with -mb"); @@ -2172,18 +2172,18 @@ int speed_main(int argc, char **argv) if (evp_cipher != NULL) { int (*loopfunc) (void *) = EVP_Update_loop; - if (multiblock && (EVP_CIPHER_flags(evp_cipher) & + if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { multiblock_speed(evp_cipher, lengths_single, &seconds); ret = 0; goto end; } - names[D_EVP] = EVP_CIPHER_name(evp_cipher); + names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher); - if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { + if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { loopfunc = EVP_Update_loop_ccm; - } else if (aead && (EVP_CIPHER_flags(evp_cipher) & + } else if (aead && (EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { loopfunc = EVP_Update_loop_aead; if (lengths == lengths_list) { @@ -2211,7 +2211,7 @@ int speed_main(int argc, char **argv) EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); - keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx); + keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx); loopargs[k].key = app_malloc(keylen, "evp_cipher key"); EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, @@ -2223,7 +2223,7 @@ int speed_main(int argc, char **argv) OPENSSL_clear_free(loopargs[k].key, keylen); /* SIV mode only allows for a single Update operation */ - if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_SIV_MODE) + if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE) EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_SET_SPEED, 1, NULL); } @@ -2261,7 +2261,7 @@ int speed_main(int argc, char **argv) if (!opt_cipher(evp_mac_ciphername, &cipher)) goto end; - keylen = EVP_CIPHER_key_length(cipher); + keylen = EVP_CIPHER_get_key_length(cipher); EVP_CIPHER_free(cipher); if (keylen <= 0 || keylen > (int)sizeof(key32)) { BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n"); @@ -2795,7 +2795,7 @@ int speed_main(int argc, char **argv) st = 0; /* set back to zero */ /* attach it sooner to rely on main final cleanup */ loopargs[i].sm2_pkey[testnum] = sm2_pkey; - loopargs[i].sigsize = EVP_PKEY_size(sm2_pkey); + loopargs[i].sigsize = EVP_PKEY_get_size(sm2_pkey); sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL); sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL); @@ -3290,12 +3290,12 @@ int speed_main(int argc, char **argv) /* free signing ctx */ if (loopargs[i].sm2_ctx[k] != NULL - && (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL) + && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL) EVP_PKEY_CTX_free(pctx); EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]); /* free verification ctx */ if (loopargs[i].sm2_vfy_ctx[k] != NULL - && (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL) + && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL) EVP_PKEY_CTX_free(pctx); EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]); /* free pkey */ @@ -3575,7 +3575,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv)) app_bail_out("failed to initialise cipher context\n"); - if ((keylen = EVP_CIPHER_CTX_key_length(ctx)) < 0) { + if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) < 0) { BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen); goto err; } @@ -3589,7 +3589,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key)) app_bail_out("failed to set AEAD key\n"); - if ((alg_name = EVP_CIPHER_name(evp_cipher)) == NULL) + if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL) app_bail_out("failed to get cipher name\n"); for (j = 0; j < num; j++) { diff --git a/apps/ts.c b/apps/ts.c index db5ecb32c2..e65d223348 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -460,7 +460,7 @@ static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md, goto err; if ((algo = X509_ALGOR_new()) == NULL) goto err; - if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL) + if ((algo->algorithm = OBJ_nid2obj(EVP_MD_get_type(md))) == NULL) goto err; if ((algo->parameter = ASN1_TYPE_new()) == NULL) goto err; @@ -509,7 +509,7 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md, int rv = 0; EVP_MD_CTX *md_ctx = NULL; - md_value_len = EVP_MD_size(md); + md_value_len = EVP_MD_get_size(md); if (md_value_len < 0) return 0; @@ -529,7 +529,7 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md, } if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) goto err; - md_value_len = EVP_MD_size(md); + md_value_len = EVP_MD_get_size(md); } else { long digest_len; diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index 9d7efcdb70..72cc880779 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -65,15 +65,15 @@ int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *md, void *asn, if (i < 0 || str == NULL) return 0; - if (EVP_MD_provider(md) == NULL) { + if (EVP_MD_get0_provider(md) == NULL) { #if !defined(OPENSSL_NO_ENGINE) - ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_type(md)); + ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_get_type(md)); if (tmpeng != NULL) ENGINE_finish(tmpeng); else #endif - fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), propq); + fetched_md = EVP_MD_fetch(libctx, EVP_MD_get0_name(md), propq); } if (fetched_md == NULL) goto err; diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 6ead2e2aca..302045cfcd 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -78,7 +78,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, } inll = (size_t)inl; buf_in = OPENSSL_malloc(inll); - outll = outl = EVP_PKEY_size(pkey); + outll = outl = EVP_PKEY_get_size(pkey); buf_out = OPENSSL_malloc(outll); if (buf_in == NULL || buf_out == NULL) { outl = 0; @@ -143,7 +143,7 @@ int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx); err: - EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx)); + EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx)); EVP_MD_CTX_free(ctx); return rv; } @@ -160,7 +160,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, int rv, pkey_id; md = EVP_MD_CTX_get0_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); if (pkey == NULL) { ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); @@ -168,7 +168,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, } if (pkey->ameth == NULL) { - EVP_PKEY_CTX *pctx = EVP_MD_CTX_pkey_ctx(ctx); + EVP_PKEY_CTX *pctx = EVP_MD_CTX_get_pkey_ctx(ctx); OSSL_PARAM params[2]; unsigned char aid[128]; size_t aid_len = 0; @@ -238,7 +238,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, pkey_id = #ifndef OPENSSL_NO_SM2 - EVP_PKEY_id(pkey) == NID_sm2 ? NID_sm2 : + EVP_PKEY_get_id(pkey) == NID_sm2 ? NID_sm2 : #endif pkey->ameth->pkey_id; diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index b7eed914b0..b1adaf7a8f 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -102,7 +102,7 @@ int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg, if ((ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq)) != NULL) { rv = ASN1_item_verify_ctx(it, alg, signature, data, ctx); - EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx)); + EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx)); EVP_MD_CTX_free(ctx); } return rv; @@ -118,7 +118,7 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, int mdnid, pknid; size_t inll = 0; - pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); if (pkey == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); diff --git a/crypto/asn1/d2i_param.c b/crypto/asn1/d2i_param.c index adb394d04c..97f1022339 100644 --- a/crypto/asn1/d2i_param.c +++ b/crypto/asn1/d2i_param.c @@ -26,7 +26,7 @@ EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, } else ret = *a; - if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) + if (type != EVP_PKEY_get_id(ret) && !EVP_PKEY_set_type(ret, type)) goto err; if (ret->ameth == NULL || ret->ameth->param_decode == NULL) { diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 94bd341d58..58b7646227 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -120,7 +120,7 @@ d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp, EVP_PKEY_free(ret); ret = tmp; ERR_pop_to_mark(); - if (EVP_PKEY_type(keytype) != EVP_PKEY_base_id(ret)) + if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret)) goto err; } else { ERR_clear_last_mark(); diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index b6c7da772c..5f39ab0775 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -38,12 +38,12 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, } else ret = *a; - if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) { + if (type != EVP_PKEY_get_id(ret) && !EVP_PKEY_set_type(ret, type)) { ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); goto err; } - switch (EVP_PKEY_id(ret)) { + switch (EVP_PKEY_get_id(ret)) { case EVP_PKEY_RSA: if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c index f03dcb2666..e1d5b7c7c4 100644 --- a/crypto/asn1/i2d_evp.c +++ b/crypto/asn1/i2d_evp.c @@ -131,7 +131,7 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp) return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_info, pp); } - switch (EVP_PKEY_id(a)) { + switch (EVP_PKEY_get_id(a)) { case EVP_PKEY_RSA: return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp); #ifndef OPENSSL_NO_DSA diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index 162e31d7ba..711743a77b 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -50,7 +50,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, unsigned char iv[EVP_MAX_IV_LENGTH]; PBE2PARAM *pbe2 = NULL; - alg_nid = EVP_CIPHER_type(cipher); + alg_nid = EVP_CIPHER_get_type(cipher); if (alg_nid == NID_undef) { ERR_raise(ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); goto err; @@ -66,7 +66,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, goto merr; /* Create random IV */ - ivlen = EVP_CIPHER_iv_length(cipher); + ivlen = EVP_CIPHER_get_iv_length(cipher); if (ivlen > 0) { if (aiv) memcpy(iv, aiv, ivlen); @@ -101,7 +101,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, /* If its RC2 then we'd better setup the key length */ if (alg_nid == NID_rc2_cbc) - keylen = EVP_CIPHER_key_length(cipher); + keylen = EVP_CIPHER_get_key_length(cipher); else keylen = -1; diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c index e5a1ed59bc..a02190d0dc 100644 --- a/crypto/asn1/p5_scrypt.c +++ b/crypto/asn1/p5_scrypt.c @@ -60,7 +60,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, goto err; } - alg_nid = EVP_CIPHER_type(cipher); + alg_nid = EVP_CIPHER_get_type(cipher); if (alg_nid == NID_undef) { ERR_raise(ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); goto err; @@ -79,10 +79,10 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, goto merr; /* Create random IV */ - if (EVP_CIPHER_iv_length(cipher)) { + if (EVP_CIPHER_get_iv_length(cipher)) { if (aiv) - memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); - else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0) + memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher)); + else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0) goto err; } @@ -103,7 +103,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, /* If its RC2 then we'd better setup the key length */ if (alg_nid == NID_rc2_cbc) - keylen = EVP_CIPHER_key_length(cipher); + keylen = EVP_CIPHER_get_key_length(cipher); /* Setup keyfunc */ @@ -234,7 +234,7 @@ int PKCS5_v2_scrypt_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, goto err; } - t = EVP_CIPHER_CTX_key_length(ctx); + t = EVP_CIPHER_CTX_get_key_length(ctx); if (t < 0) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); goto err; diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 7e7fd7301a..ff83ce4fef 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -80,7 +80,7 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) else param_type = V_ASN1_NULL; - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); + X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), param_type, NULL); } diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 729d5a47c3..18c7fea3dd 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -96,7 +96,7 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) if (in->nlast_block == -1) return 0; - if ((bl = EVP_CIPHER_CTX_block_size(in->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(in->cctx)) < 0) return 0; if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx)) return 0; @@ -120,7 +120,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 0; if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; - memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx)); + memset(ctx->tbl, 0, EVP_CIPHER_CTX_get_block_size(ctx->cctx)); ctx->nlast_block = 0; return 1; } @@ -143,7 +143,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 0; if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) return 0; - if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) return 0; if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0) return 0; @@ -169,7 +169,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 0; if (dlen == 0) return 1; - if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) return 0; /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { @@ -209,7 +209,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) if (ctx->nlast_block == -1) return 0; - if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0) + if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) return 0; if (poutlen != NULL) *poutlen = (size_t)bl; diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index d1f8f27e13..b0f676201e 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -1114,9 +1114,9 @@ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt) case OSSL_CMP_OPT_POPO_METHOD: return ctx->popoMethod; case OSSL_CMP_OPT_DIGEST_ALGNID: - return EVP_MD_type(ctx->digest); + return EVP_MD_get_type(ctx->digest); case OSSL_CMP_OPT_OWF_ALGNID: - return EVP_MD_type(ctx->pbm_owf); + return EVP_MD_get_type(ctx->pbm_owf); case OSSL_CMP_OPT_MAC_ALGNID: return ctx->pbm_mac; case OSSL_CMP_OPT_KEEP_ALIVE: diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 36a6597145..91a66f5d6e 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -195,7 +195,7 @@ static int set_pbmac_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg) return 0; pbm = OSSL_CRMF_pbmp_new(ctx->libctx, ctx->pbm_slen, - EVP_MD_type(ctx->pbm_owf), ctx->pbm_itercnt, + EVP_MD_get_type(ctx->pbm_owf), ctx->pbm_itercnt, ctx->pbm_mac); pbm_str = ASN1_STRING_new(); if (pbm == NULL || pbm_str == NULL) @@ -227,8 +227,8 @@ static int set_sig_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg) int nid = 0; ASN1_OBJECT *algo = NULL; - if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_type(ctx->digest), - EVP_PKEY_id(ctx->pkey))) { + if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_get_type(ctx->digest), + EVP_PKEY_get_id(ctx->pkey))) { ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_KEY_TYPE); return 0; } diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index 36714766d2..fe6289b205 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -53,7 +53,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, * Pad to full p parameter size as that is checked by * EVP_PKEY_set1_encoded_public_key() */ - plen = EVP_PKEY_size(pk); + plen = EVP_PKEY_get_size(pk); if ((bnpub = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) goto err; if ((buf = OPENSSL_malloc(plen)) == NULL) @@ -122,19 +122,20 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) goto err; kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery); - if (kekcipher == NULL || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE) + if (kekcipher == NULL + || EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) goto err; if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) goto err; if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) goto err; - keylen = EVP_CIPHER_CTX_key_length(kekctx); + keylen = EVP_CIPHER_CTX_get_key_length(kekctx); if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0) goto err; /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */ if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, - OBJ_nid2obj(EVP_CIPHER_type(kekcipher))) + OBJ_nid2obj(EVP_CIPHER_get_type(kekcipher))) <= 0) goto err; @@ -258,7 +259,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) kdf_md = EVP_sha1(); if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0) goto err; - } else if (EVP_MD_type(kdf_md) != NID_sha1) + } else if (EVP_MD_get_type(kdf_md) != NID_sha1) /* Unsupported digest */ goto err; @@ -267,10 +268,10 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) /* Get wrap NID */ ctx = CMS_RecipientInfo_kari_get0_ctx(ri); - wrap_nid = EVP_CIPHER_CTX_type(ctx); + wrap_nid = EVP_CIPHER_CTX_get_type(ctx); if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0) goto err; - keylen = EVP_CIPHER_CTX_key_length(ctx); + keylen = EVP_CIPHER_CTX_get_key_length(ctx); /* Package wrap algorithm in an AlgorithmIdentifier */ diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c index 4994260af8..4cf208f5f2 100644 --- a/crypto/cms/cms_ec.c +++ b/crypto/cms/cms_ec.c @@ -182,14 +182,14 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) goto err; OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0); kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery); - if (kekcipher == NULL || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE) + if (kekcipher == NULL || EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) goto err; if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) goto err; if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) goto err; - keylen = EVP_CIPHER_CTX_key_length(kekctx); + keylen = EVP_CIPHER_CTX_get_key_length(kekctx); if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) goto err; @@ -313,12 +313,12 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) /* Lookup NID for KDF+cofactor+digest */ - if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid)) + if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_get_type(kdf_md), ecdh_nid)) goto err; /* Get wrap NID */ ctx = CMS_RecipientInfo_kari_get0_ctx(ri); - wrap_nid = EVP_CIPHER_CTX_type(ctx); - keylen = EVP_CIPHER_CTX_key_length(ctx); + wrap_nid = EVP_CIPHER_CTX_get_type(ctx); + keylen = EVP_CIPHER_CTX_get_key_length(ctx); /* Package wrap algorithm in an AlgorithmIdentifier */ @@ -400,7 +400,7 @@ int ossl_cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify) hnid = OBJ_obj2nid(alg1->algorithm); if (hnid == NID_undef) return -1; - if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_get_id(pkey))) return -1; X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); } diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 09dbb21275..a896148dd8 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -62,7 +62,8 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, cipher = EVP_get_cipherbyobj(calg->algorithm); } if (cipher != NULL) { - fetched_ciph = EVP_CIPHER_fetch(libctx, EVP_CIPHER_name(cipher), propq); + fetched_ciph = EVP_CIPHER_fetch(libctx, EVP_CIPHER_get0_name(cipher), + propq); if (fetched_ciph != NULL) cipher = fetched_ciph; } @@ -79,9 +80,9 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, } if (enc) { - calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); + calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); /* Generate a random IV if we need one */ - ivlen = EVP_CIPHER_CTX_iv_length(ctx); + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (ivlen > 0) { if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) goto err; @@ -92,7 +93,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; } - if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { + if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { piv = aparams.iv; if (ec->taglen > 0 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, @@ -102,7 +103,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, } } } - len = EVP_CIPHER_CTX_key_length(ctx); + len = EVP_CIPHER_CTX_get_key_length(ctx); if (len <= 0) goto err; tkeylen = (size_t)len; @@ -160,10 +161,10 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); goto err; } - if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { + if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { memcpy(aparams.iv, piv, ivlen); aparams.iv_len = ivlen; - aparams.tag_len = EVP_CIPHER_CTX_tag_length(ctx); + aparams.tag_len = EVP_CIPHER_CTX_get_tag_length(ctx); if (aparams.tag_len <= 0) goto err; } diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 29bbd0c36d..673880f6d9 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -557,7 +557,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, } (void)ERR_pop_to_mark(); - fixlen = EVP_CIPHER_key_length(cipher); + fixlen = EVP_CIPHER_get_key_length(cipher); EVP_CIPHER_free(fetched_cipher); } @@ -1108,7 +1108,7 @@ static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms) * If the selected cipher supports unprotected attributes, * deal with it using special ctrl function */ - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0, cms->d.envelopedData->unprotectedAttrs) <= 0) { @@ -1228,7 +1228,7 @@ int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) * If the selected cipher supports unprotected attributes, * deal with it using special ctrl function */ - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { if (env->unprotectedAttrs == NULL) env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null(); @@ -1261,10 +1261,10 @@ int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio) * The tag is set only for encryption. There is nothing to do for * decryption. */ - if (!EVP_CIPHER_CTX_encrypting(ctx)) + if (!EVP_CIPHER_CTX_is_encrypting(ctx)) return 1; - taglen = EVP_CIPHER_CTX_tag_length(ctx); + taglen = EVP_CIPHER_CTX_get_tag_length(ctx); if (taglen <= 0 || (tag = OPENSSL_malloc(taglen)) == NULL || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 2fee4784da..47132fcbe8 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -218,7 +218,7 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, unsigned char *out = NULL; int outlen; - keklen = EVP_CIPHER_CTX_key_length(kari->ctx); + keklen = EVP_CIPHER_CTX_get_key_length(kari->ctx); if (keklen > EVP_MAX_KEY_LENGTH) return 0; /* Derive KEK */ @@ -424,14 +424,14 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, /* If a suitable wrap algorithm is already set nothing to do */ kekcipher = EVP_CIPHER_CTX_get0_cipher(ctx); if (kekcipher != NULL) { - if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE) + if (EVP_CIPHER_CTX_get_mode(ctx) != EVP_CIPH_WRAP_MODE) return 0; return 1; } if (cipher == NULL) return 0; - keylen = EVP_CIPHER_key_length(cipher); - if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) { + keylen = EVP_CIPHER_get_key_length(cipher); + if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) { /* TODO: make this not get a method we can call directly */ ret = EVP_CIPHER_meth_get_ctrl(cipher)(NULL, EVP_CTRL_GET_WRAP_CIPHER, 0, &kekcipher); @@ -439,9 +439,9 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, return 0; if (kekcipher != NULL) { - if (EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE) + if (EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) return 0; - kekcipher_name = EVP_CIPHER_name(kekcipher); + kekcipher_name = EVP_CIPHER_get0_name(kekcipher); goto enc; } } @@ -451,7 +451,7 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, * DES3 wrap otherwise use AES wrap similar to key size. */ #ifndef OPENSSL_NO_DES - if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc) + if (EVP_CIPHER_get_type(cipher) == NID_des_ede3_cbc) kekcipher_name = SN_id_smime_alg_CMS3DESwrap; else #endif diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index cfde2215bd..673a1f7ad5 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -455,12 +455,12 @@ int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, return 0; } BIO_get_md_ctx(chain, &mtmp); - if (EVP_MD_CTX_type(mtmp) == nid + if (EVP_MD_CTX_get_type(mtmp) == nid /* * Workaround for broken implementations that use signature * algorithm OID instead of digest. */ - || EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mtmp)) == nid) + || EVP_MD_get_pkey_type(EVP_MD_CTX_get0_md(mtmp)) == nid) return EVP_MD_CTX_copy_ex(mctx, mtmp); chain = BIO_next(chain); } diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index d521f8cc47..bc2b5179b7 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -91,7 +91,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, goto err; } - ivlen = EVP_CIPHER_CTX_iv_length(ctx); + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (ivlen > 0) { if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0) @@ -111,7 +111,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, } } - encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); + encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); EVP_CIPHER_CTX_free(ctx); ctx = NULL; @@ -182,7 +182,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx) { - size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); + size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); unsigned char *tmp; int outl, rv = 0; if (inlen < 2 * blocklen) { @@ -237,7 +237,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx, const CMS_CTX *cms_ctx) { - size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); + size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); size_t olen; int dummy; /* diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index c0235b6962..4fbe09ca5f 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -469,7 +469,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, goto err; if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; - } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, EVP_MD_name(md), + } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, + EVP_MD_get0_name(md), ossl_cms_ctx_get0_libctx(ctx), ossl_cms_ctx_get0_propq(ctx), pk, NULL) <= 0) { @@ -718,7 +719,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, pctx = si->pctx; if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; - siglen = EVP_PKEY_size(si->pkey); + siglen = EVP_PKEY_get_size(si->pkey); sig = OPENSSL_malloc(siglen); if (sig == NULL) { ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); @@ -733,7 +734,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, unsigned char *sig; unsigned int siglen; - sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); + sig = OPENSSL_malloc(EVP_PKEY_get_size(si->pkey)); if (sig == NULL) { ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); goto err; @@ -875,7 +876,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) goto err; } mctx = si->mctx; - if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_name(md), libctx, + if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx, propq, si->pkey, NULL) <= 0) goto err; diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index d48bbcb6c7..0c3bbd03c3 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -630,7 +630,7 @@ CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *data, X509 *recip; - cms = (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) + cms = (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) ? CMS_AuthEnvelopedData_create_ex(cipher, libctx, propq) : CMS_EnvelopedData_create_ex(cipher, libctx, propq); if (cms == NULL) diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index 5bb0f09ec7..415df3d839 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -409,14 +409,14 @@ static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg) { const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type); - get_legacy_evp_names(NID_undef, EVP_CIPHER_type(cipher), NULL, arg); + get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); } static void get_legacy_md_names(const OBJ_NAME *on, void *arg) { const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type); - get_legacy_evp_names(0, EVP_MD_type(md), NULL, arg); + get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); } static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index e26637d0a4..f402086823 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -621,7 +621,7 @@ X509 } (void)ERR_pop_to_mark(); - cikeysize = EVP_CIPHER_key_length(cipher); + cikeysize = EVP_CIPHER_get_key_length(cipher); /* first the symmetric key needs to be decrypted */ pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx)) { @@ -646,11 +646,11 @@ X509 } else { goto end; } - if ((iv = OPENSSL_malloc(EVP_CIPHER_iv_length(cipher))) == NULL) + if ((iv = OPENSSL_malloc(EVP_CIPHER_get_iv_length(cipher))) == NULL) goto end; if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv, - EVP_CIPHER_iv_length(cipher)) - != EVP_CIPHER_iv_length(cipher)) { + EVP_CIPHER_get_iv_length(cipher)) + != EVP_CIPHER_get_iv_length(cipher)) { ERR_raise(ERR_LIB_CRMF, CRMF_R_MALFORMED_IV); goto end; } @@ -660,7 +660,7 @@ X509 * keep the original pointer in outbuf so the memory can be freed later */ if ((p = outbuf = OPENSSL_malloc(ecert->encValue->length + - EVP_CIPHER_block_size(cipher))) == NULL + EVP_CIPHER_get_block_size(cipher))) == NULL || (evp_ctx = EVP_CIPHER_CTX_new()) == NULL) goto end; EVP_CIPHER_CTX_set_padding(evp_ctx, 0); diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index ecc37fa92a..7a234b8fb1 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -36,7 +36,7 @@ int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen, EVP_KDF_CTX *kctx = NULL; EVP_KDF *kdf = NULL; OSSL_PARAM params[5], *p = params; - const char *mdname = EVP_MD_name(md); + const char *mdname = EVP_MD_get0_name(md); kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X942KDF_ASN1, propq); kctx = EVP_KDF_CTX_new(kdf); @@ -67,7 +67,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) { char key_alg[OSSL_MAX_NAME_SIZE]; - const OSSL_PROVIDER *prov = EVP_MD_provider(md); + const OSSL_PROVIDER *prov = EVP_MD_get0_provider(md); OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); if (!OBJ_obj2txt(key_alg, sizeof(key_alg), key_oid, 0)) diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 78d46aba22..f742bf75cf 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -296,7 +296,7 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx, } if (dctx->md != NULL) - ossl_ffc_set_digest(&ret->params, EVP_MD_name(dctx->md), NULL); + ossl_ffc_set_digest(&ret->params, EVP_MD_get0_name(dctx->md), NULL); # ifndef FIPS_MODULE if (dctx->paramgen_type == DH_PARAMGEN_TYPE_FIPS_186_2) diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index d9fdc90d25..ffb19da580 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -83,7 +83,7 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md)) return 0; ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); @@ -102,7 +102,7 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md)) return 0; ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); @@ -128,9 +128,9 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha256) { + if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256) { ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE); return 0; } @@ -138,17 +138,17 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_type((const EVP_MD *)p2) != NID_dsa && - EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && - EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha512 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) { + if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_dsa && + EVP_MD_get_type((const EVP_MD *)p2) != NID_dsaWithSHA && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512) { ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE); return 0; } @@ -217,7 +217,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } if (dctx->md != NULL) - ossl_ffc_set_digest(&dsa->params, EVP_MD_name(dctx->md), NULL); + ossl_ffc_set_digest(&dsa->params, EVP_MD_get0_name(dctx->md), NULL); ret = ossl_ffc_params_FIPS186_4_generate(NULL, &dsa->params, FFC_PARAM_TYPE_DSA, dctx->nbits, diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 574ad51581..c7fbaeab5e 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -405,7 +405,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { switch (op) { case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) { + if (EVP_PKEY_get_id(pkey) == EVP_PKEY_SM2) { /* For SM2, the only valid digest-alg is SM3 */ *(int *)arg2 = NID_sm3; return 2; /* Make it mandatory */ diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index e4f3549d30..ce658e14ca 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -126,7 +126,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, return 0; } - type = (dctx->md != NULL) ? EVP_MD_type(dctx->md) : NID_sha1; + type = (dctx->md != NULL) ? EVP_MD_get_type(dctx->md) : NID_sha1; ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); @@ -145,7 +145,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, EC_KEY *ec = ctx->pkey->pkey.ec; if (dctx->md) - type = EVP_MD_type(dctx->md); + type = EVP_MD_get_type(dctx->md); else type = NID_sha1; @@ -335,17 +335,17 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return dctx->kdf_ukmlen; case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha512 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512 && - EVP_MD_type((const EVP_MD *)p2) != NID_sm3) { + if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512 && + EVP_MD_get_type((const EVP_MD *)p2) != NID_sm3) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST_TYPE); return 0; } diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index b8858cb3ef..de63bf8500 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -30,7 +30,7 @@ int ossl_ecdh_kdf_X9_63(unsigned char *out, size_t outlen, int ret = 0; EVP_KDF_CTX *kctx = NULL; OSSL_PARAM params[4], *p = params; - const char *mdname = EVP_MD_name(md); + const char *mdname = EVP_MD_get0_name(md); EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X963KDF, propq); if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 9dd347d670..c4bbb0a535 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -265,7 +265,7 @@ static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, ECX_KEY *ecx = NULL; if (pkey->keymgmt != NULL) - libctx = ossl_provider_libctx(EVP_KEYMGMT_provider(pkey->keymgmt)); + libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); ecx = ossl_ecx_key_op(NULL, priv, len, pkey->ameth->pkey_id, KEY_OP_PRIVATE, libctx, NULL); @@ -283,7 +283,7 @@ static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len) ECX_KEY *ecx = NULL; if (pkey->keymgmt != NULL) - libctx = ossl_provider_libctx(EVP_KEYMGMT_provider(pkey->keymgmt)); + libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); ecx = ossl_ecx_key_op(NULL, pub, len, pkey->ameth->pkey_id, KEY_OP_PUBLIC, libctx, NULL); @@ -806,7 +806,7 @@ static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen) { - const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx; if (sig == NULL) { *siglen = ED25519_SIGSIZE; @@ -828,7 +828,7 @@ static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen) { - const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx; if (sig == NULL) { *siglen = ED448_SIGSIZE; @@ -850,7 +850,7 @@ static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { - const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx; if (siglen != ED25519_SIGSIZE) return 0; @@ -863,7 +863,7 @@ static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { - const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx; if (siglen != ED448_SIGSIZE) return 0; @@ -1177,7 +1177,7 @@ static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, } ed25519; unsigned long long buff[512]; } param; - const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx; int rc; if (sig == NULL) { @@ -1217,7 +1217,7 @@ static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx, } ed448; unsigned long long buff[512]; } param; - const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx; int rc; if (sig == NULL) { @@ -1260,7 +1260,7 @@ static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, } ed25519; unsigned long long buff[512]; } param; - const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx; if (siglen != ED25519_SIGSIZE) return 0; @@ -1287,7 +1287,7 @@ static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx, } ed448; unsigned long long buff[512]; } param; - const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; + const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx; if (siglen != ED448_SIGSIZE) return 0; diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index 022c1d56e2..ddfd90aae5 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -300,7 +300,7 @@ int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder) return 0; } - prov = OSSL_DECODER_provider(decoder); + prov = OSSL_DECODER_get0_provider(decoder); provctx = OSSL_PROVIDER_get0_provider_ctx(prov); if ((decoderctx = decoder->newctx(provctx)) == NULL diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c index 48a52c9612..708b319314 100644 --- a/crypto/encode_decode/decoder_meth.c +++ b/crypto/encode_decode/decoder_meth.c @@ -401,7 +401,7 @@ OSSL_DECODER *ossl_decoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id, * Library of basic method functions */ -const OSSL_PROVIDER *OSSL_DECODER_provider(const OSSL_DECODER *decoder) +const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *decoder) { if (!ossl_assert(decoder != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); @@ -411,7 +411,7 @@ const OSSL_PROVIDER *OSSL_DECODER_provider(const OSSL_DECODER *decoder) return decoder->base.prov; } -const char *OSSL_DECODER_properties(const OSSL_DECODER *decoder) +const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder) { if (!ossl_assert(decoder != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); @@ -421,7 +421,7 @@ const char *OSSL_DECODER_properties(const OSSL_DECODER *decoder) return decoder->base.propdef; } -int OSSL_DECODER_number(const OSSL_DECODER *decoder) +int OSSL_DECODER_get_number(const OSSL_DECODER *decoder) { if (!ossl_assert(decoder != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); @@ -431,12 +431,12 @@ int OSSL_DECODER_number(const OSSL_DECODER *decoder) return decoder->base.id; } -const char *OSSL_DECODER_name(const OSSL_DECODER *decoder) +const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder) { return decoder->base.name; } -const char *OSSL_DECODER_description(const OSSL_DECODER *decoder) +const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder) { return decoder->base.description; } @@ -511,7 +511,7 @@ const OSSL_PARAM * OSSL_DECODER_gettable_params(OSSL_DECODER *decoder) { if (decoder != NULL && decoder->gettable_params != NULL) { - void *provctx = ossl_provider_ctx(OSSL_DECODER_provider(decoder)); + void *provctx = ossl_provider_ctx(OSSL_DECODER_get0_provider(decoder)); return decoder->gettable_params(provctx); } @@ -529,7 +529,7 @@ const OSSL_PARAM * OSSL_DECODER_settable_ctx_params(OSSL_DECODER *decoder) { if (decoder != NULL && decoder->settable_ctx_params != NULL) { - void *provctx = ossl_provider_ctx(OSSL_DECODER_provider(decoder)); + void *provctx = ossl_provider_ctx(OSSL_DECODER_get0_provider(decoder)); return decoder->settable_ctx_params(provctx); } diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index 0bb068ae68..c9ccb2200a 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -108,8 +108,8 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst, if (keymgmt != NULL) { EVP_PKEY *pkey = NULL; void *keydata = NULL; - const OSSL_PROVIDER *keymgmt_prov = EVP_KEYMGMT_provider(keymgmt); - const OSSL_PROVIDER *decoder_prov = OSSL_DECODER_provider(decoder); + const OSSL_PROVIDER *keymgmt_prov = EVP_KEYMGMT_get0_provider(keymgmt); + const OSSL_PROVIDER *decoder_prov = OSSL_DECODER_get0_provider(decoder); /* * If the EVP_KEYMGMT and the OSSL_DECODER are from the @@ -226,7 +226,7 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg) { struct collect_decoder_data_st *data = arg; size_t i, end_i; - const OSSL_PROVIDER *prov = OSSL_DECODER_provider(decoder); + const OSSL_PROVIDER *prov = OSSL_DECODER_get0_provider(decoder); void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov); if (data->error_occurred) diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c index f074c9fb60..4481773610 100644 --- a/crypto/encode_decode/encoder_lib.c +++ b/crypto/encode_decode/encoder_lib.c @@ -279,7 +279,7 @@ int OSSL_ENCODER_CTX_add_encoder(OSSL_ENCODER_CTX *ctx, OSSL_ENCODER *encoder) return 0; } - prov = OSSL_ENCODER_provider(encoder); + prov = OSSL_ENCODER_get0_provider(encoder); provctx = OSSL_PROVIDER_get0_provider_ctx(prov); if ((encoderctx = encoder->newctx(provctx)) == NULL diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c index 3b2bc2d83e..33655c12a6 100644 --- a/crypto/encode_decode/encoder_meth.c +++ b/crypto/encode_decode/encoder_meth.c @@ -413,7 +413,7 @@ OSSL_ENCODER *ossl_encoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id, * Library of basic method functions */ -const OSSL_PROVIDER *OSSL_ENCODER_provider(const OSSL_ENCODER *encoder) +const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder) { if (!ossl_assert(encoder != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); @@ -423,7 +423,7 @@ const OSSL_PROVIDER *OSSL_ENCODER_provider(const OSSL_ENCODER *encoder) return encoder->base.prov; } -const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder) +const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder) { if (!ossl_assert(encoder != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); @@ -433,7 +433,7 @@ const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder) return encoder->base.propdef; } -int OSSL_ENCODER_number(const OSSL_ENCODER *encoder) +int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder) { if (!ossl_assert(encoder != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); @@ -443,12 +443,12 @@ int OSSL_ENCODER_number(const OSSL_ENCODER *encoder) return encoder->base.id; } -const char *OSSL_ENCODER_name(const OSSL_ENCODER *encoder) +const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *encoder) { return encoder->base.name; } -const char *OSSL_ENCODER_description(const OSSL_ENCODER *encoder) +const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *encoder) { return encoder->base.description; } @@ -528,7 +528,7 @@ const OSSL_PARAM * OSSL_ENCODER_gettable_params(OSSL_ENCODER *encoder) { if (encoder != NULL && encoder->gettable_params != NULL) { - void *provctx = ossl_provider_ctx(OSSL_ENCODER_provider(encoder)); + void *provctx = ossl_provider_ctx(OSSL_ENCODER_get0_provider(encoder)); return encoder->gettable_params(provctx); } @@ -545,7 +545,7 @@ int OSSL_ENCODER_get_params(OSSL_ENCODER *encoder, OSSL_PARAM params[]) const OSSL_PARAM *OSSL_ENCODER_settable_ctx_params(OSSL_ENCODER *encoder) { if (encoder != NULL && encoder->settable_ctx_params != NULL) { - void *provctx = ossl_provider_ctx(OSSL_ENCODER_provider(encoder)); + void *provctx = ossl_provider_ctx(OSSL_ENCODER_get0_provider(encoder)); return encoder->settable_ctx_params(provctx); } diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c index 3bb0702e43..4a1ffb3b3e 100644 --- a/crypto/encode_decode/encoder_pkey.c +++ b/crypto/encode_decode/encoder_pkey.c @@ -98,7 +98,7 @@ static void collect_encoder(OSSL_ENCODER *encoder, void *arg) end_i = sk_OPENSSL_CSTRING_num(data->names); for (i = 0; i < end_i; i++) { const char *name = sk_OPENSSL_CSTRING_value(data->names, i); - const OSSL_PROVIDER *prov = OSSL_ENCODER_provider(encoder); + const OSSL_PROVIDER *prov = OSSL_ENCODER_get0_provider(encoder); void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov); if (!OSSL_ENCODER_is_a(encoder, name) @@ -173,8 +173,8 @@ encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg) OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst); const EVP_PKEY *pk = data->pk; - const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_provider(pk->keymgmt); - const OSSL_PROVIDER *e_prov = OSSL_ENCODER_provider(encoder); + const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt); + const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder); if (k_prov != e_prov) { data->encoder_inst = encoder_inst; @@ -226,7 +226,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx, } if (evp_pkey_is_provided(pkey)) { - prov = EVP_KEYMGMT_provider(pkey->keymgmt); + prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); libctx = ossl_provider_libctx(prov); } @@ -312,7 +312,7 @@ OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey, } if (evp_pkey_is_provided(pkey)) { - const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt); + const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); libctx = ossl_provider_libctx(prov); } diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 3ca95abc13..648d333dbc 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -205,7 +205,7 @@ typedef struct { static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - const int n = EVP_CIPHER_CTX_key_length(ctx); + const int n = EVP_CIPHER_CTX_get_key_length(ctx); # ifdef TEST_ENG_OPENSSL_RC4_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); @@ -285,9 +285,9 @@ static int test_cipher_nids(const int **nids) if (!init) { const EVP_CIPHER *cipher; if ((cipher = test_r4_cipher()) != NULL) - cipher_nids[pos++] = EVP_CIPHER_nid(cipher); + cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher); if ((cipher = test_r4_40_cipher()) != NULL) - cipher_nids[pos++] = EVP_CIPHER_nid(cipher); + cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher); cipher_nids[pos] = 0; init = 1; } @@ -328,7 +328,7 @@ static int test_sha1_init(EVP_MD_CTX *ctx) # ifdef TEST_ENG_OPENSSL_SHA_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); # endif - return SHA1_Init(EVP_MD_CTX_md_data(ctx)); + return SHA1_Init(EVP_MD_CTX_get0_md_data(ctx)); } static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) @@ -336,7 +336,7 @@ static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); # endif - return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); + return SHA1_Update(EVP_MD_CTX_get0_md_data(ctx), data, count); } static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) @@ -344,7 +344,7 @@ static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); # endif - return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); + return SHA1_Final(md, EVP_MD_CTX_get0_md_data(ctx)); } static EVP_MD *sha1_md = NULL; @@ -383,7 +383,7 @@ static int test_digest_nids(const int **nids) if (!init) { const EVP_MD *md; if ((md = test_sha_md()) != NULL) - digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos++] = EVP_MD_get_type(md); digest_nids[pos] = 0; init = 1; } @@ -522,7 +522,7 @@ static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx)); + OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_get_pkey_ctx(ctx)); if (!HMAC_Update(hctx->ctx, data, count)) return 0; return 1; @@ -540,7 +540,7 @@ static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, { unsigned int hlen; OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - int l = EVP_MD_CTX_size(mctx); + int l = EVP_MD_CTX_get_size(mctx); if (l < 0) return 0; diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c index 513cb7e654..52be1c2d7c 100644 --- a/crypto/evp/asymcipher.c +++ b/crypto/evp/asymcipher.c @@ -79,8 +79,8 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation, EVP_ASYM_CIPHER_fetch(ctx->libctx, supported_ciph, ctx->propquery); if (cipher == NULL - || (EVP_KEYMGMT_provider(ctx->keymgmt) - != EVP_ASYM_CIPHER_provider(cipher))) { + || (EVP_KEYMGMT_get0_provider(ctx->keymgmt) + != EVP_ASYM_CIPHER_get0_provider(cipher))) { /* * We don't need to free ctx->keymgmt here, as it's not necessarily * tied to this operation. It will be freed by EVP_PKEY_CTX_free(). @@ -415,7 +415,7 @@ int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher) return 1; } -OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher) +OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher) { return cipher->prov; } @@ -434,17 +434,17 @@ int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name) return evp_is_a(cipher->prov, cipher->name_id, NULL, name); } -int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher) +int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher) { return cipher->name_id; } -const char *EVP_ASYM_CIPHER_name(const EVP_ASYM_CIPHER *cipher) +const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher) { return cipher->type_name; } -const char *EVP_ASYM_CIPHER_description(const EVP_ASYM_CIPHER *cipher) +const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher) { return cipher->description; } @@ -478,7 +478,7 @@ const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip if (cip == NULL || cip->gettable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_provider(cip)); + provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_get0_provider(cip)); return cip->gettable_ctx_params(NULL, provctx); } @@ -489,6 +489,6 @@ const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip if (cip == NULL || cip->settable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_provider(cip)); + provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_get0_provider(cip)); return cip->settable_ctx_params(NULL, provctx); } diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 9d7a9eafef..0483c726d2 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -135,7 +135,7 @@ static int enc_read(BIO *b, char *out, int outl) } } - blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher); + blocksize = EVP_CIPHER_CTX_get_block_size(ctx->cipher); if (blocksize == 1) blocksize = 0; @@ -312,7 +312,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) ctx->ok = 1; ctx->finished = 0; if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, - EVP_CIPHER_CTX_encrypting(ctx->cipher))) + EVP_CIPHER_CTX_is_encrypting(ctx->cipher))) return 0; ret = BIO_ctrl(next, cmd, num, ptr); break; diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index 8e5b3e6446..26a30c698b 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -214,7 +214,7 @@ static int md_gets(BIO *bp, char *buf, int size) ctx = BIO_get_data(bp); - if (size < EVP_MD_CTX_size(ctx)) + if (size < EVP_MD_CTX_get_size(ctx)) return 0; if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index c1256c7cbb..7e3d23f2dc 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -443,8 +443,8 @@ static int sig_out(BIO *b) ctx = BIO_get_data(b); md = ctx->md; digest = EVP_MD_CTX_get0_md(md); - md_size = EVP_MD_size(digest); - md_data = EVP_MD_CTX_md_data(md); + md_size = EVP_MD_get_size(digest); + md_data = EVP_MD_CTX_get0_md_data(md); if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE) return 1; @@ -487,8 +487,8 @@ static int sig_in(BIO *b) ctx = BIO_get_data(b); md = ctx->md; digest = EVP_MD_CTX_get0_md(md); - md_size = EVP_MD_size(digest); - md_data = EVP_MD_CTX_md_data(md); + md_size = EVP_MD_get_size(digest); + md_data = EVP_MD_CTX_get0_md_data(md); if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size) return 1; @@ -533,7 +533,7 @@ static int block_out(BIO *b) ctx = BIO_get_data(b); md = ctx->md; digest = EVP_MD_CTX_get0_md(md); - md_size = EVP_MD_size(digest); + md_size = EVP_MD_get_size(digest); tl = ctx->buf_len - OK_BLOCK_BLOCK; ctx->buf[0] = (unsigned char)(tl >> 24); @@ -563,7 +563,7 @@ static int block_in(BIO *b) ctx = BIO_get_data(b); md = ctx->md; - md_size = EVP_MD_size(EVP_MD_CTX_get0_md(md)); + md_size = EVP_MD_get_size(EVP_MD_CTX_get0_md(md)); assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ tl = ctx->buf[0]; diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 7e550f81a1..e289c7df7b 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -710,12 +710,12 @@ cleanup_translation_ctx(enum state state, */ static const char *get_cipher_name(void *cipher) { - return EVP_CIPHER_name(cipher); + return EVP_CIPHER_get0_name(cipher); } static const char *get_md_name(void *md) { - return EVP_MD_name(md); + return EVP_MD_get0_name(md); } static const void *get_cipher_by_name(OSSL_LIB_CTX *libctx, const char *name) @@ -1456,7 +1456,7 @@ static int get_payload_group_name(enum state state, EVP_PKEY *pkey = ctx->p2; ctx->p2 = NULL; - switch (EVP_PKEY_base_id(pkey)) { + switch (EVP_PKEY_get_base_id(pkey)) { #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: { @@ -1512,7 +1512,7 @@ static int get_payload_private_key(enum state state, if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER) return 0; - switch (EVP_PKEY_base_id(pkey)) { + switch (EVP_PKEY_get_base_id(pkey)) { #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: { @@ -1548,7 +1548,7 @@ static int get_payload_public_key(enum state state, int ret; ctx->p2 = NULL; - switch (EVP_PKEY_base_id(pkey)) { + switch (EVP_PKEY_get_base_id(pkey)) { #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: switch (ctx->params->data_type) { @@ -1618,7 +1618,7 @@ static int get_dh_dsa_payload_p(enum state state, const BIGNUM *bn = NULL; EVP_PKEY *pkey = ctx->p2; - switch (EVP_PKEY_base_id(pkey)) { + switch (EVP_PKEY_get_base_id(pkey)) { #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: bn = DH_get0_p(EVP_PKEY_get0_DH(pkey)); @@ -1642,7 +1642,7 @@ static int get_dh_dsa_payload_q(enum state state, { const BIGNUM *bn = NULL; - switch (EVP_PKEY_base_id(ctx->p2)) { + switch (EVP_PKEY_get_base_id(ctx->p2)) { #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: bn = DH_get0_q(EVP_PKEY_get0_DH(ctx->p2)); @@ -1664,7 +1664,7 @@ static int get_dh_dsa_payload_g(enum state state, { const BIGNUM *bn = NULL; - switch (EVP_PKEY_base_id(ctx->p2)) { + switch (EVP_PKEY_get_base_id(ctx->p2)) { #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: bn = DH_get0_g(EVP_PKEY_get0_DH(ctx->p2)); @@ -1720,7 +1720,7 @@ static int get_rsa_payload_n(enum state state, { const BIGNUM *bn = NULL; - if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA) + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) return 0; bn = RSA_get0_n(EVP_PKEY_get0_RSA(ctx->p2)); @@ -1733,7 +1733,7 @@ static int get_rsa_payload_e(enum state state, { const BIGNUM *bn = NULL; - if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA) + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) return 0; bn = RSA_get0_e(EVP_PKEY_get0_RSA(ctx->p2)); @@ -1746,7 +1746,7 @@ static int get_rsa_payload_d(enum state state, { const BIGNUM *bn = NULL; - if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA) + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) return 0; bn = RSA_get0_d(EVP_PKEY_get0_RSA(ctx->p2)); @@ -1846,7 +1846,7 @@ static int get_rsa_payload_coefficient(enum state state, const struct translation_st *translation, \ struct translation_ctx_st *ctx) \ { \ - if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA) \ + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \ return 0; \ return get_rsa_payload_factor(state, translation, ctx, n - 1); \ } @@ -1857,7 +1857,7 @@ static int get_rsa_payload_coefficient(enum state state, const struct translation_st *translation, \ struct translation_ctx_st *ctx) \ { \ - if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA) \ + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \ return 0; \ return get_rsa_payload_exponent(state, translation, ctx, \ n - 1); \ @@ -1869,7 +1869,7 @@ static int get_rsa_payload_coefficient(enum state state, const struct translation_st *translation, \ struct translation_ctx_st *ctx) \ { \ - if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA) \ + if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \ return 0; \ return get_rsa_payload_coefficient(state, translation, ctx, \ n - 1); \ diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index b202d466e4..00806ae201 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -411,7 +411,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) if (ctx->digest == NULL) return 0; - sz = EVP_MD_size(ctx->digest); + sz = EVP_MD_get_size(ctx->digest); if (sz < 0) return 0; mdsize = sz; @@ -654,7 +654,7 @@ const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest) { if (digest != NULL && digest->gettable_params != NULL) return digest->gettable_params( - ossl_provider_ctx(EVP_MD_provider(digest))); + ossl_provider_ctx(EVP_MD_get0_provider(digest))); return NULL; } @@ -682,7 +682,7 @@ const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md) void *provctx; if (md != NULL && md->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_MD_provider(md)); + provctx = ossl_provider_ctx(EVP_MD_get0_provider(md)); return md->settable_ctx_params(NULL, provctx); } return NULL; @@ -707,7 +707,7 @@ const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx) pctx->op.sig.algctx); if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) { - alg = ossl_provider_ctx(EVP_MD_provider(ctx->digest)); + alg = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest)); return ctx->digest->settable_ctx_params(ctx->algctx, alg); } @@ -738,7 +738,7 @@ const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md) void *provctx; if (md != NULL && md->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_MD_provider(md)); + provctx = ossl_provider_ctx(EVP_MD_get0_provider(md)); return md->gettable_ctx_params(NULL, provctx); } return NULL; @@ -763,7 +763,7 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx) pctx->op.sig.algctx); if (ctx->digest != NULL && ctx->digest->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_MD_provider(ctx->digest)); + provctx = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest)); return ctx->digest->gettable_ctx_params(ctx->algctx, provctx); } return NULL; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 7e8f8ece72..2c2a4ba90c 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -147,16 +147,18 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, int ret, mode; EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - mode = EVP_CIPHER_CTX_mode(ctx); + mode = EVP_CIPHER_CTX_get_mode(ctx); if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { - ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = aesni_set_decrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) aesni_decrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? (cbc128_f) aesni_cbc_encrypt : NULL; } else { - ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = aesni_set_encrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) aesni_encrypt; if (mode == EVP_CIPH_CBC_MODE) @@ -179,7 +181,7 @@ static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, - ctx->iv, EVP_CIPHER_CTX_encrypting(ctx)); + ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } @@ -187,13 +189,13 @@ static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - size_t bl = EVP_CIPHER_CTX_block_size(ctx); + size_t bl = EVP_CIPHER_CTX_get_block_size(ctx); if (len < bl) return 1; aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } @@ -225,7 +227,7 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (!iv && !key) return 1; if (key) { - aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt); gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; @@ -265,7 +267,7 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (key) { /* The key is two half length keys in reality */ - const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; + const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2; const int bits = bytes * 8; /* @@ -316,7 +318,7 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (!iv && !key) return 1; if (key) { - aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) aesni_encrypt); @@ -349,9 +351,9 @@ static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * needs both. We could possibly optimise to remove setting the * decrypt for an encryption operation. */ - aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksenc.ks); - aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + aesni_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, &octx->ksenc.ks, &octx->ksdec.ks, @@ -448,8 +450,8 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, int ret, mode, bits; EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - mode = EVP_CIPHER_CTX_mode(ctx); - bits = EVP_CIPHER_CTX_key_length(ctx) * 8; + mode = EVP_CIPHER_CTX_get_mode(ctx); + bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { ret = 0; @@ -548,7 +550,7 @@ static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (!iv && !key) return 1; if (key) { - int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; + int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aes_t4_encrypt); @@ -601,7 +603,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (key) { /* The key is two half length keys in reality */ - const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; + const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2; const int bits = bytes * 8; /* @@ -671,7 +673,7 @@ static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (!iv && !key) return 1; if (key) { - int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; + int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) aes_t4_encrypt); @@ -703,9 +705,9 @@ static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * needs both. We could possibly optimise to remove setting the * decrypt for an encryption operation. */ - aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksenc.ks); - aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, &octx->ksenc.ks, &octx->ksdec.ks, @@ -969,7 +971,7 @@ static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *iv, int enc) { S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); - const int keylen = EVP_CIPHER_CTX_key_length(ctx); + const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); cctx->fc = S390X_AES_FC(keylen); if (!enc) @@ -994,8 +996,8 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx, { S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); const unsigned char *iv = ctx->oiv; - const int keylen = EVP_CIPHER_CTX_key_length(ctx); - const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); + const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); memcpy(cctx->kmo.param.cv, iv, ivlen); memcpy(cctx->kmo.param.k, key, keylen); @@ -1049,8 +1051,8 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx, { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); const unsigned char *iv = ctx->oiv; - const int keylen = EVP_CIPHER_CTX_key_length(ctx); - const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); + const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); cctx->fc = S390X_AES_FC(keylen); cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */ @@ -1067,8 +1069,8 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); - const int keylen = EVP_CIPHER_CTX_key_length(ctx); - const int enc = EVP_CIPHER_CTX_encrypting(ctx); + const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); + const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); int n = cctx->res; int rem; unsigned char tmp; @@ -1115,8 +1117,8 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx, { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); const unsigned char *iv = ctx->oiv; - const int keylen = EVP_CIPHER_CTX_key_length(ctx); - const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); + const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); + const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); cctx->fc = S390X_AES_FC(keylen); cctx->fc |= 1 << 24; /* 1 byte cipher feedback */ @@ -1345,7 +1347,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_INIT: - ivlen = EVP_CIPHER_iv_length(c->cipher); + ivlen = EVP_CIPHER_get_iv_length(c->cipher); gctx->key_set = 0; gctx->iv_set = 0; gctx->ivlen = ivlen; @@ -1385,7 +1387,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_AEAD_SET_TAG: buf = EVP_CIPHER_CTX_buf_noconst(c); - enc = EVP_CIPHER_CTX_encrypting(c); + enc = EVP_CIPHER_CTX_is_encrypting(c); if (arg <= 0 || arg > 16 || enc) return 0; @@ -1394,7 +1396,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_AEAD_GET_TAG: - enc = EVP_CIPHER_CTX_encrypting(c); + enc = EVP_CIPHER_CTX_is_encrypting(c); if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0) return 0; @@ -1418,7 +1420,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) if (arg) memcpy(gctx->iv, ptr, arg); - enc = EVP_CIPHER_CTX_encrypting(c); + enc = EVP_CIPHER_CTX_is_encrypting(c); if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) return 0; @@ -1444,7 +1446,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_GCM_SET_IV_INV: - enc = EVP_CIPHER_CTX_encrypting(c); + enc = EVP_CIPHER_CTX_is_encrypting(c); if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc) return 0; @@ -1470,7 +1472,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too. */ - enc = EVP_CIPHER_CTX_encrypting(c); + enc = EVP_CIPHER_CTX_is_encrypting(c); if (!enc) { if (len < EVP_GCM_TLS_TAG_LEN) return 0; @@ -1518,7 +1520,7 @@ static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, return 1; if (key != NULL) { - keylen = EVP_CIPHER_CTX_key_length(ctx); + keylen = EVP_CIPHER_CTX_get_key_length(ctx); memcpy(&gctx->kma.param.k, key, keylen); gctx->fc = S390X_AES_FC(keylen); @@ -1554,7 +1556,7 @@ static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); - const int enc = EVP_CIPHER_CTX_encrypting(ctx); + const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); int rv = -1; if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) @@ -1643,7 +1645,7 @@ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, OPENSSL_cleanse(tmp, gctx->mreslen); gctx->iv_set = 0; - enc = EVP_CIPHER_CTX_encrypting(ctx); + enc = EVP_CIPHER_CTX_is_encrypting(ctx); if (enc) { gctx->taglen = 16; } else { @@ -1866,7 +1868,7 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); unsigned char *ivec = ctx->iv; unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); - const int enc = EVP_CIPHER_CTX_encrypting(ctx); + const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) @@ -1924,7 +1926,7 @@ static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx, return 1; if (key != NULL) { - keylen = EVP_CIPHER_CTX_key_length(ctx); + keylen = EVP_CIPHER_CTX_get_key_length(ctx); cctx->aes.ccm.fc = S390X_AES_FC(keylen); memcpy(cctx->aes.ccm.kmac_param.k, key, keylen); @@ -1957,7 +1959,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); - const int enc = EVP_CIPHER_CTX_encrypting(ctx); + const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); int rv; unsigned char *buf; @@ -2079,7 +2081,7 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) /* Correct length for explicit iv. */ len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; - enc = EVP_CIPHER_CTX_encrypting(c); + enc = EVP_CIPHER_CTX_is_encrypting(c); if (!enc) { if (len < cctx->aes.ccm.m) return 0; @@ -2117,7 +2119,7 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) if ((arg & 1) || arg < 4 || arg > 16) return 0; - enc = EVP_CIPHER_CTX_encrypting(c); + enc = EVP_CIPHER_CTX_is_encrypting(c); if (enc && ptr) return 0; @@ -2131,7 +2133,7 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_AEAD_GET_TAG: - enc = EVP_CIPHER_CTX_encrypting(c); + enc = EVP_CIPHER_CTX_is_encrypting(c); if (!enc || !cctx->aes.ccm.tag_set) return 0; @@ -2302,13 +2304,13 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, int ret, mode; EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - mode = EVP_CIPHER_CTX_mode(ctx); + mode = EVP_CIPHER_CTX_get_mode(ctx); if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { #ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { ret = HWAES_set_decrypt_key(key, - EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) HWAES_decrypt; dat->stream.cbc = NULL; @@ -2320,7 +2322,8 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { - ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = AES_set_decrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) AES_decrypt; dat->stream.cbc = (cbc128_f) ossl_bsaes_cbc_encrypt; @@ -2329,7 +2332,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { ret = vpaes_set_decrypt_key(key, - EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) vpaes_decrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? @@ -2338,7 +2341,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif { ret = AES_set_decrypt_key(key, - EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) AES_decrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? @@ -2347,7 +2350,8 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } else #ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { - ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = HWAES_set_encrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) HWAES_encrypt; dat->stream.cbc = NULL; @@ -2366,7 +2370,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { - ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) AES_encrypt; dat->stream.ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks; @@ -2374,7 +2378,8 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = vpaes_set_encrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) vpaes_encrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? @@ -2382,7 +2387,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } else #endif { - ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &dat->ks.ks); dat->block = (block128_f) AES_encrypt; dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? @@ -2408,8 +2413,8 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (dat->stream.cbc) (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); - else if (EVP_CIPHER_CTX_encrypting(ctx)) + EVP_CIPHER_CTX_is_encrypting(ctx)); + else if (EVP_CIPHER_CTX_is_encrypting(ctx)) CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); else @@ -2422,7 +2427,7 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - size_t bl = EVP_CIPHER_CTX_block_size(ctx); + size_t bl = EVP_CIPHER_CTX_get_block_size(ctx); size_t i; EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); @@ -2440,7 +2445,7 @@ static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, dat->block); EVP_CIPHER_CTX_set_num(ctx, num); @@ -2452,10 +2457,10 @@ static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } @@ -2465,10 +2470,10 @@ static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } @@ -2479,29 +2484,29 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } while (len >= MAXBITCHUNK) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); len -= MAXBITCHUNK; out += MAXBITCHUNK; in += MAXBITCHUNK; } if (len) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); } @@ -2511,7 +2516,7 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - unsigned int num = EVP_CIPHER_CTX_num(ctx); + unsigned int num = EVP_CIPHER_CTX_get_num(ctx); EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); if (dat->stream.ctr) @@ -2550,7 +2555,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_INIT: gctx->key_set = 0; gctx->iv_set = 0; - gctx->ivlen = EVP_CIPHER_iv_length(c->cipher); + gctx->ivlen = EVP_CIPHER_get_iv_length(c->cipher); gctx->iv = c->iv; gctx->taglen = -1; gctx->iv_gen = 0; @@ -3112,7 +3117,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (key) { do { /* The key is two half length keys in reality */ - const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2; + const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2; const int bits = bytes * 8; /* @@ -3241,7 +3246,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, xctx->xts.key1, xctx->xts.key2, ctx->iv); else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, - EVP_CIPHER_CTX_encrypting(ctx))) + EVP_CIPHER_CTX_is_encrypting(ctx))) return 0; return 1; } @@ -3288,7 +3293,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too */ - if (!EVP_CIPHER_CTX_encrypting(c)) { + if (!EVP_CIPHER_CTX_is_encrypting(c)) { if (len < cctx->M) return 0; len -= cctx->M; @@ -3319,7 +3324,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_AEAD_SET_TAG: if ((arg & 1) || arg < 4 || arg > 16) return 0; - if (EVP_CIPHER_CTX_encrypting(c) && ptr) + if (EVP_CIPHER_CTX_is_encrypting(c) && ptr) return 0; if (ptr) { cctx->tag_set = 1; @@ -3329,7 +3334,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_AEAD_GET_TAG: - if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set) + if (!EVP_CIPHER_CTX_is_encrypting(c) || !cctx->tag_set) return 0; if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) return 0; @@ -3366,7 +3371,8 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, do { #ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { - HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + HWAES_set_encrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, @@ -3378,7 +3384,8 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + vpaes_set_encrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) vpaes_encrypt); @@ -3387,7 +3394,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, break; } #endif - AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) AES_encrypt); @@ -3410,7 +3417,7 @@ static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) return -1; /* If encrypting set explicit IV from sequence number (start of AAD) */ - if (EVP_CIPHER_CTX_encrypting(ctx)) + if (EVP_CIPHER_CTX_is_encrypting(ctx)) memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), EVP_CCM_TLS_EXPLICIT_IV_LEN); /* Get rest of IV from explicit IV */ @@ -3422,11 +3429,12 @@ static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, len)) return -1; /* Use saved AAD */ - CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len); + CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), + cctx->tls_aad_len); /* Fix buffer to point to payload */ in += EVP_CCM_TLS_EXPLICIT_IV_LEN; out += EVP_CCM_TLS_EXPLICIT_IV_LEN; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) @@ -3484,7 +3492,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } /* The tag must be set before actually decrypting data */ - if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) + if (!EVP_CIPHER_CTX_is_encrypting(ctx) && !cctx->tag_set) return -1; /* If not set length yet do it */ @@ -3493,7 +3501,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; cctx->len_set = 1; } - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) @@ -3546,17 +3554,17 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (!iv && !key) return 1; if (key) { - if (EVP_CIPHER_CTX_encrypting(ctx)) - AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + if (EVP_CIPHER_CTX_is_encrypting(ctx)) + AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &wctx->ks.ks); else - AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &wctx->ks.ks); if (!iv) wctx->iv = NULL; } if (iv) { - memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, iv, EVP_CIPHER_CTX_get_iv_length(ctx)); wctx->iv = ctx->iv; } return 1; @@ -3568,7 +3576,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); size_t rv; /* AES wrap with padding has IV length of 4, without padding 8 */ - int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4; + int pad = EVP_CIPHER_CTX_get_iv_length(ctx) == 4; /* No final operation so always return zero length */ if (!in) return 0; @@ -3576,7 +3584,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!inlen) return -1; /* If decrypting need at least 16 bytes and multiple of 8 */ - if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7)) + if (!EVP_CIPHER_CTX_is_encrypting(ctx) && (inlen < 16 || inlen & 0x7)) return -1; /* If not padding input must be multiple of 8 */ if (!pad && inlen & 0x7) @@ -3586,7 +3594,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 0; } if (!out) { - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { /* If padding round up to multiple of 8 */ if (pad) inlen = (inlen + 7) / 8 * 8; @@ -3602,7 +3610,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } if (pad) { - if (EVP_CIPHER_CTX_encrypting(ctx)) + if (EVP_CIPHER_CTX_is_encrypting(ctx)) rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_encrypt); @@ -3611,7 +3619,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, out, in, inlen, (block128_f) AES_decrypt); } else { - if (EVP_CIPHER_CTX_encrypting(ctx)) + if (EVP_CIPHER_CTX_is_encrypting(ctx)) rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen, (block128_f) AES_encrypt); else @@ -3720,7 +3728,7 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_INIT: octx->key_set = 0; octx->iv_set = 0; - octx->ivlen = EVP_CIPHER_iv_length(c->cipher); + octx->ivlen = EVP_CIPHER_get_iv_length(c->cipher); octx->iv = c->iv; octx->taglen = 16; octx->data_buf_len = 0; @@ -3748,13 +3756,13 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) octx->taglen = arg; return 1; } - if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c)) + if (arg != octx->taglen || EVP_CIPHER_CTX_is_encrypting(c)) return 0; memcpy(octx->tag, ptr, arg); return 1; case EVP_CTRL_AEAD_GET_TAG: - if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c)) + if (arg != octx->taglen || !EVP_CIPHER_CTX_is_encrypting(c)) return 0; memcpy(ptr, octx->tag, arg); @@ -3788,9 +3796,9 @@ static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, */ # ifdef HWAES_CAPABLE if (HWAES_CAPABLE) { - HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksenc.ks); - HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, &octx->ksenc.ks, &octx->ksdec.ks, @@ -3804,9 +3812,11 @@ static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, # endif # ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + vpaes_set_encrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksenc.ks); - vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + vpaes_set_decrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, &octx->ksenc.ks, &octx->ksdec.ks, @@ -3817,9 +3827,9 @@ static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, break; } # endif - AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksenc.ks); - AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &octx->ksdec.ks); if (!CRYPTO_ocb128_init(&octx->ocb, &octx->ksenc.ks, &octx->ksdec.ks, @@ -3914,7 +3924,7 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out == NULL) { if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE)) return -1; - } else if (EVP_CIPHER_CTX_encrypting(ctx)) { + } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out, AES_BLOCK_SIZE)) return -1; @@ -3939,7 +3949,7 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out == NULL) { if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len)) return -1; - } else if (EVP_CIPHER_CTX_encrypting(ctx)) { + } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (!CRYPTO_ocb128_encrypt (&octx->ocb, in, out, len - trailing_len)) return -1; @@ -3965,7 +3975,7 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * have been provided - both for data and AAD */ if (octx->data_buf_len > 0) { - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out, octx->data_buf_len)) return -1; @@ -3984,7 +3994,7 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, octx->aad_buf_len = 0; } /* If decrypting then verify */ - if (!EVP_CIPHER_CTX_encrypting(ctx)) { + if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { if (octx->taglen < 0) return -1; if (CRYPTO_ocb128_finish(&octx->ocb, diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 91357f8b1a..4941f98e64 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -75,11 +75,11 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, if (enc) ret = aesni_set_encrypt_key(inkey, - EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &key->ks); else ret = aesni_set_decrypt_key(inkey, - EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &key->ks); SHA1_Init(&key->head); /* handy when benchmarking */ @@ -424,7 +424,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (len % AES_BLOCK_SIZE) return 0; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; else if (len != @@ -813,7 +813,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { @@ -851,7 +851,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, inp_len = param->inp[11] << 8 | param->inp[12]; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) return -1; diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 82613cbff2..3a5f757dbf 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -71,11 +71,11 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, if (enc) ret = aesni_set_encrypt_key(inkey, - EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &key->ks); else ret = aesni_set_decrypt_key(inkey, - EVP_CIPHER_CTX_key_length(ctx) * 8, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &key->ks); SHA256_Init(&key->head); /* handy when benchmarking */ @@ -439,7 +439,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, if (len % AES_BLOCK_SIZE) return 0; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; else if (len != @@ -794,7 +794,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { @@ -835,7 +835,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, inp_len = param->inp[11] << 8 | param->inp[12]; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) return -1; diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index e7ba2df78f..b57661db58 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -60,13 +60,15 @@ static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret; - int mode = EVP_CIPHER_CTX_mode(ctx); + int mode = EVP_CIPHER_CTX_get_mode(ctx); if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) - ret = ossl_aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = ossl_aria_set_encrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, EVP_CIPHER_CTX_get_cipher_data(ctx)); else - ret = ossl_aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = ossl_aria_set_decrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, EVP_CIPHER_CTX_get_cipher_data(ctx)); if (ret < 0) { ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED); @@ -171,7 +173,7 @@ const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - unsigned int num = EVP_CIPHER_CTX_num(ctx); + unsigned int num = EVP_CIPHER_CTX_get_num(ctx); EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY, ctx); CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, @@ -212,7 +214,8 @@ static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (!iv && !key) return 1; if (key) { - ret = ossl_aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = ossl_aria_set_encrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &gctx->ks.ks); CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) ossl_aria_encrypt); @@ -251,7 +254,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_INIT: gctx->key_set = 0; gctx->iv_set = 0; - gctx->ivlen = EVP_CIPHER_iv_length(c->cipher); + gctx->ivlen = EVP_CIPHER_get_iv_length(c->cipher); gctx->iv = c->iv; gctx->taglen = -1; gctx->iv_gen = 0; @@ -278,14 +281,14 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_AEAD_SET_TAG: - if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c)) + if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_is_encrypting(c)) return 0; memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); gctx->taglen = arg; return 1; case EVP_CTRL_AEAD_GET_TAG: - if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c) + if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_is_encrypting(c) || gctx->taglen < 0) return 0; memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg); @@ -306,7 +309,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; if (arg) memcpy(gctx->iv, ptr, arg); - if (EVP_CIPHER_CTX_encrypting(c) + if (EVP_CIPHER_CTX_is_encrypting(c) && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) return 0; gctx->iv_gen = 1; @@ -329,7 +332,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_GCM_SET_IV_INV: if (gctx->iv_gen == 0 || gctx->key_set == 0 - || EVP_CIPHER_CTX_encrypting(c)) + || EVP_CIPHER_CTX_is_encrypting(c)) return 0; memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); @@ -351,7 +354,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too */ - if (!EVP_CIPHER_CTX_encrypting(c)) { + if (!EVP_CIPHER_CTX_is_encrypting(c)) { if (len < EVP_GCM_TLS_TAG_LEN) return 0; len -= EVP_GCM_TLS_TAG_LEN; @@ -403,7 +406,7 @@ static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * Set IV from start of buffer or generate IV and write to start of * buffer. */ - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ? + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_is_encrypting(ctx) ? EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) goto err; @@ -415,7 +418,7 @@ static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, in += EVP_GCM_TLS_EXPLICIT_IV_LEN; out += EVP_GCM_TLS_EXPLICIT_IV_LEN; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { /* Encrypt payload */ if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) goto err; @@ -463,7 +466,7 @@ static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out == NULL) { if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) return -1; - } else if (EVP_CIPHER_CTX_encrypting(ctx)) { + } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) return -1; } else { @@ -472,7 +475,7 @@ static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } return len; } - if (!EVP_CIPHER_CTX_encrypting(ctx)) { + if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { if (gctx->taglen < 0) return -1; if (CRYPTO_gcm128_finish(&gctx->gcm, @@ -509,7 +512,8 @@ static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; if (key) { - ret = ossl_aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, + ret = ossl_aria_set_encrypt_key(key, + EVP_CIPHER_CTX_get_key_length(ctx) * 8, &cctx->ks.ks); CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, &cctx->ks, (block128_f) ossl_aria_encrypt); @@ -561,7 +565,7 @@ static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too */ - if (!EVP_CIPHER_CTX_encrypting(c)) { + if (!EVP_CIPHER_CTX_is_encrypting(c)) { if (len < cctx->M) return 0; len -= cctx->M; @@ -591,7 +595,7 @@ static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_AEAD_SET_TAG: if ((arg & 1) || arg < 4 || arg > 16) return 0; - if (EVP_CIPHER_CTX_encrypting(c) && ptr) + if (EVP_CIPHER_CTX_is_encrypting(c) && ptr) return 0; if (ptr) { cctx->tag_set = 1; @@ -601,7 +605,7 @@ static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; case EVP_CTRL_AEAD_GET_TAG: - if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set) + if (!EVP_CIPHER_CTX_is_encrypting(c) || !cctx->tag_set) return 0; if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) return 0; @@ -637,7 +641,7 @@ static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) return -1; /* If encrypting set explicit IV from sequence number (start of AAD) */ - if (EVP_CIPHER_CTX_encrypting(ctx)) + if (EVP_CIPHER_CTX_is_encrypting(ctx)) memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), EVP_CCM_TLS_EXPLICIT_IV_LEN); /* Get rest of IV from explicit IV */ @@ -649,11 +653,12 @@ static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, len)) return -1; /* Use saved AAD */ - CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len); + CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), + cctx->tls_aad_len); /* Fix buffer to point to payload */ in += EVP_CCM_TLS_EXPLICIT_IV_LEN; out += EVP_CCM_TLS_EXPLICIT_IV_LEN; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) return -1; @@ -709,7 +714,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } /* The tag must be set before actually decrypting data */ - if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) + if (!EVP_CIPHER_CTX_is_encrypting(ctx) && !cctx->tag_set) return -1; /* If not set length yet do it */ @@ -718,7 +723,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return -1; cctx->len_set = 1; } - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) return -1; diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index 9e240d1124..734e77f0a9 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -38,7 +38,7 @@ IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); + BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx), key); return 1; } diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index db2057a660..b2f59847d4 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -56,8 +56,8 @@ static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); - mode = EVP_CIPHER_CTX_mode(ctx); - bits = EVP_CIPHER_CTX_key_length(ctx) * 8; + mode = EVP_CIPHER_CTX_get_mode(ctx); + bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; cmll_t4_set_key(key, bits, &dat->ks); @@ -196,13 +196,14 @@ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, int ret, mode; EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks); + ret = Camellia_set_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, + &dat->ks); if (ret < 0) { ERR_raise(ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED); return 0; } - mode = EVP_CIPHER_CTX_mode(ctx); + mode = EVP_CIPHER_CTX_get_mode(ctx); if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) { dat->block = (block128_f) Camellia_decrypt; @@ -224,8 +225,8 @@ static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (dat->stream.cbc) (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); - else if (EVP_CIPHER_CTX_encrypting(ctx)) + EVP_CIPHER_CTX_is_encrypting(ctx)); + else if (EVP_CIPHER_CTX_is_encrypting(ctx)) CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); else CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); @@ -236,7 +237,7 @@ static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - size_t bl = EVP_CIPHER_CTX_block_size(ctx); + size_t bl = EVP_CIPHER_CTX_get_block_size(ctx); size_t i; EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); @@ -254,7 +255,7 @@ static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; @@ -265,9 +266,9 @@ static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } @@ -277,9 +278,9 @@ static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } @@ -290,26 +291,31 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx), dat->block); + EVP_CIPHER_CTX_is_encrypting(ctx), + dat->block); EVP_CIPHER_CTX_set_num(ctx, num); return 1; } while (len >= MAXBITCHUNK) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, - ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); + ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx), + dat->block); EVP_CIPHER_CTX_set_num(ctx, num); len -= MAXBITCHUNK; out += MAXBITCHUNK; in += MAXBITCHUNK; } if (len) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, - ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); + ctx->iv, &num, + EVP_CIPHER_CTX_is_encrypting(ctx), + dat->block); EVP_CIPHER_CTX_set_num(ctx, num); } @@ -319,7 +325,7 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - int snum = EVP_CIPHER_CTX_num(ctx); + int snum = EVP_CIPHER_CTX_get_num(ctx); unsigned int num; EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); @@ -328,7 +334,8 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, num = snum; if (dat->stream.ctr) CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), &num, + EVP_CIPHER_CTX_buf_noconst(ctx), + &num, dat->stream.ctr); else CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index fd9dd0dc75..5e9be2dc7d 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -40,7 +40,7 @@ IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - int keylen = EVP_CIPHER_CTX_key_length(ctx); + int keylen = EVP_CIPHER_CTX_get_key_length(ctx); if (keylen <= 0) return 0; diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index d3b2206bb7..491d4511d8 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -65,7 +65,7 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, BLOCK_CIPHER_ecb_loop() DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), EVP_CIPHER_CTX_get_cipher_data(ctx), - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } @@ -73,7 +73,7 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, EVP_CIPHER_CTX_get_cipher_data(ctx), (DES_cblock *)ctx->iv, &num); @@ -83,7 +83,7 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, out += EVP_MAXCHUNK; } if (inl) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); DES_ofb64_encrypt(in, out, (long)inl, EVP_CIPHER_CTX_get_cipher_data(ctx), (DES_cblock *)ctx->iv, &num); @@ -105,7 +105,7 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, EVP_CIPHER_CTX_get_cipher_data(ctx), (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; @@ -114,7 +114,7 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ncbc_encrypt(in, out, (long)inl, EVP_CIPHER_CTX_get_cipher_data(ctx), (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } @@ -122,22 +122,22 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, EVP_CIPHER_CTX_get_cipher_data(ctx), (DES_cblock *)ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); DES_cfb64_encrypt(in, out, (long)inl, EVP_CIPHER_CTX_get_cipher_data(ctx), (DES_cblock *)ctx->iv, &num, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); } return 1; @@ -161,7 +161,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx), (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); @@ -183,7 +183,7 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, EVP_CIPHER_CTX_get_cipher_data(ctx), (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; @@ -192,7 +192,7 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_cfb_encrypt(in, out, 8, (long)inl, EVP_CIPHER_CTX_get_cipher_data(ctx), (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } @@ -217,7 +217,7 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { - int mode = EVP_CIPHER_CTX_mode(ctx); + int mode = EVP_CIPHER_CTX_get_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(key, &dat->ks.ks); diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 9043f3fb1b..746709fa41 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -75,7 +75,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx)); + &data(ctx)->ks3, EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } @@ -83,7 +83,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, @@ -95,7 +95,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, out += EVP_MAXCHUNK; } if (inl) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); DES_ede3_ofb64_encrypt(in, out, (long)inl, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, @@ -121,7 +121,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &dat->ks1, &dat->ks2, &dat->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; @@ -130,7 +130,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ede3_cbc_encrypt(in, out, (long)inl, &dat->ks1, &dat->ks2, &dat->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } @@ -138,22 +138,22 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { while (inl >= EVP_MAXCHUNK) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &num, EVP_CIPHER_CTX_encrypting(ctx)); + &num, EVP_CIPHER_CTX_is_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; } if (inl) { - int num = EVP_CIPHER_CTX_num(ctx); + int num = EVP_CIPHER_CTX_get_num(ctx); DES_ede3_cfb64_encrypt(in, out, (long)inl, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &num, EVP_CIPHER_CTX_encrypting(ctx)); + &num, EVP_CIPHER_CTX_is_encrypting(ctx)); EVP_CIPHER_CTX_set_num(ctx, num); } return 1; @@ -176,7 +176,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ede3_cfb_encrypt(c, d, 1, 1, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | ((d[0] & 0x80) >> (unsigned int)(n % 8)); } @@ -191,7 +191,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; @@ -200,7 +200,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ede3_cfb_encrypt(in, out, 8, (long)inl, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } @@ -232,7 +232,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { - int mode = EVP_CIPHER_CTX_mode(ctx); + int mode = EVP_CIPHER_CTX_get_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(&deskey[0], &dat->ks1); @@ -259,7 +259,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { - int mode = EVP_CIPHER_CTX_mode(ctx); + int mode = EVP_CIPHER_CTX_get_mode(ctx); if (mode == EVP_CIPH_CBC_MODE) { des_t4_key_expand(&deskey[0], &dat->ks1); @@ -285,7 +285,7 @@ static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) switch (type) { case EVP_CTRL_RAND_KEY: - kl = EVP_CIPHER_CTX_key_length(ctx); + kl = EVP_CIPHER_CTX_get_key_length(ctx); if (kl < 0 || RAND_priv_bytes(ptr, kl) <= 0) return 0; DES_set_odd_parity(deskey); @@ -401,7 +401,7 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 0; } - if (EVP_CIPHER_CTX_encrypting(ctx)) + if (EVP_CIPHER_CTX_is_encrypting(ctx)) return des_ede3_wrap(ctx, out, in, inl); else return des_ede3_unwrap(ctx, out, in, inl); diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index a4778a2c05..cf8746d357 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -58,9 +58,9 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { if (!enc) { - if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) + if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1; - else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) + else if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1; } if (enc) diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index c935a49bbd..ffeb17fb1e 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -92,7 +92,7 @@ const EVP_CIPHER *EVP_rc2_40_cbc(void) static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), + RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx), key, data(ctx)->key_bits); return 1; } @@ -136,7 +136,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) unsigned char iv[EVP_MAX_IV_LENGTH]; if (type != NULL) { - l = EVP_CIPHER_CTX_iv_length(c); + l = EVP_CIPHER_CTX_get_iv_length(c); OPENSSL_assert(l <= sizeof(iv)); i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); if (i != (int)l) @@ -161,7 +161,7 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { num = rc2_meth_to_magic(c); - j = EVP_CIPHER_CTX_iv_length(c); + j = EVP_CIPHER_CTX_get_iv_length(c); i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); } return i; @@ -171,7 +171,7 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { switch (type) { case EVP_CTRL_INIT: - data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; + data(c)->key_bits = EVP_CIPHER_CTX_get_key_length(c) * 8; return 1; case EVP_CTRL_GET_RC2_KEY_BITS: diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index ec07f028c5..e22e81d467 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -79,7 +79,7 @@ static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, { int keylen; - if ((keylen = EVP_CIPHER_CTX_key_length(ctx)) <= 0) + if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) <= 0) return 0; RC4_set_key(&data(ctx)->ks, keylen, key); return 1; diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index c8b6da246f..183ecefcec 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -46,7 +46,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *iv, int enc) { EVP_RC4_HMAC_MD5 *key = data(ctx); - const int keylen = EVP_CIPHER_CTX_key_length(ctx); + const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); if (keylen <= 0) return 0; @@ -88,7 +88,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) return 0; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (plen == NO_PAYLOAD_LENGTH) plen = len; # if defined(STITCHED_CALL) @@ -228,7 +228,7 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; - if (!EVP_CIPHER_CTX_encrypting(ctx)) { + if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { if (len < MD5_DIGEST_LENGTH) return -1; len -= MD5_DIGEST_LENGTH; diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index aa5e9020de..20098a9225 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -72,11 +72,11 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - if (EVP_CIPHER_CTX_key_length(ctx) > 255) { + if (EVP_CIPHER_CTX_get_key_length(ctx) > 255) { ERR_raise(ERR_LIB_EVP, EVP_R_BAD_KEY_LENGTH); return 0; } - return RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), + return RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx), key, data(ctx)->rounds); } diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index a3767573ce..a3ccc49f7e 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -72,7 +72,7 @@ IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - unsigned int num = EVP_CIPHER_CTX_num(ctx); + unsigned int num = EVP_CIPHER_CTX_get_num(ctx); EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx); CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index b1e6c2a168..f930941887 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -76,7 +76,7 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks, (DES_cblock *)ctx->iv, &data(ctx)->inw, &data(ctx)->outw, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); inl -= EVP_MAXCHUNK; in += EVP_MAXCHUNK; out += EVP_MAXCHUNK; @@ -85,7 +85,7 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks, (DES_cblock *)ctx->iv, &data(ctx)->inw, &data(ctx)->outw, - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); return 1; } #endif diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 356951014b..f39e9b8c90 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -216,10 +216,10 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, return ctx->cipher->einit(ctx->algctx, key, key == NULL ? 0 - : EVP_CIPHER_CTX_key_length(ctx), + : EVP_CIPHER_CTX_get_key_length(ctx), iv, iv == NULL ? 0 - : EVP_CIPHER_CTX_iv_length(ctx), + : EVP_CIPHER_CTX_get_iv_length(ctx), params); } @@ -231,10 +231,10 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, return ctx->cipher->dinit(ctx->algctx, key, key == NULL ? 0 - : EVP_CIPHER_CTX_key_length(ctx), + : EVP_CIPHER_CTX_get_key_length(ctx), iv, iv == NULL ? 0 - : EVP_CIPHER_CTX_iv_length(ctx), + : EVP_CIPHER_CTX_get_iv_length(ctx), params); /* Code below to be removed when legacy support is dropped. */ @@ -321,14 +321,14 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, || ctx->cipher->block_size == 16); if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) - && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) { + && EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_WRAP_MODE) { ERR_raise(ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED); return 0; } - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_CUSTOM_IV) == 0) { - switch (EVP_CIPHER_CTX_mode(ctx)) { + switch (EVP_CIPHER_CTX_get_mode(ctx)) { case EVP_CIPH_STREAM_CIPHER: case EVP_CIPH_ECB_MODE: @@ -341,19 +341,19 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, /* fall-through */ case EVP_CIPH_CBC_MODE: - n = EVP_CIPHER_CTX_iv_length(ctx); + n = EVP_CIPHER_CTX_get_iv_length(ctx); if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv))) return 0; if (iv) - memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_get_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_get_iv_length(ctx)); break; case EVP_CIPH_CTR_MODE: ctx->num = 0; /* Don't reuse IV for CTR mode */ if (iv) - memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, iv, EVP_CIPHER_CTX_get_iv_length(ctx)); break; default: @@ -674,7 +674,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) if (ctx->cipher->prov == NULL) goto legacy; - blocksize = EVP_CIPHER_CTX_block_size(ctx); + blocksize = EVP_CIPHER_CTX_get_block_size(ctx); if (blocksize < 1 || ctx->cipher->cfinal == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); @@ -761,7 +761,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (ctx->cipher->prov == NULL) goto legacy; - blocksize = EVP_CIPHER_CTX_block_size(ctx); + blocksize = EVP_CIPHER_CTX_get_block_size(ctx); if (ctx->cipher->cupdate == NULL || blocksize < 1) { ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); @@ -896,7 +896,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) if (ctx->cipher->prov == NULL) goto legacy; - blocksize = EVP_CIPHER_CTX_block_size(ctx); + blocksize = EVP_CIPHER_CTX_get_block_size(ctx); if (blocksize < 1 || ctx->cipher->cfinal == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); @@ -976,7 +976,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; size_t len = keylen; - if (EVP_CIPHER_CTX_key_length(c) == keylen) + if (EVP_CIPHER_CTX_get_key_length(c) == keylen) return 1; /* Check the cipher actually understands this parameter */ @@ -998,7 +998,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) */ if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); - if (EVP_CIPHER_CTX_key_length(c) == keylen) + if (EVP_CIPHER_CTX_get_key_length(c) == keylen) return 1; if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { c->key_len = keylen; @@ -1257,7 +1257,7 @@ const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher) { if (cipher != NULL && cipher->gettable_params != NULL) return cipher->gettable_params( - ossl_provider_ctx(EVP_CIPHER_provider(cipher))); + ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher))); return NULL; } @@ -1266,7 +1266,7 @@ const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher) void *provctx; if (cipher != NULL && cipher->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_CIPHER_provider(cipher)); + provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher)); return cipher->settable_ctx_params(NULL, provctx); } return NULL; @@ -1277,7 +1277,7 @@ const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher) void *provctx; if (cipher != NULL && cipher->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_CIPHER_provider(cipher)); + provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher)); return cipher->gettable_ctx_params(NULL, provctx); } return NULL; @@ -1288,7 +1288,7 @@ const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *cctx) void *alg; if (cctx != NULL && cctx->cipher->settable_ctx_params != NULL) { - alg = ossl_provider_ctx(EVP_CIPHER_provider(cctx->cipher)); + alg = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher)); return cctx->cipher->settable_ctx_params(cctx->algctx, alg); } return NULL; @@ -1299,7 +1299,7 @@ const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *cctx) void *provctx; if (cctx != NULL && cctx->cipher->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_CIPHER_provider(cctx->cipher)); + provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher)); return cctx->cipher->gettable_ctx_params(cctx->algctx, provctx); } return NULL; @@ -1314,7 +1314,7 @@ static OSSL_LIB_CTX *EVP_CIPHER_CTX_get_libctx(EVP_CIPHER_CTX *ctx) if (cipher == NULL) return NULL; - prov = EVP_CIPHER_provider(cipher); + prov = EVP_CIPHER_get0_provider(cipher); return ossl_provider_libctx(prov); } #endif @@ -1331,7 +1331,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) int kl; OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx); - kl = EVP_CIPHER_CTX_key_length(ctx); + kl = EVP_CIPHER_CTX_get_key_length(ctx); if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0) return 0; return 1; @@ -1442,7 +1442,7 @@ static void set_legacy_nid(const char *name, void *vlegacy_nid) return; if (legacy_method == NULL) return; - nid = EVP_CIPHER_nid(legacy_method); + nid = EVP_CIPHER_get_nid(legacy_method); if (*legacy_nid != NID_undef && *legacy_nid != nid) { *legacy_nid = -1; return; diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 3aa49aa47e..acbe92dac1 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -85,8 +85,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, int niv, nkey, addmd = 0; unsigned int mds = 0, i; int rv = 0; - nkey = EVP_CIPHER_key_length(type); - niv = EVP_CIPHER_iv_length(type); + nkey = EVP_CIPHER_get_key_length(type); + niv = EVP_CIPHER_get_iv_length(type); OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); @@ -146,7 +146,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, if ((nkey == 0) && (niv == 0)) break; } - rv = EVP_CIPHER_key_length(type); + rv = EVP_CIPHER_get_key_length(type); err: EVP_MD_CTX_free(c); OPENSSL_cleanse(md_buf, sizeof(md_buf)); diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index bc872c0e79..8a03c4490b 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -49,7 +49,7 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) if (type != NULL) { unsigned char iv[EVP_MAX_IV_LENGTH]; - l = EVP_CIPHER_CTX_iv_length(ctx); + l = EVP_CIPHER_CTX_get_iv_length(ctx); if (!ossl_assert(l <= sizeof(iv))) return -1; i = ASN1_TYPE_get_octetstring(type, iv, l); @@ -70,7 +70,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c); - j = EVP_CIPHER_CTX_iv_length(c); + j = EVP_CIPHER_CTX_get_iv_length(c); OPENSSL_assert(j <= sizeof(c->iv)); i = ASN1_TYPE_set_octetstring(type, oiv, j); } @@ -101,8 +101,8 @@ int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, */ if (cipher->set_asn1_parameters != NULL) { ret = cipher->set_asn1_parameters(c, type); - } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { - switch (EVP_CIPHER_mode(cipher)) { + } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { + switch (EVP_CIPHER_get_mode(cipher)) { case EVP_CIPH_WRAP_MODE: if (EVP_CIPHER_is_a(cipher, SN_id_smime_alg_CMS3DESwrap)) ASN1_TYPE_set(type, V_ASN1_NULL, NULL); @@ -192,8 +192,8 @@ int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, */ if (cipher->get_asn1_parameters != NULL) { ret = cipher->get_asn1_parameters(c, type); - } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { - switch (EVP_CIPHER_mode(cipher)) { + } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { + switch (EVP_CIPHER_get_mode(cipher)) { case EVP_CIPH_WRAP_MODE: ret = 1; break; @@ -273,10 +273,10 @@ int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, #endif /* !defined(FIPS_MODULE) */ /* Convert the various cipher NIDs and dummies to a proper OID NID */ -int EVP_CIPHER_type(const EVP_CIPHER *cipher) +int EVP_CIPHER_get_type(const EVP_CIPHER *cipher) { int nid; - nid = EVP_CIPHER_nid(cipher); + nid = EVP_CIPHER_get_nid(cipher); switch (nid) { @@ -381,14 +381,14 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher) return ok; } -int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) +int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher) { return cipher->block_size; } -int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) +int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx) { - return EVP_CIPHER_block_size(ctx->cipher); + return EVP_CIPHER_get_block_size(ctx->cipher); } int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) @@ -409,7 +409,7 @@ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, */ int ret = -1; size_t outl = 0; - size_t blocksize = EVP_CIPHER_CTX_block_size(ctx); + size_t blocksize = EVP_CIPHER_CTX_get_block_size(ctx); if (ctx->cipher->ccipher != NULL) ret = ctx->cipher->ccipher(ctx->algctx, out, &outl, @@ -458,12 +458,12 @@ EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx) return cipher; } -int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) +int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx) { return ctx->encrypt; } -unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) +unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher) { return cipher->flags; } @@ -493,14 +493,14 @@ void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) return old_cipher_data; } -int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) +int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher) { return cipher->iv_len; } -int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) +int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx) { - int rv, len = EVP_CIPHER_iv_length(ctx->cipher); + int rv, len = EVP_CIPHER_get_iv_length(ctx->cipher); size_t v = len; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; @@ -511,7 +511,7 @@ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) return rv != 0 ? (int)v : -1; /* Code below to be removed when legacy support is dropped. */ legacy: - if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { + if ((EVP_CIPHER_get_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0, &len); return (rv == 1) ? len : -1; @@ -519,7 +519,7 @@ legacy: return len; } -int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx) +int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx) { int ret; size_t v = 0; @@ -600,7 +600,7 @@ unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) return ctx->buf; } -int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) +int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx) { int ok; unsigned int v = (unsigned int)ctx->num; @@ -626,12 +626,12 @@ int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) return ok != 0; } -int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) +int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher) { return cipher->key_len; } -int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) +int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx) { int ok; size_t v = ctx->key_len; @@ -643,12 +643,12 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; } -int EVP_CIPHER_nid(const EVP_CIPHER *cipher) +int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher) { return cipher->nid; } -int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) +int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx) { return ctx->cipher->nid; } @@ -657,31 +657,31 @@ int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) { if (cipher->prov != NULL) return evp_is_a(cipher->prov, cipher->name_id, NULL, name); - return evp_is_a(NULL, 0, EVP_CIPHER_name(cipher), name); + return evp_is_a(NULL, 0, EVP_CIPHER_get0_name(cipher), name); } -int EVP_CIPHER_number(const EVP_CIPHER *cipher) +int EVP_CIPHER_get_number(const EVP_CIPHER *cipher) { return cipher->name_id; } -const char *EVP_CIPHER_name(const EVP_CIPHER *cipher) +const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher) { if (cipher->type_name != NULL) return cipher->type_name; #ifndef FIPS_MODULE - return OBJ_nid2sn(EVP_CIPHER_nid(cipher)); + return OBJ_nid2sn(EVP_CIPHER_get_nid(cipher)); #else return NULL; #endif } -const char *EVP_CIPHER_description(const EVP_CIPHER *cipher) +const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher) { if (cipher->description != NULL) return cipher->description; #ifndef FIPS_MODULE - return OBJ_nid2ln(EVP_CIPHER_nid(cipher)); + return OBJ_nid2ln(EVP_CIPHER_get_nid(cipher)); #else return NULL; #endif @@ -697,29 +697,29 @@ int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, return 1; } -const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher) +const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher) { return cipher->prov; } -int EVP_CIPHER_mode(const EVP_CIPHER *cipher) +int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher) { - return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE; + return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE; } int EVP_MD_is_a(const EVP_MD *md, const char *name) { if (md->prov != NULL) return evp_is_a(md->prov, md->name_id, NULL, name); - return evp_is_a(NULL, 0, EVP_MD_name(md), name); + return evp_is_a(NULL, 0, EVP_MD_get0_name(md), name); } -int EVP_MD_number(const EVP_MD *md) +int EVP_MD_get_number(const EVP_MD *md) { return md->name_id; } -const char *EVP_MD_description(const EVP_MD *md) +const char *EVP_MD_get0_description(const EVP_MD *md) { if (md->description != NULL) return md->description; @@ -730,7 +730,7 @@ const char *EVP_MD_description(const EVP_MD *md) #endif } -const char *EVP_MD_name(const EVP_MD *md) +const char *EVP_MD_get0_name(const EVP_MD *md) { if (md == NULL) return NULL; @@ -753,22 +753,22 @@ int EVP_MD_names_do_all(const EVP_MD *md, return 1; } -const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md) +const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md) { return md->prov; } -int EVP_MD_type(const EVP_MD *md) +int EVP_MD_get_type(const EVP_MD *md) { return md->type; } -int EVP_MD_pkey_type(const EVP_MD *md) +int EVP_MD_get_pkey_type(const EVP_MD *md) { return md->pkey_type; } -int EVP_MD_block_size(const EVP_MD *md) +int EVP_MD_get_block_size(const EVP_MD *md) { if (md == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL); @@ -777,7 +777,7 @@ int EVP_MD_block_size(const EVP_MD *md) return md->block_size; } -int EVP_MD_size(const EVP_MD *md) +int EVP_MD_get_size(const EVP_MD *md) { if (md == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL); @@ -786,7 +786,7 @@ int EVP_MD_size(const EVP_MD *md) return md->md_size; } -unsigned long EVP_MD_flags(const EVP_MD *md) +unsigned long EVP_MD_get_flags(const EVP_MD *md) { return md->flags; } @@ -999,7 +999,7 @@ EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx) return md; } -EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) +EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx) { return ctx->pctx; } @@ -1025,7 +1025,7 @@ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) } #endif /* !defined(FIPS_MODULE) */ -void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) +void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx) { return ctx->md_data; } diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index a0f363805c..137e458f5a 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -325,7 +325,7 @@ OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz); #define M_check_autoarg(ctx, arg, arglen, err) \ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ - size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ + size_t pksize = (size_t)EVP_PKEY_get_size(ctx->pkey); \ \ if (pksize == 0) { \ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \ diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 129888f2f7..e19b781645 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -226,11 +226,11 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, int cipher_nid, md_nid; if (cipher) - cipher_nid = EVP_CIPHER_nid(cipher); + cipher_nid = EVP_CIPHER_get_nid(cipher); else cipher_nid = -1; if (md) - md_nid = EVP_MD_type(md); + md_nid = EVP_MD_get_type(md); else md_nid = -1; diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index f82d6f8081..420b69399a 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -225,7 +225,7 @@ const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key) const char *name = NULL; if (key->keymgmt != NULL) - return EVP_KEYMGMT_name(key->keymgmt); + return EVP_KEYMGMT_get0_name(key->keymgmt); /* Otherwise fallback to legacy */ ameth = EVP_PKEY_get0_asn1(key); diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index c886d9a563..1e41fe0765 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -293,17 +293,17 @@ void EVP_RAND_free(EVP_RAND *rand) evp_rand_free(rand); } -int EVP_RAND_number(const EVP_RAND *rand) +int EVP_RAND_get_number(const EVP_RAND *rand) { return rand->name_id; } -const char *EVP_RAND_name(const EVP_RAND *rand) +const char *EVP_RAND_get0_name(const EVP_RAND *rand) { return rand->type_name; } -const char *EVP_RAND_description(const EVP_RAND *rand) +const char *EVP_RAND_get0_description(const EVP_RAND *rand) { return rand->description; } @@ -313,7 +313,7 @@ int EVP_RAND_is_a(const EVP_RAND *rand, const char *name) return evp_is_a(rand->prov, rand->name_id, NULL, name); } -const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand) +const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand) { return rand->prov; } @@ -395,7 +395,7 @@ void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx) EVP_RAND_CTX_free(parent); } -EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx) +EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx) { return ctx->meth; } @@ -440,7 +440,7 @@ const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand) { if (rand->gettable_params == NULL) return NULL; - return rand->gettable_params(ossl_provider_ctx(EVP_RAND_provider(rand))); + return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand))); } const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand) @@ -449,7 +449,7 @@ const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand) if (rand->gettable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_RAND_provider(rand)); + provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand)); return rand->gettable_ctx_params(NULL, provctx); } @@ -459,7 +459,7 @@ const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand) if (rand->settable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_RAND_provider(rand)); + provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand)); return rand->settable_ctx_params(NULL, provctx); } @@ -469,7 +469,7 @@ const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx) if (ctx->meth->gettable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_RAND_provider(ctx->meth)); + provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth)); return ctx->meth->gettable_ctx_params(ctx->algctx, provctx); } @@ -479,7 +479,7 @@ const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx) if (ctx->meth->settable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_RAND_provider(ctx->meth)); + provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth)); return ctx->meth->settable_ctx_params(ctx->algctx, provctx); } @@ -622,7 +622,7 @@ static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx) return strength; } -unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx) +unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx) { unsigned int res; @@ -656,7 +656,7 @@ int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen) return res; } -int EVP_RAND_state(EVP_RAND_CTX *ctx) +int EVP_RAND_get_state(EVP_RAND_CTX *ctx) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; int state; diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index fb5521681a..2a066082d7 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -166,7 +166,7 @@ int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange) return 1; } -OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange) +OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange) { return exchange->prov; } @@ -264,8 +264,8 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) exchange = EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery); if (exchange == NULL - || (EVP_KEYMGMT_provider(ctx->keymgmt) - != EVP_KEYEXCH_provider(exchange))) { + || (EVP_KEYMGMT_get0_provider(ctx->keymgmt) + != EVP_KEYEXCH_get0_provider(exchange))) { /* * We don't need to free ctx->keymgmt here, as it's not necessarily * tied to this operation. It will be freed by EVP_PKEY_CTX_free(). @@ -464,17 +464,17 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) return ctx->pmeth->derive(ctx, key, pkeylen); } -int EVP_KEYEXCH_number(const EVP_KEYEXCH *keyexch) +int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *keyexch) { return keyexch->name_id; } -const char *EVP_KEYEXCH_name(const EVP_KEYEXCH *keyexch) +const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch) { return keyexch->type_name; } -const char *EVP_KEYEXCH_description(const EVP_KEYEXCH *keyexch) +const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch) { return keyexch->description; } @@ -511,7 +511,7 @@ const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch) if (keyexch == NULL || keyexch->gettable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch)); + provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch)); return keyexch->gettable_ctx_params(NULL, provctx); } @@ -521,6 +521,6 @@ const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch) if (keyexch == NULL || keyexch->settable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch)); + provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch)); return keyexch->settable_ctx_params(NULL, provctx); } diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 55f5c50ab5..65b1617b81 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -83,17 +83,17 @@ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src) return dst; } -int EVP_KDF_number(const EVP_KDF *kdf) +int EVP_KDF_get_number(const EVP_KDF *kdf) { return kdf->name_id; } -const char *EVP_KDF_name(const EVP_KDF *kdf) +const char *EVP_KDF_get0_name(const EVP_KDF *kdf) { return kdf->type_name; } -const char *EVP_KDF_description(const EVP_KDF *kdf) +const char *EVP_KDF_get0_description(const EVP_KDF *kdf) { return kdf->description; } @@ -103,7 +103,7 @@ int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name) return evp_is_a(kdf->prov, kdf->name_id, NULL, name); } -const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf) +const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf) { return kdf->prov; } diff --git a/crypto/evp/kdf_meth.c b/crypto/evp/kdf_meth.c index 9cf0ca125b..8759021afc 100644 --- a/crypto/evp/kdf_meth.c +++ b/crypto/evp/kdf_meth.c @@ -179,7 +179,7 @@ const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf) { if (kdf->gettable_params == NULL) return NULL; - return kdf->gettable_params(ossl_provider_ctx(EVP_KDF_provider(kdf))); + return kdf->gettable_params(ossl_provider_ctx(EVP_KDF_get0_provider(kdf))); } const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf) @@ -188,7 +188,7 @@ const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf) if (kdf->gettable_ctx_params == NULL) return NULL; - alg = ossl_provider_ctx(EVP_KDF_provider(kdf)); + alg = ossl_provider_ctx(EVP_KDF_get0_provider(kdf)); return kdf->gettable_ctx_params(NULL, alg); } @@ -198,7 +198,7 @@ const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf) if (kdf->settable_ctx_params == NULL) return NULL; - alg = ossl_provider_ctx(EVP_KDF_provider(kdf)); + alg = ossl_provider_ctx(EVP_KDF_get0_provider(kdf)); return kdf->settable_ctx_params(NULL, alg); } @@ -208,7 +208,7 @@ const OSSL_PARAM *EVP_KDF_CTX_gettable_params(EVP_KDF_CTX *ctx) if (ctx->meth->gettable_ctx_params == NULL) return NULL; - alg = ossl_provider_ctx(EVP_KDF_provider(ctx->meth)); + alg = ossl_provider_ctx(EVP_KDF_get0_provider(ctx->meth)); return ctx->meth->gettable_ctx_params(ctx->algctx, alg); } @@ -218,7 +218,7 @@ const OSSL_PARAM *EVP_KDF_CTX_settable_params(EVP_KDF_CTX *ctx) if (ctx->meth->settable_ctx_params == NULL) return NULL; - alg = ossl_provider_ctx(EVP_KDF_provider(ctx->meth)); + alg = ossl_provider_ctx(EVP_KDF_get0_provider(ctx->meth)); return ctx->meth->settable_ctx_params(ctx->algctx, alg); } diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c index 493eabf97b..594633cf92 100644 --- a/crypto/evp/kem.c +++ b/crypto/evp/kem.c @@ -60,7 +60,7 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation, kem = EVP_KEM_fetch(ctx->libctx, supported_kem, ctx->propquery); if (kem == NULL - || (EVP_KEYMGMT_provider(ctx->keymgmt) != EVP_KEM_provider(kem))) { + || (EVP_KEYMGMT_get0_provider(ctx->keymgmt) != EVP_KEM_get0_provider(kem))) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); ret = -2; goto err; @@ -324,7 +324,7 @@ int EVP_KEM_up_ref(EVP_KEM *kem) return 1; } -OSSL_PROVIDER *EVP_KEM_provider(const EVP_KEM *kem) +OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem) { return kem->prov; } @@ -343,17 +343,17 @@ int EVP_KEM_is_a(const EVP_KEM *kem, const char *name) return evp_is_a(kem->prov, kem->name_id, NULL, name); } -int EVP_KEM_number(const EVP_KEM *kem) +int EVP_KEM_get_number(const EVP_KEM *kem) { return kem->name_id; } -const char *EVP_KEM_name(const EVP_KEM *kem) +const char *EVP_KEM_get0_name(const EVP_KEM *kem) { return kem->type_name; } -const char *EVP_KEM_description(const EVP_KEM *kem) +const char *EVP_KEM_get0_description(const EVP_KEM *kem) { return kem->description; } @@ -384,7 +384,7 @@ const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem) if (kem == NULL || kem->gettable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_KEM_provider(kem)); + provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem)); return kem->gettable_ctx_params(NULL, provctx); } @@ -395,6 +395,6 @@ const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem) if (kem == NULL || kem->settable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_KEM_provider(kem)); + provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem)); return kem->settable_ctx_params(NULL, provctx); } diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index d2d60fa953..bbca3ddef5 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -22,7 +22,7 @@ */ static int match_type(const EVP_KEYMGMT *keymgmt1, const EVP_KEYMGMT *keymgmt2) { - const char *name2 = EVP_KEYMGMT_name(keymgmt2); + const char *name2 = EVP_KEYMGMT_get0_name(keymgmt2); return EVP_KEYMGMT_is_a(keymgmt1, name2); } @@ -278,7 +278,7 @@ void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk) /* * Cache information about the provider "origin" key. * - * This services functions like EVP_PKEY_size, EVP_PKEY_bits, etc + * This services functions like EVP_PKEY_get_size, EVP_PKEY_get_bits, etc */ if (pk->keydata != NULL) { int bits = 0; diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 94f0133860..841eae1df8 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -246,22 +246,22 @@ void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt) OPENSSL_free(keymgmt); } -const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt) +const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt) { return keymgmt->prov; } -int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt) +int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt) { return keymgmt->name_id; } -const char *EVP_KEYMGMT_description(const EVP_KEYMGMT *keymgmt) +const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt) { return keymgmt->description; } -const char *EVP_KEYMGMT_name(const EVP_KEYMGMT *keymgmt) +const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt) { return keymgmt->type_name; } @@ -296,7 +296,7 @@ int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, */ void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt) { - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); /* * 'new' is currently mandatory on its own, but when new @@ -317,7 +317,7 @@ void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keydata) void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, const OSSL_PARAM params[]) { - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); if (keymgmt->gen_init == NULL) return NULL; @@ -348,7 +348,7 @@ int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt) { - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); if (keymgmt->gen_settable_params == NULL) return NULL; @@ -387,7 +387,7 @@ int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, void *keydata, const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt) { - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); if (keymgmt->gettable_params == NULL) return NULL; @@ -404,7 +404,7 @@ int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, void *keydata, const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt) { - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); if (keymgmt->settable_params == NULL) return NULL; diff --git a/crypto/evp/legacy_md5_sha1.c b/crypto/evp/legacy_md5_sha1.c index f2d4c0ba22..b84bf3deaa 100644 --- a/crypto/evp/legacy_md5_sha1.c +++ b/crypto/evp/legacy_md5_sha1.c @@ -21,7 +21,7 @@ IMPLEMENT_LEGACY_EVP_MD_METH_LC(md5_sha1_int, ossl_md5_sha1) static int md5_sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) { - return ossl_md5_sha1_ctrl(EVP_MD_CTX_md_data(ctx), cmd, mslen, ms); + return ossl_md5_sha1_ctrl(EVP_MD_CTX_get0_md_data(ctx), cmd, mslen, ms); } static const EVP_MD md5_sha1_md = { diff --git a/crypto/evp/legacy_meth.h b/crypto/evp/legacy_meth.h index 0a23efd05a..d32f20aad3 100644 --- a/crypto/evp/legacy_meth.h +++ b/crypto/evp/legacy_meth.h @@ -10,29 +10,29 @@ #define IMPLEMENT_LEGACY_EVP_MD_METH(nm, fn) \ static int nm##_init(EVP_MD_CTX *ctx) \ { \ - return fn##_Init(EVP_MD_CTX_md_data(ctx)); \ + return fn##_Init(EVP_MD_CTX_get0_md_data(ctx)); \ } \ static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ { \ - return fn##_Update(EVP_MD_CTX_md_data(ctx), data, count); \ + return fn##_Update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ } \ static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ { \ - return fn##_Final(md, EVP_MD_CTX_md_data(ctx)); \ + return fn##_Final(md, EVP_MD_CTX_get0_md_data(ctx)); \ } #define IMPLEMENT_LEGACY_EVP_MD_METH_LC(nm, fn) \ static int nm##_init(EVP_MD_CTX *ctx) \ { \ - return fn##_init(EVP_MD_CTX_md_data(ctx)); \ + return fn##_init(EVP_MD_CTX_get0_md_data(ctx)); \ } \ static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ { \ - return fn##_update(EVP_MD_CTX_md_data(ctx), data, count); \ + return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ } \ static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ { \ - return fn##_final(md, EVP_MD_CTX_md_data(ctx)); \ + return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \ } diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c index 9ab839e7aa..3859286eeb 100644 --- a/crypto/evp/legacy_sha.c +++ b/crypto/evp/legacy_sha.c @@ -29,20 +29,20 @@ #define IMPLEMENT_LEGACY_EVP_MD_METH_SHA3(nm, fn, tag) \ static int nm##_init(EVP_MD_CTX *ctx) \ { \ - return fn##_init(EVP_MD_CTX_md_data(ctx), tag, ctx->digest->md_size * 8); \ + return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \ } \ static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ { \ - return fn##_update(EVP_MD_CTX_md_data(ctx), data, count); \ + return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ } \ static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ { \ - return fn##_final(md, EVP_MD_CTX_md_data(ctx)); \ + return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \ } #define IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE(nm, fn, tag) \ static int nm##_init(EVP_MD_CTX *ctx) \ { \ - return fn##_init(EVP_MD_CTX_md_data(ctx), tag, ctx->digest->md_size * 8); \ + return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \ } \ #define sha512_224_Init sha512_224_init @@ -65,7 +65,7 @@ IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE(shake, ossl_sha3, '\x1f') static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) { - return ossl_sha1_ctrl(ctx != NULL ? EVP_MD_CTX_md_data(ctx) : NULL, + return ossl_sha1_ctrl(ctx != NULL ? EVP_MD_CTX_get0_md_data(ctx) : NULL, cmd, p1, p2); } diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 296269a88e..dba549503d 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -122,8 +122,8 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, locpctx->propquery); if (signature == NULL - || (EVP_KEYMGMT_provider(locpctx->keymgmt) - != EVP_SIGNATURE_provider(signature))) { + || (EVP_KEYMGMT_get0_provider(locpctx->keymgmt) + != EVP_SIGNATURE_get0_provider(signature))) { /* * We don't need to free ctx->keymgmt here, as it's not necessarily * tied to this operation. It will be freed by EVP_PKEY_CTX_free(). @@ -156,7 +156,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (type != NULL) { ctx->reqdigest = type; if (mdname == NULL) - mdname = canon_mdname(EVP_MD_name(type)); + mdname = canon_mdname(EVP_MD_get0_name(type)); } else { if (mdname == NULL) { if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey, @@ -475,7 +475,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0) return 0; } else { - int s = EVP_MD_size(ctx->digest); + int s = EVP_MD_get_size(ctx->digest); if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0) return 0; diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index 9356595efd..bd8543b2c4 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -77,7 +77,7 @@ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) return dst; } -EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx) +EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx) { return ctx->meth; } @@ -203,17 +203,17 @@ int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) return 1; } -int EVP_MAC_number(const EVP_MAC *mac) +int EVP_MAC_get_number(const EVP_MAC *mac) { return mac->name_id; } -const char *EVP_MAC_name(const EVP_MAC *mac) +const char *EVP_MAC_get0_name(const EVP_MAC *mac) { return mac->type_name; } -const char *EVP_MAC_description(const EVP_MAC *mac) +const char *EVP_MAC_get0_description(const EVP_MAC *mac) { return mac->description; } diff --git a/crypto/evp/mac_meth.c b/crypto/evp/mac_meth.c index 6396eb38fd..74cfecbcdf 100644 --- a/crypto/evp/mac_meth.c +++ b/crypto/evp/mac_meth.c @@ -175,7 +175,7 @@ void EVP_MAC_free(EVP_MAC *mac) evp_mac_free(mac); } -const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac) +const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac) { return mac->prov; } @@ -184,7 +184,7 @@ const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac) { if (mac->gettable_params == NULL) return NULL; - return mac->gettable_params(ossl_provider_ctx(EVP_MAC_provider(mac))); + return mac->gettable_params(ossl_provider_ctx(EVP_MAC_get0_provider(mac))); } const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac) @@ -193,7 +193,7 @@ const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac) if (mac->gettable_ctx_params == NULL) return NULL; - alg = ossl_provider_ctx(EVP_MAC_provider(mac)); + alg = ossl_provider_ctx(EVP_MAC_get0_provider(mac)); return mac->gettable_ctx_params(NULL, alg); } @@ -203,7 +203,7 @@ const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac) if (mac->settable_ctx_params == NULL) return NULL; - alg = ossl_provider_ctx(EVP_MAC_provider(mac)); + alg = ossl_provider_ctx(EVP_MAC_get0_provider(mac)); return mac->settable_ctx_params(NULL, alg); } @@ -213,7 +213,7 @@ const OSSL_PARAM *EVP_MAC_CTX_gettable_params(EVP_MAC_CTX *ctx) if (ctx->meth->gettable_ctx_params == NULL) return NULL; - alg = ossl_provider_ctx(EVP_MAC_provider(ctx->meth)); + alg = ossl_provider_ctx(EVP_MAC_get0_provider(ctx->meth)); return ctx->meth->gettable_ctx_params(ctx->algctx, alg); } @@ -223,7 +223,7 @@ const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx) if (ctx->meth->settable_ctx_params == NULL) return NULL; - alg = ossl_provider_ctx(EVP_MAC_provider(ctx->meth)); + alg = ossl_provider_ctx(EVP_MAC_get0_provider(ctx->meth)); return ctx->meth->settable_ctx_params(ctx->algctx, alg); } diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index abf153cb43..d8442a8d90 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -54,12 +54,12 @@ int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, return 0; } - ivl = EVP_CIPHER_iv_length(cipher); + ivl = EVP_CIPHER_get_iv_length(cipher); if (ivl < 0 || ivl > 16) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); goto err; } - kl = EVP_CIPHER_key_length(cipher); + kl = EVP_CIPHER_get_key_length(cipher); if (kl < 0 || kl > (int)sizeof(md_tmp)) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); goto err; @@ -77,7 +77,7 @@ int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, else if (passlen == -1) passlen = strlen(pass); - mdsize = EVP_MD_size(md); + mdsize = EVP_MD_get_size(md); if (mdsize < 0) goto err; diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 54773304fd..7088875fe1 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -28,7 +28,7 @@ int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, int rv = 1, mode = 1; EVP_KDF *kdf; EVP_KDF_CTX *kctx; - const char *mdname = EVP_MD_name(digest); + const char *mdname = EVP_MD_get0_name(digest); OSSL_PARAM params[6], *p = params; /* Keep documented behaviour. */ @@ -193,7 +193,7 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); goto err; } - keylen = EVP_CIPHER_CTX_key_length(ctx); + keylen = EVP_CIPHER_CTX_get_key_length(ctx); OPENSSL_assert(keylen <= sizeof(key)); /* Decode parameter */ @@ -205,7 +205,7 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, goto err; } - t = EVP_CIPHER_CTX_key_length(ctx); + t = EVP_CIPHER_CTX_get_key_length(ctx); if (t < 0) { ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); goto err; diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index 822c214e6b..7b33edecd5 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -23,7 +23,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, { int ret = -1; - if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) { + if (EVP_PKEY_get_id(priv) != EVP_PKEY_RSA) { ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA); goto err; } diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index f1a7a839f6..d4db595164 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -23,7 +23,7 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, { int ret = 0; - if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) { + if (EVP_PKEY_get_id(pubk) != EVP_PKEY_RSA) { ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA); goto err; } diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c index c1d813f047..6c65e7e194 100644 --- a/crypto/evp/p_legacy.c +++ b/crypto/evp/p_legacy.c @@ -68,7 +68,7 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey) { - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { + if (EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY); return NULL; } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index d2c871179e..07be8884fe 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -58,7 +58,7 @@ static void evp_pkey_free_it(EVP_PKEY *key); /* The type of parameters selected in key parameter functions */ # define SELECT_PARAMETERS OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS -int EVP_PKEY_bits(const EVP_PKEY *pkey) +int EVP_PKEY_get_bits(const EVP_PKEY *pkey) { int size = 0; @@ -70,7 +70,7 @@ int EVP_PKEY_bits(const EVP_PKEY *pkey) return size < 0 ? 0 : size; } -int EVP_PKEY_security_bits(const EVP_PKEY *pkey) +int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey) { int size = 0; @@ -616,7 +616,7 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len, EVP_PKEY_CTX *ctx; if (cipher != NULL) - cipher_name = EVP_CIPHER_name(cipher); + cipher_name = EVP_CIPHER_get0_name(cipher); if (cipher_name == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); @@ -865,7 +865,7 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) # ifndef OPENSSL_NO_EC static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) { - if (EVP_PKEY_base_id(pkey) != type) { + if (EVP_PKEY_get_base_id(pkey) != type) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_ECX_KEY); return NULL; } @@ -970,12 +970,12 @@ int EVP_PKEY_type(int type) return ret; } -int EVP_PKEY_id(const EVP_PKEY *pkey) +int EVP_PKEY_get_id(const EVP_PKEY *pkey) { return pkey->type; } -int EVP_PKEY_base_id(const EVP_PKEY *pkey) +int EVP_PKEY_get_base_id(const EVP_PKEY *pkey) { return EVP_PKEY_type(pkey->type); } @@ -1052,7 +1052,7 @@ int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey, return 0; if (!evp_pkey_is_provided(pkey)) { - const char *name = OBJ_nid2sn(EVP_PKEY_id(pkey)); + const char *name = OBJ_nid2sn(EVP_PKEY_get_id(pkey)); fn(name, data); return 1; @@ -1063,7 +1063,7 @@ int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey, int EVP_PKEY_can_sign(const EVP_PKEY *pkey) { if (pkey->keymgmt == NULL) { - switch (EVP_PKEY_base_id(pkey)) { + switch (EVP_PKEY_get_base_id(pkey)) { case EVP_PKEY_RSA: return 1; # ifndef OPENSSL_NO_DSA @@ -1081,12 +1081,12 @@ int EVP_PKEY_can_sign(const EVP_PKEY *pkey) break; } } else { - const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt); + const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); const char *supported_sig = pkey->keymgmt->query_operation_name != NULL ? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE) - : EVP_KEYMGMT_name(pkey->keymgmt); + : EVP_KEYMGMT_get0_name(pkey->keymgmt); EVP_SIGNATURE *signature = NULL; signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL); @@ -1767,7 +1767,7 @@ void EVP_PKEY_free(EVP_PKEY *x) OPENSSL_free(x); } -int EVP_PKEY_size(const EVP_PKEY *pkey) +int EVP_PKEY_get_size(const EVP_PKEY *pkey) { int size = 0; @@ -1781,7 +1781,7 @@ int EVP_PKEY_size(const EVP_PKEY *pkey) return size < 0 ? 0 : size; } -const char *EVP_PKEY_description(const EVP_PKEY *pkey) +const char *EVP_PKEY_get0_description(const EVP_PKEY *pkey) { if (!evp_pkey_is_assigned(pkey)) return NULL; @@ -1971,7 +1971,7 @@ int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src) int type = src->type; const char *keytype = NULL; - keytype = EVP_KEYMGMT_name(keymgmt); + keytype = EVP_KEYMGMT_get0_name(keymgmt); /* * If the type is EVP_PKEY_NONE, then we have a problem somewhere diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index bafafd6244..475082d431 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -35,7 +35,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, return 0; } if ((cipher = EVP_CIPHER_CTX_get0_cipher(ctx)) != NULL - && (prov = EVP_CIPHER_provider(cipher)) != NULL) + && (prov = EVP_CIPHER_get0_provider(cipher)) != NULL) libctx = ossl_provider_libctx(prov); if ((npubk <= 0) || !pubk) return 1; @@ -43,11 +43,11 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; - len = EVP_CIPHER_CTX_iv_length(ctx); + len = EVP_CIPHER_CTX_get_iv_length(ctx); if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len, 0) <= 0) goto err; - len = EVP_CIPHER_CTX_key_length(ctx); + len = EVP_CIPHER_CTX_get_key_length(ctx); if (len < 0) goto err; diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index fed9471311..8e430f4704 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -44,7 +44,7 @@ int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *sigret, return 0; } - sltmp = (size_t)EVP_PKEY_size(pkey); + sltmp = (size_t)EVP_PKEY_get_size(pkey); i = 0; pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); if (pkctx == NULL) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 47062c02c1..bcc601ee59 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -192,7 +192,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, /* If we have an engine, something went wrong somewhere... */ if (!ossl_assert(e == NULL)) return NULL; - keytype = EVP_KEYMGMT_name(pkey->keymgmt); + keytype = EVP_KEYMGMT_get0_name(pkey->keymgmt); goto common; } @@ -742,7 +742,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx) if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchange != NULL && ctx->op.kex.exchange->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange)); + provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange)); return ctx->op.kex.exchange->gettable_ctx_params(ctx->op.kex.algctx, provctx); } @@ -750,7 +750,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx) && ctx->op.sig.signature != NULL && ctx->op.sig.signature->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx( - EVP_SIGNATURE_provider(ctx->op.sig.signature)); + EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); return ctx->op.sig.signature->gettable_ctx_params(ctx->op.sig.algctx, provctx); } @@ -758,14 +758,14 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx) && ctx->op.ciph.cipher != NULL && ctx->op.ciph.cipher->gettable_ctx_params != NULL) { provctx = ossl_provider_ctx( - EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher)); + EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); return ctx->op.ciph.cipher->gettable_ctx_params(ctx->op.ciph.algctx, provctx); } if (EVP_PKEY_CTX_IS_KEM_OP(ctx) && ctx->op.encap.kem != NULL && ctx->op.encap.kem->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem)); + provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem)); return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx, provctx); } @@ -779,7 +779,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx) if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchange != NULL && ctx->op.kex.exchange->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange)); + provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange)); return ctx->op.kex.exchange->settable_ctx_params(ctx->op.kex.algctx, provctx); } @@ -787,7 +787,7 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx) && ctx->op.sig.signature != NULL && ctx->op.sig.signature->settable_ctx_params != NULL) { provctx = ossl_provider_ctx( - EVP_SIGNATURE_provider(ctx->op.sig.signature)); + EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); return ctx->op.sig.signature->settable_ctx_params(ctx->op.sig.algctx, provctx); } @@ -795,21 +795,21 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx) && ctx->op.ciph.cipher != NULL && ctx->op.ciph.cipher->settable_ctx_params != NULL) { provctx = ossl_provider_ctx( - EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher)); + EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); return ctx->op.ciph.cipher->settable_ctx_params(ctx->op.ciph.algctx, provctx); } if (EVP_PKEY_CTX_IS_GEN_OP(ctx) && ctx->keymgmt != NULL && ctx->keymgmt->gen_settable_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(ctx->keymgmt)); + provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt)); return ctx->keymgmt->gen_settable_params(ctx->op.keymgmt.genctx, provctx); } if (EVP_PKEY_CTX_IS_KEM_OP(ctx) && ctx->op.encap.kem != NULL && ctx->op.encap.kem->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem)); + provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem)); return ctx->op.encap.kem->settable_ctx_params(ctx->op.encap.algctx, provctx); } @@ -931,7 +931,7 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, if (md == NULL) { name = ""; } else { - name = EVP_MD_name(md); + name = EVP_MD_get0_name(md); } *p++ = OSSL_PARAM_construct_utf8_string(param, @@ -1051,7 +1051,7 @@ int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, info, infolen); } -int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode) +int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode) { OSSL_PARAM int_params[2], *p = int_params; diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index b4e0ff2527..698adff088 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -300,7 +300,7 @@ int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature) return 1; } -OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature) +OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature) { return signature->prov; } @@ -319,17 +319,17 @@ int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name) return evp_is_a(signature->prov, signature->name_id, NULL, name); } -int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature) +int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature) { return signature->name_id; } -const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature) +const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature) { return signature->type_name; } -const char *EVP_SIGNATURE_description(const EVP_SIGNATURE *signature) +const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature) { return signature->description; } @@ -363,7 +363,7 @@ const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig) if (sig == NULL || sig->gettable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_SIGNATURE_provider(sig)); + provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig)); return sig->gettable_ctx_params(NULL, provctx); } @@ -374,7 +374,7 @@ const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig) if (sig == NULL || sig->settable_ctx_params == NULL) return NULL; - provctx = ossl_provider_ctx(EVP_SIGNATURE_provider(sig)); + provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig)); return sig->settable_ctx_params(NULL, provctx); } @@ -439,8 +439,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation, EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery); if (signature == NULL - || (EVP_KEYMGMT_provider(ctx->keymgmt) - != EVP_SIGNATURE_provider(signature))) { + || (EVP_KEYMGMT_get0_provider(ctx->keymgmt) + != EVP_SIGNATURE_get0_provider(signature))) { /* * We don't need to free ctx->keymgmt here, as it's not necessarily * tied to this operation. It will be freed by EVP_PKEY_CTX_free(). diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 85ae524015..36b5a873a7 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -140,7 +140,7 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont, EVP_MD_CTX *mctx = NULL; int mdsize; - mdsize = EVP_MD_size(evpmd); + mdsize = EVP_MD_get_size(evpmd); if (mdsize <= 0) return 0; @@ -211,7 +211,7 @@ static int generate_p(BN_CTX *ctx, const EVP_MD *evpmd, int max_counter, int n, if (!BN_lshift(test, BN_value_one(), L - 1)) goto err; - mdsize = EVP_MD_size(evpmd); + mdsize = EVP_MD_get_size(evpmd); if (mdsize <= 0) goto err; @@ -318,7 +318,7 @@ static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, int ret = 0, r; int m = *retm; unsigned char md[EVP_MAX_MD_SIZE]; - int mdsize = EVP_MD_size(evpmd); + int mdsize = EVP_MD_get_size(evpmd); unsigned char *pmd; OSSL_LIB_CTX *libctx = ossl_bn_get_libctx(ctx); @@ -547,7 +547,7 @@ int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, } if (md == NULL) goto err; - mdsize = EVP_MD_size(md); + mdsize = EVP_MD_get_size(md); if (mdsize <= 0) goto err; @@ -843,7 +843,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, if (md == NULL) goto err; if (N == 0) - N = EVP_MD_size(md) * 8; + N = EVP_MD_get_size(md) * 8; qsize = N >> 3; /* diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 86cdb7bde5..618b0a6196 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -46,13 +46,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, * The HMAC construction is not allowed to be used with the * extendable-output functions (XOF) shake128 and shake256. */ - if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0) + if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) return 0; if (key != NULL) { reset = 1; - j = EVP_MD_block_size(md); + j = EVP_MD_get_block_size(md); if (!ossl_assert(j <= (int)sizeof(keytmp))) return 0; if (j < 0) @@ -76,13 +76,15 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x36 ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) - || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) + || !EVP_DigestUpdate(ctx->i_ctx, pad, + EVP_MD_get_block_size(md))) goto err; for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) pad[i] = 0x5c ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) - || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) + || !EVP_DigestUpdate(ctx->o_ctx, pad, + EVP_MD_get_block_size(md))) goto err; } if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) @@ -135,7 +137,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) size_t HMAC_size(const HMAC_CTX *ctx) { - int size = EVP_MD_size((ctx)->md); + int size = EVP_MD_get_size((ctx)->md); return (size < 0) ? 0 : size; } @@ -221,11 +223,11 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, unsigned char *md, unsigned int *md_len) { static unsigned char static_md[EVP_MAX_MD_SIZE]; - int size = EVP_MD_size(evp_md); + int size = EVP_MD_get_size(evp_md); if (size < 0) return NULL; - return EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_name(evp_md), NULL, + return EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, key, key_len, data, data_len, md == NULL ? static_md : md, size, md_len); } diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index 07c3f4ac27..e6348a8d37 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -184,7 +184,7 @@ int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, if (key == NULL || cbc == NULL || ctr == NULL) return 0; - cbc_name = EVP_CIPHER_name(cbc); + cbc_name = EVP_CIPHER_get0_name(cbc); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, (char *)cbc_name, 0); params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 336372f063..285634dec3 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -55,7 +55,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, alg = &cid->hashAlgorithm; ASN1_OBJECT_free(alg->algorithm); - if ((nid = EVP_MD_type(dgst)) == NID_undef) { + if ((nid = EVP_MD_get_type(dgst)) == NID_undef) { ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID); goto err; } diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 1475bb0f7e..dbb6e760b2 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -171,12 +171,12 @@ int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, OCSP_RESPID *rid; EVP_PKEY *pkey; - if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) { + if (ctx == NULL || EVP_MD_CTX_get_pkey_ctx(ctx) == NULL) { ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY); goto err; } - pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); if (pkey == NULL || !X509_check_private_key(signer, pkey)) { ERR_raise(ERR_LIB_OCSP, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; @@ -223,7 +223,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, if (ctx == NULL) return 0; - if (!EVP_DigestSignInit_ex(ctx, &pkctx, EVP_MD_name(dgst), + if (!EVP_DigestSignInit_ex(ctx, &pkctx, EVP_MD_get0_name(dgst), signer->libctx, signer->propq, key, NULL)) { EVP_MD_CTX_free(ctx); return 0; diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 4231c3f2b2..5e829fa972 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -327,7 +327,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, } (void)ERR_pop_to_mark(); - mdlen = EVP_MD_size(dgst); + mdlen = EVP_MD_get_size(dgst); if (mdlen < 0) { ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_SIZE_ERR); goto end; diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index cd75a95e2a..061c9b9f68 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -232,14 +232,14 @@ int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, const unsigned char *iv = NULL; if (enc != NULL) { - objstr = EVP_CIPHER_name(enc); + objstr = EVP_CIPHER_get0_name(enc); if (objstr == NULL - /* - * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" - * fits into buf - */ - || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13) - > sizeof(buf)) { + /* + * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" + * fits into buf + */ + || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13 + > sizeof(buf)) { ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); goto err; } @@ -267,7 +267,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, * than what the user has passed us ... as we have to match * exactly for some strange reason */ - objstr = EVP_CIPHER_name(xi->enc_cipher.cipher); + objstr = EVP_CIPHER_get0_name(xi->enc_cipher.cipher); if (objstr == NULL) { ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); goto err; @@ -276,7 +276,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, /* Create the right magic header stuff */ buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); - PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), + PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc), (const char *)iv); /* use the normal code to write things out */ diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index d0516bc3fe..3948021702 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -323,14 +323,14 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, unsigned char iv[EVP_MAX_IV_LENGTH]; if (enc != NULL) { - objstr = EVP_CIPHER_name(enc); - if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0 - || EVP_CIPHER_iv_length(enc) > (int)sizeof(iv) + objstr = EVP_CIPHER_get0_name(enc); + if (objstr == NULL || EVP_CIPHER_get_iv_length(enc) == 0 + || EVP_CIPHER_get_iv_length(enc) > (int)sizeof(iv) /* * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" * fits into buf */ - || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13) + || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13 > sizeof(buf)) { ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); goto err; @@ -368,7 +368,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, #endif kstr = (unsigned char *)buf; } - if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */ + /* Generate a salt */ + if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(enc)) <= 0) goto err; /* * The 'iv' is used as the iv and as a salt. It is NOT taken from @@ -382,7 +383,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); - PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv); + PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc), (char *)iv); /* k=strlen(buf); */ ret = 1; @@ -548,7 +549,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_ENCRYPTION); return 0; } - ivlen = EVP_CIPHER_iv_length(enc); + ivlen = EVP_CIPHER_get_iv_length(enc); if (ivlen > 0 && *header++ != ',') { ERR_raise(ERR_LIB_PEM, PEM_R_MISSING_DEK_IV); return 0; @@ -557,7 +558,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) return 0; } - if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc))) + if (!load_iv(&header, cipher->iv, EVP_CIPHER_get_iv_length(enc))) return 0; return 1; diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h index 628a66912d..a84ca80be1 100644 --- a/crypto/pem/pem_local.h +++ b/crypto/pem/pem_local.h @@ -62,7 +62,7 @@ } \ if (enc != NULL) { \ ret = 0; \ - if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_name(enc), \ + if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_get0_name(enc), \ NULL)) { \ ret = 1; \ if (kstr != NULL \ diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 5e28907be3..ab86448db9 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -103,7 +103,8 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid, ret = 1; if (enc != NULL) { ret = 0; - if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_name(enc), NULL)) { + if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_get0_name(enc), + NULL)) { const unsigned char *ukstr = (const unsigned char *)kstr; /* diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c index b52764e0ac..8a147dbfc0 100644 --- a/crypto/pem/pem_sign.c +++ b/crypto/pem/pem_sign.c @@ -32,7 +32,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, int i, ret = 0; unsigned int m_len; - m = OPENSSL_malloc(EVP_PKEY_size(pkey)); + m = OPENSSL_malloc(EVP_PKEY_get_size(pkey)); if (m == NULL) { ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 1ff68e2158..11ac0a7c40 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -1027,7 +1027,7 @@ static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, write_ledword(&p, MS_PVKMAGIC); write_ledword(&p, 0); - if (EVP_PKEY_id(pk) == EVP_PKEY_RSA) + if (EVP_PKEY_get_id(pk) == EVP_PKEY_RSA) write_ledword(&p, MS_KEYTYPE_KEYX); #ifndef OPENSSL_NO_DSA else diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c index 777bc93ac3..57d1caecfc 100644 --- a/crypto/pkcs12/p12_crpt.c +++ b/crypto/pkcs12/p12_crpt.c @@ -49,15 +49,17 @@ int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, salt = pbe->salt->data; saltlen = pbe->salt->length; if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_KEY_ID, - iter, EVP_CIPHER_key_length(cipher), key, md, + iter, EVP_CIPHER_get_key_length(cipher), + key, md, libctx, propq)) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); PBEPARAM_free(pbe); return 0; } - if (EVP_CIPHER_iv_length(cipher) > 0) { + if (EVP_CIPHER_get_iv_length(cipher) > 0) { if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_IV_ID, - iter, EVP_CIPHER_iv_length(cipher), iv, md, + iter, EVP_CIPHER_get_iv_length(cipher), + iv, md, libctx, propq)) { ERR_raise(ERR_LIB_PKCS12, PKCS12_R_IV_GEN_ERROR); PBEPARAM_free(pbe); diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index ef316d044b..87232e7737 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -43,15 +43,15 @@ unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, * It's appended to encrypted text on encrypting * MAC should be processed on decrypting separately from plain text */ - max_out_len = inlen + EVP_CIPHER_CTX_block_size(ctx); - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) + max_out_len = inlen + EVP_CIPHER_CTX_get_block_size(ctx); + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) { ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); goto err; } - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { max_out_len += mac_len; } else { if (inlen < mac_len) { @@ -89,9 +89,9 @@ unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, goto err; } outlen += i; - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, (int)mac_len, out+outlen) < 0) { ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index a4ed0e516c..41a2d7293e 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -98,7 +98,8 @@ int PKCS12_key_gen_uni_ex(unsigned char *pass, int passlen, unsigned char *salt, return 0; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)EVP_MD_name(md_type), 0); + (char *)EVP_MD_get0_name(md_type), + 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, pass, passlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index be4ed16ab7..88655651a0 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -117,8 +117,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } - md_size = EVP_MD_size(md); - md_nid = EVP_MD_type(md); + md_size = EVP_MD_get_size(md); + md_nid = EVP_MD_get_type(md); if (md_size < 0) goto err; if ((md_nid == NID_id_GostR3411_94 @@ -267,7 +267,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, } else memcpy(p12->mac->salt->data, salt, saltlen); X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); - if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)), + if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_get_type(md_type)), V_ASN1_NULL, NULL)) { ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 8d4e95a3b4..441bf78bba 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -296,16 +296,16 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; } BIO_get_cipher_ctx(btmp, &ctx); - keylen = EVP_CIPHER_key_length(evp_cipher); - ivlen = EVP_CIPHER_iv_length(evp_cipher); - xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); + keylen = EVP_CIPHER_get_key_length(evp_cipher); + ivlen = EVP_CIPHER_get_iv_length(evp_cipher); + xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_get_type(evp_cipher)); if (ivlen > 0) if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) goto err; (void)ERR_set_mark(); fetched_cipher = EVP_CIPHER_fetch(libctx, - EVP_CIPHER_name(evp_cipher), + EVP_CIPHER_get0_name(evp_cipher), propq); (void)ERR_pop_to_mark(); if (fetched_cipher != NULL) @@ -572,7 +572,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) ri = sk_PKCS7_RECIP_INFO_value(rsk, i); ri->ctx = p7_ctx; if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, - EVP_CIPHER_key_length(cipher)) < 0) + EVP_CIPHER_get_key_length(cipher)) < 0) goto err; ERR_clear_error(); } @@ -591,7 +591,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) goto err; /* Generate random key as MMA defence */ - len = EVP_CIPHER_CTX_key_length(evp_ctx); + len = EVP_CIPHER_CTX_get_key_length(evp_ctx); if (len <= 0) goto err; tkeylen = (size_t)len; @@ -606,7 +606,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) tkey = NULL; } - if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { + if (eklen != EVP_CIPHER_CTX_get_key_length(evp_ctx)) { /* * Some S/MIME clients don't use the same key and effective key * length. The key length is determined by the size of the @@ -679,7 +679,7 @@ static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR); return NULL; } - if (EVP_MD_CTX_type(*pmd) == nid) + if (EVP_MD_CTX_get_type(*pmd) == nid) return bio; bio = BIO_next(bio); } @@ -837,7 +837,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) } else { unsigned char *abuf = NULL; unsigned int abuflen; - abuflen = EVP_PKEY_size(si->pkey); + abuflen = EVP_PKEY_get_size(si->pkey); abuf = OPENSSL_malloc(abuflen); if (abuf == NULL) goto err; @@ -915,7 +915,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) goto err; } - if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_name(md), + if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_get0_name(md), ossl_pkcs7_ctx_get0_libctx(ctx), ossl_pkcs7_ctx_get0_propq(ctx), si->pkey, NULL) <= 0) @@ -1044,13 +1044,13 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR); goto err; } - if (EVP_MD_CTX_type(mdc) == md_type) + if (EVP_MD_CTX_get_type(mdc) == md_type) break; /* * Workaround for some broken clients that put the signature OID * instead of the digest OID in digest_alg->algorithm */ - if (EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mdc)) == md_type) + if (EVP_MD_get_pkey_type(EVP_MD_CTX_get0_md(mdc)) == md_type) break; btmp = BIO_next(btmp); } diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index a4b62f40dd..c32a666626 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -316,7 +316,7 @@ static int pkcs7_ecdsa_or_dsa_sign_verify_setup(PKCS7_SIGNER_INFO *si, hnid = OBJ_obj2nid(alg1->algorithm); if (hnid == NID_undef) return -1; - if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_get_id(pkey))) return -1; X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); } @@ -362,7 +362,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, /* Set the algorithms */ - X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), + X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_get_type(dgst)), V_ASN1_NULL, NULL); if (EVP_PKEY_is_a(pkey, "EC") || EVP_PKEY_is_a(pkey, "DSA")) @@ -689,7 +689,7 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) } /* Check cipher OID exists and has data in it */ - i = EVP_CIPHER_type(cipher); + i = EVP_CIPHER_get_type(cipher); if (i == NID_undef) { ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); return 0; diff --git a/crypto/provider.c b/crypto/provider.c index 766086a47b..52647b2e77 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -129,7 +129,7 @@ int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name, return 1; } -const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov) +const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov) { return ossl_provider_name(prov); } diff --git a/crypto/provider_core.c b/crypto/provider_core.c index ca2bfdb8fa..eac5b58946 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -1729,7 +1729,7 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB, (void (*)(void))ossl_provider_deregister_child_cb }, { OSSL_FUNC_PROVIDER_NAME, - (void (*)(void))OSSL_PROVIDER_name }, + (void (*)(void))OSSL_PROVIDER_get0_name }, { OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX, (void (*)(void))OSSL_PROVIDER_get0_provider_ctx }, { OSSL_FUNC_PROVIDER_GET0_DISPATCH, diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 56e615f6b9..a7a8c70523 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -298,7 +298,7 @@ int RAND_status(void) if ((rand = RAND_get0_primary(NULL)) == NULL) return 0; - return EVP_RAND_state(rand) == EVP_RAND_STATE_READY; + return EVP_RAND_get_state(rand) == EVP_RAND_STATE_READY; } # else /* !FIPS_MODULE */ diff --git a/crypto/rand/rand_meth.c b/crypto/rand/rand_meth.c index c0484823a2..49bf0acdf5 100644 --- a/crypto/rand/rand_meth.c +++ b/crypto/rand/rand_meth.c @@ -36,7 +36,7 @@ static int drbg_status(void) if (drbg == NULL) return 0; - return EVP_RAND_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0; + return EVP_RAND_get_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0; } /* Implements the default OpenSSL RAND_bytes() method */ diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index f2283d81bd..1d3b8685bd 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -427,7 +427,7 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); return 0; } - *(int *)arg2 = EVP_MD_type(md); + *(int *)arg2 = EVP_MD_get_type(md); /* Return of 2 indicates this MD is mandatory */ return 2; } @@ -457,10 +457,10 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) return NULL; if (saltlen == -1) { - saltlen = EVP_MD_size(sigmd); + saltlen = EVP_MD_get_size(sigmd); } else if (saltlen == -2 || saltlen == -3) { - saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; - if ((EVP_PKEY_bits(pk) & 0x7) == 1) + saltlen = EVP_PKEY_get_size(pk) - EVP_MD_get_size(sigmd) - 2; + if ((EVP_PKEY_get_bits(pk) & 0x7) == 1) saltlen--; if (saltlen < 0) return NULL; @@ -545,7 +545,7 @@ int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, const EVP_MD *checkmd; if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0) goto err; - if (EVP_MD_type(md) != EVP_MD_type(checkmd)) { + if (EVP_MD_get_type(md) != EVP_MD_get_type(checkmd)) { ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_DOES_NOT_MATCH); goto err; } @@ -629,7 +629,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, ASN1_BIT_STRING *sig) { int pad_mode; - EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); + EVP_PKEY_CTX *pkctx = EVP_MD_CTX_get_pkey_ctx(ctx); if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; @@ -674,18 +674,19 @@ static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg, pss = ossl_rsa_pss_decode(sigalg); if (!ossl_rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) goto err; - mdnid = EVP_MD_type(md); + mdnid = EVP_MD_get_type(md); /* * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must * match and salt length must equal digest size */ if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512) - && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md)) + && mdnid == EVP_MD_get_type(mgf1md) + && saltlen == EVP_MD_get_size(md)) flags = X509_SIG_INFO_TLS; else flags = 0; /* Note: security bits half number of digest bits */ - secbits = EVP_MD_size(md) * 4; + secbits = EVP_MD_get_size(md) * 4; /* * SHA1 and MD5 are known to be broken. Reduce security bits so that * they're no longer accepted at security level 1. The real values don't @@ -763,8 +764,8 @@ static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type, if (!ossl_rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md, &saltlen, &trailerfield)) goto err; - md_nid = EVP_MD_type(md); - mgf1md_nid = EVP_MD_type(mgf1md); + md_nid = EVP_MD_get_type(md); + mgf1md_nid = EVP_MD_get_type(mgf1md); if (!ossl_rsa_pss_params_30_set_defaults(&pss_params) || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid) || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params, diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 4a0ad2856b..5b7d60d6e1 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -480,8 +480,8 @@ static int ossl_rsa_sync_to_pss_params_30(RSA *rsa) if (!ossl_rsa_pss_get_param_unverified(legacy_pss, &md, &mgf1md, &saltlen, &trailerField)) return 0; - md_nid = EVP_MD_type(md); - mgf1md_nid = EVP_MD_type(mgf1md); + md_nid = EVP_MD_get_type(md); + mgf1md_nid = EVP_MD_get_type(mgf1md); if (!ossl_rsa_pss_params_30_set_defaults(&pss_params) || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid) || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params, diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 00646648c7..d9be1a4f98 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -76,7 +76,7 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, if (mgf1md == NULL) mgf1md = md; - mdlen = EVP_MD_size(md); + mdlen = EVP_MD_get_size(md); if (mdlen <= 0) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); return 0; @@ -184,7 +184,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, if (mgf1md == NULL) mgf1md = md; - mdlen = EVP_MD_size(md); + mdlen = EVP_MD_get_size(md); if (tlen <= 0 || flen <= 0) return -1; @@ -341,7 +341,7 @@ int PKCS1_MGF1(unsigned char *mask, long len, if (c == NULL) goto err; - mdlen = EVP_MD_size(dgst); + mdlen = EVP_MD_get_size(dgst); if (mdlen < 0) goto err; /* step 4 */ diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 6e7e7a27e1..110d998ebd 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -138,12 +138,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, RSA *rsa = ctx->pkey->pkey.rsa; if (rctx->md) { - if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + if (tbslen != (size_t)EVP_MD_get_size(rctx->md)) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH); return -1; } - if (EVP_MD_type(rctx->md) == NID_mdc2) { + if (EVP_MD_get_type(rctx->md) == NID_mdc2) { unsigned int sltmp; if (rctx->pad_mode != RSA_PKCS1_PADDING) return -1; @@ -163,12 +163,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, return -1; } memcpy(rctx->tbuf, tbs, tbslen); - rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); + rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_get_type(rctx->md)); ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig, rsa, RSA_X931_PADDING); } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { unsigned int sltmp; - ret = RSA_sign(EVP_MD_type(rctx->md), + ret = RSA_sign(EVP_MD_get_type(rctx->md), tbs, tbslen, sig, &sltmp, rsa); if (ret <= 0) return ret; @@ -213,11 +213,11 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, if (ret < 1) return 0; ret--; - if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) { + if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_get_type(rctx->md))) { ERR_raise(ERR_LIB_RSA, RSA_R_ALGORITHM_MISMATCH); return 0; } - if (ret != EVP_MD_size(rctx->md)) { + if (ret != EVP_MD_get_size(rctx->md)) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH); return 0; } @@ -225,7 +225,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, memcpy(rout, rctx->tbuf, ret); } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { size_t sltmp; - ret = ossl_rsa_verify(EVP_MD_type(rctx->md), + ret = ossl_rsa_verify(EVP_MD_get_type(rctx->md), NULL, 0, rout, &sltmp, sig, siglen, ctx->pkey->pkey.rsa); if (ret <= 0) @@ -254,9 +254,9 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, if (rctx->md) { if (rctx->pad_mode == RSA_PKCS1_PADDING) - return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, + return RSA_verify(EVP_MD_get_type(rctx->md), tbs, tbslen, sig, siglen, rsa); - if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + if (tbslen != (size_t)EVP_MD_get_size(rctx->md)) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH); return -1; } @@ -360,7 +360,7 @@ static int check_padding_md(const EVP_MD *md, int padding) if (!md) return 1; - mdnid = EVP_MD_type(md); + mdnid = EVP_MD_get_type(md); if (padding == RSA_NO_PADDING) { ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE); @@ -457,7 +457,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return -2; } if ((p1 == RSA_PSS_SALTLEN_DIGEST - && rctx->min_saltlen > EVP_MD_size(rctx->md)) + && rctx->min_saltlen > EVP_MD_get_size(rctx->md)) || (p1 >= 0 && p1 < rctx->min_saltlen)) { ERR_raise(ERR_LIB_RSA, RSA_R_PSS_SALTLEN_TOO_SMALL); return 0; @@ -508,7 +508,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (!check_padding_md(p2, rctx->pad_mode)) return 0; if (rsa_pss_restricted(rctx)) { - if (EVP_MD_type(rctx->md) == EVP_MD_type(p2)) + if (EVP_MD_get_type(rctx->md) == EVP_MD_get_type(p2)) return 1; ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); return 0; @@ -534,7 +534,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) *(const EVP_MD **)p2 = rctx->md; } else { if (rsa_pss_restricted(rctx)) { - if (EVP_MD_type(rctx->mgf1md) == EVP_MD_type(p2)) + if (EVP_MD_get_type(rctx->mgf1md) == EVP_MD_get_type(p2)) return 1; ERR_raise(ERR_LIB_RSA, RSA_R_MGF1_DIGEST_NOT_ALLOWED); return 0; @@ -823,7 +823,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *ctx) return 0; /* See if minimum salt length exceeds maximum possible */ - max_saltlen = RSA_size(rsa) - EVP_MD_size(md); + max_saltlen = RSA_size(rsa) - EVP_MD_get_size(md); if ((RSA_bits(rsa) & 0x7) == 1) max_saltlen--; if (min_saltlen > max_saltlen) { diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index bca208340e..33874bfef8 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -53,7 +53,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, if (mgf1Hash == NULL) mgf1Hash = Hash; - hLen = EVP_MD_size(Hash); + hLen = EVP_MD_get_size(Hash); if (hLen < 0) goto err; /*- @@ -164,7 +164,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, if (mgf1Hash == NULL) mgf1Hash = Hash; - hLen = EVP_MD_size(Hash); + hLen = EVP_MD_get_size(Hash); if (hLen < 0) goto err; /*- diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index d2052c5796..82b87cc5af 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -195,7 +195,7 @@ static int rsa_validate_rng_strength(EVP_RAND_CTX *rng, int nbits) { if (rng == NULL) return 0; - if (EVP_RAND_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) { + if (EVP_RAND_get_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) { ERR_raise(ERR_LIB_RSA, RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT); return 0; diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index f2771dbe73..105dd4ce70 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -71,7 +71,7 @@ int ossl_sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, size_t *pt_size) { const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); - const int md_size = EVP_MD_size(digest); + const int md_size = EVP_MD_get_size(digest); size_t overhead; if (md_size < 0) { @@ -97,7 +97,7 @@ int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, size_t *ct_size) { const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); - const int md_size = EVP_MD_size(digest); + const int md_size = EVP_MD_get_size(digest); size_t sz; if (field_size == 0 || md_size < 0) @@ -137,7 +137,7 @@ int ossl_sm2_encrypt(const EC_KEY *key, uint8_t *x2y2 = NULL; uint8_t *C3 = NULL; size_t field_size; - const int C3_size = EVP_MD_size(digest); + const int C3_size = EVP_MD_get_size(digest); EVP_MD *fetched_digest = NULL; OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); const char *propq = ossl_ec_key_get0_propq(key); @@ -222,7 +222,7 @@ int ossl_sm2_encrypt(const EC_KEY *key, for (i = 0; i != msg_len; ++i) msg_mask[i] ^= msg[i]; - fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq); + fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(digest), propq); if (fetched_digest == NULL) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; @@ -291,7 +291,7 @@ int ossl_sm2_decrypt(const EC_KEY *key, uint8_t *x2y2 = NULL; uint8_t *computed_C3 = NULL; const size_t field_size = ec_field_size(group); - const int hash_size = EVP_MD_size(digest); + const int hash_size = EVP_MD_get_size(digest); uint8_t *msg_mask = NULL; const uint8_t *C2 = NULL; const uint8_t *C3 = NULL; diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 907d6585ea..72be1c00b4 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -145,7 +145,7 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, const uint8_t *msg, size_t msg_len) { EVP_MD_CTX *hash = EVP_MD_CTX_new(); - const int md_size = EVP_MD_size(digest); + const int md_size = EVP_MD_get_size(digest); uint8_t *z = NULL; BIGNUM *e = NULL; EVP_MD *fetched_digest = NULL; @@ -163,7 +163,7 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, goto done; } - fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq); + fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(digest), propq); if (fetched_digest == NULL) { ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); goto done; diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 1409f3aef4..f7939ea0dd 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -124,7 +124,7 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, && (fetched_loader = OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) { const OSSL_PROVIDER *provider = - OSSL_STORE_LOADER_provider(fetched_loader); + OSSL_STORE_LOADER_get0_provider(fetched_loader); void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); loader_ctx = fetched_loader->p_open(provctx, uri); @@ -351,7 +351,8 @@ int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search) break; case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT: if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST, - EVP_MD_name(search->digest), 0) + EVP_MD_get0_name(search->digest), + 0) && OSSL_PARAM_BLD_push_octet_string(bld, OSSL_STORE_PARAM_FINGERPRINT, search->string, @@ -790,7 +791,7 @@ int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type) if (ctx->fetched_loader != NULL) { void *provctx = - ossl_provider_ctx(OSSL_STORE_LOADER_provider(ctx->fetched_loader)); + ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader)); const OSSL_PARAM *params; const OSSL_PARAM *p_subject = NULL; const OSSL_PARAM *p_issuer = NULL; @@ -879,11 +880,11 @@ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, return NULL; } - if (digest != NULL && len != (size_t)EVP_MD_size(digest)) { + if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) { ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST, "%s size is %d, fingerprint size is %zu", - EVP_MD_name(digest), EVP_MD_size(digest), len); + EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len); OPENSSL_free(search); return NULL; } @@ -976,7 +977,7 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, && (fetched_loader = OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) { const OSSL_PROVIDER *provider = - OSSL_STORE_LOADER_provider(fetched_loader); + OSSL_STORE_LOADER_get0_provider(fetched_loader); void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp); diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c index 7bf0a329ce..7f11d4fbea 100644 --- a/crypto/store/store_meth.c +++ b/crypto/store/store_meth.c @@ -373,7 +373,7 @@ OSSL_STORE_LOADER *ossl_store_loader_fetch_by_number(OSSL_LIB_CTX *libctx, * Library of basic method functions */ -const OSSL_PROVIDER *OSSL_STORE_LOADER_provider(const OSSL_STORE_LOADER *loader) +const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER *loader) { if (!ossl_assert(loader != NULL)) { ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); @@ -383,7 +383,7 @@ const OSSL_PROVIDER *OSSL_STORE_LOADER_provider(const OSSL_STORE_LOADER *loader) return loader->prov; } -const char *OSSL_STORE_LOADER_properties(const OSSL_STORE_LOADER *loader) +const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader) { if (!ossl_assert(loader != NULL)) { ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); @@ -393,7 +393,7 @@ const char *OSSL_STORE_LOADER_properties(const OSSL_STORE_LOADER *loader) return loader->propdef; } -int OSSL_STORE_LOADER_number(const OSSL_STORE_LOADER *loader) +int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader) { if (!ossl_assert(loader != NULL)) { ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); @@ -403,7 +403,7 @@ int OSSL_STORE_LOADER_number(const OSSL_STORE_LOADER *loader) return loader->scheme_id; } -const char *OSSL_STORE_LOADER_description(const OSSL_STORE_LOADER *loader) +const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader) { return loader->description; } diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index 7c48d182a8..c78d96d532 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -88,7 +88,7 @@ int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg) OSSL_STORE_INFO **v = &cbdata->v; OSSL_STORE_CTX *ctx = cbdata->ctx; const OSSL_PROVIDER *provider = - OSSL_STORE_LOADER_provider(ctx->fetched_loader); + OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader); OSSL_LIB_CTX *libctx = ossl_provider_libctx(provider); const char *propq = ctx->properties; const OSSL_PARAM *p; @@ -206,7 +206,7 @@ static EVP_PKEY *try_key_ref(struct extracted_param_data_st *data, * 2. The keymgmt is from another provider, then we must * do the export/import dance. */ - if (EVP_KEYMGMT_provider(keymgmt) == provider) { + if (EVP_KEYMGMT_get0_provider(keymgmt) == provider) { keydata = evp_keymgmt_load(keymgmt, data->ref, data->ref_size); } else { struct evp_keymgmt_util_try_import_data_st import_data; diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 172d444d09..8937bb2d66 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -484,7 +484,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx) return 0; } digest = msg_imprint->hashed_msg; - if (digest->length != EVP_MD_size(md)) { + if (digest->length != EVP_MD_get_size(md)) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Bad message digest."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); @@ -711,8 +711,8 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) if (ctx->signer_md == NULL) signer_md = EVP_MD_fetch(ctx->libctx, "SHA256", ctx->propq); - else if (EVP_MD_provider(ctx->signer_md) == NULL) - signer_md = EVP_MD_fetch(ctx->libctx, EVP_MD_name(ctx->signer_md), + else if (EVP_MD_get0_provider(ctx->signer_md) == NULL) + signer_md = EVP_MD_fetch(ctx->libctx, EVP_MD_get0_name(ctx->signer_md), ctx->propq); else signer_md = (EVP_MD *)ctx->signer_md; diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 03e7312843..792a27ce57 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -447,7 +447,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, } (void)ERR_pop_to_mark(); - length = EVP_MD_size(md); + length = EVP_MD_get_size(md); if (length < 0) goto err; *imprint_len = length; diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 8b2d8cc91d..d8ddde8aaa 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -255,7 +255,7 @@ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, ERR_raise(ERR_LIB_X509, X509_R_ERROR_GETTING_MD_BY_NID); return 0; } - siginf->secbits = EVP_MD_size(md) * 4; + siginf->secbits = EVP_MD_get_size(md) * 4; break; } switch (mdnid) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index edf3c51095..278b8b6765 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -3389,7 +3389,7 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) if (level > NUM_AUTH_LEVELS) level = NUM_AUTH_LEVELS; - return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1]; + return EVP_PKEY_get_security_bits(pkey) >= minbits_table[level - 1]; } /*- @@ -3406,7 +3406,7 @@ static int check_curve(X509 *cert) if (pkey == NULL) return -1; - if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + if (EVP_PKEY_get_id(pkey) == EVP_PKEY_EC) { int ret, val; ret = EVP_PKEY_get_int_param(pkey, diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index ca4310de1e..b0ed93cfbf 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -29,7 +29,7 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) if (pk == NULL) return 0; - switch (EVP_PKEY_id(pk)) { + switch (EVP_PKEY_get_id(pk)) { case EVP_PKEY_RSA: ret = EVP_PK_RSA | EVP_PKT_SIGN; /* if (!sign only extension) */ diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 966a1a534b..7ae35f21fd 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -557,7 +557,7 @@ DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length) pkey = d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; - if (EVP_PKEY_id(pkey) == EVP_PKEY_DH) + if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DH) key = EVP_PKEY_get1_DH(pkey); EVP_PKEY_free(pkey); if (key == NULL) @@ -598,7 +598,7 @@ DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length) pkey = d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; - if (EVP_PKEY_id(pkey) == EVP_PKEY_DHX) + if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DHX) key = EVP_PKEY_get1_DH(pkey); EVP_PKEY_free(pkey); if (key == NULL) @@ -684,7 +684,7 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) pkey = d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; - type = EVP_PKEY_id(pkey); + type = EVP_PKEY_get_id(pkey); if (type == EVP_PKEY_EC || type == EVP_PKEY_SM2) key = EVP_PKEY_get1_EC_KEY(pkey); EVP_PKEY_free(pkey); @@ -768,7 +768,7 @@ ECX_KEY *ossl_d2i_ED448_PUBKEY(ECX_KEY **a, pkey = d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; - if (EVP_PKEY_id(pkey) == EVP_PKEY_ED448) + if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) key = ossl_evp_pkey_get1_ED448(pkey); EVP_PKEY_free(pkey); if (key == NULL) @@ -810,7 +810,7 @@ ECX_KEY *ossl_d2i_X25519_PUBKEY(ECX_KEY **a, pkey = d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; - if (EVP_PKEY_id(pkey) == EVP_PKEY_X25519) + if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X25519) key = ossl_evp_pkey_get1_X25519(pkey); EVP_PKEY_free(pkey); if (key == NULL) @@ -852,7 +852,7 @@ ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a, pkey = d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; - if (EVP_PKEY_id(pkey) == EVP_PKEY_X448) + if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X448) key = ossl_evp_pkey_get1_X448(pkey); EVP_PKEY_free(pkey); if (key == NULL) diff --git a/demos/digest/BIO_f_md.c b/demos/digest/BIO_f_md.c index ce1dfcc34a..2ecc53e137 100755 --- a/demos/digest/BIO_f_md.c +++ b/demos/digest/BIO_f_md.c @@ -68,7 +68,7 @@ int main(int argc, char * argv[]) fprintf(stderr, "EVP_MD_fetch did not find SHA3-512.\n"); goto cleanup; } - digest_size = EVP_MD_size(md); + digest_size = EVP_MD_get_size(md); digest_value = OPENSSL_malloc(digest_size); if (digest_value == NULL) { fprintf(stderr, "Can't allocate %lu bytes for the digest value.\n", (unsigned long)digest_size); diff --git a/demos/digest/EVP_MD_demo.c b/demos/digest/EVP_MD_demo.c index 77146e3f00..99589bd344 100644 --- a/demos/digest/EVP_MD_demo.c +++ b/demos/digest/EVP_MD_demo.c @@ -105,9 +105,9 @@ int demonstrate_digest(void) goto cleanup; } /* Determine the length of the fetched digest type */ - digest_length = EVP_MD_size(message_digest); + digest_length = EVP_MD_get_size(message_digest); if (digest_length <= 0) { - fprintf(stderr, "EVP_MD_size returned invalid size.\n"); + fprintf(stderr, "EVP_MD_get_size returned invalid size.\n"); goto cleanup; } diff --git a/demos/digest/EVP_MD_stdin.c b/demos/digest/EVP_MD_stdin.c index 3e24f342cb..71a3d325a3 100755 --- a/demos/digest/EVP_MD_stdin.c +++ b/demos/digest/EVP_MD_stdin.c @@ -63,9 +63,9 @@ int demonstrate_digest(BIO *input) return 0; } /* Determine the length of the fetched digest type */ - digest_length = EVP_MD_size(message_digest); + digest_length = EVP_MD_get_size(message_digest); if (digest_length <= 0) { - fprintf(stderr, "EVP_MD_size returned invalid size.\n"); + fprintf(stderr, "EVP_MD_get_size returned invalid size.\n"); goto cleanup; } diff --git a/doc/build.info b/doc/build.info index 42c1804d6c..b77dac210c 100644 --- a/doc/build.info +++ b/doc/build.info @@ -1227,6 +1227,10 @@ DEPEND[html/man3/EVP_PKEY_get_group_name.html]=man3/EVP_PKEY_get_group_name.pod GENERATE[html/man3/EVP_PKEY_get_group_name.html]=man3/EVP_PKEY_get_group_name.pod DEPEND[man/man3/EVP_PKEY_get_group_name.3]=man3/EVP_PKEY_get_group_name.pod GENERATE[man/man3/EVP_PKEY_get_group_name.3]=man3/EVP_PKEY_get_group_name.pod +DEPEND[html/man3/EVP_PKEY_get_size.html]=man3/EVP_PKEY_get_size.pod +GENERATE[html/man3/EVP_PKEY_get_size.html]=man3/EVP_PKEY_get_size.pod +DEPEND[man/man3/EVP_PKEY_get_size.3]=man3/EVP_PKEY_get_size.pod +GENERATE[man/man3/EVP_PKEY_get_size.3]=man3/EVP_PKEY_get_size.pod DEPEND[html/man3/EVP_PKEY_gettable_params.html]=man3/EVP_PKEY_gettable_params.pod GENERATE[html/man3/EVP_PKEY_gettable_params.html]=man3/EVP_PKEY_gettable_params.pod DEPEND[man/man3/EVP_PKEY_gettable_params.3]=man3/EVP_PKEY_gettable_params.pod @@ -1275,10 +1279,6 @@ DEPEND[html/man3/EVP_PKEY_sign.html]=man3/EVP_PKEY_sign.pod GENERATE[html/man3/EVP_PKEY_sign.html]=man3/EVP_PKEY_sign.pod DEPEND[man/man3/EVP_PKEY_sign.3]=man3/EVP_PKEY_sign.pod GENERATE[man/man3/EVP_PKEY_sign.3]=man3/EVP_PKEY_sign.pod -DEPEND[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod -GENERATE[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod -DEPEND[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod -GENERATE[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod DEPEND[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod GENERATE[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod DEPEND[man/man3/EVP_PKEY_todata.3]=man3/EVP_PKEY_todata.pod @@ -3014,6 +3014,7 @@ html/man3/EVP_PKEY_fromdata.html \ html/man3/EVP_PKEY_get_default_digest_nid.html \ html/man3/EVP_PKEY_get_field_type.html \ html/man3/EVP_PKEY_get_group_name.html \ +html/man3/EVP_PKEY_get_size.html \ html/man3/EVP_PKEY_gettable_params.html \ html/man3/EVP_PKEY_is_a.html \ html/man3/EVP_PKEY_keygen.html \ @@ -3026,7 +3027,6 @@ html/man3/EVP_PKEY_set1_encoded_public_key.html \ html/man3/EVP_PKEY_set_type.html \ html/man3/EVP_PKEY_settable_params.html \ html/man3/EVP_PKEY_sign.html \ -html/man3/EVP_PKEY_size.html \ html/man3/EVP_PKEY_todata.html \ html/man3/EVP_PKEY_verify.html \ html/man3/EVP_PKEY_verify_recover.html \ @@ -3603,6 +3603,7 @@ man/man3/EVP_PKEY_fromdata.3 \ man/man3/EVP_PKEY_get_default_digest_nid.3 \ man/man3/EVP_PKEY_get_field_type.3 \ man/man3/EVP_PKEY_get_group_name.3 \ +man/man3/EVP_PKEY_get_size.3 \ man/man3/EVP_PKEY_gettable_params.3 \ man/man3/EVP_PKEY_is_a.3 \ man/man3/EVP_PKEY_keygen.3 \ @@ -3615,7 +3616,6 @@ man/man3/EVP_PKEY_set1_encoded_public_key.3 \ man/man3/EVP_PKEY_set_type.3 \ man/man3/EVP_PKEY_settable_params.3 \ man/man3/EVP_PKEY_sign.3 \ -man/man3/EVP_PKEY_size.3 \ man/man3/EVP_PKEY_todata.3 \ man/man3/EVP_PKEY_verify.3 \ man/man3/EVP_PKEY_verify_recover.3 \ diff --git a/doc/man3/BIO_f_md.pod b/doc/man3/BIO_f_md.pod index 8ad694853f..aa60ff4eb8 100644 --- a/doc/man3/BIO_f_md.pod +++ b/doc/man3/BIO_f_md.pod @@ -128,7 +128,7 @@ outputs them. This could be used with the examples above. if (!mdtmp) break; BIO_get_md(mdtmp, &md); - printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); + printf("%s digest", OBJ_nid2sn(EVP_MD_get_type(md))); mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); printf("\n"); diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod index e4b7e429a0..75cdc9744c 100644 --- a/doc/man3/DH_size.pod +++ b/doc/man3/DH_size.pod @@ -22,8 +22,8 @@ L: =head1 DESCRIPTION The functions described on this page are deprecated. -Applications should instead use L, -L and L. +Applications should instead use L, +L and L. DH_bits() returns the number of significant bits. @@ -49,7 +49,7 @@ B doesn't hold any key parameters. =head1 SEE ALSO -L, +L, L, L, L diff --git a/doc/man3/DSA_size.pod b/doc/man3/DSA_size.pod index b904845447..0d0d1e5994 100644 --- a/doc/man3/DSA_size.pod +++ b/doc/man3/DSA_size.pod @@ -21,8 +21,8 @@ L: =head1 DESCRIPTION All of the functions described on this page are deprecated. -Applications should instead use L, -L and L. +Applications should instead use L, +L and L. DSA_bits() returns the number of bits in key I: this is the number of bits in the I

parameter. @@ -47,9 +47,9 @@ hold any key parameters. =head1 SEE ALSO -L, -L, -L, +L, +L, +L, L, L =head1 HISTORY diff --git a/doc/man3/EVP_ASYM_CIPHER_free.pod b/doc/man3/EVP_ASYM_CIPHER_free.pod index 93df44ec8f..2b34eb4469 100644 --- a/doc/man3/EVP_ASYM_CIPHER_free.pod +++ b/doc/man3/EVP_ASYM_CIPHER_free.pod @@ -3,9 +3,9 @@ =head1 NAME EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref, -EVP_ASYM_CIPHER_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_provider, +EVP_ASYM_CIPHER_get_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_get0_provider, EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all, -EVP_ASYM_CIPHER_name, EVP_ASYM_CIPHER_description, +EVP_ASYM_CIPHER_get0_name, EVP_ASYM_CIPHER_get0_description, EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params - Functions to manage EVP_ASYM_CIPHER algorithm objects @@ -17,10 +17,10 @@ EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params const char *properties); void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); - int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher); - const char *EVP_ASYM_CIPHER_name(const EVP_ASYM_CIPHER *cipher); + int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher); + const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher); int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); - OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher); + OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher); void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_ASYM_CIPHER *cipher, void *arg), @@ -28,7 +28,7 @@ EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, void (*fn)(const char *name, void *data), void *data); - const char *EVP_ASYM_CIPHER_description(const EVP_ASYM_CIPHER *cipher); + const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher); const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip); const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip); @@ -54,17 +54,18 @@ B structure. EVP_ASYM_CIPHER_is_a() returns 1 if I is an implementation of an algorithm that's identifiable with I, otherwise 0. -EVP_ASYM_CIPHER_provider() returns the provider that I was fetched from. +EVP_ASYM_CIPHER_get0_provider() returns the provider that I was +fetched from. EVP_ASYM_CIPHER_do_all_provided() traverses all EVP_ASYM_CIPHERs implemented by all activated providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_ASYM_CIPHER_number() returns the internal dynamic number assigned to +EVP_ASYM_CIPHER_get_number() returns the internal dynamic number assigned to I. -EVP_ASYM_CIPHER_name() returns the algorithm name from the provided +EVP_ASYM_CIPHER_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained @@ -73,9 +74,9 @@ by the I object and should not be freed by the caller. EVP_ASYM_CIPHER_names_do_all() traverses all names for I, and calls I with each name and I. -EVP_ASYM_CIPHER_description() returns a description of the I, meant -for display and human consumption. The description is at the discretion of -the I implementation. +EVP_ASYM_CIPHER_get0_description() returns a description of the I, +meant for display and human consumption. The description is at the +discretion of the I implementation. EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params() return a constant B array that describes the names and types of key diff --git a/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod b/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod index c5995a584d..f5021b8728 100644 --- a/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod +++ b/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod @@ -25,11 +25,12 @@ L: EVP_CIPHER_CTX_get_original_iv() and EVP_CIPHER_CTX_get_updated_iv() copy initialization vector (IV) information from the B into the -caller-supplied buffer. L can be used to determine -an appropriate buffer size, and if the supplied buffer is too small, an error -will be returned (and no data copied). EVP_CIPHER_CTX_get_original_iv() -accesses the ("original") IV that was supplied when the B was -initialized, and EVP_CIPHER_CTX_get_updated_iv() accesses the current "IV state" +caller-supplied buffer. L can be used to +determine an appropriate buffer size, and if the supplied buffer is too small, +an error will be returned (and no data copied). +EVP_CIPHER_CTX_get_original_iv() accesses the ("original") IV that was +supplied when the B was initialized, and +EVP_CIPHER_CTX_get_updated_iv() accesses the current "IV state" of the cipher, which is updated during cipher operation for certain cipher modes (e.g., CBC and OFB). diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 4b6aaeeb1c..b1d83c1b89 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -12,17 +12,19 @@ EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, -EVP_MD_is_a, EVP_MD_name, EVP_MD_description, EVP_MD_number, -EVP_MD_names_do_all, EVP_MD_provider, -EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, -EVP_MD_CTX_name, -EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md, -EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, -EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, +EVP_MD_is_a, EVP_MD_get0_name, EVP_MD_get0_description, EVP_MD_get_number, +EVP_MD_names_do_all, EVP_MD_get0_provider, EVP_MD_get_type, +EVP_MD_get_pkey_type, EVP_MD_get_size, EVP_MD_get_block_size, EVP_MD_get_flags, +EVP_MD_CTX_get0_name, EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md, +EVP_MD_CTX_get_type, EVP_MD_CTX_get_size, EVP_MD_CTX_get_block_size, +EVP_MD_CTX_get0_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, -EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, -EVP_MD_do_all_provided +EVP_MD_CTX_get_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, +EVP_MD_do_all_provided, +EVP_MD_type, EVP_MD_nid, EVP_MD_name, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_size, EVP_MD_CTX_block_size, +EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data - EVP digest routines =head1 SYNOPSIS @@ -68,27 +70,27 @@ EVP_MD_do_all_provided int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); - const char *EVP_MD_name(const EVP_MD *md); - const char *EVP_MD_description(const EVP_MD *md); - int EVP_MD_number(const EVP_MD *md); + const char *EVP_MD_get0_name(const EVP_MD *md); + const char *EVP_MD_get0_description(const EVP_MD *md); + int EVP_MD_get_number(const EVP_MD *md); int EVP_MD_is_a(const EVP_MD *md, const char *name); int EVP_MD_names_do_all(const EVP_MD *md, void (*fn)(const char *name, void *data), void *data); - const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); - int EVP_MD_type(const EVP_MD *md); - int EVP_MD_pkey_type(const EVP_MD *md); - int EVP_MD_size(const EVP_MD *md); - int EVP_MD_block_size(const EVP_MD *md); - unsigned long EVP_MD_flags(const EVP_MD *md); + const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md); + int EVP_MD_get_type(const EVP_MD *md); + int EVP_MD_get_pkey_type(const EVP_MD *md); + int EVP_MD_get_size(const EVP_MD *md); + int EVP_MD_get_block_size(const EVP_MD *md); + unsigned long EVP_MD_get_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx); EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); - const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx); - int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); - int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); - int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); - void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + const char *EVP_MD_CTX_get0_name(const EVP_MD_CTX *ctx); + int EVP_MD_CTX_get_size(const EVP_MD_CTX *ctx); + int EVP_MD_CTX_get_block_size(const EVP_MD_CTX *ctx); + int EVP_MD_CTX_get_type(const EVP_MD_CTX *ctx); + void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); const EVP_MD *EVP_md_null(void); @@ -96,13 +98,26 @@ EVP_MD_do_all_provided const EVP_MD *EVP_get_digestbynid(int type); const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); - EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); + EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx); void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_MD *mac, void *arg), void *arg); + #define EVP_MD_type EVP_MD_get_type + #define EVP_MD_nid EVP_MD_get_type + #define EVP_MD_name EVP_MD_get0_name + #define EVP_MD_pkey_type EVP_MD_get_pkey_type + #define EVP_MD_size EVP_MD_get_size + #define EVP_MD_block_size EVP_MD_get_block_size + #define EVP_MD_flags EVP_MD_get_flags + #define EVP_MD_CTX_size EVP_MD_CTX_get_size + #define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size + #define EVP_MD_CTX_type EVP_MD_CTX_get_type + #define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx + #define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data + Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: @@ -312,13 +327,13 @@ EVP_sha256() rather than the result of an EVP_MD_fetch()), only cipher names registered with the default library context (see L) will be considered. -=item EVP_MD_number() +=item EVP_MD_get_number() Returns the internal dynamic number assigned to the I. This is only useful with fetched Bs. -=item EVP_MD_name(), -EVP_MD_CTX_name() +=item EVP_MD_get0_name(), +EVP_MD_CTX_get0_name() Return the name of the given message digest. For fetched message digests with multiple names, only one of them is returned; it's @@ -329,36 +344,36 @@ recommended to use EVP_MD_names_do_all() instead. Traverses all names for the I, and calls I with each name and I. This is only useful with fetched Bs. -=item EVP_MD_description() +=item EVP_MD_get0_description() Returns a description of the digest, meant for display and human consumption. The description is at the discretion of the digest implementation. -=item EVP_MD_provider() +=item EVP_MD_get0_provider() Returns an B pointer to the provider that implements the given B. -=item EVP_MD_size(), -EVP_MD_CTX_size() +=item EVP_MD_get_size(), +EVP_MD_CTX_get_size() Return the size of the message digest when passed an B or an B structure, i.e. the size of the hash. -=item EVP_MD_block_size(), -EVP_MD_CTX_block_size() +=item EVP_MD_get_block_size(), +EVP_MD_CTX_get_block_size() Return the block size of the message digest when passed an B or an B structure. -=item EVP_MD_type(), -EVP_MD_CTX_type() +=item EVP_MD_get_type(), +EVP_MD_CTX_get_type() Return the NID of the OBJECT IDENTIFIER representing the given message digest -when passed an B structure. For example, C +when passed an B structure. For example, C returns B. This function is normally used when setting ASN1 OIDs. -=item EVP_MD_CTX_md_data() +=item EVP_MD_CTX_get0_md_data() Return the digest method private data for the passed B. The space is allocated by OpenSSL and has the size originally set with @@ -386,12 +401,12 @@ update function from the B type specified at initialization is used. Returns the update function for I. -=item EVP_MD_flags() +=item EVP_MD_get_flags() Returns the I flags. Note that these are different from the B ones. See L for more information. -=item EVP_MD_pkey_type() +=item EVP_MD_get_pkey_type() Returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return @@ -410,7 +425,7 @@ EVP_get_digestbyobj() Returns an B structure when passed a digest name, a digest B or an B structure respectively. -=item EVP_MD_CTX_pkey_ctx() +=item EVP_MD_CTX_get_pkey_ctx() Returns the B assigned to I. The returned pointer should not be freed by the caller. @@ -568,16 +583,16 @@ to get. Returns 1 if successful or 0 for failure. -=item EVP_MD_type(), -EVP_MD_pkey_type() +=item EVP_MD_get_type(), +EVP_MD_get_pkey_type() Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none exists. -=item EVP_MD_size(), -EVP_MD_block_size(), -EVP_MD_CTX_size(), -EVP_MD_CTX_block_size() +=item EVP_MD_get_size(), +EVP_MD_get_block_size(), +EVP_MD_CTX_get_size(), +EVP_MD_CTX_get_block_size() Returns the digest or block size in bytes. @@ -625,9 +640,9 @@ implementations of digests to be specified. If digest contexts are not cleaned up after use, memory leaks will occur. -EVP_MD_CTX_name(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), -EVP_MD_CTX_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are defined -as macros. +EVP_MD_CTX_get0_name(), EVP_MD_CTX_get_size(), EVP_MD_CTX_get_block_size(), +EVP_MD_CTX_get_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are +defined as macros. EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration or control. @@ -718,6 +733,13 @@ EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(), EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and EVP_MD_CTX_gettable_params() functions were added in OpenSSL 3.0. +The EVP_MD_type(), EVP_MD_nid(), EVP_MD_name(), EVP_MD_pkey_type(), +EVP_MD_size(), EVP_MD_block_size(), EVP_MD_flags(), EVP_MD_CTX_size(), +EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), and EVP_MD_CTX_md_data() +functions were renamed to include C or C in their names in +OpenSSL 3.0, respectively. The old names are kept as non-deprecated +alias macros. + The EVP_MD_CTX_md() function was deprecated in OpenSSL 3.0; use EVP_MD_CTX_get0_md() instead. EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index a24db53949..86d4270ed4 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -165,9 +165,9 @@ Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. -The use of EVP_PKEY_size() with these functions is discouraged because some +The use of EVP_PKEY_get_size() with these functions is discouraged because some signature operations may have a signature length which depends on the -parameters set. As a result EVP_PKEY_size() would have to return a value +parameters set. As a result EVP_PKEY_get_size() would have to return a value which indicates the maximum possible signature for any set of parameters. =head1 SEE ALSO diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 0fc7b1e82c..cd4b8b5c56 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -33,48 +33,68 @@ EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_is_a, -EVP_CIPHER_name, -EVP_CIPHER_description, -EVP_CIPHER_number, +EVP_CIPHER_get0_name, +EVP_CIPHER_get0_description, +EVP_CIPHER_get_number, EVP_CIPHER_names_do_all, -EVP_CIPHER_provider, -EVP_CIPHER_nid, +EVP_CIPHER_get0_provider, +EVP_CIPHER_get_nid, EVP_CIPHER_get_params, EVP_CIPHER_gettable_params, -EVP_CIPHER_block_size, -EVP_CIPHER_key_length, -EVP_CIPHER_iv_length, -EVP_CIPHER_flags, -EVP_CIPHER_mode, -EVP_CIPHER_type, +EVP_CIPHER_get_block_size, +EVP_CIPHER_get_key_length, +EVP_CIPHER_get_iv_length, +EVP_CIPHER_get_flags, +EVP_CIPHER_get_mode, +EVP_CIPHER_get_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_get0_cipher, EVP_CIPHER_CTX_get1_cipher, -EVP_CIPHER_CTX_name, -EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_get0_name, +EVP_CIPHER_CTX_get_nid, EVP_CIPHER_CTX_get_params, EVP_CIPHER_gettable_ctx_params, EVP_CIPHER_CTX_gettable_params, EVP_CIPHER_CTX_set_params, EVP_CIPHER_settable_ctx_params, EVP_CIPHER_CTX_settable_params, -EVP_CIPHER_CTX_block_size, -EVP_CIPHER_CTX_key_length, -EVP_CIPHER_CTX_iv_length, -EVP_CIPHER_CTX_tag_length, +EVP_CIPHER_CTX_get_block_size, +EVP_CIPHER_CTX_get_key_length, +EVP_CIPHER_CTX_get_iv_length, +EVP_CIPHER_CTX_get_tag_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, -EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags, EVP_CIPHER_CTX_test_flags, -EVP_CIPHER_CTX_mode, +EVP_CIPHER_CTX_get_type, +EVP_CIPHER_CTX_get_mode, +EVP_CIPHER_CTX_get_num, +EVP_CIPHER_CTX_set_num, +EVP_CIPHER_CTX_is_encrypting, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null, -EVP_CIPHER_do_all_provided +EVP_CIPHER_do_all_provided, +EVP_CIPHER_nid, +EVP_CIPHER_name, +EVP_CIPHER_block_size, +EVP_CIPHER_key_length, +EVP_CIPHER_iv_length, +EVP_CIPHER_flags, +EVP_CIPHER_mode, +EVP_CIPHER_type, +EVP_CIPHER_CTX_encrypting, +EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_block_size, +EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, +EVP_CIPHER_CTX_tag_length, +EVP_CIPHER_CTX_num, +EVP_CIPHER_CTX_type, +EVP_CIPHER_CTX_mode - EVP cipher routines =head1 SYNOPSIS @@ -145,26 +165,26 @@ EVP_CIPHER_do_all_provided const EVP_CIPHER *EVP_get_cipherbynid(int nid); const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); - int EVP_CIPHER_nid(const EVP_CIPHER *e); - int EVP_CIPHER_number(const EVP_CIPHER *e); + int EVP_CIPHER_get_nid(const EVP_CIPHER *e); + int EVP_CIPHER_get_number(const EVP_CIPHER *e); int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, void (*fn)(const char *name, void *data), void *data); - const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); - const char *EVP_CIPHER_description(const EVP_CIPHER *cipher); - const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); - int EVP_CIPHER_block_size(const EVP_CIPHER *e); - int EVP_CIPHER_key_length(const EVP_CIPHER *e); - int EVP_CIPHER_iv_length(const EVP_CIPHER *e); - unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); - unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); - int EVP_CIPHER_type(const EVP_CIPHER *cipher); + const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); + const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); + const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); + int EVP_CIPHER_get_block_size(const EVP_CIPHER *e); + int EVP_CIPHER_get_key_length(const EVP_CIPHER *e); + int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e); + unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e); + unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e); + int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); - const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx); + const char *EVP_CIPHER_CTX_get0_name(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); @@ -174,14 +194,17 @@ EVP_CIPHER_do_all_provided const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx); const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); - int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); + int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); @@ -190,12 +213,36 @@ EVP_CIPHER_do_all_provided void (*fn)(EVP_CIPHER *cipher, void *arg), void *arg); + #define EVP_CIPHER_nid EVP_CIPHER_get_nid + #define EVP_CIPHER_name EVP_CIPHER_get0_name + #define EVP_CIPHER_block_size EVP_CIPHER_get_block_size + #define EVP_CIPHER_key_length EVP_CIPHER_get_key_length + #define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length + #define EVP_CIPHER_flags EVP_CIPHER_get_flags + #define EVP_CIPHER_mode EVP_CIPHER_get_mode + #define EVP_CIPHER_type EVP_CIPHER_get_type + #define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting + #define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid + #define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size + #define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length + #define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length + #define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length + #define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num + #define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type + #define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode + Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: + + int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); + =head1 DESCRIPTION The EVP cipher routines are a high-level interface to certain @@ -390,7 +437,7 @@ result in I. For legacy ciphers - If the cipher doesn't have the flag B set, then I must be a multiple of -EVP_CIPHER_block_size(). If it isn't, the result is undefined. If the cipher +EVP_CIPHER_get_block_size(). If it isn't, the result is undefined. If the cipher has that flag set, then I can be any size. Due to the constraints of the API contract of this function it shouldn't be used @@ -402,7 +449,7 @@ EVP_CipherFinal_ex() instead. Return an EVP_CIPHER structure when passed a cipher name, a NID or an ASN1_OBJECT structure. -=item EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() +=item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() Return the NID of a cipher when passed an B or B structure. The actual NID value is an internal value which may not have a @@ -426,12 +473,12 @@ when decrypting. If the I parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur. -=item EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() +=item EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() Return the key length of a cipher when passed an B or B structure. The constant B is the maximum -key length for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for -a given cipher, the value of EVP_CIPHER_CTX_key_length() may be different for +key length for all ciphers. Note: although EVP_CIPHER_get_key_length() is fixed for +a given cipher, the value of EVP_CIPHER_CTX_get_key_length() may be different for variable key length ciphers. =item EVP_CIPHER_CTX_set_key_length() @@ -440,25 +487,25 @@ Sets the key length of the cipher context. If the cipher is a fixed length cipher then attempting to set the key length to any value other than the fixed value is an error. -=item EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() +=item EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() Return the IV length of a cipher when passed an B or B. It will return zero if the cipher does not use an IV. The constant B is the maximum IV length for all ciphers. -=item EVP_CIPHER_CTX_tag_length() +=item EVP_CIPHER_CTX_get_tag_length() Returns the tag length of an AEAD cipher when passed a B. It will return zero if the cipher does not support a tag. It returns a default value if the tag length has not been set. -=item EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() +=item EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() Return the block size of a cipher when passed an B or B structure. The constant B is also the maximum block length for all ciphers. -=item EVP_CIPHER_type() and EVP_CIPHER_CTX_type() +=item EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() Return the type of the passed cipher or context. This "type" is the actual NID of the cipher OBJECT IDENTIFIER and as such it ignores the cipher parameters @@ -474,12 +521,12 @@ value from the likes of EVP_aes128() rather than the result of an EVP_CIPHER_fetch()), only cipher names registered with the default library context (see L) will be considered. -=item EVP_CIPHER_number() +=item EVP_CIPHER_get_number() Returns the internal dynamic number assigned to the I. This is only useful with fetched Bs. -=item EVP_CIPHER_name() and EVP_CIPHER_CTX_name() +=item EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name() Return the name of the passed cipher or context. For fetched ciphers with multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all(). @@ -489,12 +536,12 @@ multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all() Traverses all names for the I, and calls I with each name and I. This is only useful with fetched Bs. -=item EVP_CIPHER_description() +=item EVP_CIPHER_get0_description() Returns a description of the cipher, meant for display and human consumption. The description is at the discretion of the cipher implementation. -=item EVP_CIPHER_provider() +=item EVP_CIPHER_get0_provider() Returns an B pointer to the provider that implements the given B. @@ -505,7 +552,7 @@ Returns the B structure when passed an B structure. EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to the caller. -=item EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() +=item EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode() Return the block cipher mode: EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, @@ -513,11 +560,26 @@ EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned. -=item EVP_CIPHER_flags() +=item EVP_CIPHER_get_flags() Returns any flags associated with the cipher. See L for a list of currently defined flags. +=item EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num() + +Gets or sets the cipher specific "num" parameter for the associated I. +Built-in ciphers typically use this to track how much of the current underlying block +has been "used" already. + +=item EVP_CIPHER_CTX_is_encrypting() + +Reports whether the I is being used for encryption or decryption. + +=item EVP_CIPHER_CTX_flags() + +A deprecated macro calling C. +Do not use. + =item EVP_CIPHER_param_to_asn1() Sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will @@ -544,7 +606,7 @@ is not supported. Generates a random key of the appropriate length based on the cipher context. The B can provide its own random key generation routine to support keys of a specific form. I must point to a buffer at least as big as the -value returned by EVP_CIPHER_CTX_key_length(). +value returned by EVP_CIPHER_CTX_get_key_length(). =item EVP_CIPHER_do_all_provided() @@ -570,18 +632,18 @@ EVP_CIPHER_get_params() can be used with the following B keys: =item "mode" (B) Gets the mode for the associated cipher algorithm I. -See L for a list of valid modes. -Use EVP_CIPHER_mode() to retrieve the cached value. +See L for a list of valid modes. +Use EVP_CIPHER_get_mode() to retrieve the cached value. =item "keylen" (B) Gets the key length for the associated cipher algorithm I. -Use EVP_CIPHER_key_length() to retrieve the cached value. +Use EVP_CIPHER_get_key_length() to retrieve the cached value. =item "ivlen" (B) Gets the IV length for the associated cipher algorithm I. -Use EVP_CIPHER_iv_length() to retrieve the cached value. +Use EVP_CIPHER_get_iv_length() to retrieve the cached value. =item "blocksize" (B) @@ -591,12 +653,12 @@ Note that the block size for a cipher may be different to the block size for the underlying encryption/decryption primitive. For example AES in CTR mode has a block size of 1 (because it operates like a stream cipher), even though AES has a block size of 16. -Use EVP_CIPHER_block_size() to retreive the cached value. +Use EVP_CIPHER_get_block_size() to retreive the cached value. =item "aead" (B) Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0. -Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the cached value. =item "custom-iv" (B) @@ -604,7 +666,7 @@ cached value. Gets 1 if the cipher algorithm I has a custom IV, otherwise it gets 0. Storing and initializing the IV is left entirely to the implementation, if a custom IV is used. -Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the cached value. =item "cts" (B) @@ -613,7 +675,7 @@ Gets 1 if the cipher algorithm I uses ciphertext stealing, otherwise it gets 0. This is currently used to indicate that the cipher is a one shot that only allows a single call to EVP_CipherUpdate(). -Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the cached value. =item "tls-multi" (B) @@ -621,7 +683,7 @@ cached value. Gets 1 if the cipher algorithm I supports interleaving of crypto blocks, otherwise it gets 0. The interleaving is an optimization only applicable to certain TLS ciphers. -Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the cached value. =back @@ -644,13 +706,13 @@ See also EVP_CIPHER_CTX_set_padding(). Gets or sets the cipher specific "num" parameter for the cipher context I. Built-in ciphers typically use this to track how much of the current underlying block has been "used" already. -See also EVP_CIPHER_CTX_num() and EVP_CIPHER_CTX_set_num(). +See also EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num(). =item "keylen" (B) Gets or sets the key length for the cipher context I. The length of the "keylen" parameter should not exceed that of a B. -See also EVP_CIPHER_CTX_key_length() and EVP_CIPHER_CTX_set_key_length(). +See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length(). =item "tag" (B) @@ -723,7 +785,7 @@ The following B keys can be used with EVP_CIPHER_CTX_get_params(): Gets the IV length for the cipher context I. The length of the "ivlen" parameter should not exceed that of a B. -See also EVP_CIPHER_CTX_iv_length(). +See also EVP_CIPHER_CTX_get_iv_length(). =item "iv" (B) @@ -749,7 +811,7 @@ the key to odd parity). Gets the tag length to be used for an AEAD cipher for the associated cipher context I. It gets a default value if it has not been set. The length of the "taglen" parameter should not exceed that of a B. -See also EVP_CIPHER_CTX_tag_length(). +See also EVP_CIPHER_CTX_get_tag_length(). =item "tlsaadpad" (B) @@ -1116,27 +1178,38 @@ EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure. EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() return an B structure or NULL on error. -EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID. +EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() return a NID. -EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block -size. +EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() return the +block size. -EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key +EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() return the key length. EVP_CIPHER_CTX_set_padding() always returns 1. -EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV +EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() return the IV length or zero if the cipher does not use an IV. -EVP_CIPHER_CTX_tag_length() return the tag length or zero if the cipher does not -use a tag. +EVP_CIPHER_CTX_get_tag_length() return the tag length or zero if the cipher +does not use a tag. -EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's -OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER. +EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() return the NID of the +cipher's OBJECT IDENTIFIER or NID_undef if it has no defined +OBJECT IDENTIFIER. EVP_CIPHER_CTX_cipher() returns an B structure. +EVP_CIPHER_CTX_get_num() returns a nonnegative num value or +B if the implementation does not support the call +or on any other error. + +EVP_CIPHER_CTX_set_num() returns 1 on success and 0 if the implementation +does not support the call or on any other error. + +EVP_CIPHER_CTX_is_encrypting() returns 1 if the I is set up for encryption +0 otherwise. + EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater than zero for success and zero or a negative number on failure. @@ -1463,8 +1536,8 @@ with a 128-bit key: ctx = EVP_CIPHER_CTX_new(); EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL, do_encrypt, NULL); - OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); + OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16); + OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16); /* Now we can set key and IV */ EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL); @@ -1577,6 +1650,22 @@ EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(), EVP_CIPHER_CTX_settable_params() and EVP_CIPHER_CTX_gettable_params() functions were added in 3.0. +The EVP_CIPHER_nid(), EVP_CIPHER_name(), EVP_CIPHER_block_size(), +EVP_CIPHER_key_length(), EVP_CIPHER_iv_length(), EVP_CIPHER_flags(), +EVP_CIPHER_mode(), EVP_CIPHER_type(), EVP_CIPHER_CTX_nid(), +EVP_CIPHER_CTX_block_size(), EVP_CIPHER_CTX_key_length(), +EVP_CIPHER_CTX_iv_length(), EVP_CIPHER_CTX_tag_length(), +EVP_CIPHER_CTX_num(), EVP_CIPHER_CTX_type(), and EVP_CIPHER_CTX_mode() +functions were renamed to include C or C in their names in +OpenSSL 3.0, respectively. The old names are kept as non-deprecated +alias macros. + +The EVP_CIPHER_CTX_encrypting() function was renamed to +EVP_CIPHER_CTX_is_encrypting() in OpenSSL 3.0. The old name is kept as +non-deprecated alias macro. + +The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0. + =head1 COPYRIGHT Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 08b15f08ab..2fd6651c2b 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -5,8 +5,9 @@ EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, EVP_KDF_CTX_reset, EVP_KDF_derive, -EVP_KDF_CTX_get_kdf_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, -EVP_KDF_number, EVP_KDF_name, EVP_KDF_names_do_all, EVP_KDF_description, +EVP_KDF_CTX_get_kdf_size, +EVP_KDF_get0_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, EVP_KDF_get_number, +EVP_KDF_get0_name, EVP_KDF_names_do_all, EVP_KDF_get0_description, EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, EVP_KDF_get_params, EVP_KDF_gettable_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, @@ -31,11 +32,11 @@ EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines void EVP_KDF_free(EVP_KDF *kdf); EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties); - int EVP_KDF_number(const EVP_KDF *kdf); + int EVP_KDF_get_number(const EVP_KDF *kdf); int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); - const char *EVP_KDF_name(const EVP_KDF *kdf); - const char *EVP_KDF_description(const EVP_KDF *kdf); - const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); + const char *EVP_KDF_get0_name(const EVP_KDF *kdf); + const char *EVP_KDF_get0_description(const EVP_KDF *kdf); + const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KDF *kdf, void *arg), void *arg); @@ -50,7 +51,7 @@ EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf); - const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); + const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); =head1 DESCRIPTION @@ -162,7 +163,7 @@ calculate a fixed output size have not yet been supplied. EVP_KDF_is_a() returns 1 if I is an implementation of an algorithm that's identifiable with I, otherwise 0. -EVP_KDF_provider() returns the provider that holds the implementation +EVP_KDF_get0_provider() returns the provider that holds the implementation of the given I. EVP_KDF_do_all_provided() traverses all KDF implemented by all activated @@ -170,19 +171,19 @@ providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_KDF_number() returns the internal dynamic number assigned to +EVP_KDF_get_number() returns the internal dynamic number assigned to I. -EVP_KDF_name() return the name of the given KDF. For fetched KDFs +EVP_KDF_get0_name() return the name of the given KDF. For fetched KDFs with multiple names, only one of them is returned; it's recommended to use EVP_KDF_names_do_all() instead. EVP_KDF_names_do_all() traverses all names for I, and calls I with each name and I. -EVP_KDF_description() returns a description of the I, meant for display -and human consumption. The description is at the discretion of the I -implementation. +EVP_KDF_get0_description() returns a description of the I, meant for +display and human consumption. The description is at the discretion of +the I implementation. =head1 PARAMETERS @@ -262,7 +263,7 @@ The memory size must never exceed what can be given with a B. EVP_KDF_fetch() returns a pointer to a newly fetched B, or NULL if allocation failed. -EVP_KDF_provider() returns a pointer to the provider for the KDF, or +EVP_KDF_get0_provider() returns a pointer to the provider for the KDF, or NULL on error. EVP_KDF_up_ref() returns 1 on success, 0 on error. @@ -275,7 +276,7 @@ EVP_KDF_CTX_free() and EVP_KDF_CTX_reset() do not return a value. EVP_KDF_CTX_get_kdf_size() returns the output size. B is returned to indicate that the algorithm produces a variable amount of output; 0 to indicate failure. -EVP_KDF_name() returns the name of the KDF, or NULL on error. +EVP_KDF_get0_name() returns the name of the KDF, or NULL on error. EVP_KDF_names_do_all() returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. diff --git a/doc/man3/EVP_KEM_free.pod b/doc/man3/EVP_KEM_free.pod index 13600c521c..766825859b 100644 --- a/doc/man3/EVP_KEM_free.pod +++ b/doc/man3/EVP_KEM_free.pod @@ -3,8 +3,8 @@ =head1 NAME EVP_KEM_fetch, EVP_KEM_free, EVP_KEM_up_ref, -EVP_KEM_number, EVP_KEM_name, EVP_KEM_is_a, EVP_KEM_provider, -EVP_KEM_do_all_provided, EVP_KEM_names_do_all, EVP_KEM_description, +EVP_KEM_get_number, EVP_KEM_get0_name, EVP_KEM_is_a, EVP_KEM_get0_provider, +EVP_KEM_do_all_provided, EVP_KEM_names_do_all, EVP_KEM_get0_description, EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params - Functions to manage EVP_KEM algorithm objects @@ -16,15 +16,15 @@ EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params const char *properties); void EVP_KEM_free(EVP_KEM *kem); int EVP_KEM_up_ref(EVP_KEM *kem); - int EVP_KEM_number(const EVP_KEM *kem); - const char *EVP_KEM_name(const EVP_KEM *kem); + int EVP_KEM_get_number(const EVP_KEM *kem); + const char *EVP_KEM_get0_name(const EVP_KEM *kem); int EVP_KEM_is_a(const EVP_KEM *kem, const char *name); - OSSL_PROVIDER *EVP_KEM_provider(const EVP_KEM *kem); + OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem); void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEM *kem, void *arg), void *arg); int EVP_KEM_names_do_all(const EVP_KEM *kem, void (*fn)(const char *name, void *data), void *data); - const char *EVP_KEM_description(const EVP_KEM *kem); + const char *EVP_KEM_get0_description(const EVP_KEM *kem); const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem); const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem); @@ -48,16 +48,16 @@ EVP_KEM_up_ref() increments the reference count for an B structure. EVP_KEM_is_a() returns 1 if I is an implementation of an algorithm that's identifiable with I, otherwise 0. -EVP_KEM_provider() returns the provider that I was fetched from. +EVP_KEM_get0_provider() returns the provider that I was fetched from. EVP_KEM_do_all_provided() traverses all EVP_KEMs implemented by all activated providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_KEM_number() returns the internal dynamic number assigned to I. +EVP_KEM_get_number() returns the internal dynamic number assigned to I. -EVP_KEM_name() returns the algorithm name from the provided +EVP_KEM_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained @@ -66,9 +66,9 @@ by the I object and should not be freed by the caller. EVP_KEM_names_do_all() traverses all names for I, and calls I with each name and I. -EVP_KEM_description() returns a description of the I, meant for display -and human consumption. The description is at the discretion of the I -implementation. +EVP_KEM_get0_description() returns a description of the I, meant for +display and human consumption. The description is at the discretion of +the I implementation. EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() return a constant B array that describes the names and types of key diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod index d0a0b6ef06..28eaf523f8 100644 --- a/doc/man3/EVP_KEYEXCH_free.pod +++ b/doc/man3/EVP_KEYEXCH_free.pod @@ -2,10 +2,10 @@ =head1 NAME -EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_provider, -EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, -EVP_KEYEXCH_number, EVP_KEYEXCH_names_do_all, -EVP_KEYEXCH_name, EVP_KEYEXCH_description, +EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, +EVP_KEYEXCH_get0_provider, EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, +EVP_KEYEXCH_get_number, EVP_KEYEXCH_names_do_all, +EVP_KEYEXCH_get0_name, EVP_KEYEXCH_get0_description, EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params - Functions to manage EVP_KEYEXCH algorithm objects @@ -17,17 +17,17 @@ EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params const char *properties); void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); - OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange); + OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange); int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *exchange, const char *name); - int EVP_KEYEXCH_number(const EVP_KEYEXCH *exchange); - const char *EVP_KEYEXCH_name(const EVP_KEYEXCH *exchange); + int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *exchange); + const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *exchange); void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYEXCH *exchange, void *arg), void *arg); int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange, void (*fn)(const char *name, void *data), void *data); - const char *EVP_KEYEXCH_description(const EVP_KEYEXCH *keyexch); + const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch); const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch); const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch); @@ -48,15 +48,16 @@ structure is freed. EVP_KEYEXCH_up_ref() increments the reference count for an B structure. -EVP_KEYEXCH_provider() returns the provider that I was fetched from. +EVP_KEYEXCH_get0_provider() returns the provider that I was +fetched from. EVP_KEYEXCH_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -EVP_KEYEXCH_number() returns the internal dynamic number assigned to +EVP_KEYEXCH_get_number() returns the internal dynamic number assigned to the I. -EVP_KEYEXCH_name() returns the algorithm name from the provided +EVP_KEYEXCH_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained @@ -65,9 +66,9 @@ by the I object and should not be freed by the caller. EVP_KEYEXCH_names_do_all() traverses all names for the I, and calls I with each name and I. -EVP_KEYEXCH_description() returns a description of the I, meant for -display and human consumption. The description is at the discretion of the -I implementation. +EVP_KEYEXCH_get0_description() returns a description of the I, meant +for display and human consumption. The description is at the discretion of +the I implementation. EVP_KEYEXCH_do_all_provided() traverses all key exchange implementations by all activated providers in the library context I, and for each @@ -92,7 +93,7 @@ names. A return value of 0 means that the callback was not called for any names. EVP_KEYEXCH_is_a() returns 1 of I was identifiable, otherwise 0. -EVP_KEYEXCH_number() returns an integer. +EVP_KEYEXCH_get_number() returns an integer. EVP_KEYEXCH_gettable_ctx_params() and EVP_KEYEXCH_settable_ctx_params() return a constant B array or NULL on error. diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod index 9f143cd6ed..de5a9256a0 100644 --- a/doc/man3/EVP_KEYMGMT.pod +++ b/doc/man3/EVP_KEYMGMT.pod @@ -6,11 +6,11 @@ EVP_KEYMGMT, EVP_KEYMGMT_fetch, EVP_KEYMGMT_up_ref, EVP_KEYMGMT_free, -EVP_KEYMGMT_provider, +EVP_KEYMGMT_get0_provider, EVP_KEYMGMT_is_a, -EVP_KEYMGMT_number, -EVP_KEYMGMT_description, -EVP_KEYMGMT_name, +EVP_KEYMGMT_get_number, +EVP_KEYMGMT_get0_description, +EVP_KEYMGMT_get0_name, EVP_KEYMGMT_do_all_provided, EVP_KEYMGMT_names_do_all, EVP_KEYMGMT_gettable_params, @@ -28,11 +28,11 @@ EVP_KEYMGMT_gen_settable_params const char *properties); int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); - const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); + const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt); int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); - int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt); - const char *EVP_KEYMGMT_name(const EVP_KEYMGMT *keymgmt); - const char *EVP_KEYMGMT_description(const EVP_KEYMGMT *keymgmt); + int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt); + const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt); + const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt); void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), @@ -65,27 +65,27 @@ B I. EVP_KEYMGMT_free() decrements the reference count for the given B I, and when the count reaches zero, frees it. -EVP_KEYMGMT_provider() returns the provider that has this particular +EVP_KEYMGMT_get0_provider() returns the provider that has this particular implementation. EVP_KEYMGMT_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -EVP_KEYMGMT_number() returns the internal dynamic number assigned to +EVP_KEYMGMT_get_number() returns the internal dynamic number assigned to the I. -EVP_KEYMGMT_name() returns the algorithm name from the provided implementation -for the given I. Note that the I may have multiple synonyms -associated with it. In this case the first name from the algorithm -definition is returned. Ownership of the returned string is retained by the -I object and should not be freed by the caller. +EVP_KEYMGMT_get0_name() returns the algorithm name from the provided +implementation for the given I. Note that the I may have +multiple synonyms associated with it. In this case the first name from the +algorithm definition is returned. Ownership of the returned string is +retained by the I object and should not be freed by the caller. EVP_KEYMGMT_names_do_all() traverses all names for the I, and calls I with each name and I. -EVP_KEYMGMT_description() returns a description of the I, meant for -display and human consumption. The description is at the discretion of the -I implementation. +EVP_KEYMGMT_get0_description() returns a description of the I, meant +for display and human consumption. The description is at the discretion +of the I implementation. EVP_KEYMGMT_do_all_provided() traverses all key keymgmt implementations by all activated providers in the library context I, and for each @@ -121,17 +121,17 @@ names. A return value of 0 means that the callback was not called for any names. EVP_KEYMGMT_free() doesn't return any value. -EVP_KEYMGMT_provider() returns a pointer to a provider object, or NULL +EVP_KEYMGMT_get0_provider() returns a pointer to a provider object, or NULL on error. EVP_KEYMGMT_is_a() returns 1 of I was identifiable, otherwise 0. -EVP_KEYMGMT_number() returns an integer. +EVP_KEYMGMT_get_number() returns an integer. -EVP_KEYMGMT_name() returns the algorithm name, or NULL on error. +EVP_KEYMGMT_get0_name() returns the algorithm name, or NULL on error. -EVP_KEYMGMT_description() returns a pointer to a decription, or NULL if +EVP_KEYMGMT_get0_description() returns a pointer to a decription, or NULL if there isn't one. EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params() and diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 0fc34009ec..6468e22a02 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -3,10 +3,11 @@ =head1 NAME EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, -EVP_MAC_number, EVP_MAC_name, EVP_MAC_names_do_all, EVP_MAC_description, -EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, +EVP_MAC_get_number, EVP_MAC_get0_name, EVP_MAC_names_do_all, +EVP_MAC_get0_description, +EVP_MAC_get0_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, -EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_CTX_get0_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, EVP_MAC_CTX_get_mac_size, EVP_MAC_CTX_get_block_size, EVP_Q_mac, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_finalXOF, EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, @@ -25,19 +26,19 @@ EVP_MAC_do_all_provided - EVP MAC routines int EVP_MAC_up_ref(EVP_MAC *mac); void EVP_MAC_free(EVP_MAC *mac); int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); - int EVP_MAC_number(const EVP_MAC *mac); - const char *EVP_MAC_name(const EVP_MAC *mac); + int EVP_MAC_get_number(const EVP_MAC *mac); + const char *EVP_MAC_get0_name(const EVP_MAC *mac); int EVP_MAC_names_do_all(const EVP_MAC *mac, void (*fn)(const char *name, void *data), void *data); - const char *EVP_MAC_description(const EVP_MAC *mac); - const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); + const char *EVP_MAC_get0_description(const EVP_MAC *mac); + const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac); int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); - EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); + EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx); int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); @@ -121,7 +122,7 @@ NULL is a valid parameter, for which this function is a no-op. EVP_MAC_CTX_dup() duplicates the I context and returns a newly allocated context. -EVP_MAC_CTX_mac() returns the B associated with the context +EVP_MAC_CTX_get0_mac() returns the B associated with the context I. =head2 Computing functions @@ -219,7 +220,7 @@ Not all MAC algorithms support this. EVP_MAC_is_a() checks if the given I is an implementation of an algorithm that's identifiable with I. -EVP_MAC_provider() returns the provider that holds the implementation +EVP_MAC_get0_provider() returns the provider that holds the implementation of the given I. EVP_MAC_do_all_provided() traverses all MAC implemented by all activated @@ -227,19 +228,19 @@ providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_MAC_number() returns the internal dynamic number assigned to +EVP_MAC_get_number() returns the internal dynamic number assigned to I. -EVP_MAC_name() return the name of the given MAC. For fetched MACs +EVP_MAC_get0_name() return the name of the given MAC. For fetched MACs with multiple names, only one of them is returned; it's recommended to use EVP_MAC_names_do_all() instead. EVP_MAC_names_do_all() traverses all names for I, and calls I with each name and I. -EVP_MAC_description() returns a description of the I, meant for display -and human consumption. The description is at the discretion of the mac -implementation. +EVP_MAC_get0_description() returns a description of the I, meant +for display and human consumption. The description is at the discretion +of the mac implementation. =head1 PARAMETERS @@ -364,9 +365,9 @@ EVP_MAC_free() returns nothing at all. EVP_MAC_is_a() returns 1 if the given method can be identified with the given name, otherwise 0. -EVP_MAC_name() returns a name of the MAC, or NULL on error. +EVP_MAC_get0_name() returns a name of the MAC, or NULL on error. -EVP_MAC_provider() returns a pointer to the provider for the MAC, or +EVP_MAC_get0_provider() returns a pointer to the provider for the MAC, or NULL on error. EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly diff --git a/doc/man3/EVP_MD_meth_new.pod b/doc/man3/EVP_MD_meth_new.pod index e2db3fc52a..698216ac26 100644 --- a/doc/man3/EVP_MD_meth_new.pod +++ b/doc/man3/EVP_MD_meth_new.pod @@ -144,7 +144,7 @@ computations after the method's private data structure has been copied from one B to another. If all that's needed is to copy the data, there is no need for this copy function. Note that the copy function is passed two B, the private -data structure is then available with EVP_MD_CTX_md_data(). +data structure is then available with EVP_MD_CTX_get0_md_data(). This copy function is called by EVP_MD_CTX_copy() and EVP_MD_CTX_copy_ex(). @@ -152,7 +152,7 @@ EVP_MD_meth_set_cleanup() sets the function for B to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a B, the -private data structure is then available with EVP_MD_CTX_md_data(). +private data structure is then available with EVP_MD_CTX_get0_md_data(). This cleanup function is called by EVP_MD_CTX_reset() and EVP_MD_CTX_free(). diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index 4a515590cc..cc50d363da 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -197,10 +197,10 @@ It's called by L. int (*pkey_security_bits) (const EVP_PKEY *pk); The pkey_size() method returns the key size in bytes. -It's called by L. +It's called by L. The pkey_bits() method returns the key size in bits. -It's called by L. +It's called by L. int (*param_decode) (EVP_PKEY *pkey, const unsigned char **pder, int derlen); diff --git a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod index aae31710d7..f16963640d 100644 --- a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod +++ b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod @@ -4,14 +4,14 @@ EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, -EVP_PKEY_CTX_hkdf_mode - +EVP_PKEY_CTX_set_hkdf_mode - HMAC-based Extract-and-Expand key derivation algorithm =head1 SYNOPSIS #include - int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); + int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); @@ -33,8 +33,8 @@ and "extracts" from it a fixed-length pseudorandom key K. The second stage "expands" the key K into several additional pseudorandom keys (the output of the KDF). -EVP_PKEY_CTX_hkdf_mode() sets the mode for the HKDF operation. There are three -modes that are currently defined: +EVP_PKEY_CTX_set_hkdf_mode() sets the mode for the HKDF operation. There +are three modes that are currently defined: =over 4 diff --git a/doc/man3/EVP_PKEY_size.pod b/doc/man3/EVP_PKEY_get_size.pod similarity index 62% rename from doc/man3/EVP_PKEY_size.pod rename to doc/man3/EVP_PKEY_get_size.pod index 786c503914..b663e27f64 100644 --- a/doc/man3/EVP_PKEY_size.pod +++ b/doc/man3/EVP_PKEY_get_size.pod @@ -2,20 +2,25 @@ =head1 NAME -EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits +EVP_PKEY_get_size, EVP_PKEY_get_bits, EVP_PKEY_get_security_bits, +EVP_PKEY_bits, EVP_PKEY_security_bits, EVP_PKEY_size - EVP_PKEY information functions =head1 SYNOPSIS #include - int EVP_PKEY_size(const EVP_PKEY *pkey); - int EVP_PKEY_bits(const EVP_PKEY *pkey); - int EVP_PKEY_security_bits(const EVP_PKEY *pkey); + int EVP_PKEY_get_size(const EVP_PKEY *pkey); + int EVP_PKEY_get_bits(const EVP_PKEY *pkey); + int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey); + + #define EVP_PKEY_bits EVP_PKEY_get_bits + #define EVP_PKEY_security_bits EVP_PKEY_get_security_bits + #define EVP_PKEY_size EVP_PKEY_get_size =head1 DESCRIPTION -EVP_PKEY_size() returns the maximum suitable size for the output +EVP_PKEY_get_size() returns the maximum suitable size for the output buffers for almost all operations that can be done with I. The primary documented use is with L and L, but it isn't limited there. The returned size is @@ -24,38 +29,38 @@ L, L, L. It must be stressed that, unless the documentation for the operation that's being performed says otherwise, the size returned by -EVP_PKEY_size() is only preliminary and not exact, so the final +EVP_PKEY_get_size() is only preliminary and not exact, so the final contents of the target buffer may be smaller. It is therefore crucial to take note of the size given back by the function that performs the operation, such as L (the I argument will receive that length), to avoid bugs. -EVP_PKEY_bits() returns the cryptographic length of the cryptosystem +EVP_PKEY_get_bits() returns the cryptographic length of the cryptosystem to which the key in I belongs, in bits. Note that the definition of cryptographic length is specific to the key cryptosystem. -EVP_PKEY_security_bits() returns the number of security bits of the given +EVP_PKEY_get_security_bits() returns the number of security bits of the given I, bits of security is defined in NIST SP800-57. =head1 RETURN VALUES -EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a -positive number, or 0 if this size isn't available. +EVP_PKEY_get_size(), EVP_PKEY_get_bits() and EVP_PKEY_get_security_bits() +return a positive number, or 0 if this size isn't available. =head1 NOTES Most functions that have an output buffer and are mentioned with -EVP_PKEY_size() have a functionality where you can pass NULL for the +EVP_PKEY_get_size() have a functionality where you can pass NULL for the buffer and still pass a pointer to an integer and get the exact size that this function call delivers in the context that it's called in. This allows those functions to be called twice, once to find out the exact buffer size, then allocate the buffer in between, and call that function again actually output the data. For those functions, it -isn't strictly necessary to call EVP_PKEY_size() to find out the +isn't strictly necessary to call EVP_PKEY_get_size() to find out the buffer size, but may be useful in cases where it's desirable to know the upper limit in advance. -It should also be especially noted that EVP_PKEY_size() shouldn't be +It should also be especially noted that EVP_PKEY_get_size() shouldn't be used to get the output size for EVP_DigestSignFinal(), according to L. @@ -68,6 +73,12 @@ L, L, L +=head1 HISTORY + +The EVP_PKEY_bits(), EVP_PKEY_security_bits(), and EVP_PKEY_size() functions +were renamed to include C in their names in OpenSSL 3.0, respectively. +The old names are kept as non-deprecated alias macros. + =head1 COPYRIGHT Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index d98d7c240e..89b93c9bac 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -7,7 +7,7 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_dup, EVP_PKEY_free, -EVP_PKEY_description, +EVP_PKEY_get0_description, EVP_PKEY_new_raw_private_key_ex, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key_ex, @@ -28,7 +28,7 @@ EVP_PKEY_get_raw_public_key int EVP_PKEY_up_ref(EVP_PKEY *key); EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *key); void EVP_PKEY_free(EVP_PKEY *key); - const char *EVP_PKEY_description(const EVP_PKEY *key); + const char *EVP_PKEY_get0_description(const EVP_PKEY *key); EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx, const char *keytype, @@ -92,9 +92,9 @@ a raw key, otherwise the duplication will fail. EVP_PKEY_free() decrements the reference count of I and, if the reference count is zero, frees it up. If I is NULL, nothing is done. -EVP_PKEY_description() returns a description of the type of B, meant -for display and human consumption. The description is at the discretion of the -key type implementation. +EVP_PKEY_get0_description() returns a description of the type of B, +meant for display and human consumption. The description is at the +discretion of the key type implementation. EVP_PKEY_new_raw_private_key_ex() allocates a new B. Unless an engine should be used for the key type, a provider for the key is found using diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index e905024199..59ea093d59 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -8,18 +8,22 @@ EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, -EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, -EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - +EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_get_id, EVP_PKEY_get_base_id, +EVP_PKEY_set1_engine, EVP_PKEY_get0_engine, +EVP_PKEY_id, EVP_PKEY_base_id - EVP_PKEY assignment functions =head1 SYNOPSIS #include - int EVP_PKEY_id(const EVP_PKEY *pkey); - int EVP_PKEY_base_id(const EVP_PKEY *pkey); + int EVP_PKEY_get_id(const EVP_PKEY *pkey); + int EVP_PKEY_get_base_id(const EVP_PKEY *pkey); int EVP_PKEY_type(int type); + #define EVP_PKEY_id EVP_PKEY_get_id + #define EVP_PKEY_base_id EVP_PKEY_get_base_id + Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: @@ -55,13 +59,14 @@ L: =head1 DESCRIPTION -EVP_PKEY_base_id() returns the type of I. For example +EVP_PKEY_get_base_id() returns the type of I. For example an RSA key will return B. -EVP_PKEY_id() returns the actual OID associated with I. Historically keys -using the same algorithm could use different OIDs. For example an RSA key could -use the OIDs corresponding to the NIDs B (equivalent to -B) or B (equivalent to B). The use of +EVP_PKEY_get_id() returns the actual OID associated with I. +Historically keys using the same algorithm could use different OIDs. +For example an RSA key could use the OIDs corresponding to +the NIDs B (equivalent to B) or +B (equivalent to B). The use of alternative non-standard OIDs is now rare so B et al are not often seen in practice. @@ -133,7 +138,7 @@ instead of engines (see L for details). The following functions are only reliable with Bs that have been assigned an internal key with EVP_PKEY_assign_*(): -EVP_PKEY_id(), EVP_PKEY_base_id(), EVP_PKEY_type() +EVP_PKEY_get_id(), EVP_PKEY_get_base_id(), EVP_PKEY_type() For EVP_PKEY key type checking purposes, L is more generic. @@ -163,12 +168,12 @@ the passed B is an L key, and will set the B type to B in that case, instead of B. Most applications wishing to know a key type will simply call -EVP_PKEY_base_id() and will not care about the actual type: +EVP_PKEY_get_base_id() and will not care about the actual type: which will be identical in almost all cases. Previous versions of this document suggested using EVP_PKEY_type(pkey->type) to determine the type of a key. Since B is now opaque this -is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). +is no longer possible: the equivalent is EVP_PKEY_get_base_id(pkey). EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM key as part of its routine to load a private key. @@ -186,7 +191,7 @@ EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure. -EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key +EVP_PKEY_get_base_id(), EVP_PKEY_get_id() and EVP_PKEY_type() return a key type or B (equivalently B) on error. EVP_PKEY_set1_engine() returns 1 for success and 0 for failure. @@ -197,6 +202,10 @@ L, L =head1 HISTORY +The EVP_PKEY_id() and EVP_PKEY_base_id() functions were renamed to +include C in their names in OpenSSL 3.0, respectively. The old names +are kept as non-deprecated alias macros. + EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, diff --git a/doc/man3/EVP_PKEY_set_type.pod b/doc/man3/EVP_PKEY_set_type.pod index e5111a555b..9ba460c5c0 100644 --- a/doc/man3/EVP_PKEY_set_type.pod +++ b/doc/man3/EVP_PKEY_set_type.pod @@ -35,7 +35,7 @@ It is an error if no L could be found for I. For both EVP_PKEY_set_type() and EVP_PKEY_set_type_str(), I gets -a numeric type, which can be retrieved with L. This +a numeric type, which can be retrieved with L. This numeric type is taken from the L that was found, and is equal to or closely related to I in the case of EVP_PKEY_set_type(), or related to I in the case of @@ -44,7 +44,7 @@ EVP_PKEY_set_type_str(). EVP_PKEY_set_type_by_keymgmt() initialises I to contain an internal provider side key. When doing this, it associates I with I. For keys initialised like this, the numeric type -retrieved with L will always be B. +retrieved with L will always be B. =head1 RETURN VALUES @@ -52,7 +52,7 @@ All functions described here return 1 if successful, or 0 on error. =head1 SEE ALSO -L, L, L, +L, L, L, L, L, L diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod index b2d1e18417..bcee801c4e 100644 --- a/doc/man3/EVP_RAND.pod +++ b/doc/man3/EVP_RAND.pod @@ -5,10 +5,11 @@ EVP_RAND, EVP_RAND_fetch, EVP_RAND_free, EVP_RAND_up_ref, EVP_RAND_CTX, EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_instantiate, EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce, -EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_strength, -EVP_RAND_state, -EVP_RAND_provider, EVP_RAND_CTX_rand, EVP_RAND_is_a, EVP_RAND_number, -EVP_RAND_name, EVP_RAND_names_do_all, EVP_RAND_description, +EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_get_strength, +EVP_RAND_get_state, +EVP_RAND_get0_provider, EVP_RAND_CTX_get0_rand, EVP_RAND_is_a, +EVP_RAND_get_number, EVP_RAND_get0_name, EVP_RAND_names_do_all, +EVP_RAND_get0_description, EVP_RAND_CTX_get_params, EVP_RAND_CTX_set_params, EVP_RAND_do_all_provided, EVP_RAND_get_params, EVP_RAND_gettable_ctx_params, EVP_RAND_settable_ctx_params, @@ -29,7 +30,7 @@ EVP_RAND_STATE_ERROR - EVP RAND routines void EVP_RAND_free(EVP_RAND *rand); EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent); void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx); - EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx); + EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx); int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]); int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]); int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]); @@ -38,11 +39,11 @@ EVP_RAND_STATE_ERROR - EVP RAND routines const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand); const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx); const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx); - int EVP_RAND_number(const EVP_RAND *rand); - const char *EVP_RAND_name(const EVP_RAND *rand); - const char *EVP_RAND_description(const EVP_RAND *rand); + int EVP_RAND_get_number(const EVP_RAND *rand); + const char *EVP_RAND_get0_name(const EVP_RAND *rand); + const char *EVP_RAND_get0_description(const EVP_RAND *rand); int EVP_RAND_is_a(const EVP_RAND *rand, const char *name); - const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand); + const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand); void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_RAND *rand, void *arg), void *arg); @@ -64,8 +65,8 @@ EVP_RAND_STATE_ERROR - EVP RAND routines int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen); int EVP_RAND_enable_locking(EVP_RAND_CTX *ctx); int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx); - unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx); - int EVP_RAND_state(EVP_RAND_CTX *ctx); + unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx); + int EVP_RAND_get_state(EVP_RAND_CTX *ctx); #define EVP_RAND_STATE_UNINITIALISED 0 #define EVP_RAND_STATE_READY 1 @@ -121,7 +122,7 @@ rely on the operating system for their randomness because this is often scarce. EVP_RAND_CTX_free() frees up the context I. If I is NULL, nothing is done. -EVP_RAND_CTX_rand() returns the B associated with the context +EVP_RAND_CTX_get0_rand() returns the B associated with the context I. =head2 Random Number Generator Functions @@ -209,9 +210,9 @@ B as a parameter descriptor. =head2 Information functions -EVP_RAND_strength() returns the security strength of the RAND I. +EVP_RAND_get_strength() returns the security strength of the RAND I. -EVP_RAND_state() returns the current state of the RAND I. +EVP_RAND_get_state() returns the current state of the RAND I. States defined by the OpenSSL RNGs are: =over 4 @@ -234,7 +235,7 @@ EVP_RAND_STATE_ERROR: this RNG is in an error state. EVP_RAND_is_a() returns 1 if I is an implementation of an algorithm that's identifiable with I, otherwise 0. -EVP_RAND_provider() returns the provider that holds the implementation +EVP_RAND_get0_provider() returns the provider that holds the implementation of the given I. EVP_RAND_do_all_provided() traverses all RAND implemented by all activated @@ -242,17 +243,17 @@ providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_RAND_number() returns the internal dynamic number assigned to +EVP_RAND_get_number() returns the internal dynamic number assigned to I. -EVP_RAND_name() returns the canonical name of I. +EVP_RAND_get0_name() returns the canonical name of I. EVP_RAND_names_do_all() traverses all names for I, and calls I with each name and I. -EVP_RAND_description() returns a description of the rand, meant for display -and human consumption. The description is at the discretion of the rand -implementation. +EVP_RAND_get0_description() returns a description of the rand, meant for +display and human consumption. The description is at the discretion of +the rand implementation. EVP_RAND_verify_zeroization() confirms if the internal DRBG state is currently zeroed. This is used by the FIPS provider to support the mandatory @@ -351,15 +352,16 @@ not be considered a breaking change to the API. EVP_RAND_fetch() returns a pointer to a newly fetched B, or NULL if allocation failed. -EVP_RAND_provider() returns a pointer to the provider for the RAND, or +EVP_RAND_get0_provider() returns a pointer to the provider for the RAND, or NULL on error. -EVP_RAND_CTX_rand() returns a pointer to the B associated with the -context. +EVP_RAND_CTX_get0_rand() returns a pointer to the B associated +with the context. -EVP_RAND_name() returns the name of the random number generation algorithm. +EVP_RAND_get0_name() returns the name of the random number generation +algorithm. -EVP_RAND_number() returns the provider specific identification number +EVP_RAND_get_number() returns the provider specific identification number for the specified algorithm. EVP_RAND_up_ref() returns 1 on success, 0 on error. @@ -374,7 +376,8 @@ EVP_RAND_CTX_free() does not return a value. EVP_RAND_nonce() returns the length of the nonce. -EVP_RAND_strength() returns the strength of the random number generator in bits. +EVP_RAND_get_strength() returns the strength of the random number generator +in bits. EVP_RAND_gettable_params(), EVP_RAND_gettable_ctx_params() and EVP_RAND_settable_ctx_params() return an array of OSSL_PARAMs. diff --git a/doc/man3/EVP_SIGNATURE_free.pod b/doc/man3/EVP_SIGNATURE_free.pod index a1897bbdb0..5c506dc67c 100644 --- a/doc/man3/EVP_SIGNATURE_free.pod +++ b/doc/man3/EVP_SIGNATURE_free.pod @@ -3,9 +3,9 @@ =head1 NAME EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, -EVP_SIGNATURE_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_provider, +EVP_SIGNATURE_get_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_get0_provider, EVP_SIGNATURE_do_all_provided, EVP_SIGNATURE_names_do_all, -EVP_SIGNATURE_name, EVP_SIGNATURE_description, +EVP_SIGNATURE_get0_name, EVP_SIGNATURE_get0_description, EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params - Functions to manage EVP_SIGNATURE algorithm objects @@ -17,10 +17,10 @@ EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params const char *properties); void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); - int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature); - const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature); + int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature); + const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); - OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); + OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature); void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_SIGNATURE *signature, void *arg), @@ -28,8 +28,8 @@ EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, void (*fn)(const char *name, void *data), void *data); - const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature); - const char *EVP_SIGNATURE_description(const EVP_SIGNATURE *signature); + const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); + const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature); const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig); const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig); @@ -55,17 +55,18 @@ structure. EVP_SIGNATURE_is_a() returns 1 if I is an implementation of an algorithm that's identifiable with I, otherwise 0. -EVP_SIGNATURE_provider() returns the provider that I was fetched from. +EVP_SIGNATURE_get0_provider() returns the provider that I was +fetched from. EVP_SIGNATURE_do_all_provided() traverses all SIGNATURE implemented by all activated roviders in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_SIGNATURE_number() returns the internal dynamic number assigned to +EVP_SIGNATURE_get_number() returns the internal dynamic number assigned to I. -EVP_SIGNATURE_name() returns the algorithm name from the provided +EVP_SIGNATURE_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained @@ -74,9 +75,9 @@ by the I object and should not be freed by the caller. EVP_SIGNATURE_names_do_all() traverses all names for I, and calls I with each name and I. -EVP_SIGNATURE_description() returns a description of the I, meant -for display and human consumption. The description is at the discretion of -the I implementation. +EVP_SIGNATURE_get0_description() returns a description of the I, +meant for display and human consumption. The description is at the +discretion of the I implementation. EVP_SIGNATURE_gettable_ctx_params() and EVP_SIGNATURE_settable_ctx_params() return a constant B array that describes the names and types of key diff --git a/doc/man3/EVP_SealInit.pod b/doc/man3/EVP_SealInit.pod index d2652f5cf9..8427fcc659 100644 --- a/doc/man3/EVP_SealInit.pod +++ b/doc/man3/EVP_SealInit.pod @@ -29,13 +29,13 @@ using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. B is an array of buffers where the public key encrypted secret key will be written, each buffer must contain enough room for the corresponding encrypted key: that is -B must have room for B bytes. The actual +B must have room for B bytes. The actual size of each encrypted secret key is written to the array B. B is an array of B public keys. The B parameter is a buffer where the generated IV is written to. It must contain enough room for the corresponding cipher's IV, as determined by (for -example) EVP_CIPHER_iv_length(type). +example) EVP_CIPHER_get_iv_length(type). If the cipher does not require an IV then the B parameter is ignored and can be B. diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index e98d1faf46..cf0663cf8e 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -35,11 +35,11 @@ same I to include additional data. EVP_SignFinal_ex() signs the data in I using the private key I and places the signature in I. The library context I and property query I are used when creating a context to use with the key -I. I must be at least C bytes in size. I is -an OUT parameter, and not used as an IN parameter. +I. I must be at least C bytes in size. +I is an OUT parameter, and not used as an IN parameter. The number of bytes of data written (i.e. the length of the signature) -will be written to the integer at I, at most C bytes -will be written. +will be written to the integer at I, at most C +bytes will be written. EVP_SignFinal() is similar to EVP_SignFinal_ex() but uses default values of NULL for the library context I and the property query I. @@ -89,7 +89,8 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function. =head1 SEE ALSO -L, L, L, +L, L, +L, L, L, L, L, L, diff --git a/doc/man3/OSSL_DECODER.pod b/doc/man3/OSSL_DECODER.pod index fed0da27f8..10917ed462 100644 --- a/doc/man3/OSSL_DECODER.pod +++ b/doc/man3/OSSL_DECODER.pod @@ -6,12 +6,12 @@ OSSL_DECODER, OSSL_DECODER_fetch, OSSL_DECODER_up_ref, OSSL_DECODER_free, -OSSL_DECODER_provider, -OSSL_DECODER_properties, +OSSL_DECODER_get0_provider, +OSSL_DECODER_get0_properties, OSSL_DECODER_is_a, -OSSL_DECODER_number, -OSSL_DECODER_name, -OSSL_DECODER_description, +OSSL_DECODER_get_number, +OSSL_DECODER_get0_name, +OSSL_DECODER_get0_description, OSSL_DECODER_do_all_provided, OSSL_DECODER_names_do_all, OSSL_DECODER_gettable_params, @@ -28,12 +28,12 @@ OSSL_DECODER_get_params const char *properties); int OSSL_DECODER_up_ref(OSSL_DECODER *decoder); void OSSL_DECODER_free(OSSL_DECODER *decoder); - const OSSL_PROVIDER *OSSL_DECODER_provider(const OSSL_DECODER *decoder); - const char *OSSL_DECODER_properties(const OSSL_DECODER *decoder); + const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *decoder); + const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder); int OSSL_DECODER_is_a(const OSSL_DECODER *decoder, const char *name); - int OSSL_DECODER_number(const OSSL_DECODER *decoder); - const char *OSSL_DECODER_name(const OSSL_DECODER *decoder); - const char *OSSL_DECODER_description(const OSSL_DECODER *decoder); + int OSSL_DECODER_get_number(const OSSL_DECODER *decoder); + const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder); + const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder); void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(OSSL_DECODER *decoder, void *arg), void *arg); @@ -64,21 +64,21 @@ I. OSSL_DECODER_free() decrements the reference count for the given I, and when the count reaches zero, frees it. -OSSL_DECODER_provider() returns the provider of the given +OSSL_DECODER_get0_provider() returns the provider of the given I. -OSSL_DECODER_properties() returns the property definition associated +OSSL_DECODER_get0_properties() returns the property definition associated with the given I. OSSL_DECODER_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -OSSL_DECODER_number() returns the internal dynamic number assigned +OSSL_DECODER_get_number() returns the internal dynamic number assigned to the given I. -OSSL_DECODER_number() returns the name used to fetch the given I. +OSSL_DECODER_get_number() returns the name used to fetch the given I. -OSSL_DECODER_description() returns a description of the I, meant +OSSL_DECODER_get0_description() returns a description of the I, meant for display and human consumption. The description is at the discretion of the I implementation. @@ -106,24 +106,24 @@ OSSL_DECODER_up_ref() returns 1 on success, or 0 on error. OSSL_DECODER_free() doesn't return any value. -OSSL_DECODER_provider() returns a pointer to a provider object, or +OSSL_DECODER_get0_provider() returns a pointer to a provider object, or NULL on error. -OSSL_DECODER_properties() returns a pointer to a property +OSSL_DECODER_get0_properties() returns a pointer to a property definition string, or NULL on error. OSSL_DECODER_is_a() returns 1 if I was identifiable, otherwise 0. -OSSL_DECODER_number() returns an integer. +OSSL_DECODER_get_number() returns an integer. -OSSL_DECODER_name() returns the algorithm name from the provided +OSSL_DECODER_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained by the I object and should not be freed by the caller. -OSSL_DECODER_description() returns a pointer to a decription, or NULL if +OSSL_DECODER_get0_description() returns a pointer to a decription, or NULL if there isn't one. OSSL_DECODER_names_do_all() returns 1 if the callback was called for all @@ -167,7 +167,7 @@ To list all decoders in a provider to a bio_out: for (i = 0; i < sk_OSSL_DECODER_num(decoders); i++) { OSSL_DECODER *decoder = sk_OSSL_DECODER_value(decoders, i); - if (strcmp(OSSL_PROVIDER_name(OSSL_DECODER_provider(decoder)), + if (strcmp(OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(decoder)), provider) != 0) continue; diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod index 9ad335653e..0ff37a3b82 100644 --- a/doc/man3/OSSL_ENCODER.pod +++ b/doc/man3/OSSL_ENCODER.pod @@ -6,12 +6,12 @@ OSSL_ENCODER, OSSL_ENCODER_fetch, OSSL_ENCODER_up_ref, OSSL_ENCODER_free, -OSSL_ENCODER_provider, -OSSL_ENCODER_properties, +OSSL_ENCODER_get0_provider, +OSSL_ENCODER_get0_properties, OSSL_ENCODER_is_a, -OSSL_ENCODER_number, -OSSL_ENCODER_name, -OSSL_ENCODER_description, +OSSL_ENCODER_get_number, +OSSL_ENCODER_get0_name, +OSSL_ENCODER_get0_description, OSSL_ENCODER_do_all_provided, OSSL_ENCODER_names_do_all, OSSL_ENCODER_gettable_params, @@ -28,12 +28,12 @@ OSSL_ENCODER_get_params const char *properties); int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder); void OSSL_ENCODER_free(OSSL_ENCODER *encoder); - const OSSL_PROVIDER *OSSL_ENCODER_provider(const OSSL_ENCODER *encoder); - const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder); + const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder); + const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder); int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name); - int OSSL_ENCODER_number(const OSSL_ENCODER *encoder); - const char *OSSL_ENCODER_name(const OSSL_ENCODER *encoder); - const char *OSSL_ENCODER_description(const OSSL_ENCODER *encoder); + int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder); + const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *encoder); + const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *encoder); void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(OSSL_ENCODER *encoder, void *arg), void *arg); @@ -64,21 +64,21 @@ I. OSSL_ENCODER_free() decrements the reference count for the given I, and when the count reaches zero, frees it. -OSSL_ENCODER_provider() returns the provider of the given +OSSL_ENCODER_get0_provider() returns the provider of the given I. -OSSL_ENCODER_properties() returns the property definition associated +OSSL_ENCODER_get0_properties() returns the property definition associated with the given I. OSSL_ENCODER_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -OSSL_ENCODER_number() returns the internal dynamic number assigned to +OSSL_ENCODER_get_number() returns the internal dynamic number assigned to the given I. -OSSL_ENCODER_number() returns the name used to fetch the given I. +OSSL_ENCODER_get_number() returns the name used to fetch the given I. -OSSL_ENCODER_description() returns a description of the I, meant +OSSL_ENCODER_get0_description() returns a description of the I, meant for display and human consumption. The description is at the discretion of the I implementation. @@ -107,24 +107,24 @@ OSSL_ENCODER_up_ref() returns 1 on success, or 0 on error. OSSL_ENCODER_free() doesn't return any value. -OSSL_ENCODER_provider() returns a pointer to a provider object, or +OSSL_ENCODER_get0_provider() returns a pointer to a provider object, or NULL on error. -OSSL_ENCODER_properties() returns a pointer to a property +OSSL_ENCODER_get0_properties() returns a pointer to a property definition string, or NULL on error. OSSL_ENCODER_is_a() returns 1 of I was identifiable, otherwise 0. -OSSL_ENCODER_number() returns an integer. +OSSL_ENCODER_get_number() returns an integer. -OSSL_ENCODER_name() returns the algorithm name from the provided +OSSL_ENCODER_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained by the I object and should not be freed by the caller. -OSSL_ENCODER_description() returns a pointer to a decription, or NULL if +OSSL_ENCODER_get0_description() returns a pointer to a decription, or NULL if there isn't one. OSSL_ENCODER_names_do_all() returns 1 if the callback was called for all diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index 391084e68e..2b014c4671 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -8,7 +8,7 @@ OSSL_PROVIDER_available, OSSL_PROVIDER_do_all, OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation, OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_get0_dispatch, -OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name, OSSL_PROVIDER_get_capabilities, +OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_get0_name, OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test - provider routines @@ -45,7 +45,7 @@ OSSL_PROVIDER_self_test int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name, ossl_provider_init_fn *init_fn); - const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); + const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, const char *capability, @@ -140,7 +140,7 @@ If it is permissible to cache references to this array then I<*no_store> is set to 0 or 1 otherwise. If the array is not cacheable then it is assumed to have a short lifetime. -OSSL_PROVIDER_name() returns the name of the given provider. +OSSL_PROVIDER_get0_name() returns the name of the given provider. OSSL_PROVIDER_get_capabilities() provides information about the capabilities supported by the provider specified in I with the capability name diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 7413104079..1d790fa6d7 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -6,11 +6,11 @@ OSSL_STORE_LOADER, OSSL_STORE_LOADER_fetch, OSSL_STORE_LOADER_up_ref, OSSL_STORE_LOADER_free, -OSSL_STORE_LOADER_provider, -OSSL_STORE_LOADER_properties, +OSSL_STORE_LOADER_get0_provider, +OSSL_STORE_LOADER_get0_properties, OSSL_STORE_LOADER_is_a, -OSSL_STORE_LOADER_number, -OSSL_STORE_LOADER_description, +OSSL_STORE_LOADER_get_number, +OSSL_STORE_LOADER_get0_description, OSSL_STORE_LOADER_do_all_provided, OSSL_STORE_LOADER_names_do_all, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, @@ -39,11 +39,11 @@ unregister STORE loaders for different URI schemes const char *properties); int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader); void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); - const OSSL_PROVIDER *OSSL_STORE_LOADER_provider(const OSSL_STORE_LOADER * + const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER * loader); - const char *OSSL_STORE_LOADER_properties(const OSSL_STORE_LOADER *loader); - int OSSL_STORE_LOADER_number(const OSSL_STORE_LOADER *loader); - const char *OSSL_STORE_LOADER_description(const OSSL_STORE_LOADER *loader); + const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader); + int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader); + const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader); int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, const char *scheme); void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, @@ -129,19 +129,19 @@ I. OSSL_STORE_LOADER_free() decrements the reference count for the given I, and when the count reaches zero, frees it. -OSSL_STORE_LOADER_provider() returns the provider of the given +OSSL_STORE_LOADER_get0_provider() returns the provider of the given I. -OSSL_STORE_LOADER_properties() returns the property definition associated +OSSL_STORE_LOADER_get0_properties() returns the property definition associated with the given I. OSSL_STORE_LOADER_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -OSSL_STORE_LOADER_number() returns the internal dynamic number assigned +OSSL_STORE_LOADER_get_number() returns the internal dynamic number assigned to the given I. -OSSL_STORE_LOADER_description() returns a description of the I, meant +OSSL_STORE_LOADER_get0_description() returns a description of the I, meant for display and human consumption. The description is at the discretion of the I implementation. @@ -323,18 +323,18 @@ names. A return value of 0 means that the callback was not called for any names. OSSL_STORE_LOADER_free() doesn't return any value. -OSSL_STORE_LOADER_provider() returns a pointer to a provider object, or +OSSL_STORE_LOADER_get0_provider() returns a pointer to a provider object, or NULL on error. -OSSL_STORE_LOADER_properties() returns a pointer to a property +OSSL_STORE_LOADER_get0_properties() returns a pointer to a property definition string, or NULL on error. OSSL_STORE_LOADER_is_a() returns 1 if I was identifiable, otherwise 0. -OSSL_STORE_LOADER_number() returns an integer. +OSSL_STORE_LOADER_get_number() returns an integer. -OSSL_STORE_LOADER_description() returns a pointer to a decription, or NULL if +OSSL_STORE_LOADER_get0_description() returns a pointer to a decription, or NULL if there isn't one. The functions with the types B, @@ -365,9 +365,9 @@ L =head1 HISTORY OSSL_STORE_LOADER_fetch(), OSSL_STORE_LOADER_up_ref(), -OSSL_STORE_LOADER_free(), OSSL_STORE_LOADER_provider(), -OSSL_STORE_LOADER_properties(), OSSL_STORE_LOADER_is_a(), -OSSL_STORE_LOADER_number(), OSSL_STORE_LOADER_do_all_provided() and +OSSL_STORE_LOADER_free(), OSSL_STORE_LOADER_get0_provider(), +OSSL_STORE_LOADER_get0_properties(), OSSL_STORE_LOADER_is_a(), +OSSL_STORE_LOADER_get_number(), OSSL_STORE_LOADER_do_all_provided() and OSSL_STORE_LOADER_names_do_all() were added in OpenSSL 3.0. OSSL_STORE_open_ex_fn() was added in OpenSSL 3.0. diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index c053d03a21..9df61892fd 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -420,8 +420,8 @@ The pseudo code to derive the key would look similar to: EVP_CIPHER* cipher = EVP_des_ede3_cbc(); EVP_MD* md = EVP_md5(); - unsigned int nkey = EVP_CIPHER_key_length(cipher); - unsigned int niv = EVP_CIPHER_iv_length(cipher); + unsigned int nkey = EVP_CIPHER_get_key_length(cipher); + unsigned int niv = EVP_CIPHER_get_iv_length(cipher); unsigned char key[nkey]; unsigned char iv[niv]; diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod index 6e3451f22c..bed88106e2 100644 --- a/doc/man3/RSA_size.pod +++ b/doc/man3/RSA_size.pod @@ -25,8 +25,8 @@ RSA_bits() returns the number of significant bits. B and Bn> must not be B. The remaining functions described on this page are deprecated. -Applications should instead use L, L -and L. +Applications should instead use L, L +and L. RSA_size() returns the RSA modulus size in bytes. It can be used to determine how much memory must be allocated for an RSA encrypted diff --git a/doc/man7/EVP_MD-common.pod b/doc/man7/EVP_MD-common.pod index 58d8ed5641..4e0dbb6cd4 100644 --- a/doc/man7/EVP_MD-common.pod +++ b/doc/man7/EVP_MD-common.pod @@ -18,14 +18,14 @@ The digest block size. The length of the "blocksize" parameter should not exceed that of a B. -This value can also be retrieved with L. +This value can also be retrieved with L. =item "size" (B) The digest output size. The length of the "size" parameter should not exceed that of a B. -This value can also be retrieved with L. +This value can also be retrieved with L. =item "flags" (B) @@ -42,7 +42,7 @@ EVP_MD_FLAG_FIPS isn't relevant any more. =end comment -This value can also be retrieved with L. +This value can also be retrieved with L. =back diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod index b45404cce0..78fb8f8f37 100644 --- a/doc/man7/crypto.pod +++ b/doc/man7/crypto.pod @@ -390,7 +390,7 @@ encryption/decryption, signatures, message authentication codes, etc. goto err; /* Allocate the output buffer */ - outdigest = OPENSSL_malloc(EVP_MD_size(sha256)); + outdigest = OPENSSL_malloc(EVP_MD_get_size(sha256)); if (outdigest == NULL) goto err; diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod index 3fdbfc0386..8133f01eaf 100644 --- a/doc/man7/fips_module.pod +++ b/doc/man7/fips_module.pod @@ -445,8 +445,10 @@ provider that implements it. The process is similar for all algorithms. Here the example of a digest is used. To go from an B to an B, use L . -To go from the B to its B, use L. -To extract the name from the B, use L. +To go from the B to its B, +use L. +To extract the name from the B, use +L. =head1 SEE ALSO diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index b230eb7839..e2d21a9540 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -1203,7 +1203,8 @@ Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB", DH_bits(), DH_security_bits(), DH_size() -Use L, L and L. +Use L, L and +L. =item - @@ -1284,7 +1285,8 @@ See L DSA_bits(), DSA_security_bits(), DSA_size() -Use L, L and L. +Use L, L and +L. =item - @@ -1376,7 +1378,7 @@ See L. ECDSA_size() -Applications should use L. +Applications should use L. =item - @@ -1900,7 +1902,8 @@ The RIPE algorithm has been moved to the L. RSA_bits(), RSA_security_bits(), RSA_size() -Use L, L and L. +Use L, L and +L. =item - diff --git a/engines/e_afalg.c b/engines/e_afalg.c index db73873911..93b3b3f02e 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -564,7 +564,7 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 0; } - ciphertype = EVP_CIPHER_CTX_nid(ctx); + ciphertype = EVP_CIPHER_CTX_get_nid(ctx); switch (ciphertype) { case NID_aes_128_cbc: case NID_aes_192_cbc: @@ -577,9 +577,9 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 0; } - if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) { + if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_get_iv_length(ctx)) { ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__, - EVP_CIPHER_CTX_iv_length(ctx)); + EVP_CIPHER_CTX_get_iv_length(ctx)); return 0; } @@ -589,7 +589,7 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 0; - ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx)); + ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_get_key_length(ctx)); if (ret < 1) goto err; @@ -635,14 +635,14 @@ static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * set iv now for decrypt operation as the input buffer can be * overwritten for inplace operation where in = out. */ - if (EVP_CIPHER_CTX_encrypting(ctx) == 0) { + if (EVP_CIPHER_CTX_is_encrypting(ctx) == 0) { memcpy(nxtiv, in + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN); } /* Send input data to kernel space */ ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl, EVP_CIPHER_CTX_iv(ctx), - EVP_CIPHER_CTX_encrypting(ctx)); + EVP_CIPHER_CTX_is_encrypting(ctx)); if (ret < 1) { return 0; } @@ -652,7 +652,7 @@ static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (ret < 1) return 0; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN); } else { diff --git a/engines/e_dasync.c b/engines/e_dasync.c index 4eb50d055c..9866459103 100644 --- a/engines/e_dasync.c +++ b/engines/e_dasync.c @@ -96,7 +96,7 @@ static int dasync_digest_nids(const int **nids) if (!init) { const EVP_MD *md; if ((md = dasync_sha1()) != NULL) - digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos++] = EVP_MD_get_type(md); digest_nids[pos] = 0; init = 1; } @@ -627,7 +627,7 @@ static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg, len = p[arg - 2] << 8 | p[arg - 1]; - if (EVP_CIPHER_CTX_encrypting(ctx)) { + if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { if (len < AES_BLOCK_SIZE) return 0; diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c index d279b601f5..fa01317db5 100644 --- a/engines/e_devcrypto.c +++ b/engines/e_devcrypto.c @@ -207,7 +207,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, struct cipher_ctx *cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); const struct cipher_data_st *cipher_d = - get_cipher_data(EVP_CIPHER_CTX_nid(ctx)); + get_cipher_data(EVP_CIPHER_CTX_get_nid(ctx)); int ret; /* cleanup a previous session */ @@ -260,12 +260,12 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #if !defined(COP_FLAG_WRITE_IV) cryp.flags = 0; - ivlen = EVP_CIPHER_CTX_iv_length(ctx); + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (ivlen > 0) switch (cipher_ctx->mode) { case EVP_CIPH_CBC_MODE: assert(inl >= ivlen); - if (!EVP_CIPHER_CTX_encrypting(ctx)) { + if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { ivptr = in + inl - ivlen; memcpy(saved_iv, ivptr, ivlen); } @@ -291,7 +291,7 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, switch (cipher_ctx->mode) { case EVP_CIPH_CBC_MODE: assert(inl >= ivlen); - if (EVP_CIPHER_CTX_encrypting(ctx)) + if (EVP_CIPHER_CTX_is_encrypting(ctx)) ivptr = out + inl - ivlen; else ivptr = saved_iv; @@ -610,7 +610,7 @@ static int cryptodev_select_cipher_cb(const char *str, int len, void *usr) EVP = EVP_get_cipherbyname(name); if (EVP == NULL) fprintf(stderr, "devcrypto: unknown cipher %s\n", name); - else if ((i = find_cipher_data_index(EVP_CIPHER_nid(EVP))) != (size_t)-1) + else if ((i = find_cipher_data_index(EVP_CIPHER_get_nid(EVP))) != (size_t)-1) cipher_list[i] = 1; else fprintf(stderr, "devcrypto: cipher %s not available\n", name); @@ -746,9 +746,9 @@ static const struct digest_data_st *get_digest_data(int nid) static int digest_init(EVP_MD_CTX *ctx) { struct digest_ctx *digest_ctx = - (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); + (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); const struct digest_data_st *digest_d = - get_digest_data(EVP_MD_CTX_type(ctx)); + get_digest_data(EVP_MD_CTX_get_type(ctx)); digest_ctx->init_called = 1; @@ -779,7 +779,7 @@ static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen, static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) { struct digest_ctx *digest_ctx = - (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); + (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); if (count == 0) return 1; @@ -801,13 +801,13 @@ static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) { struct digest_ctx *digest_ctx = - (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); + (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); if (md == NULL || digest_ctx == NULL) return 0; if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) { - memcpy(md, digest_ctx->digest_res, EVP_MD_CTX_size(ctx)); + memcpy(md, digest_ctx->digest_res, EVP_MD_CTX_get_size(ctx)); } else if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) { ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()"); return 0; @@ -819,9 +819,9 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md) static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) { struct digest_ctx *digest_from = - (struct digest_ctx *)EVP_MD_CTX_md_data(from); + (struct digest_ctx *)EVP_MD_CTX_get0_md_data(from); struct digest_ctx *digest_to = - (struct digest_ctx *)EVP_MD_CTX_md_data(to); + (struct digest_ctx *)EVP_MD_CTX_get0_md_data(to); struct cphash_op cphash; if (digest_from == NULL || digest_from->init_called != 1) @@ -844,7 +844,7 @@ static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) static int digest_cleanup(EVP_MD_CTX *ctx) { struct digest_ctx *digest_ctx = - (struct digest_ctx *)EVP_MD_CTX_md_data(ctx); + (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx); if (digest_ctx == NULL) return 1; @@ -1040,7 +1040,7 @@ static int cryptodev_select_digest_cb(const char *str, int len, void *usr) EVP = EVP_get_digestbyname(name); if (EVP == NULL) fprintf(stderr, "devcrypto: unknown digest %s\n", name); - else if ((i = find_digest_data_index(EVP_MD_type(EVP))) != (size_t)-1) + else if ((i = find_digest_data_index(EVP_MD_get_type(EVP))) != (size_t)-1) digest_list[i] = 1; else fprintf(stderr, "devcrypto: digest %s not available\n", name); diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index 15a7d75f1e..57dfb13ba1 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -226,15 +226,15 @@ static int ossltest_digest_nids(const int **nids) if (!init) { const EVP_MD *md; if ((md = digest_md5()) != NULL) - digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos++] = EVP_MD_get_type(md); if ((md = digest_sha1()) != NULL) - digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos++] = EVP_MD_get_type(md); if ((md = digest_sha256()) != NULL) - digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos++] = EVP_MD_get_type(md); if ((md = digest_sha384()) != NULL) - digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos++] = EVP_MD_get_type(md); if ((md = digest_sha512()) != NULL) - digest_nids[pos++] = EVP_MD_type(md); + digest_nids[pos++] = EVP_MD_get_type(md); digest_nids[pos] = 0; init = 1; } @@ -279,7 +279,7 @@ static const EVP_CIPHER *ossltest_aes_128_cbc(void) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, ossltest_aes128_cbc_cipher) || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, - EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) { + EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc); _hidden_aes_128_cbc = NULL; } @@ -308,7 +308,7 @@ static const EVP_CIPHER *ossltest_aes_128_gcm(void) || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm, ossltest_aes128_gcm_ctrl) || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm, - EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) { + EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) { EVP_CIPHER_meth_free(_hidden_aes_128_gcm); _hidden_aes_128_gcm = NULL; } diff --git a/engines/e_padlock.c b/engines/e_padlock.c index 572ff90935..a22fc476e6 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -324,13 +324,13 @@ padlock_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx); size_t chunk; - if ((chunk = EVP_CIPHER_CTX_num(ctx))) { /* borrow chunk variable */ + if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */ unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx); if (chunk >= AES_BLOCK_SIZE) return 0; /* bogus value */ - if (EVP_CIPHER_CTX_encrypting(ctx)) + if (EVP_CIPHER_CTX_is_encrypting(ctx)) while (chunk < AES_BLOCK_SIZE && nbytes != 0) { ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk]; chunk++, nbytes--; @@ -398,7 +398,7 @@ padlock_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, /* * ctx->num is maintained in byte-oriented modes, such as CFB and OFB... */ - if ((chunk = EVP_CIPHER_CTX_num(ctx))) { /* borrow chunk variable */ + if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */ unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx); if (chunk >= AES_BLOCK_SIZE) @@ -457,7 +457,7 @@ padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, const unsigned char *in_arg, size_t nbytes) { struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx); - unsigned int num = EVP_CIPHER_CTX_num(ctx); + unsigned int num = EVP_CIPHER_CTX_get_num(ctx); CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes, cdata, EVP_CIPHER_CTX_iv_noconst(ctx), @@ -600,8 +600,8 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { struct padlock_cipher_data *cdata; - int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8; - unsigned long mode = EVP_CIPHER_CTX_mode(ctx); + int key_len = EVP_CIPHER_CTX_get_key_length(ctx) * 8; + unsigned long mode = EVP_CIPHER_CTX_get_mode(ctx); if (key == NULL) return 0; /* ERROR */ @@ -613,7 +613,7 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CTR_MODE) cdata->cword.b.encdec = 0; else - cdata->cword.b.encdec = (EVP_CIPHER_CTX_encrypting(ctx) == 0); + cdata->cword.b.encdec = (EVP_CIPHER_CTX_is_encrypting(ctx) == 0); cdata->cword.b.rounds = 10 + (key_len - 128) / 32; cdata->cword.b.ksize = (key_len - 128) / 64; diff --git a/include/crypto/evp.h b/include/crypto/evp.h index ea61b83469..ce772dbec1 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -371,7 +371,7 @@ struct evp_cipher_st { static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ BLOCK_CIPHER_ecb_loop() \ - cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \ + cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \ return 1;\ } @@ -381,7 +381,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ while(inl>=EVP_MAXCHUNK) {\ - int num = EVP_CIPHER_CTX_num(ctx);\ + int num = EVP_CIPHER_CTX_get_num(ctx);\ cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ EVP_CIPHER_CTX_set_num(ctx, num);\ inl-=EVP_MAXCHUNK;\ @@ -389,7 +389,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns out+=EVP_MAXCHUNK;\ }\ if (inl) {\ - int num = EVP_CIPHER_CTX_num(ctx);\ + int num = EVP_CIPHER_CTX_get_num(ctx);\ cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ EVP_CIPHER_CTX_set_num(ctx, num);\ }\ @@ -401,13 +401,13 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns {\ while(inl>=EVP_MAXCHUNK) \ {\ - cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\ + cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ inl-=EVP_MAXCHUNK;\ in +=EVP_MAXCHUNK;\ out+=EVP_MAXCHUNK;\ }\ if (inl)\ - cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\ + cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ return 1;\ } @@ -419,13 +419,13 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (inl < chunk) chunk = inl;\ while (inl && inl >= chunk)\ {\ - int num = EVP_CIPHER_CTX_num(ctx);\ + int num = EVP_CIPHER_CTX_get_num(ctx);\ cprefix##_cfb##cbits##_encrypt(in, out, (long) \ ((cbits == 1) \ && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ ? chunk*8 : chunk), \ &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\ - &num, EVP_CIPHER_CTX_encrypting(ctx));\ + &num, EVP_CIPHER_CTX_is_encrypting(ctx));\ EVP_CIPHER_CTX_set_num(ctx, num);\ inl -= chunk;\ in += chunk;\ diff --git a/include/internal/packet.h b/include/internal/packet.h index 108c65aad0..170997db60 100644 --- a/include/internal/packet.h +++ b/include/internal/packet.h @@ -800,7 +800,7 @@ int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, * signature may not be known in advance. We can use WPACKET_reserve_bytes() to * handle this: * - * if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_size(pkey), &sigbytes1) + * if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_get_size(pkey), &sigbytes1) * || EVP_SignFinal(md_ctx, sigbytes1, &siglen, pkey) <= 0 * || !WPACKET_sub_allocate_bytes_u16(&pkt, siglen, &sigbytes2) * || sigbytes1 != sigbytes2) diff --git a/include/openssl/decoder.h b/include/openssl/decoder.h index afe4988fdb..a939d0dcb1 100644 --- a/include/openssl/decoder.h +++ b/include/openssl/decoder.h @@ -31,11 +31,11 @@ OSSL_DECODER *OSSL_DECODER_fetch(OSSL_LIB_CTX *libctx, const char *name, int OSSL_DECODER_up_ref(OSSL_DECODER *encoder); void OSSL_DECODER_free(OSSL_DECODER *encoder); -const OSSL_PROVIDER *OSSL_DECODER_provider(const OSSL_DECODER *encoder); -const char *OSSL_DECODER_properties(const OSSL_DECODER *encoder); -int OSSL_DECODER_number(const OSSL_DECODER *encoder); -const char *OSSL_DECODER_name(const OSSL_DECODER *decoder); -const char *OSSL_DECODER_description(const OSSL_DECODER *decoder); +const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *encoder); +const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *encoder); +int OSSL_DECODER_get_number(const OSSL_DECODER *encoder); +const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder); +const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder); int OSSL_DECODER_is_a(const OSSL_DECODER *encoder, const char *name); void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, diff --git a/include/openssl/encoder.h b/include/openssl/encoder.h index 4e2c5fe23c..62560ba3c2 100644 --- a/include/openssl/encoder.h +++ b/include/openssl/encoder.h @@ -31,11 +31,11 @@ OSSL_ENCODER *OSSL_ENCODER_fetch(OSSL_LIB_CTX *libctx, const char *name, int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder); void OSSL_ENCODER_free(OSSL_ENCODER *encoder); -const OSSL_PROVIDER *OSSL_ENCODER_provider(const OSSL_ENCODER *encoder); -const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder); -int OSSL_ENCODER_number(const OSSL_ENCODER *encoder); -const char *OSSL_ENCODER_name(const OSSL_ENCODER *kdf); -const char *OSSL_ENCODER_description(const OSSL_ENCODER *kdf); +const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder); +const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder); +int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder); +const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *kdf); +const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *kdf); int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name); void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, diff --git a/include/openssl/evp.h b/include/openssl/evp.h index ee918104a8..3f5693824c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -528,20 +528,26 @@ typedef int (EVP_PBE_KEYGEN_EX) (EVP_CIPHER_CTX *ctx, const char *pass, # define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) # define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) -int EVP_MD_type(const EVP_MD *md); -# define EVP_MD_nid(e) EVP_MD_type(e) -const char *EVP_MD_name(const EVP_MD *md); -const char *EVP_MD_description(const EVP_MD *md); -int EVP_MD_number(const EVP_MD *md); +int EVP_MD_get_type(const EVP_MD *md); +# define EVP_MD_type EVP_MD_get_type +# define EVP_MD_nid EVP_MD_get_type +const char *EVP_MD_get0_name(const EVP_MD *md); +# define EVP_MD_name EVP_MD_get0_name +const char *EVP_MD_get0_description(const EVP_MD *md); +int EVP_MD_get_number(const EVP_MD *md); int EVP_MD_is_a(const EVP_MD *md, const char *name); int EVP_MD_names_do_all(const EVP_MD *md, void (*fn)(const char *name, void *data), void *data); -const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); -int EVP_MD_pkey_type(const EVP_MD *md); -int EVP_MD_size(const EVP_MD *md); -int EVP_MD_block_size(const EVP_MD *md); -unsigned long EVP_MD_flags(const EVP_MD *md); +const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md); +int EVP_MD_get_pkey_type(const EVP_MD *md); +# define EVP_MD_pkey_type EVP_MD_get_pkey_type +int EVP_MD_get_size(const EVP_MD *md); +# define EVP_MD_size EVP_MD_get_size +int EVP_MD_get_block_size(const EVP_MD *md); +# define EVP_MD_block_size EVP_MD_get_block_size +unsigned long EVP_MD_get_flags(const EVP_MD *md); +# define EVP_MD_flags EVP_MD_get_flags const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx); EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); @@ -556,29 +562,43 @@ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count)); # endif -# define EVP_MD_CTX_name(e) EVP_MD_name(EVP_MD_CTX_get0_md(e)) -# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_get0_md(e)) -# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_get0_md(e)) -# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_get0_md(e)) -EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +# define EVP_MD_CTX_get0_name(e) EVP_MD_get0_name(EVP_MD_CTX_get0_md(e)) +# define EVP_MD_CTX_get_size(e) EVP_MD_get_size(EVP_MD_CTX_get0_md(e)) +# define EVP_MD_CTX_size EVP_MD_CTX_get_size +# define EVP_MD_CTX_get_block_size(e) EVP_MD_get_block_size(EVP_MD_CTX_get0_md(e)) +# define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size +# define EVP_MD_CTX_get_type(e) EVP_MD_get_type(EVP_MD_CTX_get0_md(e)) +# define EVP_MD_CTX_type EVP_MD_CTX_get_type +EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx); +# define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); -void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); - -int EVP_CIPHER_nid(const EVP_CIPHER *cipher); -const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); -const char *EVP_CIPHER_description(const EVP_CIPHER *cipher); -int EVP_CIPHER_number(const EVP_CIPHER *cipher); +void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); +# define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data + +int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher); +# define EVP_CIPHER_nid EVP_CIPHER_get_nid +const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); +# define EVP_CIPHER_name EVP_CIPHER_get0_name +const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); +int EVP_CIPHER_get_number(const EVP_CIPHER *cipher); int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, void (*fn)(const char *name, void *data), void *data); -const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); -int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); +int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher); +# define EVP_CIPHER_block_size EVP_CIPHER_get_block_size int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); -int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); -int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); -unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); -int EVP_CIPHER_mode(const EVP_CIPHER *cipher); +int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher); +# define EVP_CIPHER_key_length EVP_CIPHER_get_key_length +int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher); +# define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length +unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher); +# define EVP_CIPHER_flags EVP_CIPHER_get_flags +int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher); +# define EVP_CIPHER_mode EVP_CIPHER_get_mode +int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); +# define EVP_CIPHER_type EVP_CIPHER_get_type EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); int EVP_CIPHER_up_ref(EVP_CIPHER *cipher); @@ -586,12 +606,18 @@ void EVP_CIPHER_free(EVP_CIPHER *cipher); const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting +int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid +int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size +int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length +int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length +int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length # ifndef OPENSSL_NO_DEPRECATED_3_0 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); @@ -601,19 +627,22 @@ OSSL_DEPRECATEDIN_3_0 unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *c int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); +# define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); -# define EVP_CIPHER_CTX_name(c) EVP_CIPHER_name(EVP_CIPHER_CTX_get0_cipher(c)) -# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_get0_cipher(c)) +# define EVP_CIPHER_CTX_get0_name(c) EVP_CIPHER_get0_name(EVP_CIPHER_CTX_get0_cipher(c)) +# define EVP_CIPHER_CTX_get_type(c) EVP_CIPHER_get_type(EVP_CIPHER_CTX_get0_cipher(c)) +# define EVP_CIPHER_CTX_type EVP_CIPHER_CTX_get_type # ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(c)) +# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(c)) # endif -# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_get0_cipher(c)) +# define EVP_CIPHER_CTX_get_mode(c) EVP_CIPHER_get_mode(EVP_CIPHER_CTX_get0_cipher(c)) +# define EVP_CIPHER_CTX_mode EVP_CIPHER_CTX_get_mode # define EVP_ENCODE_LENGTH(l) ((((l)+2)/3*4)+((l)/48+1)*2+80) # define EVP_DECODE_LENGTH(l) (((l)+3)/4*3+80) @@ -1164,17 +1193,17 @@ EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties); int EVP_MAC_up_ref(EVP_MAC *mac); void EVP_MAC_free(EVP_MAC *mac); -int EVP_MAC_number(const EVP_MAC *mac); -const char *EVP_MAC_name(const EVP_MAC *mac); -const char *EVP_MAC_description(const EVP_MAC *mac); +int EVP_MAC_get_number(const EVP_MAC *mac); +const char *EVP_MAC_get0_name(const EVP_MAC *mac); +const char *EVP_MAC_get0_description(const EVP_MAC *mac); int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); -const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); +const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac); int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); -EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); +EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx); int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); @@ -1209,16 +1238,16 @@ EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties); int EVP_RAND_up_ref(EVP_RAND *rand); void EVP_RAND_free(EVP_RAND *rand); -int EVP_RAND_number(const EVP_RAND *rand); -const char *EVP_RAND_name(const EVP_RAND *rand); -const char *EVP_RAND_description(const EVP_RAND *md); +int EVP_RAND_get_number(const EVP_RAND *rand); +const char *EVP_RAND_get0_name(const EVP_RAND *rand); +const char *EVP_RAND_get0_description(const EVP_RAND *md); int EVP_RAND_is_a(const EVP_RAND *rand, const char *name); -const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand); +const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand); int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]); EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent); void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx); -EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx); +EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx); int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]); int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]); const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand); @@ -1250,15 +1279,15 @@ __owur int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen); __owur int EVP_RAND_enable_locking(EVP_RAND_CTX *ctx); int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx); -unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx); -int EVP_RAND_state(EVP_RAND_CTX *ctx); +unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx); +int EVP_RAND_get_state(EVP_RAND_CTX *ctx); -#define EVP_RAND_STATE_UNINITIALISED 0 -#define EVP_RAND_STATE_READY 1 -#define EVP_RAND_STATE_ERROR 2 +# define EVP_RAND_STATE_UNINITIALISED 0 +# define EVP_RAND_STATE_READY 1 +# define EVP_RAND_STATE_ERROR 2 /* PKEY stuff */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key, int enc_key_len, @@ -1266,17 +1295,22 @@ OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_decrypt_old(unsigned char *dec_key, OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_encrypt_old(unsigned char *enc_key, const unsigned char *key, int key_len, EVP_PKEY *pub_key); -#endif +# endif int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name); int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey, void (*fn)(const char *name, void *data), void *data); int EVP_PKEY_type(int type); -int EVP_PKEY_id(const EVP_PKEY *pkey); -int EVP_PKEY_base_id(const EVP_PKEY *pkey); -int EVP_PKEY_bits(const EVP_PKEY *pkey); -int EVP_PKEY_security_bits(const EVP_PKEY *pkey); -int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_get_id(const EVP_PKEY *pkey); +# define EVP_PKEY_id EVP_PKEY_get_id +int EVP_PKEY_get_base_id(const EVP_PKEY *pkey); +# define EVP_PKEY_base_id EVP_PKEY_get_base_id +int EVP_PKEY_get_bits(const EVP_PKEY *pkey); +# define EVP_PKEY_bits EVP_PKEY_get_bits +int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey); +# define EVP_PKEY_security_bits EVP_PKEY_get_security_bits +int EVP_PKEY_get_size(const EVP_PKEY *pkey); +# define EVP_PKEY_size EVP_PKEY_get_size int EVP_PKEY_can_sign(const EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); @@ -1343,7 +1377,7 @@ EVP_PKEY *EVP_PKEY_new(void); int EVP_PKEY_up_ref(EVP_PKEY *pkey); EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); void EVP_PKEY_free(EVP_PKEY *pkey); -const char *EVP_PKEY_description(const EVP_PKEY *pkey); +const char *EVP_PKEY_get0_description(const EVP_PKEY *pkey); EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length); @@ -1425,8 +1459,6 @@ int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub); -int EVP_CIPHER_type(const EVP_CIPHER *cipher); - /* calls methods */ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); @@ -1722,10 +1754,10 @@ EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); -const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); -const char *EVP_KEYMGMT_name(const EVP_KEYMGMT *keymgmt); -const char *EVP_KEYMGMT_description(const EVP_KEYMGMT *keymgmt); -int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt); +const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt); +const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt); +const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt); +int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt); int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), @@ -1804,13 +1836,13 @@ void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); -OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); +OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature); EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); -int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature); -const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature); -const char *EVP_SIGNATURE_description(const EVP_SIGNATURE *signature); +int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature); +const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); +const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature); void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_SIGNATURE *signature, void *data), @@ -1823,13 +1855,13 @@ const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig); void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); -OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher); +OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher); EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); -int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher); -const char *EVP_ASYM_CIPHER_name(const EVP_ASYM_CIPHER *cipher); -const char *EVP_ASYM_CIPHER_description(const EVP_ASYM_CIPHER *cipher); +int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher); +const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher); +const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher); void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_ASYM_CIPHER *cipher, void *arg), @@ -1842,13 +1874,13 @@ const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip void EVP_KEM_free(EVP_KEM *wrap); int EVP_KEM_up_ref(EVP_KEM *wrap); -OSSL_PROVIDER *EVP_KEM_provider(const EVP_KEM *wrap); +OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *wrap); EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); int EVP_KEM_is_a(const EVP_KEM *wrap, const char *name); -int EVP_KEM_number(const EVP_KEM *wrap); -const char *EVP_KEM_name(const EVP_KEM *wrap); -const char *EVP_KEM_description(const EVP_KEM *wrap); +int EVP_KEM_get_number(const EVP_KEM *wrap); +const char *EVP_KEM_get0_name(const EVP_KEM *wrap); +const char *EVP_KEM_get0_description(const EVP_KEM *wrap); void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEM *wrap, void *arg), void *arg); int EVP_KEM_names_do_all(const EVP_KEM *wrap, @@ -2109,11 +2141,11 @@ void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); -OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange); +OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange); int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name); -int EVP_KEYEXCH_number(const EVP_KEYEXCH *keyexch); -const char *EVP_KEYEXCH_name(const EVP_KEYEXCH *keyexch); -const char *EVP_KEYEXCH_description(const EVP_KEYEXCH *keyexch); +int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *keyexch); +const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch); +const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch); void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYEXCH *keyexch, void *data), void *data); diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index 96a25ff7c1..2cc4fc4ad2 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -33,11 +33,11 @@ EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); -int EVP_KDF_number(const EVP_KDF *kdf); -const char *EVP_KDF_description(const EVP_KDF *kdf); +int EVP_KDF_get_number(const EVP_KDF *kdf); +const char *EVP_KDF_get0_description(const EVP_KDF *kdf); int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); -const char *EVP_KDF_name(const EVP_KDF *kdf); -const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); +const char *EVP_KDF_get0_name(const EVP_KDF *kdf); +const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx); @@ -114,7 +114,8 @@ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, const unsigned char *info, int infolen); -int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode); +int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode); +# define EVP_PKEY_CTX_hkdf_mode EVP_PKEY_CTX_set_hkdf_mode int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass, int passlen); diff --git a/include/openssl/provider.h b/include/openssl/provider.h index e66d5324af..dc86ff5878 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -51,7 +51,7 @@ int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *, const char *name, OSSL_provider_init_fn *init_fn); /* Information */ -const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); +const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov); # ifdef __cplusplus } diff --git a/include/openssl/store.h b/include/openssl/store.h index d5703d5040..746bb0321e 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -258,11 +258,11 @@ OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(const char *scheme, const char *properties); int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader); void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); -const OSSL_PROVIDER *OSSL_STORE_LOADER_provider(const OSSL_STORE_LOADER * +const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER * loader); -const char *OSSL_STORE_LOADER_properties(const OSSL_STORE_LOADER *loader); -int OSSL_STORE_LOADER_number(const OSSL_STORE_LOADER *loader); -const char *OSSL_STORE_LOADER_description(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader); +int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader); +const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader); int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, const char *scheme); void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 1b89cc82ae..d411767205 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -285,7 +285,7 @@ static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_SELF_TEST *st, if (drbg == NULL) goto err; - strength = EVP_RAND_strength(drbg); + strength = EVP_RAND_get_strength(drbg); drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name, t->param_value, 0); diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 354c234939..7b534e76ed 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -371,7 +371,7 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST); if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->oaep_md == NULL ? "" - : EVP_MD_name(prsactx->oaep_md))) + : EVP_MD_get0_name(prsactx->oaep_md))) return 0; p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST); @@ -381,7 +381,7 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) if (!OSSL_PARAM_set_utf8_string(p, mgf1_md == NULL ? "" - : EVP_MD_name(mgf1_md))) + : EVP_MD_get0_name(mgf1_md))) return 0; } diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c index a855a36d20..c9dba32ffb 100644 --- a/providers/implementations/asymciphers/sm2_enc.c +++ b/providers/implementations/asymciphers/sm2_enc.c @@ -164,7 +164,7 @@ static int sm2_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params) const EVP_MD *md = ossl_prov_digest_md(&psm2ctx->md); if (!OSSL_PARAM_set_utf8_string(p, md == NULL ? "" - : EVP_MD_name(md))) + : EVP_MD_get0_name(md))) return 0; } diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 67a73d36ef..1dffc8d112 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -461,7 +461,7 @@ static int dh_get_ctx_params(void *vpdhctx, OSSL_PARAM params[]) if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_md == NULL ? "" - : EVP_MD_name(pdhctx->kdf_md))){ + : EVP_MD_get0_name(pdhctx->kdf_md))){ return 0; } diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index 7748340248..35d665fb91 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -377,7 +377,7 @@ int ecdh_get_ctx_params(void *vpecdhctx, OSSL_PARAM params[]) if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pectx->kdf_md == NULL ? "" - : EVP_MD_name(pectx->kdf_md))){ + : EVP_MD_get0_name(pectx->kdf_md))){ return 0; } diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index ce0c81c1d2..83d9d1ecce 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -116,7 +116,7 @@ static size_t kdf_hkdf_size(KDF_HKDF *ctx) ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - sz = EVP_MD_size(md); + sz = EVP_MD_get_size(md); if (sz < 0) return 0; @@ -326,7 +326,7 @@ static int HKDF(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, int ret, sz; size_t prk_len; - sz = EVP_MD_size(evp_md); + sz = EVP_MD_get_size(evp_md); if (sz < 0) return 0; prk_len = (size_t)sz; @@ -372,7 +372,7 @@ static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, const unsigned char *ikm, size_t ikm_len, unsigned char *prk, size_t prk_len) { - int sz = EVP_MD_size(evp_md); + int sz = EVP_MD_get_size(evp_md); if (sz < 0) return 0; @@ -382,8 +382,8 @@ static int HKDF_Extract(OSSL_LIB_CTX *libctx, const EVP_MD *evp_md, } /* calc: PRK = HMAC-Hash(salt, IKM) */ return - EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_name(evp_md), NULL, salt, - salt_len, ikm, ikm_len, prk, EVP_MD_size(evp_md), NULL) + EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt, + salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL) != NULL; } @@ -437,7 +437,7 @@ static int HKDF_Expand(const EVP_MD *evp_md, unsigned char prev[EVP_MAX_MD_SIZE]; size_t done_len = 0, dig_len, n; - sz = EVP_MD_size(evp_md); + sz = EVP_MD_get_size(evp_md); if (sz <= 0) return 0; dig_len = (size_t)sz; diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index e22d54171f..01f7f0d4fd 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -289,9 +289,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) NULL, NULL, libctx)) return 0; else if (ctx->ctx_init != NULL - && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC) - && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), OSSL_MAC_NAME_CMAC)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC); return 0; diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c index 4bf9ce7294..f8d4baa568 100644 --- a/providers/implementations/kdfs/krb5kdf.c +++ b/providers/implementations/kdfs/krb5kdf.c @@ -176,7 +176,7 @@ static int krb5kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) cipher = ossl_prov_cipher_cipher(&ctx->cipher); if (cipher) - len = EVP_CIPHER_key_length(cipher); + len = EVP_CIPHER_get_key_length(cipher); else len = EVP_MAX_KEY_LENGTH; @@ -332,7 +332,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, if (!ret) goto out; /* set the key len for the odd variable key len cipher */ - klen = EVP_CIPHER_CTX_key_length(ctx); + klen = EVP_CIPHER_CTX_get_key_length(ctx); if (key_len != (size_t)klen) { ret = EVP_CIPHER_CTX_set_key_length(ctx, key_len); if (!ret) @@ -369,7 +369,7 @@ static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine, #ifndef OPENSSL_NO_DES /* special case for 3des, where the caller may be requesting * the random raw key, instead of the fixed up key */ - if (EVP_CIPHER_nid(cipher) == NID_des_ede3_cbc && + if (EVP_CIPHER_get_nid(cipher) == NID_des_ede3_cbc && key_len == 24 && okey_len == 21) { des3_no_fixup = 1; } else { @@ -390,7 +390,7 @@ static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine, goto out; /* Initialize input block */ - blocksize = EVP_CIPHER_CTX_block_size(ctx); + blocksize = EVP_CIPHER_CTX_get_block_size(ctx); if (constant_len > blocksize) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONSTANT_LENGTH); @@ -445,7 +445,7 @@ static int KRB5KDF(const EVP_CIPHER *cipher, ENGINE *engine, } #ifndef OPENSSL_NO_DES - if (EVP_CIPHER_nid(cipher) == NID_des_ede3_cbc && !des3_no_fixup) { + if (EVP_CIPHER_get_nid(cipher) == NID_des_ede3_cbc && !des3_no_fixup) { ret = fixup_des3_key(okey); if (!ret) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY); diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c index 14c78b518c..fe247028ea 100644 --- a/providers/implementations/kdfs/pbkdf2.c +++ b/providers/implementations/kdfs/pbkdf2.c @@ -281,7 +281,7 @@ static int pbkdf2_derive(const char *pass, size_t passlen, unsigned long i = 1; HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; - mdlen = EVP_MD_size(digest); + mdlen = EVP_MD_get_size(digest); if (mdlen <= 0) return 0; diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c index d0036441a3..0ca83dd243 100644 --- a/providers/implementations/kdfs/pkcs12kdf.c +++ b/providers/implementations/kdfs/pkcs12kdf.c @@ -62,8 +62,8 @@ static int pkcs12kdf_derive(const unsigned char *pass, size_t passlen, ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); goto end; } - vi = EVP_MD_block_size(md_type); - ui = EVP_MD_size(md_type); + vi = EVP_MD_get_block_size(md_type); + ui = EVP_MD_get_size(md_type); if (ui < 0 || vi <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE); goto end; diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index c281997a25..56ac1e6334 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -108,7 +108,7 @@ static int SSKDF_hash_kdm(const EVP_MD *kdf_md, || derived_key_len == 0) return 0; - hlen = EVP_MD_size(kdf_md); + hlen = EVP_MD_get_size(kdf_md); if (hlen <= 0) return 0; out_len = (size_t)hlen; @@ -338,7 +338,7 @@ static size_t sskdf_size(KDF_SSKDF *ctx) ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - len = EVP_MD_size(md); + len = EVP_MD_get_size(md); return (len <= 0) ? 0 : (size_t)len; } @@ -362,7 +362,7 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, const unsigned char *custom = NULL; size_t custom_len = 0; int default_salt_len; - EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx); + EVP_MAC *mac = EVP_MAC_CTX_get0_mac(ctx->macctx); if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_HMAC)) { /* H(x) = HMAC(x, salt, hash) */ @@ -370,7 +370,7 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen, ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - default_salt_len = EVP_MD_size(md); + default_salt_len = EVP_MD_get_size(md); if (default_salt_len <= 0) return 0; } else if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_KMAC128) diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c index c469d48439..c2cc94a192 100644 --- a/providers/implementations/kdfs/x942kdf.c +++ b/providers/implementations/kdfs/x942kdf.c @@ -281,7 +281,7 @@ static int x942kdf_hash_kdm(const EVP_MD *kdf_md, return 0; } - hlen = EVP_MD_size(kdf_md); + hlen = EVP_MD_get_size(kdf_md); if (hlen <= 0) return 0; out_len = (size_t)hlen; @@ -388,7 +388,7 @@ static size_t x942kdf_size(KDF_X942 *ctx) ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - len = EVP_MD_size(md); + len = EVP_MD_get_size(md); return (len <= 0) ? 0 : (size_t)len; } diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index f11bcc560c..3b378d38ff 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -174,7 +174,7 @@ static int mac_match(const void *keydata1, const void *keydata2, int selection) key1->priv_key_len) == 0); if (key1->cipher.cipher != NULL) ok = ok && EVP_CIPHER_is_a(key1->cipher.cipher, - EVP_CIPHER_name(key2->cipher.cipher)); + EVP_CIPHER_get0_name(key2->cipher.cipher)); } return ok; } @@ -253,7 +253,7 @@ static int key_to_params(MAC_KEY *key, OSSL_PARAM_BLD *tmpl, if (key->cipher.cipher != NULL && !ossl_param_build_set_utf8_string(tmpl, params, OSSL_PKEY_PARAM_CIPHER, - EVP_CIPHER_name(key->cipher.cipher))) + EVP_CIPHER_get0_name(key->cipher.cipher))) return 0; #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 85625c8681..4f8450475c 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -99,7 +99,7 @@ static size_t cmac_size(void *vmacctx) { struct cmac_data_st *macctx = vmacctx; - return EVP_CIPHER_CTX_block_size(CMAC_CTX_get0_cipher_ctx(macctx->ctx)); + return EVP_CIPHER_CTX_get_block_size(CMAC_CTX_get0_cipher_ctx(macctx->ctx)); } static int cmac_setkey(struct cmac_data_st *macctx, diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index 1f4047ccd3..29fb9f87df 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -103,7 +103,7 @@ static int gmac_setkey(struct gmac_data_st *macctx, { EVP_CIPHER_CTX *ctx = macctx->ctx; - if (keylen != (size_t)EVP_CIPHER_CTX_key_length(ctx)) { + if (keylen != (size_t)EVP_CIPHER_CTX_get_key_length(ctx)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } @@ -214,7 +214,7 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) || !ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx)) return 0; - if (EVP_CIPHER_mode(ossl_prov_cipher_cipher(&macctx->cipher)) + if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher)) != EVP_CIPH_GCM_MODE) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); return 0; diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index 4ee57ca1c2..123c40f54f 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -187,7 +187,7 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params) return 0; } - kctx->out_len = EVP_MD_size(ossl_prov_digest_md(&kctx->digest)); + kctx->out_len = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest)); return kctx; } @@ -243,7 +243,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key, size_t keylen) { const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest); - int w = EVP_MD_block_size(digest); + int w = EVP_MD_get_block_size(digest); if (keylen < KMAC_MIN_KEY || keylen > KMAC_MAX_KEY) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); @@ -288,7 +288,7 @@ static int kmac_init(void *vmacctx, const unsigned char *key, NULL)) return 0; - t = EVP_MD_block_size(ossl_prov_digest_md(&kctx->digest)); + t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest)); if (t < 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH); return 0; diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c index 48e8677ec8..458feca6a5 100644 --- a/providers/implementations/rands/drbg_ctr.c +++ b/providers/implementations/rands/drbg_ctr.c @@ -540,7 +540,7 @@ static int drbg_ctr_init(PROV_DRBG *drbg) ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CIPHER); return 0; } - ctr->keylen = keylen = EVP_CIPHER_key_length(ctr->cipher_ctr); + ctr->keylen = keylen = EVP_CIPHER_get_key_length(ctr->cipher_ctr); if (ctr->ctx_ecb == NULL) ctr->ctx_ecb = EVP_CIPHER_CTX_new(); if (ctr->ctx_ctr == NULL) @@ -645,7 +645,8 @@ static int drbg_ctr_get_ctx_params(void *vdrbg, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_CIPHER); if (p != NULL) { if (ctr->cipher_ctr == NULL - || !OSSL_PARAM_set_utf8_string(p, EVP_CIPHER_name(ctr->cipher_ctr))) + || !OSSL_PARAM_set_utf8_string(p, + EVP_CIPHER_get0_name(ctr->cipher_ctr))) return 0; } diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c index 4db104c773..6deb0a2925 100644 --- a/providers/implementations/rands/drbg_hash.c +++ b/providers/implementations/rands/drbg_hash.c @@ -438,7 +438,7 @@ static int drbg_hash_get_ctx_params(void *vdrbg, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_DIGEST); if (p != NULL) { md = ossl_prov_digest_md(&hash->digest); - if (md == NULL || !OSSL_PARAM_set_utf8_string(p, EVP_MD_name(md))) + if (md == NULL || !OSSL_PARAM_set_utf8_string(p, EVP_MD_get0_name(md))) return 0; } @@ -468,13 +468,13 @@ static int drbg_hash_set_ctx_params(void *vctx, const OSSL_PARAM params[]) md = ossl_prov_digest_md(&hash->digest); if (md != NULL) { - if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0) { + if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) { ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); return 0; } /* These are taken from SP 800-90 10.1 Table 2 */ - hash->blocklen = EVP_MD_size(md); + hash->blocklen = EVP_MD_get_size(md); /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ ctx->strength = 64 * (hash->blocklen >> 3); if (ctx->strength > 256) diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c index 67c0339801..e68465a78c 100644 --- a/providers/implementations/rands/drbg_hmac.c +++ b/providers/implementations/rands/drbg_hmac.c @@ -326,7 +326,7 @@ static int drbg_hmac_get_ctx_params(void *vdrbg, OSSL_PARAM params[]) if (p != NULL) { if (hmac->ctx == NULL) return 0; - name = EVP_MAC_name(EVP_MAC_CTX_mac(hmac->ctx)); + name = EVP_MAC_get0_name(EVP_MAC_CTX_get0_mac(hmac->ctx)); if (!OSSL_PARAM_set_utf8_string(p, name)) return 0; } @@ -334,7 +334,7 @@ static int drbg_hmac_get_ctx_params(void *vdrbg, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_DIGEST); if (p != NULL) { md = ossl_prov_digest_md(&hmac->digest); - if (md == NULL || !OSSL_PARAM_set_utf8_string(p, EVP_MD_name(md))) + if (md == NULL || !OSSL_PARAM_set_utf8_string(p, EVP_MD_get0_name(md))) return 0; } @@ -369,7 +369,7 @@ static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[]) * digests. */ md = ossl_prov_digest_md(&hmac->digest); - if (md != NULL && (EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0) { + if (md != NULL && (EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) { ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); return 0; } @@ -380,7 +380,7 @@ static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[]) if (hmac->ctx != NULL) { /* These are taken from SP 800-90 10.1 Table 2 */ - hmac->blocklen = EVP_MD_size(md); + hmac->blocklen = EVP_MD_get_size(md); /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ ctx->strength = 64 * (int)(hmac->blocklen >> 3); if (ctx->strength > 256) diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c index 23e000db4c..138fbce5e9 100644 --- a/providers/implementations/signature/dsa_sig.c +++ b/providers/implementations/signature/dsa_sig.c @@ -92,7 +92,7 @@ typedef struct { static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx) { if (pdsactx->md != NULL) - return EVP_MD_size(pdsactx->md); + return EVP_MD_get_size(pdsactx->md); return 0; } diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c index a4297d1903..c32641f1eb 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -248,7 +248,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, WPACKET_cleanup(&pkt); ctx->mdctx = NULL; ctx->md = md; - ctx->mdsize = EVP_MD_size(ctx->md); + ctx->mdsize = EVP_MD_get_size(ctx->md); OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); return 1; @@ -429,7 +429,7 @@ static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params) p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL ? ctx->mdname - : EVP_MD_name(ctx->md))) + : EVP_MD_get0_name(ctx->md))) return 0; return 1; diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c index a8cc67b410..d9fd105289 100644 --- a/providers/implementations/signature/mac_legacy_sig.c +++ b/providers/implementations/signature/mac_legacy_sig.c @@ -107,7 +107,7 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey, pmacctx->key = vkey; if (pmacctx->key->cipher.cipher != NULL) - ciphername = (char *)EVP_CIPHER_name(pmacctx->key->cipher.cipher); + ciphername = (char *)EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher); #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) if (pmacctx->key->cipher.engine != NULL) engine = (char *)ENGINE_get_id(pmacctx->key->cipher.engine); diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c index abd3b1a77b..30fd43e0e5 100644 --- a/providers/implementations/signature/rsa_sig.c +++ b/providers/implementations/signature/rsa_sig.c @@ -116,7 +116,7 @@ typedef struct { static size_t rsa_get_md_size(const PROV_RSA_CTX *prsactx) { if (prsactx->md != NULL) - return EVP_MD_size(prsactx->md); + return EVP_MD_get_size(prsactx->md); return 0; } @@ -156,7 +156,7 @@ static int rsa_check_parameters(PROV_RSA_CTX *prsactx, int min_saltlen) int max_saltlen; /* See if minimum salt length exceeds maximum possible */ - max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_size(prsactx->md); + max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_get_size(prsactx->md); if ((RSA_bits(prsactx->rsa) & 0x7) == 1) max_saltlen--; if (min_saltlen < 0 || min_saltlen > max_saltlen) { @@ -195,9 +195,9 @@ static int rsa_pss_compute_saltlen(PROV_RSA_CTX *ctx) int saltlen = ctx->saltlen; if (saltlen == RSA_PSS_SALTLEN_DIGEST) { - saltlen = EVP_MD_size(ctx->md); + saltlen = EVP_MD_get_size(ctx->md); } else if (saltlen == RSA_PSS_SALTLEN_AUTO || saltlen == RSA_PSS_SALTLEN_MAX) { - saltlen = RSA_size(ctx->rsa) - EVP_MD_size(ctx->md) - 2; + saltlen = RSA_size(ctx->rsa) - EVP_MD_get_size(ctx->md) - 2; if ((RSA_bits(ctx->rsa) & 0x7) == 1) saltlen--; } @@ -575,13 +575,13 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, if (rsa_pss_restricted(prsactx)) { switch (prsactx->saltlen) { case RSA_PSS_SALTLEN_DIGEST: - if (prsactx->min_saltlen > EVP_MD_size(prsactx->md)) { + if (prsactx->min_saltlen > EVP_MD_get_size(prsactx->md)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_PSS_SALTLEN_TOO_SMALL, "minimum salt length set to %d, " "but the digest only gives %d", prsactx->min_saltlen, - EVP_MD_size(prsactx->md)); + EVP_MD_get_size(prsactx->md)); return 0; } /* FALLTHRU */ @@ -678,10 +678,10 @@ static int rsa_verify_recover(void *vprsactx, ERR_raise(ERR_LIB_PROV, PROV_R_ALGORITHM_MISMATCH); return 0; } - if (ret != EVP_MD_size(prsactx->md)) { + if (ret != EVP_MD_get_size(prsactx->md)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH, "Should be %d, but got %d", - EVP_MD_size(prsactx->md), ret); + EVP_MD_get_size(prsactx->md), ret); return 0; } @@ -1279,13 +1279,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) } break; case RSA_PSS_SALTLEN_DIGEST: - if (prsactx->min_saltlen > EVP_MD_size(prsactx->md)) { + if (prsactx->min_saltlen > EVP_MD_get_size(prsactx->md)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_PSS_SALTLEN_TOO_SMALL, "Should be more than %d, but would be " "set to match digest size (%d)", prsactx->min_saltlen, - EVP_MD_size(prsactx->md)); + EVP_MD_get_size(prsactx->md)); return 0; } break; diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c index 8607a8b911..719e7a2eb2 100644 --- a/providers/implementations/signature/sm2_sig.c +++ b/providers/implementations/signature/sm2_sig.c @@ -198,7 +198,7 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, if (ctx->mdctx == NULL) goto error; - md_nid = EVP_MD_type(ctx->md); + md_nid = EVP_MD_get_type(ctx->md); /* * We do not care about DER writing errors. @@ -295,7 +295,7 @@ int sm2sig_digest_verify_final(void *vpsm2ctx, const unsigned char *sig, if (psm2ctx == NULL || psm2ctx->mdctx == NULL - || EVP_MD_size(psm2ctx->md) > (int)sizeof(digest)) + || EVP_MD_get_size(psm2ctx->md) > (int)sizeof(digest)) return 0; if (!(sm2sig_compute_z_digest(psm2ctx) @@ -378,7 +378,7 @@ static int sm2sig_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params) p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); if (p != NULL && !OSSL_PARAM_set_utf8_string(p, psm2ctx->md == NULL ? psm2ctx->mdname - : EVP_MD_name(psm2ctx->md))) + : EVP_MD_get0_name(psm2ctx->md))) return 0; return 1; diff --git a/ssl/ktls.c b/ssl/ktls.c index 4aece2e7b7..a5de8bd720 100644 --- a/ssl/ktls.c +++ b/ssl/ktls.c @@ -67,7 +67,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, case SSL_AES256GCM: crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16; if (s->version == TLS1_3_VERSION) - crypto_info->iv_len = EVP_CIPHER_CTX_iv_length(dd); + crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); else crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; @@ -87,7 +87,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, return 0; } crypto_info->cipher_algorithm = CRYPTO_AES_CBC; - crypto_info->iv_len = EVP_CIPHER_iv_length(c); + crypto_info->iv_len = EVP_CIPHER_get_iv_length(c); crypto_info->auth_key = mac_key; crypto_info->auth_key_len = mac_secret_size; break; @@ -95,7 +95,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, return 0; } crypto_info->cipher_key = key; - crypto_info->cipher_key_len = EVP_CIPHER_key_length(c); + crypto_info->cipher_key_len = EVP_CIPHER_get_key_length(c); crypto_info->iv = iv; crypto_info->tls_vmajor = (s->version >> 8) & 0x000000ff; crypto_info->tls_vminor = (s->version & 0x000000ff); @@ -129,11 +129,11 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 * or Chacha20-Poly1305 */ - switch (EVP_CIPHER_nid(c)) + switch (EVP_CIPHER_get_nid(c)) { # ifdef OPENSSL_KTLS_AES_CCM_128 case NID_aes_128_ccm: - if (EVP_CIPHER_CTX_tag_length(dd) != EVP_CCM_TLS_TAG_LEN) + if (EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN) return 0; # endif # ifdef OPENSSL_KTLS_AES_GCM_128 @@ -163,7 +163,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, unsigned char *iiv = iv; if (s->version == TLS1_2_VERSION && - EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { + EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CIPHER_CTX_get_updated_iv(dd, geniv, EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN)) @@ -172,7 +172,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, } memset(crypto_info, 0, sizeof(*crypto_info)); - switch (EVP_CIPHER_nid(c)) + switch (EVP_CIPHER_get_nid(c)) { # ifdef OPENSSL_KTLS_AES_GCM_128 case NID_aes_128_gcm: @@ -182,7 +182,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, memcpy(crypto_info->gcm128.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, TLS_CIPHER_AES_GCM_128_IV_SIZE); memcpy(crypto_info->gcm128.salt, iiv, TLS_CIPHER_AES_GCM_128_SALT_SIZE); - memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->gcm128.rec_seq, rl_sequence, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); if (rec_seq != NULL) @@ -197,7 +197,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, memcpy(crypto_info->gcm256.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, TLS_CIPHER_AES_GCM_256_IV_SIZE); memcpy(crypto_info->gcm256.salt, iiv, TLS_CIPHER_AES_GCM_256_SALT_SIZE); - memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->gcm256.rec_seq, rl_sequence, TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); if (rec_seq != NULL) @@ -212,7 +212,7 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, memcpy(crypto_info->ccm128.iv, iiv + EVP_CCM_TLS_FIXED_IV_LEN, TLS_CIPHER_AES_CCM_128_IV_SIZE); memcpy(crypto_info->ccm128.salt, iiv, TLS_CIPHER_AES_CCM_128_SALT_SIZE); - memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->ccm128.rec_seq, rl_sequence, TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); if (rec_seq != NULL) @@ -226,7 +226,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305); memcpy(crypto_info->chacha20poly1305.iv, iiv, TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE); - memcpy(crypto_info->chacha20poly1305.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->chacha20poly1305.key, key, + EVP_CIPHER_get_key_length(c)); memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence, TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); if (rec_seq != NULL) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 6713ff72f5..336ebc8b79 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -837,7 +837,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (clear) mac_size = 0; else { - mac_size = EVP_MD_CTX_size(s->write_hash); + mac_size = EVP_MD_CTX_get_size(s->write_hash); if (mac_size < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE); @@ -871,9 +871,9 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, /* Explicit IV length, block ciphers appropriate version flag */ if (s->enc_write_ctx) { - int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); + int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { - eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); + eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; } diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 8cd102ecae..a217db772a 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -439,7 +439,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, && !SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) && BIO_get_ktls_send(s->wbio) == 0 - && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) != 0) { unsigned char aad[13]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; @@ -588,7 +588,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len, } if (maxpipes == 0 || s->enc_write_ctx == NULL - || (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) + || (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & EVP_CIPH_FLAG_PIPELINE) == 0 || !SSL_USE_EXPLICIT_IV(s)) maxpipes = 1; @@ -723,7 +723,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, mac_size = 0; } else { /* TODO(siz_t): Convert me */ - mac_size = EVP_MD_CTX_size(s->write_hash); + mac_size = EVP_MD_CTX_get_size(s->write_hash); if (mac_size < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; @@ -831,10 +831,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* Explicit IV length, block ciphers appropriate version flag */ if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) { - int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx); + int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { /* TODO(size_t): Convert me */ - eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx); + eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; } else if (mode == EVP_CIPH_GCM_MODE) { diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 8788d49e4c..8c4ff01dd1 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -480,7 +480,7 @@ int ssl3_get_record(SSL *s) && thisrr->type == SSL3_RT_APPLICATION_DATA && SSL_USE_EXPLICIT_IV(s) && s->enc_read_ctx != NULL - && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx)) + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx)) & EVP_CIPH_FLAG_PIPELINE) != 0 && ssl3_record_app_data_waiting(s)); @@ -526,7 +526,7 @@ int ssl3_get_record(SSL *s) const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash); if (tmpmd != NULL) { - imac_size = EVP_MD_size(tmpmd); + imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return -1; @@ -855,11 +855,11 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, memmove(rec->data, rec->input, rec->length); rec->input = rec->data; } else { - int provided = (EVP_CIPHER_provider(enc) != NULL); + int provided = (EVP_CIPHER_get0_provider(enc) != NULL); l = rec->length; /* TODO(size_t): Convert this call */ - bs = EVP_CIPHER_CTX_block_size(ds); + bs = EVP_CIPHER_CTX_get_block_size(ds); /* COMPRESS */ @@ -889,7 +889,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, /* otherwise, rec->length >= bs */ } - if (EVP_CIPHER_provider(enc) != NULL) { + if (EVP_CIPHER_get0_provider(enc) != NULL) { int outlen; if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input, @@ -968,7 +968,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, if (sending) { if (EVP_MD_CTX_get0_md(s->write_hash)) { - int n = EVP_MD_CTX_size(s->write_hash); + int n = EVP_MD_CTX_get_size(s->write_hash); if (!ossl_assert(n >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -983,8 +983,8 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx); /* For TLSv1.1 and later explicit IV */ if (SSL_USE_EXPLICIT_IV(s) - && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) - ivlen = EVP_CIPHER_iv_length(enc); + && EVP_CIPHER_get_mode(enc) == EVP_CIPH_CBC_MODE) + ivlen = EVP_CIPHER_get_iv_length(enc); else ivlen = 0; if (ivlen > 1) { @@ -1006,7 +1006,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, } } else { if (EVP_MD_CTX_get0_md(s->read_hash)) { - int n = EVP_MD_CTX_size(s->read_hash); + int n = EVP_MD_CTX_get_size(s->read_hash); if (!ossl_assert(n >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -1025,12 +1025,12 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, recs[ctr].input = recs[ctr].data; } } else { - int provided = (EVP_CIPHER_provider(enc) != NULL); + int provided = (EVP_CIPHER_get0_provider(enc) != NULL); - bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_get0_cipher(ds)); + bs = EVP_CIPHER_get_block_size(EVP_CIPHER_CTX_get0_cipher(ds)); if (n_recs > 1) { - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) & EVP_CIPH_FLAG_PIPELINE) == 0) { /* * We shouldn't have been called with pipeline data if the @@ -1043,7 +1043,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, for (ctr = 0; ctr < n_recs; ctr++) { reclen[ctr] = recs[ctr].length; - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { unsigned char *seq; @@ -1177,10 +1177,10 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, * any explicit IV */ if (!sending) { - if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) { + if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; - } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) { + } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) { @@ -1215,7 +1215,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, /* TODO(size_t): Convert this call */ tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, (unsigned int)reclen[0]); - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds)) + if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0 ? (tmpr < 0) : (tmpr == 0)) { @@ -1225,13 +1225,13 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, if (!sending) { /* Adjust the record to remove the explicit IV/MAC/Tag */ - if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) { + if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) { for (ctr = 0; ctr < n_recs; ctr++) { recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN; recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN; recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; } - } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) { + } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) { for (ctr = 0; ctr < n_recs; ctr++) { recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN; recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN; @@ -1261,7 +1261,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, : NULL, bs, macsize, - (EVP_CIPHER_flags(enc) + (EVP_CIPHER_get_flags(enc) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0, s->ctx->libctx)) return 0; @@ -1283,7 +1283,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, */ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) { - switch (EVP_MD_CTX_type(ctx)) { + switch (EVP_MD_CTX_get_type(ctx)) { case NID_md5: case NID_sha1: case NID_sha224: @@ -1315,15 +1315,15 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) hash = ssl->read_hash; } - t = EVP_MD_CTX_size(hash); + t = EVP_MD_CTX_get_size(hash); if (t < 0) return 0; md_size = t; npad = (48 / md_size) * md_size; - if (!sending && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(hash)) { + if (!sending + && EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE + && ssl3_cbc_record_digest_supported(hash)) { #ifdef OPENSSL_NO_DEPRECATED_3_0 return 0; #else @@ -1418,7 +1418,7 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) hash = ssl->read_hash; } - t = EVP_MD_CTX_size(hash); + t = EVP_MD_CTX_get_size(hash); if (!ossl_assert(t >= 0)) return 0; md_size = t; @@ -1457,16 +1457,16 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) header[11] = (unsigned char)(rec->length >> 8); header[12] = (unsigned char)(rec->length & 0xff); - if (!sending && !SSL_READ_ETM(ssl) && - EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE && - ssl3_cbc_record_digest_supported(mac_ctx)) { + if (!sending && !SSL_READ_ETM(ssl) + && EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE + && ssl3_cbc_record_digest_supported(mac_ctx)) { OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params; *p++ = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, &rec->orig_len); *p++ = OSSL_PARAM_construct_end(); - if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_pkey_ctx(mac_ctx), + if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx), tls_hmac_params)) return 0; } @@ -1551,7 +1551,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash); if (tmpmd != NULL) { - imac_size = EVP_MD_size(tmpmd); + imac_size = EVP_MD_get_size(tmpmd); if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return -1; diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index 0e4b310148..13c007ae23 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -62,7 +62,7 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 1; } - ivlen = EVP_CIPHER_CTX_iv_length(ctx); + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (s->early_data_state == SSL_EARLY_DATA_WRITING || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 88ac6e4205..64b246eb65 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -186,15 +186,15 @@ int ssl3_change_cipher_state(SSL *s, int which) EVP_CIPHER_CTX_reset(dd); p = s->s3.tmp.key_block; - mdi = EVP_MD_size(m); + mdi = EVP_MD_get_size(m); if (mdi < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } i = mdi; - cl = EVP_CIPHER_key_length(c); + cl = EVP_CIPHER_get_key_length(c); j = cl; - k = EVP_CIPHER_iv_length(c); + k = EVP_CIPHER_get_iv_length(c); if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { ms = &(p[0]); @@ -225,7 +225,7 @@ int ssl3_change_cipher_state(SSL *s, int which) goto err; } - if (EVP_CIPHER_provider(c) != NULL + if (EVP_CIPHER_get0_provider(c) != NULL && !tls_provider_set_tls_params(s, dd, c, m)) { /* SSLfatal already called */ goto err; @@ -266,11 +266,11 @@ int ssl3_setup_key_block(SSL *s) s->s3.tmp.new_compression = comp; #endif - num = EVP_MD_size(hash); + num = EVP_MD_get_size(hash); if (num < 0) return 0; - num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c); + num = EVP_CIPHER_get_key_length(c) + num + EVP_CIPHER_get_iv_length(c); num *= 2; ssl3_cleanup_key_block(s); @@ -424,7 +424,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, return 0; } - if (EVP_MD_CTX_type(s->s3.handshake_dgst) != NID_md5_sha1) { + if (EVP_MD_CTX_get_type(s->s3.handshake_dgst) != NID_md5_sha1) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST); return 0; } @@ -440,7 +440,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, goto err; } - ret = EVP_MD_CTX_size(ctx); + ret = EVP_MD_CTX_get_size(ctx); if (ret < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); ret = 0; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 582124aa1f..d7c19feedf 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -346,7 +346,7 @@ int ssl_load_ciphers(SSL_CTX *ctx) if (md == NULL) { ctx->disabled_mac_mask |= t->mask; } else { - int tmpsize = EVP_MD_size(md); + int tmpsize = EVP_MD_get_size(md); if (!ossl_assert(tmpsize >= 0)) return 0; ctx->ssl_mac_secret_size[i] = tmpsize; @@ -566,8 +566,9 @@ int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, *mac_secret_size = ctx->ssl_mac_secret_size[i]; } - if ((*enc != NULL) && - (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) + if ((*enc != NULL) + && (*md != NULL + || (EVP_CIPHER_get_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)) && (!mac_pkey_type || *mac_pkey_type != NID_undef)) { const EVP_CIPHER *evp = NULL; @@ -2172,7 +2173,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, if (e_md == NULL) return 0; - mac = EVP_MD_size(e_md); + mac = EVP_MD_get_size(e_md); if (c->algorithm_enc != SSL_eNULL) { int cipher_nid = SSL_CIPHER_get_cipher_nid(c); const EVP_CIPHER *e_ciph = EVP_get_cipherbynid(cipher_nid); @@ -2180,12 +2181,12 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead, /* If it wasn't AEAD or SSL_eNULL, we expect it to be a known CBC cipher. */ if (e_ciph == NULL || - EVP_CIPHER_mode(e_ciph) != EVP_CIPH_CBC_MODE) + EVP_CIPHER_get_mode(e_ciph) != EVP_CIPH_CBC_MODE) return 0; in = 1; /* padding length byte */ - out = EVP_CIPHER_iv_length(e_ciph); - blk = EVP_CIPHER_block_size(e_ciph); + out = EVP_CIPHER_get_iv_length(e_ciph); + blk = EVP_CIPHER_get_block_size(e_ciph); } } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index af95f2e056..c8ab4a66a0 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -305,7 +305,7 @@ static int dane_tlsa_add(SSL_DANE *dane, } } - if (md != NULL && dlen != (size_t)EVP_MD_size(md)) { + if (md != NULL && dlen != (size_t)EVP_MD_get_size(md)) { ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH); return 0; } @@ -4764,7 +4764,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, { EVP_MD_CTX *ctx = NULL; EVP_MD_CTX *hdgst = s->s3.handshake_dgst; - int hashleni = EVP_MD_CTX_size(hdgst); + int hashleni = EVP_MD_CTX_get_size(hdgst); int ret = 0; if (hashleni < 0 || (size_t)hashleni > outlen) { @@ -5898,7 +5898,7 @@ const EVP_CIPHER *ssl_evp_cipher_fetch(OSSL_LIB_CTX *libctx, int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher) { /* Don't up-ref an implicit EVP_CIPHER */ - if (EVP_CIPHER_provider(cipher) == NULL) + if (EVP_CIPHER_get0_provider(cipher) == NULL) return 1; /* @@ -5913,7 +5913,7 @@ void ssl_evp_cipher_free(const EVP_CIPHER *cipher) if (cipher == NULL) return; - if (EVP_CIPHER_provider(cipher) != NULL) { + if (EVP_CIPHER_get0_provider(cipher) != NULL) { /* * The cipher was explicitly fetched and therefore it is safe to cast * away the const @@ -5942,7 +5942,7 @@ const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, int ssl_evp_md_up_ref(const EVP_MD *md) { /* Don't up-ref an implicit EVP_MD */ - if (EVP_MD_provider(md) == NULL) + if (EVP_MD_get0_provider(md) == NULL) return 1; /* @@ -5957,7 +5957,7 @@ void ssl_evp_md_free(const EVP_MD *md) if (md == NULL) return; - if (EVP_MD_provider(md) != NULL) { + if (EVP_MD_get0_provider(md) != NULL) { /* * The digest was explicitly fetched and therefore it is safe to cast * away the const @@ -5969,7 +5969,7 @@ void ssl_evp_md_free(const EVP_MD *md) int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) { if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) { + EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); EVP_PKEY_free(dhpkey); return 0; @@ -5982,7 +5982,7 @@ int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey) int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey) { if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, - EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) { + EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) { ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL); EVP_PKEY_free(dhpkey); return 0; diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 42d591e11e..d12e940704 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1453,7 +1453,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, #endif const unsigned char *label; size_t bindersize, labelsize, hashsize; - int hashsizei = EVP_MD_size(md); + int hashsizei = EVP_MD_get_size(md); int ret = -1; int usepskfored = 0; @@ -1587,7 +1587,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, binderout = tmpbinder; bindersize = hashsize; - if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->libctx, + if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx, s->ctx->propq, mackey, NULL) <= 0 || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0 || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0 diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index fe9f8a9de6..545b2d034f 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -937,7 +937,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, * length. */ hlen += PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen - + EVP_MD_size(md); + + EVP_MD_get_size(md); } } @@ -1068,7 +1068,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, */ agems += s->session->ext.tick_age_add; - reshashsize = EVP_MD_size(mdres); + reshashsize = EVP_MD_get_size(mdres); s->ext.tick_identity++; dores = 1; } @@ -1097,7 +1097,7 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_FAIL; } - pskhashsize = EVP_MD_size(mdpsk); + pskhashsize = EVP_MD_get_size(mdpsk); } /* Create the extension, but skip over the binder for now */ diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 6b3b33e239..51c3251635 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1164,7 +1164,8 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, md = ssl_md(s->ctx, sess->cipher->algorithm2); if (!EVP_MD_is_a(md, - EVP_MD_name(ssl_md(s->ctx, s->s3.tmp.new_cipher->algorithm2)))) { + EVP_MD_get0_name(ssl_md(s->ctx, + s->s3.tmp.new_cipher->algorithm2)))) { /* The ciphersuite is not compatible with this session. */ SSL_SESSION_free(sess); sess = NULL; @@ -1179,7 +1180,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data; - hashsize = EVP_MD_size(md); + hashsize = EVP_MD_get_size(md); if (!PACKET_get_length_prefixed_2(pkt, &binders)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 82bb013865..88b34c6ad1 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2083,7 +2083,8 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) goto err; } - if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp), + if (!ssl_security(s, SSL_SECOP_TMP_DH, + EVP_PKEY_get_security_bits(peer_tmp), 0, peer_tmp)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); goto err; @@ -2258,7 +2259,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } if (SSL_USE_SIGALGS(s)) OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); if (!PACKET_get_length_prefixed_2(pkt, &signature) || PACKET_remaining(pkt) != 0) { @@ -2273,7 +2274,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt) } if (EVP_DigestVerifyInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), + md == NULL ? NULL : EVP_MD_get0_name(md), s->ctx->libctx, s->ctx->propq, pkey, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); @@ -2589,7 +2590,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) /* This is a standalone message in TLSv1.3, so there is no more to read */ if (SSL_IS_TLS13(s)) { const EVP_MD *md = ssl_handshake_md(s); - int hashleni = EVP_MD_size(md); + int hashleni = EVP_MD_get_size(md); size_t hashlen; static const unsigned char nonce_label[] = "resumption"; @@ -2942,7 +2943,7 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt) * stack, we need to zero pad the DHE pub key to the same length * as the prime. */ - prime_len = EVP_PKEY_size(ckey); + prime_len = EVP_PKEY_get_size(ckey); pad_len = prime_len - encoded_pub_len; if (pad_len > 0) { if (!WPACKET_sub_allocate_bytes_u16(pkt, pad_len, &keybytes)) { diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 1fcd064ea6..8c588fd590 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -132,17 +132,17 @@ int dtls1_do_write(SSL *s, int type) if (s->write_hash) { if (s->enc_write_ctx - && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & + && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) mac_size = 0; else - mac_size = EVP_MD_CTX_size(s->write_hash); + mac_size = EVP_MD_CTX_get_size(s->write_hash); } else mac_size = 0; if (s->enc_write_ctx && - (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)) - blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx); + (EVP_CIPHER_CTX_get_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE)) + blocksize = 2 * EVP_CIPHER_CTX_get_block_size(s->enc_write_ctx); else blocksize = 0; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 800a957ab2..eef2fe4367 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -309,7 +309,8 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt) goto err; } - if (EVP_DigestSignInit_ex(mctx, &pctx, md == NULL ? NULL : EVP_MD_name(md), + if (EVP_DigestSignInit_ex(mctx, &pctx, + md == NULL ? NULL : EVP_MD_get0_name(md), s->ctx->libctx, s->ctx->propq, pkey, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); @@ -451,7 +452,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) if (SSL_USE_SIGALGS(s)) OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n", - md == NULL ? "n/a" : EVP_MD_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); /* Check for broken implementations of GOST ciphersuites */ /* @@ -461,10 +462,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) #ifndef OPENSSL_NO_GOST if (!SSL_USE_SIGALGS(s) && ((PACKET_remaining(pkt) == 64 - && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001 - || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256)) + && (EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2001 + || EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256)) || (PACKET_remaining(pkt) == 128 - && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) { + && EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_512))) { len = PACKET_remaining(pkt); } else #endif @@ -484,10 +485,10 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } OSSL_TRACE1(TLS, "Using client verify alg %s\n", - md == NULL ? "n/a" : EVP_MD_name(md)); + md == NULL ? "n/a" : EVP_MD_get0_name(md)); if (EVP_DigestVerifyInit_ex(mctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), + md == NULL ? NULL : EVP_MD_get0_name(md), s->ctx->libctx, s->ctx->propq, pkey, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); @@ -495,7 +496,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) } #ifndef OPENSSL_NO_GOST { - int pktype = EVP_PKEY_id(pkey); + int pktype = EVP_PKEY_get_id(pkey); if (pktype == NID_id_GostR3410_2001 || pktype == NID_id_GostR3410_2012_256 || pktype == NID_id_GostR3410_2012_512) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 15bcdae387..a954097a39 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2480,7 +2480,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } if (!ssl_security(s, SSL_SECOP_TMP_DH, - EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) { + EVP_PKEY_get_security_bits(pkdhp), 0, pkdhp)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL); goto err; } @@ -2678,7 +2678,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) } if (EVP_DigestSignInit_ex(md_ctx, &pctx, - md == NULL ? NULL : EVP_MD_name(md), + md == NULL ? NULL : EVP_MD_get0_name(md), s->ctx->libctx, s->ctx->propq, pkey, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -3766,7 +3766,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED); goto err; } - iv_len = EVP_CIPHER_CTX_iv_length(ctx); + iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); } else { EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", s->ctx->propq); @@ -3777,7 +3777,7 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, goto err; } - iv_len = EVP_CIPHER_iv_length(cipher); + iv_len = EVP_CIPHER_get_iv_length(cipher); if (iv_len < 0 || RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0 || !EVP_EncryptInit_ex(ctx, cipher, NULL, @@ -3875,7 +3875,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) uint64_t nonce; static const unsigned char nonce_label[] = "resumption"; const EVP_MD *md = ssl_handshake_md(s); - int hashleni = EVP_MD_size(md); + int hashleni = EVP_MD_get_size(md); /* Ensure cast to size_t is safe */ if (!ossl_assert(hashleni >= 0)) { diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 886709bf4a..03a83ee9a0 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -52,7 +52,7 @@ static int tls1_PRF(SSL *s, EVP_KDF_free(kdf); if (kctx == NULL) goto err; - mdname = EVP_MD_name(md); + mdname = EVP_MD_get0_name(md); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, @@ -146,14 +146,14 @@ int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, size_t macsize = 0; int imacsize = -1; - if ((EVP_CIPHER_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0 + if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0 /* * We look at s->ext.use_etm instead of SSL_READ_ETM() or * SSL_WRITE_ETM() because this test applies to both reading * and writing. */ && !s->ext.use_etm) - imacsize = EVP_MD_size(md); + imacsize = EVP_MD_get_size(md); if (imacsize >= 0) macsize = (size_t)imacsize; @@ -175,12 +175,12 @@ int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, static int tls_iv_length_within_key_block(const EVP_CIPHER *c) { /* If GCM/CCM mode only part of IV comes from PRF */ - if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) + if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) return EVP_GCM_TLS_FIXED_IV_LEN; - else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) + else if (EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) return EVP_CCM_TLS_FIXED_IV_LEN; else - return EVP_CIPHER_iv_length(c); + return EVP_CIPHER_get_iv_length(c); } int tls1_change_cipher_state(SSL *s, int which) @@ -334,7 +334,7 @@ int tls1_change_cipher_state(SSL *s, int which) i = *mac_secret_size = s->s3.tmp.new_mac_secret_size; /* TODO(size_t): convert me */ - cl = EVP_CIPHER_key_length(c); + cl = EVP_CIPHER_get_key_length(c); j = cl; k = tls_iv_length_within_key_block(c); if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || @@ -362,7 +362,7 @@ int tls1_change_cipher_state(SSL *s, int which) memcpy(mac_secret, ms, i); - if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { + if (!(EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) { if (mac_type == EVP_PKEY_HMAC) { mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC", s->ctx->propq, mac_secret, @@ -377,7 +377,7 @@ int tls1_change_cipher_state(SSL *s, int which) (int)*mac_secret_size); } if (mac_key == NULL - || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_name(m), + || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_get0_name(m), s->ctx->libctx, s->ctx->propq, mac_key, NULL) <= 0) { EVP_PKEY_free(mac_key); @@ -392,14 +392,14 @@ int tls1_change_cipher_state(SSL *s, int which) BIO_dump_indent(trc_out, ms, i, 4); } OSSL_TRACE_END(TLS); - if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { + if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k, iv)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) { + } else if (EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) { int taglen; if (s->s3.tmp. new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) @@ -421,13 +421,14 @@ int tls1_change_cipher_state(SSL *s, int which) } } /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */ - if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size + if ((EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) + && *mac_secret_size && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY, (int)*mac_secret_size, mac_secret)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - if (EVP_CIPHER_provider(c) != NULL + if (EVP_CIPHER_get0_provider(c) != NULL && !tls_provider_set_tls_params(s, dd, c, m)) { /* SSLfatal already called */ goto err; @@ -510,7 +511,7 @@ int tls1_change_cipher_state(SSL *s, int which) OSSL_TRACE_BEGIN(TLS) { BIO_printf(trc_out, "which = %04X, key:\n", which); - BIO_dump_indent(trc_out, key, EVP_CIPHER_key_length(c), 4); + BIO_dump_indent(trc_out, key, EVP_CIPHER_get_key_length(c), 4); BIO_printf(trc_out, "iv:\n"); BIO_dump_indent(trc_out, iv, k, 4); } OSSL_TRACE_END(TLS); @@ -546,7 +547,8 @@ int tls1_setup_key_block(SSL *s) s->s3.tmp.new_hash = hash; s->s3.tmp.new_mac_pkey_type = mac_type; s->s3.tmp.new_mac_secret_size = mac_secret_size; - num = mac_secret_size + EVP_CIPHER_key_length(c) + tls_iv_length_within_key_block(c); + num = mac_secret_size + EVP_CIPHER_get_key_length(c) + + tls_iv_length_within_key_block(c); num *= 2; ssl3_cleanup_key_block(s); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1dc57af43a..d22a794d37 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -357,7 +357,7 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) * assumption to make (in which case perhaps we should document this * behaviour)? */ - if (EVP_KEYMGMT_provider(keymgmt) == provider) { + if (EVP_KEYMGMT_get0_provider(keymgmt) == provider) { /* We have a match - so we will use this group */ ctx->group_list_len++; ginf = NULL; @@ -1235,7 +1235,7 @@ int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd) * SHA512 has a hash length of 64 bytes, which is incompatible * with a 128 byte (1024 bit) key. */ -#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2) +#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_get_size(md) + 2) static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey, const SIGALG_LOOKUP *lu) { @@ -1245,7 +1245,7 @@ static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey, return 0; if (!tls1_lookup_md(ctx, lu, &md) || md == NULL) return 0; - if (EVP_PKEY_size(pkey) < RSA_PSS_MINIMUM_KEY_SIZE(md)) + if (EVP_PKEY_get_size(pkey) < RSA_PSS_MINIMUM_KEY_SIZE(md)) return 0; return 1; } @@ -1418,10 +1418,10 @@ static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu) return 0; if (md != NULL) { - int md_type = EVP_MD_type(md); + int md_type = EVP_MD_get_type(md); /* Security bits: half digest bits */ - secbits = EVP_MD_size(md) * 4; + secbits = EVP_MD_get_size(md) * 4; /* * SHA1 and MD5 are known to be broken. Reduce security bits so that * they're no longer accepted at security level 1. The real values don't @@ -1463,7 +1463,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) const SIGALG_LOOKUP *lu; int secbits = 0; - pkeyid = EVP_PKEY_id(pkey); + pkeyid = EVP_PKEY_get_id(pkey); /* Should never happen */ if (pkeyid == -1) return -1; @@ -1490,7 +1490,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) return 0; } /* Check the sigalg is consistent with the key OID */ - if (!ssl_cert_lookup_by_nid(EVP_PKEY_id(pkey), &cidx) + if (!ssl_cert_lookup_by_nid(EVP_PKEY_get_id(pkey), &cidx) || lu->sig_idx != (int)cidx) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE); return 0; @@ -1560,7 +1560,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) secbits = sigalg_security_bits(s->ctx, lu); if (secbits == 0 || !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, - md != NULL ? EVP_MD_type(md) : NID_undef, + md != NULL ? EVP_MD_get_type(md) : NID_undef, (void *)sigalgstr)) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); return 0; @@ -1893,7 +1893,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, /* Sanity check ticket length: must exceed keyname + IV + HMAC */ if (eticklen <= - TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) { + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx) + mlen) { ret = SSL_TICKET_NO_DECRYPT; goto end; } @@ -1911,8 +1911,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ - p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); - eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx); + p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); + eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); sdec = OPENSSL_malloc(eticklen); if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, (int)eticklen) <= 0) { @@ -2898,7 +2898,7 @@ EVP_PKEY *ssl_get_auto_dh(SSL *s) } else { if (s->s3.tmp.cert == NULL) return NULL; - dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey); + dh_secbits = EVP_PKEY_get_security_bits(s->s3.tmp.cert->privatekey); } } @@ -2950,7 +2950,7 @@ static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op) * reject keys which omit parameters but this only affects DSA and * omission of parameters is never (?) done in practice. */ - secbits = EVP_PKEY_security_bits(pkey); + secbits = EVP_PKEY_get_security_bits(pkey); } if (s) return ssl_security(s, op, secbits, 0, x); diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index dba1e5fb8c..53aeea446b 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -43,7 +43,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, EVP_KDF_CTX *kctx; OSSL_PARAM params[5], *p = params; int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY; - const char *mdname = EVP_MD_name(md); + const char *mdname = EVP_MD_get0_name(md); int ret; size_t hkdflabellen; size_t hashlen; @@ -76,7 +76,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, return 0; } - hashlen = EVP_MD_size(md); + hashlen = EVP_MD_get_size(md); if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0) || !WPACKET_put_bytes_u16(&pkt, outlen) @@ -185,7 +185,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, EVP_KDF_CTX *kctx; OSSL_PARAM params[5], *p = params; int mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY; - const char *mdname = EVP_MD_name(md); + const char *mdname = EVP_MD_get0_name(md); #ifdef CHARSET_EBCDIC static const char derived_secret_label[] = { 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x64, 0x00 }; #else @@ -201,7 +201,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, return 0; } - mdleni = EVP_MD_size(md); + mdleni = EVP_MD_get_size(md); /* Ensure cast to size_t is safe */ if (!ossl_assert(mdleni >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -293,7 +293,7 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out, { const EVP_MD *md = ssl_handshake_md(s); - *secret_size = EVP_MD_size(md); + *secret_size = EVP_MD_get_size(md); /* Calls SSLfatal() if required */ return tls13_generate_secret(s, md, prev, NULL, 0, out); } @@ -305,7 +305,7 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out, size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, unsigned char *out) { - const char *mdname = EVP_MD_name(ssl_handshake_md(s)); + const char *mdname = EVP_MD_get0_name(ssl_handshake_md(s)); unsigned char hash[EVP_MAX_MD_SIZE]; unsigned char finsecret[EVP_MAX_MD_SIZE]; unsigned char *key = NULL; @@ -386,7 +386,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, EVP_CIPHER_CTX *ciph_ctx) { size_t ivlen, keylen, taglen; - int hashleni = EVP_MD_size(md); + int hashleni = EVP_MD_get_size(md); size_t hashlen; /* Ensure cast to size_t is safe */ @@ -403,8 +403,8 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, } /* TODO(size_t): convert me */ - keylen = EVP_CIPHER_key_length(ciph); - if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) { + keylen = EVP_CIPHER_get_key_length(ciph); + if (EVP_CIPHER_get_mode(ciph) == EVP_CIPH_CCM_MODE) { uint32_t algenc; ivlen = EVP_CCM_TLS_IV_LEN; @@ -425,7 +425,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, else taglen = EVP_CCM_TLS_TAG_LEN; } else { - ivlen = EVP_CIPHER_iv_length(ciph); + ivlen = EVP_CIPHER_get_iv_length(ciph); taglen = 0; } @@ -611,7 +611,7 @@ int tls13_change_cipher_state(SSL *s, int which) } else if (which & SSL3_CC_HANDSHAKE) { insecret = s->handshake_secret; finsecret = s->client_finished_secret; - finsecretlen = EVP_MD_size(ssl_handshake_md(s)); + finsecretlen = EVP_MD_get_size(ssl_handshake_md(s)); label = client_handshake_traffic; labellen = sizeof(client_handshake_traffic) - 1; log_label = CLIENT_HANDSHAKE_LABEL; @@ -643,7 +643,7 @@ int tls13_change_cipher_state(SSL *s, int which) if (which & SSL3_CC_HANDSHAKE) { insecret = s->handshake_secret; finsecret = s->server_finished_secret; - finsecretlen = EVP_MD_size(ssl_handshake_md(s)); + finsecretlen = EVP_MD_get_size(ssl_handshake_md(s)); label = server_handshake_traffic; labellen = sizeof(server_handshake_traffic) - 1; log_label = SERVER_HANDSHAKE_LABEL; @@ -798,7 +798,7 @@ int tls13_update_key(SSL *s, int sending) static const unsigned char application_traffic[] = "traffic upd"; #endif const EVP_MD *md = ssl_handshake_md(s); - size_t hashlen = EVP_MD_size(md); + size_t hashlen = EVP_MD_get_size(md); unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char *insecret, *iv; unsigned char secret[EVP_MAX_MD_SIZE]; diff --git a/test/acvp_test.c b/test/acvp_test.c index 84009193c2..05a328a6ad 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c @@ -92,7 +92,7 @@ static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name, EVP_MD_CTX *md_ctx = NULL; unsigned char *sig = NULL; size_t sig_len; - size_t sz = EVP_PKEY_size(pkey); + size_t sz = EVP_PKEY_get_size(pkey); if (!TEST_ptr(sig = OPENSSL_malloc(sz)) || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c index 1dc3aa86be..c371f4754e 100644 --- a/test/aesgcmtest.c +++ b/test/aesgcmtest.c @@ -54,7 +54,7 @@ static int do_encrypt(unsigned char *iv_gen, unsigned char *ct, int *ct_len, && TEST_true(EVP_EncryptUpdate(ctx, ct, ct_len, gcm_pt, sizeof(gcm_pt)) > 0) && TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &outlen) > 0) - && TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 16) + && TEST_int_eq(EVP_CIPHER_CTX_get_tag_length(ctx), 16) && TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, tag) > 0) && TEST_true(iv_gen == NULL @@ -76,7 +76,7 @@ static int do_decrypt(const unsigned char *iv, const unsigned char *ct, && TEST_true(EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL) > 0) && TEST_true(EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, iv) > 0) - && TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 16) + && TEST_int_eq(EVP_CIPHER_CTX_get_tag_length(ctx), 16) && TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)) > 0) && TEST_true(EVP_DecryptUpdate(ctx, pt, &ptlen, ct, diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index a67db1737e..f8c6b142d8 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -382,7 +382,7 @@ static int send_finished(SSL *s, BIO *rbio) return 0; do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, - handshake_hash, EVP_MD_CTX_size(handshake_md), + handshake_hash, EVP_MD_CTX_get_size(handshake_md), NULL, 0, finished_msg + DTLS1_HM_HEADER_LENGTH, TLS1_FINISH_MAC_LENGTH); diff --git a/test/defltfips_test.c b/test/defltfips_test.c index a8349211b6..21c5e1524d 100644 --- a/test/defltfips_test.c +++ b/test/defltfips_test.c @@ -36,7 +36,8 @@ static int test_is_fips_enabled(void) if (!TEST_ptr(sha256)) return 0; if (is_fips - && !TEST_str_eq(OSSL_PROVIDER_name(EVP_MD_provider(sha256)), "fips")) { + && !TEST_str_eq(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(sha256)), + "fips")) { EVP_MD_free(sha256); return 0; } diff --git a/test/drbgtest.c b/test/drbgtest.c index ad5266ce3e..a6fd46595a 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -81,7 +81,7 @@ static int rand_priv_bytes(unsigned char *buf, int num) */ static int state(EVP_RAND_CTX *drbg) { - return EVP_RAND_state(drbg); + return EVP_RAND_get_state(drbg); } static unsigned int query_rand_uint(EVP_RAND_CTX *drbg, const char *name) diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 66ab2bc930..c94d7d8dab 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -179,7 +179,7 @@ static int set_sm2_id(EVP_MD_CTX *mctx, EVP_PKEY *pkey) static const char sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' }; EVP_PKEY_CTX *pctx; - if (!TEST_ptr(pctx = EVP_MD_CTX_pkey_ctx(mctx)) + if (!TEST_ptr(pctx = EVP_MD_CTX_get_pkey_ctx(mctx)) || !TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, sm2_id, sizeof(sm2_id)), 0)) return 0; return 1; diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c index b3bd4f5872..121e2de3d4 100644 --- a/test/endecoder_legacy_test.c +++ b/test/endecoder_legacy_test.c @@ -518,7 +518,7 @@ static int test_key(int idx) if (!TEST_ptr(pkey = key->key) || !TEST_true(evp_pkey_copy_downgraded(&downgraded_pkey, pkey)) || !TEST_ptr(downgraded_pkey) - || !TEST_int_eq(EVP_PKEY_id(downgraded_pkey), key->evp_type) + || !TEST_int_eq(EVP_PKEY_get_id(downgraded_pkey), key->evp_type) || !TEST_ptr(legacy_obj = EVP_PKEY_get0(downgraded_pkey))) goto end; diff --git a/test/enginetest.c b/test/enginetest.c index 67e4941cdf..64d31acadb 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -260,7 +260,7 @@ static int test_redirect(void) if (!TEST_ptr(pkey = get_test_pkey())) goto err; - len = EVP_PKEY_size(pkey); + len = EVP_PKEY_get_size(pkey); if (!TEST_ptr(tmp = OPENSSL_malloc(len))) goto err; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 10ab4bfc9e..f91784b3a9 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -844,7 +844,7 @@ static int test_EVP_Enveloped(int n) goto err; if (!TEST_ptr(keypair = load_example_rsa_key()) - || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) + || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, &keypair, 1)) @@ -1088,7 +1088,7 @@ static int test_d2i_AutoPrivateKey(int i) p = input; if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) || !TEST_ptr_eq(p, input + input_len) - || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) + || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) goto done; ret = 1; @@ -1734,7 +1734,7 @@ static int test_EVP_PKEY_check(int i) if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) goto done; if (type == 0 - && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) + && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) goto done; if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) @@ -2334,11 +2334,11 @@ static int test_EVP_PKEY_set1_DH(void) goto err; if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) - || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX)) + || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) goto err; if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) - || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH)) + || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) goto err; ret = 1; @@ -2616,7 +2616,7 @@ static int test_evp_iv_aes(int idx) || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) goto err; - ivlen = EVP_CIPHER_CTX_iv_length(ctx); + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) goto err; @@ -2727,7 +2727,7 @@ static int test_evp_iv_des(int idx) || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) goto err; - ivlen = EVP_CIPHER_CTX_iv_length(ctx); + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) goto err; diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c index e480ae9555..d932b73dd7 100644 --- a/test/evp_extra_test2.c +++ b/test/evp_extra_test2.c @@ -275,7 +275,7 @@ static int test_d2i_AutoPrivateKey_ex(int i) if (!TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &p, input_len, mainctx, NULL)) || !TEST_ptr_eq(p, input + input_len) - || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) + || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) goto done; if (ak->evptype == EVP_PKEY_RSA) { diff --git a/test/evp_fetch_prov_test.c b/test/evp_fetch_prov_test.c index 07cf79d8ae..fc10bdad57 100644 --- a/test/evp_fetch_prov_test.c +++ b/test/evp_fetch_prov_test.c @@ -149,8 +149,8 @@ static int test_md(const EVP_MD *md) return TEST_ptr(md) && TEST_true(EVP_MD_is_a(md, "SHA256")) && TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd)) - && TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH) - && TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK); + && TEST_int_eq(EVP_MD_get_size(md), SHA256_DIGEST_LENGTH) + && TEST_int_eq(EVP_MD_get_block_size(md), SHA256_CBLOCK); } static int test_implicit_EVP_MD_fetch(void) diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index ed7407255a..94d2b0ac58 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -1352,8 +1352,8 @@ static int test_kdfs_same( EVP_KDF *kdf1, EVP_KDF *kdf2) * because without the algorithm in the cache, fetching it a second time * will result in a different pointer. */ - return TEST_ptr_eq(EVP_KDF_provider(kdf1), EVP_KDF_provider(kdf2)) - && TEST_str_eq(EVP_KDF_name(kdf1), EVP_KDF_name(kdf2)); + return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2)) + && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2)); } static int test_kdf_get_kdf(void) diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index f51de88c55..b9794b6b7d 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -349,10 +349,10 @@ static int test_cipher_reinit(int test_id) goto err; /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */ - ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE); + ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE); /* siv cannot be called with NULL key as the iv is irrelevant */ - siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE); + siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE); /* * Skip init call with a null key for RC4 as the stream cipher does not @@ -439,14 +439,14 @@ static int test_cipher_reinit_partialupdate(int test_id) if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL))) goto err; - in_len = EVP_CIPHER_block_size(cipher) / 2; + in_len = EVP_CIPHER_get_block_size(cipher) / 2; /* skip any ciphers that don't allow partial updates */ - if (((EVP_CIPHER_flags(cipher) + if (((EVP_CIPHER_get_flags(cipher) & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0) - || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE - || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE - || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) { + || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE + || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE + || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) { ret = 1; goto err; } @@ -460,7 +460,7 @@ static int test_cipher_reinit_partialupdate(int test_id) if (!TEST_mem_eq(out1, out1_len, out2, out2_len)) goto err; - if (EVP_CIPHER_mode(cipher) != EVP_CIPH_SIV_MODE) { + if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) { if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv)) || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len))) goto err; @@ -484,7 +484,7 @@ static int name_cmp(const char * const *a, const char * const *b) static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) { STACK_OF(OPENSSL_STRING) *names = cipher_names_list; - const char *name = EVP_CIPHER_name(cipher); + const char *name = EVP_CIPHER_get0_name(cipher); char *namedup = NULL; assert(name != NULL); diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 681a8e5846..92b3614f6e 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -346,9 +346,9 @@ static int test_fromdata_rsa(void) while (dup_pk == NULL) { ret = 0; - if (!TEST_int_eq(EVP_PKEY_bits(pk), 32) - || !TEST_int_eq(EVP_PKEY_security_bits(pk), 8) - || !TEST_int_eq(EVP_PKEY_size(pk), 4) + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32) + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8) + || !TEST_int_eq(EVP_PKEY_get_size(pk), 4) || !TEST_false(EVP_PKEY_missing_parameters(pk))) goto err; @@ -528,9 +528,9 @@ static int test_fromdata_dh_named_group(void) while (dup_pk == NULL) { ret = 0; - if (!TEST_int_eq(EVP_PKEY_bits(pk), 2048) - || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112) - || !TEST_int_eq(EVP_PKEY_size(pk), 256) + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112) + || !TEST_int_eq(EVP_PKEY_get_size(pk), 256) || !TEST_false(EVP_PKEY_missing_parameters(pk))) goto err; @@ -709,9 +709,9 @@ static int test_fromdata_dh_fips186_4(void) while (dup_pk == NULL) { ret = 0; - if (!TEST_int_eq(EVP_PKEY_bits(pk), 2048) - || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112) - || !TEST_int_eq(EVP_PKEY_size(pk), 256) + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112) + || !TEST_int_eq(EVP_PKEY_get_size(pk), 256) || !TEST_false(EVP_PKEY_missing_parameters(pk))) goto err; @@ -1016,9 +1016,9 @@ static int test_fromdata_ecx(int tst) while (dup_pk == NULL) { ret = 0; - if (!TEST_int_eq(EVP_PKEY_bits(pk), bits) - || !TEST_int_eq(EVP_PKEY_security_bits(pk), security_bits) - || !TEST_int_eq(EVP_PKEY_size(pk), size) + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits) + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits) + || !TEST_int_eq(EVP_PKEY_get_size(pk), size) || !TEST_false(EVP_PKEY_missing_parameters(pk))) goto err; @@ -1154,9 +1154,9 @@ static int test_fromdata_ec(void) while (dup_pk == NULL) { ret = 0; - if (!TEST_int_eq(EVP_PKEY_bits(pk), 256) - || !TEST_int_eq(EVP_PKEY_security_bits(pk), 128) - || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 35 * 2) + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256) + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128) + || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2) || !TEST_false(EVP_PKEY_missing_parameters(pk))) goto err; @@ -1459,9 +1459,9 @@ static int test_fromdata_dsa_fips186_4(void) while (dup_pk == NULL) { ret = 0; - if (!TEST_int_eq(EVP_PKEY_bits(pk), 2048) - || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112) - || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 2 * (3 + sizeof(q_data))) + if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) + || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112) + || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data))) || !TEST_false(EVP_PKEY_missing_parameters(pk))) goto err; diff --git a/test/evp_test.c b/test/evp_test.c index bf4777eb56..059de1251f 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -431,7 +431,7 @@ static int digest_test_run(EVP_TEST *t) goto err; } - if (EVP_MD_flags(expected->digest) & EVP_MD_FLAG_XOF) { + if (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) { EVP_MD_CTX *mctx_cpy; char dont[] = "touch"; @@ -541,13 +541,13 @@ static int cipher_test_init(EVP_TEST *t, const char *alg) cdat->cipher = cipher; cdat->fetched_cipher = fetched_cipher; cdat->enc = -1; - m = EVP_CIPHER_mode(cipher); + m = EVP_CIPHER_get_mode(cipher); if (m == EVP_CIPH_GCM_MODE || m == EVP_CIPH_OCB_MODE || m == EVP_CIPH_SIV_MODE || m == EVP_CIPH_CCM_MODE) cdat->aead = m; - else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) + else if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) cdat->aead = -1; else cdat->aead = 0; @@ -714,7 +714,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, t->err = "INVALID_IV_LENGTH"; goto err; } - } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx_base)) { + } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) { t->err = "INVALID_IV_LENGTH"; goto err; } @@ -770,9 +770,9 @@ static int cipher_test_enc(EVP_TEST *t, int enc, /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */ unsigned char iv[128]; if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv))) - || ((EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 - && !TEST_mem_eq(expected->iv, expected->iv_len, iv, - expected->iv_len))) { + || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 + && !TEST_mem_eq(expected->iv, expected->iv_len, iv, + expected->iv_len))) { t->err = "INVALID_IV"; goto err; } @@ -894,9 +894,9 @@ static int cipher_test_enc(EVP_TEST *t, int enc, /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */ unsigned char iv[128]; if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) - || ((EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 - && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv, - expected->iv_len))) { + || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0 + && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv, + expected->iv_len))) { t->err = "INVALID_NEXT_IV"; goto err; } @@ -922,9 +922,9 @@ static int cipher_test_run(EVP_TEST *t) t->err = "NO_KEY"; return 0; } - if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) { + if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher)) { /* IV is optional and usually omitted in wrap mode */ - if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { + if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) { t->err = "NO_IV"; return 0; } @@ -976,10 +976,10 @@ static int cipher_test_run(EVP_TEST *t) * lengths so we don't fragment for those */ if (cdat->aead == EVP_CIPH_CCM_MODE - || ((EVP_CIPHER_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0) - || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_SIV_MODE - || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE - || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) + || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0) + || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE + || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE + || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE) break; out_misalign = 0; frag++; @@ -1959,7 +1959,8 @@ static int pbe_test_run(EVP_TEST *t) } #endif } else if (expected->pbe_type == PBE_TYPE_PKCS12) { - fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(expected->md), NULL); + fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md), + NULL); if (fetched_digest == NULL) { t->err = "PKCS12_ERROR"; goto err; @@ -2332,7 +2333,7 @@ static int rand_test_run(EVP_TEST *t) if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params))) goto err; - strength = EVP_RAND_strength(expected->ctx); + strength = EVP_RAND_get_strength(expected->ctx); for (i = 0; i <= expected->n; i++) { item = expected->data + i; @@ -2401,7 +2402,7 @@ static int rand_test_run(EVP_TEST *t) if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx)) || !TEST_true(EVP_RAND_uninstantiate(expected->parent)) || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx)) - || !TEST_int_eq(EVP_RAND_state(expected->ctx), + || !TEST_int_eq(EVP_RAND_get_state(expected->ctx), EVP_RAND_STATE_UNINITIALISED)) goto err; } @@ -2971,7 +2972,7 @@ static int digestsigver_test_parse(EVP_TEST *t, if (strcmp(keyword, "Key") == 0) { EVP_PKEY *pkey = NULL; int rv = 0; - const char *name = mdata->md == NULL ? NULL : EVP_MD_name(mdata->md); + const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md); if (mdata->is_verify) rv = find_key(&pkey, value, public_keys); diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index bba78f6d79..97255306da 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -1240,7 +1240,7 @@ static int pkey_type(EVP_PKEY *pkey) return NID_undef; return OBJ_txt2nid(name); } - return EVP_PKEY_id(pkey); + return EVP_PKEY_get_id(pkey); } static int peer_pkey_type(SSL *s) diff --git a/test/provider_fallback_test.c b/test/provider_fallback_test.c index 79765d9b65..116a2f4965 100644 --- a/test/provider_fallback_test.c +++ b/test/provider_fallback_test.c @@ -20,8 +20,8 @@ static int test_provider(OSSL_LIB_CTX *ctx) ok = TEST_true(OSSL_PROVIDER_available(ctx, "default")) && TEST_ptr(rsameth = EVP_KEYMGMT_fetch(ctx, "RSA", NULL)) - && TEST_ptr(prov = EVP_KEYMGMT_provider(rsameth)) - && TEST_str_eq(OSSL_PROVIDER_name(prov), "default"); + && TEST_ptr(prov = EVP_KEYMGMT_get0_provider(rsameth)) + && TEST_str_eq(OSSL_PROVIDER_get0_name(prov), "default"); EVP_KEYMGMT_free(rsameth); return ok; diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c index 6c295451c1..7a37ef8c24 100644 --- a/test/provider_internal_test.c +++ b/test/provider_internal_test.c @@ -118,7 +118,7 @@ static int test_cache_flushes(void) goto err; if (!TEST_ptr_null(md = EVP_MD_fetch(ctx, "SHA256", NULL))) { - const char *provname = OSSL_PROVIDER_name(EVP_MD_provider(md)); + const char *provname = OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(md)); if (OSSL_PROVIDER_available(NULL, provname)) TEST_info("%s provider is available\n", provname); diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index ad9a4a256c..c779b72371 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -717,7 +717,7 @@ static void sv_usage(void) static void print_key_details(BIO *out, EVP_PKEY *key) { - int keyid = EVP_PKEY_id(key); + int keyid = EVP_PKEY_get_id(key); #ifndef OPENSSL_NO_EC if (keyid == EVP_PKEY_EC) { @@ -726,7 +726,7 @@ static void print_key_details(BIO *out, EVP_PKEY *key) if (!EVP_PKEY_get_group_name(key, group, sizeof(group), &size)) strcpy(group, "unknown group"); - BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), group); + BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_get_bits(key), group); } else #endif { @@ -745,7 +745,7 @@ static void print_key_details(BIO *out, EVP_PKEY *key) algname = OBJ_nid2sn(keyid); break; } - BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname); + BIO_printf(out, "%d bits %s", EVP_PKEY_get_bits(key), algname); } } diff --git a/test/sslapitest.c b/test/sslapitest.c index b687ab9e22..7275d6f9c6 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -8850,7 +8850,7 @@ static int test_dh_auto(int idx) if (!TEST_int_gt(SSL_get_tmp_key(serverssl, &tmpkey), 0)) goto end; - if (!TEST_size_t_eq(EVP_PKEY_bits(tmpkey), expdhsize)) + if (!TEST_size_t_eq(EVP_PKEY_get_bits(tmpkey), expdhsize)) goto end; if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index 3bb189f0b5..f83da872e8 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -347,7 +347,7 @@ static int test_tls13_encryption(void) for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) { /* Load the record */ - ivlen = EVP_CIPHER_iv_length(ciph); + ivlen = EVP_CIPHER_get_iv_length(ciph); if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen, RECORD_LAYER_get_read_sequence(&s->rlayer))) { TEST_error("Failed loading key into EVP_CIPHER_CTX"); diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index 5a16f306f7..bf214d3d5b 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -314,7 +314,7 @@ static int test_handshake_secrets(void) handshake_secret, sizeof(handshake_secret))) goto err; - hashsize = EVP_MD_size(ssl_handshake_md(s)); + hashsize = EVP_MD_get_size(ssl_handshake_md(s)); if (!TEST_size_t_eq(sizeof(client_hts), hashsize)) goto err; if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN)) diff --git a/util/libcrypto.num b/util/libcrypto.num index c7d89421a2..3d44181f22 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -163,7 +163,7 @@ CT_POLICY_EVAL_CTX_free 165 3_0_0 EXIST::FUNCTION:CT CMS_RecipientInfo_kari_get0_ctx 166 3_0_0 EXIST::FUNCTION:CMS PKCS7_set_attributes 167 3_0_0 EXIST::FUNCTION: d2i_POLICYQUALINFO 168 3_0_0 EXIST::FUNCTION: -EVP_MD_type 170 3_0_0 EXIST::FUNCTION: +EVP_MD_get_type 170 3_0_0 EXIST::FUNCTION: EVP_PKCS82PKEY 171 3_0_0 EXIST::FUNCTION: BN_generate_prime_ex 172 3_0_0 EXIST::FUNCTION: EVP_EncryptInit 173 3_0_0 EXIST::FUNCTION: @@ -172,7 +172,7 @@ BN_uadd 175 3_0_0 EXIST::FUNCTION: EVP_PKEY_derive_init 176 3_0_0 EXIST::FUNCTION: PEM_write_bio_ASN1_stream 177 3_0_0 EXIST::FUNCTION: EVP_PKEY_delete_attr 178 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_key_length 179 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_key_length 179 3_0_0 EXIST::FUNCTION: BIO_clear_flags 180 3_0_0 EXIST::FUNCTION: i2d_DISPLAYTEXT 181 3_0_0 EXIST::FUNCTION: OCSP_response_status 182 3_0_0 EXIST::FUNCTION:OCSP @@ -197,7 +197,7 @@ BN_nist_mod_256 200 3_0_0 EXIST::FUNCTION: OCSP_request_add0_id 201 3_0_0 EXIST::FUNCTION:OCSP EVP_seed_cfb128 202 3_0_0 EXIST::FUNCTION:SEED BASIC_CONSTRAINTS_free 203 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_flags 204 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_flags 204 3_0_0 EXIST::FUNCTION: PEM_write_bio_ECPKParameters 205 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SCT_set_version 206 3_0_0 EXIST::FUNCTION:CT CMS_add1_ReceiptRequest 207 3_0_0 EXIST::FUNCTION:CMS @@ -422,7 +422,7 @@ X509_REVOKED_get_ext 429 3_0_0 EXIST::FUNCTION: d2i_RSA_PSS_PARAMS 430 3_0_0 EXIST::FUNCTION: USERNOTICE_free 431 3_0_0 EXIST::FUNCTION: MD4_Transform 432 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 -EVP_CIPHER_block_size 433 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_block_size 433 3_0_0 EXIST::FUNCTION: CERTIFICATEPOLICIES_new 434 3_0_0 EXIST::FUNCTION: BIO_dump_fp 435 3_0_0 EXIST::FUNCTION:STDIO BIO_set_flags 436 3_0_0 EXIST::FUNCTION: @@ -734,7 +734,7 @@ X509_STORE_CTX_new 753 3_0_0 EXIST::FUNCTION: CTLOG_STORE_new 754 3_0_0 EXIST::FUNCTION:CT EVP_CIPHER_meth_set_cleanup 755 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 d2i_PKCS12_SAFEBAG 756 3_0_0 EXIST::FUNCTION: -EVP_MD_pkey_type 757 3_0_0 EXIST::FUNCTION: +EVP_MD_get_pkey_type 757 3_0_0 EXIST::FUNCTION: X509_policy_node_get0_qualifiers 758 3_0_0 EXIST::FUNCTION: OCSP_cert_status_str 759 3_0_0 EXIST::FUNCTION:OCSP EVP_MD_meth_get_flags 760 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -781,7 +781,7 @@ RC4_options 801 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3 BIO_f_null 802 3_0_0 EXIST::FUNCTION: EC_GROUP_set_curve_name 803 3_0_0 EXIST::FUNCTION:EC d2i_PBE2PARAM 804 3_0_0 EXIST::FUNCTION: -EVP_PKEY_security_bits 805 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_security_bits 805 3_0_0 EXIST::FUNCTION: PKCS12_unpack_p7encdata 806 3_0_0 EXIST::FUNCTION: X509V3_EXT_i2d 807 3_0_0 EXIST::FUNCTION: X509V3_get_value_bool 808 3_0_0 EXIST::FUNCTION: @@ -1507,7 +1507,7 @@ SRP_Verify_B_mod_N 1541 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ SXNET_free 1542 3_0_0 EXIST::FUNCTION: CMS_get0_content 1543 3_0_0 EXIST::FUNCTION:CMS BN_is_word 1544 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_key_length 1545 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_key_length 1545 3_0_0 EXIST::FUNCTION: EVP_CIPHER_asn1_to_param 1546 3_0_0 EXIST::FUNCTION: OCSP_request_onereq_get0 1547 3_0_0 EXIST::FUNCTION:OCSP ERR_load_PKCS7_strings 1548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 @@ -1518,7 +1518,7 @@ EVP_PKEY_get_attr_by_NID 1552 3_0_0 EXIST::FUNCTION: BIO_get_accept_socket 1553 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK CMS_SignerInfo_sign 1554 3_0_0 EXIST::FUNCTION:CMS ASN1_item_i2d_bio 1555 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_block_size 1556 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_block_size 1556 3_0_0 EXIST::FUNCTION: DIRECTORYSTRING_free 1557 3_0_0 EXIST::FUNCTION: TS_CONF_set_default_engine 1558 3_0_0 EXIST::FUNCTION:ENGINE,TS BN_set_bit 1559 3_0_0 EXIST::FUNCTION: @@ -1528,7 +1528,7 @@ TS_TST_INFO_get_tsa 1562 3_0_0 EXIST::FUNCTION:TS EC_GROUP_check 1563 3_0_0 EXIST::FUNCTION:EC OPENSSL_sk_delete 1564 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_extension_cb 1565 3_0_0 EXIST::FUNCTION:TS -EVP_CIPHER_CTX_nid 1566 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_nid 1566 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_add_md 1567 3_0_0 EXIST::FUNCTION:TS DES_set_key 1568 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES X509V3_extensions_print 1569 3_0_0 EXIST::FUNCTION: @@ -2037,7 +2037,7 @@ d2i_RSAPublicKey 2084 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ i2d_ASN1_GENERALSTRING 2085 3_0_0 EXIST::FUNCTION: POLICYQUALINFO_new 2086 3_0_0 EXIST::FUNCTION: PKCS7_RECIP_INFO_get0_alg 2087 3_0_0 EXIST::FUNCTION: -EVP_PKEY_base_id 2088 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_base_id 2088 3_0_0 EXIST::FUNCTION: UI_method_set_opener 2089 3_0_0 EXIST::FUNCTION: X509v3_get_ext_by_NID 2090 3_0_0 EXIST::FUNCTION: TS_CONF_set_policies 2091 3_0_0 EXIST::FUNCTION:TS @@ -2111,7 +2111,7 @@ X509_add1_trust_object 2157 3_0_0 EXIST::FUNCTION: PEM_write_X509 2158 3_0_0 EXIST::FUNCTION:STDIO BN_CTX_free 2159 3_0_0 EXIST::FUNCTION: EC_GROUP_get_curve_GF2m 2160 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M -EVP_MD_flags 2161 3_0_0 EXIST::FUNCTION: +EVP_MD_get_flags 2161 3_0_0 EXIST::FUNCTION: OPENSSL_sk_set 2162 3_0_0 EXIST::FUNCTION: OCSP_request_sign 2163 3_0_0 EXIST::FUNCTION:OCSP BN_GF2m_mod_solve_quad 2164 3_0_0 EXIST::FUNCTION:EC2M @@ -2168,7 +2168,7 @@ TS_RESP_CTX_set_clock_precision_digits 2216 3_0_0 EXIST::FUNCTION:TS SCT_LIST_validate 2217 3_0_0 EXIST::FUNCTION:CT X509_PURPOSE_get_id 2218 3_0_0 EXIST::FUNCTION: EC_KEY_get_ex_data 2219 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -EVP_MD_size 2220 3_0_0 EXIST::FUNCTION: +EVP_MD_get_size 2220 3_0_0 EXIST::FUNCTION: CRYPTO_malloc 2221 3_0_0 EXIST::FUNCTION: ERR_load_ASN1_strings 2222 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_REQ_get_extension_nids 2223 3_0_0 EXIST::FUNCTION: @@ -2222,7 +2222,7 @@ BN_mod_add_quick 2270 3_0_0 EXIST::FUNCTION: NCONF_free 2271 3_0_0 EXIST::FUNCTION: NETSCAPE_SPKI_b64_decode 2272 3_0_0 EXIST::FUNCTION: BIO_f_md 2273 3_0_0 EXIST::FUNCTION: -EVP_MD_CTX_pkey_ctx 2274 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_get_pkey_ctx 2274 3_0_0 EXIST::FUNCTION: ENGINE_set_default_EC 2275 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE CMS_ReceiptRequest_free 2276 3_0_0 EXIST::FUNCTION:CMS TS_STATUS_INFO_get0_text 2277 3_0_0 EXIST::FUNCTION:TS @@ -2301,7 +2301,7 @@ BIO_s_fd 2350 3_0_0 EXIST::FUNCTION: i2d_CMS_bio 2351 3_0_0 EXIST::FUNCTION:CMS CRYPTO_gcm128_decrypt 2352 3_0_0 EXIST::FUNCTION: EVP_aes_256_ctr 2353 3_0_0 EXIST::FUNCTION: -EVP_PKEY_bits 2354 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_bits 2354 3_0_0 EXIST::FUNCTION: BN_BLINDING_new 2355 3_0_0 EXIST::FUNCTION: ASN1_GENERALIZEDTIME_check 2356 3_0_0 EXIST::FUNCTION: BN_clear_bit 2357 3_0_0 EXIST::FUNCTION: @@ -2358,7 +2358,7 @@ TS_CONF_set_crypto_device 2408 3_0_0 EXIST::FUNCTION:ENGINE,TS COMP_CTX_get_method 2409 3_0_0 EXIST::FUNCTION:COMP EC_GROUP_get_cofactor 2410 3_0_0 EXIST::FUNCTION:EC EVP_rc5_32_12_16_ofb 2411 3_0_0 EXIST::FUNCTION:RC5 -EVP_MD_CTX_md_data 2412 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_get0_md_data 2412 3_0_0 EXIST::FUNCTION: ASN1_PCTX_set_nm_flags 2413 3_0_0 EXIST::FUNCTION: BIO_ctrl 2414 3_0_0 EXIST::FUNCTION: X509_CRL_set_default_method 2415 3_0_0 EXIST::FUNCTION: @@ -2476,7 +2476,7 @@ RAND_egd 2528 3_0_0 EXIST::FUNCTION:EGD ASN1_d2i_bio 2529 3_0_0 EXIST::FUNCTION: X509_REQ_digest 2531 3_0_0 EXIST::FUNCTION: X509_set1_notAfter 2532 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_type 2533 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_type 2533 3_0_0 EXIST::FUNCTION: ASN1_TYPE_set_octetstring 2534 3_0_0 EXIST::FUNCTION: EVP_PKEY_asn1_set_free 2535 3_0_0 EXIST::FUNCTION: CMS_signed_get0_data_by_OBJ 2536 3_0_0 EXIST::FUNCTION:CMS @@ -2665,7 +2665,7 @@ SEED_decrypt 2723 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ PEM_write_PKCS8PrivateKey 2724 3_0_0 EXIST::FUNCTION:STDIO ENGINE_new 2725 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_check_issued 2726 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_iv_length 2727 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_iv_length 2727 3_0_0 EXIST::FUNCTION: DES_string_to_2keys 2728 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DES EVP_PKEY_copy_parameters 2729 3_0_0 EXIST::FUNCTION: CMS_ContentInfo_print_ctx 2730 3_0_0 EXIST::FUNCTION:CMS @@ -3143,7 +3143,7 @@ BN_rand_range 3210 3_0_0 EXIST::FUNCTION: SMIME_write_ASN1 3211 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_new 3212 3_0_0 EXIST::FUNCTION: MD4_Final 3213 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4 -EVP_PKEY_id 3214 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_id 3214 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_get0_pkey_ctx 3215 3_0_0 EXIST::FUNCTION:CMS OCSP_REQINFO_free 3216 3_0_0 EXIST::FUNCTION:OCSP AUTHORITY_KEYID_new 3217 3_0_0 EXIST::FUNCTION: @@ -3443,7 +3443,7 @@ ENGINE_get_first 3516 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ CERTIFICATEPOLICIES_it 3517 3_0_0 EXIST::FUNCTION: EVP_MD_CTX_ctrl 3518 3_0_0 EXIST::FUNCTION: PKCS7_final 3519 3_0_0 EXIST::FUNCTION: -EVP_PKEY_size 3520 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_size 3520 3_0_0 EXIST::FUNCTION: EVP_DecryptFinal_ex 3521 3_0_0 EXIST::FUNCTION: SCT_get_signature_nid 3522 3_0_0 EXIST::FUNCTION:CT PROXY_CERT_INFO_EXTENSION_new 3523 3_0_0 EXIST::FUNCTION: @@ -3580,7 +3580,7 @@ PEM_write_bio_DSAPrivateKey 3661 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ CMS_encrypt 3662 3_0_0 EXIST::FUNCTION:CMS CRYPTO_nistcts128_decrypt 3663 3_0_0 EXIST::FUNCTION: ERR_load_DH_strings 3664 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH -EVP_MD_block_size 3665 3_0_0 EXIST::FUNCTION: +EVP_MD_get_block_size 3665 3_0_0 EXIST::FUNCTION: TS_X509_ALGOR_print_bio 3666 3_0_0 EXIST::FUNCTION:TS d2i_PKCS7_ENVELOPE 3667 3_0_0 EXIST::FUNCTION: ESS_CERT_ID_new 3669 3_0_0 EXIST::FUNCTION: @@ -3608,7 +3608,7 @@ ASN1_UTCTIME_cmp_time_t 3690 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_set1_ip 3691 3_0_0 EXIST::FUNCTION: OTHERNAME_free 3692 3_0_0 EXIST::FUNCTION: OCSP_REVOKEDINFO_free 3693 3_0_0 EXIST::FUNCTION:OCSP -EVP_CIPHER_CTX_encrypting 3694 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_is_encrypting 3694 3_0_0 EXIST::FUNCTION: EC_KEY_can_sign 3695 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PEM_write_bio_RSAPublicKey 3696 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_CRL_set1_lastUpdate 3697 3_0_0 EXIST::FUNCTION: @@ -3715,7 +3715,7 @@ X509_REQ_get_subject_name 3798 3_0_0 EXIST::FUNCTION: BN_div_word 3799 3_0_0 EXIST::FUNCTION: TS_CONF_set_signer_key 3800 3_0_0 EXIST::FUNCTION:TS BN_GF2m_mod_sqrt 3801 3_0_0 EXIST::FUNCTION:EC2M -EVP_CIPHER_nid 3802 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_nid 3802 3_0_0 EXIST::FUNCTION: OBJ_txt2obj 3803 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_kari_get0_orig_id 3804 3_0_0 EXIST::FUNCTION:CMS EVP_bf_ecb 3805 3_0_0 EXIST::FUNCTION:BF @@ -3758,7 +3758,7 @@ PKCS7_add_signed_attribute 3842 3_0_0 EXIST::FUNCTION: i2d_PrivateKey_bio 3843 3_0_0 EXIST::FUNCTION: RSA_padding_add_PKCS1_type_1 3844 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 i2d_re_X509_tbs 3845 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_iv_length 3846 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_iv_length 3846 3_0_0 EXIST::FUNCTION: OSSL_HTTP_REQ_CTX_get0_mem_bio 3847 3_0_0 EXIST::FUNCTION: i2d_PKCS8PrivateKeyInfo_bio 3848 3_0_0 EXIST::FUNCTION: d2i_OCSP_CERTID 3849 3_0_0 EXIST::FUNCTION:OCSP @@ -3811,7 +3811,7 @@ ASN1_ENUMERATED_set_int64 3897 3_0_0 EXIST::FUNCTION: o2i_SCT 3898 3_0_0 EXIST::FUNCTION:CT CRL_DIST_POINTS_free 3899 3_0_0 EXIST::FUNCTION: d2i_OCSP_SINGLERESP 3900 3_0_0 EXIST::FUNCTION:OCSP -EVP_CIPHER_CTX_num 3901 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_num 3901 3_0_0 EXIST::FUNCTION: EVP_PKEY_verify_recover_init 3902 3_0_0 EXIST::FUNCTION: SHA512_Init 3903 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 TS_MSG_IMPRINT_set_msg 3904 3_0_0 EXIST::FUNCTION:TS @@ -4406,7 +4406,7 @@ EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ EVP_MAC_CTX_new 4534 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_free 4535 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_dup 4536 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_mac 4537 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_get0_mac 4537 3_0_0 EXIST::FUNCTION: EVP_MAC_CTX_get_mac_size 4538 3_0_0 EXIST::FUNCTION: EVP_Q_mac 4539 3_0_0 EXIST::FUNCTION: EVP_MAC_init 4540 3_0_0 EXIST::FUNCTION: @@ -4435,7 +4435,7 @@ EVP_KDF_CTX_free 4562 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_reset 4563 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_get_kdf_size 4564 3_0_0 EXIST::FUNCTION: EVP_KDF_derive 4565 3_0_0 EXIST::FUNCTION: -EVP_KDF_name 4566 3_0_0 EXIST::FUNCTION: +EVP_KDF_get0_name 4566 3_0_0 EXIST::FUNCTION: EC_GROUP_get0_field 4567 3_0_0 EXIST::FUNCTION:EC CRYPTO_alloc_ex_data 4568 3_0_0 EXIST::FUNCTION: OSSL_LIB_CTX_new 4569 3_0_0 EXIST::FUNCTION: @@ -4581,7 +4581,7 @@ OSSL_PARAM_construct_end 4708 3_0_0 EXIST::FUNCTION: EC_GROUP_check_named_curve 4709 3_0_0 EXIST::FUNCTION:EC EVP_CIPHER_up_ref 4710 3_0_0 EXIST::FUNCTION: EVP_CIPHER_fetch 4711 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_mode 4712 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_mode 4712 3_0_0 EXIST::FUNCTION: OPENSSL_info 4713 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_new 4714 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_kdf 4715 3_0_0 EXIST::FUNCTION: @@ -4626,16 +4626,16 @@ EVP_PKEY_CTX_set_params 4753 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_fetch 4754 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_up_ref 4755 3_0_0 EXIST::FUNCTION: EVP_KEYMGMT_free 4756 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_provider 4757 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_get0_provider 4757 3_0_0 EXIST::FUNCTION: X509_PUBKEY_dup 4758 3_0_0 EXIST::FUNCTION: -EVP_MD_name 4759 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_name 4760 3_0_0 EXIST::FUNCTION: -EVP_MD_provider 4761 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_provider 4762 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_name 4763 3_0_0 EXIST::FUNCTION: +EVP_MD_get0_name 4759 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get0_name 4760 3_0_0 EXIST::FUNCTION: +EVP_MD_get0_provider 4761 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get0_provider 4762 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_get0_name 4763 3_0_0 EXIST::FUNCTION: EVP_CIPHER_do_all_provided 4764 3_0_0 EXIST::FUNCTION: EVP_MD_do_all_provided 4765 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_provider 4766 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_get0_provider 4766 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_available 4767 3_0_0 EXIST::FUNCTION: ERR_new 4768 3_0_0 EXIST::FUNCTION: ERR_set_debug 4769 3_0_0 EXIST::FUNCTION: @@ -4666,16 +4666,16 @@ EVP_MAC_free 4793 3_0_0 EXIST::FUNCTION: EVP_MAC_up_ref 4794 3_0_0 EXIST::FUNCTION: EVP_MAC_get_params 4795 3_0_0 EXIST::FUNCTION: EVP_MAC_gettable_params 4796 3_0_0 EXIST::FUNCTION: -EVP_MAC_provider 4797 3_0_0 EXIST::FUNCTION: +EVP_MAC_get0_provider 4797 3_0_0 EXIST::FUNCTION: EVP_MAC_do_all_provided 4798 3_0_0 EXIST::FUNCTION: -EVP_MAC_name 4799 3_0_0 EXIST::FUNCTION: +EVP_MAC_get0_name 4799 3_0_0 EXIST::FUNCTION: EVP_MD_free 4800 3_0_0 EXIST::FUNCTION: EVP_CIPHER_free 4801 3_0_0 EXIST::FUNCTION: EVP_KDF_up_ref 4802 3_0_0 EXIST::FUNCTION: EVP_KDF_free 4803 3_0_0 EXIST::FUNCTION: EVP_KDF_fetch 4804 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_dup 4805 3_0_0 EXIST::FUNCTION: -EVP_KDF_provider 4806 3_0_0 EXIST::FUNCTION: +EVP_KDF_get0_provider 4806 3_0_0 EXIST::FUNCTION: EVP_KDF_get_params 4807 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_get_params 4808 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_set_params 4809 3_0_0 EXIST::FUNCTION: @@ -4685,14 +4685,14 @@ EVP_KDF_settable_ctx_params 4812 3_0_0 EXIST::FUNCTION: EVP_KDF_do_all_provided 4813 3_0_0 EXIST::FUNCTION: EVP_SIGNATURE_free 4814 3_0_0 EXIST::FUNCTION: EVP_SIGNATURE_up_ref 4815 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_provider 4816 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_get0_provider 4816 3_0_0 EXIST::FUNCTION: EVP_SIGNATURE_fetch 4817 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_signature_md 4818 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_signature_md 4819 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_get_params 4820 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_gettable_params 4821 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_settable_params 4822 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_tag_length 4823 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_tag_length 4823 3_0_0 EXIST::FUNCTION: ERR_get_error_all 4824 3_0_0 EXIST::FUNCTION: ERR_peek_error_func 4825 3_0_0 EXIST::FUNCTION: ERR_peek_error_data 4826 3_0_0 EXIST::FUNCTION: @@ -4783,13 +4783,13 @@ EVP_KEYMGMT_names_do_all 4910 3_0_0 EXIST::FUNCTION: EVP_KEYEXCH_names_do_all 4911 3_0_0 EXIST::FUNCTION: EVP_KDF_names_do_all 4912 3_0_0 EXIST::FUNCTION: EVP_SIGNATURE_names_do_all 4913 3_0_0 EXIST::FUNCTION: -EVP_MD_number 4914 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_number 4915 3_0_0 EXIST::FUNCTION: -EVP_MAC_number 4916 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_number 4917 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_number 4918 3_0_0 EXIST::FUNCTION: -EVP_KDF_number 4919 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_number 4920 3_0_0 EXIST::FUNCTION: +EVP_MD_get_number 4914 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_number 4915 3_0_0 EXIST::FUNCTION: +EVP_MAC_get_number 4916 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_get_number 4917 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_get_number 4918 3_0_0 EXIST::FUNCTION: +EVP_KDF_get_number 4919 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_get_number 4920 3_0_0 EXIST::FUNCTION: OSSL_CMP_CTX_snprint_PKIStatus 4921 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_HDR_get0_transactionID 4922 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_HDR_get0_recipNonce 4923 3_0_0 EXIST::FUNCTION:CMP @@ -4802,10 +4802,10 @@ X509_STORE_load_store 4929 3_0_0 EXIST::FUNCTION: EVP_PKEY_fromdata 4930 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_free 4931 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_up_ref 4932 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_provider 4933 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_get0_provider 4933 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_fetch 4934 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_is_a 4935 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_number 4936 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_get_number 4936 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_do_all_provided 4937 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_names_do_all 4938 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_rsa_padding 4939 3_0_0 EXIST::FUNCTION: @@ -4827,16 +4827,16 @@ EVP_PKEY_meth_get_digestverify 4954 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ OSSL_ENCODER_up_ref 4955 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_free 4956 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_fetch 4957 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_number 4958 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get_number 4958 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_is_a 4959 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_provider 4960 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get0_provider 4960 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_do_all_provided 4961 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_names_do_all 4962 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_settable_ctx_params 4963 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_CTX_new 4964 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_CTX_set_params 4965 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_CTX_free 4966 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_properties 4967 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get0_properties 4967 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_to_bio 4968 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_to_fp 4969 3_0_0 EXIST::FUNCTION:STDIO OSSL_ENCODER_CTX_new_for_pkey 4970 3_0_0 EXIST::FUNCTION: @@ -5043,14 +5043,14 @@ OSSL_PARAM_set_all_unmodified 5170 3_0_0 EXIST::FUNCTION: EVP_RAND_fetch 5171 3_0_0 EXIST::FUNCTION: EVP_RAND_up_ref 5172 3_0_0 EXIST::FUNCTION: EVP_RAND_free 5173 3_0_0 EXIST::FUNCTION: -EVP_RAND_number 5174 3_0_0 EXIST::FUNCTION: -EVP_RAND_name 5175 3_0_0 EXIST::FUNCTION: +EVP_RAND_get_number 5174 3_0_0 EXIST::FUNCTION: +EVP_RAND_get0_name 5175 3_0_0 EXIST::FUNCTION: EVP_RAND_is_a 5176 3_0_0 EXIST::FUNCTION: -EVP_RAND_provider 5177 3_0_0 EXIST::FUNCTION: +EVP_RAND_get0_provider 5177 3_0_0 EXIST::FUNCTION: EVP_RAND_get_params 5178 3_0_0 EXIST::FUNCTION: EVP_RAND_CTX_new 5179 3_0_0 EXIST::FUNCTION: EVP_RAND_CTX_free 5180 3_0_0 EXIST::FUNCTION: -EVP_RAND_CTX_rand 5181 3_0_0 EXIST::FUNCTION: +EVP_RAND_CTX_get0_rand 5181 3_0_0 EXIST::FUNCTION: EVP_RAND_CTX_get_params 5182 3_0_0 EXIST::FUNCTION: EVP_RAND_CTX_set_params 5183 3_0_0 EXIST::FUNCTION: EVP_RAND_gettable_params 5184 3_0_0 EXIST::FUNCTION: @@ -5065,8 +5065,8 @@ EVP_RAND_reseed 5192 3_0_0 EXIST::FUNCTION: EVP_RAND_nonce 5193 3_0_0 EXIST::FUNCTION: EVP_RAND_enable_locking 5194 3_0_0 EXIST::FUNCTION: EVP_RAND_verify_zeroization 5195 3_0_0 EXIST::FUNCTION: -EVP_RAND_strength 5196 3_0_0 EXIST::FUNCTION: -EVP_RAND_state 5197 3_0_0 EXIST::FUNCTION: +EVP_RAND_get_strength 5196 3_0_0 EXIST::FUNCTION: +EVP_RAND_get_state 5197 3_0_0 EXIST::FUNCTION: EVP_default_properties_is_fips_enabled 5198 3_0_0 EXIST::FUNCTION: EVP_default_properties_enable_fips 5199 3_0_0 EXIST::FUNCTION: EVP_PKEY_new_raw_private_key_ex 5200 3_0_0 EXIST::FUNCTION: @@ -5113,9 +5113,9 @@ OSSL_STORE_open_ex 5240 3_0_0 EXIST::FUNCTION: OSSL_DECODER_fetch 5241 3_0_0 EXIST::FUNCTION: OSSL_DECODER_up_ref 5242 3_0_0 EXIST::FUNCTION: OSSL_DECODER_free 5243 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_provider 5244 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_properties 5245 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_number 5246 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get0_provider 5244 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get0_properties 5245 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get_number 5246 3_0_0 EXIST::FUNCTION: OSSL_DECODER_is_a 5247 3_0_0 EXIST::FUNCTION: OSSL_DECODER_do_all_provided 5248 3_0_0 EXIST::FUNCTION: OSSL_DECODER_names_do_all 5249 3_0_0 EXIST::FUNCTION: @@ -5180,7 +5180,7 @@ EVP_PKEY_CTX_set_hkdf_md 5307 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set1_hkdf_salt 5308 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set1_hkdf_key 5309 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_add1_hkdf_info 5310 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_hkdf_mode 5311 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_hkdf_mode 5311 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set1_pbe_pass 5312 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set1_scrypt_salt 5313 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_scrypt_N 5314 3_0_0 EXIST::FUNCTION: @@ -5217,9 +5217,9 @@ EC_GROUP_new_from_params 5344 3_0_0 EXIST::FUNCTION:EC OSSL_STORE_LOADER_set_open_ex 5345 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OSSL_STORE_LOADER_fetch 5346 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_up_ref 5347 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_provider 5348 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_properties 5349 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_number 5350 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_get0_provider 5348 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_get0_properties 5349 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_get_number 5350 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_is_a 5351 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_do_all_provided 5352 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_names_do_all 5353 3_0_0 EXIST::FUNCTION: @@ -5238,14 +5238,14 @@ CMS_AuthEnvelopedData_create 5365 3_0_0 EXIST::FUNCTION:CMS CMS_AuthEnvelopedData_create_ex 5366 3_0_0 EXIST::FUNCTION:CMS EVP_PKEY_CTX_set_ec_param_enc 5367 3_0_0 EXIST::FUNCTION: EVP_PKEY_get0_type_name 5368 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_name 5369 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_get0_name 5369 3_0_0 EXIST::FUNCTION: EC_KEY_decoded_from_explicit_params 5370 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC EVP_KEM_free 5371 3_0_0 EXIST::FUNCTION: EVP_KEM_up_ref 5372 3_0_0 EXIST::FUNCTION: -EVP_KEM_provider 5373 3_0_0 EXIST::FUNCTION: +EVP_KEM_get0_provider 5373 3_0_0 EXIST::FUNCTION: EVP_KEM_fetch 5374 3_0_0 EXIST::FUNCTION: EVP_KEM_is_a 5375 3_0_0 EXIST::FUNCTION: -EVP_KEM_number 5376 3_0_0 EXIST::FUNCTION: +EVP_KEM_get_number 5376 3_0_0 EXIST::FUNCTION: EVP_KEM_do_all_provided 5377 3_0_0 EXIST::FUNCTION: EVP_KEM_names_do_all 5378 3_0_0 EXIST::FUNCTION: EVP_PKEY_encapsulate_init 5379 3_0_0 EXIST::FUNCTION: @@ -5347,22 +5347,22 @@ X509_REQ_new_ex 5474 3_0_0 EXIST::FUNCTION: EVP_PKEY_dup 5475 3_0_0 EXIST::FUNCTION: RSA_PSS_PARAMS_dup 5476 3_0_0 EXIST::FUNCTION: EVP_PKEY_derive_set_peer_ex 5477 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_name 5478 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_name 5479 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_description 5480 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_description 5481 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_description 5482 3_0_0 EXIST::FUNCTION: -EVP_MD_description 5483 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_description 5484 3_0_0 EXIST::FUNCTION: -EVP_MAC_description 5485 3_0_0 EXIST::FUNCTION: -EVP_RAND_description 5486 3_0_0 EXIST::FUNCTION: -EVP_PKEY_description 5487 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_description 5488 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_description 5489 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_description 5490 3_0_0 EXIST::FUNCTION: -EVP_KEM_description 5491 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_description 5492 3_0_0 EXIST::FUNCTION: -EVP_KDF_description 5493 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get0_name 5478 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get0_name 5479 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get0_description 5480 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get0_description 5481 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_get0_description 5482 3_0_0 EXIST::FUNCTION: +EVP_MD_get0_description 5483 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get0_description 5484 3_0_0 EXIST::FUNCTION: +EVP_MAC_get0_description 5485 3_0_0 EXIST::FUNCTION: +EVP_RAND_get0_description 5486 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get0_description 5487 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_get0_description 5488 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_get0_description 5489 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_get0_description 5490 3_0_0 EXIST::FUNCTION: +EVP_KEM_get0_description 5491 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_get0_description 5492 3_0_0 EXIST::FUNCTION: +EVP_KDF_get0_description 5493 3_0_0 EXIST::FUNCTION: OPENSSL_sk_find_all 5494 3_0_0 EXIST::FUNCTION: X509_CRL_new_ex 5495 3_0_0 EXIST::FUNCTION: OSSL_PARAM_dup 5496 3_0_0 EXIST::FUNCTION: @@ -5375,10 +5375,10 @@ EVP_MD_CTX_get1_md 5502 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_get0_cipher 5503 3_0_0 EXIST::FUNCTION: EVP_CIPHER_CTX_get1_cipher 5504 3_0_0 EXIST::FUNCTION: OSSL_LIB_CTX_get0_global_default 5505 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_name 5506 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_name 5507 3_0_0 EXIST::FUNCTION: -EVP_KEM_name 5508 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_name 5509 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_get0_name 5506 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_get0_name 5507 3_0_0 EXIST::FUNCTION: +EVP_KEM_get0_name 5508 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_get0_name 5509 3_0_0 EXIST::FUNCTION: PKCS5_v2_PBE_keyivgen_ex 5510 3_0_0 EXIST::FUNCTION: EVP_PBE_scrypt_ex 5511 3_0_0 EXIST::FUNCTION:SCRYPT PKCS5_v2_scrypt_keyivgen_ex 5512 3_0_0 EXIST::FUNCTION:SCRYPT diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index df71963deb..cd81ba7e09 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -631,8 +631,6 @@ ERR_set_error_data(3) ERR_unload_strings(3) EVP_CIPHER_CTX_buf_noconst(3) EVP_CIPHER_CTX_copy(3) -EVP_CIPHER_CTX_encrypting(3) -EVP_CIPHER_CTX_num(3) EVP_CIPHER_CTX_rand_key(3) EVP_CIPHER_CTX_set_num(3) EVP_CIPHER_do_all(3) diff --git a/util/other.syms b/util/other.syms index 706ad7f5da..05c70df44f 100644 --- a/util/other.syms +++ b/util/other.syms @@ -232,10 +232,10 @@ ERR_raise define ERR_raise_data define EVP_DigestSignUpdate define EVP_DigestVerifyUpdate define -EVP_MD_CTX_block_size define -EVP_MD_CTX_name define -EVP_MD_CTX_size define -EVP_MD_CTX_type define +EVP_MD_CTX_get_block_size define +EVP_MD_CTX_get0_name define +EVP_MD_CTX_get_size define +EVP_MD_CTX_get_type define EVP_OpenUpdate define EVP_PKEY_CTX_add1_hkdf_info define EVP_PKEY_CTX_add1_tls1_prf_seed define @@ -255,7 +255,6 @@ EVP_PKEY_CTX_get_rsa_oaep_md define EVP_PKEY_CTX_get_rsa_padding define EVP_PKEY_CTX_get_rsa_pss_saltlen define EVP_PKEY_CTX_get_signature_md define -EVP_PKEY_CTX_hkdf_mode define EVP_PKEY_CTX_set0_dh_kdf_oid define EVP_PKEY_CTX_set0_dh_kdf_ukm define EVP_PKEY_CTX_set0_ecdh_kdf_ukm define @@ -627,3 +626,37 @@ OSSL_TRACE9 define TS_VERIFY_CTS_set_certs define deprecated 3.0.0 EVP_PKEY_get1_tls_encodedpoint define deprecated 3.0.0 EVP_PKEY_set1_tls_encodedpoint define deprecated 3.0.0 +EVP_MD_type define +EVP_MD_nid define +EVP_MD_name define +EVP_MD_pkey_type define +EVP_MD_size define +EVP_MD_block_size define +EVP_MD_flags define +EVP_MD_CTX_size define +EVP_MD_CTX_block_size define +EVP_MD_CTX_type define +EVP_MD_CTX_pkey_ctx define +EVP_MD_CTX_md_data define +EVP_CIPHER_nid define +EVP_CIPHER_name define +EVP_CIPHER_block_size define +EVP_CIPHER_key_length define +EVP_CIPHER_iv_length define +EVP_CIPHER_flags define +EVP_CIPHER_mode define +EVP_CIPHER_type define +EVP_CIPHER_CTX_encrypting define +EVP_CIPHER_CTX_nid define +EVP_CIPHER_CTX_block_size define +EVP_CIPHER_CTX_key_length define +EVP_CIPHER_CTX_iv_length define +EVP_CIPHER_CTX_tag_length define +EVP_CIPHER_CTX_num define +EVP_CIPHER_CTX_type define +EVP_CIPHER_CTX_mode define +EVP_PKEY_bits define +EVP_PKEY_security_bits define +EVP_PKEY_size define +EVP_PKEY_id define +EVP_PKEY_base_id define From no-reply at appveyor.com Tue Jun 1 10:52:11 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Jun 2021 10:52:11 +0000 Subject: Build failed: openssl master.42212 Message-ID: <20210601105211.1.A04EF79BC76782C8@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 1 12:20:36 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Jun 2021 12:20:36 +0000 Subject: Build failed: openssl master.42213 Message-ID: <20210601122036.1.C86044362970CC2B@appveyor.com> An HTML attachment was scrubbed... URL: From tomas at openssl.org Tue Jun 1 13:08:21 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Tue, 01 Jun 2021 13:08:21 +0000 Subject: [openssl] master update Message-ID: <1622552901.574947.26743.nullmailer@dev.openssl.org> The branch master has been updated via 7e8d6bafd0347de8653c336e6f067d8f3686a386 (commit) via 86825c99172f46da40867292a0eeebb2ef289c02 (commit) via e47ed5fe1faff9b5f9c3112bfcbf7c5165eabf33 (commit) from 31b7f23d2f958491d46c8a8e61c2b77b1b546f3e (commit) - Log ----------------------------------------------------------------- commit 7e8d6bafd0347de8653c336e6f067d8f3686a386 Author: Tomas Mraz Date: Mon May 31 17:00:38 2021 +0200 Make the 00-prep_*.t recipe truly mandatory Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15550) commit 86825c99172f46da40867292a0eeebb2ef289c02 Author: Tomas Mraz Date: Mon May 31 14:22:35 2021 +0200 Windows CI: enable fips on shared 64 bit build Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15550) commit e47ed5fe1faff9b5f9c3112bfcbf7c5165eabf33 Author: Tomas Mraz Date: Mon May 31 14:18:56 2021 +0200 Fix enable-fips builds on Windows Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15550) ----------------------------------------------------------------------- Summary of changes: .github/workflows/windows.yml | 10 +++++----- Configurations/windows-makefile.tmpl | 2 +- test/run_tests.pl | 22 ++++++++++++++-------- 3 files changed, 20 insertions(+), 14 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 0d0b594808..0de6e22893 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -24,15 +24,15 @@ jobs: - name: config working-directory: _build run: | - if ( "${{ matrix.arch }}" -eq "win32" ) { $target = "VC-WIN32" } else { $target = "VC-WIN64A" } - perl ..\Configure --banner=Configured no-makedepend no-fips $target + if ( "${{ matrix.arch }}" -eq "win32" ) { $target = "VC-WIN32" ; $fips = "no-fips" } else { $target = "VC-WIN64A" ; $fips = "enable-fips" } + perl ..\Configure --banner=Configured no-makedepend $fips $target perl configdata.pm --dump - name: build working-directory: _build run: nmake - name: test working-directory: _build - run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* + run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 - name: install # Run on 64 bit only as 32 bit is slow enough already if: $${{ matrix.arch == 'win64' }} @@ -57,7 +57,7 @@ jobs: run: nmake - name: test working-directory: _build - run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* + run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 minimal: runs-on: windows-latest steps: @@ -75,4 +75,4 @@ jobs: run: nmake - name: test working-directory: _build - run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* + run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index af8a81c8b2..d6ba2d13fd 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -65,7 +65,7 @@ FIPSMODULE={- # We do some extra checking here, as there should be only one && $unified_info{attributes}->{modules}->{$_}->{fips} } @{$unified_info{modules}}; die "More that one FIPS module" if scalar @fipsmodules > 1; - join(" ", map { basename(platform->dso($_)) } @fipsmodules) -} + join(" ", map { platform->dso($_) } @fipsmodules) -} FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1; join(", ", map { basename(platform->dso($_)) } @fipsmodules) -} PROGRAMS={- our @PROGRAMS = map { platform->bin($_) } @{$unified_info{programs}}; join(" ", @PROGRAMS) -} diff --git a/test/run_tests.pl b/test/run_tests.pl index 9f34ab9e7e..ea054bc189 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -83,7 +83,7 @@ sub reorder { # for parallel test runs, do slow tests first if ($jobs > 1 && $key =~ m/test_ssl_new|test_fuzz/) { - $key =~ s/(\d+)-/00-/; + $key =~ s/(\d+)-/01-/; } return $key; } @@ -131,18 +131,20 @@ foreach my $arg (@ARGV ? @ARGV : ('alltests')) { $initial_arg = 0; } +# prep recipes are mandatory and need to be always run first +my @preps = glob(catfile($recipesdir,"00-prep_*.t")); +foreach my $test (@preps) { + delete $tests{$test}; +} + sub find_matching_tests { my ($glob) = @_; - # prep recipes are mandatory - my @recipes = glob(catfile($recipesdir,"00-prep_*.t")); - if ($glob =~ m|^[\d\[\]\?\-]+$|) { - push @recipes, glob(catfile($recipesdir,"$glob-*.t")); - } else { - push @recipes, glob(catfile($recipesdir,"*-$glob.t")); + return glob(catfile($recipesdir,"$glob-*.t")); } - return @recipes; + + return glob(catfile($recipesdir,"*-$glob.t")); } # The following is quite a bit of hackery to adapt to both TAP::Harness @@ -305,6 +307,10 @@ unless (defined $eres) { my $harness = $package->new(\%tapargs); my $ret = + $harness->runtests(map { [ abs2rel($_, rel2abs(curdir())), basename($_) ] } + @preps); +die if $ret->has_errors; +$ret = $harness->runtests(map { [ abs2rel($_, rel2abs(curdir())), basename($_) ] } sort { reorder($a) cmp reorder($b) } keys %tests); From no-reply at appveyor.com Tue Jun 1 14:38:20 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Jun 2021 14:38:20 +0000 Subject: Build failed: openssl master.42216 Message-ID: <20210601143820.1.8DBC2EDF8559FACB@appveyor.com> An HTML attachment was scrubbed... URL: From tomas at openssl.org Tue Jun 1 14:44:02 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Tue, 01 Jun 2021 14:44:02 +0000 Subject: [openssl] master update Message-ID: <1622558642.341161.24500.nullmailer@dev.openssl.org> The branch master has been updated via 147ed5f9def86840c9f6ba512e63a890d58ac1d6 (commit) from 7e8d6bafd0347de8653c336e6f067d8f3686a386 (commit) - Log ----------------------------------------------------------------- commit 147ed5f9def86840c9f6ba512e63a890d58ac1d6 Author: Trev Larock Date: Fri May 28 12:54:44 2021 +0000 Modify ssl_handshake_hash to call SSLfatal When EVP_MD_CTX_new fails call SSLfatal before the goto err. This resolves a state machine issue on the out of memory condition. Fixes #15491. CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15520) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c8ab4a66a0..063134015a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4773,8 +4773,10 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, } ctx = EVP_MD_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; + } if (!EVP_MD_CTX_copy_ex(ctx, hdgst) || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { From no-reply at appveyor.com Tue Jun 1 17:15:47 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 01 Jun 2021 17:15:47 +0000 Subject: Build completed: openssl master.42217 Message-ID: <20210601171547.1.81FED917B8D5DE65@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 1 22:10:38 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 01 Jun 2021 22:10:38 +0000 Subject: FAILED build of OpenSSL branch master with options --strict-warnings Message-ID: <1622585438.645837.3571528.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config --strict-warnings Commit log since last time: 147ed5f9de Modify ssl_handshake_hash to call SSLfatal 7e8d6bafd0 Make the 00-prep_*.t recipe truly mandatory 86825c9917 Windows CI: enable fips on shared 64 bit build e47ed5fe1f Fix enable-fips builds on Windows 31b7f23d2f Add documentation of the old names kept as alias macros c4e9167437 Rename also the OSSL_PROVIDER_name() function ed576acdf5 Rename all getters to use get/get0 in name 5e2d22d53e Pass library context and property query into private key decoders e3c7595521 Fix up encoder/decoder issues caused by not passing a library context to the PKCS8 encrypt/decrypt 169eca602c Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers 8ee66a092c req: fix Coverity 1485137 Explicit null dereference 28cab20916 crypto: updates to pass size_t to RAND_bytes_ex() dfefa4c164 ssl: ass size_t to RAND_bytes_ex() 528685fe77 rand: use size_t for size argument to RAND_bytes_ex() f7c1b472bf Move provider der_XXX.h.in files to the include directory. 3c15d67705 Fix error stack for some fetch calls. 9ff4b7b0c7 Migration guide updates for flags and controls. 7f9537d57a Document Settable EVP_CIPHER_CTX parameter "use-bits" 17b209da49 Fix param indentation in ciphercommon_hw.c e2311445bb Fix aes cfb1 so that it can operate in bit mode. d11dd381c5 add some cross compilation builds 64fac96de8 sparc: fix cross compile build a7981653ea ppc: fix ambiguous if if else statement Build log ended with (last 100 lines): not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 800154433D7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 800154433D7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:320: # 800154433D7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622585224 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 800154433D7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 800154433D7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:320: # 800154433D7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622585224 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 800154433D7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 800154433D7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:320: # 800154433D7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622585224 not ok 6 - iteration 6 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 800154433D7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 800154433D7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:320: # 800154433D7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622585224 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 800154433D7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 800154433D7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:320: # 800154433D7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622585224 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1622585224 not ok 1 - test_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/gosttest ../../../openssl/test/recipes/90-test_gost_data/server-cert2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-cert2012.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2012.pem => 1 not ok 1 - running gosttest # ------------------------------------------------------------------------------ # Failed test 'running gosttest' # at ../openssl/test/recipes/90-test_gost.t line 39. # Looks like you failed 1 test of 1.90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_ige.t ...................... ok 90-test_memleak.t .................. ok 90-test_includes.t ................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslbuffers.t ............... ok 80-test_ssl_old.t .................. ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok # Killing mock server with pid=356254880-test_cmp_http.t ................. ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 91-test_pkey_check.t ............... ok 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 90-test_store.t .................... ok 90-test_sslapi.t ................... ok Test Summary Report ------------------- 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=236, Tests=3235, 146 wallclock secs (11.89 usr 1.24 sys + 424.78 cusr 56.19 csys = 494.10 CPU) Result: FAIL make[1]: *** [Makefile:3230: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' make: *** [Makefile:3226: tests] Error 2 From pauli at openssl.org Wed Jun 2 02:40:45 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 02 Jun 2021 02:40:45 +0000 Subject: [openssl] master update Message-ID: <1622601645.079885.30260.nullmailer@dev.openssl.org> The branch master has been updated via b3c2ed7043233bd738957a7fcdf9e0734bfea937 (commit) via 6b750b89ee9ad3952b1b25e47b848abc8b60e7dd (commit) via ff234c6804571b70bc02ff44df1f42c4a3fe5cf1 (commit) from 147ed5f9def86840c9f6ba512e63a890d58ac1d6 (commit) - Log ----------------------------------------------------------------- commit b3c2ed7043233bd738957a7fcdf9e0734bfea937 Author: Tomas Mraz Date: Thu May 27 11:00:35 2021 +0200 Add NCONF_get_section_names() And a few additional fixups to make the no-deprecated configuration to build. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15466) commit 6b750b89ee9ad3952b1b25e47b848abc8b60e7dd Author: Rich Salz Date: Tue May 25 14:48:41 2021 -0400 Add NCONF_get0_libctx() Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15466) commit ff234c6804571b70bc02ff44df1f42c4a3fe5cf1 Author: Rich Salz Date: Tue May 25 12:57:06 2021 -0400 Make conf_method_st and conf_st deprecated So they can be made opaque in a future release. Fixes #15101 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15466) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 5 ++++ crypto/conf/conf_api.c | 1 + crypto/conf/conf_def.c | 1 + crypto/conf/conf_lib.c | 33 ++++++++++++++++++++++++++ crypto/conf/conf_local.h | 1 + crypto/conf/conf_mod.c | 1 + crypto/conf/conf_sap.c | 1 + crypto/evp/evp_cnf.c | 6 +++-- crypto/provider_conf.c | 3 ++- crypto/rand/rand_lib.c | 2 +- crypto/x509/v3_conf.c | 56 +++++++++++++++++++++++++++++++++------------ doc/man3/NCONF_new_ex.pod | 31 ++++++++++++++++++++++--- include/openssl/conf.h.in | 28 ++++------------------- include/openssl/conftypes.h | 44 +++++++++++++++++++++++++++++++++++ test/confdump.c | 24 ++----------------- util/libcrypto.num | 2 ++ 16 files changed, 172 insertions(+), 67 deletions(-) create mode 100644 include/openssl/conftypes.h diff --git a/CHANGES.md b/CHANGES.md index 0eb7f14289..9b5ef88342 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -44,6 +44,11 @@ breaking changes, and mappings for the large list of deprecated functions. *Rich Salz* + * The public definitions of conf_method_st and conf_st have been + deprecated. They will be made opaque in a future release. + + *Rich Salz and Tom?? Mr?z* + * Client-initiated renegotiation is disabled by default. To allow it, use the -client_renegotiation option, the SSL_OP_ALLOW_CLIENT_RENEGOTIATION flag, or the "ClientRenegotiation" config parameter as appropriate. diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 41a09c42bc..e4e305c714 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -15,6 +15,7 @@ #include #include #include +#include "conf_local.h" static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf); static void value_free_stack_doall(CONF_VALUE *a); diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 25fcc0400c..7b67854c8b 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -21,6 +21,7 @@ #include #include #include +#include "conf_local.h" #include "conf_def.h" #include #include diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 1f106d8c07..b07d075b23 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -16,6 +16,7 @@ #include #include #include +#include "conf_local.h" #include static CONF_METHOD *default_CONF_method = NULL; @@ -214,6 +215,38 @@ void NCONF_free_data(CONF *conf) conf->meth->destroy_data(conf); } +OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf) +{ + return conf->libctx; +} + +typedef STACK_OF(OPENSSL_CSTRING) SECTION_NAMES; + +IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, SECTION_NAMES); + +static void collect_section_name(const CONF_VALUE *v, SECTION_NAMES *names) +{ + /* A section is a CONF_VALUE with name == NULL */ + if (v->name == NULL) + sk_OPENSSL_CSTRING_push(names, v->section); +} + +static int section_name_cmp(OPENSSL_CSTRING const *a, OPENSSL_CSTRING const *b) +{ + return strcmp(*a, *b); +} + +STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *cnf) +{ + SECTION_NAMES *names; + + if ((names = sk_OPENSSL_CSTRING_new(section_name_cmp)) == NULL) + return NULL; + lh_CONF_VALUE_doall_SECTION_NAMES(cnf->data, collect_section_name, names); + sk_OPENSSL_CSTRING_sort(names); + return names; +} + int NCONF_load(CONF *conf, const char *file, long *eline) { if (conf == NULL) { diff --git a/crypto/conf/conf_local.h b/crypto/conf/conf_local.h index 1ee8424c50..f3b16f1138 100644 --- a/crypto/conf/conf_local.h +++ b/crypto/conf/conf_local.h @@ -7,4 +7,5 @@ * https://www.openssl.org/source/license.html */ +#include void ossl_config_add_ssl_module(void); diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index d82f0c7f2c..36b054ca51 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -21,6 +21,7 @@ #include #include #include +#include "conf_local.h" DEFINE_STACK_OF(CONF_MODULE) DEFINE_STACK_OF(CONF_IMODULE) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 5cd018c167..6742ecf87f 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -11,6 +11,7 @@ #include #include "internal/cryptlib.h" #include "internal/conf.h" +#include "conf_local.h" #include #include #include diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index c13652ca0f..415712dffa 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -46,12 +46,14 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) * fips_mode is deprecated and should not be used in new * configurations. */ - if (!EVP_default_properties_enable_fips(cnf->libctx, m > 0)) { + if (!EVP_default_properties_enable_fips(NCONF_get0_libctx((CONF *)cnf), + m > 0)) { ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); return 0; } } else if (strcmp(oval->name, "default_properties") == 0) { - if (!evp_set_default_properties_int(cnf->libctx, oval->value, 0, 0)) { + if (!evp_set_default_properties_int(NCONF_get0_libctx((CONF *)cnf), + oval->value, 0, 0)) { ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); return 0; } diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index 5725ef3c63..977d469808 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -199,7 +199,8 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { cval = sk_CONF_VALUE_value(elist, i); - if (!provider_conf_load(cnf->libctx, cval->name, cval->value, cnf)) + if (!provider_conf_load(NCONF_get0_libctx((CONF *)cnf), + cval->name, cval->value, cnf)) return 0; } diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index a7a8c70523..a3305b76b4 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -746,7 +746,7 @@ static int random_conf_init(CONF_IMODULE *md, const CONF *cnf) { STACK_OF(CONF_VALUE) *elist; CONF_VALUE *cval; - RAND_GLOBAL *dgbl = rand_get_global(cnf->libctx); + RAND_GLOBAL *dgbl = rand_get_global(NCONF_get0_libctx((CONF *)cnf)); int i, r = 1; OSSL_TRACE1(CONF, "Loading random module: section %s\n", diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c index f8a7dfe840..9997595653 100644 --- a/crypto/x509/v3_conf.c +++ b/crypto/x509/v3_conf.c @@ -480,18 +480,29 @@ int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey) X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name, const char *value) { - CONF ctmp; + CONF *ctmp; + X509_EXTENSION *ret; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_nconf(&ctmp, ctx, name, value); + if ((ctmp = NCONF_new(NULL)) == NULL) + return NULL; + CONF_set_nconf(ctmp, conf); + ret = X509V3_EXT_nconf(ctmp, ctx, name, value); + NCONF_free(ctmp); + return ret; } X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, const char *value) { - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); + CONF *ctmp; + X509_EXTENSION *ret; + + if ((ctmp = NCONF_new(NULL)) == NULL) + return NULL; + CONF_set_nconf(ctmp, conf); + ret = X509V3_EXT_nconf_nid(ctmp, ctx, ext_nid, value); + NCONF_free(ctmp); + return ret; } static char *conf_lhash_get_string(void *db, const char *section, const char *value) @@ -524,10 +535,15 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *section, X509 *cert) { - CONF ctmp; + CONF *ctmp; + int ret; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); + if ((ctmp = NCONF_new(NULL)) == NULL) + return 0; + CONF_set_nconf(ctmp, conf); + ret = X509V3_EXT_add_nconf(ctmp, ctx, section, cert); + NCONF_free(ctmp); + return ret; } /* Same as above but for a CRL */ @@ -535,10 +551,15 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *section, X509_CRL *crl) { - CONF ctmp; + CONF *ctmp; + int ret; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); + if ((ctmp = NCONF_new(NULL)) == NULL) + return 0; + CONF_set_nconf(ctmp, conf); + ret = X509V3_EXT_CRL_add_nconf(ctmp, ctx, section, crl); + NCONF_free(ctmp); + return ret; } /* Add extensions to certificate request */ @@ -546,8 +567,13 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *section, X509_REQ *req) { - CONF ctmp; + CONF *ctmp; + int ret; - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); + if ((ctmp = NCONF_new(NULL)) == NULL) + return 0; + CONF_set_nconf(ctmp, conf); + ret = X509V3_EXT_REQ_add_nconf(ctmp, ctx, section, req); + NCONF_free(ctmp); + return ret; } diff --git a/doc/man3/NCONF_new_ex.pod b/doc/man3/NCONF_new_ex.pod index 46c2e8c466..6861fb198c 100644 --- a/doc/man3/NCONF_new_ex.pod +++ b/doc/man3/NCONF_new_ex.pod @@ -2,18 +2,29 @@ =head1 NAME -NCONF_new_ex, NCONF_new, NCONF_free, NCONF_default, NCONF_load +NCONF_new_ex, NCONF_new, NCONF_free, NCONF_default, NCONF_load, +NCONF_get0_libctx, NCONF_get_section, NCONF_get_section_names - functionality to Load and parse configuration files manually =head1 SYNOPSIS #include + typedef struct { + char *section; + char *name; + char *value; + } CONF_VALUE; + CONF *NCONF_new_ex(OSSL_LIB_CTX *libctx, CONF_METHOD *meth); CONF *NCONF_new(CONF_METHOD *meth); void NCONF_free(CONF *conf); CONF_METHOD *NCONF_default(void); int NCONF_load(CONF *conf, const char *file, long *eline); + OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf); + + STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *name); + STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf); =head1 DESCRIPTION @@ -32,6 +43,19 @@ the load failed on if they are not NULL. NCONF_default() gets the default method table for processing a configuration file. +NCONF_get0_libctx() gets the library context associated with the I +parameter. + +NCONF_get_section_names() gets the names of the sections associated with +the I as B strings. The individual strings +are associated with the I and will be invalid after I is +freed. The returned stack must be freed with sk_OPENSSL_CSTRING_free(). + +NCONF_get_section() gets the config values associated with the I from +the config section I as B structures. The returned +stack is associated with the I and will be invalid after I +is freed. It must not be freed by the caller. + =head1 RETURN VALUES NCONF_load() returns 1 on success or 0 on error. @@ -45,11 +69,12 @@ L, =head1 HISTORY -NCONF_new_ex() was added in OpenSSL 3.0. +NCONF_new_ex(), NCONF_get0_libctx(), and NCONF_get_section_names() were added +in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/conf.h.in b/include/openssl/conf.h.in index 0911a38f8b..b0bd579aa4 100644 --- a/include/openssl/conf.h.in +++ b/include/openssl/conf.h.in @@ -48,21 +48,11 @@ struct conf_st; struct conf_method_st; typedef struct conf_method_st CONF_METHOD; -struct conf_method_st { - const char *name; - CONF *(*create) (CONF_METHOD *meth); - int (*init) (CONF *conf); - int (*destroy) (CONF *conf); - int (*destroy_data) (CONF *conf); - int (*load_bio) (CONF *conf, BIO *bp, long *eline); - int (*dump) (const CONF *conf, BIO *bp); - int (*is_number) (const CONF *conf, char c); - int (*to_int) (const CONF *conf, char c); - int (*load) (CONF *conf, const char *name, long *eline); -}; +# ifndef OPENSSL_NO_DEPRECATED_3_0 +# include +# endif /* Module definitions */ - typedef struct conf_imodule_st CONF_IMODULE; typedef struct conf_module_st CONF_MODULE; @@ -115,17 +105,8 @@ OSSL_DEPRECATEDIN_1_1_0 void OPENSSL_config(const char *config_name); * that wasn't the case, the above functions would have been replaced */ -struct conf_st { - CONF_METHOD *meth; - void *meth_data; - LHASH_OF(CONF_VALUE) *data; - int flag_dollarid; - int flag_abspath; - char *includedir; - OSSL_LIB_CTX *libctx; -}; - CONF *NCONF_new_ex(OSSL_LIB_CTX *libctx, CONF_METHOD *meth); +OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf); CONF *NCONF_new(CONF_METHOD *meth); CONF_METHOD *NCONF_default(void); #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -139,6 +120,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline); int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); # endif int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *conf); STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section); char *NCONF_get_string(const CONF *conf, const char *group, const char *name); diff --git a/include/openssl/conftypes.h b/include/openssl/conftypes.h new file mode 100644 index 0000000000..17cefaa443 --- /dev/null +++ b/include/openssl/conftypes.h @@ -0,0 +1,44 @@ +/* + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_CONFTYPES_H +# define OPENSSL_CONFTYPES_H +# pragma once + +#ifndef OPENSSL_CONF_H +# include +#endif + +/* + * The contents of this file are deprecated and will be made opaque + */ +struct conf_method_st { + const char *name; + CONF *(*create) (CONF_METHOD *meth); + int (*init) (CONF *conf); + int (*destroy) (CONF *conf); + int (*destroy_data) (CONF *conf); + int (*load_bio) (CONF *conf, BIO *bp, long *eline); + int (*dump) (const CONF *conf, BIO *bp); + int (*is_number) (const CONF *conf, char c); + int (*to_int) (const CONF *conf, char c); + int (*load) (CONF *conf, const char *name, long *eline); +}; + +struct conf_st { + CONF_METHOD *meth; + void *meth_data; + LHASH_OF(CONF_VALUE) *data; + int flag_dollarid; + int flag_abspath; + char *includedir; + OSSL_LIB_CTX *libctx; +}; + +#endif diff --git a/test/confdump.c b/test/confdump.c index ba760f04a8..47d0de6f9a 100644 --- a/test/confdump.c +++ b/test/confdump.c @@ -14,27 +14,6 @@ #include #include -static STACK_OF(OPENSSL_CSTRING) *section_names = NULL; - -static void collect_section_name(CONF_VALUE *v) -{ - /* A section is a CONF_VALUE with name == NULL */ - if (v->name == NULL) - sk_OPENSSL_CSTRING_push(section_names, v->section); -} - -static int section_name_cmp(OPENSSL_CSTRING const *a, OPENSSL_CSTRING const *b) -{ - return strcmp(*a, *b); -} - -static void collect_all_sections(const CONF *cnf) -{ - section_names = sk_OPENSSL_CSTRING_new(section_name_cmp); - lh_CONF_VALUE_doall(cnf->data, collect_section_name); - sk_OPENSSL_CSTRING_sort(section_names); -} - static void dump_section(const char *name, const CONF *cnf) { STACK_OF(CONF_VALUE) *sect = NCONF_get_section(cnf, name); @@ -53,11 +32,12 @@ int main(int argc, char **argv) long eline; CONF *conf = NCONF_new(NCONF_default()); int ret = 1; + STACK_OF(OPENSSL_CSTRING) *section_names = NULL; if (conf != NULL && NCONF_load(conf, argv[1], &eline)) { int i; - collect_all_sections(conf); + section_names = NCONF_get_section_names(conf); for (i = 0; i < sk_OPENSSL_CSTRING_num(section_names); i++) { dump_section(sk_OPENSSL_CSTRING_value(section_names, i), conf); } diff --git a/util/libcrypto.num b/util/libcrypto.num index 3d44181f22..eb1d17197c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5418,3 +5418,5 @@ EVP_MAC_CTX_get_block_size 5545 3_0_0 EXIST::FUNCTION: BIO_debug_callback_ex 5546 3_0_0 EXIST::FUNCTION: b2i_PVK_bio_ex 5547 3_0_0 EXIST::FUNCTION: i2b_PVK_bio_ex 5548 3_0_0 EXIST::FUNCTION: +NCONF_get0_libctx 5547 3_0_0 EXIST::FUNCTION: +NCONF_get_section_names 5548 3_0_0 EXIST::FUNCTION: From levitte at openssl.org Wed Jun 2 03:10:11 2021 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Jun 2021 03:10:11 +0000 Subject: [openssl] master update Message-ID: <1622603411.978758.27915.nullmailer@dev.openssl.org> The branch master has been updated via 0608afe0963fc8188f0df1093e0eb42c32cd0a47 (commit) from b3c2ed7043233bd738957a7fcdf9e0734bfea937 (commit) - Log ----------------------------------------------------------------- commit 0608afe0963fc8188f0df1093e0eb42c32cd0a47 Author: Jon Spillett Date: Wed Jun 2 13:04:04 2021 +1000 Fix up bad libcrypto.num Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15576) ----------------------------------------------------------------------- Summary of changes: util/libcrypto.num | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/libcrypto.num b/util/libcrypto.num index eb1d17197c..f53092a0a4 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5418,5 +5418,5 @@ EVP_MAC_CTX_get_block_size 5545 3_0_0 EXIST::FUNCTION: BIO_debug_callback_ex 5546 3_0_0 EXIST::FUNCTION: b2i_PVK_bio_ex 5547 3_0_0 EXIST::FUNCTION: i2b_PVK_bio_ex 5548 3_0_0 EXIST::FUNCTION: -NCONF_get0_libctx 5547 3_0_0 EXIST::FUNCTION: -NCONF_get_section_names 5548 3_0_0 EXIST::FUNCTION: +NCONF_get0_libctx 5549 3_0_0 EXIST::FUNCTION: +NCONF_get_section_names 5550 3_0_0 EXIST::FUNCTION: From no-reply at appveyor.com Wed Jun 2 04:02:12 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 Jun 2021 04:02:12 +0000 Subject: Build failed: openssl master.42218 Message-ID: <20210602040212.1.39666A75A522C475@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Wed Jun 2 06:19:39 2021 From: levitte at openssl.org (Richard Levitte) Date: Wed, 02 Jun 2021 06:19:39 +0000 Subject: [openssl] master update Message-ID: <1622614779.645382.24935.nullmailer@dev.openssl.org> The branch master has been updated via 0d7d5e24909d2af7608bf5f09397895470ac64c6 (commit) via 7058b4db821efa87e40dab584059b85ca676bc21 (commit) from 0608afe0963fc8188f0df1093e0eb42c32cd0a47 (commit) - Log ----------------------------------------------------------------- commit 0d7d5e24909d2af7608bf5f09397895470ac64c6 Author: Richard Levitte Date: Tue Jun 1 07:49:56 2021 +0200 providers/common/der/build.info: make a variable for ../include/prov This is a proof of concept for GENERATE variable expansion. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15554) commit 7058b4db821efa87e40dab584059b85ca676bc21 Author: Richard Levitte Date: Tue Jun 1 07:45:54 2021 +0200 Configure: variable expand GENERATE values too Internal documentation doesn't allow for any exception... Therefore, even GENERATE values should be variable expanded. (there are historical reasons why GENERATE was excepted from variable expansion, that aren't applicable any more) Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15554) ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- providers/common/der/build.info | 30 ++++++++++++++++-------------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/Configure b/Configure index 3a9ef03a6e..f6951bbb18 100755 --- a/Configure +++ b/Configure @@ -2212,7 +2212,7 @@ if ($builder eq "unified") { if !@skip || $skip[$#skip] > 0; }, qr/^\s* GENERATE ${index_re} = ${value_re} $/x => sub { $push_to->(\%generate, $expand_variables->($+{INDEX}), - undef, undef, $+{VALUE}) + undef, undef, $expand_variables->($+{VALUE})) if !@skip || $skip[$#skip] > 0; }, qr/^\s* (?:\#.*)? $/x => sub { }, "OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" }, diff --git a/providers/common/der/build.info b/providers/common/der/build.info index b849a79bee..b81413e11b 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -1,16 +1,18 @@ +$INCDIR=../include/prov + #----- Digests -$DER_DIGESTS_H=../include/prov/der_digests.h +$DER_DIGESTS_H=$INCDIR/der_digests.h $DER_DIGESTS_GEN=der_digests_gen.c GENERATE[$DER_DIGESTS_GEN]=der_digests_gen.c.in DEPEND[$DER_DIGESTS_GEN]=oids_to_c.pm NIST.asn1 DIGESTS.asn1 DEPEND[${DER_DIGESTS_GEN/.c/.o}]=$DER_DIGESTS_H -GENERATE[$DER_DIGESTS_H]=../include/prov/der_digests.h.in +GENERATE[$DER_DIGESTS_H]=$INCDIR/der_digests.h.in DEPEND[$DER_DIGESTS_H]=oids_to_c.pm NIST.asn1 DIGESTS.asn1 #----- RSA -$DER_RSA_H=../include/prov/der_rsa.h +$DER_RSA_H=$INCDIR/der_rsa.h $DER_RSA_GEN=der_rsa_gen.c $DER_RSA_AUX=der_rsa_key.c der_rsa_sig.c $DER_RSA_COMMON=$DER_RSA_GEN der_rsa_key.c @@ -21,12 +23,12 @@ DEPEND[$DER_RSA_GEN]=oids_to_c.pm NIST.asn1 RSA.asn1 DEPEND[${DER_RSA_AUX/.c/.o}]=$DER_RSA_H $DER_DIGESTS_H DEPEND[${DER_RSA_GEN/.c/.o}]=$DER_RSA_H -GENERATE[$DER_RSA_H]=../include/prov/der_rsa.h.in +GENERATE[$DER_RSA_H]=$INCDIR/der_rsa.h.in DEPEND[$DER_RSA_H]=oids_to_c.pm NIST.asn1 RSA.asn1 #----- DSA IF[{- !$disabled{dsa} -}] - $DER_DSA_H=../include/prov/der_dsa.h + $DER_DSA_H=$INCDIR/der_dsa.h $DER_DSA_GEN=der_dsa_gen.c $DER_DSA_AUX=der_dsa_key.c der_dsa_sig.c @@ -35,13 +37,13 @@ IF[{- !$disabled{dsa} -}] DEPEND[${DER_DSA_AUX/.c/.o}]=$DER_DSA_H $DER_DIGESTS_H DEPEND[${DER_DSA_GEN/.c/.o}]=$DER_DSA_H - GENERATE[$DER_DSA_H]=../include/prov/der_dsa.h.in + GENERATE[$DER_DSA_H]=$INCDIR/der_dsa.h.in DEPEND[$DER_DSA_H]=oids_to_c.pm DSA.asn1 ENDIF #----- EC IF[{- !$disabled{ec} -}] - $DER_EC_H=../include/prov/der_ec.h + $DER_EC_H=$INCDIR/der_ec.h $DER_EC_GEN=der_ec_gen.c $DER_EC_AUX=der_ec_key.c der_ec_sig.c @@ -50,13 +52,13 @@ IF[{- !$disabled{ec} -}] DEPEND[${DER_EC_AUX/.c/.o}]=$DER_EC_H $DER_DIGESTS_H DEPEND[${DER_EC_GEN/.c/.o}]=$DER_EC_H - GENERATE[$DER_EC_H]=../include/prov/der_ec.h.in + GENERATE[$DER_EC_H]=$INCDIR/der_ec.h.in DEPEND[$DER_EC_H]=oids_to_c.pm EC.asn1 ENDIF #----- ECX IF[{- !$disabled{ec} -}] - $DER_ECX_H=../include/prov/der_ecx.h + $DER_ECX_H=$INCDIR/der_ecx.h $DER_ECX_GEN=der_ecx_gen.c $DER_ECX_AUX=der_ecx_key.c @@ -65,24 +67,24 @@ IF[{- !$disabled{ec} -}] DEPEND[${DER_ECX_AUX/.c/.o}]=$DER_ECX_H DEPEND[${DER_ECX_GEN/.c/.o}]=$DER_ECX_H - GENERATE[$DER_ECX_H]=../include/prov/der_ecx.h.in + GENERATE[$DER_ECX_H]=$INCDIR/der_ecx.h.in DEPEND[$DER_ECX_H]=oids_to_c.pm ECX.asn1 ENDIF #----- KEY WRAP -$DER_WRAP_H=../include/prov/der_wrap.h +$DER_WRAP_H=$INCDIR/der_wrap.h $DER_WRAP_GEN=der_wrap_gen.c GENERATE[$DER_WRAP_GEN]=der_wrap_gen.c.in DEPEND[$DER_WRAP_GEN]=oids_to_c.pm wrap.asn1 DEPEND[${DER_WRAP_GEN/.c/.o}]=$DER_WRAP_H -GENERATE[$DER_WRAP_H]=../include/prov/der_wrap.h.in +GENERATE[$DER_WRAP_H]=$INCDIR/der_wrap.h.in DEPEND[$DER_WRAP_H]=oids_to_c.pm wrap.asn1 #----- SM2 IF[{- !$disabled{sm2} -}] - $DER_SM2_H=../include/prov/der_sm2.h + $DER_SM2_H=$INCDIR/der_sm2.h $DER_SM2_GEN=der_sm2_gen.c $DER_SM2_AUX=der_sm2_key.c der_sm2_sig.c @@ -91,7 +93,7 @@ IF[{- !$disabled{sm2} -}] DEPEND[${DER_SM2_AUX/.c/.o}]=$DER_SM2_H $DER_EC_H DEPEND[${DER_SM2_GEN/.c/.o}]=$DER_SM2_H - GENERATE[$DER_SM2_H]=../include/prov/der_sm2.h.in + GENERATE[$DER_SM2_H]=$INCDIR/der_sm2.h.in DEPEND[$DER_SM2_H]=oids_to_c.pm SM2.asn1 ENDIF From no-reply at appveyor.com Wed Jun 2 06:29:39 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 02 Jun 2021 06:29:39 +0000 Subject: Build completed: openssl master.42219 Message-ID: <20210602062939.1.64EF51C3A463E83C@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Jun 2 06:34:55 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 02 Jun 2021 06:34:55 +0000 Subject: [openssl] master update Message-ID: <1622615695.291260.31669.nullmailer@dev.openssl.org> The branch master has been updated via 4cedf30e995f9789cf6bb103e248d33285a84067 (commit) via 71653965b3aa58a2106909ee52f9883bc0157130 (commit) via 60e91cc4099c8db88d314910a744bbedca52fa52 (commit) via 4c3c2633b226d930db7578346a1f5ddc48fd3466 (commit) via 3b90a847ece93b3886f14adc7061e70456d564e1 (commit) via 4656d9ecd1794a2555384ae8bd9b13dd3afbe5b1 (commit) via 3dc12810fa8320df3298602dd8ac9bd690c65a6a (commit) via 26b3e44a661899f0d0cb709482170cc411a94233 (commit) via 79cabd7e277ccb0763bd2f6438abcb089dcbdff1 (commit) via c6472fec64d83a196e1ccc4636b552bf0f23addd (commit) via e73a08b4007c2713aa707d44c8e8d5d63f57aca0 (commit) via 126e37716fc4c5dc55805b721c38f5ef94c75612 (commit) via 29cfba8599a649bc70a9414e701c68efceab13a3 (commit) via e0a7ef0b5148156a64c2b9c4b30f7cef9a0dc6a4 (commit) via 1486b1fbd356cc0d64e941d3f8ead8e324cd72e0 (commit) via 6f6c8b0e3c3c9d627a3e211d49b1cdeb0114a6c7 (commit) via 75e1191f4d1185ebf7b94e620b15a73f22af146e (commit) via 69e21cb648f140c173ba238a761ce700bef643f6 (commit) via 1c8c5d4755cb4bd7fec527071f81a522834759c4 (commit) via 10dbfcc91eb84b9818393e48745dcb53914c57d4 (commit) via 0848b943a8c481e3fb1e08b70735392d6d6d70f4 (commit) via 407820c0e311efaafff7fdc8eafdff6e70f89eb2 (commit) via fd009d763a931c4cd01f5181a2b0801d205f782a (commit) via fb6ad22e36a1ade653f4b6881ddeee128e8b5001 (commit) via db70dc2cdac6dec2366138fe1f46bf433ee1c2c8 (commit) from 0d7d5e24909d2af7608bf5f09397895470ac64c6 (commit) - Log ----------------------------------------------------------------- commit 4cedf30e995f9789cf6bb103e248d33285a84067 Author: Pauli Date: Mon May 31 14:37:37 2021 +1000 utils: remove TODO Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 71653965b3aa58a2106909ee52f9883bc0157130 Author: Pauli Date: Mon May 31 14:30:07 2021 +1000 crypto: remove TODOs Fixes #15451 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 60e91cc4099c8db88d314910a744bbedca52fa52 Author: Pauli Date: Mon May 31 14:29:55 2021 +1000 http: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 4c3c2633b226d930db7578346a1f5ddc48fd3466 Author: Pauli Date: Mon May 31 14:29:55 2021 +1000 evp: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 3b90a847ece93b3886f14adc7061e70456d564e1 Author: Pauli Date: Mon May 31 14:29:55 2021 +1000 err: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 4656d9ecd1794a2555384ae8bd9b13dd3afbe5b1 Author: Pauli Date: Mon May 31 14:29:55 2021 +1000 ec: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 3dc12810fa8320df3298602dd8ac9bd690c65a6a Author: Pauli Date: Mon May 31 14:29:55 2021 +1000 dso: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 26b3e44a661899f0d0cb709482170cc411a94233 Author: Pauli Date: Mon May 31 14:29:55 2021 +1000 bn: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 79cabd7e277ccb0763bd2f6438abcb089dcbdff1 Author: Pauli Date: Mon May 31 14:29:34 2021 +1000 rsa: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit c6472fec64d83a196e1ccc4636b552bf0f23addd Author: Pauli Date: Mon May 31 14:29:34 2021 +1000 store: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit e73a08b4007c2713aa707d44c8e8d5d63f57aca0 Author: Pauli Date: Mon May 31 14:29:34 2021 +1000 pem: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 126e37716fc4c5dc55805b721c38f5ef94c75612 Author: Pauli Date: Mon May 31 14:29:34 2021 +1000 ocsp: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 29cfba8599a649bc70a9414e701c68efceab13a3 Author: Pauli Date: Mon May 31 14:29:33 2021 +1000 ct: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit e0a7ef0b5148156a64c2b9c4b30f7cef9a0dc6a4 Author: Pauli Date: Mon May 31 14:29:33 2021 +1000 crmf: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 1486b1fbd356cc0d64e941d3f8ead8e324cd72e0 Author: Pauli Date: Mon May 31 14:29:33 2021 +1000 comp: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 6f6c8b0e3c3c9d627a3e211d49b1cdeb0114a6c7 Author: Pauli Date: Mon May 31 14:29:33 2021 +1000 cms: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 75e1191f4d1185ebf7b94e620b15a73f22af146e Author: Pauli Date: Mon May 31 14:29:33 2021 +1000 cmp: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 69e21cb648f140c173ba238a761ce700bef643f6 Author: Pauli Date: Mon May 31 14:28:45 2021 +1000 x509: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 1c8c5d4755cb4bd7fec527071f81a522834759c4 Author: Pauli Date: Mon May 31 14:28:32 2021 +1000 bio: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 10dbfcc91eb84b9818393e48745dcb53914c57d4 Author: Pauli Date: Mon May 31 14:28:15 2021 +1000 asn.1: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 0848b943a8c481e3fb1e08b70735392d6d6d70f4 Author: Pauli Date: Mon May 31 14:27:58 2021 +1000 providers: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit 407820c0e311efaafff7fdc8eafdff6e70f89eb2 Author: Pauli Date: Mon May 31 14:27:48 2021 +1000 tls: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit fd009d763a931c4cd01f5181a2b0801d205f782a Author: Pauli Date: Mon May 31 14:27:31 2021 +1000 test: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit fb6ad22e36a1ade653f4b6881ddeee128e8b5001 Author: Pauli Date: Mon May 31 14:27:18 2021 +1000 fuzz: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) commit db70dc2cdac6dec2366138fe1f46bf433ee1c2c8 Author: Pauli Date: Mon May 31 14:27:04 2021 +1000 apps: remove TODOs Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/15539) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 6 ------ apps/dhparam.c | 7 +++---- apps/lib/apps.c | 3 --- apps/lib/cmp_mock_srv.c | 2 -- apps/lib/http_server.c | 1 - apps/rsa.c | 2 +- apps/x509.c | 1 - crypto/asn1/bio_asn1.c | 2 -- crypto/bio/b_sock.c | 1 - crypto/bio/bf_buff.c | 2 -- crypto/bio/bf_lbuf.c | 2 -- crypto/bio/bf_nbio.c | 2 -- crypto/bio/bf_null.c | 2 -- crypto/bio/bss_acpt.c | 2 -- crypto/bio/bss_bio.c | 2 -- crypto/bio/bss_conn.c | 2 -- crypto/bio/bss_dgram.c | 4 ---- crypto/bio/bss_fd.c | 2 -- crypto/bio/bss_file.c | 4 ---- crypto/bio/bss_log.c | 1 - crypto/bio/bss_mem.c | 4 ---- crypto/bio/bss_null.c | 2 -- crypto/bio/bss_sock.c | 2 -- crypto/bn/bn_ctx.c | 13 ------------- crypto/bn/bn_prime.c | 1 - crypto/cmp/cmp_client.c | 15 ++------------- crypto/cmp/cmp_ctx.c | 4 ++-- crypto/cmp/cmp_local.h | 5 ----- crypto/cmp/cmp_msg.c | 12 ------------ crypto/cmp/cmp_protect.c | 1 - crypto/cmp/cmp_server.c | 13 ++----------- crypto/cmp/cmp_vfy.c | 2 +- crypto/cms/cms_kari.c | 1 - crypto/comp/c_zlib.c | 2 -- crypto/crmf/crmf_asn.c | 4 ---- crypto/crmf/crmf_lib.c | 12 +----------- crypto/crmf/crmf_local.h | 7 ------- crypto/crmf/crmf_pbm.c | 2 -- crypto/cryptlib.c | 6 ------ crypto/ct/ct_local.h | 5 ----- crypto/dso/dso_dlfcn.c | 1 - crypto/ec/ec_mult.c | 2 +- crypto/err/err.c | 1 - crypto/err/err_blocks.c | 1 - crypto/err/err_prn.c | 1 - crypto/evp/asymcipher.c | 6 ------ crypto/evp/bio_b64.c | 2 -- crypto/evp/bio_enc.c | 2 -- crypto/evp/bio_md.c | 2 -- crypto/evp/bio_ok.c | 2 -- crypto/evp/exchange.c | 6 ------ crypto/evp/m_sigver.c | 6 ------ crypto/evp/pmeth_gn.c | 1 - crypto/evp/pmeth_lib.c | 3 +-- crypto/evp/signature.c | 6 ------ crypto/http/http_client.c | 2 +- crypto/ocsp/ocsp_vfy.c | 3 +-- crypto/pem/pem_pkey.c | 2 -- crypto/provider_core.c | 2 -- crypto/rsa/rsa_backend.c | 1 - crypto/rsa/rsa_ossl.c | 10 ---------- crypto/store/store_local.h | 2 +- crypto/store/store_result.c | 2 -- crypto/x509/t_x509.c | 6 ------ crypto/x509/v3_addr.c | 1 - crypto/x509/v3_bcons.c | 1 - crypto/x509/v3_utl.c | 1 - crypto/x509/x509_lu.c | 1 - crypto/x509/x509_vfy.c | 7 +++---- crypto/x509/x_pubkey.c | 1 - fuzz/client.c | 4 ---- fuzz/server.c | 6 ------ include/crypto/asn1.h | 4 ---- include/openssl/x509.h.in | 9 ++++----- providers/common/provider_util.c | 3 --- providers/implementations/encode_decode/encode_key2any.c | 1 - providers/implementations/rands/seeding/rand_unix.c | 2 +- providers/implementations/rands/seeding/rand_vms.c | 2 +- ssl/build.info | 8 ++++---- ssl/d1_lib.c | 1 - ssl/record/rec_layer_s3.c | 4 ---- ssl/record/ssl3_record.c | 12 ------------ ssl/record/ssl3_record_tls13.c | 2 -- ssl/s3_cbc.c | 1 - ssl/s3_enc.c | 1 - ssl/ssl_ciph.c | 1 - ssl/ssl_lib.c | 5 ----- ssl/ssl_local.h | 2 +- ssl/ssl_txt.c | 1 - ssl/statem/extensions.c | 2 -- ssl/statem/extensions_clnt.c | 8 +++----- ssl/statem/extensions_srvr.c | 9 --------- ssl/statem/statem_clnt.c | 9 +++------ ssl/statem/statem_srvr.c | 2 +- ssl/t1_enc.c | 1 - ssl/t1_lib.c | 2 +- ssl/tls13_enc.c | 1 - test/algorithmid_test.c | 10 ---------- test/bntest.c | 8 ++++---- test/cmp_asn_test.c | 5 ----- test/cmp_client_test.c | 3 --- test/cmp_hdr_test.c | 5 ----- test/helpers/handshake.c | 8 +------- test/helpers/pkcs12.c | 7 ------- test/ssl_old_test.c | 2 +- test/sslapitest.c | 8 -------- util/find-doc-nits | 1 - 107 files changed, 45 insertions(+), 362 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 5912090701..03530f2584 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -643,10 +643,6 @@ static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc) return cert; } -/* - * TODO potentially move this and related functions to apps/lib/ - * or even better extend OSSL_STORE with type OSSL_STORE_INFO_CRL - */ static X509_REQ *load_csr_autofmt(const char *infile, const char *desc) { X509_REQ *csr; @@ -1051,7 +1047,6 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) } X509_free(cert); } - /* TODO find a cleaner solution not requiring type casts */ if (!setup_certs(opt_rsp_extracerts, "CMP extra certificates for mock server", srv_ctx, (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut)) @@ -1318,7 +1313,6 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host, /* enable and parameterize server hostname/IP address check */ if (!truststore_set_host_etc(trust_store, opt_tls_host != NULL ? opt_tls_host : host)) - /* TODO: is the server host name correct for TLS via proxy? */ goto err; SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); } diff --git a/apps/dhparam.c b/apps/dhparam.c index ba3119b2ce..982b2db549 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -273,10 +273,9 @@ int dhparam_main(int argc, char **argv) */ keytype = "DHX"; /* - * BIO_reset() returns 0 for success for file BIOs only!!! - * This won't work for stdin (and never has done) - * TODO: We should fix this at some point - */ + * BIO_reset() returns 0 for success for file BIOs only!!! + * This won't work for stdin (and never has done) + */ if (BIO_reset(in) == 0) done = 0; } diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 12a17fceed..3d6588ba23 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -885,7 +885,6 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, const char *input_type; OSSL_PARAM itp[2]; const OSSL_PARAM *params = NULL; - /* TODO make use of the engine reference 'eng' when loading pkeys */ if (ppkey != NULL) { *ppkey = NULL; @@ -2258,8 +2257,6 @@ int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const char *md, if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier", "keyid, issuer", !self_sign)) goto end; - - /* TODO any further measures for ensuring default RFC 5280 compliance */ } if (mctx != NULL && do_sign_init(mctx, pkey, md, sigopts) > 0) diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c index 1e6a27210c..1caaa2f0eb 100644 --- a/apps/lib/cmp_mock_srv.c +++ b/apps/lib/cmp_mock_srv.c @@ -204,7 +204,6 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, } if (ctx->certOut != NULL && (*certOut = X509_dup(ctx->certOut)) == NULL) - /* TODO better return a cert produced from data in request template */ goto err; if (ctx->chainOut != NULL && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL) @@ -312,7 +311,6 @@ static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error, if (sk_ASN1_UTF8STRING_num(errorDetails) <= 0) { BIO_printf(bio_err, "errorDetails absent\n"); } else { - /* TODO could use sk_ASN1_UTF8STRING2text() if exported */ BIO_printf(bio_err, "errorDetails: "); for (i = 0; i < sk_ASN1_UTF8STRING_num(errorDetails); i++) { if (i > 0) diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c index 46065d2dd0..1858d04ccb 100644 --- a/apps/lib/http_server.c +++ b/apps/lib/http_server.c @@ -405,7 +405,6 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, log_message(prog, LOG_WARNING, "HTTP request does not begin with %sPOST: %s", accept_get ? "GET or " : "", reqbuf); - /* TODO provide better diagnosis in case client tries TLS */ (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } diff --git a/apps/rsa.c b/apps/rsa.c index 5710893c7a..c4f65cac10 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -25,7 +25,7 @@ #include /* - * TODO: This include is to get OSSL_KEYMGMT_SELECT_*, which feels a bit + * This include is to get OSSL_KEYMGMT_SELECT_*, which feels a bit * much just for those macros... they might serve better as EVP macros. */ #include diff --git a/apps/x509.c b/apps/x509.c index 9632d72260..8ec6ba2db5 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -745,7 +745,6 @@ int x509_main(int argc, char **argv) if (!noout || text || next_serial) OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); - /* TODO: why is this strange object created (and no error checked)? */ if (alias) X509_alias_set1(x, (unsigned char *)alias, -1); diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c index 3742b0096f..fa81b3a28a 100644 --- a/crypto/asn1/bio_asn1.c +++ b/crypto/asn1/bio_asn1.c @@ -79,10 +79,8 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, static const BIO_METHOD methods_asn1 = { BIO_TYPE_ASN1, "asn1", - /* TODO: Convert to new style write function */ bwrite_conv, asn1_bio_write, - /* TODO: Convert to new style read function */ bread_conv, asn1_bio_read, asn1_bio_puts, diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 5804465dfe..b827c5b902 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -383,7 +383,6 @@ int BIO_sock_info(int sock, return 1; } -/* TODO simplify by BIO_socket_wait() further other uses of select() in apps/ */ /* * Wait on fd at most until max_time; succeed immediately if max_time == 0. * If for_read == 0 then assume to wait for writing, else wait for reading. diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index d12cbf9d37..cfed63bd72 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -25,10 +25,8 @@ static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_buffer = { BIO_TYPE_BUFFER, "buffer", - /* TODO: Convert to new style write function */ bwrite_conv, buffer_write, - /* TODO: Convert to new style read function */ bread_conv, buffer_read, buffer_puts, diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c index 946ff0d23b..73f1216987 100644 --- a/crypto/bio/bf_lbuf.c +++ b/crypto/bio/bf_lbuf.c @@ -30,10 +30,8 @@ static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_linebuffer = { BIO_TYPE_LINEBUFFER, "linebuffer", - /* TODO: Convert to new style write function */ bwrite_conv, linebuffer_write, - /* TODO: Convert to new style read function */ bread_conv, linebuffer_read, linebuffer_puts, diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index f5b83a89f9..f9e9fe718e 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -34,10 +34,8 @@ typedef struct nbio_test_st { static const BIO_METHOD methods_nbiof = { BIO_TYPE_NBIO_TEST, "non-blocking IO test filter", - /* TODO: Convert to new style write function */ bwrite_conv, nbiof_write, - /* TODO: Convert to new style read function */ bread_conv, nbiof_read, nbiof_puts, diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c index fff9938ca1..aca4c5eb6d 100644 --- a/crypto/bio/bf_null.c +++ b/crypto/bio/bf_null.c @@ -25,10 +25,8 @@ static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_nullf = { BIO_TYPE_NULL_FILTER, "NULL filter", - /* TODO: Convert to new style write function */ bwrite_conv, nullf_write, - /* TODO: Convert to new style read function */ bread_conv, nullf_read, nullf_puts, diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 834c2ffef1..c25f71cec2 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -56,10 +56,8 @@ static void BIO_ACCEPT_free(BIO_ACCEPT *a); static const BIO_METHOD methods_acceptp = { BIO_TYPE_ACCEPT, "socket accept", - /* TODO: Convert to new style write function */ bwrite_conv, acpt_write, - /* TODO: Convert to new style read function */ bread_conv, acpt_read, acpt_puts, diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 0b972b2b3f..699e6bf106 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -38,10 +38,8 @@ static void bio_destroy_pair(BIO *bio); static const BIO_METHOD methods_biop = { BIO_TYPE_BIO, "BIO pair", - /* TODO: Convert to new style write function */ bwrite_conv, bio_write, - /* TODO: Convert to new style read function */ bread_conv, bio_read, bio_puts, diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 3ab2c0d4ba..d146c97b82 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -63,10 +63,8 @@ void BIO_CONNECT_free(BIO_CONNECT *a); static const BIO_METHOD methods_connectp = { BIO_TYPE_CONNECT, "socket connect", - /* TODO: Convert to new style write function */ bwrite_conv, conn_write, - /* TODO: Convert to new style read function */ bread_conv, conn_read, conn_puts, diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index af3d941abb..a530832dd8 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -68,10 +68,8 @@ static void get_current_time(struct timeval *t); static const BIO_METHOD methods_dgramp = { BIO_TYPE_DGRAM, "datagram socket", - /* TODO: Convert to new style write function */ bwrite_conv, dgram_write, - /* TODO: Convert to new style read function */ bread_conv, dgram_read, dgram_puts, @@ -86,10 +84,8 @@ static const BIO_METHOD methods_dgramp = { static const BIO_METHOD methods_dgramp_sctp = { BIO_TYPE_DGRAM_SCTP, "datagram sctp socket", - /* TODO: Convert to new style write function */ bwrite_conv, dgram_sctp_write, - /* TODO: Convert to new style write function */ bread_conv, dgram_sctp_read, dgram_sctp_puts, diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c index 65e0b10311..f756225edb 100644 --- a/crypto/bio/bss_fd.c +++ b/crypto/bio/bss_fd.c @@ -60,10 +60,8 @@ int BIO_fd_should_retry(int s); static const BIO_METHOD methods_fdp = { BIO_TYPE_FD, "file descriptor", - /* TODO: Convert to new style write function */ bwrite_conv, fd_write, - /* TODO: Convert to new style read function */ bread_conv, fd_read, fd_puts, diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index affd67ac02..a6143b6abc 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -42,10 +42,8 @@ static int file_free(BIO *data); static const BIO_METHOD methods_filep = { BIO_TYPE_FILE, "FILE pointer", - /* TODO: Convert to new style write function */ bwrite_conv, file_write, - /* TODO: Convert to new style read function */ bread_conv, file_read, file_puts, @@ -407,10 +405,8 @@ static int file_free(BIO *a) static const BIO_METHOD methods_filep = { BIO_TYPE_FILE, "FILE pointer", - /* TODO: Convert to new style write function */ bwrite_conv, file_write, - /* TODO: Convert to new style read function */ bread_conv, file_read, file_puts, diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index b42cc4af8f..82abfd5cec 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -87,7 +87,6 @@ static void xcloselog(BIO *bp); static const BIO_METHOD methods_slg = { BIO_TYPE_MEM, "syslog", - /* TODO: Convert to new style write function */ bwrite_conv, slg_write, NULL, /* slg_write_old, */ diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 5e48669e1e..7e501762bb 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -26,10 +26,8 @@ static int mem_buf_sync(BIO *h); static const BIO_METHOD mem_method = { BIO_TYPE_MEM, "memory buffer", - /* TODO: Convert to new style write function */ bwrite_conv, mem_write, - /* TODO: Convert to new style read function */ bread_conv, mem_read, mem_puts, @@ -43,10 +41,8 @@ static const BIO_METHOD mem_method = { static const BIO_METHOD secmem_method = { BIO_TYPE_MEM, "secure memory buffer", - /* TODO: Convert to new style write function */ bwrite_conv, mem_write, - /* TODO: Convert to new style read function */ bread_conv, mem_read, mem_puts, diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c index f677bbbb15..371d5b7cd8 100644 --- a/crypto/bio/bss_null.c +++ b/crypto/bio/bss_null.c @@ -20,10 +20,8 @@ static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); static const BIO_METHOD null_method = { BIO_TYPE_NULL, "NULL", - /* TODO: Convert to new style write function */ bwrite_conv, null_write, - /* TODO: Convert to new style read function */ bread_conv, null_read, null_puts, diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index e142de1674..f5d8810230 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -38,10 +38,8 @@ int BIO_sock_should_retry(int s); static const BIO_METHOD methods_sockp = { BIO_TYPE_SOCKET, "socket", - /* TODO: Convert to new style write function */ bwrite_conv, sock_write, - /* TODO: Convert to new style read function */ bread_conv, sock_read, sock_puts, diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index ec401032ad..35a7ddbab7 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -11,19 +11,6 @@ #include "internal/cryptlib.h" #include "bn_local.h" -/*- - * TODO list - * - * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and - * check they can be safely removed. - * - Check +1 and other ugliness in BN_from_montgomery() - * - * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an - * appropriate 'block' size that will be honoured by bn_expand_internal() to - * prevent piddly little reallocations. OTOH, profiling bignum expansions in - * BN_CTX doesn't show this to be a big issue. - */ - /* How many bignums are in each "pool item"; */ #define BN_CTX_POOL_SIZE 16 /* The stack frame info is resizing, set a first-time expansion size; */ diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 64c7cd6a63..9e2f6861a5 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -483,7 +483,6 @@ static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods, BN_ULONG maxdelta = BN_MASK2 - primes[trial_divisions - 1]; again: - /* TODO: Not all primes are private */ if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, 0, ctx)) return 0; diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 367ddfd207..e7761ae7d9 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -71,7 +71,6 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx, if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1) return -1; - /* TODO: handle potentially multiple CertResponses in CertRepMsg */ if (crep == NULL) return -1; if (ossl_cmp_pkisi_get_status(crep->status) @@ -262,7 +261,6 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid, "received 'waiting' PKIStatus, starting to poll for response"); *rep = NULL; for (;;) { - /* TODO: handle potentially multiple poll requests per message */ if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL) goto err; @@ -277,7 +275,6 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid, char str[OSSL_CMP_PKISI_BUFLEN]; int len; - /* TODO: handle potentially multiple elements in pollRep */ if (sk_OSSL_CMP_POLLREP_num(prc) > 1) { ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED); goto err; @@ -551,7 +548,6 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED); return 0; } - /* TODO: handle potentially multiple CertResponses in CertRepMsg */ crep = ossl_cmp_certrepmessage_get0_certresponse(crepmsg, rid); if (crep == NULL) return 0; @@ -622,11 +618,6 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, if (fail_info != 0) /* immediately log error before any certConf exchange */ ossl_cmp_log1(ERROR, ctx, "rejecting newly enrolled cert with subject: %s", subj); - - /* - * TODO: better move certConf exchange to do_certreq_seq() such that - * also more low-level errors with CertReqMessages get reported to server - */ if (!ctx->disableConfirm && !ossl_cmp_hdr_has_implicitConfirm((*resp)->header)) { if (!ossl_cmp_exchange_certConf(ctx, fail_info, txt)) @@ -687,9 +678,8 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, } else { if (req_type < 0) return ossl_cmp_exchange_error(ctx, OSSL_CMP_PKISTATUS_rejection, - 0 /* TODO better fail_info value? */, - "polling aborted", 0 /* errorCode */, - "by application"); + 0, "polling aborted", + 0 /* errorCode */, "by application"); res = poll_for_response(ctx, 0 /* no sleep */, rid, &rep, checkAfter); if (res <= 0) /* waiting or error */ return res; @@ -707,7 +697,6 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, * certConf, PKIconf, and polling if required. * Will sleep as long as indicated by the server (according to checkAfter). * All enrollment options need to be present in the context. - * TODO: another function to request two certificates at once should be created. * Returns pointer to received certificate, or NULL if none was received. */ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index b0f676201e..f514ab27e0 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -770,7 +770,7 @@ DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ) /* * Set the (newly received in IP/KUP/CP) certificate in the context. - * TODO: this only permits for one cert to be enrolled at a time. + * This only permits for one cert to be enrolled at a time. */ int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert) { @@ -784,7 +784,7 @@ int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert) /* * Get the (newly received in IP/KUP/CP) client certificate from the context - * TODO: this only permits for one client cert to be received... + * This only permits for one client cert to be received... */ X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx) { diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index fec4916ed3..2b22db3e82 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -120,12 +120,9 @@ struct ossl_cmp_ctx_st { /* result returned in responses */ int status; /* PKIStatus of last received IP/CP/KUP/RP/error or -1 */ - /* TODO: this should be a stack since there could be more than one */ OSSL_CMP_PKIFREETEXT *statusString; /* of last IP/CP/KUP/RP/error */ int failInfoCode; /* failInfoCode of last received IP/CP/KUP/error, or -1 */ - /* TODO: this should be a stack since there could be more than one */ X509 *newCert; /* newly enrolled cert received from the CA */ - /* TODO: this should be a stack since there could be more than one */ STACK_OF(X509) *newChain; /* chain of newly enrolled cert received */ STACK_OF(X509) *caPubs; /* CA certs received from server (in IP message) */ STACK_OF(X509) *extraCertsIn; /* extraCerts received from server */ @@ -708,8 +705,6 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) * } -- or HMAC [RFC2104, RFC2202]) */ /*- - * TODO: this is not yet defined here - but DH is anyway not used yet - * * id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} * DHBMParameter ::= SEQUENCE { * owf AlgorithmIdentifier, diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 77b2175b11..b9c347afb8 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -399,7 +399,6 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type, if (!sk_OSSL_CRMF_MSG_push(msg->body->value.ir, local_crm)) goto err; local_crm = NULL; - /* TODO: here optional 2nd certreqmsg could be pushed to the stack */ } if (!ossl_cmp_msg_protect(ctx, msg)) @@ -465,7 +464,6 @@ OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, if (!sk_OSSL_CMP_CERTRESPONSE_push(repMsg->response, resp)) goto err; resp = NULL; - /* TODO: here optional 2nd certrep could be pushed to the stack */ if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL && (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL) @@ -529,11 +527,6 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) goto err; rd = NULL; - /* - * TODO: the Revocation Passphrase according to section 5.3.19.9 could be - * set here if set in ctx - */ - if (!ossl_cmp_msg_protect(ctx, msg)) goto err; @@ -749,10 +742,6 @@ int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus, return 1; } -/* - * TODO: handle potential 2nd certificate when signing and encrypting - * certificates have been requested/received - */ OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info, const char *text) { @@ -827,7 +816,6 @@ OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid) if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREQ)) == NULL) goto err; - /* TODO: support multiple cert request IDs to poll */ if ((preq = OSSL_CMP_POLLREQ_new()) == NULL || !ASN1_INTEGER_set(preq->certReqId, crid) || !sk_OSSL_CMP_POLLREQ_push(msg->body->value.pollReq, preq)) diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 91a66f5d6e..a7ca580cc9 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -258,7 +258,6 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) /* * For the case of re-protection remove pre-existing protection. - * TODO: Consider also removing any pre-existing extraCerts. */ X509_ALGOR_free(msg->header->protectionAlg); msg->header->protectionAlg = NULL; diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index 73c14841ca..c4ef5fa203 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -189,7 +189,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, } else { OSSL_CRMF_MSGS *reqs = req->body->value.ir; /* same for cr and kur */ - if (sk_OSSL_CRMF_MSG_num(reqs) != 1) { /* TODO: handle case > 1 */ + if (sk_OSSL_CRMF_MSG_num(reqs) != 1) { ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED); return NULL; } @@ -228,10 +228,6 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si, certOut, chainOut, caPubs, 0 /* encrypted */, srv_ctx->sendUnprotectedErrors); - /* - * TODO when implemented in ossl_cmp_certrep_new(): - * in case OSSL_CRMF_POPO_KEYENC, set encrypted - */ if (msg == NULL) ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP); @@ -258,7 +254,6 @@ static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, return NULL; if (sk_OSSL_CMP_REVDETAILS_num(req->body->value.rr) != 1) { - /* TODO: handle multiple elements if multiple requests have been sent */ ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED); return NULL; } @@ -393,7 +388,7 @@ static OSSL_CMP_MSG *process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, return NULL; prc = req->body->value.pollReq; - if (sk_OSSL_CMP_POLLREQ_num(prc) != 1) { /* TODO: handle case > 1 */ + if (sk_OSSL_CMP_POLLREQ_num(prc) != 1) { ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED); return NULL; } @@ -559,7 +554,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, rsp = process_pollReq(srv_ctx, req); break; default: - /* TODO possibly support further request message types */ ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); break; } @@ -571,7 +565,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, int flags = 0; unsigned long err = ERR_peek_error_data(&data, &flags); int fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badRequest; - /* TODO fail_info could be more specific */ OSSL_CMP_PKISI *si = NULL; if (ctx->transactionID == NULL) { @@ -615,8 +608,6 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, case OSSL_CMP_PKIBODY_PKICONF: case OSSL_CMP_PKIBODY_GENP: case OSSL_CMP_PKIBODY_ERROR: - /* TODO possibly support further terminating response message types */ - /* prepare for next transaction, ignoring any errors here: */ (void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL); (void)OSSL_CMP_CTX_set1_senderNonce(ctx, NULL); ctx->status = -1; /* transaction closed */ diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 064e8e37b3..28c9a984d2 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -672,7 +672,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, /* validate sender name of received msg */ if (hdr->sender->type != GEN_DIRNAME) { ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); - return 0; /* TODO FR#42: support for more than X509_NAME */ + return 0; } /* * Compare actual sender name of response with expected sender name. diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 47132fcbe8..a2f422a78d 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -432,7 +432,6 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, return 0; keylen = EVP_CIPHER_get_key_length(cipher); if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) { - /* TODO: make this not get a method we can call directly */ ret = EVP_CIPHER_meth_get_ctrl(cipher)(NULL, EVP_CTRL_GET_WRAP_CIPHER, 0, &kekcipher); if (ret <= 0) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index a27bbeacb1..b36a562d88 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -293,10 +293,8 @@ static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); static const BIO_METHOD bio_meth_zlib = { BIO_TYPE_COMP, "zlib", - /* TODO: Convert to new style write function */ bwrite_conv, bio_zlib_write, - /* TODO: Convert to new style read function */ bread_conv, bio_zlib_read, NULL, /* bio_zlib_puts, */ diff --git a/crypto/crmf/crmf_asn.c b/crypto/crmf/crmf_asn.c index 0f6de3ce8d..4c3a7f7dd2 100644 --- a/crypto/crmf/crmf_asn.c +++ b/crypto/crmf/crmf_asn.c @@ -88,10 +88,6 @@ ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = { ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1), ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.dhMAC, ASN1_BIT_STRING, 2), ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.agreeMAC, OSSL_CRMF_PKMACVALUE, 3), - /* - * TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be somehow - * taken from crypto/cms which exists now - this is not used anywhere so far - */ ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.encryptedKey, ASN1_NULL, 4), } ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY) diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index f402086823..d03904a7bc 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -358,7 +358,7 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps, return 0; } if (ps->poposkInput != NULL) { - /* TODO: support cases 1+2 defined in RFC 4211, section 4.1 */ + /* We do not support cases 1+2 defined in RFC 4211, section 4.1 */ ERR_raise(ERR_LIB_CRMF, CRMF_R_POPOSKINPUT_NOT_SUPPORTED); return 0; } @@ -484,10 +484,6 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY); return 0; } - /* - * TODO check the contents of the authInfo sub-field, - * see RFC 4211 https://tools.ietf.org/html/rfc4211#section-4.1 - */ it = ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT); asn = sig->poposkInput; } else { @@ -504,12 +500,6 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, return 0; break; case OSSL_CRMF_POPO_KEYENC: - /* - * TODO: when OSSL_CMP_certrep_new() supports encrypted certs, - * return 1 if the type of req->popo->value.keyEncipherment - * is OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE and - * its value.subsequentMessage == OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT - */ case OSSL_CRMF_POPO_KEYAGREE: default: ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_POPO_METHOD); diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h index ee1ec7b07a..e7e89f73ef 100644 --- a/crypto/crmf/crmf_local.h +++ b/crypto/crmf/crmf_local.h @@ -188,11 +188,6 @@ typedef struct ossl_crmf_popoprivkey_st { ASN1_INTEGER *subsequentMessage; /* 1 */ ASN1_BIT_STRING *dhMAC; /* 2 */ /* Deprecated */ OSSL_CRMF_PKMACVALUE *agreeMAC; /* 3 */ - /* - * TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be - * somehow taken from crypto/cms which exists now - * - this is not used anywhere so far - */ ASN1_NULL *encryptedKey; /* 4 */ } value; } OSSL_CRMF_POPOPRIVKEY; @@ -335,13 +330,11 @@ struct ossl_crmf_certtemplate_st { struct ossl_crmf_certrequest_st { ASN1_INTEGER *certReqId; OSSL_CRMF_CERTTEMPLATE *certTemplate; - /* TODO: make OSSL_CRMF_CONTROLS out of that - but only cosmetical */ STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; } /* OSSL_CRMF_CERTREQUEST */; DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST) DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST) -/* TODO: isn't there a better way to have this for ANY type? */ struct ossl_crmf_attributetypeandvalue_st { ASN1_OBJECT *type; union { diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 5641bee65a..0c217295d3 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -125,7 +125,6 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, * |outlen| if not NULL, will set variable to the length of the mac on success * returns 1 on success, 0 on error */ -/* TODO try to combine with other MAC calculations in the libray */ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, const OSSL_CRMF_PBMPARAMETER *pbmp, const unsigned char *msg, size_t msglen, @@ -207,7 +206,6 @@ int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); goto err; } - /* TODO generalize to non-HMAC: */ if (EVP_Q_mac(libctx, "HMAC", propq, hmac_mdname, NULL, basekey, bklen, msg, msglen, mac_res, EVP_MAX_MD_SIZE, &maclen) == NULL) goto err; diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 46e2e31475..6e73b8352c 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -194,12 +194,6 @@ void OPENSSL_showfatal(const char *fmta, ...) # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 # ifdef OPENSSL_SYS_WIN_CORE /* ONECORE is always NONGUI and NT >= 0x0601 */ - - /* - * TODO: (For non GUI and no std error cases) - * Add event logging feature here. - */ - # if !defined(NDEBUG) /* * We are in a situation where we tried to report a critical diff --git a/crypto/ct/ct_local.h b/crypto/ct/ct_local.h index 554f6b362a..e5614ddf5e 100644 --- a/crypto/ct/ct_local.h +++ b/crypto/ct/ct_local.h @@ -190,11 +190,6 @@ __owur int SCT_is_complete(const SCT *sct); */ __owur int SCT_signature_is_complete(const SCT *sct); -/* - * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature - * and o2i_SCT_signature conform to the i2d/d2i conventions. - */ - /* * Serialize (to TLS format) an |sct| signature and write it to |out|. * If |out| is null, no signature will be output but the length will be returned. diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 76bc6055bc..b317ae2ad1 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -437,7 +437,6 @@ static int dlfcn_pathbyaddr(void *addr, char *path, int sz) return len; } - /* TODO: what error report does this attach to? */ ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror()); # endif return -1; diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index ed5d403270..c6ec2964b7 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -387,7 +387,7 @@ int ossl_ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, #undef EC_POINT_BN_set_flags /* - * TODO: table should be optimised for the wNAF-based implementation, + * Table could be optimised for the wNAF-based implementation, * sometimes smaller windows will give better performance (thus the * boundaries should be increased) */ diff --git a/crypto/err/err.c b/crypto/err/err.c index c77c1920a2..84bb429c64 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -7,7 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* TODO: When ERR_STATE becomes opaque, this musts be removed */ #define OSSL_FORCE_ERR_STATE #include diff --git a/crypto/err/err_blocks.c b/crypto/err/err_blocks.c index 5a572e02ea..a658df0576 100644 --- a/crypto/err/err_blocks.c +++ b/crypto/err/err_blocks.c @@ -7,7 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* TODO: When ERR_STATE becomes opaque, this musts be removed */ #define OSSL_FORCE_ERR_STATE #include diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 5b588db18e..028811eede 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -7,7 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* TODO: When ERR_STATE becomes opaque, this musts be removed */ #define OSSL_FORCE_ERR_STATE #include diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c index 52be1c2d7c..c70e1e9554 100644 --- a/crypto/evp/asymcipher.c +++ b/crypto/evp/asymcipher.c @@ -34,10 +34,6 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation, evp_pkey_ctx_free_old_ops(ctx); ctx->operation = operation; - /* - * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark() - * calls can be removed. - */ ERR_set_mark(); if (evp_pkey_ctx_is_legacy(ctx)) @@ -90,7 +86,6 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation, } /* - * TODO remove this when legacy is gone * If we don't have the full support we need with provided methods, * let's go see if legacy does. */ @@ -134,7 +129,6 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation, legacy: /* - * TODO remove this when legacy is gone * If we don't have the full support we need with provided methods, * let's go see if legacy does. */ diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index e21661d5a4..f58e55c04d 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -46,10 +46,8 @@ typedef struct b64_struct { static const BIO_METHOD methods_b64 = { BIO_TYPE_BASE64, "base64 encoding", - /* TODO: Convert to new style write function */ bwrite_conv, b64_write, - /* TODO: Convert to new style read function */ bread_conv, b64_read, b64_puts, diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 0483c726d2..4eafaf6209 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -44,10 +44,8 @@ typedef struct enc_struct { static const BIO_METHOD methods_enc = { BIO_TYPE_CIPHER, "cipher", - /* TODO: Convert to new style write function */ bwrite_conv, enc_write, - /* TODO: Convert to new style read function */ bread_conv, enc_read, NULL, /* enc_puts, */ diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index 26a30c698b..1a85be1811 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -28,10 +28,8 @@ static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_md = { BIO_TYPE_MD, "message digest", - /* TODO: Convert to new style write function */ bwrite_conv, md_write, - /* TODO: Convert to new style read function */ bread_conv, md_read, NULL, /* md_puts, */ diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 7e3d23f2dc..97641d11d1 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -111,10 +111,8 @@ typedef struct ok_struct { static const BIO_METHOD methods_ok = { BIO_TYPE_CIPHER, "reliable", - /* TODO: Convert to new style write function */ bwrite_conv, ok_write, - /* TODO: Convert to new style read function */ bread_conv, ok_read, NULL, /* ok_puts, */ diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 2a066082d7..6503f479fa 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -201,10 +201,6 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) evp_pkey_ctx_free_old_ops(ctx); ctx->operation = EVP_PKEY_OP_DERIVE; - /* - * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark() - * calls can be removed. - */ ERR_set_mark(); if (evp_pkey_ctx_is_legacy(ctx)) @@ -275,7 +271,6 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) } /* - * TODO remove this when legacy is gone * If we don't have the full support we need with provided methods, * let's go see if legacy does. */ @@ -300,7 +295,6 @@ int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) legacy: /* - * TODO remove this when legacy is gone * If we don't have the full support we need with provided methods, * let's go see if legacy does. */ diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index dba549503d..0da6498030 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -76,10 +76,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, if (props == NULL) props = locpctx->propquery; - /* - * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark() - * calls can be removed. - */ ERR_set_mark(); if (evp_pkey_ctx_is_legacy(locpctx)) @@ -133,7 +129,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } /* - * TODO remove this when legacy is gone * If we don't have the full support we need with provided methods, * let's go see if legacy does. */ @@ -223,7 +218,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, legacy: /* - * TODO remove this when legacy is gone * If we don't have the full support we need with provided methods, * let's go see if legacy does. */ diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 9af18d90fc..2d96e3c227 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -199,7 +199,6 @@ int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) /* * Because we still have legacy keys - * TODO remove this #legacy internal keys are gone */ (*ppkey)->type = ctx->legacy_keytype; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index bcc601ee59..1256e981eb 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -271,7 +271,6 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, * values. We go through all keymgmt names, because the keytype * that's passed to this function doesn't necessarily translate * directly. - * TODO: Remove this when #legacy keys are gone. */ if (keymgmt != NULL) { int tmp_id = get_legacy_alg_type_from_keymgmt(keymgmt); @@ -323,7 +322,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, ret->libctx = libctx; ret->keytype = keytype; ret->keymgmt = keymgmt; - ret->legacy_keytype = id; /* TODO: Remove when #legacy key are gone */ + ret->legacy_keytype = id; ret->engine = e; ret->pmeth = pmeth; ret->operation = EVP_PKEY_OP_UNDEFINED; diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index 698adff088..9b289d315b 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -395,10 +395,6 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation, evp_pkey_ctx_free_old_ops(ctx); ctx->operation = operation; - /* - * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark() - * calls can be removed. - */ ERR_set_mark(); if (evp_pkey_ctx_is_legacy(ctx)) @@ -450,7 +446,6 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation, } /* - * TODO remove this when legacy is gone * If we don't have the full support we need with provided methods, * let's go see if legacy does. */ @@ -507,7 +502,6 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation, legacy: /* - * TODO remove this when legacy is gone * If we don't have the full support we need with provided methods, * let's go see if legacy does. */ diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index cd6a51989f..e7e0183b59 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -1330,7 +1330,7 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, /* Read past all following headers */ do { /* - * TODO: This does not necessarily catch the case when the full + * This does not necessarily catch the case when the full * HTTP response came in in more than a single TCP message. */ read_len = BIO_gets(fbio, mbuf, BUF_SIZE); diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 5e829fa972..7a4a45d537 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -51,12 +51,11 @@ static int ocsp_verify_signer(X509 *signer, int response, && X509_get_ext_by_NID(signer, NID_id_pkix_OCSP_noCheck, -1) >= 0) /* * Locally disable revocation status checking for OCSP responder cert. - * Done here for CRLs; TODO should be done also for OCSP-based checks. + * Done here for CRLs; should be done also for OCSP-based checks. */ X509_VERIFY_PARAM_clear_flags(vp, X509_V_FLAG_CRL_CHECK); X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER); X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST); - /* TODO: why is X509_TRUST_OCSP_REQUEST set? Seems to get ignored. */ ret = X509_verify_cert(ctx); if (ret <= 0) { diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index becf7e277c..01877057dc 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -298,8 +298,6 @@ PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio) /* * Note: there is no way to tell a provided pkey encoder to use "traditional" * encoding. Therefore, if the pkey is provided, we try to take a copy - * TODO: when #legacy keys are gone, this function will not be possible any - * more and should be removed. */ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, diff --git a/crypto/provider_core.c b/crypto/provider_core.c index eac5b58946..30fa44d789 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -980,8 +980,6 @@ static void provider_activate_fallbacks(struct provider_store_st *store) /* * We assume that all fallbacks have been added to the store before * any fallback is activated. - * TODO: We may have to reconsider this, IF we find ourselves adding - * fallbacks after any previous fallback has been activated. */ if (activated_fallback_count > 0) store->use_fallbacks = 0; diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 5b7d60d6e1..e824dcaf3c 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -270,7 +270,6 @@ int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname)) return 0; - /* TODO Revisit this if / when a new MGF algorithm appears */ if (strcasecmp(param_mgf->data, ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) return 0; diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 1817392e76..c417a4b8f6 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -780,16 +780,6 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) } #ifndef FIPS_MODULE - /* - * calculate m_i in multi-prime case - * - * TODO: - * 1. squash the following two loops and calculate |m_i| there. - * 2. remove cc and reuse |c|. - * 3. remove |dmq1| and |dmp1| in previous block and use |di|. - * - * If these things are done, the code will be more readable. - */ if (ex_primes > 0) { BIGNUM *di = BN_new(), *cc = BN_new(); diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h index 4d29857620..6aeaaa915f 100644 --- a/crypto/store/store_local.h +++ b/crypto/store/store_local.h @@ -54,7 +54,7 @@ struct ossl_store_search_st { * Used by OSSL_STORE_SEARCH_BY_NAME and * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ - X509_NAME *name; /* TODO constify this; leads to API incompatibility */ + X509_NAME *name; /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ const ASN1_INTEGER *serial; diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c index c78d96d532..91c679718c 100644 --- a/crypto/store/store_result.c +++ b/crypto/store/store_result.c @@ -399,8 +399,6 @@ static int try_key(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, * engine provided legacy key. * This is the same as der2key_decode() does, but in a limited * way and within the walls of libcrypto. - * - * TODO Remove this when #legacy keys are gone */ if (pk == NULL) pk = try_key_value_legacy(data, &store_info_new, ctx, diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index bdfb4cb08b..8b84792b05 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -523,11 +523,5 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx) BIO_free(bio); } - /* - * TODO we could check policies here too, e.g.: - * if (cert_error == X509_V_OK && ok == 2) - * policies_print(NULL, ctx); - */ - return ok; } diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c index 4e0403844e..8bb35bd8a3 100644 --- a/crypto/x509/v3_addr.c +++ b/crypto/x509/v3_addr.c @@ -140,7 +140,6 @@ static int i2r_address(BIO *out, return 0; BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); break; - /* TODO possibly combine with ipaddr_to_asc() */ case IANA_AFI_IPV6: if (!addr_expand(addr, bs, 16, fill)) return 0; diff --git a/crypto/x509/v3_bcons.c b/crypto/x509/v3_bcons.c index 2fabcd900e..6e7a165f26 100644 --- a/crypto/x509/v3_bcons.c +++ b/crypto/x509/v3_bcons.c @@ -72,7 +72,6 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, } else if (strcmp(val->name, "pathlen") == 0) { if (!X509V3_get_value_int(val, &bcons->pathlen)) goto err; - /* TODO add sanity check on int value - at least, must be >= 0 */ } else { ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NAME); X509V3_conf_add_error_name_value(val); diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 6da3fdfa52..255db422bd 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -991,7 +991,6 @@ char *ossl_ipaddr_to_asc(unsigned char *p, int len) case 4: /* IPv4 */ BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); break; - /* TODO possibly combine with static i2r_address() in v3_addr.c */ case 16: /* IPv6 */ for (out = buf, i = 8, remain = sizeof(buf); i-- > 0 && bytes >= 0; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index b36ddb69a1..3b76b92f71 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -541,7 +541,6 @@ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v) return v->objs; } -/* TODO param type could be constified as change to lock is intermittent */ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store) { STACK_OF(X509) *sk; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 278b8b6765..bb54a064bc 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -553,7 +553,6 @@ static int check_extensions(X509_STORE_CTX *ctx) CB_FAIL_IF(x->altname != NULL && sk_GENERAL_NAME_num(x->altname) <= 0, ctx, x, i, X509_V_ERR_EMPTY_SUBJECT_ALT_NAME); - /* TODO add more checks on SAN entries */ /* Check sig alg consistency acc. to RFC 5280 section 4.1.1.2 */ CB_FAIL_IF(X509_ALGOR_cmp(&x->sig_alg, &x->cert_info.signature) != 0, ctx, x, i, X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY); @@ -2088,8 +2087,9 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, rvn = sk_X509_REVOKED_value(revs, i); /* - * Add only if not also in base. TODO: need something cleverer here - * for some more complex CRLs covering multiple CAs. + * Add only if not also in base. + * Need something cleverer here for some more complex CRLs covering + * multiple CAs. */ if (!X509_CRL_get0_by_serial(base, &rvtmp, &rvn->serialNumber)) { rvtmp = X509_REVOKED_dup(rvn); @@ -2101,7 +2101,6 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, } } } - /* TODO: optionally prune deleted entries */ if (skey != NULL && md != NULL && !X509_CRL_sign(crl, skey, md)) goto memerr; diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 7ae35f21fd..c21184d964 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -225,7 +225,6 @@ X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a) return pubkey; } -/* TODO should better be called X509_PUBKEY_set1 */ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { X509_PUBKEY *pk = NULL; diff --git a/fuzz/client.c b/fuzz/client.c index b8afe55336..698ff0f669 100644 --- a/fuzz/client.c +++ b/fuzz/client.c @@ -63,10 +63,6 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) if (len == 0) return 0; - /* - * TODO: use the ossltest engine (optionally?) to disable crypto checks. - */ - /* This only fuzzes the initial flow from the client so far. */ ctx = SSL_CTX_new(SSLv23_method()); diff --git a/fuzz/server.c b/fuzz/server.c index 6234e15ccc..e481e5621c 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -538,10 +538,6 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) if (len < 2) return 0; - /* - * TODO: use the ossltest engine (optionally?) to disable crypto checks. - */ - /* This only fuzzes the initial flow from the client so far. */ ctx = SSL_CTX_new(SSLv23_method()); @@ -618,8 +614,6 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) X509_free(cert); #endif - /* TODO: Set up support for SRP and PSK */ - server = SSL_new(ctx); in = BIO_new(BIO_s_mem()); out = BIO_new(BIO_s_mem()); diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h index 5a187e41a7..829c5980d2 100644 --- a/include/crypto/asn1.h +++ b/include/crypto/asn1.h @@ -74,10 +74,6 @@ struct evp_pkey_asn1_method_st { int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); - /* - * TODO: Make sure these functions are defined for key types that are - * implemented in providers. - */ /* Exports and imports to / from providers */ size_t (*dirty_cnt) (const EVP_PKEY *pk); int (*export_to) (const EVP_PKEY *pk, void *to_keydata, diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 4877fb21f9..d5d3cdb719 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -661,7 +661,6 @@ X509_INFO *X509_INFO_new(void); void X509_INFO_free(X509_INFO *a); char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); -/* TODO move this block of decls to asn1.h when 'breaking change' is possible */ #ifndef OPENSSL_NO_DEPRECATED_3_0 OSSL_DEPRECATEDIN_3_0 int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, @@ -699,9 +698,9 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); ASN1_INTEGER *X509_get_serialNumber(X509 *x); const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); int X509_set_issuer_name(X509 *x, const X509_NAME *name); -X509_NAME *X509_get_issuer_name(const X509 *a); /* TODO change to get0_ */ +X509_NAME *X509_get_issuer_name(const X509 *a); int X509_set_subject_name(X509 *x, const X509_NAME *name); -X509_NAME *X509_get_subject_name(const X509 *a); /* TODO change to get0_ */ +X509_NAME *X509_get_subject_name(const X509 *a); const ASN1_TIME * X509_get0_notBefore(const X509 *x); ASN1_TIME *X509_getm_notBefore(const X509 *x); int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); @@ -738,7 +737,7 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); long X509_REQ_get_version(const X509_REQ *req); int X509_REQ_set_version(X509_REQ *x, long version); -X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); /* TODO change to get0_ */ +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); @@ -796,7 +795,7 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl); OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); #endif -X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); /* TODO change to get0_ */ +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 6ed4378a2f..30fe7c6b21 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -49,7 +49,6 @@ static int load_common(const OSSL_PARAM params[], const char **propquery, } *engine = NULL; - /* TODO legacy stuff, to be removed */ /* Inside the FIPS module, we don't support legacy ciphers */ #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE); @@ -87,7 +86,6 @@ int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc, EVP_CIPHER_free(pc->alloc_cipher); ERR_set_mark(); pc->cipher = pc->alloc_cipher = EVP_CIPHER_fetch(ctx, p->data, propquery); - /* TODO legacy stuff, to be removed */ #ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy ciphers */ if (pc->cipher == NULL) pc->cipher = EVP_get_cipherbyname(p->data); @@ -157,7 +155,6 @@ int ossl_prov_digest_load_from_params(PROV_DIGEST *pd, ERR_set_mark(); ossl_prov_digest_fetch(pd, ctx, p->data, propquery); - /* TODO legacy stuff, to be removed */ #ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy digests */ if (pd->md == NULL) pd->md = EVP_get_digestbyname(p->data); diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index f95c785522..8d32c64fbf 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -602,7 +602,6 @@ static int prepare_ec_explicit_params(const void *eckey, /* * This implements EcpkParameters, where the CHOICE is based on whether there * is a curve name (curve nid) to be found or not. See RFC 3279 for details. - * TODO: shouldn't we use i2d_ECPKParameters()? */ static int prepare_ec_params(const void *eckey, int nid, int save, void **pstr, int *pstrtype) diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index fd7373a3e9..f77f6e0324 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -601,7 +601,7 @@ void ossl_rand_pool_keep_random_devices_open(int keep) /* * Try the various seeding methods in turn, exit when successful. * - * TODO(DRBG): If more than one entropy source is available, is it + * If more than one entropy source is available, is it * preferable to stop as soon as enough entropy has been collected * (as favored by @rsalz) or should one rather be defensive and add * more entropy than requested and/or from different sources? diff --git a/providers/implementations/rands/seeding/rand_vms.c b/providers/implementations/rands/seeding/rand_vms.c index 98d0ce31a4..8f8855321b 100644 --- a/providers/implementations/rands/seeding/rand_vms.c +++ b/providers/implementations/rands/seeding/rand_vms.c @@ -160,7 +160,7 @@ static const struct item_st RMI_item_data[] = { {4, RMI$_BLKOUT}, {4, RMI$_DIRIN}, {4, RMI$_DIROUT}, - /* We currently get a fault when trying these. TODO: To be figured out. */ + /* We currently get a fault when trying these */ #if 0 {140, RMI$_MSCP_EVERYTHING}, /* 35 32-bit words */ {152, RMI$_DDTM_ALL}, /* 38 32-bit words */ diff --git a/ssl/build.info b/ssl/build.info index c17084b9ad..f2de0371ae 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -15,10 +15,10 @@ IF[{- !$disabled{ktls} -}] $KTLSSRC=ktls.c ENDIF -#TODO: For now we just include the libcrypto packet.c in libssl as well. We -# could either continue to do it like this, or export all the WPACKET -# symbols so that libssl can use them like any other. Probably would do -# this privately so it does not become part of the public API. +# For now we just include the libcrypto packet.c in libssl as well. We +# could either continue to do it like this, or export all the WPACKET +# symbols so that libssl can use them like any other. Probably would do +# this privately so it does not become part of the public API. SOURCE[../libssl]=\ pqueue.c ../crypto/packet.c \ statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \ diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 5626b7f506..f9ad4ed684 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -797,7 +797,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) BIO_ADDR_free(tmpclient); tmpclient = NULL; - /* TODO(size_t): convert this call */ if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) { if (BIO_should_retry(wbio)) { /* diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index a217db772a..aacd5694fc 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -295,7 +295,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, clear_sys_error(); if (s->rbio != NULL) { s->rwstate = SSL_READING; - /* TODO(size_t): Convert this function */ ret = BIO_read(s->rbio, pkt + len + left, max - left); if (ret >= 0) bioread = ret; @@ -722,7 +721,6 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */ mac_size = 0; } else { - /* TODO(siz_t): Convert me */ mac_size = EVP_MD_CTX_get_size(s->write_hash); if (mac_size < 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -833,7 +831,6 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) { int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { - /* TODO(size_t): Convert me */ eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); if (eivlen <= 1) eivlen = 0; @@ -1195,7 +1192,6 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, return i; BIO_set_ktls_ctrl_msg(s->wbio, type); } - /* TODO(size_t): Convert this call */ i = BIO_write(s->wbio, (char *) &(SSL3_BUFFER_get_buf(&wb[currbuf]) [SSL3_BUFFER_get_offset(&wb[currbuf])]), diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 8c4ff01dd1..4275c19cff 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -521,7 +521,6 @@ int ssl3_get_record(SSL *s) if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) goto skip_decryption; - /* TODO(size_t): convert this to do size_t properly */ if (s->read_hash != NULL) { const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash); @@ -782,7 +781,6 @@ int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr) if (rr->comp == NULL) return 0; - /* TODO(size_t): Convert this call */ i = COMP_expand_block(ssl->expand, rr->comp, SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length); if (i < 0) @@ -799,7 +797,6 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) #ifndef OPENSSL_NO_COMP int i; - /* TODO(size_t): Convert this call */ i = COMP_compress_block(ssl->compress, wr->data, (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD), wr->input, (int)wr->length); @@ -858,7 +855,6 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, int provided = (EVP_CIPHER_get0_provider(enc) != NULL); l = rec->length; - /* TODO(size_t): Convert this call */ bs = EVP_CIPHER_CTX_get_block_size(ds); /* COMPRESS */ @@ -916,7 +912,6 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending, } } } else { - /* TODO(size_t): Convert this call */ if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1) { /* Shouldn't happen */ SSLfatal(s, SSL_AD_BAD_RECORD_MAC, ERR_R_INTERNAL_ERROR); @@ -1212,7 +1207,6 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, } else { /* Legacy cipher */ - /* TODO(size_t): Convert this call */ tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input, (unsigned int)reclen[0]); if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds)) @@ -1471,7 +1465,6 @@ int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending) return 0; } - /* TODO(size_t): Convert these calls */ if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { @@ -1546,7 +1539,6 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) rr->data = rr->input; rr->orig_len = rr->length; - /* TODO(size_t): convert this to do size_t properly */ if (s->read_hash != NULL) { const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash); @@ -1850,10 +1842,6 @@ int dtls1_get_record(SSL *s) if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) { #endif /* Check whether this is a repeat, or aged record. */ - /* - * TODO: Does it make sense to have replay protection in epoch 0 where - * we have no integrity negotiated yet? - */ if (!dtls1_record_replay_check(s, bitmap)) { rr->length = 0; rr->read = 1; diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index 13c007ae23..3d35071847 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -35,7 +35,6 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, if (n_recs != 1) { /* Should not happen */ - /* TODO(TLS1.3): Support pipelining */ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -139,7 +138,6 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, return 0; } - /* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */ if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0 || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 8e1c779ddb..b0e3496ba2 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -500,7 +500,6 @@ int ssl3_cbc_digest_record(const EVP_MD *md, || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0) goto err; } - /* TODO(size_t): Convert me */ ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u); if (ret && md_out_size) *md_out_size = md_out_size_u; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 64b246eb65..2ca3f74ae7 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -499,7 +499,6 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, SSL3_RANDOM_SIZE) <= 0 || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), SSL3_RANDOM_SIZE) <= 0 - /* TODO(size_t) : convert me */ || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 || EVP_DigestUpdate(ctx, p, len) <= 0 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index d7c19feedf..dd22e57c59 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1543,7 +1543,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, /* * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs. - * TODO(openssl-team): is there an easier way to accomplish all this? */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1, &head, &tail); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 063134015a..c1e8e41f02 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2246,11 +2246,6 @@ int SSL_shutdown(SSL *s) int SSL_key_update(SSL *s, int updatetype) { - /* - * TODO(TLS1.3): How will applications know whether TLSv1.3 has been - * negotiated, and that it is appropriate to call SSL_key_update() instead - * of SSL_renegotiate(). - */ if (!SSL_IS_TLS13(s)) { ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_SSL_VERSION); return 0; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 28603a81ad..b222fc6a2d 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1379,7 +1379,7 @@ struct ssl_st { size_t previous_client_finished_len; unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; size_t previous_server_finished_len; - int send_connection_binding; /* TODOEKR */ + int send_connection_binding; # ifndef OPENSSL_NO_NEXTPROTONEG /* diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 8dc418ca48..01871dca8c 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -107,7 +107,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (x->ext.tick) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; - /* TODO(size_t): Convert this call */ if (BIO_dump_indent (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4) <= 0) diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index d12e940704..f58111c95c 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -115,8 +115,6 @@ typedef struct extensions_definition_st { * messages the extension is relevant to. These flags also specify whether the * extension is relevant to a particular protocol or protocol version. * - * TODO(TLS1.3): Make sure we have a test to check the consistency of these - * * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at * the end, keep these extensions before signature_algorithm. */ diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 545b2d034f..78cc226064 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -629,7 +629,7 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) } /* - * TODO(TLS1.3): When changing to send more than one key_share we're + * When changing to send more than one key_share we're * going to need to be able to save more than one EVP_PKEY. For now * we reuse the existing tmp.pkey */ @@ -668,8 +668,8 @@ EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, tls1_get_supported_groups(s, &pgroups, &num_groups); /* - * TODO(TLS1.3): Make the number of key_shares sent configurable. For - * now, just send one + * Make the number of key_shares sent configurable. For + * now, we just send one */ if (s->s3.group_id != 0) { curve_id = s->s3.group_id; @@ -1387,7 +1387,6 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends a CertificateRequest */ - /* TODO(TLS1.3): Add support for this */ return 1; } @@ -1429,7 +1428,6 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, { if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) { /* We ignore this if the server sends it in a CertificateRequest */ - /* TODO(TLS1.3): Add support for this */ return 1; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 51c3251635..e8e57cd5d9 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -155,10 +155,6 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, * the initial handshake and the resumption. In TLSv1.3 SNI is not * associated with the session. */ - /* - * TODO(openssl-team): if the SNI doesn't match, we MUST - * fall back to a full handshake. - */ s->servername_done = (s->session->ext.hostname != NULL) && PACKET_equal(&hostname, s->session->ext.hostname, strlen(s->session->ext.hostname)); @@ -215,10 +211,6 @@ int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - /* - * TODO(openssl-team): currently, we re-authenticate the user - * upon resumption. Instead, we MUST ignore the login. - */ if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -364,7 +356,6 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, } id_data = PACKET_data(&responder_id); - /* TODO(size_t): Convert d2i_* to size_t */ id = d2i_OCSP_RESPID(NULL, &id_data, (int)PACKET_remaining(&responder_id)); if (id == NULL) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 88b34c6ad1..e8e9f94651 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -168,7 +168,8 @@ static int ossl_statem_client13_read_transition(SSL *s, int mt) } if (mt == SSL3_MT_CERTIFICATE_REQUEST) { #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION -# error TODO(DTLS1.3): Restore digest for PHA before adding message. + /* Restore digest for PHA before adding message.*/ +# error Internal DTLS version error #endif if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) { s->post_handshake_auth = SSL_PHA_REQUESTED; @@ -1985,7 +1986,6 @@ static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - /* TODO(size_t): Convert BN_bin2bn() calls */ if ((s->srp_ctx.N = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL)) == NULL @@ -2035,7 +2035,6 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - /* TODO(size_t): Convert these calls */ p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL); g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator), NULL); @@ -2573,7 +2572,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) goto err; } /* - * TODO(size_t): we use sess_len here because EVP_Digest expects an int + * We use sess_len here because EVP_Digest expects an int * but s->session->session_id_length is a size_t */ if (!EVP_Digest(s->session->ext.tick, ticklen, @@ -2853,7 +2852,6 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt) pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; - /* TODO(size_t): Convert this function */ if (RAND_bytes_ex(s->ctx->libctx, pms + 2, pmslen - 2, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); goto err; @@ -3059,7 +3057,6 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt) if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 /* Generate session key - * TODO(size_t): Convert this function */ || RAND_bytes_ex(s->ctx->libctx, pms, pmslen, 0) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index a954097a39..c1c0d455e1 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1765,7 +1765,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* * We don't allow resumption in a backwards compatible ClientHello. - * TODO(openssl-team): in TLS1.1+, session_id MUST be empty. + * In TLS1.1+, session_id MUST be empty. * * Versions before 0.9.7 always allow clients to resume sessions in * renegotiation. 0.9.7 and later allow this by default, but optionally diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 03a83ee9a0..51688d4f2e 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -333,7 +333,6 @@ int tls1_change_cipher_state(SSL *s, int which) p = s->s3.tmp.key_block; i = *mac_secret_size = s->s3.tmp.new_mac_secret_size; - /* TODO(size_t): convert me */ cl = EVP_CIPHER_get_key_length(c); j = cl; k = tls_iv_length_within_key_block(c); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index d22a794d37..3bc424acef 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3079,7 +3079,7 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, continue; /* - * TODO this does not differentiate between the + * This does not differentiate between the * rsa_pss_pss_* and rsa_pss_rsae_* schemes since we do not * have a chain here that lets us look at the key OID in the * signing certificate. diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 53aeea446b..11e39715d8 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -402,7 +402,6 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, return 0; } - /* TODO(size_t): convert me */ keylen = EVP_CIPHER_get_key_length(ciph); if (EVP_CIPHER_get_mode(ciph) == EVP_CIPH_CCM_MODE) { uint32_t algenc; diff --git a/test/algorithmid_test.c b/test/algorithmid_test.c index b484315ad3..ce5fbffc22 100644 --- a/test/algorithmid_test.c +++ b/test/algorithmid_test.c @@ -107,16 +107,6 @@ static int test_x509_spki_aid(X509 *cert, const char *filename) return test_spki_aid(pubkey, filename); } -/* - * TODO - * When we gain the ability to get an EVP_SIGNATURE with a complete signature - * algorithm name (like "sha1WithRSAEncryption" or its corresponding OID in - * text form, "1.2.840.113549.1.1.2"), we won't have to limit this test to - * what we have in libcrypto's cross-reference db, i.e. won't have to call - * OBJ_find_sigid_algs() to find out the EVP_PKEY_METHOD NID any more. - * All we'd have to do is used OBJ_obj2txt() on an ASN1_OBJECT and pass the - * result. - */ static int test_x509_sig_aid(X509 *eecert, const char *ee_filename, X509 *cacert, const char *ca_filename) { diff --git a/test/bntest.c b/test/bntest.c index b6147395fd..c90db8f8e4 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -28,7 +28,7 @@ #endif /* - * Things in boring, not in openssl. TODO we should add them. + * Things in boring, not in openssl. */ #define HAVE_BN_PADDED 0 #define HAVE_BN_SQRT 0 @@ -1100,7 +1100,7 @@ static int file_sum(STANZA *s) /* * Test that the functions work when |r| and |a| point to the same BIGNUM, * or when |r| and |b| point to the same BIGNUM. - * TODO: Test where all of |r|, |a|, and |b| point to the same BIGNUM. + * There is no test for all of |r|, |a|, and |b| pointint to the same BIGNUM. */ if (!TEST_true(BN_copy(ret, a)) || !TEST_true(BN_add(ret, ret, b)) @@ -1127,7 +1127,6 @@ static int file_sum(STANZA *s) * documented as having. Note that these functions are frequently used * when the prerequisites don't hold. In those cases, they are supposed * to work as if the prerequisite hold, but we don't test that yet. - * TODO: test that. */ if (!BN_is_negative(a) && !BN_is_negative(b) && BN_cmp(a, b) >= 0) { if (!TEST_true(BN_uadd(ret, a, b)) @@ -1140,7 +1139,8 @@ static int file_sum(STANZA *s) /* * Test that the functions work when |r| and |a| point to the same * BIGNUM, or when |r| and |b| point to the same BIGNUM. - * TODO: Test where all of |r|, |a|, and |b| point to the same BIGNUM. + * There is no test for all of |r|, |a|, and |b| pointint to the same + * BIGNUM. */ if (!TEST_true(BN_copy(ret, a)) || !TEST_true(BN_uadd(ret, ret, b)) diff --git a/test/cmp_asn_test.c b/test/cmp_asn_test.c index 24f6605ce9..36ae8a6008 100644 --- a/test/cmp_asn_test.c +++ b/test/cmp_asn_test.c @@ -117,10 +117,5 @@ int setup_tests(void) ADD_TEST(test_cmp_asn1_get_int); ADD_TEST(test_ASN1_OCTET_STRING_set); ADD_TEST(test_ASN1_OCTET_STRING_set_tgt_is_src); - /* - * TODO make sure that total number of tests (here currently 24) is shown, - * also for other cmp_*text.c. Currently the test drivers always show 1. - */ - return 1; } diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index d181a03d19..863a765886 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -101,7 +101,6 @@ static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture) if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx))) return 0; sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); - /* TODO: check if the returned value is the expected one (same as sent) */ return 1; } @@ -115,7 +114,6 @@ static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture) if (!TEST_ptr(res) || !TEST_int_eq(X509_cmp(res, client_cert), 0)) return 0; - /* TODO: check that cerfConf has been exchanged unless implicitConfirm */ if (fixture->caPubs != NULL) { STACK_OF(X509) *caPubs = OSSL_CMP_CTX_get1_caPubs(fixture->cmp_ctx); int ret = TEST_int_eq(STACK_OF_X509_cmp(fixture->caPubs, caPubs), 0); @@ -169,7 +167,6 @@ static int test_exec_IR_ses_poll(void) ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 2); ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, checkAfter); EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); - /* TODO: check that 2 rounds are done or session takes 2..3 seconds */ return result; } diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c index ce0038d596..f4bc65bb9e 100644 --- a/test/cmp_hdr_test.c +++ b/test/cmp_hdr_test.c @@ -480,10 +480,5 @@ int setup_tests(void) /* also tests internal function ossl_cmp_hdr_get_pvno(): */ ADD_TEST(test_HDR_init_with_ref); ADD_TEST(test_HDR_init_with_subject); - /* - * TODO make sure that total number of tests (here currently 24) is shown, - * also for other cmp_*text.c. Currently the test drivers always show 1. - */ - return 1; } diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index 97255306da..0543634c73 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -1196,13 +1196,7 @@ static handshake_status_t handshake_status(peer_status_t last_status, /* The client failed immediately before sending the ClientHello */ return client_spoke_last ? CLIENT_ERROR : INTERNAL_ERROR; case PEER_SUCCESS: - /* - * First peer succeeded but second peer errored. - * TODO(emilia): we should be able to continue here (with some - * application data?) to ensure the first peer receives the - * alert / close_notify. - * (No tests currently exercise this branch.) - */ + /* First peer succeeded but second peer errored. */ return client_spoke_last ? CLIENT_ERROR : SERVER_ERROR; case PEER_RETRY: /* We errored; let the peer finish. */ diff --git a/test/helpers/pkcs12.c b/test/helpers/pkcs12.c index ab877bca00..cb94be7b88 100644 --- a/test/helpers/pkcs12.c +++ b/test/helpers/pkcs12.c @@ -319,7 +319,6 @@ static STACK_OF(PKCS12_SAFEBAG) *decode_contentinfo(STACK_OF(PKCS7) *safes, int if (enc) { if (!TEST_int_eq(bagnid, NID_pkcs7_encrypted)) goto err; - /* TODO: Check algorithm (iterations?) against what we originally set */ bags = PKCS12_unpack_p7encdata(p7, enc->pass, strlen(enc->pass)); } else { if (!TEST_int_eq(bagnid, NID_pkcs7_data)) @@ -518,8 +517,6 @@ static int check_attrs(const STACK_OF(X509_ATTRIBUTE) *bag_attrs, const PKCS12_A while(p_attr->oid != NULL) { /* Find a matching attribute type */ if (strcmp(p_attr->oid, attr_txt) == 0) { - - /* TODO: Handle multi-value attributes */ if (!TEST_int_eq(X509_ATTRIBUTE_count(attr), 1)) goto err; @@ -603,8 +600,6 @@ void check_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, pb->success = 0; goto err; } - /* TODO: handle key attributes */ - /* PKCS8_pkey_get0_attrs(p8c); */ break; case NID_pkcs8ShroudedKeyBag: @@ -621,8 +616,6 @@ void check_keybag(PKCS12_BUILDER *pb, const unsigned char *bytes, int len, pb->success = 0; goto err; } - /* TODO: handle key attributes */ - /* PKCS8_pkey_get0_attrs(p8); */ PKCS8_PRIV_KEY_INFO_free(p8); break; diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index c779b72371..60a275a014 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -636,7 +636,7 @@ static void sv_usage(void) #endif fprintf(stderr, " -no_dhe - disable DHE\n"); #ifndef OPENSSL_NO_EC - fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n"); + fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); #endif #ifndef OPENSSL_NO_PSK fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); diff --git a/test/sslapitest.c b/test/sslapitest.c index 7275d6f9c6..2b73e43305 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -326,10 +326,6 @@ static int test_keylog_output(char *buffer, const SSL *ssl, if (!TEST_ptr(token = strtok(NULL, " \n"))) return 0; - - /* - * TODO(TLS1.3): test that application traffic secrets are what - * we expect */ } else { TEST_info("Unexpected token %s\n", token); return 0; @@ -2907,10 +2903,6 @@ static int test_set_sigalgs(int idx) &sctx, &cctx, cert, privkey))) return 0; - /* - * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it - * for TLSv1.2 for now until we add a new API. - */ SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); if (testctx) { diff --git a/util/find-doc-nits b/util/find-doc-nits index 7498ac6865..467f551093 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -730,7 +730,6 @@ sub check { next if $target =~ /openssl-?/; next if ( grep { basename($_) eq "$target.pod" } files(TAGS => [ 'manual', 'man1' ]) ); - # TODO: Filter out "foreign manual" links. next if $target =~ /ps|apropos|sha1sum|procmail|perl/; err($id, "Bad command link L<$target(1)>") if grep /man1/, @sections; } From tomas at openssl.org Wed Jun 2 07:59:45 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 02 Jun 2021 07:59:45 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1622620785.647691.13698.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5b74c197f315fe1e6591876aaa82e275e4f05f54 (commit) from 3ee328ab9eff0bf0c86d07b24555a81f403d2ecb (commit) - Log ----------------------------------------------------------------- commit 5b74c197f315fe1e6591876aaa82e275e4f05f54 Author: Trev Larock Date: Fri May 28 02:26:41 2021 +0000 Modify ssl_handshake_hash to call SSLfatal When EVP_MD_CTX_new fails call SSLfatal before the goto err. This resolves a state machine issue on the out of memory condition: ssl/statem/statem.c:643: OpenSSL internal error: Assertion failed: (s)->statem.in_init && (s)->statem.state == MSG_FLOW_ERROR Fixes #15491. CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15511) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5501ecdb58..e1c95ddc60 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4557,8 +4557,11 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, } ctx = EVP_MD_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, + ERR_R_INTERNAL_ERROR); goto err; + } if (!EVP_MD_CTX_copy_ex(ctx, hdgst) || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { From pauli at openssl.org Wed Jun 2 10:47:31 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 02 Jun 2021 10:47:31 +0000 Subject: [openssl] master update Message-ID: <1622630851.829978.25912.nullmailer@dev.openssl.org> The branch master has been updated via 5bcbdee621fbf05df7431b8fbb0ea7de7054e1f0 (commit) via 45e6e5073a66e3c7da3af3dd3df6164c1a9cbf1b (commit) via d11e55508270df3501ec6826d82b4380ab64e189 (commit) via bcd5d3a22d21010cf28c3b7b5f1c79b22be6da7a (commit) via 6ea964cd4a1b2e945fbf79204d123811bc57d3a5 (commit) via 2e006ae77bffb4596568549d6aa4df6ef21bb8b6 (commit) via f2e3584d10f0ee61a35e2b5862b49f71ef5630bd (commit) via c768893e7de5c85fdd47c1a464e83a8dbf05ac0d (commit) from 4cedf30e995f9789cf6bb103e248d33285a84067 (commit) - Log ----------------------------------------------------------------- commit 5bcbdee621fbf05df7431b8fbb0ea7de7054e1f0 Author: Pauli Date: Tue Jun 1 21:48:29 2021 +1000 list: update to not use XXX_get_number() calls Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15564) commit 45e6e5073a66e3c7da3af3dd3df6164c1a9cbf1b Author: Pauli Date: Tue Jun 1 21:48:11 2021 +1000 store: include internal header Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15564) commit d11e55508270df3501ec6826d82b4380ab64e189 Author: Pauli Date: Tue Jun 1 21:19:39 2021 +1000 doc: fix OSSL_(EN|DE)CODER_get0_name function names Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15564) commit bcd5d3a22d21010cf28c3b7b5f1c79b22be6da7a Author: Pauli Date: Tue Jun 1 21:18:04 2021 +1000 libcrypto: make XXX_get_number() internal Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15564) commit 6ea964cd4a1b2e945fbf79204d123811bc57d3a5 Author: Pauli Date: Tue Jun 1 21:17:47 2021 +1000 doc: make XXX_get_number() internal Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15564) commit 2e006ae77bffb4596568549d6aa4df6ef21bb8b6 Author: Pauli Date: Tue Jun 1 12:53:31 2021 +1000 Add internal get_number functions to internal headers Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15564) commit f2e3584d10f0ee61a35e2b5862b49f71ef5630bd Author: Pauli Date: Tue Jun 1 12:51:45 2021 +1000 add internal get_number functons to crypto/evp.h Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15564) commit c768893e7de5c85fdd47c1a464e83a8dbf05ac0d Author: Pauli Date: Tue Jun 1 12:44:26 2021 +1000 doc: move XXX_get_number() documentation to internal These functions are effectively useless for users outside of libcrypto. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15564) ----------------------------------------------------------------------- Summary of changes: apps/list.c | 101 +++++++--------------------- crypto/encode_decode/decoder_meth.c | 2 +- crypto/encode_decode/encoder_meth.c | 2 +- crypto/evp/asymcipher.c | 2 +- crypto/evp/evp_lib.c | 4 +- crypto/evp/evp_rand.c | 2 +- crypto/evp/exchange.c | 2 +- crypto/evp/kdf_lib.c | 2 +- crypto/evp/kem.c | 2 +- crypto/evp/keymgmt_meth.c | 2 +- crypto/evp/mac_lib.c | 2 +- crypto/evp/signature.c | 2 +- crypto/store/store_meth.c | 4 +- doc/internal/man3/evp_md_get_number.pod | 115 ++++++++++++++++++++++++++++++++ doc/man3/EVP_ASYM_CIPHER_free.pod | 6 +- doc/man3/EVP_DigestInit.pod | 8 +-- doc/man3/EVP_EncryptInit.pod | 7 -- doc/man3/EVP_KDF.pod | 6 +- doc/man3/EVP_KEM_free.pod | 5 +- doc/man3/EVP_KEYEXCH_free.pod | 9 +-- doc/man3/EVP_KEYMGMT.pod | 7 -- doc/man3/EVP_MAC.pod | 7 +- doc/man3/EVP_RAND.pod | 9 +-- doc/man3/EVP_SIGNATURE_free.pod | 6 +- doc/man3/OSSL_DECODER.pod | 9 +-- doc/man3/OSSL_ENCODER.pod | 9 +-- doc/man3/OSSL_STORE_LOADER.pod | 9 +-- include/crypto/decoder.h | 2 + include/crypto/encoder.h | 1 + include/crypto/evp.h | 12 ++++ include/crypto/store.h | 1 + include/openssl/decoder.h | 1 - include/openssl/encoder.h | 1 - include/openssl/evp.h | 9 --- include/openssl/kdf.h | 1 - include/openssl/store.h | 1 - util/libcrypto.num | 13 ---- 37 files changed, 180 insertions(+), 203 deletions(-) create mode 100644 doc/internal/man3/evp_md_get_number.pod diff --git a/apps/list.c b/apps/list.c index 2b2676b2cd..612f55a311 100644 --- a/apps/list.c +++ b/apps/list.c @@ -88,13 +88,8 @@ DEFINE_STACK_OF(EVP_CIPHER) static int cipher_cmp(const EVP_CIPHER * const *a, const EVP_CIPHER * const *b) { - int ret = EVP_CIPHER_get_number(*a) - EVP_CIPHER_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b))); - - return ret; + return strcmp(OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b))); } static void collect_ciphers(EVP_CIPHER *cipher, void *stack) @@ -177,13 +172,8 @@ static void legacy_md_fn(const EVP_MD *m, DEFINE_STACK_OF(EVP_MD) static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b) { - int ret = EVP_MD_get_number(*a) - EVP_MD_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*b))); - - return ret; + return strcmp(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*b))); } static void collect_digests(EVP_MD *digest, void *stack) @@ -250,13 +240,8 @@ static void list_digests(void) DEFINE_STACK_OF(EVP_MAC) static int mac_cmp(const EVP_MAC * const *a, const EVP_MAC * const *b) { - int ret = EVP_MAC_get_number(*a) - EVP_MAC_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*b))); - - return ret; + return strcmp(OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*b))); } static void collect_macs(EVP_MAC *mac, void *stack) @@ -319,13 +304,8 @@ static void list_macs(void) DEFINE_STACK_OF(EVP_KDF) static int kdf_cmp(const EVP_KDF * const *a, const EVP_KDF * const *b) { - int ret = EVP_KDF_get_number(*a) - EVP_KDF_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*b))); - - return ret; + return strcmp(OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*b))); } static void collect_kdfs(EVP_KDF *kdf, void *stack) @@ -520,12 +500,8 @@ DEFINE_STACK_OF(OSSL_ENCODER) static int encoder_cmp(const OSSL_ENCODER * const *a, const OSSL_ENCODER * const *b) { - int ret = OSSL_ENCODER_get_number(*a) - OSSL_ENCODER_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*b))); - return ret; + return strcmp(OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*b))); } static void collect_encoders(OSSL_ENCODER *encoder, void *stack) @@ -588,12 +564,8 @@ DEFINE_STACK_OF(OSSL_DECODER) static int decoder_cmp(const OSSL_DECODER * const *a, const OSSL_DECODER * const *b) { - int ret = OSSL_DECODER_get_number(*a) - OSSL_DECODER_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*b))); - return ret; + return strcmp(OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*b))); } static void collect_decoders(OSSL_DECODER *decoder, void *stack) @@ -654,12 +626,8 @@ DEFINE_STACK_OF(EVP_KEYMGMT) static int keymanager_cmp(const EVP_KEYMGMT * const *a, const EVP_KEYMGMT * const *b) { - int ret = EVP_KEYMGMT_get_number(*a) - EVP_KEYMGMT_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*b))); - return ret; + return strcmp(OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*b))); } static void collect_keymanagers(EVP_KEYMGMT *km, void *stack) @@ -720,12 +688,8 @@ DEFINE_STACK_OF(EVP_SIGNATURE) static int signature_cmp(const EVP_SIGNATURE * const *a, const EVP_SIGNATURE * const *b) { - int ret = EVP_SIGNATURE_get_number(*a) - EVP_SIGNATURE_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b))); - return ret; + return strcmp(OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b))); } static void collect_signatures(EVP_SIGNATURE *sig, void *stack) @@ -783,12 +747,8 @@ DEFINE_STACK_OF(EVP_KEM) static int kem_cmp(const EVP_KEM * const *a, const EVP_KEM * const *b) { - int ret = EVP_KEM_get_number(*a) - EVP_KEM_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b))); - return ret; + return strcmp(OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b))); } static void collect_kem(EVP_KEM *kem, void *stack) @@ -846,12 +806,8 @@ DEFINE_STACK_OF(EVP_ASYM_CIPHER) static int asymcipher_cmp(const EVP_ASYM_CIPHER * const *a, const EVP_ASYM_CIPHER * const *b) { - int ret = EVP_ASYM_CIPHER_get_number(*a) - EVP_ASYM_CIPHER_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*b))); - return ret; + return strcmp(OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*b))); } static void collect_asymciph(EVP_ASYM_CIPHER *asym_cipher, void *stack) @@ -911,12 +867,8 @@ DEFINE_STACK_OF(EVP_KEYEXCH) static int kex_cmp(const EVP_KEYEXCH * const *a, const EVP_KEYEXCH * const *b) { - int ret = EVP_KEYEXCH_get_number(*a) - EVP_KEYEXCH_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*b))); - return ret; + return strcmp(OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*a)), + OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*b))); } static void collect_kex(EVP_KEYEXCH *kex, void *stack) @@ -1196,13 +1148,8 @@ DEFINE_STACK_OF(OSSL_STORE_LOADER) static int store_cmp(const OSSL_STORE_LOADER * const *a, const OSSL_STORE_LOADER * const *b) { - int ret = OSSL_STORE_LOADER_get_number(*a) - OSSL_STORE_LOADER_get_number(*b); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*b))); - - return ret; + return strcmp(OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*a)), + OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*b))); } static void collect_store_loaders(OSSL_STORE_LOADER *store, void *stack) diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c index 708b319314..7197b9090d 100644 --- a/crypto/encode_decode/decoder_meth.c +++ b/crypto/encode_decode/decoder_meth.c @@ -421,7 +421,7 @@ const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder) return decoder->base.propdef; } -int OSSL_DECODER_get_number(const OSSL_DECODER *decoder) +int ossl_decoder_get_number(const OSSL_DECODER *decoder) { if (!ossl_assert(decoder != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c index 33655c12a6..81cebb2659 100644 --- a/crypto/encode_decode/encoder_meth.c +++ b/crypto/encode_decode/encoder_meth.c @@ -433,7 +433,7 @@ const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder) return encoder->base.propdef; } -int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder) +int ossl_encoder_get_number(const OSSL_ENCODER *encoder) { if (!ossl_assert(encoder != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c index c70e1e9554..1368f7094e 100644 --- a/crypto/evp/asymcipher.c +++ b/crypto/evp/asymcipher.c @@ -428,7 +428,7 @@ int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name) return evp_is_a(cipher->prov, cipher->name_id, NULL, name); } -int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher) +int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher) { return cipher->name_id; } diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 8a03c4490b..bb91b22678 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -660,7 +660,7 @@ int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) return evp_is_a(NULL, 0, EVP_CIPHER_get0_name(cipher), name); } -int EVP_CIPHER_get_number(const EVP_CIPHER *cipher) +int evp_cipher_get_number(const EVP_CIPHER *cipher) { return cipher->name_id; } @@ -714,7 +714,7 @@ int EVP_MD_is_a(const EVP_MD *md, const char *name) return evp_is_a(NULL, 0, EVP_MD_get0_name(md), name); } -int EVP_MD_get_number(const EVP_MD *md) +int evp_md_get_number(const EVP_MD *md) { return md->name_id; } diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 1e41fe0765..a76d746d9a 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -293,7 +293,7 @@ void EVP_RAND_free(EVP_RAND *rand) evp_rand_free(rand); } -int EVP_RAND_get_number(const EVP_RAND *rand) +int evp_rand_get_number(const EVP_RAND *rand) { return rand->name_id; } diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 6503f479fa..72472aaace 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -458,7 +458,7 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) return ctx->pmeth->derive(ctx, key, pkeylen); } -int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *keyexch) +int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch) { return keyexch->name_id; } diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 65b1617b81..77080e0b8d 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -83,7 +83,7 @@ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src) return dst; } -int EVP_KDF_get_number(const EVP_KDF *kdf) +int evp_kdf_get_number(const EVP_KDF *kdf) { return kdf->name_id; } diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c index 594633cf92..721b840ea5 100644 --- a/crypto/evp/kem.c +++ b/crypto/evp/kem.c @@ -343,7 +343,7 @@ int EVP_KEM_is_a(const EVP_KEM *kem, const char *name) return evp_is_a(kem->prov, kem->name_id, NULL, name); } -int EVP_KEM_get_number(const EVP_KEM *kem) +int evp_kem_get_number(const EVP_KEM *kem) { return kem->name_id; } diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 841eae1df8..439b8f035c 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -251,7 +251,7 @@ const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt) return keymgmt->prov; } -int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt) +int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt) { return keymgmt->name_id; } diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index bd8543b2c4..339d10919f 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -203,7 +203,7 @@ int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) return 1; } -int EVP_MAC_get_number(const EVP_MAC *mac) +int evp_mac_get_number(const EVP_MAC *mac) { return mac->name_id; } diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c index 9b289d315b..b31f6a4bd0 100644 --- a/crypto/evp/signature.c +++ b/crypto/evp/signature.c @@ -319,7 +319,7 @@ int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name) return evp_is_a(signature->prov, signature->name_id, NULL, name); } -int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature) +int evp_signature_get_number(const EVP_SIGNATURE *signature) { return signature->name_id; } diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c index 7f11d4fbea..cf2d1c6bba 100644 --- a/crypto/store/store_meth.c +++ b/crypto/store/store_meth.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include #include +#include "crypto/store.h" #include "internal/core.h" #include "internal/namemap.h" #include "internal/property.h" @@ -393,7 +393,7 @@ const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader) return loader->propdef; } -int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader) +int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader) { if (!ossl_assert(loader != NULL)) { ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); diff --git a/doc/internal/man3/evp_md_get_number.pod b/doc/internal/man3/evp_md_get_number.pod new file mode 100644 index 0000000000..8e5bbd4437 --- /dev/null +++ b/doc/internal/man3/evp_md_get_number.pod @@ -0,0 +1,115 @@ +=pod + +=head1 NAME + +ossl_decoder_get_number, evp_md_get_number, evp_cipher_get_number, +evp_mac_get_number, evp_rand_get_number, evp_keymgmt_get_number, +evp_signature_get_number, evp_asym_cipher_get_number, evp_kem_get_number, +evp_keyexch_get_number, evp_kdf_get_number, ossl_encoder_get_number, +ossl_store_loader_get_number - EVP get internal identification numbers + +=head1 SYNOPSIS + + #include + + int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher); + int evp_cipher_get_number(const EVP_CIPHER *e); + int evp_kdf_get_number(const EVP_KDF *kdf); + int evp_kem_get_number(const EVP_KEM *kem); + int evp_keyexch_get_number(const EVP_KEYEXCH *exchange); + int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt); + int evp_mac_get_number(const EVP_MAC *mac); + int evp_md_get_number(const EVP_MD *md); + int evp_rand_get_number(const EVP_RAND *rand); + int evp_signature_get_number(const EVP_SIGNATURE *signature); + int ossl_decoder_get_number(const OSSL_DECODER *decoder); + int ossl_encoder_get_number(const OSSL_ENCODER *encoder); + int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader); + +=head1 DESCRIPTION + +All provided algorithms get an associated integer identification number. +This number is dynamic and should be expected to vary from run to run. +These numbers should only be considered to be unique per provider per +library context. + +=over 4 + +=item evp_asym_cipher_get_number() + +Returns the internal dynamic number assigned to I. + +=item evp_cipher_get_number() + +Returns the internal dynamic number assigned to the I. This is only +useful with fetched Bs. + +=item evp_kdf_get_number() + +Keturns the internal dynamic number assigned to I. + +=item evp_kem_get_number() + +Returns the internal dynamic number assigned to I. + +=item evp_keyexch_get_number() + +Returns the internal dynamic number assigned to the I. + +=item evp_keymgmt_get_number() + +Returns the internal dynamic number assigned to the I. + +=item evp_mac_get_number() + +Returns the internal dynamic number assigned to I. + +=item evp_md_get_number() + +Returns the internal dynamic number assigned to the I. This is +only useful with fetched Bs. + +=item evp_rand_get_number() + +Returns the internal dynamic number assigned to I. + +=item evp_signature_get_number() + +Returns the internal dynamic number assigned to I. + +=item ossl_decoder_get_number() + +Returns the internal dynamic number assigned to the given I. + +=item ossl_encoder_get_number() + +Returns the internal dynamic number assigned to the given I. + +=item ossl_store_loader_get_number() + +Returns the internal dynamic number assigned to the given I. + +=back + +=head1 RETURN VALUES + +All of these functions return the provider specific identification number +for the specified algorithm. + +=head1 SEE ALSO + + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/EVP_ASYM_CIPHER_free.pod b/doc/man3/EVP_ASYM_CIPHER_free.pod index 2b34eb4469..72910a5599 100644 --- a/doc/man3/EVP_ASYM_CIPHER_free.pod +++ b/doc/man3/EVP_ASYM_CIPHER_free.pod @@ -3,7 +3,7 @@ =head1 NAME EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref, -EVP_ASYM_CIPHER_get_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_get0_provider, +EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_get0_provider, EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all, EVP_ASYM_CIPHER_get0_name, EVP_ASYM_CIPHER_get0_description, EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params @@ -17,7 +17,6 @@ EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params const char *properties); void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); - int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher); const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher); int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher); @@ -62,9 +61,6 @@ all activated providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_ASYM_CIPHER_get_number() returns the internal dynamic number assigned to -I. - EVP_ASYM_CIPHER_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index b1d83c1b89..201c011095 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -12,7 +12,7 @@ EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, -EVP_MD_is_a, EVP_MD_get0_name, EVP_MD_get0_description, EVP_MD_get_number, +EVP_MD_is_a, EVP_MD_get0_name, EVP_MD_get0_description, EVP_MD_names_do_all, EVP_MD_get0_provider, EVP_MD_get_type, EVP_MD_get_pkey_type, EVP_MD_get_size, EVP_MD_get_block_size, EVP_MD_get_flags, EVP_MD_CTX_get0_name, EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md, @@ -72,7 +72,6 @@ EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data const char *EVP_MD_get0_name(const EVP_MD *md); const char *EVP_MD_get0_description(const EVP_MD *md); - int EVP_MD_get_number(const EVP_MD *md); int EVP_MD_is_a(const EVP_MD *md, const char *name); int EVP_MD_names_do_all(const EVP_MD *md, void (*fn)(const char *name, void *data), @@ -327,11 +326,6 @@ EVP_sha256() rather than the result of an EVP_MD_fetch()), only cipher names registered with the default library context (see L) will be considered. -=item EVP_MD_get_number() - -Returns the internal dynamic number assigned to the I. This is -only useful with fetched Bs. - =item EVP_MD_get0_name(), EVP_MD_CTX_get0_name() diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index cd4b8b5c56..965e0d9248 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -35,7 +35,6 @@ EVP_get_cipherbyobj, EVP_CIPHER_is_a, EVP_CIPHER_get0_name, EVP_CIPHER_get0_description, -EVP_CIPHER_get_number, EVP_CIPHER_names_do_all, EVP_CIPHER_get0_provider, EVP_CIPHER_get_nid, @@ -166,7 +165,6 @@ EVP_CIPHER_CTX_mode const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); int EVP_CIPHER_get_nid(const EVP_CIPHER *e); - int EVP_CIPHER_get_number(const EVP_CIPHER *e); int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, void (*fn)(const char *name, void *data), @@ -521,11 +519,6 @@ value from the likes of EVP_aes128() rather than the result of an EVP_CIPHER_fetch()), only cipher names registered with the default library context (see L) will be considered. -=item EVP_CIPHER_get_number() - -Returns the internal dynamic number assigned to the I. This is only -useful with fetched Bs. - =item EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name() Return the name of the passed cipher or context. For fetched ciphers with diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 2fd6651c2b..e89e703483 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -6,7 +6,7 @@ EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, EVP_KDF_CTX_reset, EVP_KDF_derive, EVP_KDF_CTX_get_kdf_size, -EVP_KDF_get0_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, EVP_KDF_get_number, +EVP_KDF_get0_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, EVP_KDF_get0_name, EVP_KDF_names_do_all, EVP_KDF_get0_description, EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, EVP_KDF_get_params, EVP_KDF_gettable_params, @@ -32,7 +32,6 @@ EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines void EVP_KDF_free(EVP_KDF *kdf); EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties); - int EVP_KDF_get_number(const EVP_KDF *kdf); int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); const char *EVP_KDF_get0_name(const EVP_KDF *kdf); const char *EVP_KDF_get0_description(const EVP_KDF *kdf); @@ -171,9 +170,6 @@ providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_KDF_get_number() returns the internal dynamic number assigned to -I. - EVP_KDF_get0_name() return the name of the given KDF. For fetched KDFs with multiple names, only one of them is returned; it's recommended to use EVP_KDF_names_do_all() instead. diff --git a/doc/man3/EVP_KEM_free.pod b/doc/man3/EVP_KEM_free.pod index 766825859b..e77b89d3b9 100644 --- a/doc/man3/EVP_KEM_free.pod +++ b/doc/man3/EVP_KEM_free.pod @@ -3,7 +3,7 @@ =head1 NAME EVP_KEM_fetch, EVP_KEM_free, EVP_KEM_up_ref, -EVP_KEM_get_number, EVP_KEM_get0_name, EVP_KEM_is_a, EVP_KEM_get0_provider, +EVP_KEM_get0_name, EVP_KEM_is_a, EVP_KEM_get0_provider, EVP_KEM_do_all_provided, EVP_KEM_names_do_all, EVP_KEM_get0_description, EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params - Functions to manage EVP_KEM algorithm objects @@ -16,7 +16,6 @@ EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params const char *properties); void EVP_KEM_free(EVP_KEM *kem); int EVP_KEM_up_ref(EVP_KEM *kem); - int EVP_KEM_get_number(const EVP_KEM *kem); const char *EVP_KEM_get0_name(const EVP_KEM *kem); int EVP_KEM_is_a(const EVP_KEM *kem, const char *name); OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem); @@ -55,8 +54,6 @@ providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_KEM_get_number() returns the internal dynamic number assigned to I. - EVP_KEM_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod index 28eaf523f8..42c7e1289c 100644 --- a/doc/man3/EVP_KEYEXCH_free.pod +++ b/doc/man3/EVP_KEYEXCH_free.pod @@ -4,8 +4,7 @@ EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_get0_provider, EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, -EVP_KEYEXCH_get_number, EVP_KEYEXCH_names_do_all, -EVP_KEYEXCH_get0_name, EVP_KEYEXCH_get0_description, +EVP_KEYEXCH_names_do_all, EVP_KEYEXCH_get0_name, EVP_KEYEXCH_get0_description, EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params - Functions to manage EVP_KEYEXCH algorithm objects @@ -19,7 +18,6 @@ EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange); int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *exchange, const char *name); - int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *exchange); const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *exchange); void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYEXCH *exchange, void *arg), @@ -54,9 +52,6 @@ fetched from. EVP_KEYEXCH_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -EVP_KEYEXCH_get_number() returns the internal dynamic number assigned to -the I. - EVP_KEYEXCH_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the @@ -93,8 +88,6 @@ names. A return value of 0 means that the callback was not called for any names. EVP_KEYEXCH_is_a() returns 1 of I was identifiable, otherwise 0. -EVP_KEYEXCH_get_number() returns an integer. - EVP_KEYEXCH_gettable_ctx_params() and EVP_KEYEXCH_settable_ctx_params() return a constant B array or NULL on error. diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod index de5a9256a0..6b6e117369 100644 --- a/doc/man3/EVP_KEYMGMT.pod +++ b/doc/man3/EVP_KEYMGMT.pod @@ -8,7 +8,6 @@ EVP_KEYMGMT_up_ref, EVP_KEYMGMT_free, EVP_KEYMGMT_get0_provider, EVP_KEYMGMT_is_a, -EVP_KEYMGMT_get_number, EVP_KEYMGMT_get0_description, EVP_KEYMGMT_get0_name, EVP_KEYMGMT_do_all_provided, @@ -30,7 +29,6 @@ EVP_KEYMGMT_gen_settable_params void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt); int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); - int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt); const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt); const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt); @@ -71,9 +69,6 @@ implementation. EVP_KEYMGMT_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -EVP_KEYMGMT_get_number() returns the internal dynamic number assigned to -the I. - EVP_KEYMGMT_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the @@ -127,8 +122,6 @@ on error. EVP_KEYMGMT_is_a() returns 1 of I was identifiable, otherwise 0. -EVP_KEYMGMT_get_number() returns an integer. - EVP_KEYMGMT_get0_name() returns the algorithm name, or NULL on error. EVP_KEYMGMT_get0_description() returns a pointer to a decription, or NULL if diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 6468e22a02..0c68f42b6f 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -3,8 +3,7 @@ =head1 NAME EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, -EVP_MAC_get_number, EVP_MAC_get0_name, EVP_MAC_names_do_all, -EVP_MAC_get0_description, +EVP_MAC_get0_name, EVP_MAC_names_do_all, EVP_MAC_get0_description, EVP_MAC_get0_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, EVP_MAC_CTX_get0_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, @@ -26,7 +25,6 @@ EVP_MAC_do_all_provided - EVP MAC routines int EVP_MAC_up_ref(EVP_MAC *mac); void EVP_MAC_free(EVP_MAC *mac); int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); - int EVP_MAC_get_number(const EVP_MAC *mac); const char *EVP_MAC_get0_name(const EVP_MAC *mac); int EVP_MAC_names_do_all(const EVP_MAC *mac, void (*fn)(const char *name, void *data), @@ -228,9 +226,6 @@ providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_MAC_get_number() returns the internal dynamic number assigned to -I. - EVP_MAC_get0_name() return the name of the given MAC. For fetched MACs with multiple names, only one of them is returned; it's recommended to use EVP_MAC_names_do_all() instead. diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod index bcee801c4e..f21b2f69d7 100644 --- a/doc/man3/EVP_RAND.pod +++ b/doc/man3/EVP_RAND.pod @@ -8,7 +8,7 @@ EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce, EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_get_strength, EVP_RAND_get_state, EVP_RAND_get0_provider, EVP_RAND_CTX_get0_rand, EVP_RAND_is_a, -EVP_RAND_get_number, EVP_RAND_get0_name, EVP_RAND_names_do_all, +EVP_RAND_get0_name, EVP_RAND_names_do_all, EVP_RAND_get0_description, EVP_RAND_CTX_get_params, EVP_RAND_CTX_set_params, EVP_RAND_do_all_provided, EVP_RAND_get_params, @@ -39,7 +39,6 @@ EVP_RAND_STATE_ERROR - EVP RAND routines const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand); const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx); const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx); - int EVP_RAND_get_number(const EVP_RAND *rand); const char *EVP_RAND_get0_name(const EVP_RAND *rand); const char *EVP_RAND_get0_description(const EVP_RAND *rand); int EVP_RAND_is_a(const EVP_RAND *rand, const char *name); @@ -243,9 +242,6 @@ providers in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_RAND_get_number() returns the internal dynamic number assigned to -I. - EVP_RAND_get0_name() returns the canonical name of I. EVP_RAND_names_do_all() traverses all names for I, and calls @@ -361,9 +357,6 @@ with the context. EVP_RAND_get0_name() returns the name of the random number generation algorithm. -EVP_RAND_get_number() returns the provider specific identification number -for the specified algorithm. - EVP_RAND_up_ref() returns 1 on success, 0 on error. EVP_RAND_names_do_all() returns 1 if the callback was called for all names. A diff --git a/doc/man3/EVP_SIGNATURE_free.pod b/doc/man3/EVP_SIGNATURE_free.pod index 5c506dc67c..4642f40efc 100644 --- a/doc/man3/EVP_SIGNATURE_free.pod +++ b/doc/man3/EVP_SIGNATURE_free.pod @@ -3,7 +3,7 @@ =head1 NAME EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, -EVP_SIGNATURE_get_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_get0_provider, +EVP_SIGNATURE_is_a, EVP_SIGNATURE_get0_provider, EVP_SIGNATURE_do_all_provided, EVP_SIGNATURE_names_do_all, EVP_SIGNATURE_get0_name, EVP_SIGNATURE_get0_description, EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params @@ -17,7 +17,6 @@ EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params const char *properties); void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); - int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature); const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature); @@ -63,9 +62,6 @@ activated roviders in the given library context I, and for each of the implementations, calls the given function I with the implementation method and the given I as argument. -EVP_SIGNATURE_get_number() returns the internal dynamic number assigned to -I. - EVP_SIGNATURE_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the diff --git a/doc/man3/OSSL_DECODER.pod b/doc/man3/OSSL_DECODER.pod index 10917ed462..334f955e16 100644 --- a/doc/man3/OSSL_DECODER.pod +++ b/doc/man3/OSSL_DECODER.pod @@ -9,7 +9,6 @@ OSSL_DECODER_free, OSSL_DECODER_get0_provider, OSSL_DECODER_get0_properties, OSSL_DECODER_is_a, -OSSL_DECODER_get_number, OSSL_DECODER_get0_name, OSSL_DECODER_get0_description, OSSL_DECODER_do_all_provided, @@ -31,7 +30,6 @@ OSSL_DECODER_get_params const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *decoder); const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder); int OSSL_DECODER_is_a(const OSSL_DECODER *decoder, const char *name); - int OSSL_DECODER_get_number(const OSSL_DECODER *decoder); const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder); const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder); void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, @@ -73,10 +71,7 @@ with the given I. OSSL_DECODER_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -OSSL_DECODER_get_number() returns the internal dynamic number assigned -to the given I. - -OSSL_DECODER_get_number() returns the name used to fetch the given I. +OSSL_DECODER_get0_name() returns the name used to fetch the given I. OSSL_DECODER_get0_description() returns a description of the I, meant for display and human consumption. The description is at the discretion @@ -115,8 +110,6 @@ definition string, or NULL on error. OSSL_DECODER_is_a() returns 1 if I was identifiable, otherwise 0. -OSSL_DECODER_get_number() returns an integer. - OSSL_DECODER_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod index 0ff37a3b82..cfabba2e1d 100644 --- a/doc/man3/OSSL_ENCODER.pod +++ b/doc/man3/OSSL_ENCODER.pod @@ -9,7 +9,6 @@ OSSL_ENCODER_free, OSSL_ENCODER_get0_provider, OSSL_ENCODER_get0_properties, OSSL_ENCODER_is_a, -OSSL_ENCODER_get_number, OSSL_ENCODER_get0_name, OSSL_ENCODER_get0_description, OSSL_ENCODER_do_all_provided, @@ -31,7 +30,6 @@ OSSL_ENCODER_get_params const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder); const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder); int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name); - int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder); const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *encoder); const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *encoder); void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, @@ -73,10 +71,7 @@ with the given I. OSSL_ENCODER_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -OSSL_ENCODER_get_number() returns the internal dynamic number assigned to -the given I. - -OSSL_ENCODER_get_number() returns the name used to fetch the given I. +OSSL_ENCODER_get0_name() returns the name used to fetch the given I. OSSL_ENCODER_get0_description() returns a description of the I, meant for display and human consumption. The description is at the discretion of the @@ -116,8 +111,6 @@ definition string, or NULL on error. OSSL_ENCODER_is_a() returns 1 of I was identifiable, otherwise 0. -OSSL_ENCODER_get_number() returns an integer. - OSSL_ENCODER_get0_name() returns the algorithm name from the provided implementation for the given I. Note that the I may have multiple synonyms associated with it. In this case the first name from the diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 1d790fa6d7..04fd318897 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -9,7 +9,6 @@ OSSL_STORE_LOADER_free, OSSL_STORE_LOADER_get0_provider, OSSL_STORE_LOADER_get0_properties, OSSL_STORE_LOADER_is_a, -OSSL_STORE_LOADER_get_number, OSSL_STORE_LOADER_get0_description, OSSL_STORE_LOADER_do_all_provided, OSSL_STORE_LOADER_names_do_all, @@ -42,7 +41,6 @@ unregister STORE loaders for different URI schemes const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER * loader); const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader); - int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader); const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader); int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, const char *scheme); @@ -138,9 +136,6 @@ with the given I. OSSL_STORE_LOADER_is_a() checks if I is an implementation of an algorithm that's identifiable with I. -OSSL_STORE_LOADER_get_number() returns the internal dynamic number assigned -to the given I. - OSSL_STORE_LOADER_get0_description() returns a description of the I, meant for display and human consumption. The description is at the discretion of the I implementation. @@ -332,8 +327,6 @@ definition string, or NULL on error. OSSL_STORE_LOADER_is_a() returns 1 if I was identifiable, otherwise 0. -OSSL_STORE_LOADER_get_number() returns an integer. - OSSL_STORE_LOADER_get0_description() returns a pointer to a decription, or NULL if there isn't one. @@ -367,7 +360,7 @@ L OSSL_STORE_LOADER_fetch(), OSSL_STORE_LOADER_up_ref(), OSSL_STORE_LOADER_free(), OSSL_STORE_LOADER_get0_provider(), OSSL_STORE_LOADER_get0_properties(), OSSL_STORE_LOADER_is_a(), -OSSL_STORE_LOADER_get_number(), OSSL_STORE_LOADER_do_all_provided() and +OSSL_STORE_LOADER_do_all_provided() and OSSL_STORE_LOADER_names_do_all() were added in OpenSSL 3.0. OSSL_STORE_open_ex_fn() was added in OpenSSL 3.0. diff --git a/include/crypto/decoder.h b/include/crypto/decoder.h index a591e43a96..3cf1077fca 100644 --- a/include/crypto/decoder.h +++ b/include/crypto/decoder.h @@ -37,5 +37,7 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, OSSL_LIB_CTX *libctx, const char *propquery); +int ossl_decoder_get_number(const OSSL_DECODER *encoder); + #endif diff --git a/include/crypto/encoder.h b/include/crypto/encoder.h index a04ba93d54..d3e2155c7e 100644 --- a/include/crypto/encoder.h +++ b/include/crypto/encoder.h @@ -11,3 +11,4 @@ OSSL_ENCODER *ossl_encoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id, const char *properties); +int ossl_encoder_get_number(const OSSL_ENCODER *encoder); diff --git a/include/crypto/evp.h b/include/crypto/evp.h index ce772dbec1..8438fe0e99 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -934,4 +934,16 @@ EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey); RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey); # endif +/* Get internal identification number routines */ +int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher); +int evp_cipher_get_number(const EVP_CIPHER *cipher); +int evp_kdf_get_number(const EVP_KDF *kdf); +int evp_kem_get_number(const EVP_KEM *wrap); +int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch); +int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt); +int evp_mac_get_number(const EVP_MAC *mac); +int evp_md_get_number(const EVP_MD *md); +int evp_rand_get_number(const EVP_RAND *rand); +int evp_signature_get_number(const EVP_SIGNATURE *signature); + #endif /* OSSL_CRYPTO_EVP_H */ diff --git a/include/crypto/store.h b/include/crypto/store.h index 5c86660b30..13d2646bba 100644 --- a/include/crypto/store.h +++ b/include/crypto/store.h @@ -16,5 +16,6 @@ # include void ossl_store_cleanup_int(void); +int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader); #endif diff --git a/include/openssl/decoder.h b/include/openssl/decoder.h index a939d0dcb1..d4ee2cf413 100644 --- a/include/openssl/decoder.h +++ b/include/openssl/decoder.h @@ -33,7 +33,6 @@ void OSSL_DECODER_free(OSSL_DECODER *encoder); const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *encoder); const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *encoder); -int OSSL_DECODER_get_number(const OSSL_DECODER *encoder); const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder); const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder); int OSSL_DECODER_is_a(const OSSL_DECODER *encoder, const char *name); diff --git a/include/openssl/encoder.h b/include/openssl/encoder.h index 62560ba3c2..e62e33fc89 100644 --- a/include/openssl/encoder.h +++ b/include/openssl/encoder.h @@ -33,7 +33,6 @@ void OSSL_ENCODER_free(OSSL_ENCODER *encoder); const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder); const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder); -int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder); const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *kdf); const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *kdf); int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 3f5693824c..c4338dae9c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -534,7 +534,6 @@ int EVP_MD_get_type(const EVP_MD *md); const char *EVP_MD_get0_name(const EVP_MD *md); # define EVP_MD_name EVP_MD_get0_name const char *EVP_MD_get0_description(const EVP_MD *md); -int EVP_MD_get_number(const EVP_MD *md); int EVP_MD_is_a(const EVP_MD *md, const char *name); int EVP_MD_names_do_all(const EVP_MD *md, void (*fn)(const char *name, void *data), @@ -580,7 +579,6 @@ int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher); const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); # define EVP_CIPHER_name EVP_CIPHER_get0_name const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); -int EVP_CIPHER_get_number(const EVP_CIPHER *cipher); int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, void (*fn)(const char *name, void *data), @@ -1193,7 +1191,6 @@ EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties); int EVP_MAC_up_ref(EVP_MAC *mac); void EVP_MAC_free(EVP_MAC *mac); -int EVP_MAC_get_number(const EVP_MAC *mac); const char *EVP_MAC_get0_name(const EVP_MAC *mac); const char *EVP_MAC_get0_description(const EVP_MAC *mac); int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); @@ -1238,7 +1235,6 @@ EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties); int EVP_RAND_up_ref(EVP_RAND *rand); void EVP_RAND_free(EVP_RAND *rand); -int EVP_RAND_get_number(const EVP_RAND *rand); const char *EVP_RAND_get0_name(const EVP_RAND *rand); const char *EVP_RAND_get0_description(const EVP_RAND *md); int EVP_RAND_is_a(const EVP_RAND *rand, const char *name); @@ -1757,7 +1753,6 @@ void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt); const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt); const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt); -int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt); int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), @@ -1840,7 +1835,6 @@ OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature); EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); -int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature); const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature); void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, @@ -1859,7 +1853,6 @@ OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher); EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); -int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher); const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher); const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher); void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, @@ -1878,7 +1871,6 @@ OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *wrap); EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); int EVP_KEM_is_a(const EVP_KEM *wrap, const char *name); -int EVP_KEM_get_number(const EVP_KEM *wrap); const char *EVP_KEM_get0_name(const EVP_KEM *wrap); const char *EVP_KEM_get0_description(const EVP_KEM *wrap); void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, @@ -2143,7 +2135,6 @@ EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, const char *properties); OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange); int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name); -int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *keyexch); const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch); const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch); void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index 2cc4fc4ad2..0983230a48 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -33,7 +33,6 @@ EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); -int EVP_KDF_get_number(const EVP_KDF *kdf); const char *EVP_KDF_get0_description(const EVP_KDF *kdf); int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); const char *EVP_KDF_get0_name(const EVP_KDF *kdf); diff --git a/include/openssl/store.h b/include/openssl/store.h index 746bb0321e..c3e9beeff6 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -261,7 +261,6 @@ void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER * loader); const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader); -int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader); const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader); int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, const char *scheme); diff --git a/util/libcrypto.num b/util/libcrypto.num index f53092a0a4..5b1a67dec0 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4783,13 +4783,6 @@ EVP_KEYMGMT_names_do_all 4910 3_0_0 EXIST::FUNCTION: EVP_KEYEXCH_names_do_all 4911 3_0_0 EXIST::FUNCTION: EVP_KDF_names_do_all 4912 3_0_0 EXIST::FUNCTION: EVP_SIGNATURE_names_do_all 4913 3_0_0 EXIST::FUNCTION: -EVP_MD_get_number 4914 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_get_number 4915 3_0_0 EXIST::FUNCTION: -EVP_MAC_get_number 4916 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_get_number 4917 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_get_number 4918 3_0_0 EXIST::FUNCTION: -EVP_KDF_get_number 4919 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_get_number 4920 3_0_0 EXIST::FUNCTION: OSSL_CMP_CTX_snprint_PKIStatus 4921 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_HDR_get0_transactionID 4922 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_HDR_get0_recipNonce 4923 3_0_0 EXIST::FUNCTION:CMP @@ -4805,7 +4798,6 @@ EVP_ASYM_CIPHER_up_ref 4932 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_get0_provider 4933 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_fetch 4934 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_is_a 4935 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_get_number 4936 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_do_all_provided 4937 3_0_0 EXIST::FUNCTION: EVP_ASYM_CIPHER_names_do_all 4938 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_rsa_padding 4939 3_0_0 EXIST::FUNCTION: @@ -4827,7 +4819,6 @@ EVP_PKEY_meth_get_digestverify 4954 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ OSSL_ENCODER_up_ref 4955 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_free 4956 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_fetch 4957 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_get_number 4958 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_is_a 4959 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_get0_provider 4960 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_do_all_provided 4961 3_0_0 EXIST::FUNCTION: @@ -5043,7 +5034,6 @@ OSSL_PARAM_set_all_unmodified 5170 3_0_0 EXIST::FUNCTION: EVP_RAND_fetch 5171 3_0_0 EXIST::FUNCTION: EVP_RAND_up_ref 5172 3_0_0 EXIST::FUNCTION: EVP_RAND_free 5173 3_0_0 EXIST::FUNCTION: -EVP_RAND_get_number 5174 3_0_0 EXIST::FUNCTION: EVP_RAND_get0_name 5175 3_0_0 EXIST::FUNCTION: EVP_RAND_is_a 5176 3_0_0 EXIST::FUNCTION: EVP_RAND_get0_provider 5177 3_0_0 EXIST::FUNCTION: @@ -5115,7 +5105,6 @@ OSSL_DECODER_up_ref 5242 3_0_0 EXIST::FUNCTION: OSSL_DECODER_free 5243 3_0_0 EXIST::FUNCTION: OSSL_DECODER_get0_provider 5244 3_0_0 EXIST::FUNCTION: OSSL_DECODER_get0_properties 5245 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_get_number 5246 3_0_0 EXIST::FUNCTION: OSSL_DECODER_is_a 5247 3_0_0 EXIST::FUNCTION: OSSL_DECODER_do_all_provided 5248 3_0_0 EXIST::FUNCTION: OSSL_DECODER_names_do_all 5249 3_0_0 EXIST::FUNCTION: @@ -5219,7 +5208,6 @@ OSSL_STORE_LOADER_fetch 5346 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_up_ref 5347 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_get0_provider 5348 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_get0_properties 5349 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_get_number 5350 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_is_a 5351 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_do_all_provided 5352 3_0_0 EXIST::FUNCTION: OSSL_STORE_LOADER_names_do_all 5353 3_0_0 EXIST::FUNCTION: @@ -5245,7 +5233,6 @@ EVP_KEM_up_ref 5372 3_0_0 EXIST::FUNCTION: EVP_KEM_get0_provider 5373 3_0_0 EXIST::FUNCTION: EVP_KEM_fetch 5374 3_0_0 EXIST::FUNCTION: EVP_KEM_is_a 5375 3_0_0 EXIST::FUNCTION: -EVP_KEM_get_number 5376 3_0_0 EXIST::FUNCTION: EVP_KEM_do_all_provided 5377 3_0_0 EXIST::FUNCTION: EVP_KEM_names_do_all 5378 3_0_0 EXIST::FUNCTION: EVP_PKEY_encapsulate_init 5379 3_0_0 EXIST::FUNCTION: From dev at ddvo.net Wed Jun 2 12:50:34 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 02 Jun 2021 12:50:34 +0000 Subject: [openssl] master update Message-ID: <1622638234.344836.24496.nullmailer@dev.openssl.org> The branch master has been updated via 4388417157ce77974888089ec133d26d7bb0f465 (commit) via 07e84e67a6238d16f995fd1e1a3a6dba47299d00 (commit) from 5bcbdee621fbf05df7431b8fbb0ea7de7054e1f0 (commit) - Log ----------------------------------------------------------------- commit 4388417157ce77974888089ec133d26d7bb0f465 Author: Dr. David von Oheimb Date: Thu May 27 15:11:31 2021 +0200 80-test_cms.t: Replace use of ee-self-signed.pem by more suitable smrsa1.pem Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15499) commit 07e84e67a6238d16f995fd1e1a3a6dba47299d00 Author: Dr. David von Oheimb Date: Thu May 27 14:10:58 2021 +0200 ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15499) ----------------------------------------------------------------------- Summary of changes: test/certs/ee-self-signed.pem | 33 ++++---- test/recipes/25-test_verify.t | 2 +- test/recipes/80-test_cms.t | 174 ++++++++++++++++++++---------------------- 3 files changed, 99 insertions(+), 110 deletions(-) diff --git a/test/certs/ee-self-signed.pem b/test/certs/ee-self-signed.pem index e854c9ad27..ad1e37ba0e 100644 --- a/test/certs/ee-self-signed.pem +++ b/test/certs/ee-self-signed.pem @@ -1,19 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIDIjCCAgqgAwIBAgIUT99h/YrAdcDg3fdLy5UajB8e994wDQYJKoZIhvcNAQEL -BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwIBcNMjAwNzI4MTQxNjA4WhgP -MjEyMDA3MDQxNDE2MDhaMBkxFzAVBgNVBAMMDmVlLXNlbGYtc2lnbmVkMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVg -K9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7 -iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0c -QjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrS -luVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj -1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQAB -o2AwXjAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6IwHwYDVR0jBBgwFoAU -55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC -B4AwDQYJKoZIhvcNAQELBQADggEBAGDEbS5kJArjjQNK02oxhQyz1dbDy23evRxm -WW/NtlJAQAgEMXoNo9fioj0L4cvDy40r87V6/RsV2eijwZEfwGloACif7v78w8QO -h4XiW9oGxcQkdMIYZLDVW9AZPDIkK5NHNfQaeAxCprAufYnRMv035UotLzCBRrkG -G2TIs45vRp/6mYFVtm0Nf9CFvu4dXH8W+GlBONG0FAiBW+JzgTr9OmrzfqJTEDrf -vv/hOiu8XvvlF5piPBqKE76rEvkXUSjgDZ2/Ju1fjqpV2I8Hz1Mj9w9tRE8g4E9o -ZcRXX3MNPaHxnNhgYSPdpywwkyILz2AHwmAzh07cdttRFFPw+fM= +MIICzzCCAbegAwIBAgIUBP7iEKPlKuinZGQNFxSY3IBIb0swDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwHhcNMjAwNjI4MTA1MTQ1WhcN +MjAwNzI4MTA1MTQ1WjAZMRcwFQYDVQQDDA5lZS1zZWxmLXNpZ25lZDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU +fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC +76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz +BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl +V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv +0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaMP +MA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBiLmIUCGb+hmRGbmpO +lDqEwiRVdxHBs4OSb3IA9QgU1QKUDRqn7q27RRelmzTXllubZZcX3K6o+dunRW5G +d3f3FVr+3Z7wnmkQtC2y3NWtGuWNczss+6rMLzKvla5CjRiNPlSvluMNpcs7BJxI +ppk1LxlaiYlQkDW32OPyxzXWDNv1ZkphcOcoCkHAagnq9x1SszvLTjAlo5XpYrm5 +CPgBOEnVwFCgne5Ab4QPTgkxPh/Ta508I/FKaPLJqci1EfGKipZkS7mMGTUJEeVK +wZrn4z7RiTfJ4PdqO5iv8eOpt03fqdPEXQWe8DrKyfGM6/e369FaXMFhcd2ZxZy2 +WHoc -----END CERTIFICATE----- diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 03a5e1fbdd..b1f4fd6827 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -402,7 +402,7 @@ ok(verify("some-names2", "", ["many-constraints"], ["many-constraints"], ), ok(verify("root-cert-rsa2", "", ["root-cert-rsa2"], [], "-check_ss_sig"), "Public Key Algorithm rsa instead of rsaEncryption"); -ok(verify("ee-self-signed", "", ["ee-self-signed"], []), +ok(verify("ee-self-signed", "", ["ee-self-signed"], [], "-attime", "1593565200"), "accept trusted self-signed EE cert excluding key usage keyCertSign"); SKIP: { diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 1264726047..48a92f735d 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -64,22 +64,24 @@ my @prov = ("-provider-path", $provpath, @config, "-provider", $provname); +my $smrsa1 = catfile($smdir, "smrsa1.pem"); +my $smroot = catfile($smdir, "smroot.pem"); + my @smime_pkcs7_tests = ( [ "signed content DER format, RSA key", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed detached content DER format, RSA key", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + "-signer", $smrsa1, "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt", + "-CAfile", $smroot, "-out", "{output}.txt", "-content", $smcont ], \&final_compare ], @@ -87,9 +89,9 @@ my @smime_pkcs7_tests = ( [ "signed content test streaming BER format, RSA", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-stream", - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + "-signer", $smrsa1, "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], @@ -97,7 +99,7 @@ my @smime_pkcs7_tests = ( [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], @@ -105,7 +107,7 @@ my @smime_pkcs7_tests = ( [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt", + "-CAfile", $smroot, "-out", "{output}.txt", "-content", $smcont ], \&final_compare ], @@ -114,9 +116,9 @@ my @smime_pkcs7_tests = ( [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}2.cms" ], + "-signer", $smrsa1, "-out", "{output}2.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}2.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt", + "-CAfile", $smroot, "-out", "{output}.txt", "-content", $smcont ], \&final_compare ], @@ -126,85 +128,84 @@ my @smime_pkcs7_tests = ( "-nodetach", "-stream", "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-stream", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), "-signer", catfile($smdir, "smdsa1.pem"), "-signer", catfile($smdir, "smdsa2.pem"), "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach", "-stream", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), "-signer", catfile($smdir, "smdsa1.pem"), "-signer", catfile($smdir, "smdsa2.pem"), "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content S/MIME format, RSA key SHA1", [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + "-certfile", $smroot, + "-signer", $smrsa1, "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed zero-length content S/MIME format, RSA key SHA1", [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&zero_compare ], [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), "-signer", catfile($smdir, "smdsa1.pem"), "-signer", catfile($smdir, "smdsa2.pem"), "-stream", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", [ "{cmd1}", @prov, "-sign", "-in", $smcont, - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), "-signer", catfile($smdir, "smdsa1.pem"), "-signer", catfile($smdir, "smdsa2.pem"), "-stream", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", - catfile($smdir, "smrsa1.pem"), + $smrsa1, catfile($smdir, "smrsa2.pem"), catfile($smdir, "smrsa3.pem") ], - [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1, "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ], @@ -212,7 +213,7 @@ my @smime_pkcs7_tests = ( [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", - catfile($smdir, "smrsa1.pem"), + $smrsa1, catfile($smdir, "smrsa2.pem"), catfile($smdir, "smrsa3.pem") ], [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"), @@ -223,7 +224,7 @@ my @smime_pkcs7_tests = ( [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", - catfile($smdir, "smrsa1.pem"), + $smrsa1, catfile($smdir, "smrsa2.pem"), catfile($smdir, "smrsa3.pem") ], [ "{cmd2}", @defaultprov, "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), @@ -234,10 +235,10 @@ my @smime_pkcs7_tests = ( [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-aes256", "-stream", "-out", "{output}.cms", - catfile($smdir, "smrsa1.pem"), + $smrsa1, catfile($smdir, "smrsa2.pem"), catfile($smdir, "smrsa3.pem") ], - [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + [ "{cmd2}", @prov, "-decrypt", "-recip", $smrsa1, "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ], @@ -249,56 +250,56 @@ my @smime_cms_tests = ( [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), "-signer", catfile($smdir, "smdsa1.pem"), "-signer", catfile($smdir, "smdsa2.pem"), "-stream", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-signer", catfile($smdir, "smrsa2.pem"), "-signer", catfile($smdir, "smdsa1.pem"), "-signer", catfile($smdir, "smdsa2.pem"), "-stream", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content MIME format, RSA key, signed receipt request", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed receipt MIME format, RSA key", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", "-out", "{output}.cms" ], [ "{cmd1}", @prov, "-sign_receipt", "-in", "{output}.cms", "-signer", catfile($smdir, "smrsa2.pem"), "-out", "{output}2.cms" ], [ "{cmd2}", @prov, "-verify_receipt", "{output}2.cms", "-in", "{output}.cms", - "-CAfile", catfile($smdir, "smroot.pem") ] + "-CAfile", $smroot ] ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", "-keyid", - catfile($smdir, "smrsa1.pem"), + $smrsa1, catfile($smdir, "smrsa2.pem"), catfile($smdir, "smrsa3.pem") ], - [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1, "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ], @@ -397,56 +398,52 @@ my @smime_cms_cades_tests = ( [ "signed content DER format, RSA key, CAdES-BES compatible", [ "{cmd1}", @prov, "-sign", "-cades", "-in", $smcont, "-outform", "DER", "-nodetach", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible", [ "{cmd1}", @prov, "-sign", "-cades", "-md", "sha256", "-in", $smcont, "-outform", - "DER", "-nodetach", "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + "DER", "-nodetach", "-certfile", $smroot, + "-signer", $smrsa1, "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content DER format, RSA key, SHA512 md, CAdES-BES compatible", [ "{cmd1}", @prov, "-sign", "-cades", "-md", "sha512", "-in", $smcont, "-outform", - "DER", "-nodetach", "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + "DER", "-nodetach", "-certfile", $smroot, + "-signer", $smrsa1, "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible", [ "{cmd1}", @prov, "-sign", "-cades", "-binary", "-nodetach", "-nosmimecap", "-md", "sha256", "-in", $smcont, "-outform", "DER", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), + "-certfile", $smroot, "-signer", $smrsa1, "-outform", "DER", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "resigned content DER format, RSA key, SHA256 md, CAdES-BES compatible", [ "{cmd1}", @prov, "-sign", "-cades", "-binary", "-nodetach", "-nosmimecap", "-md", "sha256", "-in", $smcont, "-outform", "DER", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), + "-certfile", $smroot, "-signer", $smrsa1, "-outform", "DER", "-out", "{output}.cms" ], [ "{cmd1}", @prov, "-resign", "-cades", "-binary", "-nodetach", "-nosmimecap", "-md", "sha256", "-inform", "DER", "-in", "{output}.cms", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), + "-certfile", $smroot, "-signer", catfile($smdir, "smrsa2.pem"), "-outform", "DER", "-out", "{output}2.cms" ], [ "{cmd2}", @prov, "-verify", "-cades", "-in", "{output}2.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], ); @@ -454,11 +451,10 @@ my @smime_cms_cades_tests = ( my @smime_cms_cades_ko_tests = ( [ "sign content DER format, RSA key, not CAdES-BES compatible", [ @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ], "fail to verify token since requiring CAdES-BES compatibility", [ @prov, "-verify", "-cades", "-in", "{output}.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ] ); @@ -489,51 +485,50 @@ my @smime_cms_comp_tests = ( my @smime_cms_param_tests = ( [ "signed content test streaming PEM format, RSA keys, PSS signature", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-keyopt", "rsa_padding_mode:pss", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:max", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-noattr", - "-signer", catfile($smdir, "smrsa1.pem"), + "-noattr", "-signer", $smrsa1, "-keyopt", "rsa_padding_mode:pss", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", $smrsa1, "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_mgf1_md:sha384", "-out", "{output}.cms" ], [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", - "-recip", catfile($smdir, "smrsa1.pem"), + "-recip", $smrsa1, "-keyopt", "rsa_padding_mode:oaep" ], - [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1, "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ], @@ -541,10 +536,10 @@ my @smime_cms_param_tests = ( [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", - "-recip", catfile($smdir, "smrsa1.pem"), + "-recip", $smrsa1, "-keyopt", "rsa_padding_mode:oaep", "-keyopt", "rsa_oaep_md:sha256" ], - [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1, "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ], @@ -619,8 +614,7 @@ my @smime_cms_param_tests = ( my @contenttype_cms_test = ( [ "signed content test - check that content type is added to additional signerinfo, RSA keys", [ "{cmd1}", @prov, "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, - "-outform", "DER", - "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256", + "-outform", "DER", "-signer", $smrsa1, "-md", "SHA256", "-out", "{output}.cms" ], [ "{cmd1}", @prov, "-resign", "-binary", "-nodetach", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", @@ -628,7 +622,7 @@ my @contenttype_cms_test = ( "-out", "{output}2.cms" ], sub { my %opts = @_; contentType_matches("$opts{output}2.cms") == 2; }, [ "{cmd2}", @prov, "-verify", "-in", "{output}2.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ] + "-CAfile", $smroot, "-out", "{output}.txt" ] ], ); @@ -761,7 +755,7 @@ subtest "CMS Check that bad attributes fail when verifying signers\n" => sub { ok(!run(app(["openssl", "cms", @prov, "-verify", "-in", catfile($datadir, $name), "-inform", "DER", "-CAfile", - catfile($smdir, "smroot.pem"), "-out", $out ])), + $smroot, "-out", $out ])), $name); } }; @@ -817,42 +811,38 @@ subtest "CMS binary input tests\n" => sub { my $input = srctop_file("test", "smcont.bin"); my $signed = "smcont.signed"; my $verified = "smcont.verified"; - my $cert = srctop_file("test", "certs", "ee-self-signed.pem"); - my $key = srctop_file("test", "certs", "ee-key.pem"); plan tests => 11; - ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", - "-signer", $cert, "-inkey", $key, + ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-signer", $smrsa1, "-binary", "-in", $input, "-out", $signed])), "sign binary input with -binary"); - ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert, + ok(run(app(["openssl", "cms", "-verify", "-CAfile", $smroot, "-binary", "-in", $signed, "-out", $verified])), "verify binary input with -binary"); is(compare($input, $verified), 0, "binary input retained with -binary"); - ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", - "-signer", $cert, "-inkey", $key, + ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-signer", $smrsa1, "-in", $input, "-out", $signed.".nobin"])), "sign binary input without -binary"); - ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert, + ok(run(app(["openssl", "cms", "-verify", "-CAfile", $smroot, "-in", $signed.".nobin", "-out", $verified.".nobin"])), "verify binary input without -binary"); is(compare($input, $verified.".nobin"), 1, "binary input not retained without -binary"); - ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol", + ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $smroot, "-crlfeol", "-binary", "-in", $signed, "-out", $verified.".crlfeol"])), "verify binary input wrong crlfeol"); - ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-crlfeol", - "-signer", $cert, "-inkey", $key, + ok(run(app(["openssl", "cms", "-sign", "-md", "sha256", "-signer", $smrsa1, + "-crlfeol", "-binary", "-in", $input, "-out", $signed.".crlf"])), "sign binary input with -binary -crlfeol"); - ok(run(app(["openssl", "cms", "-verify", "-CAfile", $cert, "-crlfeol", + ok(run(app(["openssl", "cms", "-verify", "-CAfile", $smroot, "-crlfeol", "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf"])), "verify binary input with -binary -crlfeol"); is(compare($input, $verified.".crlf"), 0, "binary input retained with -binary -crlfeol"); - ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $cert, + ok(!run(app(["openssl", "cms", "-verify", "-CAfile", $smroot, "-binary", "-in", $signed.".crlf", "-out", $verified.".crlf2"])), "verify binary input with -binary missing -crlfeol"); }; From dev at ddvo.net Wed Jun 2 12:55:14 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 02 Jun 2021 12:55:14 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1622638514.825460.27018.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 869e1424438b3c117d6ef4d3fbf4545cc7dab171 (commit) from 5b74c197f315fe1e6591876aaa82e275e4f05f54 (commit) - Log ----------------------------------------------------------------- commit 869e1424438b3c117d6ef4d3fbf4545cc7dab171 Author: Dr. David von Oheimb Date: Thu May 27 19:35:53 2021 +0200 ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15505) ----------------------------------------------------------------------- Summary of changes: test/certs/ee-self-signed.pem | 33 ++++++++++++++++----------------- test/recipes/25-test_verify.t | 3 ++- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/test/certs/ee-self-signed.pem b/test/certs/ee-self-signed.pem index e854c9ad27..ad1e37ba0e 100644 --- a/test/certs/ee-self-signed.pem +++ b/test/certs/ee-self-signed.pem @@ -1,19 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIDIjCCAgqgAwIBAgIUT99h/YrAdcDg3fdLy5UajB8e994wDQYJKoZIhvcNAQEL -BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwIBcNMjAwNzI4MTQxNjA4WhgP -MjEyMDA3MDQxNDE2MDhaMBkxFzAVBgNVBAMMDmVlLXNlbGYtc2lnbmVkMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVg -K9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7 -iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0c -QjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrS -luVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj -1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQAB -o2AwXjAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6IwHwYDVR0jBBgwFoAU -55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC -B4AwDQYJKoZIhvcNAQELBQADggEBAGDEbS5kJArjjQNK02oxhQyz1dbDy23evRxm -WW/NtlJAQAgEMXoNo9fioj0L4cvDy40r87V6/RsV2eijwZEfwGloACif7v78w8QO -h4XiW9oGxcQkdMIYZLDVW9AZPDIkK5NHNfQaeAxCprAufYnRMv035UotLzCBRrkG -G2TIs45vRp/6mYFVtm0Nf9CFvu4dXH8W+GlBONG0FAiBW+JzgTr9OmrzfqJTEDrf -vv/hOiu8XvvlF5piPBqKE76rEvkXUSjgDZ2/Ju1fjqpV2I8Hz1Mj9w9tRE8g4E9o -ZcRXX3MNPaHxnNhgYSPdpywwkyILz2AHwmAzh07cdttRFFPw+fM= +MIICzzCCAbegAwIBAgIUBP7iEKPlKuinZGQNFxSY3IBIb0swDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwHhcNMjAwNjI4MTA1MTQ1WhcN +MjAwNzI4MTA1MTQ1WjAZMRcwFQYDVQQDDA5lZS1zZWxmLXNpZ25lZDCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU +fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC +76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz +BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl +V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv +0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaMP +MA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBiLmIUCGb+hmRGbmpO +lDqEwiRVdxHBs4OSb3IA9QgU1QKUDRqn7q27RRelmzTXllubZZcX3K6o+dunRW5G +d3f3FVr+3Z7wnmkQtC2y3NWtGuWNczss+6rMLzKvla5CjRiNPlSvluMNpcs7BJxI +ppk1LxlaiYlQkDW32OPyxzXWDNv1ZkphcOcoCkHAagnq9x1SszvLTjAlo5XpYrm5 +CPgBOEnVwFCgne5Ab4QPTgkxPh/Ta508I/FKaPLJqci1EfGKipZkS7mMGTUJEeVK +wZrn4z7RiTfJ4PdqO5iv8eOpt03fqdPEXQWe8DrKyfGM6/e369FaXMFhcd2ZxZy2 +WHoc -----END CERTIFICATE----- diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 96b559e5c9..ffa48ed20b 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -396,7 +396,8 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"] ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"), "Public Key Algorithm rsa instead of rsaEncryption"); - ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []), +ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], [], + "-attime", "1593565200"), "accept trusted self-signed EE cert excluding key usage keyCertSign"); SKIP: { From tomas at openssl.org Wed Jun 2 15:18:09 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Wed, 02 Jun 2021 15:18:09 +0000 Subject: [openssl] master update Message-ID: <1622647089.796396.6385.nullmailer@dev.openssl.org> The branch master has been updated via ea8215810319722cf76f777f812688eb3d632678 (commit) from 4388417157ce77974888089ec133d26d7bb0f465 (commit) - Log ----------------------------------------------------------------- commit ea8215810319722cf76f777f812688eb3d632678 Author: Tomas Mraz Date: Tue Jun 1 14:54:43 2021 +0200 ed25519 and ed448: fix incorrect OSSL_PKEY_PARAM_MAX_SIZE Fixes #15552 Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15566) ----------------------------------------------------------------------- Summary of changes: providers/implementations/keymgmt/ecx_kmgmt.c | 4 ++-- test/evp_pkey_provided_test.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index 9de954651b..b088c03b30 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -309,14 +309,14 @@ static int x448_get_params(void *key, OSSL_PARAM params[]) static int ed25519_get_params(void *key, OSSL_PARAM params[]) { return ecx_get_params(key, params, ED25519_BITS, ED25519_SECURITY_BITS, - ED25519_KEYLEN) + ED25519_SIGSIZE) && ed_get_params(key, params); } static int ed448_get_params(void *key, OSSL_PARAM params[]) { return ecx_get_params(key, params, ED448_BITS, ED448_SECURITY_BITS, - ED448_KEYLEN) + ED448_SIGSIZE) && ed_get_params(key, params); } diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 92b3614f6e..bdfa3cd754 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -979,7 +979,7 @@ static int test_fromdata_ecx(int tst) fromdata_params = ed25519_fromdata_params; bits = ED25519_BITS; security_bits = ED25519_SECURITY_BITS; - size = ED25519_KEYLEN; + size = ED25519_SIGSIZE; alg = "ED25519"; break; @@ -987,7 +987,7 @@ static int test_fromdata_ecx(int tst) fromdata_params = ed448_fromdata_params; bits = ED448_BITS; security_bits = ED448_SECURITY_BITS; - size = ED448_KEYLEN; + size = ED448_SIGSIZE; alg = "ED448"; break; default: From shane.lontis at oracle.com Wed Jun 2 21:37:25 2021 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 02 Jun 2021 21:37:25 +0000 Subject: [openssl] master update Message-ID: <1622669845.735961.23067.nullmailer@dev.openssl.org> The branch master has been updated via 8a5bd05da84ed635a8cb7a29004598e16f5dea70 (commit) via c29b71c3676fda885619750add5f44dfd66c6d78 (commit) from ea8215810319722cf76f777f812688eb3d632678 (commit) - Log ----------------------------------------------------------------- commit 8a5bd05da84ed635a8cb7a29004598e16f5dea70 Author: Jon Spillett Date: Mon May 31 13:50:02 2021 +1000 Add enable-fips to CI configuration Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15537) commit c29b71c3676fda885619750add5f44dfd66c6d78 Author: Jon Spillett Date: Mon May 31 13:14:24 2021 +1000 Disable tracing within the FIPS module Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15537) ----------------------------------------------------------------------- Summary of changes: .github/workflows/run-checker-ci.yml | 2 +- include/openssl/trace.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index 9a34e5d42e..4022778dd8 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -23,7 +23,7 @@ jobs: no-threads, no-tls, no-tls1_3, - enable-trace, + enable-trace enable-fips, no-ts, no-ui, ] diff --git a/include/openssl/trace.h b/include/openssl/trace.h index 58e5cc8f11..e88ad9d13d 100644 --- a/include/openssl/trace.h +++ b/include/openssl/trace.h @@ -198,7 +198,7 @@ void OSSL_trace_end(int category, BIO *channel); * call OSSL_TRACE_CANCEL(category). */ -# ifndef OPENSSL_NO_TRACE +# if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE # define OSSL_TRACE_BEGIN(category) \ do { \ @@ -237,7 +237,7 @@ void OSSL_trace_end(int category, BIO *channel); * ... * } */ -# ifndef OPENSSL_NO_TRACE +# if !defined OPENSSL_NO_TRACE && !defined FIPS_MODULE # define OSSL_TRACE_ENABLED(category) \ OSSL_trace_enabled(OSSL_TRACE_CATEGORY_##category) From openssl at openssl.org Wed Jun 2 22:10:13 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 02 Jun 2021 22:10:13 +0000 Subject: Still FAILED build of OpenSSL branch master with options --strict-warnings Message-ID: <1622671813.736964.3680219.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config --strict-warnings Commit log since last time: 8a5bd05da8 Add enable-fips to CI configuration c29b71c367 Disable tracing within the FIPS module ea82158103 ed25519 and ed448: fix incorrect OSSL_PKEY_PARAM_MAX_SIZE 4388417157 80-test_cms.t: Replace use of ee-self-signed.pem by more suitable smrsa1.pem 07e84e67a6 ee-self-signed.pem: Restore original version, adding -attime to 25-test_verify.t 5bcbdee621 list: update to not use XXX_get_number() calls 45e6e5073a store: include internal header d11e555082 doc: fix OSSL_(EN|DE)CODER_get0_name function names bcd5d3a22d libcrypto: make XXX_get_number() internal 6ea964cd4a doc: make XXX_get_number() internal 2e006ae77b Add internal get_number functions to internal headers f2e3584d10 add internal get_number functons to crypto/evp.h c768893e7d doc: move XXX_get_number() documentation to internal 4cedf30e99 utils: remove TODO 71653965b3 crypto: remove TODOs 60e91cc409 http: remove TODOs 4c3c2633b2 evp: remove TODOs 3b90a847ec err: remove TODOs 4656d9ecd1 ec: remove TODOs 3dc12810fa dso: remove TODOs 26b3e44a66 bn: remove TODOs 79cabd7e27 rsa: remove TODOs c6472fec64 store: remove TODOs e73a08b400 pem: remove TODOs 126e37716f ocsp: remove TODOs 29cfba8599 ct: remove TODOs e0a7ef0b51 crmf: remove TODOs 1486b1fbd3 comp: remove TODOs 6f6c8b0e3c cms: remove TODOs 75e1191f4d cmp: remove TODOs 69e21cb648 x509: remove TODOs 1c8c5d4755 bio: remove TODOs 10dbfcc91e asn.1: remove TODOs 0848b943a8 providers: remove TODOs 407820c0e3 tls: remove TODOs fd009d763a test: remove TODOs fb6ad22e36 fuzz: remove TODOs db70dc2cda apps: remove TODOs 0d7d5e2490 providers/common/der/build.info: make a variable for ../include/prov 7058b4db82 Configure: variable expand GENERATE values too 0608afe096 Fix up bad libcrypto.num b3c2ed7043 Add NCONF_get_section_names() 6b750b89ee Add NCONF_get0_libctx() ff234c6804 Make conf_method_st and conf_st deprecated Build log ended with (last 100 lines): not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8051E2CB357F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 8051E2CB357F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 8051E2CB357F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622671623 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8051E2CB357F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 8051E2CB357F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 8051E2CB357F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622671623 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8051E2CB357F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 8051E2CB357F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 8051E2CB357F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622671623 not ok 6 - iteration 6 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8051E2CB357F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 8051E2CB357F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 8051E2CB357F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622671623 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8051E2CB357F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 8051E2CB357F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 8051E2CB357F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622671623 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1622671623 not ok 1 - test_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/gosttest ../../../openssl/test/recipes/90-test_gost_data/server-cert2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-cert2012.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2012.pem => 1 not ok 1 - running gosttest # ------------------------------------------------------------------------------ # Failed test 'running gosttest' # at ../openssl/test/recipes/90-test_gost.t line 39. # Looks like you failed 1 test of 1.90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_ige.t ...................... ok 90-test_memleak.t .................. ok 90-test_includes.t ................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslbuffers.t ............... ok 80-test_ssl_old.t .................. ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok # Killing mock server with pid=367121380-test_cmp_http.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 91-test_pkey_check.t ............... ok 95-test_external_krb5.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 95-test_external_pyca.t ............ skipped: No external tests in this configuration 90-test_store.t .................... ok 90-test_sslapi.t ................... ok Test Summary Report ------------------- 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=236, Tests=3235, 145 wallclock secs (12.71 usr 1.23 sys + 424.49 cusr 56.14 csys = 494.57 CPU) Result: FAIL make[1]: *** [Makefile:3223: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' make: *** [Makefile:3219: tests] Error 2 From pauli at openssl.org Thu Jun 3 01:58:29 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 03 Jun 2021 01:58:29 +0000 Subject: [openssl] master update Message-ID: <1622685509.555746.15622.nullmailer@dev.openssl.org> The branch master has been updated via 74613e8c97be6c310152f7cc6d8162f3ccc723a4 (commit) via c912e0c61682864a05d04273b141270084aa4df4 (commit) from 8a5bd05da84ed635a8cb7a29004598e16f5dea70 (commit) - Log ----------------------------------------------------------------- commit 74613e8c97be6c310152f7cc6d8162f3ccc723a4 Author: Pauli Date: Wed Jun 2 10:54:56 2021 +1000 update checksums Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15574) commit c912e0c61682864a05d04273b141270084aa4df4 Author: Pauli Date: Wed Jun 2 10:37:10 2021 +1000 util: update FIPS checksumming script to be more aggressive with whitespace Fixes #15562 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15574) ----------------------------------------------------------------------- Summary of changes: providers/fips-sources.checksums | 415 ++++++++++++++++++++------------------- providers/fips.checksum | 2 +- providers/fips.module.sources | 13 +- util/lang-compress.pl | 14 +- 4 files changed, 221 insertions(+), 223 deletions(-) diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index ba65aa41fe..95cb84e79e 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -1,5 +1,5 @@ 0e22ea0cf34ef3871e30df0bc302dc29352d38001d1622ddb78a27a374b6aee8 crypto/aes/aes_cbc.c -6028cd3c2e466625cc0b8b9b6a12278e5935aec3bff1eab006c6f13a1e248260 crypto/aes/aes_core.c +20e527b1811204b53ced99592eb28c3da562382674791456016c0c105618f981 crypto/aes/aes_core.c 3fac41ce96acb9189eac2d5571425c3ff33a34c884ae7e275e1fd3068b5fc662 crypto/aes/aes_ecb.c d42d44734e2bf91335835f15ea3cf449a5af7395bc7af46c8484b3f3d3785a50 crypto/aes/aes_local.h a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd crypto/aes/aes_misc.c @@ -28,7 +28,7 @@ fbee40f89882019c0f03072f92fccd5cfc79bfebea2ff675909e731d0e71d622 crypto/aes/asm c3541865cd02d81101cdbab4877ed82772e6980d2c677b9008b38fa1b26d36d4 crypto/aes/asm/vpaes-ppc.pl 3ec24185750a995377516bc2fb2eae8b1c52094c6fff093bff591837fc12d6c3 crypto/aes/asm/vpaes-x86.pl 060bb6620f50af9afecdf97df051b45b9a50be9daf343dfec1cbb29693ce00a4 crypto/aes/asm/vpaes-x86_64.pl -fdabbeafcb4b351a13ec92f04a4427ff94e51909d3773e02ff526b4d77ded8dc crypto/asn1_dsa.c +16739d54200fb81ca7835b5814f965022a2ab41589c7787e2697e3ea72d4fafa crypto/asn1_dsa.c 819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a crypto/bn/asm/alpha-mont.pl 0070595128b250b9ebdebe48ce53d2d27ca16ec4f7c6c8bd169ab2e4a913b2d1 crypto/bn/asm/armv4-gf2m.pl 8c1c53a725b8a4f92b8a353bfeeb393be94198df41c912e3270f9e654417b250 crypto/bn/asm/armv4-mont.pl @@ -61,76 +61,76 @@ d404375a21d33396824a3da212d6646d4f3150dd141ee4b4a250aefae3482efb crypto/bn/asm/ da709b73914f9d43a46c699b8ec68c67c52fe853a76f531bfccb542470d97ae0 crypto/bn/asm/vis3-mont.pl 89278854f44d95be916516609ce6f79dcd346bab52574b9b6336a9952aa94bee crypto/bn/asm/x86-gf2m.pl 90d4ae234c08267adce9ed38d56e0edc223f7480cb9605f5d7399d0b3914c6be crypto/bn/asm/x86-mont.pl -66fca12f9829eac00ad86552307f084595835501a11971e68b4e319373afea3b crypto/bn/asm/x86_64-gcc.c +d444ca73875e97e0ea88b20e4c02f2fcf3850e8b9311e3b67a2d04fe2796d543 crypto/bn/asm/x86_64-gcc.c 709ddee92e9222ee0ed27bfb90db556e85e2d302e4a9131afa25fdc14c4d858f crypto/bn/asm/x86_64-gf2m.pl da7f7780d27eed164797e5334cd45b35d9c113e86afaca051463aef9a8fd787c crypto/bn/asm/x86_64-mont.pl 70efd46dc5f95312433dc6709ae33667897e6b132c57d7afff2dfd5adb836e86 crypto/bn/asm/x86_64-mont5.pl -d95277a3d7635a1f6a2613ba954606ae3c4bb260d11c85612ae83a05a726d03c crypto/bn/bn_add.c -6baa367447c968066e25934b0d00d3525b78ba00f733a5597988e810941dff88 crypto/bn/bn_asm.c -47f42000e64873ff6bb54992c21e6a8a4fbd97157240fb228114857a83677ad6 crypto/bn/bn_blind.c +0ea8185a037a2951bb3d1e590bbbdeac305176d5e618f3e43a04c09733a9de34 crypto/bn/bn_add.c +3962dfaa0142e67115ab84f7809d46d59bd122758be09a081b08b2e0d4743b2e crypto/bn/bn_asm.c +3e86e6e5777499703420afade11dd23a7c6912f8eccd08da47308c7aadd7459d crypto/bn/bn_blind.c 7b761d541e3b7f6a3f2b14a09b2b3836a079a845cf67a54db4853e3fd38277c6 crypto/bn/bn_const.c -d66453ceb0a1be02a9cd2aef0ceec5943a2b9ec42e2fe66c13d03bb669389749 crypto/bn/bn_conv.c +69b864ae1f230c6c1cbc8f512031a107fcc43651aeceafcb6647b2b222a6f7f8 crypto/bn/bn_conv.c 2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a crypto/bn/bn_ctx.c d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c -034baac767c911705235da9507e0b9d029ec3746c5469069a110ed899cf7ddff crypto/bn/bn_div.c -760f43a2ad60979c4afaf2ccba779357c99061c82b230e4a201e611998f4e201 crypto/bn/bn_exp.c -4a0295e30ac91bfbfdcd3f2d0cbd5eaf4f5a44b4bba3135b137a692394a2f897 crypto/bn/bn_exp2.c -ad162484e30b1961f8326ee1cb2c71b77ea55e8383c609d7d3ee210c01a3fbd8 crypto/bn/bn_gcd.c -d3af5ba3065d11b3d1bfe0c66295def0f3dcf3d0b3ad28f0e13537586b520f92 crypto/bn/bn_gf2m.c -a4087c6c57d38fa7db0c6f4e203a4c21af836cfb6cac10b4841ef3bbd724f67d crypto/bn/bn_intern.c -dc213ef490a96c5e199e06058c32ae599825c668fc08d815d6384f57600df21d crypto/bn/bn_kron.c -805da9886392dde1419c0a2e2cf202a10c21dcdca2d9b7a38ac3d47036dc0b36 crypto/bn/bn_lib.c -8b16cd281f44b6fb3881af17b8bc6a45aada353c8b80792f683c6f638e549600 crypto/bn/bn_local.h +d3b8496faecc56e6ea833efe0378c0e7c6d9d52cf3b038ada7436b37d26c0dee crypto/bn/bn_div.c +15ca5c67bec7744f2f8561d1948e6b384a640809adcaee89ffc84d4f21406ce1 crypto/bn/bn_exp.c +617d0fd580faf72aa144f9489d6d102e2a1c4953713ac31a2b1feea4fabb2f6c crypto/bn/bn_exp2.c +b32d83cee8c00d837a7e4fb8af3f5cf17cb8d2419302e8f5fbcf62119092e874 crypto/bn/bn_gcd.c +4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c +081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c +602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c +7e8f6e8bfc0958fc73d163f8139194a71385d98868e6ed51f4d52198b0649acf crypto/bn/bn_lib.c +64bce599181c45d999f0c5bda9ce36b2820f0e91ec6590cc8cba77e2760f8287 crypto/bn/bn_local.h 07247dc2ccc55f3be525baed92fd20031bbaa80fd0bc56155e80ee0da3fc943d crypto/bn/bn_mod.c -80fb6afcf66958883d8ea06e63645c2b3eab0b8626a39fd7ea64d1c1768867c8 crypto/bn/bn_mont.c +4f8763847752d570ef95dc0d06e51240829ab55c3529301214d3c2b613c6a18b crypto/bn/bn_mont.c 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60 crypto/bn/bn_mpi.c -02bf294bad18d12542fbe60a5ab0eea36dbc914b6d445ad8f4dd03324ee2a33e crypto/bn/bn_mul.c -0d4a2c25a3acd4adb45234837d427574bcb1e6800b69f8dfe68478d831491cf1 crypto/bn/bn_nist.c -aa0dacc06935efba30bd15929bdcde16b7e250aed790bed4d325c88989f6c1c1 crypto/bn/bn_prime.c +76982b18b0803d59b33168b260677e7412970757d3b9513de5c80025290f211d crypto/bn/bn_mul.c +40d04d1bc722bef0d6392e8a9061af8305552f955478fa782230a0b8bf2288b5 crypto/bn/bn_nist.c +0d85203a3bd9ba7ebf711885cfb621eefb27002f5cb4ef2adfe4f49c7dd7b4a6 crypto/bn/bn_prime.c c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h -2773750fccdd05a487c6251862b3a207e781657b373143b5c3d2962a2d089d4b crypto/bn/bn_rand.c -2a47b990bc53fec79013e0b2d1a9ee3512019705d6ec3a2625c43b0fb42d41aa crypto/bn/bn_recp.c -aaa59a9c0f5fb77c9ae5e3e8da9e0ea161c87aa156dc7a2e72e7f7d8d45f553b crypto/bn/bn_rsa_fips186_4.c -9bbad44e0007a2a7f6caaa1a9c6a9d4e667afdac898b32598483ae336479cb72 crypto/bn/bn_shift.c -da5479cd30898cf455f2844478f2bf3993a5bfb612937a437976d7987867ee6f crypto/bn/bn_sqr.c -12a0041ae6aaf87598eda773dc9336739f14278e5726d6fa0d73b753e0e0902c crypto/bn/bn_sqrt.c -0618c7368688ca73ffac5baecac36192c428c0fda4d1d473ef65ce64a0ffb75b crypto/bn/bn_word.c -ae840ec19a4e86f2b3a65f4d0c878c3885bac6ca6b24ab8c03b73c45c12e4d05 crypto/bn/rsaz_exp.c +3a0f76ec95802d15d0f7b299e36a3aed2c96414363c20a74a4ad2c410be600dc crypto/bn/bn_rand.c +1f6e13da1d9965b341f81bc0842a987a7db9b7de0fa7f7040d49be01b92d282b crypto/bn/bn_recp.c +8cda4746c9c80029681766b9c53b3f84a63be79e2d9e9a75bd94891e509cd1e8 crypto/bn/bn_rsa_fips186_4.c +704b0b4723e5c9e9bae5f3e35f9ae8ae8dca3383929e954de9e5169845abfdb2 crypto/bn/bn_shift.c +622e90766b29e0d25f46474429aebda8eba2246835b9e85dc26da7cdbd49334f crypto/bn/bn_sqr.c +8e397a44eefa00ecb85fafc11fe8c883b3bb1572d6ac136373946d472fbe2490 crypto/bn/bn_sqrt.c +24e62baa56e02f2db6454e10168b7c7fa7638db9221b9acda1803d43f38f36e0 crypto/bn/bn_word.c +3a85d20f80c4d96b3704e58b173fc876ec81f19eac805ae2b125c138c91c86c4 crypto/bn/rsaz_exp.c affabb87861653b216e746d6c2fce5c2ac395b0ca570d439508e9f5e102ee340 crypto/bn/rsaz_exp.h -40ee4cd52ce429cac718acc58d12434e9386c76a647ffad3bf9a1fce51cacc77 crypto/bn/rsaz_exp_x2.c +35d5b375e857743403762f759d43a48416652554636e6700d84372cd9ee1b731 crypto/bn/rsaz_exp_x2.c 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c -35e3ad090adedc8e5873e2831bf713e1f52846b4cbdd232e01692ebe35318c3c crypto/cmac/cmac.c +490681100f1cbaf629a7cc89f1785689d7ecef8791af4b8aae1e26da86de1b98 crypto/cmac/cmac.c b352903e60908dc7287051983e2068508715b4d9f3f46575540295010908bfa0 crypto/context.c -85b6c1885be1e04403aa3af1fe3bb2608a7c91f4f4fdd510750f335c850d1cd5 crypto/core_algorithm.c +018a6c130a15cbcd6ed40b4253eacfba42f02e958d06d6a3d77d3c2ee506f7d0 crypto/core_algorithm.c 2185a7d136ee77725fc1b8a6b401bebceeeddc067eea0482e0ab2916ce550e78 crypto/core_fetch.c -9e0912561955172067e70ebb1913c4d9de35de612789e91f7f61180ca03b4ad8 crypto/core_namemap.c +4982395fa843f62c83b95f81e1f5622d799a2fe17108bde44cdab935b77e8ae1 crypto/core_namemap.c 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c -7c5237bdc26eca21d4ccb25f13569e217103fe21574157b813c2aecd05983472 crypto/cryptlib.c +71f0fff881eb4c5505fb17662f0ea4bbff24c6858c045a013ad8f786b07da5c4 crypto/cryptlib.c a3d146afa1d66cc3bbfdc7c106f262b679bb5aecce54e8dee732ae9b3e3333db crypto/ctype.c 8e61d79299003917ac409d129d291f0a63e4ed417811a8b21169b2b918355335 crypto/der_writer.c -b8272245e1a3bc813aeb48a1155ac37bc979ad4a6ff55baa8c97e62115abb0d1 crypto/des/des_enc.c +fea3ba4225df97aee90690adf387625b746d8edfdc5af2357ee65151a3d236ac crypto/des/des_enc.c 4971cdc016ee262d81e31f96c1617a33a63c0d90139e440c2ff32a368ee07bbd crypto/des/des_local.h eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb3_enc.c -cb363ba00f38e84c43af4802d8477a8877db3cea2fdc75299fec16f451ef1c69 crypto/des/fcrypt_b.c +04d4cc355200b57f1e7d265a2cebdf094df1eb6e96621b533adddc3d60d31fbe crypto/des/fcrypt_b.c 499513b3ad386fe694c4e04b3c8a9fd4c4e18fc44bb6c4f94d6bf2d9362a3a5a crypto/des/ncbc_enc.c 5771c2e517df1dfa35e0cc06ce1d9808e3a5ab21110020d4bdf77284fedb41e1 crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h -25a73e1a14ffb43b39c6829aa51a22a43322fc5d9ec0fa47996ab85323fb074c crypto/dh/dh_backend.c +0209b1ff430e2c237bf96e2e283c24df4b6708014c5a7005b295c28733d2a8ce crypto/dh/dh_backend.c 62f6652a60a8e20fc10a67cdcfd0de1c18f2ba7ad7ab4b2fb1c11b059755704c crypto/dh/dh_check.c 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c -ffe31cb7c0cd887d051867dfc37cce18a406c78c446f2a186d1f20247a5c914d crypto/dh/dh_group_params.c -26890c406b38a2a57ac1c5ccb139a9e29a9dcbf04d829975b0f8498c01685b6f crypto/dh/dh_kdf.c -959aef279023358d5bd4661f132ad809c7f62e4f7bea3d1f25006ff15e75e92b crypto/dh/dh_key.c -60c95e4ee43229d900317727df644347f41a065dd95e899d52696080bd6a988f crypto/dh/dh_lib.c -5f0e7b65b3ca9e13f8b874ea74e78d285cc7382d2956e52833c20f09284eb426 crypto/dh/dh_local.h +c75d8084ca707d68635fcc9dbd55923c76bdf8bc8de3e70ab3a0b8bf2b3f6934 crypto/dh/dh_group_params.c +7809cbfd5570db17dcb4bd8f0cf9c5f94337096d39da453d0624c08f071e809f crypto/dh/dh_kdf.c +c71b8691416a61c306ea0973ca22570a56d3e9e93618a3eb2fd7b9d9a789ca44 crypto/dh/dh_key.c +100aec90d54161ea0f03c6e62b889283e80ef0f73c88d8ae5bc8ad6c17365da3 crypto/dh/dh_lib.c +8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h 27d0ea795bb7f571ba37b7460eee63608b9089a95337491c0980b91135563e15 crypto/dsa/dsa_backend.c b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7 crypto/dsa/dsa_check.c ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c -48e489ffbd49633a879554c895f57083b48cd8704b21cd6af8ed1e2417ba57ca crypto/dsa/dsa_key.c +b1de1624e590dbf76f76953802ff162cc8de7c5e2eaba897313c866424d6902b crypto/dsa/dsa_key.c c6b05c784a18e7b9f2d8dfcca8e93eb445b02c9e9eaa64087e00fb44f233962e crypto/dsa/dsa_lib.c -57de14ab077f573f9f1a44bd1aac25bdf06f8da802b3c1e8040e3256ecbec58c crypto/dsa/dsa_local.h -e2ec84d1e1be2a063232c5b20c844d327e3325914bf9bf992cb13945d7ebd155 crypto/dsa/dsa_ossl.c +f4d52d3897219786c6046bf76abb2f174655c584caa50272bf5d281720df5022 crypto/dsa/dsa_local.h +f88db9fd73a78e66967e56df442b55230f405b4cd804f31f8696324f0b702f15 crypto/dsa/dsa_ossl.c b57b648524bc7dd98f8e2737f4e87b5578c7921df59b1df4a03a34e23e977e8a crypto/dsa/dsa_sign.c 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c e9cd4e14e8952e66919ea41e727713db80f3f58b4812328cd8b688dff5c9d905 crypto/ec/asm/ecp_nistp521-ppc64.pl @@ -142,85 +142,85 @@ e9cd4e14e8952e66919ea41e727713db80f3f58b4812328cd8b688dff5c9d905 crypto/ec/asm/ ac327475c7ec828d11aa05628b4e3b81ec3b1400f30fe7bec01daf3cf71f2dc9 crypto/ec/asm/ecp_nistz256-x86_64.pl cc727533130f5f1a29229929b3d4e8454585d647be25d6344f3c6a0240998368 crypto/ec/asm/x25519-ppc64.pl ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732 crypto/ec/asm/x25519-x86_64.pl -a33b6a29af8d9fcde009c17d0c2172a1212b111d7ad57def9ef23ab9c462072d crypto/ec/curve25519.c +340336e01aa04fcde9bfd56536f90c9bc0ad56a002b6cfa321a1e421f1e93ceb crypto/ec/curve25519.c 9a95ec8366154bb20aeb24f4767a8cbb9953ca0380708eb2f39caca6078cd59e crypto/ec/curve448/arch_32/f_impl32.c 063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1 crypto/ec/curve448/arch_64/arch_intrinsics.h 43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4 crypto/ec/curve448/arch_64/f_impl.h 1689097ae10e4982a8cbe50c2f6eddb03c83436f331f0b67edb98d6b58adc962 crypto/ec/curve448/arch_64/f_impl64.c -eaa940893610f5ec1cc04f5b1842bfa0ba65bf048039e6cc2d2b83bbb575bb51 crypto/ec/curve448/curve448.c +b35976955a49414313e3823144a898bc58873b755f4e3a772d520cdd63099581 crypto/ec/curve448/curve448.c 3c12d90e3fdd59b5d32d63186f1a6f15c75eb73f5035b844a2054356a9459780 crypto/ec/curve448/curve448_local.h 178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306 crypto/ec/curve448/curve448_tables.c -c21cda9f8a98cc70cab9031073e76baee9b2c1ec736c45d7e36ef3a7d6c15ab9 crypto/ec/curve448/curve448utils.h +f30e13bba5a136ab9ba5225c98b9b94c2cd73fb3aef60f9dcde3cd471cfa1ca4 crypto/ec/curve448/curve448utils.h 4a45e7828831fbe9f282f933cda54b12cd393ec9bffe5c0ace8e4d1c4d5d6358 crypto/ec/curve448/ed448.h a1211ed3991af967c728b9f6d0774b9ea098d43cef0631ff88984a2580d2ac4f crypto/ec/curve448/eddsa.c -b20892e0c2d947cc7541fb7e5d082acbbaca8d6d36b1e11e73816268a62366d1 crypto/ec/curve448/f_generic.c +450946e1cccb81e45e5601b6154e2311666b06e294aab926369995af06d1a328 crypto/ec/curve448/f_generic.c f6447921a0031fa5beddedd298e82096fb3fdb189b712fab328b61f6beae0c23 crypto/ec/curve448/field.h 2ad8331e893b5db33198e27603891587686c0dfdab29706dc52a7097c5d6f219 crypto/ec/curve448/point_448.h -7aeddfe47959556f50856cb387d74b51d222c65f891acb83742313ddc49c0e93 crypto/ec/curve448/scalar.c +1ff6e467d72530c71d21c310180d04a24f0a9cb41168fba94b43309ecdda3888 crypto/ec/curve448/scalar.c 3052a044afae2e91b677542fc8b34b3ec9d033e0c6562b0d43098cfb34ab3c9d crypto/ec/curve448/word.h ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d crypto/ec/ec2_oct.c -9cd90a1795e13fc3f20ec73960bb56d6a1ed2681ae1c6a61db8275a7d8224c0b crypto/ec/ec2_smpl.c +6bbbf570ce31f5b579f7e03ec9f8a774663c7c1eb5e475bd31f8fee94a021ffc crypto/ec/ec2_smpl.c 69d64accd498583e65df2dc43730eee2922217a7bfefda2cd1a9da176e3d1dcd crypto/ec/ec_asn1.c 4ec7fe2efa0e55316ac4bb8507c7a37360339070c406c2623c38c5a541ac65d6 crypto/ec/ec_backend.c 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a crypto/ec/ec_check.c -845a5e6ad6921aed63a18084d6b64a1907e4cb093639153ba32138e0b29ff0e5 crypto/ec/ec_curve.c +265f911b9d4aada326a2d52cd8a589b556935c8b641598dcd36c6f85d29ce655 crypto/ec/ec_curve.c 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c -5467943f0075c0cb5c27030e83f49e4dad1ec7fbf7d620baf684bcee466c2cf8 crypto/ec/ec_key.c +d0166f55170de91e37fd2848ff617b43fb429fc87c28c7879a2bc7c784ce921f crypto/ec/ec_key.c 7b34605e017eb81037344538f917c32d3ab85c744a819617e012bab73c27dd68 crypto/ec/ec_kmeth.c -90f070e5a7ea950e6fe88ed81c72161c58a4896efb4608076061e1fe12908908 crypto/ec/ec_lib.c -2d7af485efcfd7b40abb56ab2ff34289504e28d9673655b8b8745bff19426bca crypto/ec/ec_local.h -58aa89c186c9bb6a5075a1d961723fe1fc97c6e290756ae682fe494c4f2435a0 crypto/ec/ec_mult.c +2db28a620fa62889c816dca25bb1153c99af2e8604beb3b1655495da96f2c965 crypto/ec/ec_lib.c +357976ddc851e5dc5a9ba274c274b803e71648aba59f0c36a33f1d587a0e137c crypto/ec/ec_local.h +fa901b996eb0e460359cd470843bdb03af7a77a2f1136c5e1d30daef70f3e4d2 crypto/ec/ec_mult.c 129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166 crypto/ec/ec_oct.c -4341615ac00e3e42c41acd3b36af10250995fb919febc5289122b785c5eccf73 crypto/ec/ecdh_kdf.c +c7fba2f2c33f67dafa23caef8c3abd12f5336274a9a07d412b83be0366969ee6 crypto/ec/ecdh_kdf.c b2cf8f052a5716137da7b0e857ed7a5df5fb513b6d14534199a05e32f2b5a866 crypto/ec/ecdh_ossl.c -dde9ad10e36a587da7e66ae11a943a3d7e10daa67902d630ac02b8d28e58c7b6 crypto/ec/ecdsa_ossl.c +c3750d77c287500884a1ab01def8a6a8500c345d5de1c0f6a70e614fff1b9755 crypto/ec/ecdsa_ossl.c b6baa42b16e8df69a12e0ab101033100cddc808ec2682ba1574373e6ec86ae93 crypto/ec/ecdsa_sign.c f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35 crypto/ec/ecdsa_vrf.c -c07f9f7cfb27ce2735cad06f16d3e5f270b79ac31a0f9b6e44945f2c040f6258 crypto/ec/ecp_mont.c -f679269eec6f67ab7f859eca39cad7cc5ff2ba70e2f884eed9eadc9057c01272 crypto/ec/ecp_nist.c -03f7a0e38ce53a90b388b5c3e6d33629ed650b9ad6f5f722e8993e045ef31e27 crypto/ec/ecp_nistz256.c +141cfc1459214555b623517a054a9e8d5e4065a11301237b7247be2c6f397a0a crypto/ec/ecp_mont.c +13b30f34aeeb0c98747239bfe91b5f0f14e91b2c1f11db62ebb5950c7219daa0 crypto/ec/ecp_nist.c +c016eb9412aad8cd1213a2f5b1083df1a1a9cb734dc6cc19d99e706935c81ef2 crypto/ec/ecp_nistz256.c 51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a crypto/ec/ecp_oct.c -a11ca7f7ebc6f400b7e5463086ef57cdb63df311830e7ff87049aaa97f4afd72 crypto/ec/ecp_smpl.c +b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_smpl.c 4d9e693c64709a9359ac724a767a85566849373231e314b8d8127b707dd5e83d crypto/ec/ecx_backend.c 5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3 crypto/ec/ecx_backend.h 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c -41014dc59651443d3b6f739573b478a9a613b2d6269b81ef5cfc338e9fee94af crypto/evp/asymcipher.c +a28d0919ae84375af638c37a4c2c6ee4b941cc599a3d5c54befa4d09c4efca92 crypto/evp/asymcipher.c 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c -768924252efe3b19a1f1bd56261ac49fce08b30ba9f6b1710e97a37cdaa67742 crypto/evp/digest.c +6e213c2a057b46abd504cc290bf552de5b179bb16ce1d1a509a6573bd18de2ea crypto/evp/digest.c 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b crypto/evp/ec_support.c -fb46a1fbe84b4e93da161a2b2f2b44190900e764b0cd06dc540aef3f9452f0ef crypto/evp/evp_enc.c -1c6a5add46f82e4b2a0cce63c4abe7e82aedfdd9873214a3b6a71ca0d4cc8010 crypto/evp/evp_fetch.c -61b1c3cfec1cf80a610fa6e6e2a075940826f05c3705dd3dd2c0320f8f635a64 crypto/evp/evp_lib.c -573e06510878da6bc015ab22fb6dc3e7598419b2a497ed8ba82df4a816c53564 crypto/evp/evp_local.h -23199e292db90651d676fb1864fe1158f48837375740731317e63ea86a1805ce crypto/evp/evp_rand.c +8ea593c3c58193b8cc8e98108e6a6378f0c84ab5fe480d5ccc76f4968d9d397b crypto/evp/evp_enc.c +1149b67365f5246918707c980a52f0e3aab079168d2bf88ec5ef709f4f2ec267 crypto/evp/evp_fetch.c +a7f3d371a6a1491a52282ed59a81e4d2f8d9b8d064900ddd8b2f667692241092 crypto/evp/evp_lib.c +9c7e46387516eff20b7e8a55f362a184fcdb1dbd3f3a3909ca5eb651f22dd6cd crypto/evp/evp_local.h +abaf593aa548176d763ed54ba6a9a7b02e08868f801af0de17f8c1721c20fe5a crypto/evp/evp_rand.c 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c -e07aca9748ad7d2672e910a09dba4d4c075a3afc96f5237574cca2c928b94344 crypto/evp/exchange.c -bb4035836aa754b33ac44bc76aced8b2a1538589347bcda68b878c33d83cac44 crypto/evp/kdf_lib.c -9c414ac10c663ad87d3f1cc3c8fa05bb4d2e83bc2214ffebc1076a19e01cdaf5 crypto/evp/kdf_meth.c -cecde87d723eb861e1860ed8d15fe4ef4e472066bd5277bf86baf8c14a8c4712 crypto/evp/kem.c -2d657d8de8c2441693d54ef3730d83ca4b5d76c3b3405ece89bff9e46149d670 crypto/evp/keymgmt_lib.c -56d3ed4313cb811a3c2d062ff8b2a0fd67c4b0d28fe0562a57555b3a95907535 crypto/evp/keymgmt_meth.c +17389c71b88ac74928e538fc155badf5c4555dd181191d7a054b60b7fad7a755 crypto/evp/exchange.c +b1f2104d2ad424fc5db6e547e2980a698bf7d62a2b249f66e4f2f7612e12dfab crypto/evp/kdf_lib.c +67ee456b5aa1e6691dfe03af24ce27d43d8e1f59c9dc52a71f777e833a01817d crypto/evp/kdf_meth.c +0f4468e16e1f0b04a28b350688f20234a94eac355fd644be688a1576cd7d99fe crypto/evp/kem.c +b011ded0b5ee21c6d417df81e35ac70ddb8df0c65ba48990f303f09d7695554e crypto/evp/keymgmt_lib.c +4741e5bf798ae6067543b0140a1eb3cf4ef1327febe456716d2626fd49f0e0fc crypto/evp/keymgmt_meth.c 39bce1fb6dab7892da1665276ce45645ded5f0206e29c2ce209d51a2b9f4a54d crypto/evp/m_sigver.c -53fe7938db485d2ab4b9ded0c72fa9a0a61d8a4492b12f1485ca6fe7f02e71c9 crypto/evp/mac_lib.c -8236b55dca4a5f9bc1a6874acb9a35bdec3ab17dced03240d9bd47e0328cd2dc crypto/evp/mac_meth.c -abfcd63f0e715519ac9aa40407c391cecdb68ea4c72d44e8dc042249752336f7 crypto/evp/p_lib.c +d6df4ff9f551389c33abd49b47a049070b9aaabc87aec2082f2477cd81a873ea crypto/evp/mac_lib.c +3a7bbb942b28c2866c3b2ee3811c0b999ed71aba338a446b2dca2a42f24792a4 crypto/evp/mac_meth.c +5baffd0e611a0cc84a39dacc2c12d72ce6d8b4c889e7c7d0c5564c7789c08a5f crypto/evp/p_lib.c b7e9ce6e8a35e0fc5b4eb4c047cda1e811b757669dbfafa71e743d85e07817a4 crypto/evp/pmeth_check.c -3c2ef0c56a0eefacc28aa7014cafcdf4a7f62704455fcda96d64b24f8c75057b crypto/evp/pmeth_gn.c -6912c7212ccadb3fa2f8f6bb244feecd336b4ce3a0f5c7e8a76e5b0e8e7361ae crypto/evp/pmeth_lib.c -50f2250160aecff67bad16dec0fca507c385874a8afd5c483833e195b7386a4c crypto/evp/signature.c +9d68dcfd474720779a236d760cb070fc56422b502e0bbdabe8721139cbd70cc6 crypto/evp/pmeth_gn.c +00367193c23aeadb3a7f250f5cef17dcdc1413510be67e80eeea54020d803406 crypto/evp/pmeth_lib.c +79743ad794d5c4f78ed0cb023bcc53a14726e1d208d9f3e79d9ef3337ff23e47 crypto/evp/signature.c b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c 00ca3b72cd56308aabb2826b6a400c675526afa7efca052d39c74b2ac6d137d8 crypto/ffc/ffc_backend.c ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d crypto/ffc/ffc_dh.c 82abf1f9645336b7dff5e3fa153899280ecaa27b3dad50e6a9ba94d871961888 crypto/ffc/ffc_key_generate.c 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b crypto/ffc/ffc_key_validate.c 67fdf1a07ea118963a55540be2ee21c98b7a5eb8149c8caa26e19d922bf60346 crypto/ffc/ffc_params.c -4621c46e373f293ce681f20bde5ec075f0f43fa6e17214e2a92b5821f20f8964 crypto/ffc/ffc_params_generate.c +916d93b50c8a1e69b94ac5d0949a762f3b1580a40b72eb269a764b9905450204 crypto/ffc/ffc_params_generate.c 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c -31b822540566ab2a51b50dae884f4b3d5ef1403c7c50fce4e1cc76b2885726a5 crypto/hmac/hmac.c +35b425127dfb9633947c013a6d0f86d9247f098225faa141bb0582add19bf3a3 crypto/hmac/hmac.c 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c -c6c83f826eb6465f2a1b186ea692ff6fe32dbfb821d18d254625b69083d68fb0 crypto/lhash/lhash.c -2a3ab2dd023df8bcd507e3ebfa5495e9ab51a109f6f568aff813011a0feab5f2 crypto/lhash/lhash_local.h +e82f2213ac9438af20a2b19743c6c790d841acf89429868c9d1770f3f06a597a crypto/lhash/lhash.c +95ceca6a32b1d8a2e3a172121e7b3379267867a8c1d2b5cf2c1fbb16d1f8424c crypto/lhash/lhash_local.h f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c 183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d crypto/modes/asm/aes-gcm-armv8_64.pl 1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0 crypto/modes/asm/aesni-gcm-x86_64.pl @@ -235,49 +235,49 @@ fcab204033126699be826a850d098c6d84f44b377de66f15d303ebd31ee77397 crypto/modes/a 72744131007d2389c09665a59a862f5f6bb61b64bd3456e9b400985cb56586b8 crypto/modes/asm/ghash-x86_64.pl a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/asm/ghashp8-ppc.pl 0029b5beb1d4cd4c5ad47164c23f3e7c9d1eaff66ef54af025ee26795b11a1c7 crypto/modes/asm/ghashv8-armx.pl -42f1e3c05b6407e127ec03c4855b53cc2a1964eeeeebb86c000e2ac6effa4d61 crypto/modes/cbc128.c -ca33ab64e99814049ae47ccfe530c33db3d19d081eb4812354518366af923396 crypto/modes/ccm128.c -a20ed2feea4ecfbb2d3dba9618ed39b2da296e521e49fd3cfb17b74be51bf916 crypto/modes/cfb128.c -819a468b2caec10c0c82bcf25377c4ff45742e8c4f0328350a26af9b146eb8ac crypto/modes/ctr128.c -05ffb22b983de282dd924357a77f4e7156ada1936fbb77bc40694ca66317721c crypto/modes/gcm128.c -171218d5159e898c8f20e58e55d2c02bb04a9a9148d399c2670cf4181ed83c15 crypto/modes/ofb128.c -d4c25a330c8865672cda59fcc3d537222439daeb2298515bdae71bb44cf8fb61 crypto/modes/wrap128.c +65112dfe63cd59487e7bdb1706b44acfcf48ecede12cc3ae51daa5b661f41f06 crypto/modes/cbc128.c +1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c +d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c +af1c034152d82b29cb7c938c8516cfd136b62bac0908c1d40eb50790d23b288c crypto/modes/ctr128.c +9168100d4a8ce4aecc757efefea4e68e1fe8d3469a1238681884f7eb9cc59b89 crypto/modes/gcm128.c +bdf25257b15eca206be4d950d2dd807ca5f058f91f54edbd7a0d312ed83eef8e crypto/modes/ofb128.c +e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/wrap128.c 608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c ca8f63ee71797f51c2bf5629190897306b3308882feb3d64c982239f18e8b738 crypto/o_str.c 5e3b9e03839582d4cf1e3f7f6fc661f2531bf99b189bdcf4654c56fee1d7ecf9 crypto/packet.c e30c9e30e4356621236136caf001ee60d51aac492a5bf0fb7f1022b973aec425 crypto/param_build.c c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c -2be41081c49661d54fb294f8adcb3174403ff0fca599304dd604811642f66828 crypto/params.c -1164175c2259bc104ec315d39a4f80fa67604f40e55036044d18ccf94da71a76 crypto/params_dup.c +07299afb0e8a7f5a7b43fef290c1fc1e280e4ca18472e7bb44e6a7e1c7efc027 crypto/params.c +4f2a8c9acf5898fdc1e4bf98813049947221cd9a1db04faaa490250591f54cb4 crypto/params_dup.c d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf crypto/params_from_text.c 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f crypto/passphrase.c 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3 crypto/property/defn_cache.c e7ee9ae467238875a413c44552af3937942b4e61a8aa3af6bee81a456d9daad1 crypto/property/property.c d2ea0144cf661fe3369b2f1cae22409e2155313eaeed8eb8497aa2ab7a88e1ac crypto/property/property_local.h -6e7f3a8d15edb506dead2bba7c1ec6d1dbbe0c28846cce799c9273996b6cbfd5 crypto/property/property_parse.c +10b5f607d7d56dad6468975adb1223b4edc58a91b46af71f61957ede9d38db2b crypto/property/property_parse.c 9d5fad386cfb0b6ace3005c7def05edff3017436a4e7dc367a16c53acbbf0ff6 crypto/property/property_string.c -751716fab7b474789b1cd3b99c7ac0b8fd4d9c80545f2213a34951ee00535160 crypto/provider_core.c +348710efd6697ae2a1b708dceaf86635166744c1dc80d334ea10cf755a609b0c crypto/provider_core.c 77068908daa856823e606702f938e033fb9d8941ee960fa47fba8985af18a514 crypto/provider_local.h 3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231 crypto/provider_predefined.c -b1042c400e6ade54cf539a055d01fdfa92a8bfb58e5ecc5a6cbcd26ad6fa2f27 crypto/rand/rand_lib.c +c33f72d17cd24c7f5022240aa0ee7c240229bf8984be3bf7f50438a46f87f2c3 crypto/rand/rand_lib.c d86ad8b6885b557f60d7c1710b2d13ecc987fae26c38d487fd3cdd3a5a59c293 crypto/rand/rand_local.h -f19876a1ff4ab97f22a926cc59c9ced0cdde69ad2c45ecf546d91104ec5b0dde crypto/rand/rand_meth.c +c7381c2033f0ffe98369638af4b7139536e4ae85a9fd26ae423f496c8bcb54aa crypto/rand/rand_meth.c a6841319cb6e9970a3c3f8adb619086310e4b56d1f52448ef2e2caaeface4146 crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c -5be5237213217d4a6bbd33b02abfbab4879bc7aa0a02a10dd1a3fbf7605915e9 crypto/rsa/rsa_gen.c -ad396e62d26b756bc75b0b641b5ed9be7c66f1f3ead824848f840aa0ae30046d crypto/rsa/rsa_lib.c +21794dcb6bfebcf9a14d4f8aa7fab8f745b595433b388b55f46ba6e615d90f98 crypto/rsa/rsa_gen.c +20d8e6f066c1c3de599e4e1f3295418e28dde05fe7e664d1cb20f88e204eed06 crypto/rsa/rsa_lib.c a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b crypto/rsa/rsa_local.h cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c -c128bbcc9428b78eb3915f667b2663b767df9ca0b9d155ec55cc9d7e3acea984 crypto/rsa/rsa_oaep.c -2ddaefe005e83081c5f7f1bdd4eb060d89e00bcb192be97e0d8bbd2806313c6e crypto/rsa/rsa_ossl.c -8fd62fe16ebbacd00e36774e7e14dded5c7ec2bffe10be9d0e41b13c5ccaf390 crypto/rsa/rsa_pk1.c -f0263344f68de7a50d9f249c11bacee58746b7b49b6b8be0e390d891f74520d4 crypto/rsa/rsa_pss.c +33de2accc3af530fd0a4758eb83d5e1d994bf49bac4512b01387dbae656e1a7d crypto/rsa/rsa_oaep.c +a2fd2e4e31ec53d01a575ccaf03bad5a270412ff66804cf0b5fa40492b89181d crypto/rsa/rsa_ossl.c +981df3d52719b65fd0f208e62116a0e90f6f7faa35fde90077bd5ddd0ede1859 crypto/rsa/rsa_pk1.c +174a42e156be48927fe6d6bf0d95575619b8e643a99761275bff933bc3449722 crypto/rsa/rsa_pss.c bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170 crypto/rsa/rsa_schemes.c -de9161eecc7e99baa834d6f6e2baf96e291dd3da3586ddda396da77fcc3a94de crypto/rsa/rsa_sign.c -e8eb16af2cbfaf23731b96073750562938f168989d1460b7f522628d87e8e8a0 crypto/rsa/rsa_sp800_56b_check.c -6b40bc75e86ceb91a0dec23479b5ea00e8dfddcab74a1c824020b8b5479a08aa crypto/rsa/rsa_sp800_56b_gen.c +3f269305314a812a343d74c182bff0a747e465c686af31ccc82f9adfa8616836 crypto/rsa/rsa_sign.c +740c022caff3b2487c5838b581cdddcc7de2ceabb504aad72dc0dd70a67bf7cf crypto/rsa/rsa_sp800_56b_check.c +20e54cf2a8fd23ced0962c5f358cedd8ec0c398a87d33b34f1a4326d11e4892e crypto/rsa/rsa_sp800_56b_gen.c 1c1c2aeeb18bf1d69e8f134315b7e50d8f43d30eb1aa5bf42983eec9136a2fdc crypto/rsa/rsa_x931.c 5fa59240ca885cbc0c1cd026934b226d44fc9c3fdf0c2e7e3a7bd7f4963ca2e5 crypto/self_test_core.c 05c533fde7fdba0c76103e97d881b7224c8427451b453e2f6413552996063e31 crypto/sha/asm/keccak1600-armv4.pl @@ -322,22 +322,22 @@ fb06844e7c3b014a58dccc8ec6020c71843cfdc5be08288bc7d204f0a840c474 crypto/sha/asm 94fc64338a8b1642782f68c9e3f45813617daa42a7dcc9917fe4053b2d0a5c5c crypto/sha/asm/sha512-sparcv9.pl f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699 crypto/sha/asm/sha512-x86_64.pl 8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907 crypto/sha/asm/sha512p8-ppc.pl -4d13c5020a92190d43721018c50776fd4df858fe92f3cce1d465ed98dfb142d1 crypto/sha/keccak1600.c +57f6cf54b1b5d2cac7a8f622b7b6bd1878f360fff3fa0f02352061c24162ebbb crypto/sha/keccak1600.c 306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb crypto/sha/sha1dgst.c 4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b crypto/sha/sha256.c -01aff75580e47ee880f411a319ed5d86198df464e3b8056b8734698e3c8d4d07 crypto/sha/sha3.c -65ef028da082f1a9b6ce2c45ae5644895b7fca356a798fca65428852ccf24b96 crypto/sha/sha512.c +3d972a11be18bfbfcd45790028635d63548bfe0a2e45d2fc56b6051b759d22f0 crypto/sha/sha3.c +8038a5a97f826f519424db634be5b082b3f7eca3ccb89875ca40fa6bd7dfdcfd crypto/sha/sha512.c 6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea crypto/sha/sha_local.h 86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7 crypto/sparse_array.c -32b48ac523d69b65d46b5588cd75697c473eec0b97bdefc820f436f25403a1df crypto/stack/stack.c +b39e5ba863af36e455cc5864fe8c5d0fc05a6aaef0d528a115951d1248e8fa8b crypto/stack/stack.c 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c 5f5737f17902bf5b2ad0ebe22fec2831e4dbb61df1632d27c6360dccf330335b crypto/threads_pthread.c 60bdd9213c67c4d9a287cb57517eca63913c134ef57fcb102b641eb56ddce19a crypto/threads_win.c fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl 26aaa5cc181b4cfb9d1930b8a2def0aa5f772fc49b5890b747df9dbbf7a7b958 e_os.h -3290f3899383a80a0a9e9358cdd551d22229454ec8902e4a3a353b69497a6ef4 include/crypto/aes_platform.h -0282be3a62884ecb54c3beba9b9c47a2d5689a34ace50dbd4a2ecf7755b93d06 include/crypto/asn1.h +811d6a848c55328dfa97761aba74c785f971a874e14bf5efda5431893fde3bf0 include/crypto/aes_platform.h +044690ab8e2990797dfce83b97dac38da1fd06ad90d0099d26460fb944161aa2 include/crypto/asn1.h 8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h 8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d include/crypto/bn.h 1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in @@ -349,66 +349,67 @@ c7bef6ee3e29950650275470be540d182e1c6b9ccb30b45d97b3ad2911d14fca include/crypto c6d99cc3f9ce38c44220576835e18fbce854769c06bb4a8eaa47167e67e7b244 include/crypto/dsa.h 103c6aa07939d6d62a878d074d5593b0268ece7bb5ff9236d0df455f9abec3a4 include/crypto/ec.h 33a436599b6ac6b30fce96f312054a2453b582c5a897b6d66cfcf0d83955c3fd include/crypto/ecx.h -536a257b11ba71814675f71cfa955a562c66fe8fe3368c0318c644b182e029f9 include/crypto/evp.h +1c44d15f1331be058b35dab92380f3f74c4f399eba7af3ed5402abba406acaf5 include/crypto/evp.h bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto/lhash.h -41b5fe04624e4b6ba2b12caddbf2d1ff1728b0826073eda68e709e8a90189ced include/crypto/md32_common.h -d680560931ced45a5d215b3fc43d1cbaf2f3316f51bc24800182962ca34ca61f include/crypto/modes.h +162812058c69f65a824906193057cd3edeabc22f51a4220aea7cb9064379a9b6 include/crypto/md32_common.h +f12bfc145290444bcc7bf408874bded348e742443c145b8b5bc70ae558d96c31 include/crypto/modes.h 763ec96091c828c16278873eb32665bfc70624dbd3809cb8043d19dc16e84d22 include/crypto/rand.h -a79916de6fe7e06d15be4e10e9f3b2cce33236d3c99ee88dff74d47119dba8ba include/crypto/rand_pool.h -ff3313bfb4c6d5a41c2d229ca3f3b096c28cde9863904e6cf69468ce83d18807 include/crypto/rsa.h +90930fc8788d6e04e57829346e0405293ac7a678c3cef23d0692c742e9586d09 include/crypto/rand_pool.h +bb6676c9975fff5c4e8f7c2ff9fd5a1a9c784a0f3c1d1bf1d711c23d55e1da70 include/crypto/rsa.h 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h 0f743762f646656b5480648c05632575fe8acc7506460c63e0fcdf42cf20c08a include/crypto/sha.h af37cd4120756cbe24a206a3fa98de11c4da8464aae541ecd2b6de2f402a0094 include/crypto/sm2.h 7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h 5bfeea62d21b7cb43d9a819c5cd2800f02ea019687a8331abf313d615889ad37 include/crypto/types.h -fc41057613482f5698e5fedca482512999e1e8d7b20d35e285e5ad14d72c8ace include/crypto/x509.h +c42be3c5371f31537dc7e37f1b4228da986a835236690d46ad0de1a2fa0fbf24 include/crypto/x509.h a1778b610a244f49317a09e1e6c78b5fb68bc6d003ffdea0f6eefe5733ee5b5f include/internal/bio.h 92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131 include/internal/constant_time.h 1a8e8ab7245d82fdb14c5f4a654634616e0b07b4137f60a7e3e3aef15a6247f7 include/internal/core.h -f6ad40990f40445f5e098956ee42141eb098649aaf99b54922990f8bb747054e include/internal/cryptlib.h +d7ddeab97434a21cb2cad1935a3cb130f6cd0b3c75322463d431c5eab3ab1ae1 include/internal/cryptlib.h 9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h 8a2371f964cbb7fc3916583d2a4cee5c56f98595dfa30bd60c71637811a6d9da include/internal/der.h fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b include/internal/dso.h f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7 include/internal/dsoerr.h 70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef include/internal/endian.h -4a012af32c3cb5e2163d706ce9cc37b09d854cb96dbf90cf9cd4de085fb5912f include/internal/ffc.h +f3ff7911d2ca3c229ff39aecd21c98c92cd4b7eae2e853175b3abb5b97d24a2e include/internal/ffc.h 100053a1bad1a85a98c5b919cf81ace0ee147b2164732963e40474d7b5fbbb99 include/internal/namemap.h b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d include/internal/nelem.h 5df7377027b7c0640417441dea147eb0d95a0bd6b7a1a7e7f2a49cf4107faf87 include/internal/numbers.h ea1bec4f1fff37aef8d4a62745bb451baa3e3ad20ba1bc68920a24f5cbb2f0a7 include/internal/packet.h dd7ddecf30bef3002313e6b776ce34d660931e783b2f6edacf64c7c6e729e688 include/internal/param_build_set.h -794504486afe80618bab452c5caa3837ccc4dc771c4934837f1a420d81d87547 include/internal/passphrase.h +54ec20cba51d1284f5da9b605823c344a68adb5f19c2c5e6f569aeb19cc70a7e include/internal/passphrase.h 6d08ed9c307c5d85dce8baf7ee3fc358bfc53b9026760884b2d7e4a051c5a2bd include/internal/property.h 727326afb3d33fdffdf26471e313f27892708318c0934089369e4b28267e2635 include/internal/propertyerr.h f214a3d1ebe1109b739f0846e26ba2cd644759e8546a218b202886450018d34e include/internal/provider.h 5af9a40c44def13576fe2c0eb082fb73c3565c5e00f902d51b1ed1593d481ccb include/internal/refcount.h -47e315163f1d2fb0ddc4e6c450deafd338bcbee66753a715c54ff2dd0cfacb11 include/internal/sha3.h +11ee9893f7774c83fcfdee6e0ca593af3d28b779107883553facdbfdae3a68f5 include/internal/sha3.h 494ab5c802716bf38032986674fb094dde927a21752fe395d82e6044d81801d1 include/internal/sizes.h 79cd03ebe2ba199178350ceed0aed54b6714d68a16c381631fec819ef25079fa include/internal/symhacks.h 640cc6a2aae208073a7f495c08b4c5006a69e8ac1c2d9aaaafd56b0e74d5f859 include/internal/thread_once.h 415b725d7f949a6191ab7bb30b48931bafc01c7aa93607e529fabbc853a4ddc5 include/internal/tlsgroups.h b24938409313384024524cbde837690d83119bcb70fb289b38cb7efa8e082852 include/internal/tsan_assist.h 2b38fb6e65d549aca3b2c76907daf67124f395251c0261dec26faa54da8d6d73 include/openssl/aes.h -444e0754b9e9e8f272f43eb8356eac687dacb4eb615c3c27504542a5e251b75d include/openssl/asn1.h.in +323549254bf7055fd2928253f2fb307cd97903d32716406ac5b11c990f4d88e3 include/openssl/asn1.h.in d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429 include/openssl/asn1err.h -f9f6b49f94e33171cb086774e307500f4a6d13a35af858b8da8fbed85815a045 include/openssl/asn1t.h.in +23809ecb0bcc5d870a776a322f26f1f7339d2fabc275931b5bd0619b6b18e7c9 include/openssl/asn1t.h.in cf4be859dba94326ba7d9e305fd7e7275bd11e534118c7b140a3a1c8dac01b76 include/openssl/async.h 8ed44307406db3a25abebe94b792175f99ceb04ede8fdc5c84446c9622729a0a include/openssl/asyncerr.h d23e74122090a71268818a8162bb0642d292b931eed2188f4f3a5c9083227a01 include/openssl/bio.h.in 0a26138aaded05cafe2326e11fdc19b28408e054cfe3dda40d45ef95ce8136b0 include/openssl/bioerr.h 7d1f9880976a926ba6e0cad08e8de6f326aae48d8350b499aa79127f63d4d108 include/openssl/bn.h ea344bb0b690d4e47c99e83f6692b970c9b54a4520296bb2d3ddbcbdf0d51653 include/openssl/bnerr.h -83b4510a377fcdaa2fff7ee09a37faebd7ea8e86885bc3704273c6144f0bdbb2 include/openssl/buffer.h +93954e6c450716e158948d67f64736a451ea9473d02f3a908f3bc8a96cf049a5 include/openssl/buffer.h 9d48e6cab2ee98ae94d7113e4c65f000d97e125fdb3445642865ace3f34d06ac include/openssl/buffererr.h 8e772c24b051e59d2f65339f54584e3e44165a3eaf997d497faea764990130f5 include/openssl/cmac.h 1eae6c12c4298d236b1ccefe3ebc28093fd8157214be16f8d34234b376002800 include/openssl/comp.h 2c7c73adb2fa1da9d453d3776ce83f74e7fc354e268a92cb973abddfe14b7db5 include/openssl/comperr.h -13a2107bcc030aa78356505dc4b0a18e3b567e7ac882a1dd381d7a038f30c1fa include/openssl/conf.h.in +55aa91482d327d1784484922389e8277bdcdff7a7df27e84200d5c908bd40454 include/openssl/conf.h.in f20c3c845129a129f5e0b1dae970d86a5c96ab49f2e3f6f364734521e9e1abe3 include/openssl/conferr.h 02a1baff7b71a298419c6c5dcb43eaa9cc13e9beeb88c03fb14854b4e84e8862 include/openssl/configuration.h.in -84cd7cd3842c7e70d601acdb6a4a41de3c9fcce552add92425ab33a239d23c97 include/openssl/core.h +6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h +792488b5d6bb87a5138322d7a6ae011faa279918321af62e76fa018e1a991c93 include/openssl/core.h 575312a453e48b61f3d4cd710b558631d6678318cd532bf362ba005dd23f12cd include/openssl/core_dispatch.h -b1384b0017273d98f4aee8a61a059f5b929f6790ab3538cb332eaa660b8172f8 include/openssl/core_names.h +6c57c1f0a8da8bb7d3e64c4f49ffd519d0e35b1a2d4958b98b04b87f21a90242 include/openssl/core_names.h d165f5c61bfe17ba366a3ba94afb30d3c8ce6b21e9cff59a15f3622f2654ae49 include/openssl/crypto.h.in 06e9f521a6e98e104cdf37260ce967d928e25d424e0013f1feb3ff4da18eaec0 include/openssl/cryptoerr.h bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h @@ -423,19 +424,19 @@ e067fc6ddda9827d7c4f0675acd0cad2dc427d7d3559749cff3086fcaa34d959 include/openss 3485a648e62685ec595954e2228be83bea1be4895a309fe64f49db1436a3f11e include/openssl/e_os2.h bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openssl/ebcdic.h 8e301f2f8cfacda5d7de4f53e5592b523454cb93ba3c8029b628a6abf0ddb833 include/openssl/ec.h -2a6cd2da2740c589bafaf7bb8533d890cefef98d6a6548e4aef90ac3bbd608d2 include/openssl/ecerr.h -f2ba09838c280c874db66c5e3b040a684518ad94b671b2e8e6eab11860fe0c47 include/openssl/encoder.h +cbbf74efc7fdb020f06840c856ad7fe97553944f4cc3c197fbb004de38158048 include/openssl/ecerr.h +1f4c5a0d37bf9bc32310b2a37761ea0470d50b233f47753ef636b73b85a863d4 include/openssl/encoder.h 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h -f4a13ac910add061f69dfcd33fa71ad192db82ae7fc4238952cf6f50047cfdf0 include/openssl/engine.h +171a780183dd91350d2f7abed7ded9ce80dfdec8afaab5adcd843514bdbc7a43 include/openssl/engine.h fb510978001ebea15eee4c4c6cbeebb126a66e11117e6f6d9b9fb4be5057b92c include/openssl/engineerr.h bfc224df9ef6ea16d0112dd8b1b1d9a09b8484a5a26f3f0c85041d7d5e83cf3b include/openssl/err.h.in -a5a713a64f2d7926232a7339926ddc0215f19828b568796aba662f3b54f483a6 include/openssl/evp.h +a9a8424e276c15f5691510e0ba414471f7f1892d2cefea697fd975ba0309e5cc include/openssl/evp.h 5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h 5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783 include/openssl/fipskey.h.in 47a088c98ad536ea99f2c6a9333e372507cb61b9bdffb930c586ed52f8f261eb include/openssl/hmac.h 0658a7b34390faae0d2a8dbd1fa07453c91f54847d9cd5d705760be72e18b37f include/openssl/http.h -5a8fc8d457adc81a2db6ba070185fc61217f07cb6bd737efa52c09ac55448b71 include/openssl/kdf.h +faab8accc9520269dd874126ae164a43526d5784e6280521c7ab3772c02b0a0c include/openssl/kdf.h c6db6926e90c9efd530a7bdb018be8c62f2c2b3c2f7b90228e9f73b8437dd785 include/openssl/lhash.h.in fd5c049ac6c3498750fa8f8dcbf88b2a31c02fa62dfe43a33d7b490fb86f61c8 include/openssl/macros.h 4ec92db58402e93d967bf7f69616e7d9b169aa337bfeb266b5f748ca6c9fb639 include/openssl/md4.h @@ -451,17 +452,17 @@ fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970 include/openss 1bf52d136e94f727a96651c1f48ad040482f35dae152519ccd585efd410b92f0 include/openssl/opensslv.h.in 767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20 include/openssl/param_build.h 30085f4d1b4934bb25ffe7aa9a30859966318a1b4d4dcea937c426e90e6e1984 include/openssl/params.h -c05703cea3bd3a447f600dafca7c7fac1d4f4202750ad366aa070ff2b8025828 include/openssl/pem.h +180a49cae0dfdf7975466f922b1950a998736924926d7588b5592ba903813349 include/openssl/pem.h fb453de1abc5ec8410586593921a66757441ecbfc4273349ddc6257c503a2000 include/openssl/pemerr.h -749149c1958284291da5bf144eeeca0d3d8618f3eb2395b75e91ef84e569a543 include/openssl/pkcs7.h.in +74305b1bd8575cd0ef6c86eb1edd89a9a144b84d39d7f6740b7ce8cdad6f9d9c include/openssl/pkcs7.h.in 8394828da6fd7a794777320c955d27069bfef694356c25c62b7a9eb47cd55832 include/openssl/pkcs7err.h 90fb37a1a564b989afca658dae8c78b0ba72ac1f4d1ffc0c52eb93e74e144603 include/openssl/proverr.h -183c205ca22a1fa1f8754db71703098d8457a18888d94a55282c4e426605246c include/openssl/provider.h -ac7a447167a91b371aea83f208495c7ae1e607a1e7272da165df7b199a35f5ac include/openssl/rand.h +b97e8ad49b38683817387596aefec0abd5f4d572643beef48be4f7acba26768d include/openssl/provider.h +7c9b5f479d9b22cfc8db0976dddfc2a1ee6e757b436e01a2b4d2744bcb6d81a5 include/openssl/rand.h e3545298f0cdf598a3419416ce20acd0119c0e88557a13d52c5b1a0117ee643e include/openssl/randerr.h 44246a82a6515c932a6ba834fbab8ee2a82b91db977367e8de07a8f529d2f045 include/openssl/ripemd.h c1015b77c444a3816d2ea7ad770f1c3b79a1e54887930af6dd662895701f3323 include/openssl/rsa.h -91f6399380f0aef958b00a9c21f017c7f366472b858663a4a0f6efd075a7a95f include/openssl/rsaerr.h +2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in 8578f881906486eb4d5c8f1631a469d3fc6b350e1ff8dc103db40391234ceb47 include/openssl/self_test.h d8da6697ce0f23b40c9a557940f030008bf1a53eff2739974f7bdb6b12b93b44 include/openssl/sha.h @@ -474,145 +475,145 @@ cd7bbe3d9bdaea20969cf9a388570ade19201f48f44b4bb860499d49590f9bfb include/openss c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h b220280d27e4f30ea9605902b316d20953d1d4931c3d199321b9f46d9366d60d include/openssl/tls1.h -a8d5264c7e410d8b74d7f36cd3572c7a08dd4bab93d3c388517a745560a1d316 include/openssl/trace.h +12026c3aa4b14d9083999a7e5098bd4273a4f2004ff1d397d65710b3d4bc6e2b include/openssl/trace.h ffd0b00e9fdb307c6f4369fa52005033ff4746cf49dd82bb9dfae1a83532e6e0 include/openssl/types.h -e2dc5cba3370613db267bea7229949596aec4b925ddb3047c7fb3b679adebc17 include/openssl/ui.h.in +f37b0da67078c8c220c442499e02f92dfe240f6d77ec942f2a562a18f338284a include/openssl/ui.h.in 558433ae747ebf3d9a71d583b7a7ee8c5476f3bef38d97a1f88bdcace4c2f311 include/openssl/uierr.h -eba1f6ff9d98e843cde6fa92997b5722ec4b7dcb5318db5689874ebd7d9ec51a include/openssl/x509.h.in +fa88f86a4643441ecd6779894bb9533f63c275b5a871bae6687905185f315f94 include/openssl/x509.h.in 7aea205aa1cc5472f7ec5e02c23435a4520af3883eff43ce2341a88abb5dcd4c include/openssl/x509_vfy.h.in 9e6409eddfa13a469c1da6c5b562825381da2eb4da3c08546aa1182a4ec54726 include/openssl/x509err.h -31a4ef4e9468ec4af5fa55eb1209ee3af53ef1f4a3b85b01dab879fc63028e8b include/openssl/x509v3.h.in +8ddb7bd65c766317f6f20ff615e4d0ddc99bc4ee0d6ec149e3834b8d4fe11a05 include/openssl/x509v3.h.in f78e901b2260416773c6d7933de8771a03bbb2cc3073809f3c1715d4276789ff include/openssl/x509v3err.h c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13 providers/common/bio_prov.c -9cf5f2b733755c0476141ccda0729e8c5e15fa7445d5168939b70867eac4482b providers/common/capabilities.c -18ce379903b078446945da9116026da8639b4b0d81d357f86f9674a2a5cb94ef providers/common/der/der_digests.h.in +d0a26820a192f38a52d26846d40a677ce846b4808bdc0193e880d7bf39633f8e providers/common/capabilities.c f94b7435d4ec888ec30df1c611afa8b9eedbb59e905a2c7cb17cfc8c4b9b85b8 providers/common/der/der_digests_gen.c.in -c0a020765feb7ededc7e6f20b2b140dca09f347cc72404a5c7971df82b2f9ad0 providers/common/der/der_dsa.h.in 424d7b2ece984a0904b80c73e541400c6e2d50a285c397dd323b440a4f2a8d8e providers/common/der/der_dsa_gen.c.in 27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae providers/common/der/der_dsa_key.c 2529d253b3e45c33249461fdedb2c32b3c16a7a305fe4920f2a79e7b3f16ed3f providers/common/der/der_dsa_sig.c -6024645ac9e165685b0a44a20feb342355eb06c07b7c7954508a125348570aea providers/common/der/der_ec.h.in a81d36446eb8afa5c2318e24b86b52647059b4721ee52309b741e4ee78af29dd providers/common/der/der_ec_gen.c.in b8f2f94daeaf20c636c90e386284c246cfded0c8275411fa02fe68b534520b95 providers/common/der/der_ec_key.c 9104cd39dddd6e1a6e8f267656482131f4d0765e96fdced1f7344817a1c8ed7e providers/common/der/der_ec_sig.c -5b6b7d8d12011c48195b7db8f65bc4bc4a48fb753763a3ce5006dc227b5139d7 providers/common/der/der_ecx.h.in 03a5620654438c58a8f971398e68922a3f33a519e2c92edb141d13ef4cbc4651 providers/common/der/der_ecx_gen.c.in f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1 providers/common/der/der_ecx_key.c -ce605f32413b09d33ce5795de9498a08183895c3347f33344f9ae5d31c29ccac providers/common/der/der_rsa.h.in 5b3b0ae8da0fad1f7ba8b5fba2206210884728bf69a8aa00644036eb51953467 providers/common/der/der_rsa_gen.c.in 3ba47f32b30f5540a34b3a8df7a4fd966aab9abcbb2b643af75a83a9ccda1df0 providers/common/der/der_rsa_key.c 7e8d579986f53eaf1875d677e5cf4adfd4ccf79db0275368f6cac580ab6007ca providers/common/der/der_rsa_sig.c -6c1fa3f229c6f049c3ac152c4c265f3eb056d94221b82df95a15400649690e93 providers/common/der/der_wrap.h.in 0b18bc007f296e16f6210956f5b6ab612b77d8a95170f12ae32764125901db6d providers/common/der/der_wrap_gen.c.in d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9 providers/common/digest_to_nid.c 440c8ce0a4ca9f63157202bbfa26e12fec25847215fbae3416274124604ada6e providers/common/include/prov/bio.h +18ce379903b078446945da9116026da8639b4b0d81d357f86f9674a2a5cb94ef providers/common/include/prov/der_digests.h.in +c0a020765feb7ededc7e6f20b2b140dca09f347cc72404a5c7971df82b2f9ad0 providers/common/include/prov/der_dsa.h.in +6024645ac9e165685b0a44a20feb342355eb06c07b7c7954508a125348570aea providers/common/include/prov/der_ec.h.in +5b6b7d8d12011c48195b7db8f65bc4bc4a48fb753763a3ce5006dc227b5139d7 providers/common/include/prov/der_ecx.h.in +ce605f32413b09d33ce5795de9498a08183895c3347f33344f9ae5d31c29ccac providers/common/include/prov/der_rsa.h.in +6c1fa3f229c6f049c3ac152c4c265f3eb056d94221b82df95a15400649690e93 providers/common/include/prov/der_wrap.h.in 76087f04f4de6414c240f88807659fb2a04af914108f0c5f2515a4cb5482f655 providers/common/include/prov/proverr.h -6cbc8930e4658b5b03fc52b230db1332ffd9a18e97121e14dd9078066aacb0b4 providers/common/include/prov/provider_ctx.h -08b35879ae018aec67e21b725ae6bcb061e267f1aadafa869690374807e51a87 providers/common/include/prov/provider_util.h +83a57505d88a6a9cc4f7781c9f7f4af07668e7923502dfd6c5960bb492c1d24e providers/common/include/prov/provider_ctx.h +7c4ea8ab097690f28755814192e6ddd78d023151edc83dc3d1e2feb3fbcba533 providers/common/include/prov/provider_util.h e1ef8b2be828a54312d6561b37751a5b6e9d5ebdb6c3e63589728c3d8adca7dc providers/common/include/prov/providercommon.h 73d0e15963759fcb7c5c434bb214b50bc32f6066e90ac07fb53dad11c2fd1939 providers/common/include/prov/securitycheck.h 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143 providers/common/provider_ctx.c 08eb591a084afaa48802734fa0a77a37c94b6caeee1cb5f810ed02cbd03afaff providers/common/provider_err.c 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c -ce6731be4da709c753bd2c04e88d51d567c955c651e7575bb1410968e6c7620e providers/common/securitycheck.c -50a0e01e877ae818cf874f4515a130db0e869d4e9e8ce882bff1255695aba789 providers/common/securitycheck_fips.c +ba345b0d71f74c9e3d752579e16d11cc70b4b00faa329cc674bc43dd2620e044 providers/common/securitycheck.c +527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c -0097ee47ca140cd4bafe7f12ce43263c08e3461e0005dcec4b2feed5b538d0c8 providers/fips/fipsprov.c +f74c0d672eb313139706a1839914a558d53c43737e7c54fd85edc38b33500097 providers/fips/fipsprov.c 68093d08a3b0e82df3bf31387dcf7f76cb4a287f86d9c0bdd6943c2b1f459784 providers/fips/self_test.c -4f10af8dd196a78b01494d6a02255b62c570133673549f1800e2fa323dd27170 providers/fips/self_test.h -652bcbdd15619591466ad1f04240e7a3827f7241aa06410a363ef6cb7d97fea6 providers/fips/self_test_data.inc -fb56f801613642f6b497803890b528a643024e3cdb5bd5dd619a2981afb2f3b0 providers/fips/self_test_kats.c -08b287621158afb67e61e52fc34efbb9f9fe22ee6709c7ed6c937d5feb2b7fd8 providers/implementations/asymciphers/rsa_enc.c +f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h +fe69e22b9e97277cbbe57139026357abd161b0eba2b8a7253b4e13647dd8760e providers/fips/self_test_data.inc +f2775b7effa96b7c925ed71bd8c90e74b6256e7ed28346f59de46dffecb3e5a0 providers/fips/self_test_kats.c +cc53b8c68cb51193db6597b1e8c145c7b21e3576e74fcae7724692533fa81ceb providers/implementations/asymciphers/rsa_enc.c 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c -9cdde931c725abe78b304e47029034dee2abf08cc36d4055a4d0212e38631788 providers/implementations/ciphers/cipher_aes.h -5b7d6a1d0df42c082c3731a3d2a0fe2d0034874e0fbb2f4916efb72da4fe6b66 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c -f449c722118408e564746cd2d2d7df4c37f2c2b262e4e52012e4c70f01d10fd9 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h -907dc12512a041a6611c47fb8997c2876d7854be1f0104853fcaa083b21a0223 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c -2ab6abdf4339eeeac08740ae9773d962c138b452a6379fc907a9738499112fd4 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c +f9d4b30e7110c90064b990c07430bb79061f4436b06ccaa981b25c306cfbfaa2 providers/implementations/ciphers/cipher_aes.h +fda0045a1d16514c12e27c6171e40d8a13d444b8e6ac526e44e9d507ec33adbf providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +7668e5c1cac474ad7b0f28aa78ca885edf44815fe4a606a6cd328b3c02fac25a providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h +26e0f28523b416ba4067e471061f5a11fd76f5dc8bfe57ce37a137cf5667630b providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c +aadd5bf80c25bc98325562e388515f3ab6841755c265e150177ee16013684e76 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c 6d6bf36329af3b77f457898294be05fea3940a61cdaf0ed60cfb8d091a94186e providers/implementations/ciphers/cipher_aes_ccm.c -13d82a9325b9cf989e632d08fffb960ceaa509efdee0c29d447c151463db2f64 providers/implementations/ciphers/cipher_aes_ccm.h +00f36bf48e522dbb5ec71df0ec13e387955fa3672e6ff90e8a412ae95c4a642f providers/implementations/ciphers/cipher_aes_ccm.h 6337b570e0dc4e98af07aa9704254d3ab958cf605584e250fbd76cd1d2a25ac7 providers/implementations/ciphers/cipher_aes_ccm_hw.c 302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55 providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc -e63b682f97b424167e4feb28e0103ad3c2859c57056284de2999236d07663eed providers/implementations/ciphers/cipher_aes_cts.c +7a61f7e0684b6053aeb64edb1de2eb1a47df1e70d041eb5e2e96a528a4c5512f providers/implementations/ciphers/cipher_aes_cts.c 2e72401dbc4f64f0e263660bc7b5192dc5e0e8cc955661aca6a7e3e3359c97cf providers/implementations/ciphers/cipher_aes_cts.h 2ec666b6b7fdaa7ffb0f083a3358904c8c3159699540d270c7ddb46a8d96647b providers/implementations/ciphers/cipher_aes_cts.inc e540092e34896a0f75622365a8d97473dfc7c3036ef6ef6f8ce343922ac03f56 providers/implementations/ciphers/cipher_aes_gcm.c -582dcf5782f2766cb1369fd652985466df2bb8d41bb9791c263fc289df52b726 providers/implementations/ciphers/cipher_aes_gcm.h -0fa7dad1d2d972aa74f32ff56ea0399dd60b39a7854f4c861201873bfd128749 providers/implementations/ciphers/cipher_aes_gcm_hw.c +9ab2aa8c9cc135c6d6369105de3f99c114dcff4e43aead3a256dd81cdc585aea providers/implementations/ciphers/cipher_aes_gcm.h +ab298c5f89f3165fa11093fad8063b7bcbff0924b43fb3107148ae66d54adcb5 providers/implementations/ciphers/cipher_aes_gcm_hw.c 8ed4a100e4756c31c56147b4b0fab76a4c6e5292aa2f079045f37b5502fd41b9 providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc -2882acc9191d15cd93522093e3e1a91135d4fcfcbb6c77980cf92369e5d1acb9 providers/implementations/ciphers/cipher_aes_hw.c +4c6f3a2818754a5aa7b6db36dae53e248504f9e82cc5af2ed68c723903d4f9d5 providers/implementations/ciphers/cipher_aes_hw.c 89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68 providers/implementations/ciphers/cipher_aes_hw_aesni.inc 0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573 providers/implementations/ciphers/cipher_aes_ocb.c -1e9c92098be7cc1c8765a4384d6d3b29a51717993c28f6502594cc62e0ba33dc providers/implementations/ciphers/cipher_aes_ocb.h +88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f providers/implementations/ciphers/cipher_aes_ocb.h 855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70 providers/implementations/ciphers/cipher_aes_ocb_hw.c d07e18786256f3a069fe83e6fdc79e53fdc1f99b3e6bbe5d2f3fc559bc737eb2 providers/implementations/ciphers/cipher_aes_wrp.c 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931 providers/implementations/ciphers/cipher_aes_xts.c -51faef25d9275061868bdcd7e60d2885353123fb4941b6b9feacfcbc63003ef9 providers/implementations/ciphers/cipher_aes_xts.h +c4a2499b214d7cf786dafaaee5c8c6963b3d5d1c27c144eec4b460f839074a3b providers/implementations/ciphers/cipher_aes_xts.h 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da providers/implementations/ciphers/cipher_aes_xts_fips.c -2248598561af2fc8593c101023fc629447967171d1dfc1d6bd74ca8affdf6c44 providers/implementations/ciphers/cipher_aes_xts_hw.c +f358c4121a8a223e2c6cf009fd28b8a195520279016462890214e8858880f632 providers/implementations/ciphers/cipher_aes_xts_hw.c 06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5 providers/implementations/ciphers/cipher_tdes.c -240075072fa0e1e47a256b0b3aa8e13e067b2e7f972d20d717d3c65e990405cf providers/implementations/ciphers/cipher_tdes.h +3023eb3efb71ffe922e957acf4da65a124a8367a5fbe68a9d9f2fe8d583063d8 providers/implementations/ciphers/cipher_tdes.h 9e07260067083c76d26eb0dd8a8bb4a8dac678812644ff88951a0661be70d9fd providers/implementations/ciphers/cipher_tdes_common.c 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25 providers/implementations/ciphers/cipher_tdes_hw.c -3d3e3a9dd7085d389248f07da57a9c3d42934b77fe2eb67ff8553ec633a1acaa providers/implementations/ciphers/ciphercommon.c +3fd3a0e53984c114e74172a85f8321569877df00d193d5bd2e90e8be38507082 providers/implementations/ciphers/ciphercommon.c 697e9f2254574cc93f0737456d0f3a275946296466a179bb5d0fea607c7a92fa providers/implementations/ciphers/ciphercommon_block.c 4b4106f85e36eb2c07acc5a3ca5ccd77b736b3ac46cc4af786cf57405ecd54b2 providers/implementations/ciphers/ciphercommon_ccm.c 8b6828f188c2590c7d9c6cac13fa0eb6d38a522b0f2859e7c8a766580fa9b66e providers/implementations/ciphers/ciphercommon_ccm_hw.c -3b98e493f2ca61bdb3a6f36593cb6e2fbba8314a5c95382438520ac610f4ef82 providers/implementations/ciphers/ciphercommon_gcm.c +251aca4d087418e4fdac1390e1570b189b4076ba63a635d228784a05bb26e421 providers/implementations/ciphers/ciphercommon_gcm.c bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b providers/implementations/ciphers/ciphercommon_gcm_hw.c 23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693 providers/implementations/ciphers/ciphercommon_hw.c c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666 providers/implementations/ciphers/ciphercommon_local.h 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d providers/implementations/digests/digestcommon.c 80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057 providers/implementations/digests/sha2_prov.c de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173 providers/implementations/digests/sha3_prov.c -2d3adc404341e3a8a3c29adf732cb740dc4c4b0cde1c422cbeb352c4509320db providers/implementations/exchange/dh_exch.c -427b9abee979f94371aa4aa99b48f08f1772965c93f9bce6f4531cc4cec136b6 providers/implementations/exchange/ecdh_exch.c +b14f76813cb10cb1cfadfc04bb5e0660bb12c5a120c96d196b0f6f1a948d2f48 providers/implementations/exchange/dh_exch.c +9c46dc0d859875fcc0bc3d61a7b610cd3520b1bf63718775c1124f54a1fe5f24 providers/implementations/exchange/ecdh_exch.c 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513 providers/implementations/exchange/kdf_exch.c -45bed8c4d9f6b9d46d0ea870384424db36b403ff65259c3e12c6d0d631087a89 providers/implementations/include/prov/ciphercommon.h +7c348fbd12174d6ec8afa0367820558ba515e7f72071e460e70120e0430fe78f providers/implementations/include/prov/ciphercommon.h 6dc876a1a785420e84210f085be6e4c7aca407ffb5433dbca4cd3f1c11bb7f06 providers/implementations/include/prov/ciphercommon_aead.h -6748aed583c016ad57d443f8087c40e8da2f3598143e7d7832c982664e28c833 providers/implementations/include/prov/ciphercommon_ccm.h -1738aa29c74e61d6aab6909c02f6e2857bf7b5183be532f2a7e999d6557fb1d2 providers/implementations/include/prov/ciphercommon_gcm.h +dd07797d61988fd4124cfb920616df672938da80649fac5977bfd061c981edc5 providers/implementations/include/prov/ciphercommon_ccm.h +c6ff62b82daccac75752a1d1dd6a9967aa09f3875b82d11e26d17c276a549478 providers/implementations/include/prov/ciphercommon_gcm.h 79a5ed6e4a97431233c56eede9d9c9eec27598fff53590c627ea40bd5b871fd5 providers/implementations/include/prov/digestcommon.h 82aedb7fe5ec73696420f5bcf579412ca17ccf559bbd1af17dca39bff06500e3 providers/implementations/include/prov/implementations.h 5f09fc71874b00419d71646714f21ebbdcceda277463b6f77d3d3ea6946914e8 providers/implementations/include/prov/kdfexchange.h c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h cc30d303dd0ebc1a3828c3fe231a9dd6472dcec01415941b6cbd210d32862193 providers/implementations/include/prov/names.h 2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda providers/implementations/include/prov/seeding.h -9b9e7937be361de8e3c3fa9a2ef17edde8a0a4391bf55c72ff9785c1e4ee7dfc providers/implementations/kdfs/hkdf.c -115e13e152cfb7d729659cb26056414f719c5e7cb2a9b3df8b6ad0f232ce109a providers/implementations/kdfs/kbkdf.c -f93d3b32e7e3bc6bd4100559b15d392613797e1048010fdc70058ae9297a1125 providers/implementations/kdfs/pbkdf2.c +51f6cd510cd4e45b6e9d93809da7382d229f93522c4ecac4b5dfa53f685828ab providers/implementations/kdfs/hkdf.c +b2e971a5a5d91da121db468cd8c8501c154643120dae31bb674e758c6403ad14 providers/implementations/kdfs/kbkdf.c +fb62e76d7d751bf3b4c39157d601aa0a16477bb9335121ec6649ba7176a43f8d providers/implementations/kdfs/pbkdf2.c c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/implementations/kdfs/pbkdf2_fips.c -6551c3354fb889cb429f850e0194a82d677528f65212d4ac345ab87352cec8a1 providers/implementations/kdfs/sshkdf.c -eb18f3fe62bb2a46a294b738de81a233bd2db00cc79ddc58622fc7c7021c3528 providers/implementations/kdfs/sskdf.c +09efa4d172009398bb9b7256822a32a191bf296297480d1ce3ee6a0fa6eae202 providers/implementations/kdfs/sshkdf.c +5b30c7a7d0b3e6c511aa876cbec3cf206d67899b5f5116b333857877b79555dc providers/implementations/kdfs/sskdf.c 3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a providers/implementations/kdfs/tls1_prf.c -0eba0d205b1da2c298b1002abbedde0ee2c27d80d85044c478604be5b5c4222e providers/implementations/kdfs/x942kdf.c +27bb6ee5e2d00c545635c0c29402b10e74a1831adbc9800c159cbe04f2bfa2f7 providers/implementations/kdfs/x942kdf.c f419a9f6b17cfba1543a3690326188ac8335db66807c58de211a3d69e18f7d4d providers/implementations/kem/rsa_kem.c -6b60edb1ff512cb20d5727aa765efaaba54a151b9cefb819092da347e0d3d3f6 providers/implementations/keymgmt/dh_kmgmt.c -6224f55f19d7f2794326357799cd61182a0b3ca6a9b29ced720ecb463d7469b3 providers/implementations/keymgmt/dsa_kmgmt.c -20d650c547a138d86593bd56bcc91aa59bd89e869cef2fc91f40c6184f2f690b providers/implementations/keymgmt/ec_kmgmt.c +b2055b38d436e918a06ccdb095ba888ae4d650f5d57c58cc1ce5f0a367f92852 providers/implementations/keymgmt/dh_kmgmt.c +a06a0c2ff67772da75f2498ec5390a84a9cb221b70974e687e6e48cdf719004d providers/implementations/keymgmt/dsa_kmgmt.c +e0812f2cb3f08ebf159671ef16e5c60afcf963e3c0724950ddb24a0023d57f77 providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc -6a2f74c8d844642ddf11ec3714b352ed4410371e9a4d1d0e684e7384229d4eb0 providers/implementations/keymgmt/ecx_kmgmt.c +75b23aa264e2935794ce5e0420e3815f798c8d6aa82abb1447f0a2c10ce475b5 providers/implementations/keymgmt/ecx_kmgmt.c 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c -25f88308f924571ccd0ba6253573556c87f59c6e69f46a63e27ea2d6128f3467 providers/implementations/keymgmt/mac_legacy_kmgmt.c -adb3672738af90c3f5829c77abe95af2862b13a7cb1679aac4edc9c704cbdef7 providers/implementations/keymgmt/rsa_kmgmt.c -8f85010af90897a657bbde1fa8c8cb0eb1cd322f3d0f4f53069b26f05818fe03 providers/implementations/macs/cmac_prov.c -f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab providers/implementations/macs/gmac_prov.c -04fb307d43a55d3ab77852da8fa315ca536025d47974e0ff8afd8be7f7960a1e providers/implementations/macs/hmac_prov.c -d09f137bc3cd4384a3fd71ba107c5636418fb0480c66151f43d615ef9be45903 providers/implementations/macs/kmac_prov.c +f88ab5c9a4cdfa160df2b8f0f833725845caa25facc81de9c4a7881d1d2f27db providers/implementations/keymgmt/mac_legacy_kmgmt.c +464d6f9236351e7dc3b991f5bba142c7aabcf2db3c236367332a9dd0308ddfac providers/implementations/keymgmt/rsa_kmgmt.c +802adf06e101bd81d94edb8bc82ba23eac9aeae258e6f43f9005b32fabcd99c6 providers/implementations/macs/cmac_prov.c +c774e2791484ea9a1ffed69958f9d05c139bbf53603a9621ae76c6e89c36e5b1 providers/implementations/macs/gmac_prov.c +4d1d73b64f9fd1473a4b70c92fae2ad87aa30b6ec6d946d408deb251c0ef70c1 providers/implementations/macs/hmac_prov.c +aa7ba1d39ea4e3347294eb50b4dfcb895ef1a22bd6117d3b076a74e9ff11c242 providers/implementations/macs/kmac_prov.c bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c -080afdc1704ad2a53cfbd54060b8b4f86a110ce48663fe86f2480d05aff00a15 providers/implementations/rands/drbg.c -3dc5f082235664ee02b827760bdf1c1dcd90d058b9664994751f7606009556ed providers/implementations/rands/drbg_ctr.c -c36937930bcaecd6d5131d0317b9162a96cc956df164848dc53f423af838d04a providers/implementations/rands/drbg_hash.c -531c0ce4212570474b59a1b039e61a97ee5504e56e2f10de1f36578f1bca79d3 providers/implementations/rands/drbg_hmac.c -29ae5c4e280734514b35870c773e685b60f4c95ed06612c529fc50ea1891f8bc providers/implementations/rands/drbg_local.h +f6c4b38dd1c22d562ef8b172218b688070336dc43550f40af01bb2e77eb3ea4d providers/implementations/rands/drbg.c +80eafae49bfd9ffd32e36c01cee54bd251c27ca625576455ee7378474bd22abb providers/implementations/rands/drbg_ctr.c +a05adc3f6d9d6f948e5ead75f0522ed3164cb5b2d301169242f3cb97c4a7fac3 providers/implementations/rands/drbg_hash.c +0876dfae991028c569631938946e458e6829cacf4cfb673d2b144ae50a3160bb providers/implementations/rands/drbg_hmac.c +fc43558964bdf12442d3f6ab6cc3e6849f7adb42f4d0123a1279819befcf71cb providers/implementations/rands/drbg_local.h 888a671934abef4225956f9931cff842f245f90660e11f23a55228edca962e16 providers/implementations/rands/test_rng.c -3a9dfbf5dcb9e1955f12f71f1ca086dded771b262d6d61bab2874f48260f702a providers/implementations/signature/dsa_sig.c -0ff792c30ba26f2d8f4d1c14b999f7183dcd928537f950a23573f0b65359b2f4 providers/implementations/signature/ecdsa_sig.c -8074854e90be6a8266cc81ad722ef12213e9fc1360891822f109bfb03791f18e providers/implementations/signature/eddsa_sig.c -1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7 providers/implementations/signature/mac_legacy_sig.c -40322e8782474a35f02fa350b43439a56124e680a1d24556b2a66310ed2e9e2e providers/implementations/signature/rsa_sig.c -10412a9d260c0fd2c24a0ecd1c793818c42491d5497ecb401c8d54ee1f442b5e ssl/record/tls_pad.c -b20895bc97561c908d246406af079d45339f1087f196ff356aba1f1089ad33ce ssl/s3_cbc.c +f47d6ab720e21b092d741e8b27acadd91b46466a8bd14fc8b79b3e1c618513d0 providers/implementations/signature/dsa_sig.c +f9eac5acc880756ab17c9e00b7707fa6bf882026cbca21ce67aadcf560352120 providers/implementations/signature/ecdsa_sig.c +2f2b974819c29112144c1086e61dd6fd7bd3ebd924376f8ebdcff9f477a821c7 providers/implementations/signature/eddsa_sig.c +762b49aa68fa7cd15c0496c35a23acb85df9588c8bb4ecb54438f86cc06ce13d providers/implementations/signature/mac_legacy_sig.c +ac8f4452ea236ef877d13bc787f53f117722025c9c74874c6d2cc541382a8953 providers/implementations/signature/rsa_sig.c +737b9afe8f03f58797034ae906f982179677f5a9cf42965468f7126cf15e6694 ssl/record/tls_pad.c +accefe92a493af8334bc3b5d4d2845eaa0278816c028c91d2b85bce8ead7f9fd ssl/s3_cbc.c diff --git a/providers/fips.checksum b/providers/fips.checksum index 1bb7c093ce..c7e944675c 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -738c802e9349e0b56e791f3a71b003f75571f2c1460faeb0088d0cac26128c96 providers/fips-sources.checksums +a063a464981d8b2f8b76cd521f3f902d56bf8d591bbd06c408470a6d10b81417 providers/fips-sources.checksums diff --git a/providers/fips.module.sources b/providers/fips.module.sources index 142c5cc50d..15346f9307 100644 --- a/providers/fips.module.sources +++ b/providers/fips.module.sources @@ -406,6 +406,7 @@ include/openssl/comperr.h include/openssl/conf.h.in include/openssl/conferr.h include/openssl/configuration.h.in +include/openssl/conftypes.h include/openssl/core.h include/openssl/core_dispatch.h include/openssl/core_names.h @@ -485,27 +486,27 @@ include/openssl/x509v3.h.in include/openssl/x509v3err.h providers/common/bio_prov.c providers/common/capabilities.c -providers/common/der/der_digests.h.in providers/common/der/der_digests_gen.c.in -providers/common/der/der_dsa.h.in providers/common/der/der_dsa_gen.c.in providers/common/der/der_dsa_key.c providers/common/der/der_dsa_sig.c -providers/common/der/der_ec.h.in providers/common/der/der_ec_gen.c.in providers/common/der/der_ec_key.c providers/common/der/der_ec_sig.c -providers/common/der/der_ecx.h.in providers/common/der/der_ecx_gen.c.in providers/common/der/der_ecx_key.c -providers/common/der/der_rsa.h.in providers/common/der/der_rsa_gen.c.in providers/common/der/der_rsa_key.c providers/common/der/der_rsa_sig.c -providers/common/der/der_wrap.h.in providers/common/der/der_wrap_gen.c.in providers/common/digest_to_nid.c providers/common/include/prov/bio.h +providers/common/include/prov/der_digests.h.in +providers/common/include/prov/der_dsa.h.in +providers/common/include/prov/der_ec.h.in +providers/common/include/prov/der_ecx.h.in +providers/common/include/prov/der_rsa.h.in +providers/common/include/prov/der_wrap.h.in providers/common/include/prov/proverr.h providers/common/include/prov/provider_ctx.h providers/common/include/prov/provider_util.h diff --git a/util/lang-compress.pl b/util/lang-compress.pl index 6898877587..ddf1d1ec6f 100755 --- a/util/lang-compress.pl +++ b/util/lang-compress.pl @@ -80,15 +80,7 @@ if ($lang eq 'C') { s{ (?| # All things preserved end up in $1 - (\n)\h+ # Spaces at start of lines removed - - | - - \h+(\n) # Spaces at end of lines removed - - | - - \h+ # Other horizontal spaces replaced with one + \h+ # Horizontal spaces replaced with one | # OR @@ -104,6 +96,10 @@ if ($lang eq 'C') { } defined $1 ? $1 : " " }gsxe; + + # Clean up spaces at start and end of lines + s/^ //mg; + s/ $//mg; } elsif ($lang eq 'S') { # Because we use C++ style comments in our .S files, all we can do # is to drop them From no-reply at appveyor.com Thu Jun 3 02:30:22 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 03 Jun 2021 02:30:22 +0000 Subject: Build failed: openssl master.42228 Message-ID: <20210603023022.1.408E09CA30EF2321@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Jun 3 05:21:27 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 03 Jun 2021 05:21:27 +0000 Subject: [openssl] master update Message-ID: <1622697687.940035.30829.nullmailer@dev.openssl.org> The branch master has been updated via 691c9cd16b11e7350eb6d591664334fd5c951050 (commit) from 74613e8c97be6c310152f7cc6d8162f3ccc723a4 (commit) - Log ----------------------------------------------------------------- commit 691c9cd16b11e7350eb6d591664334fd5c951050 Author: yuechen-chen Date: Sun May 23 23:33:55 2021 -0700 Add an EVP demo for signatures using EC Fixes #14115 Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15429) ----------------------------------------------------------------------- Summary of changes: demos/README.txt | 3 + demos/signature/EVP_Signature_demo.c | 235 +++++++++++++++++++++++++++++++++++ demos/signature/EVP_Signature_demo.h | 76 +++++++++++ demos/{pkey => signature}/Makefile | 8 +- 4 files changed, 318 insertions(+), 4 deletions(-) create mode 100644 demos/signature/EVP_Signature_demo.c create mode 100644 demos/signature/EVP_Signature_demo.h copy demos/{pkey => signature}/Makefile (56%) diff --git a/demos/README.txt b/demos/README.txt index 383d0e5b80..7472821c3b 100644 --- a/demos/README.txt +++ b/demos/README.txt @@ -26,3 +26,6 @@ smime: pkcs12: pkread.c Print out a description of a PKCS12 file. pkwrite.c Add a password to an existing PKCS12 file. + +signature: +EVP_Signature_demo.c Compute and verify a signature from multiple buffers diff --git a/demos/signature/EVP_Signature_demo.c b/demos/signature/EVP_Signature_demo.c new file mode 100644 index 0000000000..d7f26f164b --- /dev/null +++ b/demos/signature/EVP_Signature_demo.c @@ -0,0 +1,235 @@ +/*- + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * An example that uses the EVP_MD*, EVP_DigestSign* and EVP_DigestVerify* + * methods to calculate and verify a signature of two static buffers. + */ + +#include +#include +#include +#include +#include +#include "EVP_Signature_demo.h" + +/* + * This demonstration will calculate and verify a signature of data using + * the soliloquy from Hamlet scene 1 act 3 + */ + +static const char *hamlet_1 = + "To be, or not to be, that is the question,\n" + "Whether tis nobler in the minde to suffer\n" + "The slings and arrowes of outragious fortune,\n" + "Or to take Armes again in a sea of troubles,\n" +; +static const char *hamlet_2 = + "And by opposing, end them, to die to sleep;\n" + "No more, and by a sleep, to say we end\n" + "The heart-ache, and the thousand natural shocks\n" + "That flesh is heir to? tis a consumation\n" +; + +/* + * For demo_sign, load EC private key priv_key from priv_key_der[]. + * For demo_verify, load EC public key pub_key from pub_key_der[]. + */ +static EVP_PKEY *get_key(OSSL_LIB_CTX *libctx, const char *propq, int public) +{ + OSSL_DECODER_CTX *dctx = NULL; + EVP_PKEY *pkey = NULL; + int selection; + const unsigned char *data; + size_t data_len; + + if (public) { + selection = EVP_PKEY_PUBLIC_KEY; + data = pub_key_der; + data_len = sizeof(pub_key_der); + } else { + selection = EVP_PKEY_KEYPAIR; + data = priv_key_der; + data_len = sizeof(priv_key_der); + } + dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC", + selection, libctx, propq); + (void)OSSL_DECODER_from_data(dctx, &data, &data_len); + OSSL_DECODER_CTX_free(dctx); + if (pkey == NULL) + fprintf(stderr, "Failed to load %s key.\n", public ? "public" : "private"); + return pkey; +} + +static int demo_sign(OSSL_LIB_CTX *libctx, const char *sig_name, + size_t *sig_out_len, unsigned char **sig_out_value) +{ + int result = 0, public = 0; + size_t sig_len; + unsigned char *sig_value = NULL; + const char *propq = NULL; + EVP_MD_CTX *sign_context = NULL; + EVP_PKEY *priv_key = NULL; + + /* Get private key */ + priv_key = get_key(libctx, propq, public); + if (priv_key == NULL) { + fprintf(stderr, "Get private key failed.\n"); + goto cleanup; + } + /* + * Make a message signature context to hold temporary state + * during signature creation + */ + sign_context = EVP_MD_CTX_new(); + if (sign_context == NULL) { + fprintf(stderr, "EVP_MD_CTX_new failed.\n"); + goto cleanup; + } + /* + * Initialize the sign context to use the fetched + * sign provider. + */ + if (!EVP_DigestSignInit_ex(sign_context, NULL, sig_name, + libctx, NULL, priv_key, NULL)) { + fprintf(stderr, "EVP_DigestSignInit_ex failed.\n"); + goto cleanup; + } + /* + * EVP_DigestSignUpdate() can be called several times on the same context + * to include additional data. + */ + if (!EVP_DigestSignUpdate(sign_context, hamlet_1, strlen(hamlet_1))) { + fprintf(stderr, "EVP_DigestSignUpdate(hamlet_1) failed.\n"); + goto cleanup; + } + if (!EVP_DigestSignUpdate(sign_context, hamlet_2, strlen(hamlet_2))) { + fprintf(stderr, "EVP_DigestSignUpdate(hamlet_2) failed.\n"); + goto cleanup; + } + /* Call EVP_DigestSignFinal to get signature length sig_len */ + if (!EVP_DigestSignFinal(sign_context, NULL, &sig_len)) { + fprintf(stderr, "EVP_DigestSignFinal failed.\n"); + goto cleanup; + } + if (sig_len <= 0) { + fprintf(stderr, "EVP_DigestSignFinal returned invalid signature length.\n"); + goto cleanup; + } + sig_value = OPENSSL_malloc(sig_len); + if (sig_value == NULL) { + fprintf(stderr, "No memory.\n"); + goto cleanup; + } + if (!EVP_DigestSignFinal(sign_context, sig_value, &sig_len)) { + fprintf(stderr, "EVP_DigestSignFinal failed.\n"); + goto cleanup; + } + *sig_out_len = sig_len; + *sig_out_value = sig_value; + fprintf(stdout, "Generating signature:\n"); + BIO_dump_indent_fp(stdout, sig_value, sig_len, 2); + fprintf(stdout, "\n"); + result = 1; + +cleanup: + /* OpenSSL free functions will ignore NULL arguments */ + if (!result) + OPENSSL_free(sig_value); + EVP_PKEY_free(priv_key); + EVP_MD_CTX_free(sign_context); + return result; +} + +static int demo_verify(OSSL_LIB_CTX *libctx, const char *sig_name, + size_t sig_len, unsigned char *sig_value) +{ + int result = 0, public = 1; + const char *propq = NULL; + EVP_MD_CTX *verify_context = NULL; + EVP_PKEY *pub_key = NULL; + + /* + * Make a verify signature context to hold temporary state + * during signature verification + */ + verify_context = EVP_MD_CTX_new(); + if (verify_context == NULL) { + fprintf(stderr, "EVP_MD_CTX_new failed.\n"); + goto cleanup; + } + /* Get public key */ + pub_key = get_key(libctx, propq, public); + if (pub_key == NULL) { + fprintf(stderr, "Get public key failed.\n"); + goto cleanup; + } + /* Verify */ + if (!EVP_DigestVerifyInit_ex(verify_context, NULL, sig_name, + libctx, NULL, pub_key, NULL)) { + fprintf(stderr, "EVP_DigestVerifyInit failed.\n"); + goto cleanup; + } + /* + * EVP_DigestVerifyUpdate() can be called several times on the same context + * to include additional data. + */ + if (!EVP_DigestVerifyUpdate(verify_context, hamlet_1, strlen(hamlet_1))) { + fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_1) failed.\n"); + goto cleanup; + } + if (!EVP_DigestVerifyUpdate(verify_context, hamlet_2, strlen(hamlet_2))) { + fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_2) failed.\n"); + goto cleanup; + } + if (!EVP_DigestVerifyFinal(verify_context, sig_value, sig_len)) { + fprintf(stderr, "EVP_DigestVerifyFinal failed.\n"); + goto cleanup; + } + fprintf(stdout, "Signature verified.\n"); + result = 1; + +cleanup: + /* OpenSSL free functions will ignore NULL arguments */ + EVP_PKEY_free(pub_key); + EVP_MD_CTX_free(verify_context); + return result; +} + +int main(void) +{ + OSSL_LIB_CTX *libctx = NULL; + const char *sig_name = "SHA3-512"; + size_t sig_len = 0; + unsigned char *sig_value = NULL; + int result = 0; + + libctx = OSSL_LIB_CTX_new(); + if (libctx == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto cleanup; + } + if (!demo_sign(libctx, sig_name, &sig_len, &sig_value)) { + fprintf(stderr, "demo_sign failed.\n"); + goto cleanup; + } + if (!demo_verify(libctx, sig_name, sig_len, sig_value)) { + fprintf(stderr, "demo_verify failed.\n"); + goto cleanup; + } + result = 1; + +cleanup: + if (result != 1) + ERR_print_errors_fp(stderr); + /* OpenSSL free functions will ignore NULL arguments */ + OSSL_LIB_CTX_free(libctx); + OPENSSL_free(sig_value); + return result == 0; +} diff --git a/demos/signature/EVP_Signature_demo.h b/demos/signature/EVP_Signature_demo.h new file mode 100644 index 0000000000..aef3e60783 --- /dev/null +++ b/demos/signature/EVP_Signature_demo.h @@ -0,0 +1,76 @@ +/*- + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Signers private EC key */ +static const unsigned char priv_key_der[] = { +0x30, 0x82, 0x01, 0x68, 0x02, 0x01, 0x01, 0x04, 0x20, 0x51, 0x77, 0xae, +0xf4, 0x18, 0xf4, 0x6b, 0xc4, 0xe5, 0xbb, 0xe9, 0xe6, 0x9e, 0x6d, 0xb0, +0xea, 0x12, 0xf9, 0xf3, 0xdb, 0x9d, 0x56, 0x59, 0xf7, 0x5a, 0x17, 0xd7, +0xd1, 0xe4, 0xd7, 0x47, 0x28, 0xa0, 0x81, 0xfa, 0x30, 0x81, 0xf7, 0x02, +0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, +0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +0x30, 0x5b, 0x04, 0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, +0x04, 0x20, 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, +0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, +0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15, +0x00, 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78, +0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04, +0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, +0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, +0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, +0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, +0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, +0x37, 0xbf, 0x51, 0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, +0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, +0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, +0x63, 0x25, 0x51, 0x02, 0x01, 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, +0x4f, 0xe7, 0x7b, 0xb6, 0xbb, 0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40, +0xc8, 0xd8, 0x71, 0xca, 0x6d, 0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00, +0x6c, 0xc6, 0x2f, 0x01, 0x31, 0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, +0x33, 0xc7, 0x5b, 0xb9, 0x24, 0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, +0x06, 0x53, 0x73, 0x6a, 0xff, 0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d, +0x0e, 0x1f, 0x95, 0x65, +}; + +/* The matching public key used for verifying */ +static const unsigned char pub_key_der[] = { +0x30, 0x82, 0x01, 0x4b, 0x30, 0x82, 0x01, 0x03, 0x06, 0x07, 0x2a, 0x86, +0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xf7, 0x02, 0x01, 0x01, 0x30, +0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, +0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x30, 0x5b, 0x04, +0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x04, 0x20, 0x5a, +0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, 0x76, +0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b, +0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15, 0x00, 0xc4, 0x9d, +0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, +0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04, 0x6b, 0x17, 0xd1, +0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, +0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, +0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, +0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, +0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, +0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, +0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad, +0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51, +0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xe7, 0x7b, 0xb6, 0xbb, +0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40, 0xc8, 0xd8, 0x71, 0xca, 0x6d, +0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00, 0x6c, 0xc6, 0x2f, 0x01, 0x31, +0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, 0x33, 0xc7, 0x5b, 0xb9, 0x24, +0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, 0x06, 0x53, 0x73, 0x6a, 0xff, +0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d, 0x0e, 0x1f, 0x95, 0x65, +}; + diff --git a/demos/pkey/Makefile b/demos/signature/Makefile similarity index 56% copy from demos/pkey/Makefile copy to demos/signature/Makefile index 35cdca229a..b4071c2edc 100644 --- a/demos/pkey/Makefile +++ b/demos/signature/Makefile @@ -1,20 +1,20 @@ # # To run the demos when linked with a shared library (default): # -# LD_LIBRARY_PATH=../.. ./EVP_PKEY_EC_keygen +# LD_LIBRARY_PATH=../.. ./EVP_Signature_demo CFLAGS = -I../../include -g LDFLAGS = -L../.. LDLIBS = -lcrypto -all: EVP_PKEY_EC_keygen +all: EVP_Signature_demo %.o: %.c $(CC) $(CFLAGS) -c $< -EVP_PKEY_EC_keygen: EVP_PKEY_EC_keygen.o +EVP_Signature_demo: EVP_Signature_demo.o test: ; clean: - $(RM) *.o EVP_PKEY_EC_keygen + $(RM) *.o EVP_Signature_demo From pauli at openssl.org Thu Jun 3 05:33:13 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 03 Jun 2021 05:33:13 +0000 Subject: [openssl] master update Message-ID: <1622698393.258229.1365.nullmailer@dev.openssl.org> The branch master has been updated via 64360304863b3ac93a03dfadf36f9aeffd6a29ce (commit) from 691c9cd16b11e7350eb6d591664334fd5c951050 (commit) - Log ----------------------------------------------------------------- commit 64360304863b3ac93a03dfadf36f9aeffd6a29ce Author: Pauli Date: Tue Jun 1 18:35:15 2021 +1000 rsa: make the maximum key strength check FIPS only. To be reverted once key generation checks are added everywhere and a way to disable them implemented. Fixes #15502 Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15560) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_sp800_56b_gen.c | 6 ++++++ test/recipes/15-test_genrsa.t | 30 ++++++++++++++++-------------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index 82b87cc5af..365996fd07 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -195,11 +195,17 @@ static int rsa_validate_rng_strength(EVP_RAND_CTX *rng, int nbits) { if (rng == NULL) return 0; +#ifdef FIPS_MODULE + /* + * This should become mainstream once similar tests are added to the other + * key generations and once there is a way to disable these checks. + */ if (EVP_RAND_get_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) { ERR_raise(ERR_LIB_RSA, RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT); return 0; } +#endif return 1; } diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index 6c67f04af9..e11ce8947a 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -24,8 +24,8 @@ use lib bldtop_dir('.'); my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => - ($no_fips ? 0 : 2) # Extra FIPS related test - + 14; + ($no_fips ? 0 : 3) # Extra FIPS related tests + + 13; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', @@ -35,12 +35,6 @@ is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); -# We want to know that an absurdly large number of bits fails the RNG check -is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', - '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:1000000000', - '-pkeyopt', 'rsa_keygen_pubexp:3'])), - 0, "genpkey 1000000000"); - # Depending on the shared library, we might have different lower limits. # Let's find it! This is a simple binary search # ------------------------------------------------------------ @@ -119,14 +113,22 @@ unless ($no_fips) { $ENV{OPENSSL_TEST_LIBCTX} = "1"; ok(run(app(['openssl', 'genpkey', @prov, - '-algorithm', 'RSA', - '-pkeyopt', 'bits:2080', - '-out', 'genrsatest2080.pem'])), + '-algorithm', 'RSA', + '-pkeyopt', 'bits:2080', + '-out', 'genrsatest2080.pem'])), "Generating RSA key with > 2048 bits and < 3072 bits"); ok(run(app(['openssl', 'genpkey', @prov, - '-algorithm', 'RSA', - '-pkeyopt', 'bits:3072', - '-out', 'genrsatest3072.pem'])), + '-algorithm', 'RSA', + '-pkeyopt', 'bits:3072', + '-out', 'genrsatest3072.pem'])), "Generating RSA key with 3072 bits"); + + # We want to know that an absurdly large number of bits fails the RNG check + is(run(app([ 'openssl', 'genpkey', + @prov, + '-algorithm', 'RSA', + '-pkeyopt', 'bits:1000000000', + '-out', 'genrsatest.pem'])), + 0, "genpkey 1000000000"); } From pauli at openssl.org Thu Jun 3 06:16:07 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 03 Jun 2021 06:16:07 +0000 Subject: [openssl] master update Message-ID: <1622700967.359280.15249.nullmailer@dev.openssl.org> The branch master has been updated via ba3ea453b0863a8b7374003dd2e22dea9cece5be (commit) from 64360304863b3ac93a03dfadf36f9aeffd6a29ce (commit) - Log ----------------------------------------------------------------- commit ba3ea453b0863a8b7374003dd2e22dea9cece5be Author: Shane Lontis Date: Wed Jun 2 14:42:56 2021 +1000 Fix errors found by parfait static analyser. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15579) ----------------------------------------------------------------------- Summary of changes: crypto/evp/kdf_lib.c | 2 +- providers/implementations/macs/cmac_prov.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index 77080e0b8d..5552b26601 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -125,7 +125,7 @@ void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx) size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t s; + size_t s = 0; if (ctx == NULL) return 0; diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 4f8450475c..2291276035 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -87,6 +87,8 @@ static void *cmac_dup(void *vsrc) return NULL; dst = cmac_new(src->provctx); + if (dst == NULL) + return NULL; if (!CMAC_CTX_copy(dst->ctx, src->ctx) || !ossl_prov_cipher_copy(&dst->cipher, &src->cipher)) { cmac_free(dst); From levitte at openssl.org Thu Jun 3 07:18:58 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Jun 2021 07:18:58 +0000 Subject: [openssl] master update Message-ID: <1622704738.935655.30564.nullmailer@dev.openssl.org> The branch master has been updated via 17213b2ad03fe577c03a3e77142242adde41fa9f (commit) via cbba082fc071de82ffb53844586cdcc26251e32b (commit) from ba3ea453b0863a8b7374003dd2e22dea9cece5be (commit) - Log ----------------------------------------------------------------- commit 17213b2ad03fe577c03a3e77142242adde41fa9f Author: Richard Levitte Date: Wed Jun 2 08:45:28 2021 +0200 Restore all the ? in util/libcrypto.num They will become numbers again when beta1 is actually released. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15578) commit cbba082fc071de82ffb53844586cdcc26251e32b Author: Richard Levitte Date: Wed Jun 2 06:20:05 2021 +0200 util/mknum.pl: Really allow unset ordinals in development Any pre-release tag that includes '-dev' is development. The ordinals don't need to be finalized before '-dev' is removed (i.e. a release is made). Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15578) ----------------------------------------------------------------------- Summary of changes: util/libcrypto.num | 2008 ++++++++++++++++++++++++++-------------------------- util/mknum.pl | 6 +- 2 files changed, 1007 insertions(+), 1007 deletions(-) diff --git a/util/libcrypto.num b/util/libcrypto.num index 5b1a67dec0..a66a379038 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4403,1007 +4403,1007 @@ OCSP_resp_get0_respdata 4530 3_0_0 EXIST::FUNCTION:OCSP EVP_MD_CTX_set_pkey_ctx 4531 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_digest_custom 4532 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_MAC_CTX_new 4534 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_free 4535 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_dup 4536 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_get0_mac 4537 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_get_mac_size 4538 3_0_0 EXIST::FUNCTION: -EVP_Q_mac 4539 3_0_0 EXIST::FUNCTION: -EVP_MAC_init 4540 3_0_0 EXIST::FUNCTION: -EVP_MAC_update 4541 3_0_0 EXIST::FUNCTION: -EVP_MAC_final 4542 3_0_0 EXIST::FUNCTION: -EVP_MAC_finalXOF 4543 3_0_0 EXIST::FUNCTION: -OSSL_EC_curve_nid2name 4544 3_0_0 EXIST::FUNCTION: -EVP_PKEY_digestsign_supports_digest 4545 3_0_0 EXIST::FUNCTION: -SRP_VBASE_add0_user 4546 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -SRP_user_pwd_new 4547 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -SRP_user_pwd_set_gN 4548 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -SRP_user_pwd_set1_ids 4549 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -SRP_user_pwd_set0_sv 4550 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -OPENSSL_version_major 4551 3_0_0 EXIST::FUNCTION: -OPENSSL_version_minor 4552 3_0_0 EXIST::FUNCTION: -OPENSSL_version_patch 4553 3_0_0 EXIST::FUNCTION: -OPENSSL_version_pre_release 4554 3_0_0 EXIST::FUNCTION: -OPENSSL_version_build_metadata 4555 3_0_0 EXIST::FUNCTION: -OPENSSL_INIT_set_config_filename 4556 3_0_0 EXIST::FUNCTION:STDIO -OPENSSL_INIT_set_config_file_flags 4557 3_0_0 EXIST::FUNCTION:STDIO -ASYNC_WAIT_CTX_get_callback 4558 3_0_0 EXIST::FUNCTION: -ASYNC_WAIT_CTX_set_callback 4559 3_0_0 EXIST::FUNCTION: -ASYNC_WAIT_CTX_set_status 4560 3_0_0 EXIST::FUNCTION: -ASYNC_WAIT_CTX_get_status 4561 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_free 4562 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_reset 4563 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_get_kdf_size 4564 3_0_0 EXIST::FUNCTION: -EVP_KDF_derive 4565 3_0_0 EXIST::FUNCTION: -EVP_KDF_get0_name 4566 3_0_0 EXIST::FUNCTION: -EC_GROUP_get0_field 4567 3_0_0 EXIST::FUNCTION:EC -CRYPTO_alloc_ex_data 4568 3_0_0 EXIST::FUNCTION: -OSSL_LIB_CTX_new 4569 3_0_0 EXIST::FUNCTION: -OSSL_LIB_CTX_free 4570 3_0_0 EXIST::FUNCTION: -OPENSSL_LH_flush 4571 3_0_0 EXIST::FUNCTION: -BN_native2bn 4572 3_0_0 EXIST::FUNCTION: -BN_bn2nativepad 4573 3_0_0 EXIST::FUNCTION: -OSSL_trace_get_category_num 4574 3_0_0 EXIST::FUNCTION: -OSSL_trace_get_category_name 4575 3_0_0 EXIST::FUNCTION: -OSSL_trace_set_channel 4576 3_0_0 EXIST::FUNCTION: -OSSL_trace_set_prefix 4577 3_0_0 EXIST::FUNCTION: -OSSL_trace_set_suffix 4578 3_0_0 EXIST::FUNCTION: -OSSL_trace_set_callback 4579 3_0_0 EXIST::FUNCTION: -OSSL_trace_enabled 4580 3_0_0 EXIST::FUNCTION: -OSSL_trace_begin 4581 3_0_0 EXIST::FUNCTION: -OSSL_trace_end 4582 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_load 4583 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_try_load 4584 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_unload 4585 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_add_builtin 4586 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_gettable_params 4587 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_get_params 4588 3_0_0 EXIST::FUNCTION: -d2i_OSSL_CRMF_ENCRYPTEDVALUE 4589 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_ENCRYPTEDVALUE 4590 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_ENCRYPTEDVALUE_free 4591 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_ENCRYPTEDVALUE_new 4592 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_ENCRYPTEDVALUE_it 4593 3_0_0 EXIST::FUNCTION:CRMF -d2i_OSSL_CRMF_MSG 4594 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_MSG 4595 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_dup 4596 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_free 4597 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_new 4598 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_it 4599 3_0_0 EXIST::FUNCTION:CRMF -d2i_OSSL_CRMF_PBMPARAMETER 4600 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_PBMPARAMETER 4601 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PBMPARAMETER_free 4602 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PBMPARAMETER_new 4603 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PBMPARAMETER_it 4604 3_0_0 EXIST::FUNCTION:CRMF -d2i_OSSL_CRMF_CERTID 4605 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_CERTID 4606 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_dup 4607 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_free 4608 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_new 4609 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_it 4610 3_0_0 EXIST::FUNCTION:CRMF -d2i_OSSL_CRMF_PKIPUBLICATIONINFO 4611 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_PKIPUBLICATIONINFO 4612 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PKIPUBLICATIONINFO_free 4613 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PKIPUBLICATIONINFO_new 4614 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PKIPUBLICATIONINFO_it 4615 3_0_0 EXIST::FUNCTION:CRMF -d2i_OSSL_CRMF_SINGLEPUBINFO 4616 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_SINGLEPUBINFO 4617 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_SINGLEPUBINFO_free 4618 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_SINGLEPUBINFO_new 4619 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_SINGLEPUBINFO_it 4620 3_0_0 EXIST::FUNCTION:CRMF -d2i_OSSL_CRMF_CERTTEMPLATE 4621 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_CERTTEMPLATE 4622 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_free 4623 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_new 4624 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_it 4625 3_0_0 EXIST::FUNCTION:CRMF -d2i_OSSL_CRMF_MSGS 4626 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_MSGS 4627 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSGS_free 4628 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSGS_new 4629 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSGS_it 4630 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_pbmp_new 4631 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_pbm_new 4632 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_regToken 4633 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_authenticator 4634 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo 4635 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set0_SinglePubInfo 4636 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set_PKIPublicationInfo_action 4637 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo 4638 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey 4639 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_oldCertID 4640 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_gen 4641 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regInfo_utf8Pairs 4642 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regInfo_certReq 4643 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set0_validity 4644 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set_certReqId 4645 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_get_certReqId 4646 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set0_extensions 4647 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_push0_extension 4648 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_create_popo 4649 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSGS_verify_popo 4650 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_get0_tmpl 4651 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_get0_serialNumber 4652 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_get0_issuer 4653 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_fill 4654 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert 4655 3_0_0 EXIST::FUNCTION:CRMF -OSSL_PARAM_locate 4656 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_int 4657 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_uint 4658 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_long 4659 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_ulong 4660 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_int32 4661 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_uint32 4662 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_int64 4663 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_uint64 4664 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_size_t 4665 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_BN 4666 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_double 4667 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_utf8_string 4668 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_utf8_ptr 4669 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_octet_string 4670 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_octet_ptr 4671 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_int 4672 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_uint 4673 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_long 4674 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_ulong 4675 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_int32 4676 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_uint32 4677 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_int64 4678 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_uint64 4679 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_size_t 4680 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_int 4681 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_uint 4682 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_long 4683 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_ulong 4684 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_int32 4685 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_uint32 4686 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_int64 4687 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_uint64 4688 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_size_t 4689 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_double 4690 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_double 4691 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_BN 4692 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_BN 4693 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_utf8_string 4694 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_utf8_string 4695 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_octet_string 4696 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_octet_string 4697 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_utf8_ptr 4698 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_utf8_ptr 4699 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_octet_ptr 4700 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_octet_ptr 4701 3_0_0 EXIST::FUNCTION: -X509_set0_distinguishing_id 4702 3_0_0 EXIST::FUNCTION: -X509_get0_distinguishing_id 4703 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get0_engine 4704 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE -EVP_MD_up_ref 4705 3_0_0 EXIST::FUNCTION: -EVP_MD_fetch 4706 3_0_0 EXIST::FUNCTION: -EVP_set_default_properties 4707 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_end 4708 3_0_0 EXIST::FUNCTION: -EC_GROUP_check_named_curve 4709 3_0_0 EXIST::FUNCTION:EC -EVP_CIPHER_up_ref 4710 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_fetch 4711 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_get_mode 4712 3_0_0 EXIST::FUNCTION: -OPENSSL_info 4713 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_new 4714 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_kdf 4715 3_0_0 EXIST::FUNCTION: -i2d_KeyParams 4716 3_0_0 EXIST::FUNCTION: -d2i_KeyParams 4717 3_0_0 EXIST::FUNCTION: -i2d_KeyParams_bio 4718 3_0_0 EXIST::FUNCTION: -d2i_KeyParams_bio 4719 3_0_0 EXIST::FUNCTION: -OSSL_CMP_PKISTATUS_it 4720 3_0_0 EXIST::FUNCTION:CMP -d2i_OSSL_CMP_PKIHEADER 4721 3_0_0 EXIST::FUNCTION:CMP -i2d_OSSL_CMP_PKIHEADER 4722 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_PKIHEADER_free 4723 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_PKIHEADER_new 4724 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_PKIHEADER_it 4725 3_0_0 EXIST::FUNCTION:CMP -d2i_OSSL_CMP_MSG 4726 3_0_0 EXIST::FUNCTION:CMP -i2d_OSSL_CMP_MSG 4727 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_MSG_it 4728 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_create 4729 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_set0 4730 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_get0_type 4731 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_get0_value 4732 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_push0_stack_item 4733 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_free 4734 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_MSG_free 4735 3_0_0 EXIST::FUNCTION:CMP -EVP_MD_CTX_set_params 4736 3_0_0 EXIST::FUNCTION: -EVP_MD_CTX_get_params 4737 3_0_0 EXIST::FUNCTION: -BN_CTX_new_ex 4738 3_0_0 EXIST::FUNCTION: -BN_CTX_secure_new_ex 4739 3_0_0 EXIST::FUNCTION: -OPENSSL_thread_stop_ex 4740 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_locate_const 4741 3_0_0 EXIST::FUNCTION: -X509_REQ_set0_distinguishing_id 4742 3_0_0 EXIST::FUNCTION: -X509_REQ_get0_distinguishing_id 4743 3_0_0 EXIST::FUNCTION: -BN_rand_ex 4744 3_0_0 EXIST::FUNCTION: -BN_priv_rand_ex 4745 3_0_0 EXIST::FUNCTION: -BN_rand_range_ex 4746 3_0_0 EXIST::FUNCTION: -BN_priv_rand_range_ex 4747 3_0_0 EXIST::FUNCTION: -BN_generate_prime_ex2 4748 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_free 4749 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_up_ref 4750 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_fetch 4751 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_pad 4752 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_params 4753 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_fetch 4754 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_up_ref 4755 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_free 4756 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_get0_provider 4757 3_0_0 EXIST::FUNCTION: -X509_PUBKEY_dup 4758 3_0_0 EXIST::FUNCTION: -EVP_MD_get0_name 4759 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_get0_name 4760 3_0_0 EXIST::FUNCTION: -EVP_MD_get0_provider 4761 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_get0_provider 4762 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_get0_name 4763 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_do_all_provided 4764 3_0_0 EXIST::FUNCTION: -EVP_MD_do_all_provided 4765 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_get0_provider 4766 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_available 4767 3_0_0 EXIST::FUNCTION: -ERR_new 4768 3_0_0 EXIST::FUNCTION: -ERR_set_debug 4769 3_0_0 EXIST::FUNCTION: -ERR_set_error 4770 3_0_0 EXIST::FUNCTION: -ERR_vset_error 4771 3_0_0 EXIST::FUNCTION: -X509_get0_authority_issuer 4772 3_0_0 EXIST::FUNCTION: -X509_get0_authority_serial 4773 3_0_0 EXIST::FUNCTION: -X509_self_signed 4774 3_0_0 EXIST::FUNCTION: -OPENSSL_hexstr2buf_ex 4775 3_0_0 EXIST::FUNCTION: -OPENSSL_buf2hexstr_ex 4776 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_allocate_from_text 4777 3_0_0 EXIST::FUNCTION: -EVP_MD_gettable_params 4778 3_0_0 EXIST::FUNCTION: -EVP_MD_CTX_settable_params 4779 3_0_0 EXIST::FUNCTION: -EVP_MD_CTX_gettable_params 4780 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_get_params 4781 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_set_params 4782 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_get_params 4783 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_gettable_params 4784 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_settable_ctx_params 4785 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_gettable_ctx_params 4786 3_0_0 EXIST::FUNCTION: -EVP_MD_get_params 4787 3_0_0 EXIST::FUNCTION: -EVP_MAC_fetch 4788 3_0_0 EXIST::FUNCTION: -EVP_MAC_settable_ctx_params 4789 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_set_params 4790 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_get_params 4791 3_0_0 EXIST::FUNCTION: -EVP_MAC_gettable_ctx_params 4792 3_0_0 EXIST::FUNCTION: -EVP_MAC_free 4793 3_0_0 EXIST::FUNCTION: -EVP_MAC_up_ref 4794 3_0_0 EXIST::FUNCTION: -EVP_MAC_get_params 4795 3_0_0 EXIST::FUNCTION: -EVP_MAC_gettable_params 4796 3_0_0 EXIST::FUNCTION: -EVP_MAC_get0_provider 4797 3_0_0 EXIST::FUNCTION: -EVP_MAC_do_all_provided 4798 3_0_0 EXIST::FUNCTION: -EVP_MAC_get0_name 4799 3_0_0 EXIST::FUNCTION: -EVP_MD_free 4800 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_free 4801 3_0_0 EXIST::FUNCTION: -EVP_KDF_up_ref 4802 3_0_0 EXIST::FUNCTION: -EVP_KDF_free 4803 3_0_0 EXIST::FUNCTION: -EVP_KDF_fetch 4804 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_dup 4805 3_0_0 EXIST::FUNCTION: -EVP_KDF_get0_provider 4806 3_0_0 EXIST::FUNCTION: -EVP_KDF_get_params 4807 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_get_params 4808 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_set_params 4809 3_0_0 EXIST::FUNCTION: -EVP_KDF_gettable_params 4810 3_0_0 EXIST::FUNCTION: -EVP_KDF_gettable_ctx_params 4811 3_0_0 EXIST::FUNCTION: -EVP_KDF_settable_ctx_params 4812 3_0_0 EXIST::FUNCTION: -EVP_KDF_do_all_provided 4813 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_free 4814 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_up_ref 4815 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_get0_provider 4816 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_fetch 4817 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_signature_md 4818 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_signature_md 4819 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_params 4820 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_gettable_params 4821 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_settable_params 4822 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_get_tag_length 4823 3_0_0 EXIST::FUNCTION: -ERR_get_error_all 4824 3_0_0 EXIST::FUNCTION: -ERR_peek_error_func 4825 3_0_0 EXIST::FUNCTION: -ERR_peek_error_data 4826 3_0_0 EXIST::FUNCTION: -ERR_peek_error_all 4827 3_0_0 EXIST::FUNCTION: -ERR_peek_last_error_func 4828 3_0_0 EXIST::FUNCTION: -ERR_peek_last_error_data 4829 3_0_0 EXIST::FUNCTION: -ERR_peek_last_error_all 4830 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_is_a 4831 3_0_0 EXIST::FUNCTION: -EVP_MAC_is_a 4832 3_0_0 EXIST::FUNCTION: -EVP_MD_settable_ctx_params 4833 3_0_0 EXIST::FUNCTION: -EVP_MD_gettable_ctx_params 4834 3_0_0 EXIST::FUNCTION: -OSSL_CMP_CTX_new 4835 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_free 4836 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_reinit 4837 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_option 4838 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get_option 4839 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_log_cb 4840 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_print_errors 4841 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_serverPath 4842 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_server 4843 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_serverPort 4844 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_proxy 4845 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_no_proxy 4846 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_http_cb 4847 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_http_cb_arg 4848 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get_http_cb_arg 4849 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_transfer_cb 4850 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_transfer_cb_arg 4851 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get_transfer_cb_arg 4852 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_srvCert 4853 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_expected_sender 4854 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set0_trustedStore 4855 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get0_trustedStore 4856 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_untrusted 4857 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get0_untrusted 4858 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_cert 4859 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_pkey 4860 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_build_cert_chain 4861 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_referenceValue 4862 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_secretValue 4863 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_recipient 4864 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_push0_geninfo_ITAV 4865 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_extraCertsOut 4866 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set0_newPkey 4867 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get0_newPkey 4868 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_issuer 4869 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_subjectName 4870 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_push1_subjectAltName 4871 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set0_reqExtensions 4872 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_reqExtensions_have_SAN 4873 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_push0_policy 4874 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_oldCert 4875 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_p10CSR 4876 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_push0_genm_ITAV 4877 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_certConf_cb 4878 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set_certConf_cb_arg 4879 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get_certConf_cb_arg 4880 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get_status 4881 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get0_statusString 4882 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get_failInfoCode 4883 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get0_newCert 4884 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get1_newChain 4885 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get1_caPubs 4886 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_get1_extraCertsIn 4887 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_transactionID 4888 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_set1_senderNonce 4889 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_log_open 4890 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_log_close 4891 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_print_to_bio 4892 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_print_errors_cb 4893 3_0_0 EXIST::FUNCTION:CMP -OSSL_CRMF_CERTID_get0_issuer 4894 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_get0_serialNumber 4895 3_0_0 EXIST::FUNCTION:CRMF -EVP_DigestSignUpdate 4896 3_0_0 EXIST::FUNCTION: -EVP_DigestVerifyUpdate 4897 3_0_0 EXIST::FUNCTION: -BN_check_prime 4898 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_is_a 4899 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_do_all_provided 4900 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_is_a 4901 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_do_all_provided 4902 3_0_0 EXIST::FUNCTION: -EVP_KDF_is_a 4903 3_0_0 EXIST::FUNCTION: -EVP_MD_is_a 4904 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_is_a 4905 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_do_all_provided 4906 3_0_0 EXIST::FUNCTION: -EVP_MD_names_do_all 4907 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_names_do_all 4908 3_0_0 EXIST::FUNCTION: -EVP_MAC_names_do_all 4909 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_names_do_all 4910 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_names_do_all 4911 3_0_0 EXIST::FUNCTION: -EVP_KDF_names_do_all 4912 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_names_do_all 4913 3_0_0 EXIST::FUNCTION: -OSSL_CMP_CTX_snprint_PKIStatus 4921 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_HDR_get0_transactionID 4922 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_HDR_get0_recipNonce 4923 3_0_0 EXIST::FUNCTION:CMP -X509_LOOKUP_store 4924 3_0_0 EXIST::FUNCTION: -X509_add_cert 4925 3_0_0 EXIST::FUNCTION: -X509_add_certs 4926 3_0_0 EXIST::FUNCTION: -X509_STORE_load_file 4927 3_0_0 EXIST::FUNCTION: -X509_STORE_load_path 4928 3_0_0 EXIST::FUNCTION: -X509_STORE_load_store 4929 3_0_0 EXIST::FUNCTION: -EVP_PKEY_fromdata 4930 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_free 4931 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_up_ref 4932 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_get0_provider 4933 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_fetch 4934 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_is_a 4935 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_do_all_provided 4937 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_names_do_all 4938 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_padding 4939 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_rsa_padding 4940 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_mgf1_md 4941 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_mgf1_md_name 4942 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_rsa_mgf1_md 4943 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_oaep_md 4944 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_oaep_md_name 4945 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_rsa_oaep_md 4946 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set0_rsa_oaep_label 4947 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get0_rsa_oaep_label 4948 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_rsa_mgf1_md_name 4949 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_rsa_oaep_md_name 4950 3_0_0 EXIST::FUNCTION: -EVP_PKEY_meth_set_digestsign 4951 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_PKEY_meth_set_digestverify 4952 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_PKEY_meth_get_digestsign 4953 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_PKEY_meth_get_digestverify 4954 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -OSSL_ENCODER_up_ref 4955 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_free 4956 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_fetch 4957 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_is_a 4959 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_get0_provider 4960 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_do_all_provided 4961 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_names_do_all 4962 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_settable_ctx_params 4963 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_new 4964 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_params 4965 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_free 4966 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_get0_properties 4967 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_to_bio 4968 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_to_fp 4969 3_0_0 EXIST::FUNCTION:STDIO -OSSL_ENCODER_CTX_new_for_pkey 4970 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_cipher 4971 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_passphrase 4972 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_pem_password_cb 4973 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_passphrase_ui 4974 3_0_0 EXIST::FUNCTION: -PEM_read_X509_PUBKEY 4975 3_0_0 EXIST::FUNCTION:STDIO -PEM_write_X509_PUBKEY 4976 3_0_0 EXIST::FUNCTION:STDIO -PEM_read_bio_X509_PUBKEY 4977 3_0_0 EXIST::FUNCTION: -PEM_write_bio_X509_PUBKEY 4978 3_0_0 EXIST::FUNCTION: -d2i_X509_PUBKEY_fp 4979 3_0_0 EXIST::FUNCTION:STDIO -i2d_X509_PUBKEY_fp 4980 3_0_0 EXIST::FUNCTION:STDIO -d2i_X509_PUBKEY_bio 4981 3_0_0 EXIST::FUNCTION: -i2d_X509_PUBKEY_bio 4982 3_0_0 EXIST::FUNCTION: -RSA_get0_pss_params 4983 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -X509_cmp_timeframe 4984 3_0_0 EXIST::FUNCTION: -OSSL_CMP_MSG_get0_header 4985 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_MSG_update_transactionID 4986 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_setup_CRM 4987 3_0_0 EXIST::FUNCTION:CMP -BIO_f_prefix 4988 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_new_from_name 4989 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_new_from_pkey 4990 3_0_0 EXIST::FUNCTION: -OSSL_SELF_TEST_set_callback 4991 3_0_0 EXIST::FUNCTION: -OSSL_SELF_TEST_get_callback 4992 3_0_0 EXIST::FUNCTION: -ASN1_TIME_dup 4993 3_0_0 EXIST::FUNCTION: -ASN1_UTCTIME_dup 4994 3_0_0 EXIST::FUNCTION: -ASN1_GENERALIZEDTIME_dup 4995 3_0_0 EXIST::FUNCTION: -RAND_priv_bytes_ex 4996 3_0_0 EXIST::FUNCTION: -RAND_bytes_ex 4997 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_default_digest_name 4998 3_0_0 EXIST::FUNCTION: -CMS_decrypt_set1_pkey_and_peer 4999 3_0_0 EXIST::FUNCTION:CMS -CMS_add1_recipient 5000 3_0_0 EXIST::FUNCTION:CMS -CMS_RecipientInfo_kari_set0_pkey_and_peer 5001 3_0_0 EXIST::FUNCTION:CMS -PKCS8_pkey_add1_attr 5002 3_0_0 EXIST::FUNCTION: -PKCS8_pkey_add1_attr_by_OBJ 5003 3_0_0 EXIST::FUNCTION: -EVP_PKEY_private_check 5004 3_0_0 EXIST::FUNCTION: -EVP_PKEY_pairwise_check 5005 3_0_0 EXIST::FUNCTION: -ASN1_item_verify_ctx 5006 3_0_0 EXIST::FUNCTION: -ASN1_item_sign_ex 5007 3_0_0 EXIST::FUNCTION: -ASN1_item_verify_ex 5008 3_0_0 EXIST::FUNCTION: -BIO_socket_wait 5009 3_0_0 EXIST::FUNCTION:SOCK -BIO_wait 5010 3_0_0 EXIST::FUNCTION: -BIO_do_connect_retry 5011 3_0_0 EXIST::FUNCTION: -OSSL_parse_url 5012 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_get_resp_len 5013 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_REQ_CTX_set_expected 5014 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_is_alive 5015 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_open 5016 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_proxy_connect 5017 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_set_request 5018 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_exchange 5019 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_get 5020 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_transfer 5021 3_0_0 EXIST::FUNCTION: -OSSL_HTTP_close 5022 3_0_0 EXIST::FUNCTION: -ASN1_item_i2d_mem_bio 5023 3_0_0 EXIST::FUNCTION: -ERR_add_error_txt 5024 3_0_0 EXIST::FUNCTION: -ERR_add_error_mem_bio 5025 3_0_0 EXIST::FUNCTION: -X509_STORE_CTX_print_verify_cb 5026 3_0_0 EXIST::FUNCTION: -X509_STORE_get1_all_certs 5027 3_0_0 EXIST::FUNCTION: -OSSL_CMP_validate_msg 5028 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_validate_cert_path 5029 3_0_0 EXIST::FUNCTION:CMP -EVP_PKEY_CTX_set_ecdh_cofactor_mode 5030 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_ecdh_cofactor_mode 5031 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_ecdh_kdf_type 5032 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_ecdh_kdf_type 5033 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_ecdh_kdf_md 5034 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_ecdh_kdf_md 5035 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_ecdh_kdf_outlen 5036 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_ecdh_kdf_outlen 5037 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set0_ecdh_kdf_ukm 5038 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get0_ecdh_kdf_ukm 5039 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_PKEY_CTX_set_rsa_pss_saltlen 5040 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_rsa_pss_saltlen 5041 3_0_0 EXIST::FUNCTION: -d2i_ISSUER_SIGN_TOOL 5042 3_0_0 EXIST::FUNCTION: -i2d_ISSUER_SIGN_TOOL 5043 3_0_0 EXIST::FUNCTION: -ISSUER_SIGN_TOOL_free 5044 3_0_0 EXIST::FUNCTION: -ISSUER_SIGN_TOOL_new 5045 3_0_0 EXIST::FUNCTION: -ISSUER_SIGN_TOOL_it 5046 3_0_0 EXIST::FUNCTION: -OSSL_SELF_TEST_new 5047 3_0_0 EXIST::FUNCTION: -OSSL_SELF_TEST_free 5048 3_0_0 EXIST::FUNCTION: -OSSL_SELF_TEST_onbegin 5049 3_0_0 EXIST::FUNCTION: -OSSL_SELF_TEST_oncorrupt_byte 5050 3_0_0 EXIST::FUNCTION: -OSSL_SELF_TEST_onend 5051 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_set_default_search_path 5052 3_0_0 EXIST::FUNCTION: -X509_digest_sig 5053 3_0_0 EXIST::FUNCTION: -OSSL_CMP_MSG_dup 5054 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_ITAV_dup 5055 3_0_0 EXIST::FUNCTION:CMP -d2i_OSSL_CMP_PKISI 5056 3_0_0 EXIST::FUNCTION:CMP -i2d_OSSL_CMP_PKISI 5057 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_PKISI_free 5058 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_PKISI_new 5059 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_PKISI_it 5060 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_PKISI_dup 5061 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_snprint_PKIStatusInfo 5062 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_STATUSINFO_new 5063 3_0_0 EXIST::FUNCTION:CMP -d2i_OSSL_CMP_MSG_bio 5064 3_0_0 EXIST::FUNCTION:CMP -i2d_OSSL_CMP_MSG_bio 5065 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_process_request 5066 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_CTX_server_perform 5067 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_new 5068 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_free 5069 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_init 5070 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_get0_cmp_ctx 5071 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_get0_custom_ctx 5072 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_set_send_unprotected_errors 5073 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_set_accept_unprotected 5074 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_set_accept_raverified 5075 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_SRV_CTX_set_grant_implicit_confirm 5076 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_exec_certreq 5077 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_try_certreq 5078 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_certConf_cb 5079 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_exec_RR_ses 5080 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_exec_GENM_ses 5081 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_MSG_http_perform 5082 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_MSG_read 5083 3_0_0 EXIST::FUNCTION:CMP -OSSL_CMP_MSG_write 5084 3_0_0 EXIST::FUNCTION:CMP -EVP_PKEY_Q_keygen 5085 3_0_0 EXIST::FUNCTION: -EVP_PKEY_generate 5086 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_keygen_bits 5087 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_keygen_pubexp 5088 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_PKEY_CTX_set1_rsa_keygen_pubexp 5089 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_keygen_primes 5090 3_0_0 EXIST::FUNCTION: -NCONF_new_ex 5091 3_0_0 EXIST::FUNCTION: -CONF_modules_load_file_ex 5092 3_0_0 EXIST::FUNCTION: -OSSL_LIB_CTX_load_config 5093 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_to_param 5094 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_int 5095 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_uint 5096 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_long 5097 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_ulong 5098 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_int32 5099 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_uint32 5100 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_int64 5101 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_uint64 5102 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_size_t 5103 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_double 5104 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_BN 5105 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_BN_pad 5106 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_utf8_string 5107 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_utf8_ptr 5108 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_octet_string 5109 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_octet_ptr 5110 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_new 5111 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_free 5112 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set_type_by_keymgmt 5113 3_0_0 EXIST::FUNCTION: -OCSP_RESPID_set_by_key_ex 5114 3_0_0 EXIST::FUNCTION:OCSP -OCSP_RESPID_match_ex 5115 3_0_0 EXIST::FUNCTION:OCSP -SRP_create_verifier_ex 5116 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -SRP_create_verifier_BN_ex 5117 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -SRP_Calc_B_ex 5118 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -SRP_Calc_u_ex 5119 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -SRP_Calc_x_ex 5120 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -SRP_Calc_client_key_ex 5121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP -EVP_PKEY_gettable_params 5122 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_int_param 5123 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_size_t_param 5124 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_bn_param 5125 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_utf8_string_param 5126 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_octet_string_param 5127 3_0_0 EXIST::FUNCTION: -EVP_PKEY_is_a 5128 3_0_0 EXIST::FUNCTION: -EVP_PKEY_can_sign 5129 3_0_0 EXIST::FUNCTION: -X509_STORE_CTX_new_ex 5130 3_0_0 EXIST::FUNCTION: -X509_STORE_CTX_verify 5131 3_0_0 EXIST::FUNCTION: -CT_POLICY_EVAL_CTX_new_ex 5132 3_0_0 EXIST::FUNCTION:CT -CTLOG_new_ex 5133 3_0_0 EXIST::FUNCTION:CT -CTLOG_new_from_base64_ex 5134 3_0_0 EXIST::FUNCTION:CT -CTLOG_STORE_new_ex 5135 3_0_0 EXIST::FUNCTION:CT -EVP_PKEY_set_ex_data 5136 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_ex_data 5137 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_group_name 5138 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_group_name 5139 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_ec_paramgen_curve_nid 5140 3_0_0 EXIST::FUNCTION: -d2i_PrivateKey_ex 5141 3_0_0 EXIST::FUNCTION: -d2i_AutoPrivateKey_ex 5142 3_0_0 EXIST::FUNCTION: -d2i_PrivateKey_ex_fp 5143 3_0_0 EXIST::FUNCTION:STDIO -d2i_PrivateKey_ex_bio 5144 3_0_0 EXIST::FUNCTION: -PEM_read_bio_PrivateKey_ex 5145 3_0_0 EXIST::FUNCTION: -PEM_read_PrivateKey_ex 5146 3_0_0 EXIST::FUNCTION:STDIO -EVP_PKEY_CTX_set_dsa_paramgen_bits 5147 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dsa_paramgen_q_bits 5148 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dsa_paramgen_md_props 5149 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dsa_paramgen_gindex 5150 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dsa_paramgen_type 5151 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dsa_paramgen_seed 5152 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dsa_paramgen_md 5153 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_paramgen_type 5154 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_paramgen_gindex 5155 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_paramgen_seed 5156 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_paramgen_prime_len 5157 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_paramgen_subprime_len 5158 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_paramgen_generator 5159 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_nid 5160 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_rfc5114 5161 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dhx_rfc5114 5162 3_0_0 EXIST::FUNCTION: -X509_VERIFY_PARAM_get0_host 5163 3_0_0 EXIST::FUNCTION: -X509_VERIFY_PARAM_get0_email 5164 3_0_0 EXIST::FUNCTION: -X509_VERIFY_PARAM_get1_ip_asc 5165 3_0_0 EXIST::FUNCTION: -X509_ALGOR_copy 5166 3_0_0 EXIST::FUNCTION: -X509_REQ_set0_signature 5167 3_0_0 EXIST::FUNCTION: -X509_REQ_set1_signature_algo 5168 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_modified 5169 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_all_unmodified 5170 3_0_0 EXIST::FUNCTION: -EVP_RAND_fetch 5171 3_0_0 EXIST::FUNCTION: -EVP_RAND_up_ref 5172 3_0_0 EXIST::FUNCTION: -EVP_RAND_free 5173 3_0_0 EXIST::FUNCTION: -EVP_RAND_get0_name 5175 3_0_0 EXIST::FUNCTION: -EVP_RAND_is_a 5176 3_0_0 EXIST::FUNCTION: -EVP_RAND_get0_provider 5177 3_0_0 EXIST::FUNCTION: -EVP_RAND_get_params 5178 3_0_0 EXIST::FUNCTION: -EVP_RAND_CTX_new 5179 3_0_0 EXIST::FUNCTION: -EVP_RAND_CTX_free 5180 3_0_0 EXIST::FUNCTION: -EVP_RAND_CTX_get0_rand 5181 3_0_0 EXIST::FUNCTION: -EVP_RAND_CTX_get_params 5182 3_0_0 EXIST::FUNCTION: -EVP_RAND_CTX_set_params 5183 3_0_0 EXIST::FUNCTION: -EVP_RAND_gettable_params 5184 3_0_0 EXIST::FUNCTION: -EVP_RAND_gettable_ctx_params 5185 3_0_0 EXIST::FUNCTION: -EVP_RAND_settable_ctx_params 5186 3_0_0 EXIST::FUNCTION: -EVP_RAND_do_all_provided 5187 3_0_0 EXIST::FUNCTION: -EVP_RAND_names_do_all 5188 3_0_0 EXIST::FUNCTION: -EVP_RAND_instantiate 5189 3_0_0 EXIST::FUNCTION: -EVP_RAND_uninstantiate 5190 3_0_0 EXIST::FUNCTION: -EVP_RAND_generate 5191 3_0_0 EXIST::FUNCTION: -EVP_RAND_reseed 5192 3_0_0 EXIST::FUNCTION: -EVP_RAND_nonce 5193 3_0_0 EXIST::FUNCTION: -EVP_RAND_enable_locking 5194 3_0_0 EXIST::FUNCTION: -EVP_RAND_verify_zeroization 5195 3_0_0 EXIST::FUNCTION: -EVP_RAND_get_strength 5196 3_0_0 EXIST::FUNCTION: -EVP_RAND_get_state 5197 3_0_0 EXIST::FUNCTION: -EVP_default_properties_is_fips_enabled 5198 3_0_0 EXIST::FUNCTION: -EVP_default_properties_enable_fips 5199 3_0_0 EXIST::FUNCTION: -EVP_PKEY_new_raw_private_key_ex 5200 3_0_0 EXIST::FUNCTION: -EVP_PKEY_new_raw_public_key_ex 5201 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_BLD_push_time_t 5202 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_time_t 5203 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_time_t 5204 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_time_t 5205 3_0_0 EXIST::FUNCTION: -OSSL_STORE_attach 5206 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_set_attach 5207 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen 5208 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md 5209 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name 5210 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_do_all 5211 3_0_0 EXIST::FUNCTION: -EC_GROUP_get_field_type 5212 3_0_0 EXIST::FUNCTION:EC -X509_PUBKEY_eq 5213 3_0_0 EXIST::FUNCTION: -EVP_PKEY_eq 5214 3_0_0 EXIST::FUNCTION: -EVP_PKEY_parameters_eq 5215 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_query_operation 5216 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_unquery_operation 5217 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_get0_provider_ctx 5218 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_get_capabilities 5219 3_0_0 EXIST::FUNCTION: -EC_GROUP_new_by_curve_name_ex 5220 3_0_0 EXIST::FUNCTION:EC -EC_KEY_new_ex 5221 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -EC_KEY_new_by_curve_name_ex 5222 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -OSSL_LIB_CTX_set0_default 5223 3_0_0 EXIST::FUNCTION: -PEM_X509_INFO_read_bio_ex 5224 3_0_0 EXIST::FUNCTION: -PEM_X509_INFO_read_ex 5225 3_0_0 EXIST::FUNCTION:STDIO -X509_REQ_verify_ex 5226 3_0_0 EXIST::FUNCTION: -X509_new_ex 5227 3_0_0 EXIST::FUNCTION: -X509_LOOKUP_ctrl_ex 5228 3_0_0 EXIST::FUNCTION: -X509_load_cert_file_ex 5229 3_0_0 EXIST::FUNCTION: -X509_load_cert_crl_file_ex 5230 3_0_0 EXIST::FUNCTION: -X509_LOOKUP_by_subject_ex 5231 3_0_0 EXIST::FUNCTION: -X509_STORE_load_file_ex 5232 3_0_0 EXIST::FUNCTION: -X509_STORE_load_store_ex 5233 3_0_0 EXIST::FUNCTION: -X509_STORE_load_locations_ex 5234 3_0_0 EXIST::FUNCTION: -X509_STORE_set_default_paths_ex 5235 3_0_0 EXIST::FUNCTION: -X509_build_chain 5236 3_0_0 EXIST::FUNCTION: -X509V3_set_issuer_pkey 5237 3_0_0 EXIST::FUNCTION: -i2s_ASN1_UTF8STRING 5238 3_0_0 EXIST::FUNCTION: -s2i_ASN1_UTF8STRING 5239 3_0_0 EXIST::FUNCTION: -OSSL_STORE_open_ex 5240 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_fetch 5241 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_up_ref 5242 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_free 5243 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_get0_provider 5244 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_get0_properties 5245 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_is_a 5247 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_do_all_provided 5248 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_names_do_all 5249 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_settable_ctx_params 5250 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_new 5251 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_params 5252 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_free 5253 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_passphrase 5254 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_pem_password_cb 5255 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_passphrase_ui 5256 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_from_bio 5257 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_from_fp 5258 3_0_0 EXIST::FUNCTION:STDIO -OSSL_DECODER_CTX_add_decoder 5259 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_add_extra 5260 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_get_num_decoders 5261 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_input_type 5262 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_export 5263 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_INSTANCE_get_decoder 5264 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_INSTANCE_get_decoder_ctx 5265 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_gettable_params 5266 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_get_params 5267 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_new_for_pkey 5268 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_construct 5269 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_construct_data 5270 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_cleanup 5271 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_get_construct 5272 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_get_construct_data 5273 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_get_cleanup 5274 3_0_0 EXIST::FUNCTION: -RAND_get0_primary 5275 3_0_0 EXIST::FUNCTION: -RAND_get0_public 5276 3_0_0 EXIST::FUNCTION: -RAND_get0_private 5277 3_0_0 EXIST::FUNCTION: -PKCS12_SAFEBAG_get0_bag_obj 5278 3_0_0 EXIST::FUNCTION: -PKCS12_SAFEBAG_get0_bag_type 5279 3_0_0 EXIST::FUNCTION: -PKCS12_SAFEBAG_create_secret 5280 3_0_0 EXIST::FUNCTION: -PKCS12_add1_attr_by_NID 5281 3_0_0 EXIST::FUNCTION: -PKCS12_add1_attr_by_txt 5282 3_0_0 EXIST::FUNCTION: -PKCS12_add_secret 5283 3_0_0 EXIST::FUNCTION: -SMIME_write_ASN1_ex 5284 3_0_0 EXIST::FUNCTION: -SMIME_read_ASN1_ex 5285 3_0_0 EXIST::FUNCTION: -CMS_ContentInfo_new_ex 5286 3_0_0 EXIST::FUNCTION:CMS -SMIME_read_CMS_ex 5287 3_0_0 EXIST::FUNCTION:CMS -CMS_sign_ex 5288 3_0_0 EXIST::FUNCTION:CMS -CMS_data_create_ex 5289 3_0_0 EXIST::FUNCTION:CMS -CMS_digest_create_ex 5290 3_0_0 EXIST::FUNCTION:CMS -CMS_EncryptedData_encrypt_ex 5291 3_0_0 EXIST::FUNCTION:CMS -CMS_encrypt_ex 5292 3_0_0 EXIST::FUNCTION:CMS -CMS_EnvelopedData_create_ex 5293 3_0_0 EXIST::FUNCTION:CMS -CMS_ReceiptRequest_create0_ex 5294 3_0_0 EXIST::FUNCTION:CMS -EVP_SignFinal_ex 5295 3_0_0 EXIST::FUNCTION: -EVP_VerifyFinal_ex 5296 3_0_0 EXIST::FUNCTION: -EVP_DigestSignInit_ex 5297 3_0_0 EXIST::FUNCTION: -EVP_DigestVerifyInit_ex 5298 3_0_0 EXIST::FUNCTION: -PKCS7_new_ex 5299 3_0_0 EXIST::FUNCTION: -PKCS7_sign_ex 5300 3_0_0 EXIST::FUNCTION: -PKCS7_encrypt_ex 5301 3_0_0 EXIST::FUNCTION: -SMIME_read_PKCS7_ex 5302 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_self_test 5303 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_tls1_prf_md 5304 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set1_tls1_prf_secret 5305 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_add1_tls1_prf_seed 5306 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_hkdf_md 5307 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set1_hkdf_salt 5308 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set1_hkdf_key 5309 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_add1_hkdf_info 5310 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_hkdf_mode 5311 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set1_pbe_pass 5312 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set1_scrypt_salt 5313 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_scrypt_N 5314 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_scrypt_r 5315 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_scrypt_p 5316 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_scrypt_maxmem_bytes 5317 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_kdf_type 5318 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_dh_kdf_type 5319 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set0_dh_kdf_oid 5320 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get0_dh_kdf_oid 5321 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_kdf_md 5322 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_dh_kdf_md 5323 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_dh_kdf_outlen 5324 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get_dh_kdf_outlen 5325 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set0_dh_kdf_ukm 5326 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get0_dh_kdf_ukm 5327 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -EVP_CIPHER_CTX_get_updated_iv 5328 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_get_original_iv 5329 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_gettable_params 5330 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_settable_params 5331 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_gen_settable_params 5332 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_gettable_ctx_params 5333 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_settable_ctx_params 5334 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_gettable_ctx_params 5335 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_settable_ctx_params 5336 3_0_0 EXIST::FUNCTION: -d2i_PUBKEY_ex 5337 3_0_0 EXIST::FUNCTION: -OSSL_STORE_INFO_new_PUBKEY 5338 3_0_0 EXIST::FUNCTION: -OSSL_STORE_INFO_get0_PUBKEY 5339 3_0_0 EXIST::FUNCTION: -OSSL_STORE_INFO_get1_PUBKEY 5340 3_0_0 EXIST::FUNCTION: -PEM_read_bio_PUBKEY_ex 5341 3_0_0 EXIST::FUNCTION: -PEM_read_PUBKEY_ex 5342 3_0_0 EXIST::FUNCTION:STDIO -PEM_read_bio_Parameters_ex 5343 3_0_0 EXIST::FUNCTION: -EC_GROUP_new_from_params 5344 3_0_0 EXIST::FUNCTION:EC -OSSL_STORE_LOADER_set_open_ex 5345 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -OSSL_STORE_LOADER_fetch 5346 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_up_ref 5347 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_get0_provider 5348 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_get0_properties 5349 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_is_a 5351 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_do_all_provided 5352 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_names_do_all 5353 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_utf8_string_ptr 5354 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_octet_string_ptr 5355 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_passphrase_cb 5356 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_mac_key 5357 3_0_0 EXIST::FUNCTION: -OSSL_STORE_INFO_new 5358 3_0_0 EXIST::FUNCTION: -OSSL_STORE_INFO_get0_data 5359 3_0_0 EXIST::FUNCTION: -asn1_d2i_read_bio 5360 3_0_0 EXIST::FUNCTION: -EVP_PKCS82PKEY_ex 5361 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set1_id 5362 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get1_id 5363 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get1_id_len 5364 3_0_0 EXIST::FUNCTION: -CMS_AuthEnvelopedData_create 5365 3_0_0 EXIST::FUNCTION:CMS -CMS_AuthEnvelopedData_create_ex 5366 3_0_0 EXIST::FUNCTION:CMS -EVP_PKEY_CTX_set_ec_param_enc 5367 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get0_type_name 5368 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_get0_name 5369 3_0_0 EXIST::FUNCTION: -EC_KEY_decoded_from_explicit_params 5370 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC -EVP_KEM_free 5371 3_0_0 EXIST::FUNCTION: -EVP_KEM_up_ref 5372 3_0_0 EXIST::FUNCTION: -EVP_KEM_get0_provider 5373 3_0_0 EXIST::FUNCTION: -EVP_KEM_fetch 5374 3_0_0 EXIST::FUNCTION: -EVP_KEM_is_a 5375 3_0_0 EXIST::FUNCTION: -EVP_KEM_do_all_provided 5377 3_0_0 EXIST::FUNCTION: -EVP_KEM_names_do_all 5378 3_0_0 EXIST::FUNCTION: -EVP_PKEY_encapsulate_init 5379 3_0_0 EXIST::FUNCTION: -EVP_PKEY_encapsulate 5380 3_0_0 EXIST::FUNCTION: -EVP_PKEY_decapsulate_init 5381 3_0_0 EXIST::FUNCTION: -EVP_PKEY_decapsulate 5382 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_kem_op 5383 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_gettable_params 5384 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_get_params 5385 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_output_type 5386 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_add_encoder 5387 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_add_extra 5388 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_get_num_encoders 5389 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_selection 5390 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_INSTANCE_get_encoder 5391 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_INSTANCE_get_encoder_ctx 5392 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_INSTANCE_get_input_type 5393 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_INSTANCE_get_output_type 5394 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_construct 5395 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_construct_data 5396 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_cleanup 5397 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_passphrase_cb 5398 3_0_0 EXIST::FUNCTION: -EVP_PKEY_type_names_do_all 5399 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_INSTANCE_get_input_type 5400 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_gettable_ctx_params 5401 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_settable_ctx_params 5402 3_0_0 EXIST::FUNCTION: -EVP_KEM_gettable_ctx_params 5403 3_0_0 EXIST::FUNCTION: -EVP_KEM_settable_ctx_params 5404 3_0_0 EXIST::FUNCTION: -PKCS7_type_is_other 5405 3_0_0 EXIST::FUNCTION: -PKCS7_get_octet_string 5406 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_from_data 5407 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_to_data 5408 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get0_libctx 5409 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_get0_propq 5410 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set1_encoded_public_key 5411 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get1_encoded_public_key 5412 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_selection 5413 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_CTX_set_input_structure 5414 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_INSTANCE_get_input_structure 5415 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_CTX_set_output_structure 5416 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_INSTANCE_get_output_structure 5417 3_0_0 EXIST::FUNCTION: -PEM_write_PrivateKey_ex 5418 3_0_0 EXIST::FUNCTION:STDIO -PEM_write_bio_PrivateKey_ex 5419 3_0_0 EXIST::FUNCTION: -PEM_write_PUBKEY_ex 5420 3_0_0 EXIST::FUNCTION:STDIO -PEM_write_bio_PUBKEY_ex 5421 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_group_name 5422 3_0_0 EXIST::FUNCTION: -CRYPTO_atomic_or 5423 3_0_0 EXIST::FUNCTION: -CRYPTO_atomic_load 5424 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_pss_keygen_md 5425 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_rsa_pss_keygen_md_name 5426 3_0_0 EXIST::FUNCTION: -EVP_PKEY_settable_params 5427 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set_params 5428 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set_int_param 5429 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set_size_t_param 5430 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set_bn_param 5431 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set_utf8_string_param 5432 3_0_0 EXIST::FUNCTION: -EVP_PKEY_set_octet_string_param 5433 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_ec_point_conv_form 5434 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_field_type 5435 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get_params 5436 3_0_0 EXIST::FUNCTION: -EVP_PKEY_fromdata_init 5437 3_0_0 EXIST::FUNCTION: -EVP_PKEY_fromdata_settable 5438 3_0_0 EXIST::FUNCTION: -EVP_PKEY_param_check_quick 5439 3_0_0 EXIST::FUNCTION: -EVP_PKEY_public_check_quick 5440 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_is_a 5441 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_settable_params 5442 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_gettable_params 5443 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_gettable_params 5444 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_settable_params 5445 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_gettable_params 5446 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_settable_params 5447 3_0_0 EXIST::FUNCTION: -EVP_RAND_CTX_gettable_params 5448 3_0_0 EXIST::FUNCTION: -EVP_RAND_CTX_settable_params 5449 3_0_0 EXIST::FUNCTION: -RAND_set_DRBG_type 5450 3_0_0 EXIST::FUNCTION: -RAND_set_seed_source_type 5451 3_0_0 EXIST::FUNCTION: -BN_mod_exp_mont_consttime_x2 5452 3_0_0 EXIST::FUNCTION: -BIO_f_readbuffer 5453 3_0_0 EXIST::FUNCTION: -OSSL_ESS_check_signing_certs 5454 3_0_0 EXIST::FUNCTION: -OSSL_ESS_signing_cert_new_init 5455 3_0_0 EXIST::FUNCTION: -OSSL_ESS_signing_cert_v2_new_init 5456 3_0_0 EXIST::FUNCTION: -ESS_SIGNING_CERT_it 5457 3_0_0 EXIST::FUNCTION: -ESS_SIGNING_CERT_V2_it 5458 3_0_0 EXIST::FUNCTION: -EVP_Q_digest 5459 3_0_0 EXIST::FUNCTION: -EVP_DigestInit_ex2 5460 3_0_0 EXIST::FUNCTION: -EVP_EncryptInit_ex2 5461 3_0_0 EXIST::FUNCTION: -EVP_DecryptInit_ex2 5462 3_0_0 EXIST::FUNCTION: -EVP_CipherInit_ex2 5463 3_0_0 EXIST::FUNCTION: -EVP_PKEY_sign_init_ex 5464 3_0_0 EXIST::FUNCTION: -EVP_PKEY_verify_init_ex 5465 3_0_0 EXIST::FUNCTION: -EVP_PKEY_verify_recover_init_ex 5466 3_0_0 EXIST::FUNCTION: -EVP_PKEY_encrypt_init_ex 5467 3_0_0 EXIST::FUNCTION: -EVP_PKEY_decrypt_init_ex 5468 3_0_0 EXIST::FUNCTION: -EVP_PKEY_derive_init_ex 5469 3_0_0 EXIST::FUNCTION: -EVP_PKEY_print_public_fp 5470 3_0_0 EXIST::FUNCTION:STDIO -EVP_PKEY_print_private_fp 5471 3_0_0 EXIST::FUNCTION:STDIO -EVP_PKEY_print_params_fp 5472 3_0_0 EXIST::FUNCTION:STDIO -TS_RESP_CTX_new_ex 5473 3_0_0 EXIST::FUNCTION:TS -X509_REQ_new_ex 5474 3_0_0 EXIST::FUNCTION: -EVP_PKEY_dup 5475 3_0_0 EXIST::FUNCTION: -RSA_PSS_PARAMS_dup 5476 3_0_0 EXIST::FUNCTION: -EVP_PKEY_derive_set_peer_ex 5477 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_get0_name 5478 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_get0_name 5479 3_0_0 EXIST::FUNCTION: -OSSL_DECODER_get0_description 5480 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_get0_description 5481 3_0_0 EXIST::FUNCTION: -OSSL_STORE_LOADER_get0_description 5482 3_0_0 EXIST::FUNCTION: -EVP_MD_get0_description 5483 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_get0_description 5484 3_0_0 EXIST::FUNCTION: -EVP_MAC_get0_description 5485 3_0_0 EXIST::FUNCTION: -EVP_RAND_get0_description 5486 3_0_0 EXIST::FUNCTION: -EVP_PKEY_get0_description 5487 3_0_0 EXIST::FUNCTION: -EVP_KEYMGMT_get0_description 5488 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_get0_description 5489 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_get0_description 5490 3_0_0 EXIST::FUNCTION: -EVP_KEM_get0_description 5491 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_get0_description 5492 3_0_0 EXIST::FUNCTION: -EVP_KDF_get0_description 5493 3_0_0 EXIST::FUNCTION: -OPENSSL_sk_find_all 5494 3_0_0 EXIST::FUNCTION: -X509_CRL_new_ex 5495 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_dup 5496 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_merge 5497 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_free 5498 3_0_0 EXIST::FUNCTION: -EVP_PKEY_todata 5499 3_0_0 EXIST::FUNCTION: -EVP_PKEY_export 5500 3_0_0 EXIST::FUNCTION: -EVP_MD_CTX_get0_md 5501 3_0_0 EXIST::FUNCTION: -EVP_MD_CTX_get1_md 5502 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_get0_cipher 5503 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_CTX_get1_cipher 5504 3_0_0 EXIST::FUNCTION: -OSSL_LIB_CTX_get0_global_default 5505 3_0_0 EXIST::FUNCTION: -EVP_SIGNATURE_get0_name 5506 3_0_0 EXIST::FUNCTION: -EVP_ASYM_CIPHER_get0_name 5507 3_0_0 EXIST::FUNCTION: -EVP_KEM_get0_name 5508 3_0_0 EXIST::FUNCTION: -EVP_KEYEXCH_get0_name 5509 3_0_0 EXIST::FUNCTION: -PKCS5_v2_PBE_keyivgen_ex 5510 3_0_0 EXIST::FUNCTION: -EVP_PBE_scrypt_ex 5511 3_0_0 EXIST::FUNCTION:SCRYPT -PKCS5_v2_scrypt_keyivgen_ex 5512 3_0_0 EXIST::FUNCTION:SCRYPT -EVP_PBE_CipherInit_ex 5513 3_0_0 EXIST::FUNCTION: -EVP_PBE_find_ex 5514 3_0_0 EXIST::FUNCTION: -PKCS12_SAFEBAG_create_pkcs8_encrypt_ex 5515 3_0_0 EXIST::FUNCTION: -PKCS8_decrypt_ex 5516 3_0_0 EXIST::FUNCTION: -PKCS12_decrypt_skey_ex 5517 3_0_0 EXIST::FUNCTION: -PKCS8_encrypt_ex 5518 3_0_0 EXIST::FUNCTION: -PKCS8_set0_pbe_ex 5519 3_0_0 EXIST::FUNCTION: -PKCS12_pack_p7encdata_ex 5520 3_0_0 EXIST::FUNCTION: -PKCS12_pbe_crypt_ex 5521 3_0_0 EXIST::FUNCTION: -PKCS12_item_decrypt_d2i_ex 5522 3_0_0 EXIST::FUNCTION: -PKCS12_item_i2d_encrypt_ex 5523 3_0_0 EXIST::FUNCTION: -PKCS12_init_ex 5524 3_0_0 EXIST::FUNCTION: -PKCS12_key_gen_asc_ex 5525 3_0_0 EXIST::FUNCTION: -PKCS12_key_gen_uni_ex 5526 3_0_0 EXIST::FUNCTION: -PKCS12_key_gen_utf8_ex 5527 3_0_0 EXIST::FUNCTION: -PKCS12_PBE_keyivgen_ex 5528 3_0_0 EXIST::FUNCTION: -PKCS12_create_ex 5529 3_0_0 EXIST::FUNCTION: -PKCS12_add_key_ex 5530 3_0_0 EXIST::FUNCTION: -PKCS12_add_safe_ex 5531 3_0_0 EXIST::FUNCTION: -PKCS12_add_safes_ex 5532 3_0_0 EXIST::FUNCTION: -PKCS5_pbe_set0_algor_ex 5533 3_0_0 EXIST::FUNCTION: -PKCS5_pbe_set_ex 5534 3_0_0 EXIST::FUNCTION: -PKCS5_pbe2_set_iv_ex 5535 3_0_0 EXIST::FUNCTION: -PKCS5_pbkdf2_set_ex 5536 3_0_0 EXIST::FUNCTION: -BIO_new_from_core_bio 5537 3_0_0 EXIST::FUNCTION: -BIO_new_ex 5538 3_0_0 EXIST::FUNCTION: -BIO_s_core 5539 3_0_0 EXIST::FUNCTION: -BIO_get_line 5540 3_0_0 EXIST::FUNCTION: -OSSL_LIB_CTX_new_from_dispatch 5541 3_0_0 EXIST::FUNCTION: -OSSL_LIB_CTX_new_child 5542 3_0_0 EXIST::FUNCTION: -OSSL_PROVIDER_get0_dispatch 5543 3_0_0 EXIST::FUNCTION: -PKCS5_PBE_keyivgen_ex 5544 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_get_block_size 5545 3_0_0 EXIST::FUNCTION: -BIO_debug_callback_ex 5546 3_0_0 EXIST::FUNCTION: -b2i_PVK_bio_ex 5547 3_0_0 EXIST::FUNCTION: -i2b_PVK_bio_ex 5548 3_0_0 EXIST::FUNCTION: -NCONF_get0_libctx 5549 3_0_0 EXIST::FUNCTION: -NCONF_get_section_names 5550 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_new ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_free ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_dup ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_get0_mac ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_get_mac_size ? 3_0_0 EXIST::FUNCTION: +EVP_Q_mac ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_init ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_update ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_final ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_finalXOF ? 3_0_0 EXIST::FUNCTION: +OSSL_EC_curve_nid2name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_digestsign_supports_digest ? 3_0_0 EXIST::FUNCTION: +SRP_VBASE_add0_user ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +SRP_user_pwd_new ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +SRP_user_pwd_set_gN ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +SRP_user_pwd_set1_ids ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +SRP_user_pwd_set0_sv ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +OPENSSL_version_major ? 3_0_0 EXIST::FUNCTION: +OPENSSL_version_minor ? 3_0_0 EXIST::FUNCTION: +OPENSSL_version_patch ? 3_0_0 EXIST::FUNCTION: +OPENSSL_version_pre_release ? 3_0_0 EXIST::FUNCTION: +OPENSSL_version_build_metadata ? 3_0_0 EXIST::FUNCTION: +OPENSSL_INIT_set_config_filename ? 3_0_0 EXIST::FUNCTION:STDIO +OPENSSL_INIT_set_config_file_flags ? 3_0_0 EXIST::FUNCTION:STDIO +ASYNC_WAIT_CTX_get_callback ? 3_0_0 EXIST::FUNCTION: +ASYNC_WAIT_CTX_set_callback ? 3_0_0 EXIST::FUNCTION: +ASYNC_WAIT_CTX_set_status ? 3_0_0 EXIST::FUNCTION: +ASYNC_WAIT_CTX_get_status ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_free ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_reset ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_get_kdf_size ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_derive ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_get0_name ? 3_0_0 EXIST::FUNCTION: +EC_GROUP_get0_field ? 3_0_0 EXIST::FUNCTION:EC +CRYPTO_alloc_ex_data ? 3_0_0 EXIST::FUNCTION: +OSSL_LIB_CTX_new ? 3_0_0 EXIST::FUNCTION: +OSSL_LIB_CTX_free ? 3_0_0 EXIST::FUNCTION: +OPENSSL_LH_flush ? 3_0_0 EXIST::FUNCTION: +BN_native2bn ? 3_0_0 EXIST::FUNCTION: +BN_bn2nativepad ? 3_0_0 EXIST::FUNCTION: +OSSL_trace_get_category_num ? 3_0_0 EXIST::FUNCTION: +OSSL_trace_get_category_name ? 3_0_0 EXIST::FUNCTION: +OSSL_trace_set_channel ? 3_0_0 EXIST::FUNCTION: +OSSL_trace_set_prefix ? 3_0_0 EXIST::FUNCTION: +OSSL_trace_set_suffix ? 3_0_0 EXIST::FUNCTION: +OSSL_trace_set_callback ? 3_0_0 EXIST::FUNCTION: +OSSL_trace_enabled ? 3_0_0 EXIST::FUNCTION: +OSSL_trace_begin ? 3_0_0 EXIST::FUNCTION: +OSSL_trace_end ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_load ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_try_load ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_unload ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_add_builtin ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_gettable_params ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_get_params ? 3_0_0 EXIST::FUNCTION: +d2i_OSSL_CRMF_ENCRYPTEDVALUE ? 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_ENCRYPTEDVALUE ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDVALUE_free ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDVALUE_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDVALUE_it ? 3_0_0 EXIST::FUNCTION:CRMF +d2i_OSSL_CRMF_MSG ? 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_MSG ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_dup ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_free ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_it ? 3_0_0 EXIST::FUNCTION:CRMF +d2i_OSSL_CRMF_PBMPARAMETER ? 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_PBMPARAMETER ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PBMPARAMETER_free ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PBMPARAMETER_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PBMPARAMETER_it ? 3_0_0 EXIST::FUNCTION:CRMF +d2i_OSSL_CRMF_CERTID ? 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_CERTID ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_dup ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_free ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_it ? 3_0_0 EXIST::FUNCTION:CRMF +d2i_OSSL_CRMF_PKIPUBLICATIONINFO ? 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_PKIPUBLICATIONINFO ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PKIPUBLICATIONINFO_free ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PKIPUBLICATIONINFO_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PKIPUBLICATIONINFO_it ? 3_0_0 EXIST::FUNCTION:CRMF +d2i_OSSL_CRMF_SINGLEPUBINFO ? 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_SINGLEPUBINFO ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_SINGLEPUBINFO_free ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_SINGLEPUBINFO_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_SINGLEPUBINFO_it ? 3_0_0 EXIST::FUNCTION:CRMF +d2i_OSSL_CRMF_CERTTEMPLATE ? 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_CERTTEMPLATE ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_free ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_it ? 3_0_0 EXIST::FUNCTION:CRMF +d2i_OSSL_CRMF_MSGS ? 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_MSGS ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSGS_free ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSGS_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSGS_it ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_pbmp_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_pbm_new ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_regToken ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_authenticator ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set0_SinglePubInfo ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set_PKIPublicationInfo_action ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_gen ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set0_validity ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set_certReqId ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get_certReqId ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set0_extensions ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_push0_extension ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_create_popo ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSGS_verify_popo ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_tmpl ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_get0_serialNumber ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_get0_issuer ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_fill ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_PARAM_locate ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_int ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_uint ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_long ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_ulong ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_int32 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_uint32 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_int64 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_uint64 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_size_t ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_BN ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_double ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_utf8_string ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_utf8_ptr ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_octet_string ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_octet_ptr ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_int ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_uint ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_long ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_ulong ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_int32 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_uint32 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_int64 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_uint64 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_size_t ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_int ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_uint ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_long ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_ulong ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_int32 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_uint32 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_int64 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_uint64 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_size_t ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_double ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_double ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_BN ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_BN ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_utf8_string ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_utf8_string ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_octet_string ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_octet_string ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_utf8_ptr ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_utf8_ptr ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_octet_ptr ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_octet_ptr ? 3_0_0 EXIST::FUNCTION: +X509_set0_distinguishing_id ? 3_0_0 EXIST::FUNCTION: +X509_get0_distinguishing_id ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get0_engine ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE +EVP_MD_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_MD_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_set_default_properties ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_end ? 3_0_0 EXIST::FUNCTION: +EC_GROUP_check_named_curve ? 3_0_0 EXIST::FUNCTION:EC +EVP_CIPHER_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_mode ? 3_0_0 EXIST::FUNCTION: +OPENSSL_info ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_new ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_kdf ? 3_0_0 EXIST::FUNCTION: +i2d_KeyParams ? 3_0_0 EXIST::FUNCTION: +d2i_KeyParams ? 3_0_0 EXIST::FUNCTION: +i2d_KeyParams_bio ? 3_0_0 EXIST::FUNCTION: +d2i_KeyParams_bio ? 3_0_0 EXIST::FUNCTION: +OSSL_CMP_PKISTATUS_it ? 3_0_0 EXIST::FUNCTION:CMP +d2i_OSSL_CMP_PKIHEADER ? 3_0_0 EXIST::FUNCTION:CMP +i2d_OSSL_CMP_PKIHEADER ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKIHEADER_free ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKIHEADER_new ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKIHEADER_it ? 3_0_0 EXIST::FUNCTION:CMP +d2i_OSSL_CMP_MSG ? 3_0_0 EXIST::FUNCTION:CMP +i2d_OSSL_CMP_MSG ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_it ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_create ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_set0 ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_get0_type ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_get0_value ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_push0_stack_item ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_free ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_free ? 3_0_0 EXIST::FUNCTION:CMP +EVP_MD_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +BN_CTX_new_ex ? 3_0_0 EXIST::FUNCTION: +BN_CTX_secure_new_ex ? 3_0_0 EXIST::FUNCTION: +OPENSSL_thread_stop_ex ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_locate_const ? 3_0_0 EXIST::FUNCTION: +X509_REQ_set0_distinguishing_id ? 3_0_0 EXIST::FUNCTION: +X509_REQ_get0_distinguishing_id ? 3_0_0 EXIST::FUNCTION: +BN_rand_ex ? 3_0_0 EXIST::FUNCTION: +BN_priv_rand_ex ? 3_0_0 EXIST::FUNCTION: +BN_rand_range_ex ? 3_0_0 EXIST::FUNCTION: +BN_priv_rand_range_ex ? 3_0_0 EXIST::FUNCTION: +BN_generate_prime_ex2 ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_free ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_pad ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_free ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_get0_provider ? 3_0_0 EXIST::FUNCTION: +X509_PUBKEY_dup ? 3_0_0 EXIST::FUNCTION: +EVP_MD_get0_name ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get0_name ? 3_0_0 EXIST::FUNCTION: +EVP_MD_get0_provider ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get0_provider ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_get0_name ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_MD_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_get0_provider ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_available ? 3_0_0 EXIST::FUNCTION: +ERR_new ? 3_0_0 EXIST::FUNCTION: +ERR_set_debug ? 3_0_0 EXIST::FUNCTION: +ERR_set_error ? 3_0_0 EXIST::FUNCTION: +ERR_vset_error ? 3_0_0 EXIST::FUNCTION: +X509_get0_authority_issuer ? 3_0_0 EXIST::FUNCTION: +X509_get0_authority_serial ? 3_0_0 EXIST::FUNCTION: +X509_self_signed ? 3_0_0 EXIST::FUNCTION: +OPENSSL_hexstr2buf_ex ? 3_0_0 EXIST::FUNCTION: +OPENSSL_buf2hexstr_ex ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_allocate_from_text ? 3_0_0 EXIST::FUNCTION: +EVP_MD_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_settable_params ? 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_MD_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_free ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get0_provider ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get0_name ? 3_0_0 EXIST::FUNCTION: +EVP_MD_free ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_free ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_free ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_dup ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_get0_provider ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_free ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_get0_provider ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_signature_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_signature_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_settable_params ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_tag_length ? 3_0_0 EXIST::FUNCTION: +ERR_get_error_all ? 3_0_0 EXIST::FUNCTION: +ERR_peek_error_func ? 3_0_0 EXIST::FUNCTION: +ERR_peek_error_data ? 3_0_0 EXIST::FUNCTION: +ERR_peek_error_all ? 3_0_0 EXIST::FUNCTION: +ERR_peek_last_error_func ? 3_0_0 EXIST::FUNCTION: +ERR_peek_last_error_data ? 3_0_0 EXIST::FUNCTION: +ERR_peek_last_error_all ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_MD_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_MD_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +OSSL_CMP_CTX_new ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_free ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_reinit ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_option ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get_option ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_log_cb ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_print_errors ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_serverPath ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_server ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_serverPort ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_proxy ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_no_proxy ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_http_cb ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_http_cb_arg ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get_http_cb_arg ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_transfer_cb ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_transfer_cb_arg ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get_transfer_cb_arg ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_srvCert ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_expected_sender ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_untrusted ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get0_untrusted ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_cert ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_pkey ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_build_cert_chain ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_referenceValue ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_secretValue ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_recipient ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_push0_geninfo_ITAV ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_extraCertsOut ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set0_newPkey ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get0_newPkey ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_issuer ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_subjectName ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_push1_subjectAltName ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set0_reqExtensions ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_reqExtensions_have_SAN ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_push0_policy ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_oldCert ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_p10CSR ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_push0_genm_ITAV ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_certConf_cb ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set_certConf_cb_arg ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get_certConf_cb_arg ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get_status ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get0_statusString ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get_failInfoCode ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get0_newCert ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get1_newChain ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get1_caPubs ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_get1_extraCertsIn ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_transactionID ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_set1_senderNonce ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_log_open ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_log_close ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_print_to_bio ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_print_errors_cb ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CRMF_CERTID_get0_issuer ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_get0_serialNumber ? 3_0_0 EXIST::FUNCTION:CRMF +EVP_DigestSignUpdate ? 3_0_0 EXIST::FUNCTION: +EVP_DigestVerifyUpdate ? 3_0_0 EXIST::FUNCTION: +BN_check_prime ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_MD_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_MD_names_do_all ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_names_do_all ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_names_do_all ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_names_do_all ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_names_do_all ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_names_do_all ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_names_do_all ? 3_0_0 EXIST::FUNCTION: +OSSL_CMP_CTX_snprint_PKIStatus ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_HDR_get0_transactionID ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_HDR_get0_recipNonce ? 3_0_0 EXIST::FUNCTION:CMP +X509_LOOKUP_store ? 3_0_0 EXIST::FUNCTION: +X509_add_cert ? 3_0_0 EXIST::FUNCTION: +X509_add_certs ? 3_0_0 EXIST::FUNCTION: +X509_STORE_load_file ? 3_0_0 EXIST::FUNCTION: +X509_STORE_load_path ? 3_0_0 EXIST::FUNCTION: +X509_STORE_load_store ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_fromdata ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_free ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_get0_provider ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_names_do_all ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_padding ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_rsa_padding ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_mgf1_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_mgf1_md_name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_rsa_mgf1_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_oaep_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_oaep_md_name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_rsa_oaep_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set0_rsa_oaep_label ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get0_rsa_oaep_label ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_rsa_mgf1_md_name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_rsa_oaep_md_name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_meth_set_digestsign ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_set_digestverify ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_get_digestsign ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_meth_get_digestverify ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +OSSL_ENCODER_up_ref ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_free ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_fetch ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_is_a ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get0_provider ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_do_all_provided ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_names_do_all ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_new ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_free ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get0_properties ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_to_bio ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_to_fp ? 3_0_0 EXIST::FUNCTION:STDIO +OSSL_ENCODER_CTX_new_for_pkey ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_cipher ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_passphrase ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_pem_password_cb ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_passphrase_ui ? 3_0_0 EXIST::FUNCTION: +PEM_read_X509_PUBKEY ? 3_0_0 EXIST::FUNCTION:STDIO +PEM_write_X509_PUBKEY ? 3_0_0 EXIST::FUNCTION:STDIO +PEM_read_bio_X509_PUBKEY ? 3_0_0 EXIST::FUNCTION: +PEM_write_bio_X509_PUBKEY ? 3_0_0 EXIST::FUNCTION: +d2i_X509_PUBKEY_fp ? 3_0_0 EXIST::FUNCTION:STDIO +i2d_X509_PUBKEY_fp ? 3_0_0 EXIST::FUNCTION:STDIO +d2i_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION: +i2d_X509_PUBKEY_bio ? 3_0_0 EXIST::FUNCTION: +RSA_get0_pss_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +X509_cmp_timeframe ? 3_0_0 EXIST::FUNCTION: +OSSL_CMP_MSG_get0_header ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_update_transactionID ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_setup_CRM ? 3_0_0 EXIST::FUNCTION:CMP +BIO_f_prefix ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_new_from_name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_new_from_pkey ? 3_0_0 EXIST::FUNCTION: +OSSL_SELF_TEST_set_callback ? 3_0_0 EXIST::FUNCTION: +OSSL_SELF_TEST_get_callback ? 3_0_0 EXIST::FUNCTION: +ASN1_TIME_dup ? 3_0_0 EXIST::FUNCTION: +ASN1_UTCTIME_dup ? 3_0_0 EXIST::FUNCTION: +ASN1_GENERALIZEDTIME_dup ? 3_0_0 EXIST::FUNCTION: +RAND_priv_bytes_ex ? 3_0_0 EXIST::FUNCTION: +RAND_bytes_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_default_digest_name ? 3_0_0 EXIST::FUNCTION: +CMS_decrypt_set1_pkey_and_peer ? 3_0_0 EXIST::FUNCTION:CMS +CMS_add1_recipient ? 3_0_0 EXIST::FUNCTION:CMS +CMS_RecipientInfo_kari_set0_pkey_and_peer ? 3_0_0 EXIST::FUNCTION:CMS +PKCS8_pkey_add1_attr ? 3_0_0 EXIST::FUNCTION: +PKCS8_pkey_add1_attr_by_OBJ ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_private_check ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_pairwise_check ? 3_0_0 EXIST::FUNCTION: +ASN1_item_verify_ctx ? 3_0_0 EXIST::FUNCTION: +ASN1_item_sign_ex ? 3_0_0 EXIST::FUNCTION: +ASN1_item_verify_ex ? 3_0_0 EXIST::FUNCTION: +BIO_socket_wait ? 3_0_0 EXIST::FUNCTION:SOCK +BIO_wait ? 3_0_0 EXIST::FUNCTION: +BIO_do_connect_retry ? 3_0_0 EXIST::FUNCTION: +OSSL_parse_url ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_get_resp_len ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_REQ_CTX_set_expected ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_is_alive ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_open ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_proxy_connect ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_set_request ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_exchange ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_get ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_transfer ? 3_0_0 EXIST::FUNCTION: +OSSL_HTTP_close ? 3_0_0 EXIST::FUNCTION: +ASN1_item_i2d_mem_bio ? 3_0_0 EXIST::FUNCTION: +ERR_add_error_txt ? 3_0_0 EXIST::FUNCTION: +ERR_add_error_mem_bio ? 3_0_0 EXIST::FUNCTION: +X509_STORE_CTX_print_verify_cb ? 3_0_0 EXIST::FUNCTION: +X509_STORE_get1_all_certs ? 3_0_0 EXIST::FUNCTION: +OSSL_CMP_validate_msg ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_validate_cert_path ? 3_0_0 EXIST::FUNCTION:CMP +EVP_PKEY_CTX_set_ecdh_cofactor_mode ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_ecdh_cofactor_mode ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_ecdh_kdf_type ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_ecdh_kdf_type ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_ecdh_kdf_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_ecdh_kdf_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_ecdh_kdf_outlen ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_ecdh_kdf_outlen ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set0_ecdh_kdf_ukm ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get0_ecdh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_CTX_set_rsa_pss_saltlen ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_rsa_pss_saltlen ? 3_0_0 EXIST::FUNCTION: +d2i_ISSUER_SIGN_TOOL ? 3_0_0 EXIST::FUNCTION: +i2d_ISSUER_SIGN_TOOL ? 3_0_0 EXIST::FUNCTION: +ISSUER_SIGN_TOOL_free ? 3_0_0 EXIST::FUNCTION: +ISSUER_SIGN_TOOL_new ? 3_0_0 EXIST::FUNCTION: +ISSUER_SIGN_TOOL_it ? 3_0_0 EXIST::FUNCTION: +OSSL_SELF_TEST_new ? 3_0_0 EXIST::FUNCTION: +OSSL_SELF_TEST_free ? 3_0_0 EXIST::FUNCTION: +OSSL_SELF_TEST_onbegin ? 3_0_0 EXIST::FUNCTION: +OSSL_SELF_TEST_oncorrupt_byte ? 3_0_0 EXIST::FUNCTION: +OSSL_SELF_TEST_onend ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_set_default_search_path ? 3_0_0 EXIST::FUNCTION: +X509_digest_sig ? 3_0_0 EXIST::FUNCTION: +OSSL_CMP_MSG_dup ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_dup ? 3_0_0 EXIST::FUNCTION:CMP +d2i_OSSL_CMP_PKISI ? 3_0_0 EXIST::FUNCTION:CMP +i2d_OSSL_CMP_PKISI ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKISI_free ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKISI_new ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKISI_it ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKISI_dup ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_snprint_PKIStatusInfo ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_STATUSINFO_new ? 3_0_0 EXIST::FUNCTION:CMP +d2i_OSSL_CMP_MSG_bio ? 3_0_0 EXIST::FUNCTION:CMP +i2d_OSSL_CMP_MSG_bio ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_process_request ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_CTX_server_perform ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_new ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_free ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_init ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_get0_cmp_ctx ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_get0_custom_ctx ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_set_send_unprotected_errors ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_set_accept_unprotected ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_set_accept_raverified ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_SRV_CTX_set_grant_implicit_confirm ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_exec_certreq ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_try_certreq ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_certConf_cb ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_exec_RR_ses ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_exec_GENM_ses ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_http_perform ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_read ? 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_write ? 3_0_0 EXIST::FUNCTION:CMP +EVP_PKEY_Q_keygen ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_generate ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_keygen_bits ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_keygen_pubexp ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_CTX_set1_rsa_keygen_pubexp ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_keygen_primes ? 3_0_0 EXIST::FUNCTION: +NCONF_new_ex ? 3_0_0 EXIST::FUNCTION: +CONF_modules_load_file_ex ? 3_0_0 EXIST::FUNCTION: +OSSL_LIB_CTX_load_config ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_to_param ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_int ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_uint ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_long ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_ulong ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_int32 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_uint32 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_int64 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_uint64 ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_size_t ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_double ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_BN ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_BN_pad ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_utf8_string ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_utf8_ptr ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_octet_string ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_octet_ptr ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_new ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_free ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set_type_by_keymgmt ? 3_0_0 EXIST::FUNCTION: +OCSP_RESPID_set_by_key_ex ? 3_0_0 EXIST::FUNCTION:OCSP +OCSP_RESPID_match_ex ? 3_0_0 EXIST::FUNCTION:OCSP +SRP_create_verifier_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +SRP_create_verifier_BN_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +SRP_Calc_B_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +SRP_Calc_u_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +SRP_Calc_x_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +SRP_Calc_client_key_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP +EVP_PKEY_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_int_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_size_t_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_bn_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_utf8_string_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_octet_string_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_can_sign ? 3_0_0 EXIST::FUNCTION: +X509_STORE_CTX_new_ex ? 3_0_0 EXIST::FUNCTION: +X509_STORE_CTX_verify ? 3_0_0 EXIST::FUNCTION: +CT_POLICY_EVAL_CTX_new_ex ? 3_0_0 EXIST::FUNCTION:CT +CTLOG_new_ex ? 3_0_0 EXIST::FUNCTION:CT +CTLOG_new_from_base64_ex ? 3_0_0 EXIST::FUNCTION:CT +CTLOG_STORE_new_ex ? 3_0_0 EXIST::FUNCTION:CT +EVP_PKEY_set_ex_data ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_ex_data ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_group_name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_group_name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_ec_paramgen_curve_nid ? 3_0_0 EXIST::FUNCTION: +d2i_PrivateKey_ex ? 3_0_0 EXIST::FUNCTION: +d2i_AutoPrivateKey_ex ? 3_0_0 EXIST::FUNCTION: +d2i_PrivateKey_ex_fp ? 3_0_0 EXIST::FUNCTION:STDIO +d2i_PrivateKey_ex_bio ? 3_0_0 EXIST::FUNCTION: +PEM_read_bio_PrivateKey_ex ? 3_0_0 EXIST::FUNCTION: +PEM_read_PrivateKey_ex ? 3_0_0 EXIST::FUNCTION:STDIO +EVP_PKEY_CTX_set_dsa_paramgen_bits ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dsa_paramgen_q_bits ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dsa_paramgen_md_props ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dsa_paramgen_gindex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dsa_paramgen_type ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dsa_paramgen_seed ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dsa_paramgen_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_paramgen_type ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_paramgen_gindex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_paramgen_seed ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_paramgen_prime_len ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_paramgen_subprime_len ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_paramgen_generator ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_nid ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_rfc5114 ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dhx_rfc5114 ? 3_0_0 EXIST::FUNCTION: +X509_VERIFY_PARAM_get0_host ? 3_0_0 EXIST::FUNCTION: +X509_VERIFY_PARAM_get0_email ? 3_0_0 EXIST::FUNCTION: +X509_VERIFY_PARAM_get1_ip_asc ? 3_0_0 EXIST::FUNCTION: +X509_ALGOR_copy ? 3_0_0 EXIST::FUNCTION: +X509_REQ_set0_signature ? 3_0_0 EXIST::FUNCTION: +X509_REQ_set1_signature_algo ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_modified ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_all_unmodified ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_free ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_get0_name ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_get0_provider ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_CTX_new ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_CTX_free ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_CTX_get0_rand ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_names_do_all ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_instantiate ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_uninstantiate ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_generate ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_reseed ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_nonce ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_enable_locking ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_verify_zeroization ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_get_strength ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_get_state ? 3_0_0 EXIST::FUNCTION: +EVP_default_properties_is_fips_enabled ? 3_0_0 EXIST::FUNCTION: +EVP_default_properties_enable_fips ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_new_raw_private_key_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_new_raw_public_key_ex ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_BLD_push_time_t ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_time_t ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_time_t ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_time_t ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_attach ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_set_attach ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_do_all ? 3_0_0 EXIST::FUNCTION: +EC_GROUP_get_field_type ? 3_0_0 EXIST::FUNCTION:EC +X509_PUBKEY_eq ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_eq ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_parameters_eq ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_query_operation ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_unquery_operation ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_get0_provider_ctx ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_get_capabilities ? 3_0_0 EXIST::FUNCTION: +EC_GROUP_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC +EC_KEY_new_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC +EC_KEY_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC +OSSL_LIB_CTX_set0_default ? 3_0_0 EXIST::FUNCTION: +PEM_X509_INFO_read_bio_ex ? 3_0_0 EXIST::FUNCTION: +PEM_X509_INFO_read_ex ? 3_0_0 EXIST::FUNCTION:STDIO +X509_REQ_verify_ex ? 3_0_0 EXIST::FUNCTION: +X509_new_ex ? 3_0_0 EXIST::FUNCTION: +X509_LOOKUP_ctrl_ex ? 3_0_0 EXIST::FUNCTION: +X509_load_cert_file_ex ? 3_0_0 EXIST::FUNCTION: +X509_load_cert_crl_file_ex ? 3_0_0 EXIST::FUNCTION: +X509_LOOKUP_by_subject_ex ? 3_0_0 EXIST::FUNCTION: +X509_STORE_load_file_ex ? 3_0_0 EXIST::FUNCTION: +X509_STORE_load_store_ex ? 3_0_0 EXIST::FUNCTION: +X509_STORE_load_locations_ex ? 3_0_0 EXIST::FUNCTION: +X509_STORE_set_default_paths_ex ? 3_0_0 EXIST::FUNCTION: +X509_build_chain ? 3_0_0 EXIST::FUNCTION: +X509V3_set_issuer_pkey ? 3_0_0 EXIST::FUNCTION: +i2s_ASN1_UTF8STRING ? 3_0_0 EXIST::FUNCTION: +s2i_ASN1_UTF8STRING ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_open_ex ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_fetch ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_up_ref ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_free ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get0_provider ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get0_properties ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_is_a ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_do_all_provided ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_names_do_all ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_new ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_free ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_passphrase ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_pem_password_cb ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_passphrase_ui ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_from_bio ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_from_fp ? 3_0_0 EXIST::FUNCTION:STDIO +OSSL_DECODER_CTX_add_decoder ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_add_extra ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_get_num_decoders ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_input_type ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_export ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_INSTANCE_get_decoder ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_INSTANCE_get_decoder_ctx ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_gettable_params ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get_params ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_new_for_pkey ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_construct ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_construct_data ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_cleanup ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_get_construct ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_get_construct_data ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_get_cleanup ? 3_0_0 EXIST::FUNCTION: +RAND_get0_primary ? 3_0_0 EXIST::FUNCTION: +RAND_get0_public ? 3_0_0 EXIST::FUNCTION: +RAND_get0_private ? 3_0_0 EXIST::FUNCTION: +PKCS12_SAFEBAG_get0_bag_obj ? 3_0_0 EXIST::FUNCTION: +PKCS12_SAFEBAG_get0_bag_type ? 3_0_0 EXIST::FUNCTION: +PKCS12_SAFEBAG_create_secret ? 3_0_0 EXIST::FUNCTION: +PKCS12_add1_attr_by_NID ? 3_0_0 EXIST::FUNCTION: +PKCS12_add1_attr_by_txt ? 3_0_0 EXIST::FUNCTION: +PKCS12_add_secret ? 3_0_0 EXIST::FUNCTION: +SMIME_write_ASN1_ex ? 3_0_0 EXIST::FUNCTION: +SMIME_read_ASN1_ex ? 3_0_0 EXIST::FUNCTION: +CMS_ContentInfo_new_ex ? 3_0_0 EXIST::FUNCTION:CMS +SMIME_read_CMS_ex ? 3_0_0 EXIST::FUNCTION:CMS +CMS_sign_ex ? 3_0_0 EXIST::FUNCTION:CMS +CMS_data_create_ex ? 3_0_0 EXIST::FUNCTION:CMS +CMS_digest_create_ex ? 3_0_0 EXIST::FUNCTION:CMS +CMS_EncryptedData_encrypt_ex ? 3_0_0 EXIST::FUNCTION:CMS +CMS_encrypt_ex ? 3_0_0 EXIST::FUNCTION:CMS +CMS_EnvelopedData_create_ex ? 3_0_0 EXIST::FUNCTION:CMS +CMS_ReceiptRequest_create0_ex ? 3_0_0 EXIST::FUNCTION:CMS +EVP_SignFinal_ex ? 3_0_0 EXIST::FUNCTION: +EVP_VerifyFinal_ex ? 3_0_0 EXIST::FUNCTION: +EVP_DigestSignInit_ex ? 3_0_0 EXIST::FUNCTION: +EVP_DigestVerifyInit_ex ? 3_0_0 EXIST::FUNCTION: +PKCS7_new_ex ? 3_0_0 EXIST::FUNCTION: +PKCS7_sign_ex ? 3_0_0 EXIST::FUNCTION: +PKCS7_encrypt_ex ? 3_0_0 EXIST::FUNCTION: +SMIME_read_PKCS7_ex ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_self_test ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_tls1_prf_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set1_tls1_prf_secret ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_add1_tls1_prf_seed ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_hkdf_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set1_hkdf_salt ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set1_hkdf_key ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_add1_hkdf_info ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_hkdf_mode ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set1_pbe_pass ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set1_scrypt_salt ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_scrypt_N ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_scrypt_r ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_scrypt_p ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_scrypt_maxmem_bytes ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_kdf_type ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_dh_kdf_type ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set0_dh_kdf_oid ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get0_dh_kdf_oid ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_kdf_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_dh_kdf_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_dh_kdf_outlen ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_dh_kdf_outlen ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set0_dh_kdf_ukm ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get0_dh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +EVP_CIPHER_CTX_get_updated_iv ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_original_iv ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_settable_params ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_gen_settable_params ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +d2i_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_INFO_new_PUBKEY ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_INFO_get0_PUBKEY ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_INFO_get1_PUBKEY ? 3_0_0 EXIST::FUNCTION: +PEM_read_bio_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION: +PEM_read_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:STDIO +PEM_read_bio_Parameters_ex ? 3_0_0 EXIST::FUNCTION: +EC_GROUP_new_from_params ? 3_0_0 EXIST::FUNCTION:EC +OSSL_STORE_LOADER_set_open_ex ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +OSSL_STORE_LOADER_fetch ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_up_ref ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_get0_provider ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_get0_properties ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_is_a ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_do_all_provided ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_names_do_all ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_utf8_string_ptr ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_octet_string_ptr ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_passphrase_cb ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_mac_key ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_INFO_new ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_INFO_get0_data ? 3_0_0 EXIST::FUNCTION: +asn1_d2i_read_bio ? 3_0_0 EXIST::FUNCTION: +EVP_PKCS82PKEY_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set1_id ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get1_id ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get1_id_len ? 3_0_0 EXIST::FUNCTION: +CMS_AuthEnvelopedData_create ? 3_0_0 EXIST::FUNCTION:CMS +CMS_AuthEnvelopedData_create_ex ? 3_0_0 EXIST::FUNCTION:CMS +EVP_PKEY_CTX_set_ec_param_enc ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get0_type_name ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_get0_name ? 3_0_0 EXIST::FUNCTION: +EC_KEY_decoded_from_explicit_params ? 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC +EVP_KEM_free ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_up_ref ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_get0_provider ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_fetch ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_do_all_provided ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_names_do_all ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_encapsulate_init ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_encapsulate ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_decapsulate_init ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_decapsulate ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_kem_op ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_gettable_params ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get_params ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_output_type ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_add_encoder ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_add_extra ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_get_num_encoders ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_selection ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_INSTANCE_get_encoder ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_INSTANCE_get_encoder_ctx ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_INSTANCE_get_input_type ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_INSTANCE_get_output_type ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_construct ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_construct_data ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_cleanup ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_passphrase_cb ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_type_names_do_all ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_INSTANCE_get_input_type ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +PKCS7_type_is_other ? 3_0_0 EXIST::FUNCTION: +PKCS7_get_octet_string ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_from_data ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_to_data ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get0_libctx ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get0_propq ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set1_encoded_public_key ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get1_encoded_public_key ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_selection ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_CTX_set_input_structure ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_INSTANCE_get_input_structure ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_CTX_set_output_structure ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_INSTANCE_get_output_structure ? 3_0_0 EXIST::FUNCTION: +PEM_write_PrivateKey_ex ? 3_0_0 EXIST::FUNCTION:STDIO +PEM_write_bio_PrivateKey_ex ? 3_0_0 EXIST::FUNCTION: +PEM_write_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:STDIO +PEM_write_bio_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_group_name ? 3_0_0 EXIST::FUNCTION: +CRYPTO_atomic_or ? 3_0_0 EXIST::FUNCTION: +CRYPTO_atomic_load ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_pss_keygen_md ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_rsa_pss_keygen_md_name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_settable_params ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set_params ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set_int_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set_size_t_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set_bn_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set_utf8_string_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_set_octet_string_param ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_ec_point_conv_form ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_field_type ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_fromdata_init ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_fromdata_settable ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_param_check_quick ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_public_check_quick ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_is_a ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_settable_params ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_settable_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_settable_params ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_CTX_gettable_params ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_CTX_settable_params ? 3_0_0 EXIST::FUNCTION: +RAND_set_DRBG_type ? 3_0_0 EXIST::FUNCTION: +RAND_set_seed_source_type ? 3_0_0 EXIST::FUNCTION: +BN_mod_exp_mont_consttime_x2 ? 3_0_0 EXIST::FUNCTION: +BIO_f_readbuffer ? 3_0_0 EXIST::FUNCTION: +OSSL_ESS_check_signing_certs ? 3_0_0 EXIST::FUNCTION: +OSSL_ESS_signing_cert_new_init ? 3_0_0 EXIST::FUNCTION: +OSSL_ESS_signing_cert_v2_new_init ? 3_0_0 EXIST::FUNCTION: +ESS_SIGNING_CERT_it ? 3_0_0 EXIST::FUNCTION: +ESS_SIGNING_CERT_V2_it ? 3_0_0 EXIST::FUNCTION: +EVP_Q_digest ? 3_0_0 EXIST::FUNCTION: +EVP_DigestInit_ex2 ? 3_0_0 EXIST::FUNCTION: +EVP_EncryptInit_ex2 ? 3_0_0 EXIST::FUNCTION: +EVP_DecryptInit_ex2 ? 3_0_0 EXIST::FUNCTION: +EVP_CipherInit_ex2 ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_sign_init_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_verify_init_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_verify_recover_init_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_encrypt_init_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_decrypt_init_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_derive_init_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_print_public_fp ? 3_0_0 EXIST::FUNCTION:STDIO +EVP_PKEY_print_private_fp ? 3_0_0 EXIST::FUNCTION:STDIO +EVP_PKEY_print_params_fp ? 3_0_0 EXIST::FUNCTION:STDIO +TS_RESP_CTX_new_ex ? 3_0_0 EXIST::FUNCTION:TS +X509_REQ_new_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_dup ? 3_0_0 EXIST::FUNCTION: +RSA_PSS_PARAMS_dup ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_derive_set_peer_ex ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get0_name ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get0_name ? 3_0_0 EXIST::FUNCTION: +OSSL_DECODER_get0_description ? 3_0_0 EXIST::FUNCTION: +OSSL_ENCODER_get0_description ? 3_0_0 EXIST::FUNCTION: +OSSL_STORE_LOADER_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_MD_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_RAND_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_get0_description ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_get0_description ? 3_0_0 EXIST::FUNCTION: +OPENSSL_sk_find_all ? 3_0_0 EXIST::FUNCTION: +X509_CRL_new_ex ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_dup ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_merge ? 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_free ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_todata ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_export ? 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_get0_md ? 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_get1_md ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get0_cipher ? 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get1_cipher ? 3_0_0 EXIST::FUNCTION: +OSSL_LIB_CTX_get0_global_default ? 3_0_0 EXIST::FUNCTION: +EVP_SIGNATURE_get0_name ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_get0_name ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_get0_name ? 3_0_0 EXIST::FUNCTION: +EVP_KEYEXCH_get0_name ? 3_0_0 EXIST::FUNCTION: +PKCS5_v2_PBE_keyivgen_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PBE_scrypt_ex ? 3_0_0 EXIST::FUNCTION:SCRYPT +PKCS5_v2_scrypt_keyivgen_ex ? 3_0_0 EXIST::FUNCTION:SCRYPT +EVP_PBE_CipherInit_ex ? 3_0_0 EXIST::FUNCTION: +EVP_PBE_find_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_SAFEBAG_create_pkcs8_encrypt_ex ? 3_0_0 EXIST::FUNCTION: +PKCS8_decrypt_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_decrypt_skey_ex ? 3_0_0 EXIST::FUNCTION: +PKCS8_encrypt_ex ? 3_0_0 EXIST::FUNCTION: +PKCS8_set0_pbe_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_pack_p7encdata_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_pbe_crypt_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_item_decrypt_d2i_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_item_i2d_encrypt_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_init_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_key_gen_asc_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_key_gen_uni_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_key_gen_utf8_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_PBE_keyivgen_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_create_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_add_key_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_add_safe_ex ? 3_0_0 EXIST::FUNCTION: +PKCS12_add_safes_ex ? 3_0_0 EXIST::FUNCTION: +PKCS5_pbe_set0_algor_ex ? 3_0_0 EXIST::FUNCTION: +PKCS5_pbe_set_ex ? 3_0_0 EXIST::FUNCTION: +PKCS5_pbe2_set_iv_ex ? 3_0_0 EXIST::FUNCTION: +PKCS5_pbkdf2_set_ex ? 3_0_0 EXIST::FUNCTION: +BIO_new_from_core_bio ? 3_0_0 EXIST::FUNCTION: +BIO_new_ex ? 3_0_0 EXIST::FUNCTION: +BIO_s_core ? 3_0_0 EXIST::FUNCTION: +BIO_get_line ? 3_0_0 EXIST::FUNCTION: +OSSL_LIB_CTX_new_from_dispatch ? 3_0_0 EXIST::FUNCTION: +OSSL_LIB_CTX_new_child ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_get0_dispatch ? 3_0_0 EXIST::FUNCTION: +PKCS5_PBE_keyivgen_ex ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_CTX_get_block_size ? 3_0_0 EXIST::FUNCTION: +BIO_debug_callback_ex ? 3_0_0 EXIST::FUNCTION: +b2i_PVK_bio_ex ? 3_0_0 EXIST::FUNCTION: +i2b_PVK_bio_ex ? 3_0_0 EXIST::FUNCTION: +NCONF_get0_libctx ? 3_0_0 EXIST::FUNCTION: +NCONF_get_section_names ? 3_0_0 EXIST::FUNCTION: diff --git a/util/mknum.pl b/util/mknum.pl index 92435a8712..284fe891ef 100644 --- a/util/mknum.pl +++ b/util/mknum.pl @@ -89,9 +89,9 @@ foreach my $f (($symhacks_file // (), @ARGV)) { } # As long as we're running in development or alpha releases, we can have -# symbols without specific numbers assigned. When in beta or final release, -# all symbols MUST have an assigned number. -if ($version !~ m/^\d+\.\d+\.\d+(?:[a-z]+)?-(?:dev|alpha)/) { +# symbols without specific numbers assigned. In beta or final release, all +# symbols MUST have an assigned number. +if ($version !~ m/^\d+\.\d+\.\d+(?:-alpha|(?:-.*?)?-dev$)/) { $ordinals->renumber(); } From no-reply at appveyor.com Thu Jun 3 07:51:14 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 03 Jun 2021 07:51:14 +0000 Subject: Build completed: openssl master.42229 Message-ID: <20210603075114.1.DB4A8E70F0A9550D@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jun 3 10:47:51 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 03 Jun 2021 10:47:51 +0000 Subject: [openssl] master update Message-ID: <1622717271.780941.26031.nullmailer@dev.openssl.org> The branch master has been updated via b7d2bd1219db7e12f8bde6667cb7771b0b83c2fe (commit) from 17213b2ad03fe577c03a3e77142242adde41fa9f (commit) - Log ----------------------------------------------------------------- commit b7d2bd1219db7e12f8bde6667cb7771b0b83c2fe Author: Richard Levitte Date: Wed Jun 2 11:07:20 2021 +0200 Deprecate EVP_CIPHER_impl_ctx_size and EVP_CIPHER_CTX_buf_noconst Fixes #15519 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15584) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aria.c | 2 ++ crypto/evp/e_sm4.c | 2 ++ include/openssl/evp.h | 6 ++++++ util/libcrypto.num | 4 ++-- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index b57661db58..f53528ea5c 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -8,6 +8,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/deprecated.h" + #include "internal/cryptlib.h" #ifndef OPENSSL_NO_ARIA # include diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index a3ccc49f7e..39bec569f7 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -9,6 +9,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/deprecated.h" + #include "internal/cryptlib.h" #ifndef OPENSSL_NO_SM4 # include diff --git a/include/openssl/evp.h b/include/openssl/evp.h index c4338dae9c..50cf8eeb77 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -586,7 +586,10 @@ int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher); # define EVP_CIPHER_block_size EVP_CIPHER_get_block_size +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); +# endif int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher); # define EVP_CIPHER_key_length EVP_CIPHER_get_key_length int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher); @@ -624,7 +627,10 @@ OSSL_DEPRECATEDIN_3_0 unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *c # endif int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len); +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +# endif int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); # define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); diff --git a/util/libcrypto.num b/util/libcrypto.num index a66a379038..6f763f1063 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -119,7 +119,7 @@ EVP_BytesToKey 120 3_0_0 EXIST::FUNCTION: ENGINE_set_default_pkey_asn1_meths 121 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE OCSP_BASICRESP_add1_ext_i2d 122 3_0_0 EXIST::FUNCTION:OCSP EVP_camellia_128_ctr 123 3_0_0 EXIST::FUNCTION:CAMELLIA -EVP_CIPHER_impl_ctx_size 124 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_impl_ctx_size 124 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_CRL_get_nextUpdate 125 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0 PKCS12_free 126 3_0_0 EXIST::FUNCTION: CMS_signed_get_attr 127 3_0_0 EXIST::FUNCTION:CMS @@ -1217,7 +1217,7 @@ DSO_METHOD_openssl 1244 3_0_0 EXIST::FUNCTION: d2i_PrivateKey_fp 1245 3_0_0 EXIST::FUNCTION:STDIO i2d_NETSCAPE_CERT_SEQUENCE 1246 3_0_0 EXIST::FUNCTION: EC_POINT_oct2point 1248 3_0_0 EXIST::FUNCTION:EC -EVP_CIPHER_CTX_buf_noconst 1249 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_buf_noconst 1249 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 OPENSSL_DIR_read 1250 3_0_0 EXIST::FUNCTION: CMS_add_smimecap 1251 3_0_0 EXIST::FUNCTION:CMS X509_check_email 1252 3_0_0 EXIST::FUNCTION: From dev at ddvo.net Thu Jun 3 14:14:39 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Thu, 03 Jun 2021 14:14:39 +0000 Subject: [openssl] master update Message-ID: <1622729679.170403.22218.nullmailer@dev.openssl.org> The branch master has been updated via f6b6574cd73649b4bd5f695b9dbb8f80422ff244 (commit) from b7d2bd1219db7e12f8bde6667cb7771b0b83c2fe (commit) - Log ----------------------------------------------------------------- commit f6b6574cd73649b4bd5f695b9dbb8f80422ff244 Author: Jon Spillett Date: Wed Jun 2 11:20:25 2021 +1000 80-test_cmp_http.t: Re-enable CMP tests for AIX, removing some inessential test cases Remove negative test cases which simulate an attempt to write file contents to a directory using a path ending in '/' as this is not compatible with fopen on all platforms, e.g., AIX. Reviewed-by: David von Oheimb Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/15575) ----------------------------------------------------------------------- Summary of changes: test/recipes/80-test_cmp_http.t | 4 ++-- test/recipes/80-test_cmp_http_data/test_commands.csv | 1 - test/recipes/80-test_cmp_http_data/test_enrollment.csv | 3 --- test/recipes/80-test_cmp_http_data/test_verification.csv | 1 - 4 files changed, 2 insertions(+), 7 deletions(-) diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index 106f580636..bcec27f949 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -31,8 +31,8 @@ plan skip_all => "These tests are not supported in a no-ec build" plan skip_all => "These tests are not supported in a no-sock build" if disabled("sock"); -plan skip_all => "Tests involving local HTTP server not available on Windows, AIX or VMS" - if $^O =~ /^(VMS|MSWin32|AIX)$/; +plan skip_all => "Tests involving local HTTP server not available on Windows or VMS" + if $^O =~ /^(VMS|MSWin32)$/; plan skip_all => "Tests involving local HTTP server not available in cross-compile builds" if defined $ENV{EXE_SHELL}; diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv index 2384f05f44..0bf1111a6c 100644 --- a/test/recipes/80-test_cmp_http_data/test_commands.csv +++ b/test/recipes/80-test_cmp_http_data/test_commands.csv @@ -36,7 +36,6 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty 1, --- use csr for revocation ----, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK, -revreason,0, -csr,csr.pem 1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, 0,without oldcert, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK, -0,oldcert is directory, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,dir/,BLANK, 0,oldcert file nonexistent, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,idontexist,BLANK, 0,empty oldcert file, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,empty.txt,BLANK, 0,oldcert and key do not match, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,trusted.crt, -revreason,0 diff --git a/test/recipes/80-test_cmp_http_data/test_enrollment.csv b/test/recipes/80-test_cmp_http_data/test_enrollment.csv index d46a56daeb..db44b46d27 100644 --- a/test/recipes/80-test_cmp_http_data/test_enrollment.csv +++ b/test/recipes/80-test_cmp_http_data/test_enrollment.csv @@ -65,7 +65,6 @@ expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 0,no certout, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,"""",, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,certout missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,certout is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,dir/,, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,certout too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,abc,def, -out_trusted,root.crt,,BLANK,,BLANK,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1,no out_trusted, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_out_trusted.pem,,BLANK,,,BLANK,,BLANK,,, @@ -80,7 +79,6 @@ expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1,oldcert ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,, 0,oldcert missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert1.pem,, -out_trusted,root.crt,, -oldcert,,BLANK,,, -0,oldcert directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert2.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,, 0,oldcert non existing file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert3.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,, 0,oldcert empty file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert4.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,, 0,oldcert random contents, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_oldcert5.pem,, -out_trusted,root.crt,, -oldcert,random.bin,BLANK,,, @@ -106,7 +104,6 @@ TODO,p10cr wrong csr, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass: 0,kur newkey is directory, -section,, -cmd,kur, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur2.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT 0,kur newkey parameter count no match, -section,, -cmd,kur, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur3.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT 0,kur newkey missing argument, -section,, -cmd,kur, -newkey,BLANK,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur4.pem,, -out_trusted,root.crt,, -oldcert,_RESULT_DIR/test.certout_newkey.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT -0,kur oldcert is directory, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur5.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT 0,kur oldcert not existing, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur6.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT 0,kur empty oldcert file, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur7.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT 0,kur without cert and oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,_RESULT_DIR/test.certout_kur8.pem,, -out_trusted,root.crt,, -cert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT diff --git a/test/recipes/80-test_cmp_http_data/test_verification.csv b/test/recipes/80-test_cmp_http_data/test_verification.csv index c58215eebf..ad28108be2 100644 --- a/test/recipes/80-test_cmp_http_data/test_verification.csv +++ b/test/recipes/80-test_cmp_http_data/test_verification.csv @@ -47,5 +47,4 @@ expected,description, -section,val, -recipient,val, -expect_sender,val, -srvcert ,,,,,,,,,,,,,,,,,,,,,,,,, 1,extracertsout, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,_RESULT_DIR/test.extracerts.pem,,,,,,, 0,extracertsout no parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,,,,,,,, -0,extracertsout directory, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,directory/,,,,,,, 0,extracertsout multiple arguments, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,abc,def,,,,,, From matt at openssl.org Thu Jun 3 14:45:37 2021 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Jun 2021 14:45:37 +0000 Subject: [tools] master update Message-ID: <1622731537.257531.29374.nullmailer@dev.openssl.org> The branch master has been updated via f39ecd88bc71cdb4332ec42b12405abf3738bde2 (commit) from 0e935b5510ff4240341205184085f8a93eb36c24 (commit) - Log ----------------------------------------------------------------- commit f39ecd88bc71cdb4332ec42b12405abf3738bde2 Author: Matt Caswell Date: Fri May 21 10:18:18 2021 +0100 Send release emails from the owner of the signing key Announcement emails should be sent from the email account of the owner of the signing key, otherwise some email clients will fail to verify the key correctly. A longer term solution will be to have a separate release signing key. Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/tools/pull/89) ----------------------------------------------------------------------- Summary of changes: HOWTO-make-a-release.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/HOWTO-make-a-release.md b/HOWTO-make-a-release.md index 012256e..7456b6a 100644 --- a/HOWTO-make-a-release.md +++ b/HOWTO-make-a-release.md @@ -335,16 +335,17 @@ Also check the notes here: Send out the announcements. Generic release announcement messages will be created automatically by the build script and the commands you need to use to send them were displayed when you executed do-release.pl above. -These should normally be sent from the openssl account. These are sent to -openssl-users, openssl-project, and openssl-announce. +These are sent to openssl-users, openssl-project, and openssl-announce. They +should be sent from the account of the person that owns the key used for signing +the release announcement. Ensure that mutt is configured correctly - send a test +email first if necessary. If do-release.pl was used with `--move` be sure to move the announcement text files away from the staging directory after they have been sent. This is done as follows (with VERSION replaced with the version of OpenSSL to announce): - sudo -u openssl \ - mutt -s "OpenSSL version VERSION published" \ + REPLYTO="openssl at openssl.org" mutt -s "OpenSSL version VERSION published" \ openssl-project openssl-users openssl-announce \ < /home/openssl/dist/new/openssl-VERSION.txt.asc sudo -u openssl \ @@ -367,9 +368,9 @@ Then copy the result to the temporary directory on dev.openssl.org: scp secadv_FILENAME.txt.asc dev.openssl.org:/tmp To finish, log in on dev.openssl.org and send the signed Security -Advisory by email as the openssl user, and the remove it: +Advisory by email as the user that signed the advisory, and then remove it: - sudo -u openssl mutt -s "OpenSSL Security Advisory" \ + REPLYTO="openssl at openssl.org" mutt -s "OpenSSL Security Advisory" \ openssl-project openssl-users openssl-announce \ The branch master has been updated via effb0dcf864110a4595f1a243adb9c1dd09eb516 (commit) from f6b6574cd73649b4bd5f695b9dbb8f80422ff244 (commit) - Log ----------------------------------------------------------------- commit effb0dcf864110a4595f1a243adb9c1dd09eb516 Author: bonniegong Date: Wed Jun 2 15:35:18 2021 +0800 Check the return value of ASN1_STRING_length ASN1_STRING_length gets the field 'length' of msg, which can be manipulated through a crafted input. Add a check to avoid error execution of OPENSSL_malloc(). CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15583) ----------------------------------------------------------------------- Summary of changes: crypto/ts/ts_verify_ctx.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 825d53e4f7..20268339ee 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -126,6 +126,8 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) goto err; msg = imprint->hashed_msg; ret->imprint_len = ASN1_STRING_length(msg); + if (ret->imprint_len <= 0) + goto err; if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) goto err; memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len); From tomas at openssl.org Thu Jun 3 15:09:57 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 03 Jun 2021 15:09:57 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1622732997.561263.6750.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5478387c14e0c22a525e2ec5ed37f6ffad4b7c59 (commit) from 869e1424438b3c117d6ef4d3fbf4545cc7dab171 (commit) - Log ----------------------------------------------------------------- commit 5478387c14e0c22a525e2ec5ed37f6ffad4b7c59 Author: bonniegong Date: Wed Jun 2 15:35:18 2021 +0800 Check the return value of ASN1_STRING_length ASN1_STRING_length gets the field 'length' of msg, which can be manipulated through a crafted input. Add a check to avoid error execution of OPENSSL_malloc(). CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15583) (cherry picked from commit effb0dcf864110a4595f1a243adb9c1dd09eb516) ----------------------------------------------------------------------- Summary of changes: crypto/ts/ts_verify_ctx.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 1e80e0d370..803fbe44a7 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -126,6 +126,8 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) goto err; msg = imprint->hashed_msg; ret->imprint_len = ASN1_STRING_length(msg); + if (ret->imprint_len <= 0) + goto err; if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) goto err; memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len); From tomas at openssl.org Thu Jun 3 15:42:43 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 03 Jun 2021 15:42:43 +0000 Subject: [openssl] master update Message-ID: <1622734963.307308.18249.nullmailer@dev.openssl.org> The branch master has been updated via 7d69c07ddf7a27bf4dca250c8a37b8f929d33100 (commit) from effb0dcf864110a4595f1a243adb9c1dd09eb516 (commit) - Log ----------------------------------------------------------------- commit 7d69c07ddf7a27bf4dca250c8a37b8f929d33100 Author: Tomas Mraz Date: Wed Jun 2 15:15:45 2021 +0200 OPENSSL_init_crypto must return 0 when cleanup was done Fixes #15581 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15589) ----------------------------------------------------------------------- Summary of changes: crypto/init.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/crypto/init.c b/crypto/init.c index 49d817c089..552a4fa66c 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -454,6 +454,13 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) uint64_t tmp; int aloaddone = 0; + /* Applications depend on 0 being returned when cleanup was already done */ + if (stopped) { + if (!(opts & OPENSSL_INIT_BASE_ONLY)) + ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL); + return 0; + } + /* * We ignore failures from this function. It is probably because we are * on a platform that doesn't support lockless atomic loads (we may not @@ -476,15 +483,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) /* * At some point we should look at this function with a view to moving * most/all of this into OSSL_LIB_CTX. - */ - - if (stopped) { - if (!(opts & OPENSSL_INIT_BASE_ONLY)) - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL); - return 0; - } - - /* + * * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the * *only* option specified. With that option we return immediately after * doing the requested limited initialization. Note that From tomas at openssl.org Thu Jun 3 16:08:11 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 03 Jun 2021 16:08:11 +0000 Subject: [openssl] master update Message-ID: <1622736491.163183.29391.nullmailer@dev.openssl.org> The branch master has been updated via 18d9c9bf96d54948790fd59068e8d46f6194439e (commit) from 7d69c07ddf7a27bf4dca250c8a37b8f929d33100 (commit) - Log ----------------------------------------------------------------- commit 18d9c9bf96d54948790fd59068e8d46f6194439e Author: Tomas Mraz Date: Wed Jun 2 17:01:41 2021 +0200 openssl spkac: Fix reading SPKAC data from stdin Fixes #15367 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15593) ----------------------------------------------------------------------- Summary of changes: apps/lib/apps.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 3d6588ba23..8604c75251 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -404,14 +404,18 @@ CONF *app_load_config_verbose(const char *filename, int verbose) CONF *app_load_config_internal(const char *filename, int quiet) { - BIO *in = NULL; /* leads to empty config in case filename == "" */ + BIO *in; CONF *conf; - if (*filename != '\0' - && (in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL) - return NULL; - conf = app_load_config_bio(in, filename); - BIO_free(in); + if (filename == NULL || *filename != '\0') { + if ((in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL) + return NULL; + conf = app_load_config_bio(in, filename); + BIO_free(in); + } else { + /* Return empty config if filename is empty string. */ + conf = NCONF_new_ex(app_libctx, NULL); + } return conf; } From matt at openssl.org Thu Jun 3 16:19:10 2021 From: matt at openssl.org (Matt Caswell) Date: Thu, 03 Jun 2021 16:19:10 +0000 Subject: [openssl] master update Message-ID: <1622737150.917576.1528.nullmailer@dev.openssl.org> The branch master has been updated via 376a8c3f46b658027e77165ecb52021b6b27b61a (commit) from 18d9c9bf96d54948790fd59068e8d46f6194439e (commit) - Log ----------------------------------------------------------------- commit 376a8c3f46b658027e77165ecb52021b6b27b61a Author: Matt Caswell Date: Tue May 25 12:38:19 2021 +0100 Teach ASN1_item_verify_ctx() how to handle provided keys We need to special case RSA-PSS because that uses X509_ALGOR style parameters and we have no support for this on the provider side at this stage. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15527) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_verify.c | 61 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 44 insertions(+), 17 deletions(-) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index b1adaf7a8f..9be231b043 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -20,6 +20,7 @@ #include #include "crypto/asn1.h" #include "crypto/evp.h" +#include "crypto/rsa.h" #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -136,7 +137,7 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, goto err; } - if (mdnid == NID_undef) { + if (mdnid == NID_undef && evp_pkey_is_legacy(pkey)) { if (pkey->ameth == NULL || pkey->ameth->item_verify == NULL) { ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; @@ -153,23 +154,49 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, if (ret <= 1) goto err; } else { - const EVP_MD *type = EVP_get_digestbynid(mdnid); + const EVP_MD *type = NULL; - if (type == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); - goto err; - } - - /* Check public key OID matches public key type */ - if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE); - goto err; - } - - if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - ret = 0; - goto err; + /* + * We don't yet have the ability for providers to be able to handle + * X509_ALGOR style parameters. Fortunately the only one that needs this + * so far is RSA-PSS, so we just special case this for now. In some + * future version of OpenSSL we should push this to the provider. + */ + if (mdnid == NID_undef && pknid == EVP_PKEY_RSA_PSS) { + if (!EVP_PKEY_is_a(pkey, "RSA") && !EVP_PKEY_is_a(pkey, "RSA-PSS")) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE); + goto err; + } + /* This function also calls EVP_DigestVerifyInit */ + if (ossl_rsa_pss_to_ctx(ctx, NULL, alg, pkey) <= 0) { + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); + goto err; + } + } else { + /* Check public key OID matches public key type */ + if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE); + goto err; + } + + if (mdnid != NID_undef) { + type = EVP_get_digestbynid(mdnid); + if (type == NULL) { + ERR_raise(ERR_LIB_ASN1, + ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + goto err; + } + } + + /* + * Note that some algorithms (notably Ed25519 and Ed448) may allow + * a NULL digest value. + */ + if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); + ret = 0; + goto err; + } } } From openssl at openssl.org Thu Jun 3 22:10:25 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 03 Jun 2021 22:10:25 +0000 Subject: Still FAILED build of OpenSSL branch master with options --strict-warnings Message-ID: <1622758225.151646.3784416.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config --strict-warnings Commit log since last time: 376a8c3f46 Teach ASN1_item_verify_ctx() how to handle provided keys 18d9c9bf96 openssl spkac: Fix reading SPKAC data from stdin 7d69c07ddf OPENSSL_init_crypto must return 0 when cleanup was done effb0dcf86 Check the return value of ASN1_STRING_length f6b6574cd7 80-test_cmp_http.t: Re-enable CMP tests for AIX, removing some inessential test cases b7d2bd1219 Deprecate EVP_CIPHER_impl_ctx_size and EVP_CIPHER_CTX_buf_noconst 17213b2ad0 Restore all the ? in util/libcrypto.num cbba082fc0 util/mknum.pl: Really allow unset ordinals in development ba3ea453b0 Fix errors found by parfait static analyser. 6436030486 rsa: make the maximum key strength check FIPS only. 691c9cd16b Add an EVP demo for signatures using EC 74613e8c97 update checksums c912e0c616 util: update FIPS checksumming script to be more aggressive with whitespace Build log ended with (last 100 lines): not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80514F9EF47F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80514F9EF47F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 80514F9EF47F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622758017 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80514F9EF47F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80514F9EF47F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 80514F9EF47F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622758017 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80514F9EF47F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80514F9EF47F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 80514F9EF47F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622758017 not ok 6 - iteration 6 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80514F9EF47F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80514F9EF47F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 80514F9EF47F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622758017 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80514F9EF47F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80514F9EF47F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:319: # 80514F9EF47F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1622758017 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1622758017 not ok 1 - test_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/gosttest ../../../openssl/test/recipes/90-test_gost_data/server-cert2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-cert2012.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2012.pem => 1 not ok 1 - running gosttest # ------------------------------------------------------------------------------ # Failed test 'running gosttest' # at ../openssl/test/recipes/90-test_gost.t line 39. # Looks like you failed 1 test of 1.90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_ige.t ...................... ok 90-test_memleak.t .................. ok 90-test_includes.t ................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslbuffers.t ............... ok 80-test_ssl_old.t .................. ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok # Killing mock server with pid=377550880-test_cmp_http.t ................. ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 90-test_store.t .................... ok 90-test_sslapi.t ................... ok Test Summary Report ------------------- 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=236, Tests=3234, 141 wallclock secs (12.13 usr 1.20 sys + 411.92 cusr 54.66 csys = 479.91 CPU) Result: FAIL make[1]: *** [Makefile:3235: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' make: *** [Makefile:3231: tests] Error 2 From pauli at openssl.org Thu Jun 3 23:39:30 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 03 Jun 2021 23:39:30 +0000 Subject: [openssl] master update Message-ID: <1622763570.789948.4646.nullmailer@dev.openssl.org> The branch master has been updated via d0196ddcba60a69930d1b1fec579949c8788be34 (commit) from 376a8c3f46b658027e77165ecb52021b6b27b61a (commit) - Log ----------------------------------------------------------------- commit d0196ddcba60a69930d1b1fec579949c8788be34 Author: Dr. David von Oheimb Date: Wed Jun 2 17:26:02 2021 +0200 CI windows.yml: Silence 'nmake' builds except 'minimal'; ci.yml: make 'minimal' build verbose Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15594) ----------------------------------------------------------------------- Summary of changes: .github/workflows/ci.yml | 2 +- .github/workflows/windows.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 46a096cb75..8513cbb729 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,7 +81,7 @@ jobs: - name: config run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump - name: make - run: make -s -j4 + run: make -j4 # verbose, so no -s here - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 0de6e22893..bcfa45a4ba 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -29,7 +29,7 @@ jobs: perl configdata.pm --dump - name: build working-directory: _build - run: nmake + run: nmake /S - name: test working-directory: _build run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 @@ -54,7 +54,7 @@ jobs: perl configdata.pm --dump - name: build working-directory: _build - run: nmake + run: nmake /S - name: test working-directory: _build run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 @@ -72,7 +72,7 @@ jobs: perl configdata.pm --dump - name: build working-directory: _build - run: nmake + run: nmake # verbose, so no /S here - name: test working-directory: _build run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 From pauli at openssl.org Fri Jun 4 01:06:41 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 04 Jun 2021 01:06:41 +0000 Subject: [openssl] master update Message-ID: <1622768801.975759.19152.nullmailer@dev.openssl.org> The branch master has been updated via f570d33b02d824e2a3f676f718c4692572f45333 (commit) from d0196ddcba60a69930d1b1fec579949c8788be34 (commit) - Log ----------------------------------------------------------------- commit f570d33b02d824e2a3f676f718c4692572f45333 Author: Matt Caswell Date: Wed Jun 2 17:19:23 2021 +0100 Only call dtls1_start_timer() once The function dtls1_handle_timeout() calls dtls1_double_timeout() which was calling dtls1_start_timer(). However dtls1_start_timer() is also called directly by dtls1_handle_timeout(). We only need to start the timer once. Fixes #15561 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15595) ----------------------------------------------------------------------- Summary of changes: ssl/d1_lib.c | 3 +-- ssl/ssl_local.h | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index f9ad4ed684..a986252866 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -342,12 +342,11 @@ int dtls1_is_timer_expired(SSL *s) return 1; } -void dtls1_double_timeout(SSL *s) +static void dtls1_double_timeout(SSL *s) { s->d1->timeout_duration_us *= 2; if (s->d1->timeout_duration_us > 60000000) s->d1->timeout_duration_us = 60000000; - dtls1_start_timer(s); } void dtls1_stop_timer(SSL *s) diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index b222fc6a2d..09413a44fa 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2567,7 +2567,6 @@ __owur int dtls1_handle_timeout(SSL *s); void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); -void dtls1_double_timeout(SSL *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, size_t cookie_len); __owur size_t dtls1_min_mtu(SSL *s); From pauli at openssl.org Fri Jun 4 01:07:25 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 04 Jun 2021 01:07:25 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1622768845.025158.20262.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via bfcdfdee50b0adb9a6e448f07fd8f1c87c919cda (commit) from 5478387c14e0c22a525e2ec5ed37f6ffad4b7c59 (commit) - Log ----------------------------------------------------------------- commit bfcdfdee50b0adb9a6e448f07fd8f1c87c919cda Author: Matt Caswell Date: Wed Jun 2 17:19:23 2021 +0100 Only call dtls1_start_timer() once The function dtls1_handle_timeout() calls dtls1_double_timeout() which was calling dtls1_start_timer(). However dtls1_start_timer() is also called directly by dtls1_handle_timeout(). We only need to start the timer once. Fixes #15561 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15595) (cherry picked from commit f570d33b02d824e2a3f676f718c4692572f45333) ----------------------------------------------------------------------- Summary of changes: ssl/d1_lib.c | 3 +-- ssl/ssl_local.h | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index afbf015216..05b85c1078 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -342,12 +342,11 @@ int dtls1_is_timer_expired(SSL *s) return 1; } -void dtls1_double_timeout(SSL *s) +static void dtls1_double_timeout(SSL *s) { s->d1->timeout_duration_us *= 2; if (s->d1->timeout_duration_us > 60000000) s->d1->timeout_duration_us = 60000000; - dtls1_start_timer(s); } void dtls1_stop_timer(SSL *s) diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 8c3542a542..a357d4d950 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2426,7 +2426,6 @@ __owur int dtls1_handle_timeout(SSL *s); void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); __owur int dtls1_is_timer_expired(SSL *s); -void dtls1_double_timeout(SSL *s); __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, size_t cookie_len); __owur size_t dtls1_min_mtu(SSL *s); From pauli at openssl.org Fri Jun 4 03:04:52 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 04 Jun 2021 03:04:52 +0000 Subject: [openssl] master update Message-ID: <1622775892.263758.7298.nullmailer@dev.openssl.org> The branch master has been updated via 43c2456f0f1a3b446fc9a1b1af43e6f8cef934fc (commit) from f570d33b02d824e2a3f676f718c4692572f45333 (commit) - Log ----------------------------------------------------------------- commit 43c2456f0f1a3b446fc9a1b1af43e6f8cef934fc Author: Rich Salz Date: Wed Jun 2 09:38:01 2021 -0400 Add md-nits task Assumes that Ruby is installed Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15590) ----------------------------------------------------------------------- Summary of changes: .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8513cbb729..9b57c788ff 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,6 +39,10 @@ jobs: run: make -s build_generated - name: make doc-nits run: make doc-nits + - name: make md-nits + run: | + sudo gem install mdl + make md-nits # This checks that we use ANSI C language syntax and semantics. # We are not as strict with libraries, but rather adapt to what's From dev at ddvo.net Fri Jun 4 05:08:17 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 04 Jun 2021 05:08:17 +0000 Subject: [openssl] master update Message-ID: <1622783297.508111.30024.nullmailer@dev.openssl.org> The branch master has been updated via 5d8ea84efaf172af76461855988de2ac8b88beb0 (commit) via c796cc9768f346adde469d329afcbb1f220158ff (commit) from 43c2456f0f1a3b446fc9a1b1af43e6f8cef934fc (commit) - Log ----------------------------------------------------------------- commit 5d8ea84efaf172af76461855988de2ac8b88beb0 Author: Dr. David von Oheimb Date: Wed Jun 2 16:47:58 2021 +0200 80-test_http.t: Rename to 79-test_http.t, add basic HTTP server ACCEPT test Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15592) commit c796cc9768f346adde469d329afcbb1f220158ff Author: Dr. David von Oheimb Date: Wed Jun 2 15:52:26 2021 +0200 80-test_cmp_http.t: Improve comparison on server_port variable Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15592) ----------------------------------------------------------------------- Summary of changes: test/recipes/{80-test_http.t => 79-test_http.t} | 11 ++++++++--- test/recipes/80-test_cmp_http.t | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) rename test/recipes/{80-test_http.t => 79-test_http.t} (56%) diff --git a/test/recipes/80-test_http.t b/test/recipes/79-test_http.t similarity index 56% rename from test/recipes/80-test_http.t rename to test/recipes/79-test_http.t index 2297c5a537..b5bb74393a 100644 --- a/test/recipes/80-test_http.t +++ b/test/recipes/79-test_http.t @@ -12,10 +12,15 @@ use OpenSSL::Test::Utils; setup("test_http"); -plan tests => 1; +plan tests => 2; SKIP: { skip "sockets disabled", 1 if disabled("sock"); - ok(run(test(["http_test", - srctop_file("test", "certs", "ca-cert.pem")]))); + skip "OCSP disabled", 1 if disabled("ocsp"); + my $cmd = [qw{openssl ocsp -index any -port 0}]; + my @output = run(app($cmd), capture => 1); + ok($output[0] =~ /^ACCEPT (0.0.0.0|\[::\]):(\d+?)$/ && $2 >= 1024, + "HTTP server auto-selects and reports local port >= 1024"); } + +ok(run(test(["http_test", srctop_file("test", "certs", "ca-cert.pem")]))); diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index bcec27f949..910c751eec 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -277,7 +277,7 @@ sub start_mock_server { die "Invalid port: $server_port" unless $server_port =~ m/^\d+$/; my $pid = open($server_fh, "$cmd|") or die "Trying to $cmd"; print "Pid is: $pid\n"; - if ($server_port eq "0") { + if ($server_port == 0) { # Find out the actual server port while (<$server_fh>) { print; From pauli at openssl.org Fri Jun 4 05:09:37 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 04 Jun 2021 05:09:37 +0000 Subject: [openssl] master update Message-ID: <1622783377.782424.31381.nullmailer@dev.openssl.org> The branch master has been updated via 6a2f82b439924a2e096ec3288041b7f2d02f58fc (commit) from 5d8ea84efaf172af76461855988de2ac8b88beb0 (commit) - Log ----------------------------------------------------------------- commit 6a2f82b439924a2e096ec3288041b7f2d02f58fc Author: Tomas Mraz Date: Wed Jun 2 09:35:44 2021 +0200 req: fix default bits handling for -newkey Fixes #15569 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15582) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/req.c b/apps/req.c index 284d03f40d..acb98e3560 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1587,7 +1587,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, *pkeytype = OPENSSL_strndup(keytype, keytypelen); else *pkeytype = OPENSSL_strdup(keytype); - *pkeylen = keylen; + if (keylen >= 0) + *pkeylen = keylen; if (param != NULL) { if (!EVP_PKEY_is_a(param, *pkeytype)) { @@ -1626,6 +1627,10 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, EVP_PKEY_CTX_free(gctx); return NULL; } + if (keylen == -1 && (EVP_PKEY_CTX_is_a(gctx, "RSA") + || EVP_PKEY_CTX_is_a(gctx, "RSA-PSS"))) + keylen = *pkeylen; + if (keylen != -1) { OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; size_t bits = keylen; From pauli at openssl.org Fri Jun 4 08:03:52 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 04 Jun 2021 08:03:52 +0000 Subject: [openssl] master update Message-ID: <1622793832.877084.2225.nullmailer@dev.openssl.org> The branch master has been updated via 51cda01c61870c2433fbbd54d69f2267362ea608 (commit) from 6a2f82b439924a2e096ec3288041b7f2d02f58fc (commit) - Log ----------------------------------------------------------------- commit 51cda01c61870c2433fbbd54d69f2267362ea608 Author: Pauli Date: Thu Jun 3 14:27:28 2021 +1000 req: detect a bad choice of digest early This is a regression against 1.1.1 when an unknown digest was detected early. Fixes #15285 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15602) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/apps/req.c b/apps/req.c index acb98e3560..9fbe4e250f 100644 --- a/apps/req.c +++ b/apps/req.c @@ -242,6 +242,7 @@ int req_main(int argc, char **argv) X509 *new_x509 = NULL, *CAcert = NULL; X509_REQ *req = NULL; EVP_CIPHER *cipher = NULL; + EVP_MD *md = NULL; int ext_copy = EXT_COPY_UNSET; BIO *addext_bio = NULL; char *extensions = NULL; @@ -527,7 +528,15 @@ int req_main(int argc, char **argv) if (!add_oid_section(req_conf)) goto end; - if (digest == NULL) { + /* Check that any specified digest is fetchable */ + if (digest != NULL) { + if (!opt_md(digest, &md)) { + ERR_clear_error(); + goto opthelp; + } + EVP_MD_free(md); + } else { + /* No digest specified, default to configuration */ p = NCONF_get_string(req_conf, section, "default_md"); if (p == NULL) ERR_clear_error(); From levitte at openssl.org Fri Jun 4 10:05:39 2021 From: levitte at openssl.org (Richard Levitte) Date: Fri, 04 Jun 2021 10:05:39 +0000 Subject: [web] master update Message-ID: <1622801139.742327.15049.nullmailer@dev.openssl.org> The branch master has been updated via 2e8cfad0e7a3155e8cdeae1a2d9d0cfa9a4efe80 (commit) from e39973455eaed0265573f24ce0eb6e5544757169 (commit) - Log ----------------------------------------------------------------- commit 2e8cfad0e7a3155e8cdeae1a2d9d0cfa9a4efe80 Author: Richard Levitte Date: Fri Jun 4 11:31:45 2021 +0200 bin/mk-manpages3: install more than just HTML files OpenSSL 3.0 now sports images as well. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/web/pull/241) ----------------------------------------------------------------------- Summary of changes: bin/mk-manpages3 | 55 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 20 deletions(-) diff --git a/bin/mk-manpages3 b/bin/mk-manpages3 index 5c83583..dda2be5 100755 --- a/bin/mk-manpages3 +++ b/bin/mk-manpages3 @@ -5,30 +5,45 @@ checkoutdir=$1 series=$2 destdir=$3 -rm -rf tmp -mkdir tmp +rm -rf tmp-build +rm -rf tmp-install +mkdir tmp-build +mkdir tmp-install +install=$(cd tmp-install; pwd) -(cd tmp; $checkoutdir/Configure cc && make build_html_docs) +( + cd tmp-build + $checkoutdir/Configure --prefix=$install && make install_html_docs +) -srcdir=tmp/doc/html +srcdir=tmp-install/share/doc/openssl/html (cd $srcdir; find -type f) | while read F; do Dn=$(dirname $F) Fn=$(basename $F .html) - G=$Dn/$Fn.inc - $HERE/strip-man-html < $srcdir/$F > $destdir/$G - section=$(basename $Dn | sed -e 's|^man||') - description="$($HERE/all-html-man-names < $destdir/$G | sed -e 's|^.* - ||' -e 's|\&|\\\&|g')" - names="$($HERE/all-html-man-names < $destdir/$G | sed -e 's| - .*||' -e 's|, *| |g' -e 's|/|-|g')" - for name in $names; do - G=$Dn/$name.html - cat $HERE/../inc/manpage-template.html5 \ - | sed -E \ - -e "s|\\\$release\\\$|$series|g" \ - -e "s|\\\$sectnum\\\$|$section|g" \ - -e "s|\\\$description\\\$|$description|g" \ - -e "s|\\\$name\\\$|$name|g" \ - -e "s|\\\$origname\\\$|$Fn|g" \ - > $destdir/$G - done + if [ "$F" != "$Dn/$Fn" ]; then + # HTML file, which we treat specially + G=$Dn/$Fn.inc + $HERE/strip-man-html < $srcdir/$F > $destdir/$G + + section=$(basename $Dn | sed -e 's|^man||') + description="$($HERE/all-html-man-names < $destdir/$G | sed -e 's|^.* - ||' -e 's|\&|\\\&|g')" + names="$($HERE/all-html-man-names < $destdir/$G | sed -e 's| - .*||' -e 's|, *| |g' -e 's|/|-|g')" + for name in $names; do + G=$Dn/$name.html + cat $HERE/../inc/manpage-template.html5 \ + | sed -E \ + -e "s|\\\$release\\\$|$series|g" \ + -e "s|\\\$sectnum\\\$|$section|g" \ + -e "s|\\\$description\\\$|$description|g" \ + -e "s|\\\$name\\\$|$name|g" \ + -e "s|\\\$origname\\\$|$Fn|g" \ + > $destdir/$G + done + else + # Other file types, such as images. We simply copy those + G=$Dn/$Fn + mkdir -p $destdir/$Dn + cp $srcdir/$F $destdir/$G + fi done From tomas at openssl.org Fri Jun 4 15:07:21 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 04 Jun 2021 15:07:21 +0000 Subject: [openssl] master update Message-ID: <1622819241.795327.28270.nullmailer@dev.openssl.org> The branch master has been updated via 0e0a47377f98ac45648d2a46e0f2dfd799b07ec6 (commit) via 085e3cecbdadde10e93abfb4dbd3e865aeed58d6 (commit) from 51cda01c61870c2433fbbd54d69f2267362ea608 (commit) - Log ----------------------------------------------------------------- commit 0e0a47377f98ac45648d2a46e0f2dfd799b07ec6 Author: Tomas Mraz Date: Thu Jun 3 15:26:52 2021 +0200 Update fips checksums to drop the ssl headers Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15609) commit 085e3cecbdadde10e93abfb4dbd3e865aeed58d6 Author: Tomas Mraz Date: Thu Jun 3 15:22:05 2021 +0200 Move libssl related defines used by fips provider to prov_ssl.h This nicely reduces the number of files considered as fips provider sources. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15609) ----------------------------------------------------------------------- Summary of changes: crypto/packet.c | 6 ++-- crypto/rsa/rsa_pk1.c | 2 +- include/openssl/dtls1.h | 7 ++--- include/openssl/prov_ssl.h | 34 +++++++++++++++++++++ include/openssl/ssl.h.in | 3 +- include/openssl/ssl3.h | 2 +- include/openssl/tls1.h | 6 ++-- providers/common/capabilities.c | 2 +- providers/fips-sources.checksums | 35 +++++++--------------- providers/fips.checksum | 2 +- providers/fips.module.sources | 15 +--------- providers/implementations/asymciphers/rsa_enc.c | 2 +- .../ciphers/cipher_aes_cbc_hmac_sha.c | 4 +-- providers/implementations/ciphers/ciphercommon.c | 2 +- .../implementations/ciphers/ciphercommon_block.c | 2 +- 15 files changed, 65 insertions(+), 59 deletions(-) create mode 100644 include/openssl/prov_ssl.h diff --git a/crypto/packet.c b/crypto/packet.c index 6cd1ed3ed3..80202bc08f 100644 --- a/crypto/packet.c +++ b/crypto/packet.c @@ -9,7 +9,7 @@ #include "internal/cryptlib.h" #include "internal/packet.h" -#include +#include #define DEFAULT_BUF_SIZE 256 @@ -105,7 +105,7 @@ static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes) pkt->written = 0; if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } @@ -352,7 +352,7 @@ int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes) return 0; if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index f1eabf177c..89778e6c4d 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -20,7 +20,7 @@ #include #include /* Just for the SSL_MAX_MASTER_KEY_LENGTH value */ -#include +#include #include "internal/cryptlib.h" #include "crypto/rsa.h" #include "rsa_local.h" diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index 5553fb8c90..8a1cd95ce3 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -16,22 +16,21 @@ # define HEADER_DTLS1_H # endif +# include + #ifdef __cplusplus extern "C" { #endif #include -# define DTLS1_VERSION 0xFEFF -# define DTLS1_2_VERSION 0xFEFD +/* DTLS*_VERSION constants are defined in prov_ssl.h */ # ifndef OPENSSL_NO_DEPRECATED_3_0 # define DTLS_MIN_VERSION DTLS1_VERSION # define DTLS_MAX_VERSION DTLS1_2_VERSION # endif # define DTLS1_VERSION_MAJOR 0xFE -# define DTLS1_BAD_VER 0x0100 - /* Special value for method supporting multiple versions */ # define DTLS_ANY_VERSION 0x1FFFF diff --git a/include/openssl/prov_ssl.h b/include/openssl/prov_ssl.h new file mode 100644 index 0000000000..d3e0896c8e --- /dev/null +++ b/include/openssl/prov_ssl.h @@ -0,0 +1,34 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OPENSSL_PROV_SSL_H +# define OPENSSL_PROV_SSL_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* SSL/TLS related defines useful to providers */ + +# define SSL_MAX_MASTER_KEY_LENGTH 48 + +# define SSL3_VERSION 0x0300 +# define TLS1_VERSION 0x0301 +# define TLS1_1_VERSION 0x0302 +# define TLS1_2_VERSION 0x0303 +# define TLS1_3_VERSION 0x0304 +# define DTLS1_VERSION 0xFEFF +# define DTLS1_2_VERSION 0xFEFD +# define DTLS1_BAD_VER 0x0100 + +# ifdef __cplusplus +} +# endif +#endif /* OPENSSL_PROV_SSL_H */ diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index a227090263..2c34fd2a9a 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -42,6 +42,7 @@ use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros); # include # include # include +# include #ifdef __cplusplus extern "C" { @@ -59,7 +60,7 @@ extern "C" { # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) # define SSL_MAX_KEY_ARG_LENGTH 8 -# define SSL_MAX_MASTER_KEY_LENGTH 48 +/* SSL_MAX_MASTER_KEY_LENGTH is defined in prov_ssl.h */ /* The maximum number of encrypt/decrypt pipelines we can support */ # define SSL_MAX_PIPELINES 32 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 9fc6b3abcb..e5a41faa05 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -212,7 +212,7 @@ extern "C" { # define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" # define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" -# define SSL3_VERSION 0x0300 +/* SSL3_VERSION is defined in prov_ssl.h */ # define SSL3_VERSION_MAJOR 0x03 # define SSL3_VERSION_MINOR 0x00 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index cd1f818c1a..d6e9331fa1 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -20,6 +20,7 @@ # include # include +# include #ifdef __cplusplus extern "C" { @@ -30,10 +31,7 @@ extern "C" { # define OPENSSL_TLS_SECURITY_LEVEL 1 # endif -# define TLS1_VERSION 0x0301 -# define TLS1_1_VERSION 0x0302 -# define TLS1_2_VERSION 0x0303 -# define TLS1_3_VERSION 0x0304 +/* TLS*_VERSION constants are defined in prov_ssl.h */ # ifndef OPENSSL_NO_DEPRECATED_3_0 # define TLS_MAX_VERSION TLS1_3_VERSION # endif diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c index 781acae8db..f6d95197f0 100644 --- a/providers/common/capabilities.c +++ b/providers/common/capabilities.c @@ -12,7 +12,7 @@ #include #include /* For TLS1_VERSION etc */ -#include +#include #include #include "internal/nelem.h" #include "internal/tlsgroups.h" diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 95cb84e79e..e0b4a4a6d4 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -195,7 +195,7 @@ a7f3d371a6a1491a52282ed59a81e4d2f8d9b8d064900ddd8b2f667692241092 crypto/evp/evp abaf593aa548176d763ed54ba6a9a7b02e08868f801af0de17f8c1721c20fe5a crypto/evp/evp_rand.c 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c 17389c71b88ac74928e538fc155badf5c4555dd181191d7a054b60b7fad7a755 crypto/evp/exchange.c -b1f2104d2ad424fc5db6e547e2980a698bf7d62a2b249f66e4f2f7612e12dfab crypto/evp/kdf_lib.c +6bcf946bc6aeb6a8350b17ab16759a9db03cfc025637a296de2999ca254a6317 crypto/evp/kdf_lib.c 67ee456b5aa1e6691dfe03af24ce27d43d8e1f59c9dc52a71f777e833a01817d crypto/evp/kdf_meth.c 0f4468e16e1f0b04a28b350688f20234a94eac355fd644be688a1576cd7d99fe crypto/evp/kem.c b011ded0b5ee21c6d417df81e35ac70ddb8df0c65ba48990f303f09d7695554e crypto/evp/keymgmt_lib.c @@ -244,7 +244,7 @@ bdf25257b15eca206be4d950d2dd807ca5f058f91f54edbd7a0d312ed83eef8e crypto/modes/o e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/wrap128.c 608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c ca8f63ee71797f51c2bf5629190897306b3308882feb3d64c982239f18e8b738 crypto/o_str.c -5e3b9e03839582d4cf1e3f7f6fc661f2531bf99b189bdcf4654c56fee1d7ecf9 crypto/packet.c +7b8d9f5dfe00460df5fbcfd4a5f2f36128020ebd2ced85ff5071b91f98740b2e crypto/packet.c e30c9e30e4356621236136caf001ee60d51aac492a5bf0fb7f1022b973aec425 crypto/param_build.c c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c 07299afb0e8a7f5a7b43fef290c1fc1e280e4ca18472e7bb44e6a7e1c7efc027 crypto/params.c @@ -272,7 +272,7 @@ cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c 33de2accc3af530fd0a4758eb83d5e1d994bf49bac4512b01387dbae656e1a7d crypto/rsa/rsa_oaep.c a2fd2e4e31ec53d01a575ccaf03bad5a270412ff66804cf0b5fa40492b89181d crypto/rsa/rsa_ossl.c -981df3d52719b65fd0f208e62116a0e90f6f7faa35fde90077bd5ddd0ede1859 crypto/rsa/rsa_pk1.c +be3f39c1fcb777d6c0122061f9ef735d10a6bee95d67fcc1ca6ae2a664022d2b crypto/rsa/rsa_pk1.c 174a42e156be48927fe6d6bf0d95575619b8e643a99761275bff933bc3449722 crypto/rsa/rsa_pss.c bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170 crypto/rsa/rsa_schemes.c 3f269305314a812a343d74c182bff0a747e465c686af31ccc82f9adfa8616836 crypto/rsa/rsa_sign.c @@ -392,8 +392,6 @@ b24938409313384024524cbde837690d83119bcb70fb289b38cb7efa8e082852 include/intern 323549254bf7055fd2928253f2fb307cd97903d32716406ac5b11c990f4d88e3 include/openssl/asn1.h.in d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429 include/openssl/asn1err.h 23809ecb0bcc5d870a776a322f26f1f7339d2fabc275931b5bd0619b6b18e7c9 include/openssl/asn1t.h.in -cf4be859dba94326ba7d9e305fd7e7275bd11e534118c7b140a3a1c8dac01b76 include/openssl/async.h -8ed44307406db3a25abebe94b792175f99ceb04ede8fdc5c84446c9622729a0a include/openssl/asyncerr.h d23e74122090a71268818a8162bb0642d292b931eed2188f4f3a5c9083227a01 include/openssl/bio.h.in 0a26138aaded05cafe2326e11fdc19b28408e054cfe3dda40d45ef95ce8136b0 include/openssl/bioerr.h 7d1f9880976a926ba6e0cad08e8de6f326aae48d8350b499aa79127f63d4d108 include/openssl/bn.h @@ -401,8 +399,6 @@ ea344bb0b690d4e47c99e83f6692b970c9b54a4520296bb2d3ddbcbdf0d51653 include/openss 93954e6c450716e158948d67f64736a451ea9473d02f3a908f3bc8a96cf049a5 include/openssl/buffer.h 9d48e6cab2ee98ae94d7113e4c65f000d97e125fdb3445642865ace3f34d06ac include/openssl/buffererr.h 8e772c24b051e59d2f65339f54584e3e44165a3eaf997d497faea764990130f5 include/openssl/cmac.h -1eae6c12c4298d236b1ccefe3ebc28093fd8157214be16f8d34234b376002800 include/openssl/comp.h -2c7c73adb2fa1da9d453d3776ce83f74e7fc354e268a92cb973abddfe14b7db5 include/openssl/comperr.h 55aa91482d327d1784484922389e8277bdcdff7a7df27e84200d5c908bd40454 include/openssl/conf.h.in f20c3c845129a129f5e0b1dae970d86a5c96ab49f2e3f6f364734521e9e1abe3 include/openssl/conferr.h 02a1baff7b71a298419c6c5dcb43eaa9cc13e9beeb88c03fb14854b4e84e8862 include/openssl/configuration.h.in @@ -413,14 +409,11 @@ f20c3c845129a129f5e0b1dae970d86a5c96ab49f2e3f6f364734521e9e1abe3 include/openss d165f5c61bfe17ba366a3ba94afb30d3c8ce6b21e9cff59a15f3622f2654ae49 include/openssl/crypto.h.in 06e9f521a6e98e104cdf37260ce967d928e25d424e0013f1feb3ff4da18eaec0 include/openssl/cryptoerr.h bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h -24f276f5e1292fededcc70b02c002cf5ea3e747d403582f30d2e085e65a9813e include/openssl/ct.h.in -b0f19457b19e0341d13c33863695723272ec6534c708914b4ec75891589565fc include/openssl/cterr.h fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d include/openssl/des.h 3a57eceec58ab781d79cb0458c2251a233f45ba0ef8f414d148c55ac2dff1bc8 include/openssl/dh.h 836130f5a32bbdce51b97b34758ed1b03a9d06065c187418eaf323dca6adfc6d include/openssl/dherr.h 92ae2c907fd56859e3ae28a085071611be5c9245879305cdf8bad027219e64b6 include/openssl/dsa.h 335eb40a33cd1e95e7783bda2d031ec2bcf02cff8aa804ba3484d1354452b7ea include/openssl/dsaerr.h -e067fc6ddda9827d7c4f0675acd0cad2dc427d7d3559749cff3086fcaa34d959 include/openssl/dtls1.h 3485a648e62685ec595954e2228be83bea1be4895a309fe64f49db1436a3f11e include/openssl/e_os2.h bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openssl/ebcdic.h 8e301f2f8cfacda5d7de4f53e5592b523454cb93ba3c8029b628a6abf0ddb833 include/openssl/ec.h @@ -430,7 +423,7 @@ cbbf74efc7fdb020f06840c856ad7fe97553944f4cc3c197fbb004de38158048 include/openss 171a780183dd91350d2f7abed7ded9ce80dfdec8afaab5adcd843514bdbc7a43 include/openssl/engine.h fb510978001ebea15eee4c4c6cbeebb126a66e11117e6f6d9b9fb4be5057b92c include/openssl/engineerr.h bfc224df9ef6ea16d0112dd8b1b1d9a09b8484a5a26f3f0c85041d7d5e83cf3b include/openssl/err.h.in -a9a8424e276c15f5691510e0ba414471f7f1892d2cefea697fd975ba0309e5cc include/openssl/evp.h +19619eac1e6555fb4596ebf02a5f5c16a9e72596b2d444488f7a60dfb396138b include/openssl/evp.h 5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h 5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783 include/openssl/fipskey.h.in @@ -456,6 +449,7 @@ fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970 include/openss fb453de1abc5ec8410586593921a66757441ecbfc4273349ddc6257c503a2000 include/openssl/pemerr.h 74305b1bd8575cd0ef6c86eb1edd89a9a144b84d39d7f6740b7ce8cdad6f9d9c include/openssl/pkcs7.h.in 8394828da6fd7a794777320c955d27069bfef694356c25c62b7a9eb47cd55832 include/openssl/pkcs7err.h +097615b849375e2903967521f76c570512e5be47b8159fdbcd31e433f8a4cca7 include/openssl/prov_ssl.h 90fb37a1a564b989afca658dae8c78b0ba72ac1f4d1ffc0c52eb93e74e144603 include/openssl/proverr.h b97e8ad49b38683817387596aefec0abd5f4d572643beef48be4f7acba26768d include/openssl/provider.h 7c9b5f479d9b22cfc8db0976dddfc2a1ee6e757b436e01a2b4d2744bcb6d81a5 include/openssl/rand.h @@ -466,15 +460,8 @@ c1015b77c444a3816d2ea7ad770f1c3b79a1e54887930af6dd662895701f3323 include/openss 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in 8578f881906486eb4d5c8f1631a469d3fc6b350e1ff8dc103db40391234ceb47 include/openssl/self_test.h d8da6697ce0f23b40c9a557940f030008bf1a53eff2739974f7bdb6b12b93b44 include/openssl/sha.h -1d0b2696819d7eda4210fcf6f16f30540f536c5433b4ef48e68fb54e95d03d1b include/openssl/srtp.h -a59992f46c7b98e3c9738c7f00648d8e3b84b4a19e09cf87709042c0b9798108 include/openssl/ssl.h.in -9c6d59db5867965f0fc281836f55c4cfb300e43b81c0a1d10ae57184b82e00ba include/openssl/ssl2.h -a7593d089430355601f02df740f407ea26e25a643815cb3ded336f9ee3ab6e44 include/openssl/ssl3.h -28586b305c6b96889daedaf0e7ddb946c42089a0fdb57ee4e5e9b2382629473a include/openssl/sslerr.h -cd7bbe3d9bdaea20969cf9a388570ade19201f48f44b4bb860499d49590f9bfb include/openssl/sslerr_legacy.h c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h -b220280d27e4f30ea9605902b316d20953d1d4931c3d199321b9f46d9366d60d include/openssl/tls1.h 12026c3aa4b14d9083999a7e5098bd4273a4f2004ff1d397d65710b3d4bc6e2b include/openssl/trace.h ffd0b00e9fdb307c6f4369fa52005033ff4746cf49dd82bb9dfae1a83532e6e0 include/openssl/types.h f37b0da67078c8c220c442499e02f92dfe240f6d77ec942f2a562a18f338284a include/openssl/ui.h.in @@ -485,7 +472,7 @@ fa88f86a4643441ecd6779894bb9533f63c275b5a871bae6687905185f315f94 include/openss 8ddb7bd65c766317f6f20ff615e4d0ddc99bc4ee0d6ec149e3834b8d4fe11a05 include/openssl/x509v3.h.in f78e901b2260416773c6d7933de8771a03bbb2cc3073809f3c1715d4276789ff include/openssl/x509v3err.h c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13 providers/common/bio_prov.c -d0a26820a192f38a52d26846d40a677ce846b4808bdc0193e880d7bf39633f8e providers/common/capabilities.c +e7c39ef7b76668dae1470ce0edd7254da2937569762cebbf20e08fb97cb3324c providers/common/capabilities.c f94b7435d4ec888ec30df1c611afa8b9eedbb59e905a2c7cb17cfc8c4b9b85b8 providers/common/der/der_digests_gen.c.in 424d7b2ece984a0904b80c73e541400c6e2d50a285c397dd323b440a4f2a8d8e providers/common/der/der_dsa_gen.c.in 27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae providers/common/der/der_dsa_key.c @@ -524,10 +511,10 @@ f74c0d672eb313139706a1839914a558d53c43737e7c54fd85edc38b33500097 providers/fips f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h fe69e22b9e97277cbbe57139026357abd161b0eba2b8a7253b4e13647dd8760e providers/fips/self_test_data.inc f2775b7effa96b7c925ed71bd8c90e74b6256e7ed28346f59de46dffecb3e5a0 providers/fips/self_test_kats.c -cc53b8c68cb51193db6597b1e8c145c7b21e3576e74fcae7724692533fa81ceb providers/implementations/asymciphers/rsa_enc.c +f054b24ea53ad5db41dd7f37f20f42166ed68b832121a94858cb0173b1aaeb1d providers/implementations/asymciphers/rsa_enc.c 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c f9d4b30e7110c90064b990c07430bb79061f4436b06ccaa981b25c306cfbfaa2 providers/implementations/ciphers/cipher_aes.h -fda0045a1d16514c12e27c6171e40d8a13d444b8e6ac526e44e9d507ec33adbf providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +89378cce6d31e8c2f221f9f29d0b17622624eb83e4ecec8465f7641f68352917 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c 7668e5c1cac474ad7b0f28aa78ca885edf44815fe4a606a6cd328b3c02fac25a providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h 26e0f28523b416ba4067e471061f5a11fd76f5dc8bfe57ce37a137cf5667630b providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c aadd5bf80c25bc98325562e388515f3ab6841755c265e150177ee16013684e76 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c @@ -556,8 +543,8 @@ f358c4121a8a223e2c6cf009fd28b8a195520279016462890214e8858880f632 providers/impl 3023eb3efb71ffe922e957acf4da65a124a8367a5fbe68a9d9f2fe8d583063d8 providers/implementations/ciphers/cipher_tdes.h 9e07260067083c76d26eb0dd8a8bb4a8dac678812644ff88951a0661be70d9fd providers/implementations/ciphers/cipher_tdes_common.c 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25 providers/implementations/ciphers/cipher_tdes_hw.c -3fd3a0e53984c114e74172a85f8321569877df00d193d5bd2e90e8be38507082 providers/implementations/ciphers/ciphercommon.c -697e9f2254574cc93f0737456d0f3a275946296466a179bb5d0fea607c7a92fa providers/implementations/ciphers/ciphercommon_block.c +afa2f65f7795c1f9455119b59392ee8ac52aeea2a582cf565c37d7b1ed34ee7a providers/implementations/ciphers/ciphercommon.c +dd72ea861edf70b94197821ceb00e07165d550934a2e851d62afa5034b79f468 providers/implementations/ciphers/ciphercommon_block.c 4b4106f85e36eb2c07acc5a3ca5ccd77b736b3ac46cc4af786cf57405ecd54b2 providers/implementations/ciphers/ciphercommon_ccm.c 8b6828f188c2590c7d9c6cac13fa0eb6d38a522b0f2859e7c8a766580fa9b66e providers/implementations/ciphers/ciphercommon_ccm_hw.c 251aca4d087418e4fdac1390e1570b189b4076ba63a635d228784a05bb26e421 providers/implementations/ciphers/ciphercommon_gcm.c @@ -599,7 +586,7 @@ e0812f2cb3f08ebf159671ef16e5c60afcf963e3c0724950ddb24a0023d57f77 providers/impl 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c f88ab5c9a4cdfa160df2b8f0f833725845caa25facc81de9c4a7881d1d2f27db providers/implementations/keymgmt/mac_legacy_kmgmt.c 464d6f9236351e7dc3b991f5bba142c7aabcf2db3c236367332a9dd0308ddfac providers/implementations/keymgmt/rsa_kmgmt.c -802adf06e101bd81d94edb8bc82ba23eac9aeae258e6f43f9005b32fabcd99c6 providers/implementations/macs/cmac_prov.c +e25c8bfd205b0842ba8e7a0cbcf9f86b78c7d4d093655b8d45b23b8653d7358d providers/implementations/macs/cmac_prov.c c774e2791484ea9a1ffed69958f9d05c139bbf53603a9621ae76c6e89c36e5b1 providers/implementations/macs/gmac_prov.c 4d1d73b64f9fd1473a4b70c92fae2ad87aa30b6ec6d946d408deb251c0ef70c1 providers/implementations/macs/hmac_prov.c aa7ba1d39ea4e3347294eb50b4dfcb895ef1a22bd6117d3b076a74e9ff11c242 providers/implementations/macs/kmac_prov.c diff --git a/providers/fips.checksum b/providers/fips.checksum index c7e944675c..c712c1c4ea 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -a063a464981d8b2f8b76cd521f3f902d56bf8d591bbd06c408470a6d10b81417 providers/fips-sources.checksums +ef592dcb3367315f78795c64d131ca9ff062d1f6ca8702e1eef4b417e9b336a2 providers/fips-sources.checksums diff --git a/providers/fips.module.sources b/providers/fips.module.sources index 15346f9307..be4fc0de8f 100644 --- a/providers/fips.module.sources +++ b/providers/fips.module.sources @@ -392,8 +392,6 @@ include/openssl/aes.h include/openssl/asn1.h.in include/openssl/asn1err.h include/openssl/asn1t.h.in -include/openssl/async.h -include/openssl/asyncerr.h include/openssl/bio.h.in include/openssl/bioerr.h include/openssl/bn.h @@ -401,8 +399,6 @@ include/openssl/bnerr.h include/openssl/buffer.h include/openssl/buffererr.h include/openssl/cmac.h -include/openssl/comp.h -include/openssl/comperr.h include/openssl/conf.h.in include/openssl/conferr.h include/openssl/configuration.h.in @@ -413,14 +409,11 @@ include/openssl/core_names.h include/openssl/crypto.h.in include/openssl/cryptoerr.h include/openssl/cryptoerr_legacy.h -include/openssl/ct.h.in -include/openssl/cterr.h include/openssl/des.h include/openssl/dh.h include/openssl/dherr.h include/openssl/dsa.h include/openssl/dsaerr.h -include/openssl/dtls1.h include/openssl/e_os2.h include/openssl/ebcdic.h include/openssl/ec.h @@ -456,6 +449,7 @@ include/openssl/pem.h include/openssl/pemerr.h include/openssl/pkcs7.h.in include/openssl/pkcs7err.h +include/openssl/prov_ssl.h include/openssl/proverr.h include/openssl/provider.h include/openssl/rand.h @@ -466,15 +460,8 @@ include/openssl/rsaerr.h include/openssl/safestack.h.in include/openssl/self_test.h include/openssl/sha.h -include/openssl/srtp.h -include/openssl/ssl.h.in -include/openssl/ssl2.h -include/openssl/ssl3.h -include/openssl/sslerr.h -include/openssl/sslerr_legacy.h include/openssl/stack.h include/openssl/symhacks.h -include/openssl/tls1.h include/openssl/trace.h include/openssl/types.h include/openssl/ui.h.in diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 7b534e76ed..ce5ddff651 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -22,7 +22,7 @@ #include #include /* Just for SSL_MAX_MASTER_KEY_LENGTH */ -#include +#include #include "internal/constant_time.h" #include "internal/sizes.h" #include "crypto/rsa.h" diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index a0eef7c1e5..f9a8a58041 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -16,8 +16,8 @@ /* Dispatch functions for AES_CBC_HMAC_SHA ciphers */ -/* Only for SSL3_VERSION and TLS1_VERSION */ -#include +/* For SSL3_VERSION and TLS1_VERSION */ +#include #include #include "cipher_aes_cbc_hmac_sha.h" #include "prov/implementations.h" diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index 3c8ea8c03c..b5a0d43b78 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -12,7 +12,7 @@ */ /* For SSL3_VERSION */ -#include +#include #include #include "ciphercommon_local.h" #include "prov/provider_ctx.h" diff --git a/providers/implementations/ciphers/ciphercommon_block.c b/providers/implementations/ciphers/ciphercommon_block.c index 14f7503b36..6e6bb091e7 100644 --- a/providers/implementations/ciphers/ciphercommon_block.c +++ b/providers/implementations/ciphers/ciphercommon_block.c @@ -9,7 +9,7 @@ #include /* For SSL3_VERSION, TLS1_VERSION etc */ -#include +#include #include #include #include "internal/constant_time.h" From matt at openssl.org Fri Jun 4 16:31:36 2021 From: matt at openssl.org (Matt Caswell) Date: Fri, 04 Jun 2021 16:31:36 +0000 Subject: [openssl] master update Message-ID: <1622824296.550869.9444.nullmailer@dev.openssl.org> The branch master has been updated via f43f9d6313e31e90bb33a7f6f2fc0c657ef8495a (commit) via 39145c4111aaa358f521212f5e4c741f265b012a (commit) from 0e0a47377f98ac45648d2a46e0f2dfd799b07ec6 (commit) - Log ----------------------------------------------------------------- commit f43f9d6313e31e90bb33a7f6f2fc0c657ef8495a Author: Matt Caswell Date: Thu Jun 3 11:50:48 2021 +0100 Test a bad SmtpUTF8Mailbox name constraint We add a verify test with a cert with a SAN and a bad SmtpUTF8Mailbox entry, with an intermediate certificate with email name constraints. Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15611) commit 39145c4111aaa358f521212f5e4c741f265b012a Author: Matt Caswell Date: Thu Jun 3 11:08:25 2021 +0100 Check that we got the expected name type when verifying name constraints If a SAN field contains an SmtpUTF8Mailbox name then it is expected to have a UTF8String type. We should verify that it really does before we attempt to use the value in it. Reported by Corey Bonnell Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15611) ----------------------------------------------------------------------- Summary of changes: crypto/x509/v3_ncons.c | 25 ++++++++++++++++--------- test/certs/bad-othername-namec-inter.pem | 17 +++++++++++++++++ test/certs/bad-othername-namec-key.pem | 27 +++++++++++++++++++++++++++ test/certs/bad-othername-namec.pem | 18 ++++++++++++++++++ test/recipes/25-test_verify.t | 11 +++++++++-- 5 files changed, 87 insertions(+), 11 deletions(-) create mode 100644 test/certs/bad-othername-namec-inter.pem create mode 100644 test/certs/bad-othername-namec-key.pem create mode 100644 test/certs/bad-othername-namec.pem diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index 4917884fd9..d3b9e8c6f1 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -35,7 +35,7 @@ static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); static int nc_dn(const X509_NAME *sub, const X509_NAME *nm); static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); -static int nc_email_eai(ASN1_UTF8STRING *sub, ASN1_IA5STRING *eml); +static int nc_email_eai(ASN1_TYPE *emltype, ASN1_IA5STRING *base); static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base); @@ -521,8 +521,8 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) * We are here only when we have SmtpUTF8 name, * so we match the value of othername with base->d.rfc822Name */ - return nc_email_eai(gen->d.otherName->value->value.utf8string, - base->d.rfc822Name); + return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name); + case GEN_DIRNAME: return nc_dn(gen->d.directoryName, base->d.directoryName); @@ -591,21 +591,28 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) } /* - * This function implements comparison between ASCII/U-label in eml + * This function implements comparison between ASCII/U-label in emltype * and A-label in base according to RFC 8398, section 6. * Convert base to U-label and ASCII-parts of domain names, for base - * Octet-to-octet comparison of `eml` and `base` hostname parts + * Octet-to-octet comparison of `emltype` and `base` hostname parts * (ASCII-parts should be compared in case-insensitive manner) */ -static int nc_email_eai(ASN1_UTF8STRING *eml, ASN1_IA5STRING *base) +static int nc_email_eai(ASN1_TYPE *emltype, ASN1_IA5STRING *base) { + ASN1_UTF8STRING *eml; const char *baseptr = (char *)base->data; - const char *emlptr = (char *)eml->data; - const char *emlat = strrchr(emlptr, '@'); - + const char *emlptr; + const char *emlat; char ulabel[256]; size_t size = sizeof(ulabel) - 1; + if (emltype->type != V_ASN1_UTF8STRING) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + eml = emltype->value.utf8string; + emlptr = (char *)eml->data; + emlat = strrchr(emlptr, '@'); + if (emlat == NULL) return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; diff --git a/test/certs/bad-othername-namec-inter.pem b/test/certs/bad-othername-namec-inter.pem new file mode 100644 index 0000000000..2480c8ccb7 --- /dev/null +++ b/test/certs/bad-othername-namec-inter.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyTCCAbGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZSb290 +IDIwHhcNMjEwNjAyMTMwMzExWhcNMjEwNzAyMTMwMzExWjAPMQ0wCwYDVQQDDARS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfhnjWl5hnF1ecJv +kq21AWOfHhPsQT/5juFA/v/goAFatKr40+k7Jy3qQ79FRLBf2l4yMun8K7ZPMFfV +q7q3SliOmLqRq0Uf1Eyh8KdQTWc5QIhNttlDaP8EMDuoTJK2NIUTenV/y5errWNJ +l1a8l+kbI6PuKTyziAi524Hja7BH4nQ5rk2vb3nc4vlRAYZtke2MMeHSxZhvkZj/ +UtAfAu2Ql9auc6sfViGuaBc4sShS2F7rmQnJmmf0+qW6y9VoYV68HC7EsO22UDXd +aYhY2To9al04rdL0rDDw018Z8VbcW6lwPOkgfbpQDl9fvuFFfxb/2t7soRsAcuKr ++gbWmQIDAQABoy4wLDAPBgNVHRMBAf8EBTADAQH/MBkGA1UdHgQSMBCgDDAKgQgu +Zm9vLmNvbaEAMA0GCSqGSIb3DQEBCwUAA4IBAQCA9aWhpHdUM/9yx0HRgkW5M8IS +zc83Fzbhv3/32s8H2gplxq+XqfIIdoOosgnaEi01ynPncG6IWqj4hfOuoyoorZA3 +cmubAjkHrTu8VaMgZL43SwvyWda7atpCOo7rGdz+LL9hH/jcwhLtEqoB+Tdj6wOp +1O14ndCLi0XXoBezsCpmGtjF7aIunsu6yxJN7b/nTcKh/XSAxjpsa6GlNXTbfJyL +BAUiksQ1KTiW8LyF9IRjckpkf1RH9pqBD8vVeunEpXOUPGOfseL5AAXbvYI6iN70 +aCxKkiRwqX7ZK0lL9Oh+hhaVqqdPnGxb+O3ZX/88FvKvWiicnftMx56lzv4H +-----END CERTIFICATE----- diff --git a/test/certs/bad-othername-namec-key.pem b/test/certs/bad-othername-namec-key.pem new file mode 100644 index 0000000000..88f9d967a8 --- /dev/null +++ b/test/certs/bad-othername-namec-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEArQTbBNa+PaMZw/guenN8vEa/Q8dhG0jnwSt78qkaXt1a/CKp +M/NWG1FL9TnOa0j3mjrZJ9/ePzd8TfJw8arpNToFL9rZ6eqs3QB45OIf0gAIvkN4 +NNre7UInM9CpdiMdNf/jldJWi8yPIyogDOrhB5mtAVJfCsd9cn4JmMncqQcZ0Mto +Jjm10y+Nn6Li1efV9zQ974M8KY14vhPyxGklqiRWM/+M3UzhhklCdxyYLGpp9tou +KjwaO3nnGQ1lqgbJIfs0ciRHdcrh/CkK5zSySpCeep1NumjwzmN7s+jPtjoBmbWW +jc3KFnEfTBet3FgXXath2fpxKYZSHD044/63kQIDAQABAoIBACx6oxOLYTzXQThw +BQLVzatZRLJX/07UXz/5vdOURYM9xLYs8vK4C9rZ+3z/b2GFUKIFnu3xT2FRElO3 +j/GQzoMwd0TmLj9EZUwrYuj0eNmzyIuhLLXpzoWQDCP18Jq+TDQlpIxPlpA59lJD +8hlgCJm7mA5O7sAGqOlWHYF545BQJq/wNcsgKjLZ4y5Ef8SRT9v/JZOVhCMTX4pV +kn67XTQ9qNH51E963QCMOxa4DSHeduZWLpEwBbpJpXvVLKuUmb8JYWfgjdAjtm3W +qyQzjeGnjX1ZNkvBIBmfYYZ99pNtoy/tdbb0G87GYNf/WHFUtckU1/IqPeMuG5Q1 +8m8SGwECgYEA3FwGueYji4IFL9lyIgccnzssQ2lQ4Xh75R1JMKvi3usFFPby38EY +z8Fpyqa/vLQtg+6ne5L1Qxl2U4Vqyzw3RKNOONkCd0qCIG7/NDRoxUmE+6ojHrbi +4F5sTPZDmGrwGdVKUjeVK/nKIHTDyZjuJl9Mb6BG0xZj6waFnQxGoT0CgYEAyQCy +mmLC8GjtvTHGDjlDAI+OZbJGal0UdE0VMxQuVJwxDAB5QMhXX+DvF/tYqnPtwMMy +n4QXkiy4dRqlJfcmtwHpBoTsfApwxSyw38WJR9mUCVWaOC06CEBSquIe0WhmAZMO +je79veqJlZjYI7S/px7Jaje5NVTWFVztPHciLOUCgYBpNIJ9lJOZ0myZiK5F8rFG +kGC0mn5j9zrnixDbbOT22qvlc3VHQJCQ992DRBM8i6VDXNiXVfVEoM5uV79B4rDc +Uz9QQsM7otX3mCa9jNwMfOpBoNv9mQE+b7YzFEv3Y+7X1o4SLLlKcop+7mBfSmVA +6rS6goHt272+grGd5jN+XQKBgBIsCvmkNiWQBvZU2qgMiz8wu1n8XRteoOvG0ETW +7T1fBZwlKtEti6CycEtFwQVgB72mqBv90De57U9BAm9FQe3HsW6Sc+Le+sUIvlDs +xfWF+TlC0PeFNzrpvc+PM+QQwTAhQG6ajbwuyROKRvgrbixIv0LoGMl2iwhRZ21R +A/j1AoGBAJqUpT30dWSSDnUMir0TNnD//01+0R2eu8EPQu9h443KuKP9nf4GCJ9s +qP3MKE0iKmsQ6ybPkCDc+mbViFqY5LQOssffHCMwWjv4vVnJt6N5SqNT5T2+Ctxy +ZVwsbqSjxBsew6jBA8aDpI2igcBaZhBl8+ZmQph+723N3iBk1FXl +-----END RSA PRIVATE KEY----- diff --git a/test/certs/bad-othername-namec.pem b/test/certs/bad-othername-namec.pem new file mode 100644 index 0000000000..ffaba405cf --- /dev/null +++ b/test/certs/bad-othername-namec.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzTCCAbWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 +MB4XDTIxMDYwMjEzNDIzNVoXDTIxMDcwMjEzNDIzNVowDTELMAkGA1UEAwwCRUUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtBNsE1r49oxnD+C56c3y8 +Rr9Dx2EbSOfBK3vyqRpe3Vr8Iqkz81YbUUv1Oc5rSPeaOtkn394/N3xN8nDxquk1 +OgUv2tnp6qzdAHjk4h/SAAi+Q3g02t7tQicz0Kl2Ix01/+OV0laLzI8jKiAM6uEH +ma0BUl8Kx31yfgmYydypBxnQy2gmObXTL42fouLV59X3ND3vgzwpjXi+E/LEaSWq +JFYz/4zdTOGGSUJ3HJgsamn22i4qPBo7eecZDWWqBskh+zRyJEd1yuH8KQrnNLJK +kJ56nU26aPDOY3uz6M+2OgGZtZaNzcoWcR9MF63cWBddq2HZ+nEphlIcPTjj/reR +AgMBAAGjNjA0MAwGA1UdEwEB/wQCMAAwJAYDVR0RBB0wG6AOBggrBgEFBQcICaAC +BQCCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAa12YtetxpZT+llksQiec +acdRVyWupsENMHeE+hHcDwc09M3c6JvjF0YB03cVBSRRra8MCV4pNNK1fGSfKb0Q +0ZE06bM6v+rjJW/CdUeb7yoq1Vk60ppevbDsf+EmSq76kGJoocYh88qLpL7QVINQ +G0fcuMfBs2oTonJbIGcXWSrj5yIaZMRrARlp97ynR6phArufKblBYk1NQIJZUO+V +IItENBfAPe4QZMnvjFO+hqmLzvVAz0480iNMa1++RmO66TxYi7b+nKGIUtonTGpt +HspWZDtnB+y+qd6WbH1Yev5BoZLxdQAm4CFIESB4DrDBBV3QZPlVF0ZrLWFqMpBr +Uw== +-----END CERTIFICATE----- diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index b1f4fd6827..3ed408b795 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -11,7 +11,7 @@ use strict; use warnings; use File::Spec::Functions qw/canonpath/; -use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/; +use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips with/; use OpenSSL::Test::Utils; setup("test_verify"); @@ -28,7 +28,7 @@ sub verify { run(app([@args])); } -plan tests => 155; +plan tests => 156; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -369,6 +369,13 @@ ok(!verify("badalt9-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), "Name constraints nested DNS name excluded"); +#Check that we get the expected failure return code +with({ exit_checker => sub { return shift == 2; } }, + sub { + ok(verify("bad-othername-namec", "", ["bad-othername-namec-inter"], [], "-partial_chain"), + "Name constraints bad othername name constraint"); + }); + ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"), "Accept PSS signature using SHA1 at auth level 0"); From pauli at openssl.org Sat Jun 5 07:41:28 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Sat, 05 Jun 2021 07:41:28 +0000 Subject: [openssl] master update Message-ID: <1622878888.209962.30047.nullmailer@dev.openssl.org> The branch master has been updated via 3d9d1ce52904660757dadeb629926932abe25158 (commit) via d2b6c06274f37c5c6c967939ee556c4be5b568d0 (commit) via 7be04a3ac40fb6cf83be2c619dc30625988c6742 (commit) via 6282d6c28456543734defc45f653adeec1362958 (commit) via c6313780586f94b0542f55c3ffa399f5ad2c7297 (commit) via 5dca2afca3f5de55f3de3a404ede1a96c6d9af26 (commit) via dea2878fac8bde549fa0dd3b8e895703b174391b (commit) via c8a9af97c928118ae4626d793d0b73552648b7ea (commit) via 62653483464b78ae57bff9b807ee3328e0f078f3 (commit) via d6ded941c94803adf090f17093c8ff905f259ca8 (commit) from f43f9d6313e31e90bb33a7f6f2fc0c657ef8495a (commit) - Log ----------------------------------------------------------------- commit 3d9d1ce52904660757dadeb629926932abe25158 Author: Matt Caswell Date: Tue Jun 1 15:17:38 2021 +0100 Add documentation for newly added ASN1 functions Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) commit d2b6c06274f37c5c6c967939ee556c4be5b568d0 Author: Matt Caswell Date: Thu May 27 15:03:06 2021 +0100 Ensure libctx/propq is propagated when handling X509_REQ When we create via d2i or dup an X509_REQ we should ensure that the libctx is properly propagated. We also ensure we create X509_REQ objects with the proper libctx assigned in the CMP tests. Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) commit 7be04a3ac40fb6cf83be2c619dc30625988c6742 Author: Matt Caswell Date: Thu May 27 10:56:02 2021 +0100 Give ASN.1 objects the ability to report their libctx/propq Some ASN.1 objects have an embedded libctx/propq. If they have one we give the ASN.1 code the ability to find these values and use them where needed. This is used for OSSL_CMP_MSG_dup() and X509_dup(). Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) commit 6282d6c28456543734defc45f653adeec1362958 Author: Matt Caswell Date: Thu May 27 09:00:47 2021 +0100 Make sure X509_dup() also dup's any associated EVP_PKEY Otherwise we can end up with a blank EVP_PKEY. If it is later recreated it can end up with the wrong libctx/propq. Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) commit c6313780586f94b0542f55c3ffa399f5ad2c7297 Author: Matt Caswell Date: Wed May 26 17:18:13 2021 +0100 Use the new ASN.1 libctx aware capabilities in CMP Make sure we pass the libctx/propq around everywhere that we need it to ensure we get provider keys when needed. Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) commit 5dca2afca3f5de55f3de3a404ede1a96c6d9af26 Author: Matt Caswell Date: Tue May 25 17:46:11 2021 +0100 Use the new ASN.1 libctx aware functions in CMS Make sure we pass the libctx around when working with CMS structures Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) commit dea2878fac8bde549fa0dd3b8e895703b174391b Author: Matt Caswell Date: Tue May 25 17:16:18 2021 +0100 Teach more of the ASN.1 code about libctx/propq Make sure we pass libctx/propq down to all the layers so that objects that are created during parsing have the right values. Then use this new capability for PKCS7. Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) commit c8a9af97c928118ae4626d793d0b73552648b7ea Author: Matt Caswell Date: Fri May 21 17:25:05 2021 +0100 Teach the ASN.1 code how to create embedded objects with libctx/propq An ASN.1 object such as an X509 may have embedded objects in it such as an X509_PUBKEY. If there is a libctx/propq in use then we need to make sure we pass these down to the constructors of these embedded objects. Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) commit 62653483464b78ae57bff9b807ee3328e0f078f3 Author: Matt Caswell Date: Fri May 21 15:50:43 2021 +0100 Fix evp_extra_test to use libctx in an X509_PUBKEY Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) commit d6ded941c94803adf090f17093c8ff905f259ca8 Author: Matt Caswell Date: Fri May 21 15:50:09 2021 +0100 Provide the ability to create an X509_PUBKEY with a libctx/propq Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 2 +- crypto/asn1/a_d2i_fp.c | 20 ++- crypto/asn1/a_dup.c | 13 +- crypto/asn1/asn1_local.h | 3 + crypto/asn1/asn_mime.c | 16 ++- crypto/asn1/tasn_dec.c | 100 ++++++++++----- crypto/asn1/tasn_new.c | 47 +++++-- crypto/cmp/cmp_asn.c | 44 ++++++- crypto/cmp/cmp_local.h | 7 +- crypto/cmp/cmp_msg.c | 92 ++++++++++++- crypto/cms/cms_io.c | 13 +- crypto/cms/cms_lib.c | 10 +- crypto/pkcs7/pk7_asn1.c | 13 +- crypto/pkcs7/pk7_mime.c | 9 +- crypto/x509/x_all.c | 29 ++++- crypto/x509/x_pubkey.c | 39 ++++-- crypto/x509/x_req.c | 31 +++++ crypto/x509/x_x509.c | 33 ++++- doc/build.info | 18 +++ doc/man3/ASN1_EXTERN_FUNCS.pod | 181 ++++++++++++++++++++++++++ doc/man3/ASN1_aux_cb.pod | 284 +++++++++++++++++++++++++++++++++++++++++ doc/man3/ASN1_item_d2i_bio.pod | 53 +++++++- doc/man3/ASN1_item_new.pod | 45 +++++++ doc/man3/SMIME_read_ASN1.pod | 8 +- doc/man3/X509_PUBKEY_new.pod | 15 ++- doc/man7/migration_guide.pod | 12 +- include/openssl/asn1.h.in | 14 +- include/openssl/asn1t.h.in | 12 +- include/openssl/cmp.h.in | 3 +- include/openssl/x509.h.in | 1 + test/cmp_client_test.c | 2 +- test/cmp_msg_test.c | 4 +- test/cmp_protect_test.c | 10 +- test/cmp_server_test.c | 2 +- test/cmp_vfy_test.c | 28 ++-- test/evp_extra_test.c | 10 +- test/helpers/cmp_testlib.c | 4 +- test/helpers/cmp_testlib.h | 2 +- test/testutil.h | 2 +- test/testutil/load.c | 7 +- util/libcrypto.num | 5 + util/missingcrypto.txt | 4 - util/other.syms | 13 ++ 43 files changed, 1111 insertions(+), 149 deletions(-) create mode 100644 doc/man3/ASN1_EXTERN_FUNCS.pod create mode 100644 doc/man3/ASN1_aux_cb.pod create mode 100644 doc/man3/ASN1_item_new.pod diff --git a/apps/cmp.c b/apps/cmp.c index 03530f2584..dfd2981425 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -729,7 +729,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames) file = *filenames; *filenames = next_item(file); - ret = OSSL_CMP_MSG_read(file); + ret = OSSL_CMP_MSG_read(file, app_get0_libctx(), app_get0_propq()); if (ret == NULL) CMP_err1("cannot read PKIMessage from file '%s'", file); return ret; diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index f1e96b2eaf..e8602053f9 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -55,7 +55,8 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) #endif -void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) +void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *x, + OSSL_LIB_CTX *libctx, const char *propq) { BUF_MEM *b = NULL; const unsigned char *p; @@ -69,14 +70,20 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) goto err; p = (const unsigned char *)b->data; - ret = ASN1_item_d2i(x, &p, len, it); + ret = ASN1_item_d2i_ex(x, &p, len, it, libctx, propq); err: BUF_MEM_free(b); return ret; } +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) +{ + return ASN1_item_d2i_bio_ex(it, in, x, NULL, NULL); +} + #ifndef OPENSSL_NO_STDIO -void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) +void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, + OSSL_LIB_CTX *libctx, const char *propq) { BIO *b; char *ret; @@ -86,10 +93,15 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) return NULL; } BIO_set_fp(b, in, BIO_NOCLOSE); - ret = ASN1_item_d2i_bio(it, b, x); + ret = ASN1_item_d2i_bio_ex(it, b, x, libctx, propq); BIO_free(b); return ret; } + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) +{ + return ASN1_item_d2i_fp_ex(it, in, x, NULL, NULL); +} #endif #define HEADER_SIZE 8 diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c index 2fa3ccd28a..93e8b2aa8d 100644 --- a/crypto/asn1/a_dup.c +++ b/crypto/asn1/a_dup.c @@ -56,6 +56,8 @@ void *ASN1_item_dup(const ASN1_ITEM *it, const void *x) const unsigned char *p; long i; ASN1_VALUE *ret; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; if (x == NULL) return NULL; @@ -67,9 +69,12 @@ void *ASN1_item_dup(const ASN1_ITEM *it, const void *x) asn1_cb = aux != NULL ? aux->asn1_cb : NULL; } - if (asn1_cb != NULL - && !asn1_cb(ASN1_OP_DUP_PRE, (ASN1_VALUE **)&x, it, NULL)) - goto auxerr; + if (asn1_cb != NULL) { + if (!asn1_cb(ASN1_OP_DUP_PRE, (ASN1_VALUE **)&x, it, NULL) + || !asn1_cb(ASN1_OP_GET0_LIBCTX, (ASN1_VALUE **)&x, it, &libctx) + || !asn1_cb(ASN1_OP_GET0_PROPQ, (ASN1_VALUE **)&x, it, &propq)) + goto auxerr; + } i = ASN1_item_i2d(x, &b, it); if (b == NULL) { @@ -77,7 +82,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, const void *x) return NULL; } p = b; - ret = ASN1_item_d2i(NULL, &p, i, it); + ret = ASN1_item_d2i_ex(NULL, &p, i, it, libctx, propq); OPENSSL_free(b); if (asn1_cb != NULL diff --git a/crypto/asn1/asn1_local.h b/crypto/asn1/asn1_local.h index 15843ac689..f73bd8fc6a 100644 --- a/crypto/asn1/asn1_local.h +++ b/crypto/asn1/asn1_local.h @@ -89,3 +89,6 @@ int ossl_c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg); ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type); + +int ossl_asn1_item_ex_new_intern(ASN1_VALUE **pval, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 1c1f72f800..1b8ac34106 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -130,7 +130,8 @@ int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, return r; } -static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it, ASN1_VALUE **x) +static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq) { BIO *b64; ASN1_VALUE *val; @@ -140,7 +141,7 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it, ASN1_VALUE **x) return 0; } bio = BIO_push(b64, bio); - val = ASN1_item_d2i_bio(it, bio, x); + val = ASN1_item_d2i_bio_ex(it, bio, x, libctx, propq); if (!val) ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR); (void)BIO_flush(bio); @@ -388,8 +389,9 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, * opaque this is set to NULL */ -ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, const ASN1_ITEM *it, - ASN1_VALUE **x) +ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, + const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq) { BIO *asnin; STACK_OF(MIME_HEADER) *headers = NULL; @@ -461,7 +463,7 @@ ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, const ASN1_ITEM } sk_MIME_HEADER_pop_free(headers, mime_hdr_free); /* Read in ASN1 */ - if ((val = b64_read_asn1(asnin, it, x)) == NULL) { + if ((val = b64_read_asn1(asnin, it, x, libctx, propq)) == NULL) { ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR); sk_BIO_pop_free(parts, BIO_vfree); return NULL; @@ -489,7 +491,7 @@ ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, const ASN1_ITEM sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - if ((val = b64_read_asn1(bio, it, x)) == NULL) { + if ((val = b64_read_asn1(bio, it, x, libctx, propq)) == NULL) { ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR); return NULL; } @@ -498,7 +500,7 @@ ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, const ASN1_ITEM ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) { - return SMIME_read_ASN1_ex(bio, 0, bcont, it, NULL); + return SMIME_read_ASN1_ex(bio, 0, bcont, it, NULL, NULL, NULL); } /* Copy text from one BIO to another making the output CRLF at EOL */ diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index aaf3de7e19..eff67d87fc 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -28,7 +28,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx, - int depth); + int depth, OSSL_LIB_CTX *libctx, + const char *propq); static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); @@ -46,11 +47,13 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth); + ASN1_TLC *ctx, int depth, OSSL_LIB_CTX *libctx, + const char *propq); static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth); + ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq); static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, @@ -101,9 +104,36 @@ unsigned long ASN1_tag2bit(int tag) * this will simply be a special case. */ -ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it) +static int asn1_item_ex_d2i_intern(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, + int aclass, char opt, ASN1_TLC *ctx, + OSSL_LIB_CTX *libctx, const char *propq) +{ + int rv; + + if (pval == NULL || it == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0, + libctx, propq); + if (rv <= 0) + ASN1_item_ex_free(pval, it); + return rv; +} + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return asn1_item_ex_d2i_intern(pval, in, len, it, tag, aclass, opt, ctx, + NULL, NULL); +} + +ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **pval, + const unsigned char **in, long len, + const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, + const char *propq) { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; @@ -111,25 +141,17 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, if (pval == NULL) pval = &ptmpval; asn1_tlc_clear_nc(&c); - if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + if (asn1_item_ex_d2i_intern(pval, in, len, it, -1, 0, 0, &c, libctx, + propq) > 0) return *pval; return NULL; } -int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, + const unsigned char **in, long len, + const ASN1_ITEM *it) { - int rv; - - if (pval == NULL || it == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0); - if (rv <= 0) - ASN1_item_ex_free(pval, it); - return rv; + return ASN1_item_d2i_ex(pval, in, len, it, NULL, NULL); } /* @@ -140,7 +162,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx, - int depth) + int depth, OSSL_LIB_CTX *libctx, + const char *propq) { const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_EXTERN_FUNCS *ef; @@ -188,8 +211,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); goto err; } - return asn1_template_ex_d2i(pval, in, len, - it->templates, opt, ctx, depth); + return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx, + depth, libctx, propq); } return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); @@ -235,6 +258,9 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, case ASN1_ITYPE_EXTERN: /* Use new style d2i */ ef = it->funcs; + if (ef->asn1_ex_d2i_ex != NULL) + return ef->asn1_ex_d2i_ex(pval, in, len, it, tag, aclass, opt, ctx, + libctx, propq); return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); case ASN1_ITYPE_CHOICE: @@ -258,7 +284,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, ossl_asn1_template_free(pchptr, tt); ossl_asn1_set_choice_selector(pval, -1, it); } - } else if (!ASN1_item_ex_new(pval, it)) { + } else if (!ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } @@ -269,7 +295,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, /* * We mark field as OPTIONAL so its absence can be recognised. */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth); + ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth, + libctx, propq); /* If field not present, try the next one */ if (ret == -1) continue; @@ -335,7 +362,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, goto err; } - if (*pval == NULL && !ASN1_item_ex_new(pval, it)) { + if (*pval == NULL + && !ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } @@ -392,7 +420,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, */ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx, - depth); + depth, libctx, propq); if (!ret) { errtt = seqtt; goto err; @@ -468,7 +496,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, static int asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth) + ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq) { int flags, aclass; int ret; @@ -502,7 +531,8 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, return 0; } /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth); + ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth, libctx, + propq); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; @@ -525,7 +555,8 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, } } } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth); + return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth, + libctx, propq); *in = p; return 1; @@ -537,7 +568,8 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth) + ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq) { int flags, aclass; int ret; @@ -618,7 +650,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, skfield = NULL; if (!asn1_item_embed_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx, - depth)) { + depth, libctx, propq)) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); /* |skfield| may be partially allocated despite failure. */ ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); @@ -639,7 +671,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, /* IMPLICIT tagging */ ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, - ctx, depth); + ctx, depth, libctx, propq); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -648,7 +680,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx, depth); + -1, 0, opt, ctx, depth, libctx, propq); if (!ret) { ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 2ac9ab3e03..4b624bbdd4 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -16,11 +16,13 @@ #include "asn1_local.h" static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed); + int embed, OSSL_LIB_CTX *libctx, + const char *propq); static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); -static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + OSSL_LIB_CTX *libctx, const char *propq); static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); @@ -32,14 +34,31 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) return NULL; } +ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, + const char *propq) +{ + ASN1_VALUE *ret = NULL; + if (asn1_item_embed_new(&ret, it, 0, libctx, propq) > 0) + return ret; + return NULL; +} + /* Allocate an ASN1 structure */ + +int ossl_asn1_item_ex_new_intern(ASN1_VALUE **pval, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq) +{ + return asn1_item_embed_new(pval, it, 0, libctx, propq); +} + int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - return asn1_item_embed_new(pval, it, 0); + return asn1_item_embed_new(pval, it, 0, NULL, NULL); } -int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) +int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed, + OSSL_LIB_CTX *libctx, const char *propq) { const ASN1_TEMPLATE *tt = NULL; const ASN1_EXTERN_FUNCS *ef; @@ -56,15 +75,20 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) case ASN1_ITYPE_EXTERN: ef = it->funcs; - if (ef && ef->asn1_ex_new) { - if (!ef->asn1_ex_new(pval, it)) - goto memerr; + if (ef != NULL) { + if (ef->asn1_ex_new_ex != NULL) { + if (!ef->asn1_ex_new_ex(pval, it, libctx, propq)) + goto memerr; + } else if (ef->asn1_ex_new != NULL) { + if (!ef->asn1_ex_new(pval, it)) + goto memerr; + } } break; case ASN1_ITYPE_PRIMITIVE: if (it->templates) { - if (!asn1_template_new(pval, it->templates)) + if (!asn1_template_new(pval, it->templates, libctx, propq)) goto memerr; } else if (!asn1_primitive_new(pval, it, embed)) goto memerr; @@ -124,7 +148,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) ossl_asn1_enc_init(pval, it); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = ossl_asn1_get_field_ptr(pval, tt); - if (!asn1_template_new(pseqval, tt)) + if (!asn1_template_new(pseqval, tt, libctx, propq)) goto memerr2; } if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) @@ -180,7 +204,8 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) } } -static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + OSSL_LIB_CTX *libctx, const char *propq) { const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); int embed = tt->flags & ASN1_TFLG_EMBED; @@ -214,7 +239,7 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) goto done; } /* Otherwise pass it back to the item routine */ - ret = asn1_item_embed_new(pval, it, embed); + ret = asn1_item_embed_new(pval, it, embed, libctx, propq); done: return ret; } diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c index e2f7169dda..31b67178d8 100644 --- a/crypto/cmp/cmp_asn.c +++ b/crypto/cmp/cmp_asn.c @@ -208,6 +208,45 @@ int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a) return (int)res; } +static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval, + const ASN1_ITEM *it, void *exarg) +{ + OSSL_CMP_MSG *msg = (OSSL_CMP_MSG *)*pval; + + switch (operation) { + case ASN1_OP_FREE_POST: + OPENSSL_free(msg->propq); + break; + + case ASN1_OP_DUP_POST: + { + OSSL_CMP_MSG *old = exarg; + + if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq)) + return 0; + } + break; + case ASN1_OP_GET0_LIBCTX: + { + OSSL_LIB_CTX **libctx = exarg; + + *libctx = msg->libctx; + } + break; + case ASN1_OP_GET0_PROPQ: + { + const char **propq = exarg; + + *propq = msg->propq; + } + break; + default: + break; + } + + return 1; +} + ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = { /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0), @@ -405,14 +444,13 @@ ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = { } ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) -ASN1_SEQUENCE(OSSL_CMP_MSG) = { +ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = { ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY), ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0), /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1) -} ASN1_SEQUENCE_END(OSSL_CMP_MSG) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_MSG) +} ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 2b22db3e82..9dba9e8169 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -670,8 +670,11 @@ struct ossl_cmp_msg_st { ASN1_BIT_STRING *protection; /* 0 */ /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ STACK_OF(X509) *extraCerts; /* 1 */ + OSSL_LIB_CTX *libctx; + char *propq; } /* OSSL_CMP_MSG */; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSG) +OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq); +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /*- * ProtectedPart ::= SEQUENCE { @@ -852,6 +855,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); # define OSSL_CMP_CERTREQID 0 /* sequence id for the first - and so far only - revocation request */ # define OSSL_CMP_REVREQSID 0 +int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, + const char *propq); const char *ossl_cmp_bodytype_to_string(int type); int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg); diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index b9c347afb8..b625147b6e 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -20,6 +20,46 @@ #include #include +OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq) +{ + OSSL_CMP_MSG *msg = NULL; + + msg = (OSSL_CMP_MSG *)ASN1_item_new_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), + libctx, propq); + if (!ossl_cmp_msg_set0_libctx(msg, libctx, propq)) { + OSSL_CMP_MSG_free(msg); + msg = NULL; + } + return msg; +} + +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg) +{ + ASN1_item_free((ASN1_VALUE *)msg, ASN1_ITEM_rptr(OSSL_CMP_MSG)); +} + +/* + * This should only be used if the X509 object was embedded inside another + * asn1 object and it needs a libctx to operate. + * Use OSSL_CMP_MSG_new() instead if possible. + */ +int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, + const char *propq) +{ + if (msg != NULL) { + msg->libctx = libctx; + OPENSSL_free(msg->propq); + msg->propq = NULL; + if (propq != NULL) { + msg->propq = OPENSSL_strdup(propq); + if (msg->propq == NULL) + return 0; + } + } + return 1; +} + + OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg) { if (msg == NULL) { @@ -125,7 +165,7 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) if (!ossl_assert(ctx != NULL)) return NULL; - if ((msg = OSSL_CMP_MSG_new()) == NULL) + if ((msg = OSSL_CMP_MSG_new(ctx->libctx, ctx->propq)) == NULL) return NULL; if (!ossl_cmp_hdr_init(ctx, msg->header) || !ossl_cmp_msg_set_bodytype(msg, bodytype)) @@ -1031,9 +1071,10 @@ int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) || ossl_cmp_msg_protect(ctx, msg); } -OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file) +OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, + const char *propq) { - OSSL_CMP_MSG *msg = NULL; + OSSL_CMP_MSG *msg; BIO *bio = NULL; if (file == NULL) { @@ -1041,9 +1082,18 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file) return NULL; } + msg = OSSL_CMP_MSG_new(libctx, propq); + if (msg == NULL){ + ERR_raise(ERR_LIB_CMP, ERR_R_MALLOC_FAILURE); + return NULL; + } + if ((bio = BIO_new_file(file, "rb")) == NULL) return NULL; - msg = d2i_OSSL_CMP_MSG_bio(bio, NULL); + if (d2i_OSSL_CMP_MSG_bio(bio, &msg) == NULL) { + OSSL_CMP_MSG_free(msg); + msg = NULL; + } BIO_free(bio); return msg; } @@ -1066,10 +1116,40 @@ int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg) return res; } +OSSL_CMP_MSG *d2i_OSSL_CMP_MSG(OSSL_CMP_MSG **msg, const unsigned char **in, + long len) +{ + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + + if (msg != NULL && *msg != NULL) { + libctx = (*msg)->libctx; + propq = (*msg)->propq; + } + + return (OSSL_CMP_MSG *)ASN1_item_d2i_ex((ASN1_VALUE **)msg, in, len, + ASN1_ITEM_rptr(OSSL_CMP_MSG), + libctx, propq); +} + +int i2d_OSSL_CMP_MSG(const OSSL_CMP_MSG *msg, unsigned char **out) +{ + return ASN1_item_i2d((const ASN1_VALUE *)msg, out, + ASN1_ITEM_rptr(OSSL_CMP_MSG)); +} + OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg) { - return ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new, - d2i_OSSL_CMP_MSG, bio, msg); + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + + if (msg != NULL && *msg != NULL) { + libctx = (*msg)->libctx; + propq = (*msg)->propq; + } + + return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), bio, msg, libctx, + propq); } int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg) diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c index 9c260d0904..3768ea4db2 100644 --- a/crypto/cms/cms_io.c +++ b/crypto/cms/cms_io.c @@ -36,8 +36,11 @@ int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) { CMS_ContentInfo *ci; + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms == NULL ? NULL : *cms); - ci = ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); + ci = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms, + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); if (ci != NULL) ossl_cms_resolve_libctx(ci); return ci; @@ -90,13 +93,17 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) ossl_cms_ctx_get0_propq(ctx)); } -CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, CMS_ContentInfo **cms) +CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, + CMS_ContentInfo **cms) { CMS_ContentInfo *ci; + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms == NULL ? NULL : *cms); ci = (CMS_ContentInfo *)SMIME_read_ASN1_ex(bio, flags, bcont, ASN1_ITEM_rptr(CMS_ContentInfo), - (ASN1_VALUE **)cms); + (ASN1_VALUE **)cms, + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); if (ci != NULL) ossl_cms_resolve_libctx(ci); return ci; diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 673a1f7ad5..4ad9302910 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -28,9 +28,12 @@ CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, const unsigned char **in, long len) { CMS_ContentInfo *ci; + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(a == NULL ? NULL : *a); - ci = (CMS_ContentInfo *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - (CMS_ContentInfo_it())); + ci = (CMS_ContentInfo *)ASN1_item_d2i_ex((ASN1_VALUE **)a, in, len, + (CMS_ContentInfo_it()), + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); if (ci != NULL) ossl_cms_resolve_libctx(ci); return ci; @@ -45,7 +48,8 @@ CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq) { CMS_ContentInfo *ci; - ci = (CMS_ContentInfo *)ASN1_item_new(ASN1_ITEM_rptr(CMS_ContentInfo)); + ci = (CMS_ContentInfo *)ASN1_item_new_ex(ASN1_ITEM_rptr(CMS_ContentInfo), + libctx, propq); if (ci != NULL) { ci->ctx.libctx = libctx; ci->ctx.propq = NULL; diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c index 60ad5b1e76..1cd867721e 100644 --- a/crypto/pkcs7/pk7_asn1.c +++ b/crypto/pkcs7/pk7_asn1.c @@ -66,8 +66,16 @@ ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = { PKCS7 *d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len) { PKCS7 *ret; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; - ret = (PKCS7 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (PKCS7_it())); + if (a != NULL && *a != NULL) { + libctx = (*a)->ctx.libctx; + propq = (*a)->ctx.propq; + } + + ret = (PKCS7 *)ASN1_item_d2i_ex((ASN1_VALUE **)a, in, len, (PKCS7_it()), + libctx, propq); if (ret != NULL) ossl_pkcs7_resolve_libctx(ret); return ret; @@ -85,7 +93,8 @@ PKCS7 *PKCS7_new(void) PKCS7 *PKCS7_new_ex(OSSL_LIB_CTX *libctx, const char *propq) { - PKCS7 *pkcs7 = PKCS7_new(); + PKCS7 *pkcs7 = (PKCS7 *)ASN1_item_new_ex(ASN1_ITEM_rptr(PKCS7), libctx, + propq); if (pkcs7 != NULL) { pkcs7->ctx.libctx = libctx; diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index b446423384..49a0da5f81 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -49,9 +49,16 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7) { PKCS7 *ret; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + + if (p7 != NULL && *p7 != NULL) { + libctx = (*p7)->ctx.libctx; + propq = (*p7)->ctx.propq; + } ret = (PKCS7 *)SMIME_read_ASN1_ex(bio, 0, bcont, ASN1_ITEM_rptr(PKCS7), - (ASN1_VALUE **)p7); + (ASN1_VALUE **)p7, libctx, propq); if (ret != NULL) ossl_pkcs7_resolve_libctx(ret); return ret; diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index ba400d1103..88c75c3d36 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -182,8 +182,15 @@ int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl) PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) { PKCS7 *ret; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; - ret = ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); + if (p7 != NULL && *p7 != NULL) { + libctx = (*p7)->ctx.libctx; + propq = (*p7)->ctx.propq; + } + + ret = ASN1_item_d2i_fp_ex(ASN1_ITEM_rptr(PKCS7), fp, p7, libctx, propq); if (ret != NULL) ossl_pkcs7_resolve_libctx(ret); return ret; @@ -198,8 +205,16 @@ int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7) PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) { PKCS7 *ret; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + + if (p7 != NULL && *p7 != NULL) { + libctx = (*p7)->ctx.libctx; + propq = (*p7)->ctx.propq; + } - ret = ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); + + ret = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS7), bp, p7, libctx, propq); if (ret != NULL) ossl_pkcs7_resolve_libctx(ret); return ret; @@ -224,7 +239,15 @@ int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req) X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + + if (req != NULL && *req != NULL) { + libctx = (*req)->libctx; + propq = (*req)->propq; + } + + return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ), bp, req, libctx, propq); } int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req) diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index c21184d964..2fe5724743 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -71,6 +71,7 @@ static void x509_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) X509_ALGOR_free(pubkey->algor); ASN1_BIT_STRING_free(pubkey->public_key); EVP_PKEY_free(pubkey->pkey); + OPENSSL_free(pubkey->propq); OPENSSL_free(pubkey); *pval = NULL; } @@ -85,12 +86,15 @@ static int x509_pubkey_ex_populate(ASN1_VALUE **pval, const ASN1_ITEM *it) || (pubkey->public_key = ASN1_BIT_STRING_new()) != NULL); } -static int x509_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + +static int x509_pubkey_ex_new_ex(ASN1_VALUE **pval, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq) { X509_PUBKEY *ret; if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL - || !x509_pubkey_ex_populate((ASN1_VALUE **)&ret, NULL)) { + || !x509_pubkey_ex_populate((ASN1_VALUE **)&ret, NULL) + || !x509_pubkey_set0_libctx(ret, libctx, propq)) { x509_pubkey_ex_free((ASN1_VALUE **)&ret, NULL); ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); } else { @@ -100,17 +104,18 @@ static int x509_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) return ret != NULL; } -static int x509_pubkey_ex_d2i(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, - char opt, ASN1_TLC *ctx) +static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, + const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, + const char *propq) { const unsigned char *in_saved = *in; X509_PUBKEY *pubkey; int ret; OSSL_DECODER_CTX *dctx = NULL; - if (*pval == NULL && !x509_pubkey_ex_new(pval, it)) + if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, libctx, propq)) return 0; if (!x509_pubkey_ex_populate(pval, NULL)) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); @@ -190,17 +195,31 @@ static int x509_pubkey_ex_print(BIO *out, const ASN1_VALUE **pval, int indent, static const ASN1_EXTERN_FUNCS x509_pubkey_ff = { NULL, - x509_pubkey_ex_new, + NULL, x509_pubkey_ex_free, 0, /* Default clear behaviour is OK */ - x509_pubkey_ex_d2i, + NULL, x509_pubkey_ex_i2d, - x509_pubkey_ex_print + x509_pubkey_ex_print, + x509_pubkey_ex_new_ex, + x509_pubkey_ex_d2i_ex, }; IMPLEMENT_EXTERN_ASN1(X509_PUBKEY, V_ASN1_SEQUENCE, x509_pubkey_ff) IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) +X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq) +{ + X509_PUBKEY *pubkey = NULL; + + pubkey = (X509_PUBKEY *)ASN1_item_new_ex(X509_PUBKEY_it(), libctx, propq); + if (!x509_pubkey_set0_libctx(pubkey, libctx, propq)) { + X509_PUBKEY_free(pubkey); + pubkey = NULL; + } + return pubkey; +} + /* * X509_PUBKEY_dup() must be implemented manually, because there is no * support for it in ASN1_EXTERN_FUNCS. diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c index 1b4e1587dd..293d4be713 100644 --- a/crypto/x509/x_req.c +++ b/crypto/x509/x_req.c @@ -68,6 +68,37 @@ static int req_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, if (!ossl_x509_req_set0_libctx(ret, old->libctx, old->propq)) return 0; + if (old->req_info.pubkey != NULL) { + EVP_PKEY *pkey = X509_PUBKEY_get0(old->req_info.pubkey); + + if (pkey != NULL) { + pkey = EVP_PKEY_dup(pkey); + if (pkey == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!X509_PUBKEY_set(&ret->req_info.pubkey, pkey)) { + EVP_PKEY_free(pkey); + ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); + return 0; + } + EVP_PKEY_free(pkey); + } + } + } + break; + case ASN1_OP_GET0_LIBCTX: + { + OSSL_LIB_CTX **libctx = exarg; + + *libctx = ret->libctx; + } + break; + case ASN1_OP_GET0_PROPQ: + { + const char **propq = exarg; + + *propq = ret->propq; } break; } diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 7959ee223f..260bfda683 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -104,6 +104,37 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq)) return 0; + if (old->cert_info.key != NULL) { + EVP_PKEY *pkey = X509_PUBKEY_get0(old->cert_info.key); + + if (pkey != NULL) { + pkey = EVP_PKEY_dup(pkey); + if (pkey == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!X509_PUBKEY_set(&ret->cert_info.key, pkey)) { + EVP_PKEY_free(pkey); + ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); + return 0; + } + EVP_PKEY_free(pkey); + } + } + } + break; + case ASN1_OP_GET0_LIBCTX: + { + OSSL_LIB_CTX **libctx = exarg; + + *libctx = ret->libctx; + } + break; + case ASN1_OP_GET0_PROPQ: + { + const char **propq = exarg; + + *propq = ret->propq; } break; default: @@ -169,7 +200,7 @@ X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq) { X509 *cert = NULL; - cert = (X509 *)ASN1_item_new((X509_it())); + cert = (X509 *)ASN1_item_new_ex(X509_it(), libctx, propq); if (!ossl_x509_set0_libctx(cert, libctx, propq)) { X509_free(cert); cert = NULL; diff --git a/doc/build.info b/doc/build.info index b77dac210c..946cc24032 100644 --- a/doc/build.info +++ b/doc/build.info @@ -471,6 +471,10 @@ DEPEND[html/man3/ADMISSIONS.html]=man3/ADMISSIONS.pod GENERATE[html/man3/ADMISSIONS.html]=man3/ADMISSIONS.pod DEPEND[man/man3/ADMISSIONS.3]=man3/ADMISSIONS.pod GENERATE[man/man3/ADMISSIONS.3]=man3/ADMISSIONS.pod +DEPEND[html/man3/ASN1_EXTERN_FUNCS.html]=man3/ASN1_EXTERN_FUNCS.pod +GENERATE[html/man3/ASN1_EXTERN_FUNCS.html]=man3/ASN1_EXTERN_FUNCS.pod +DEPEND[man/man3/ASN1_EXTERN_FUNCS.3]=man3/ASN1_EXTERN_FUNCS.pod +GENERATE[man/man3/ASN1_EXTERN_FUNCS.3]=man3/ASN1_EXTERN_FUNCS.pod DEPEND[html/man3/ASN1_INTEGER_get_int64.html]=man3/ASN1_INTEGER_get_int64.pod GENERATE[html/man3/ASN1_INTEGER_get_int64.html]=man3/ASN1_INTEGER_get_int64.pod DEPEND[man/man3/ASN1_INTEGER_get_int64.3]=man3/ASN1_INTEGER_get_int64.pod @@ -511,6 +515,10 @@ DEPEND[html/man3/ASN1_TYPE_get.html]=man3/ASN1_TYPE_get.pod GENERATE[html/man3/ASN1_TYPE_get.html]=man3/ASN1_TYPE_get.pod DEPEND[man/man3/ASN1_TYPE_get.3]=man3/ASN1_TYPE_get.pod GENERATE[man/man3/ASN1_TYPE_get.3]=man3/ASN1_TYPE_get.pod +DEPEND[html/man3/ASN1_aux_cb.html]=man3/ASN1_aux_cb.pod +GENERATE[html/man3/ASN1_aux_cb.html]=man3/ASN1_aux_cb.pod +DEPEND[man/man3/ASN1_aux_cb.3]=man3/ASN1_aux_cb.pod +GENERATE[man/man3/ASN1_aux_cb.3]=man3/ASN1_aux_cb.pod DEPEND[html/man3/ASN1_generate_nconf.html]=man3/ASN1_generate_nconf.pod GENERATE[html/man3/ASN1_generate_nconf.html]=man3/ASN1_generate_nconf.pod DEPEND[man/man3/ASN1_generate_nconf.3]=man3/ASN1_generate_nconf.pod @@ -519,6 +527,10 @@ DEPEND[html/man3/ASN1_item_d2i_bio.html]=man3/ASN1_item_d2i_bio.pod GENERATE[html/man3/ASN1_item_d2i_bio.html]=man3/ASN1_item_d2i_bio.pod DEPEND[man/man3/ASN1_item_d2i_bio.3]=man3/ASN1_item_d2i_bio.pod GENERATE[man/man3/ASN1_item_d2i_bio.3]=man3/ASN1_item_d2i_bio.pod +DEPEND[html/man3/ASN1_item_new.html]=man3/ASN1_item_new.pod +GENERATE[html/man3/ASN1_item_new.html]=man3/ASN1_item_new.pod +DEPEND[man/man3/ASN1_item_new.3]=man3/ASN1_item_new.pod +GENERATE[man/man3/ASN1_item_new.3]=man3/ASN1_item_new.pod DEPEND[html/man3/ASN1_item_sign.html]=man3/ASN1_item_sign.pod GENERATE[html/man3/ASN1_item_sign.html]=man3/ASN1_item_sign.pod DEPEND[man/man3/ASN1_item_sign.3]=man3/ASN1_item_sign.pod @@ -2825,6 +2837,7 @@ DEPEND[man/man3/s2i_ASN1_IA5STRING.3]=man3/s2i_ASN1_IA5STRING.pod GENERATE[man/man3/s2i_ASN1_IA5STRING.3]=man3/s2i_ASN1_IA5STRING.pod IMAGEDOCS[man3]= HTMLDOCS[man3]=html/man3/ADMISSIONS.html \ +html/man3/ASN1_EXTERN_FUNCS.html \ html/man3/ASN1_INTEGER_get_int64.html \ html/man3/ASN1_INTEGER_new.html \ html/man3/ASN1_ITEM_lookup.html \ @@ -2835,8 +2848,10 @@ html/man3/ASN1_STRING_new.html \ html/man3/ASN1_STRING_print_ex.html \ html/man3/ASN1_TIME_set.html \ html/man3/ASN1_TYPE_get.html \ +html/man3/ASN1_aux_cb.html \ html/man3/ASN1_generate_nconf.html \ html/man3/ASN1_item_d2i_bio.html \ +html/man3/ASN1_item_new.html \ html/man3/ASN1_item_sign.html \ html/man3/ASYNC_WAIT_CTX_new.html \ html/man3/ASYNC_start_job.html \ @@ -3414,6 +3429,7 @@ html/man3/i2d_re_X509_tbs.html \ html/man3/o2i_SCT_LIST.html \ html/man3/s2i_ASN1_IA5STRING.html MANDOCS[man3]=man/man3/ADMISSIONS.3 \ +man/man3/ASN1_EXTERN_FUNCS.3 \ man/man3/ASN1_INTEGER_get_int64.3 \ man/man3/ASN1_INTEGER_new.3 \ man/man3/ASN1_ITEM_lookup.3 \ @@ -3424,8 +3440,10 @@ man/man3/ASN1_STRING_new.3 \ man/man3/ASN1_STRING_print_ex.3 \ man/man3/ASN1_TIME_set.3 \ man/man3/ASN1_TYPE_get.3 \ +man/man3/ASN1_aux_cb.3 \ man/man3/ASN1_generate_nconf.3 \ man/man3/ASN1_item_d2i_bio.3 \ +man/man3/ASN1_item_new.3 \ man/man3/ASN1_item_sign.3 \ man/man3/ASYNC_WAIT_CTX_new.3 \ man/man3/ASYNC_start_job.3 \ diff --git a/doc/man3/ASN1_EXTERN_FUNCS.pod b/doc/man3/ASN1_EXTERN_FUNCS.pod new file mode 100644 index 0000000000..800cc500ea --- /dev/null +++ b/doc/man3/ASN1_EXTERN_FUNCS.pod @@ -0,0 +1,181 @@ +=pod + +=head1 NAME + +ASN1_EXTERN_FUNCS, ASN1_ex_d2i, ASN1_ex_d2i_ex, ASN1_ex_i2d, ASN1_ex_new_func, +ASN1_ex_new_ex_func, ASN1_ex_free_func, ASN1_ex_print_func, +IMPLEMENT_EXTERN_ASN1 +- ASN.1 external function support + +=head1 SYNOPSIS + + #include + + typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + typedef int ASN1_ex_d2i_ex(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, + const char *propq); + typedef int ASN1_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); + typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + typedef int ASN1_ex_new_ex_func(ASN1_VALUE **pval, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); + typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + typedef int ASN1_ex_print_func(BIO *out, const ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + + struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; + ASN1_ex_new_ex_func *asn1_ex_new_ex; + ASN1_ex_d2i_ex *asn1_ex_d2i_ex; + }; + typedef struct ASN1_EXTERN_FUNCS_st ASN1_EXTERN_FUNCS; + + #define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) + +=head1 DESCRIPTION + +ASN.1 data structures templates are typically defined in OpenSSL using a series +of macros such as ASN1_SEQUENCE(), ASN1_SEQUENCE_END() and so on. Instead +templates can also be defined based entirely on external functions. These +external functions are called to perform operations such as creating a new +B or converting an B to or from DER encoding. + +The macro IMPLEMENT_EXTERN_ASN1() can be used to create such an externally +defined structure. The name of the structure should be supplied in the I +parameter. The tag for the structure (e.g. typically B) should +be supplied in the I parameter. Finally a pointer to an +B structure should be supplied in the I parameter. + +The B structure has the following entries. + +=over 4 + +=item I + +A pointer to arbitrary application specific data. + +=item I + +A "new" function responsible for constructing a new B object. The +newly constructed value should be stored in I<*pval>. The I parameter is a +pointer to the B template object created via the +IMPLEMENT_EXTERN_ASN1() macro. + +Returns a positive value on success or 0 on error. + +=item I + +A "free" function responsible for freeing the B passed in I<*pval> +that was previously allocated via a "new" function. The I parameter is a +pointer to the B template object created via the +IMPLEMENT_EXTERN_ASN1() macro. + +=item I + +A "clear" function responsible for clearing any data in the B passed +in I<*pval> and making it suitable for reuse. The I parameter is a pointer +to the B template object created via the IMPLEMENT_EXTERN_ASN1() +macro. + +=item I + +A "d2i" function responsible for converting DER data with the tag I and +class I into an B. If I<*pval> is non-NULL then the +B it points to should be reused. Otherwise a new B +should be allocated and stored in I<*pval>. I<*in> points to the DER data to be +decoded and I is the length of that data. After decoding I<*in> should be +updated to point at the next byte after the decoded data. If the B +is considered optional in this context then I will be nonzero. Otherwise +it will be zero. The I parameter is a pointer to the B template +object created via the IMPLEMENT_EXTERN_ASN1() macro. A pointer to the current +B context (which may be required for other ASN1 function calls) is +passed in the I parameter. + +The I entry may be NULL if I has been specified +instead. + +Returns <= 0 on error or a positive value on success. + +=item I + +An "i2d" function responsible for converting an B into DER encoding. +On entry I<*pval> will contain the B to be encoded. If default +tagging is to be used then I will be -1 on entry. Otherwise if implicit +tagging should be used then I and I will be the tag and associated +class. + +If I is not NULL then this function should write the DER encoded data to +the buffer in I<*out>, and then increment I<*out> to point to immediately after +the data just written. + +If I is NULL then no data should be written but the length calculated and +returned as if it were. + +The I entry may be NULL if I has been specified +instead. + +The return value should be negative if a fatal error occurred, or 0 if a +non-fatal error occurred. Otherwise it should return the length of the encoded +data. + +=item I + +A "print" function. I is the BIO to print the output to. I<*pval> is the +B to be printed. I is the number of spaces of indenting to +be printed before any data is printed. I is currently unused and is +always "". I is a pointer to the B for the print operation. + +Returns 0 on error or a positive value on success. If the return value is 2 then +an additional newline will be printed after the data printed by this function. + +=item I + +This is the same as I except that it is additionally passed the +OSSL_LIB_CTX to be used in I and any property query string to be used +for algorithm fetching in the I parameter. See +L for further details. If I is +non NULL, then it will always be called in preference to I. + +=item I + +This is the same as I except that it is additionally passed the +OSSL_LIB_CTX to be used in I and any property query string to be used +for algorithm fetching in the I parameter. See +L for further details. If I is +non NULL, then it will always be called in preference to I. + +=back + +=head1 RETURN VALUES + +Return values for the various callbacks are as described above. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The I and I callbacks were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/ASN1_aux_cb.pod b/doc/man3/ASN1_aux_cb.pod new file mode 100644 index 0000000000..12f7ddf82d --- /dev/null +++ b/doc/man3/ASN1_aux_cb.pod @@ -0,0 +1,284 @@ +=pod + +=head1 NAME + +ASN1_AUX, ASN1_PRINT_ARG, ASN1_STREAM_ARG, ASN1_aux_cb, ASN1_aux_const_cb +- ASN.1 auxilliary data + +=head1 SYNOPSIS + + #include + + struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Offset to an CRYPTO_RWLOCK */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ + ASN1_aux_const_cb *asn1_const_cb; /* for ASN1_OP_I2D_ and ASN1_OP_PRINT_ */ + }; + typedef struct ASN1_AUX_st ASN1_AUX; + + struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; + }; + typedef struct ASN1_PRINT_ARG_st ASN1_PRINT_ARG; + + struct ASN1_STREAM_ARG_st { + BIO *out; + BIO *ndef_bio; + unsigned char **boundary; + }; + typedef struct ASN1_STREAM_ARG_st ASN1_STREAM_ARG; + + typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); + typedef int ASN1_aux_const_cb(int operation, const ASN1_VALUE **in, + const ASN1_ITEM *it, void *exarg); + +=head1 DESCRIPTION + +ASN.1 data structures can be associated with an B object to supply +additional information about the ASN.1 structure. An B structure is +associated with the structure during the definition of the ASN.1 template. For +example an B structure will be associated by using one of the various +ASN.1 template definition macros that supply auxilliary information such as +ASN1_SEQUENCE_enc(), ASN1_SEQUENCE_ref(), ASN1_SEQUENCE_cb_const_cb(), +ASN1_SEQUENCE_const_cb(), ASN1_SEQUENCE_cb() or ASN1_NDEF_SEQUENCE_cb(). + +An B structure contains the following information. + +=over 4 + +=item I + +Arbitrary application data + +=item I + +Flags which indicate the auxiliarly functionality supported. + +The B flag indicates that objects support reference counting. + +The B flag indicates that the original encoding of the +object will be saved. + +The B flag is a work around for broken encoders where the +sequence length value may not be correct. This should generally not be used. + +The B flag indicates that the "const" form of the +B callback should be used in preference to the non-const form. + +=item I + +If the B flag is set then this value is assumed to be an +offset into the B structure where a B may be +found for the purposes of reference counting. + +=item I + +If the B flag is set then this value is assumed to be an +offset into the B structure where a B may be +found for the purposes of reference counting. + +=item I + +A callback that will be invoked at various points during the processing of +the the B. See below for further details. + +=item I + +Offset into the B object where the original encoding of the object +will be saved if the B flag has been set. + +=item I + +A callback that will be invoked at various points during the processing of +the the B. This is used in preference to the I callback if +the B flag is set. See below for further details. + +=back + +During the processing of an B object the callbacks set via +I or I will be invoked as a result of various events +indicated via the I parameter. The value of I<*in> will be the +B object being processed based on the template in I. An +additional operation specific parameter may be passed in I. The currently +supported operations are as follows. The callbacks should return a positive +value on success or zero on error, unless otherwise noted below. + +=over 4 + +=item B + +Invoked when processing a B, B or B structure +prior to an B object being allocated. The callback may allocate the +B itself and store it in I<*pval>. If it does so it should return 2 +from the callback. On error it should return 0. + +=item B + +Invoked when processing a B, B or B structure +after an B object has been allocated. The allocated object is in +I<*pval>. + +=item B + +Invoked when processing a B, B or B structure +immediately before an B is freed. If the callback originally +constructed the B via B then it should free it at +this point and return 2 from the callback. Otherwise it should return 1 for +success or 0 on error. + +=item B + +Invoked when processing a B, B or B structure +immediately after B sub-structures are freed. + +=item B + +Invoked when processing a B, B or B structure +immediately before a "d2i" operation for the B. + +=item B + +Invoked when processing a B, B or B structure +immediately after a "d2i" operation for the B. + +=item B + +Invoked when processing a B, B or B structure +immediately before a "i2d" operation for the B. + +=item B + +Invoked when processing a B, B or B structure +immediately after a "i2d" operation for the B. + +=item B + +Invoked when processing a B or B structure immediately +before printing the B. The I argument will be a pointer to an +B structure (see below). + +=item B + +Invoked when processing a B or B structure immediately +after printing the B. The I argument will be a pointer to an +B structure (see below). + +=item B + +Invoked immediately prior to streaming the B data using indefinite +length encoding. The I argument will be a pointer to a B +structure (see below). + +=item B + +Invoked immediately after streaming the B data using indefinite +length encoding. The I argument will be a pointer to a B +structure (see below). + +=item B + +Invoked immediately prior to processing the B data as a "detached" +value (as used in CMS and PKCS7). The I argument will be a pointer to a +B structure (see below). + +=item B + +Invoked immediately after processing the B data as a "detached" +value (as used in CMS and PKCS7). The I argument will be a pointer to a +B structure (see below). + +=item B + +Invoked immediate prior to an ASN1_VALUE being duplicated via a call to +ASN1_item_dup(). + +=item B + +Invoked immediate after to an ASN1_VALUE has been duplicated via a call to +ASN1_item_dup(). + +=item B + +Invoked in order to obtain the B associated with an B +if any. A pointer to an B should be stored in I<*exarg> if such +a value exists. + +=item B + +Invoked in order to obtain the property query string associated with an +B if any. A pointer to the property query string should be stored in +I<*exarg> if such a value exists. + +=back + +An B object is used during processing of B +and B callback operations. It contains the following +information. + +=over 4 + +=item I + +The B being used to print the data out. + +=item I + +The current number of indent spaces that should be used for printing this data. + +=item I + +The context for the B operation. + +=back + +An B object is used during processing of B, +B, B and B +callback operations. It contains the following information. + +=over 4 + +=item I + +The B to stream through + +=item I + +The B with filters appended + +=item I + +The streaming I/O boundary. + +=back + +=head1 RETURN VALUES + +The callbacks return 0 on error and a positive value on success. Some operations +require specific positive success values as noted above. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The ASN1_aux_const_cb() callback and the B and +B operation types were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/ASN1_item_d2i_bio.pod b/doc/man3/ASN1_item_d2i_bio.pod index bd3c9b06c2..9083f85f69 100644 --- a/doc/man3/ASN1_item_d2i_bio.pod +++ b/doc/man3/ASN1_item_d2i_bio.pod @@ -2,23 +2,65 @@ =head1 NAME -ASN1_item_d2i_bio, -ASN1_item_i2d_mem_bio +ASN1_item_d2i_ex, ASN1_item_d2i, ASN1_item_d2i_bio_ex, ASN1_item_d2i_bio, +ASN1_item_d2i_fp_ex, ASN1_item_d2i_fp, ASN1_item_i2d_mem_bio - decode and encode DER-encoded ASN.1 structures =head1 SYNOPSIS #include + ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); + ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); + + void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *pval, + OSSL_LIB_CTX *libctx, const char *propq); void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *pval); + + void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, + OSSL_LIB_CTX *libctx, const char *propq); + void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); + BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val); =head1 DESCRIPTION -ASN1_item_d2i_bio() decodes the contents of its input BIO I, +ASN1_item_d2i_ex() decodes the contents of the data stored in I<*in> of length +I which must be a DER-encoded ASN.1 structure, using the ASN.1 template +I. It places the result in I<*pval> unless I is NULL. If I<*pval> is +non-NULL on entry then the B present there will be reused. Otherwise +a new B will be allocated. If any algorithm fetches are required +during the process then they will use the Bprovided in the +I parameter and the property query string in I. See +L for more information about algorithm fetching. +On exit I<*in> will be updated to point to the next byte in the buffer after the +decoded structure. + +ASN1_item_d2i() is the same as ASN1_item_d2i_ex() except that the default +OSSL_LIB_CTX is used (i.e. NULL) and with a NULL property query string. + +ASN1_item_d2i_bio_ex() decodes the contents of its input BIO I, which must be a DER-encoded ASN.1 structure, using the ASN.1 template I and places the result in I<*pval> unless I is NULL. -If I is NULL it returns NULL, else a pointer to the parsed structure. +If I is NULL it returns NULL, else a pointer to the parsed structure. If any +algorithm fetches are required during the process then they will use the +B provided in the I parameter and the property query +string in I. See L for more information +about algorithm fetching. + +ASN1_item_d2i_bio() is the same as ASN1_item_d2i_bio_ex() except that the +default B is used (i.e. NULL) and with a NULL property query +string. + +ASN1_item_d2i_fp_ex() is the same as ASN1_item_d2i_bio_ex() except that a FILE +pointer is provided instead of a BIO. + +ASN1_item_d2i_fp() is the same as ASN1_item_d2i_fp_ex() except that the +default B is used (i.e. NULL) and with a NULL property query +string. ASN1_item_i2d_mem_bio() encodes the given ASN.1 value I using the ASN.1 template I and returns the result in a memory BIO. @@ -31,7 +73,8 @@ ASN1_item_i2d_mem_bio() returns a pointer to a memory BIO or NULL on error. =head1 HISTORY -ASN1_item_i2d_mem_bio() was added in OpenSSL 3.0. +The functions ASN1_item_d2i_ex(), ASN1_item_d2i_bio_ex(), ASN1_item_d2i_fp_ex() +and ASN1_item_i2d_mem_bio() were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/ASN1_item_new.pod b/doc/man3/ASN1_item_new.pod new file mode 100644 index 0000000000..4a495604d4 --- /dev/null +++ b/doc/man3/ASN1_item_new.pod @@ -0,0 +1,45 @@ +=pod + +=head1 NAME + +ASN1_item_new_ex, ASN1_item_new +- create new ASN.1 values + +=head1 SYNOPSIS + + #include + + ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, + const char *propq); + ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); + +=head1 DESCRIPTION + +ASN1_item_new_ex() creates a new B structure based on the +B template given in the I parameter. If any algorithm fetches are +required during the process then they will use the B provided in +the I parameter and the property query string in I. See +L for more information about algorithm fetching. + +ASN1_item_new() is the same as ASN1_item_new_ex() except that the default +B is used (i.e. NULL) and with a NULL property query string. + +=head1 RETURN VALUES + +ASN1_item_new_ex() and ASN1_item_new() return a pointer to the newly created +B or NULL on error. + +=head1 HISTORY + +The function ASN1_item_new_ex() was added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/SMIME_read_ASN1.pod b/doc/man3/SMIME_read_ASN1.pod index 56d1e67dcd..a90d9a4004 100644 --- a/doc/man3/SMIME_read_ASN1.pod +++ b/doc/man3/SMIME_read_ASN1.pod @@ -10,7 +10,8 @@ SMIME_read_ASN1_ex, SMIME_read_ASN1 #include ASN1_VALUE *SMIME_read_ASN1_ex(BIO *in, int flags, BIO **bcont, - const ASN1_ITEM *it, ASN1_VALUE **x); + const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_VALUE *SMIME_read_ASN1(BIO *in, BIO **bcont, const ASN1_ITEM *it); =head1 DESCRIPTION @@ -25,7 +26,10 @@ to be followed by B and B characters, else only by an B character. I can be used to optionally supply a previously created I ASN1_VALUE object (such as CMS_ContentInfo or PKCS7), it can be set to NULL. Valid values that can be used by ASN.1 structure I -are ASN1_ITEM_rptr(PKCS7) or ASN1_ITEM_rptr(CMS_ContentInfo). +are ASN1_ITEM_rptr(PKCS7) or ASN1_ITEM_rptr(CMS_ContentInfo). Any algorithm +fetches that occur during the operation will use the B supplied in +the I parameter, and use the property query string I See +L for further details about algorithm fetching. If cleartext signing is used then the content is saved in a memory bio which is written to I<*bcont>, otherwise I<*bcont> is set to NULL. diff --git a/doc/man3/X509_PUBKEY_new.pod b/doc/man3/X509_PUBKEY_new.pod index 059f2ac564..3d22857b80 100644 --- a/doc/man3/X509_PUBKEY_new.pod +++ b/doc/man3/X509_PUBKEY_new.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, +X509_PUBKEY_new_ex, X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_dup, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY_ex, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param, @@ -12,6 +12,7 @@ X509_PUBKEY_eq - SubjectPublicKeyInfo public key functions #include + X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq); X509_PUBKEY *X509_PUBKEY_new(void); void X509_PUBKEY_free(X509_PUBKEY *a); X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a); @@ -44,7 +45,14 @@ X509_PUBKEY_eq - SubjectPublicKeyInfo public key functions The B structure represents the ASN.1 B structure defined in RFC5280 and used in certificates and certificate requests. -X509_PUBKEY_new() allocates and initializes an B structure. +X509_PUBKEY_new_ex() allocates and initializes an B structure +associated with the given B in the I parameter. Any +algorithm fetches associated with using the B object will use +the property query string I. See L for +further information about algorithm fetching. + +X509_PUBKEY_new() is the same as X509_PUBKEY_new_ex() except that the default +(NULL) B and a NULL property query string are used. X509_PUBKEY_dup() creates a duplicate copy of the B object specified by I. @@ -127,7 +135,8 @@ L, =head1 HISTORY -The X509_PUBKEY_eq() function was added in OpenSSL 3.0. +The X509_PUBKEY_new_ex() and X509_PUBKEY_eq() functions were added in OpenSSL +3.0. =head1 COPYRIGHT diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index e2d21a9540..6a71d68b9a 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -562,10 +562,11 @@ B such as EVP_aes_128_cbc() should be replaced vith a call t L. See L. Some functions can be passed an object that has already been set up with a library -context such as L, L and L. -If NULL is passed instead then the created object will be set up with the -default library context. Use L, L and -L if a library context is required. +context such as L, L, L and +L. If NULL is passed instead then the created object will be +set up with the default library context. Use L, +L, L and L if a +library context is required. All functions listed below with a I have a replacment function I that takes B as an additional argument. Functions that have other @@ -575,7 +576,8 @@ mappings are listed along with the respective name. =item - -L and L +L, L, L, +L, L and L =item - diff --git a/include/openssl/asn1.h.in b/include/openssl/asn1.h.in index e2b2b25cf3..40b43a227a 100644 --- a/include/openssl/asn1.h.in +++ b/include/openssl/asn1.h.in @@ -762,6 +762,8 @@ void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); in, \ CHECKED_PPTR_OF(type, x))) +void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, + OSSL_LIB_CTX *libctx, const char *propq); void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x); @@ -784,6 +786,8 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); in, \ CHECKED_PPTR_OF(type, x))) +void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *pval, + OSSL_LIB_CTX *libctx, const char *propq); void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *pval); int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x); @@ -843,7 +847,12 @@ void ASN1_STRING_TABLE_cleanup(void); /* Old API compatible functions */ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, + const char *propq); void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); @@ -919,8 +928,9 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, const char *propq); ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); -ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, const ASN1_ITEM *it, - ASN1_VALUE **x); +ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, + const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq); int SMIME_crlf_copy(BIO *in, BIO *out, int flags); int SMIME_text(BIO *in, BIO *out); diff --git a/include/openssl/asn1t.h.in b/include/openssl/asn1t.h.in index 2f40d1ca15..2e47473327 100644 --- a/include/openssl/asn1t.h.in +++ b/include/openssl/asn1t.h.in @@ -631,9 +631,15 @@ typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); +typedef int ASN1_ex_d2i_ex(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, + const char *propq); typedef int ASN1_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef int ASN1_ex_new_ex_func(ASN1_VALUE **pval, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef int ASN1_ex_print_func(BIO *out, const ASN1_VALUE **pval, @@ -657,6 +663,8 @@ typedef struct ASN1_EXTERN_FUNCS_st { ASN1_ex_d2i *asn1_ex_d2i; ASN1_ex_i2d *asn1_ex_i2d; ASN1_ex_print_func *asn1_ex_print; + ASN1_ex_new_ex_func *asn1_ex_new_ex; + ASN1_ex_d2i_ex *asn1_ex_d2i_ex; } ASN1_EXTERN_FUNCS; typedef struct ASN1_PRIMITIVE_FUNCS_st { @@ -696,7 +704,7 @@ typedef struct ASN1_AUX_st { void *app_data; int flags; int ref_offset; /* Offset of reference value */ - int ref_lock; /* Lock type to use */ + int ref_lock; /* Offset of lock value */ ASN1_aux_cb *asn1_cb; int enc_offset; /* Offset of ASN1_ENCODING structure */ ASN1_aux_const_cb *asn1_const_cb; /* for ASN1_OP_I2D_ and ASN1_OP_PRINT_ */ @@ -748,6 +756,8 @@ typedef struct ASN1_STREAM_ARG_st { # define ASN1_OP_DETACHED_POST 13 # define ASN1_OP_DUP_PRE 14 # define ASN1_OP_DUP_POST 15 +# define ASN1_OP_GET0_LIBCTX 16 +# define ASN1_OP_GET0_PROPQ 17 /* Macro to implement a primitive type */ # define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index 352ffcdb2f..27afa27d6a 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -380,7 +380,8 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); -OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file); +OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, + const char *propq); int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index d5d3cdb719..38c7b42c22 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -550,6 +550,7 @@ DECLARE_ASN1_FUNCTIONS(X509_VAL) DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) +X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq); int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key); EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key); diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index 863a765886..f470f5e445 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -223,7 +223,7 @@ static int test_exec_P10CR_ses(void) SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_P10CR; fixture->expected = 1; - if (!TEST_ptr(req = load_csr_der(pkcs10_f)) + if (!TEST_ptr(req = load_csr_der(pkcs10_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) { tear_down(fixture); fixture = NULL; diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index a9a858c07a..4f2ca1b40b 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -226,7 +226,7 @@ static int test_cmp_create_p10cr(void) fixture->bodytype = OSSL_CMP_PKIBODY_P10CR; fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ; fixture->expected = 1; - if (!TEST_ptr(p10cr = load_csr_der(pkcs10_f)) + if (!TEST_ptr(p10cr = load_csr_der(pkcs10_f, libctx)) || !TEST_true(set1_newPkey(ctx, newkey)) || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, p10cr))) { tear_down(fixture); @@ -504,7 +504,7 @@ static int test_cmp_pkimessage_create(int bodytype) switch (fixture->bodytype = bodytype) { case OSSL_CMP_PKIBODY_P10CR: fixture->expected = 1; - p10cr = load_csr_der(pkcs10_f); + p10cr = load_csr_der(pkcs10_f, libctx); if (!TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, p10cr))) { tear_down(fixture); fixture = NULL; diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index 5fafb69475..9111b89423 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -143,7 +143,7 @@ static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * static int test_cmp_calc_protection_no_key_no_secret(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) || !TEST_ptr(fixture->msg->header->protectionAlg = X509_ALGOR_new() /* no specific alg needed here */)) { tear_down(fixture); @@ -159,7 +159,7 @@ static int test_cmp_calc_protection_pkey(void) SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->pubkey = loadedpubkey; if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -174,7 +174,7 @@ static int test_cmp_calc_protection_pbmac(void) SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_insta, sizeof(sec_insta))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -577,8 +577,8 @@ int setup_tests(void) return 0; if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) loadedpubkey = loadedprivkey; - if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f)) - || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))) + if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) + || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) return 0; if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c index bff42c8baf..d93a75db81 100644 --- a/test/cmp_server_test.c +++ b/test/cmp_server_test.c @@ -148,7 +148,7 @@ int setup_tests(void) if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 1, USAGE)) return 0; - if (!TEST_ptr(request = load_pkimsg(request_f))) { + if (!TEST_ptr(request = load_pkimsg(request_f, libctx))) { cleanup_tests(); return 0; } diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index 2a06e0b097..a480090363 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -91,7 +91,7 @@ static int flip_bit(ASN1_BIT_STRING *bitstr) static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture) { - if ((fixture->msg = load_pkimsg(ir_protected_f)) == NULL) + if ((fixture->msg = load_pkimsg(ir_protected_f, libctx)) == NULL) return 0; if (fixture->expected == 0) { const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir; @@ -153,7 +153,7 @@ static int test_validate_msg_mac_alg_protection(void) fixture->expected = 1; if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1, sizeof(sec_1))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -174,7 +174,7 @@ static int test_validate_msg_mac_alg_protection_bad(void) if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad, sizeof(sec_bad))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -203,7 +203,7 @@ static int test_validate_msg_signature_partial_chain(int expired) ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx); fixture->expected = !expired; if (ts == NULL - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !add_trusted(fixture->cmp_ctx, srvcert)) { tear_down(fixture); fixture = NULL; @@ -233,7 +233,7 @@ static int test_validate_msg_signature_srvcert_wrong(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) { tear_down(fixture); fixture = NULL; @@ -246,7 +246,7 @@ static int test_validate_msg_signature_srvcert(int bad_sig) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = !bad_sig; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert)) || (bad_sig && !flip_bit(fixture->msg->protection))) { tear_down(fixture); @@ -272,7 +272,7 @@ static int test_validate_msg_signature_sender_cert_untrusted(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert) || !add_untrusted(fixture->cmp_ctx, insta_cert)) { tear_down(fixture); @@ -286,7 +286,7 @@ static int test_validate_msg_signature_sender_cert_trusted(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert) || !add_trusted(fixture->cmp_ctx, insta_cert)) { tear_down(fixture); @@ -300,7 +300,7 @@ static int test_validate_msg_signature_sender_cert_extracert(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert)) { tear_down(fixture); fixture = NULL; @@ -315,7 +315,7 @@ static int test_validate_msg_signature_sender_cert_absent(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))) { + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) { tear_down(fixture); fixture = NULL; } @@ -328,7 +328,7 @@ static int test_validate_with_sender(const X509_NAME *name, int expected) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = expected; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name)) || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) { tear_down(fixture); @@ -353,7 +353,7 @@ static int test_validate_msg_unprotected_request(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))) { + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -620,8 +620,8 @@ int setup_tests(void) goto err; if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) goto err; - if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)) - || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f))) + if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)) + || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx))) goto err; /* Message validation tests */ diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f91784b3a9..f26330b5d8 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1945,11 +1945,13 @@ static int test_emptyikm_HKDF(void) static int test_X509_PUBKEY_inplace(void) { int ret = 0; - X509_PUBKEY *xp = NULL; + X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq); const unsigned char *p = kExampleECPubKeyDER; size_t input_len = sizeof(kExampleECPubKeyDER); - if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))) + if (!TEST_ptr(xp)) + goto done; + if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))) goto done; if (!TEST_ptr(X509_PUBKEY_get0(xp))) @@ -1978,7 +1980,9 @@ static int test_X509_PUBKEY_dup(void) const unsigned char *p = kExampleECPubKeyDER; size_t input_len = sizeof(kExampleECPubKeyDER); - if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)) + xp = X509_PUBKEY_new_ex(testctx, testpropq); + if (!TEST_ptr(xp) + || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) || !TEST_ptr_ne(xp, xq)) goto done; diff --git a/test/helpers/cmp_testlib.c b/test/helpers/cmp_testlib.c index 2d7297c42b..e0fb1d3d34 100644 --- a/test/helpers/cmp_testlib.c +++ b/test/helpers/cmp_testlib.c @@ -12,11 +12,11 @@ #include "cmp_testlib.h" #include /* needed in case config no-deprecated */ -OSSL_CMP_MSG *load_pkimsg(const char *file) +OSSL_CMP_MSG *load_pkimsg(const char *file, OSSL_LIB_CTX *libctx) { OSSL_CMP_MSG *msg; - (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file))); + (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file, libctx, NULL))); return msg; } diff --git a/test/helpers/cmp_testlib.h b/test/helpers/cmp_testlib.h index 681b06ae22..50b085beca 100644 --- a/test/helpers/cmp_testlib.h +++ b/test/helpers/cmp_testlib.h @@ -21,7 +21,7 @@ # ifndef OPENSSL_NO_CMP # define CMP_TEST_REFVALUE_LENGTH 15 /* arbitrary value */ -OSSL_CMP_MSG *load_pkimsg(const char *file); +OSSL_CMP_MSG *load_pkimsg(const char *file, OSSL_LIB_CTX *libctx); int valid_asn1_encoding(const OSSL_CMP_MSG *msg); int STACK_OF_X509_cmp(const STACK_OF(X509) *sk1, const STACK_OF(X509) *sk2); int STACK_OF_X509_push1(STACK_OF(X509) *sk, X509 *cert); diff --git a/test/testutil.h b/test/testutil.h index 710f51c147..c28df702cc 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -592,6 +592,6 @@ EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx); X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx); X509 *load_cert_der(const unsigned char *bytes, int len); STACK_OF(X509) *load_certs_pem(const char *file); -X509_REQ *load_csr_der(const char *file); +X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx); #endif /* OSSL_TESTUTIL_H */ diff --git a/test/testutil/load.c b/test/testutil/load.c index 444fb8a78d..be30d7e053 100644 --- a/test/testutil/load.c +++ b/test/testutil/load.c @@ -81,14 +81,17 @@ EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx) return key; } -X509_REQ *load_csr_der(const char *file) +X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx) { X509_REQ *csr = NULL; BIO *bio = NULL; if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new_file(file, "rb"))) return NULL; - (void)TEST_ptr(csr = d2i_X509_REQ_bio(bio, NULL)); + + csr = X509_REQ_new_ex(libctx, NULL); + if (TEST_ptr(csr)) + (void)TEST_ptr(d2i_X509_REQ_bio(bio, &csr)); BIO_free(bio); return csr; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 6f763f1063..5c36c4d44a 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5407,3 +5407,8 @@ b2i_PVK_bio_ex ? 3_0_0 EXIST::FUNCTION: i2b_PVK_bio_ex ? 3_0_0 EXIST::FUNCTION: NCONF_get0_libctx ? 3_0_0 EXIST::FUNCTION: NCONF_get_section_names ? 3_0_0 EXIST::FUNCTION: +X509_PUBKEY_new_ex ? 3_0_0 EXIST::FUNCTION: +ASN1_item_new_ex ? 3_0_0 EXIST::FUNCTION: +ASN1_item_d2i_fp_ex ? 3_0_0 EXIST::FUNCTION:STDIO +ASN1_item_d2i_bio_ex ? 3_0_0 EXIST::FUNCTION: +ASN1_item_d2i_ex ? 3_0_0 EXIST::FUNCTION: diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index cd81ba7e09..67bfc7859d 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -137,9 +137,6 @@ ASN1_dup(3) ASN1_get_object(3) ASN1_i2d_bio(3) ASN1_i2d_fp(3) -ASN1_item_d2i(3) -ASN1_item_d2i_bio(3) -ASN1_item_d2i_fp(3) ASN1_item_digest(3) ASN1_item_dup(3) ASN1_item_ex_d2i(3) @@ -151,7 +148,6 @@ ASN1_item_i2d(3) ASN1_item_i2d_bio(3) ASN1_item_i2d_fp(3) ASN1_item_ndef_i2d(3) -ASN1_item_new(3) ASN1_item_pack(3) ASN1_item_print(3) ASN1_item_unpack(3) diff --git a/util/other.syms b/util/other.syms index 05c70df44f..8e1824c220 100644 --- a/util/other.syms +++ b/util/other.syms @@ -11,7 +11,20 @@ OPENSSL_instrument_bus2 assembler # ADMISSION_SYNTAX datatype ADMISSIONS datatype +ASN1_AUX datatype +ASN1_aux_cb datatype +ASN1_aux_const_cb datatype +ASN1_ex_d2i datatype +ASN1_ex_d2i_ex datatype +ASN1_ex_free_func datatype +ASN1_ex_i2d datatype +ASN1_ex_new_func datatype +ASN1_ex_new_ex_func datatype +ASN1_ex_print_func datatype +ASN1_EXTERN_FUNCS datatype ASN1_ITEM datatype +ASN1_PRINT_ARG datatype +ASN1_STREAM_ARG datatype ASN1_STRING_TABLE datatype ASYNC_callback_fn datatype BIO_ADDR datatype From levitte at openssl.org Sat Jun 5 08:39:40 2021 From: levitte at openssl.org (Richard Levitte) Date: Sat, 05 Jun 2021 08:39:40 +0000 Subject: [openssl] master update Message-ID: <1622882380.769674.2544.nullmailer@dev.openssl.org> The branch master has been updated via 0b3fe363e6188dcb854d480180c9af91cc613f2c (commit) via 50360c1a4b6584c404c62c3ac7631ba0ce3a88be (commit) from 3d9d1ce52904660757dadeb629926932abe25158 (commit) - Log ----------------------------------------------------------------- commit 0b3fe363e6188dcb854d480180c9af91cc613f2c Author: Richard Levitte Date: Fri Jun 4 10:25:00 2021 +0200 make update-fips-checksums Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15615) commit 50360c1a4b6584c404c62c3ac7631ba0ce3a88be Author: Richard Levitte Date: Fri Jun 4 10:19:40 2021 +0200 FIPS: don't include crypto/passphrase.c in libfips.a Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15615) ----------------------------------------------------------------------- Summary of changes: crypto/build.info | 4 ++-- providers/fips-sources.checksums | 8 +++----- providers/fips.checksum | 2 +- providers/fips.module.sources | 2 -- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/crypto/build.info b/crypto/build.info index 9d8eda2884..efca6cc105 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -95,13 +95,13 @@ $UTIL_COMMON=\ cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \ threads_pthread.c threads_win.c threads_none.c initthread.c \ context.c sparse_array.c asn1_dsa.c packet.c param_build.c \ - param_build_set.c der_writer.c passphrase.c threads_lib.c params_dup.c + param_build_set.c der_writer.c threads_lib.c params_dup.c SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ o_fopen.c getenv.c o_init.c init.c trace.c provider.c provider_child.c \ - punycode.c + punycode.c passphrase.c SOURCE[../providers/libfips.a]=$UTIL_COMMON SOURCE[../libcrypto]=$UPLINKSRC diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index e0b4a4a6d4..b56281b287 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -250,7 +250,6 @@ c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_b 07299afb0e8a7f5a7b43fef290c1fc1e280e4ca18472e7bb44e6a7e1c7efc027 crypto/params.c 4f2a8c9acf5898fdc1e4bf98813049947221cd9a1db04faaa490250591f54cb4 crypto/params_dup.c d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf crypto/params_from_text.c -0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f crypto/passphrase.c 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3 crypto/property/defn_cache.c e7ee9ae467238875a413c44552af3937942b4e61a8aa3af6bee81a456d9daad1 crypto/property/property.c d2ea0144cf661fe3369b2f1cae22409e2155313eaeed8eb8497aa2ab7a88e1ac crypto/property/property_local.h @@ -377,7 +376,6 @@ b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d include/intern 5df7377027b7c0640417441dea147eb0d95a0bd6b7a1a7e7f2a49cf4107faf87 include/internal/numbers.h ea1bec4f1fff37aef8d4a62745bb451baa3e3ad20ba1bc68920a24f5cbb2f0a7 include/internal/packet.h dd7ddecf30bef3002313e6b776ce34d660931e783b2f6edacf64c7c6e729e688 include/internal/param_build_set.h -54ec20cba51d1284f5da9b605823c344a68adb5f19c2c5e6f569aeb19cc70a7e include/internal/passphrase.h 6d08ed9c307c5d85dce8baf7ee3fc358bfc53b9026760884b2d7e4a051c5a2bd include/internal/property.h 727326afb3d33fdffdf26471e313f27892708318c0934089369e4b28267e2635 include/internal/propertyerr.h f214a3d1ebe1109b739f0846e26ba2cd644759e8546a218b202886450018d34e include/internal/provider.h @@ -389,9 +387,9 @@ f214a3d1ebe1109b739f0846e26ba2cd644759e8546a218b202886450018d34e include/intern 415b725d7f949a6191ab7bb30b48931bafc01c7aa93607e529fabbc853a4ddc5 include/internal/tlsgroups.h b24938409313384024524cbde837690d83119bcb70fb289b38cb7efa8e082852 include/internal/tsan_assist.h 2b38fb6e65d549aca3b2c76907daf67124f395251c0261dec26faa54da8d6d73 include/openssl/aes.h -323549254bf7055fd2928253f2fb307cd97903d32716406ac5b11c990f4d88e3 include/openssl/asn1.h.in +17fdc0e806fcb601e1013b6fbccdb9876a14aaa545dcf69120f4e72edd20dc8c include/openssl/asn1.h.in d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429 include/openssl/asn1err.h -23809ecb0bcc5d870a776a322f26f1f7339d2fabc275931b5bd0619b6b18e7c9 include/openssl/asn1t.h.in +1550474ee05423896ec4abfb6346f1bc44c7be22329efac9ea25de10e81d549c include/openssl/asn1t.h.in d23e74122090a71268818a8162bb0642d292b931eed2188f4f3a5c9083227a01 include/openssl/bio.h.in 0a26138aaded05cafe2326e11fdc19b28408e054cfe3dda40d45ef95ce8136b0 include/openssl/bioerr.h 7d1f9880976a926ba6e0cad08e8de6f326aae48d8350b499aa79127f63d4d108 include/openssl/bn.h @@ -466,7 +464,7 @@ c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openss ffd0b00e9fdb307c6f4369fa52005033ff4746cf49dd82bb9dfae1a83532e6e0 include/openssl/types.h f37b0da67078c8c220c442499e02f92dfe240f6d77ec942f2a562a18f338284a include/openssl/ui.h.in 558433ae747ebf3d9a71d583b7a7ee8c5476f3bef38d97a1f88bdcace4c2f311 include/openssl/uierr.h -fa88f86a4643441ecd6779894bb9533f63c275b5a871bae6687905185f315f94 include/openssl/x509.h.in +fb9db84c7609618557163360835a1bffbef1b8dfb161922e4bc74fa5e0ba8627 include/openssl/x509.h.in 7aea205aa1cc5472f7ec5e02c23435a4520af3883eff43ce2341a88abb5dcd4c include/openssl/x509_vfy.h.in 9e6409eddfa13a469c1da6c5b562825381da2eb4da3c08546aa1182a4ec54726 include/openssl/x509err.h 8ddb7bd65c766317f6f20ff615e4d0ddc99bc4ee0d6ec149e3834b8d4fe11a05 include/openssl/x509v3.h.in diff --git a/providers/fips.checksum b/providers/fips.checksum index c712c1c4ea..8e6ef45b0f 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -ef592dcb3367315f78795c64d131ca9ff062d1f6ca8702e1eef4b417e9b336a2 providers/fips-sources.checksums +ab3353a9f54a8efae5171b36a3ec11fa17662b4e3f3f68cdd3d0b9b0af41d117 providers/fips-sources.checksums diff --git a/providers/fips.module.sources b/providers/fips.module.sources index be4fc0de8f..262500ef1e 100644 --- a/providers/fips.module.sources +++ b/providers/fips.module.sources @@ -250,7 +250,6 @@ crypto/param_build_set.c crypto/params.c crypto/params_dup.c crypto/params_from_text.c -crypto/passphrase.c crypto/property/defn_cache.c crypto/property/property.c crypto/property/property_local.h @@ -377,7 +376,6 @@ include/internal/nelem.h include/internal/numbers.h include/internal/packet.h include/internal/param_build_set.h -include/internal/passphrase.h include/internal/property.h include/internal/propertyerr.h include/internal/provider.h From pauli at openssl.org Sat Jun 5 10:32:19 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Sat, 05 Jun 2021 10:32:19 +0000 Subject: [openssl] master update Message-ID: <1622889139.549194.23900.nullmailer@dev.openssl.org> The branch master has been updated via 6a5f97a671de6d4d9f0cd6f6fc23ad89ca4ad69f (commit) via e982e04f5dd12ee2546344b3a26fd0e55f59f5cb (commit) via 73c02a6201d08afb4ad5055fc3906e1d4504b578 (commit) via 6462a4f0508e451f0411e88b2f465f27f1db6cc7 (commit) via 9379bf943a12090de6280e88fb0d246e73658116 (commit) via 6ec3b2cf4992a304b4ab36f7b9e9ff130bd495b7 (commit) from 0b3fe363e6188dcb854d480180c9af91cc613f2c (commit) - Log ----------------------------------------------------------------- commit 6a5f97a671de6d4d9f0cd6f6fc23ad89ca4ad69f Author: Richard Levitte Date: Wed Jun 2 06:49:09 2021 +0200 PROV: drop get_params() and gettable_params() from all encoder implementatio They aren't needed at all any more, since the properties contain the same information. This also drops the parameter names OSSL_ENCODER_PARAM_OUTPUT_TYPE and OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15570) commit e982e04f5dd12ee2546344b3a26fd0e55f59f5cb Author: Richard Levitte Date: Wed Jun 2 06:37:43 2021 +0200 ENCODER: use property definitions instead of getting implementation parameters The OSSL_ENCODER library used to ask each encoder implementation for certain data in form of parameters to place them correctly in the encoder chain, if at all. These parameters were duplicates of properties of those same implementations, and therefore unnecessarily redundant. Now that we have functionality to query property definition values, those duplicates are no longer needed, and are therefore not looked at any more. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15570) commit 73c02a6201d08afb4ad5055fc3906e1d4504b578 Author: Richard Levitte Date: Wed Jun 2 06:32:00 2021 +0200 ENCODER: Drop OSSL_ENCODER_PARAM_INPUT_TYPE This was a poor substitute for using the name of the decoder implementation, and since there is functionality to get the latter now, this parameter can be dropped. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15570) commit 6462a4f0508e451f0411e88b2f465f27f1db6cc7 Author: Richard Levitte Date: Tue Jun 1 20:10:45 2021 +0200 PROV: drop get_params() and gettable_params() from all decoder implementations They aren't needed at all any more, since the properties contain the same information. This also drops the parameter names OSSL_DECODER_PARAM_INPUT_TYPE and OSSL_DECODER_PARAM_INPUT_STRUCTURE. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15570) commit 9379bf943a12090de6280e88fb0d246e73658116 Author: Richard Levitte Date: Tue Jun 1 20:04:59 2021 +0200 DECODER: use property definitions instead of getting implementation parameters The OSSL_DECODER library used to ask each decoder implementation for certain data in form of parameters to place them correctly in the decoder chain, if at all. These parameters were duplicates of properties of those same implementations, and therefore unnecessarily redundant. Now that we have functionality to query property definition values, those duplicates are no longer needed, and are therefore not looked at any more. This adds the "global" error reason ERR_R_INVALID_PROPERTY_DEFINITION, which can be re-used elsewhere. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15570) commit 6ec3b2cf4992a304b4ab36f7b9e9ff130bd495b7 Author: Richard Levitte Date: Tue Jun 1 20:02:24 2021 +0200 property: Add functionality to query data from a property definition This required making some OSSL_PROPERTY types a little less private. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15570) ----------------------------------------------------------------------- Summary of changes: crypto/encode_decode/decoder_lib.c | 54 ++++--- crypto/encode_decode/decoder_meth.c | 15 ++ crypto/encode_decode/encoder_lib.c | 86 ++++++------ crypto/encode_decode/encoder_local.h | 8 +- crypto/encode_decode/encoder_meth.c | 19 ++- crypto/err/err.c | 2 + crypto/property/build.info | 2 +- crypto/property/property_local.h | 21 +++ crypto/property/property_parse.c | 156 +++++++++------------ crypto/property/property_query.c | 53 +++++++ doc/man3/OSSL_ENCODER_CTX.pod | 11 -- doc/man7/provider-decoder.pod | 104 ++++---------- doc/man7/provider-encoder.pod | 51 ++----- include/internal/property.h | 15 ++ include/openssl/core_names.h | 5 - include/openssl/encoder.h | 2 - include/openssl/err.h.in | 1 + .../implementations/encode_decode/decode_der2key.c | 51 ------- .../encode_decode/decode_msblob2key.c | 27 ---- .../implementations/encode_decode/decode_pem2der.c | 27 ---- .../implementations/encode_decode/decode_pvk2key.c | 27 ---- .../implementations/encode_decode/encode_key2any.c | 88 ------------ .../encode_decode/encode_key2blob.c | 27 ---- .../implementations/encode_decode/encode_key2ms.c | 37 ----- .../encode_decode/encode_key2text.c | 35 ----- .../implementations/storemgmt/file_store_der2obj.c | 28 +--- util/libcrypto.num | 1 - 27 files changed, 306 insertions(+), 647 deletions(-) create mode 100644 crypto/property/property_query.c diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index ddfd90aae5..bf9b17f754 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -16,8 +16,8 @@ #include #include #include -#include "internal/passphrase.h" #include "internal/bio.h" +#include "internal/provider.h" #include "crypto/decoder.h" #include "encoder_local.h" #include "e_os.h" @@ -204,19 +204,16 @@ OSSL_DECODER_INSTANCE *ossl_decoder_instance_new(OSSL_DECODER *decoder, void *decoderctx) { OSSL_DECODER_INSTANCE *decoder_inst = NULL; - OSSL_PARAM params[3]; + const OSSL_PROVIDER *prov; + OSSL_LIB_CTX *libctx; + const OSSL_PROPERTY_LIST *props; + const OSSL_PROPERTY_DEFINITION *prop; if (!ossl_assert(decoder != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (decoder->get_params == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, - OSSL_DECODER_R_MISSING_GET_PARAMS); - return 0; - } - if ((decoder_inst = OPENSSL_zalloc(sizeof(*decoder_inst))) == NULL) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); return 0; @@ -226,22 +223,35 @@ OSSL_DECODER_INSTANCE *ossl_decoder_instance_new(OSSL_DECODER *decoder, goto err; } - /* Cache the input type for this decoder */ - params[0] = - OSSL_PARAM_construct_utf8_ptr(OSSL_DECODER_PARAM_INPUT_TYPE, - (char **)&decoder_inst->input_type, 0); - params[1] = - OSSL_PARAM_construct_utf8_ptr(OSSL_DECODER_PARAM_INPUT_STRUCTURE, - (char **)&decoder_inst->input_structure, - 0); - params[2] = OSSL_PARAM_construct_end(); - - if (!decoder->get_params(params) - || !OSSL_PARAM_modified(¶ms[0])) + prov = OSSL_DECODER_get0_provider(decoder); + libctx = ossl_provider_libctx(prov); + props = ossl_decoder_parsed_properties(decoder); + if (props == NULL) { + ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, + "there are no property definitions with decoder %s", + OSSL_DECODER_get0_name(decoder)); + goto err; + } + + /* The "input" property is mandatory */ + prop = ossl_property_find_property(props, libctx, "input"); + decoder_inst->input_type = ossl_property_get_string_value(libctx, prop); + if (decoder_inst->input_type == NULL) { + ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, + "the mandatory 'input' property is missing " + "for decoder %s (properties: %s)", + OSSL_DECODER_get0_name(decoder), + OSSL_DECODER_get0_properties(decoder)); goto err; + } + + /* The "structure" property is optional */ + prop = ossl_property_find_property(props, libctx, "structure"); + if (prop != NULL) { + decoder_inst->input_structure + = ossl_property_get_string_value(libctx, prop); + } - decoder_inst->flag_input_structure_was_set = - OSSL_PARAM_modified(¶ms[1]); decoder_inst->decoder = decoder; decoder_inst->decoderctx = decoderctx; return decoder_inst; diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c index 7197b9090d..e203c5fe66 100644 --- a/crypto/encode_decode/decoder_meth.c +++ b/crypto/encode_decode/decoder_meth.c @@ -59,6 +59,7 @@ void OSSL_DECODER_free(OSSL_DECODER *decoder) if (ref > 0) return; OPENSSL_free(decoder->base.name); + ossl_property_free(decoder->base.parsed_propdef); ossl_provider_free(decoder->base.prov); CRYPTO_THREAD_lock_free(decoder->base.lock); OPENSSL_free(decoder); @@ -166,6 +167,7 @@ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, { OSSL_DECODER *decoder = NULL; const OSSL_DISPATCH *fns = algodef->implementation; + OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); if ((decoder = ossl_decoder_new()) == NULL) return NULL; @@ -176,6 +178,8 @@ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, } decoder->base.propdef = algodef->property_definition; decoder->base.description = algodef->algorithm_description; + decoder->base.parsed_propdef + = ossl_parse_property(libctx, algodef->property_definition); for (; fns->function_id != 0; fns++) { switch (fns->function_id) { @@ -421,6 +425,17 @@ const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder) return decoder->base.propdef; } +const OSSL_PROPERTY_LIST * +ossl_decoder_parsed_properties(const OSSL_DECODER *decoder) +{ + if (!ossl_assert(decoder != NULL)) { + ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + return decoder->base.parsed_propdef; +} + int ossl_decoder_get_number(const OSSL_DECODER *decoder) { if (!ossl_assert(decoder != NULL)) { diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c index 4481773610..cb47e8bc71 100644 --- a/crypto/encode_decode/encoder_lib.c +++ b/crypto/encode_decode/encoder_lib.c @@ -16,6 +16,7 @@ #include #include #include "internal/bio.h" +#include "internal/provider.h" #include "encoder_local.h" struct encoder_process_data_st { @@ -36,6 +37,8 @@ struct encoder_process_data_st { OSSL_ENCODER_INSTANCE *prev_encoder_inst; unsigned char *running_output; size_t running_output_length; + /* Data type = the name of the first succeeding encoder implementation */ + const char *data_type; }; static int encoder_process(struct encoder_process_data_st *data); @@ -178,49 +181,54 @@ static OSSL_ENCODER_INSTANCE *ossl_encoder_instance_new(OSSL_ENCODER *encoder, void *encoderctx) { OSSL_ENCODER_INSTANCE *encoder_inst = NULL; - OSSL_PARAM params[4]; + const OSSL_PROVIDER *prov; + OSSL_LIB_CTX *libctx; + const OSSL_PROPERTY_LIST *props; + const OSSL_PROPERTY_DEFINITION *prop; if (!ossl_assert(encoder != NULL)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (encoder->get_params == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, - OSSL_ENCODER_R_MISSING_GET_PARAMS); - return 0; - } - if ((encoder_inst = OPENSSL_zalloc(sizeof(*encoder_inst))) == NULL) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); return 0; } - /* - * Cache the input and output types for this encoder. The output type - * is mandatory. - */ - params[0] = - OSSL_PARAM_construct_utf8_ptr(OSSL_ENCODER_PARAM_OUTPUT_TYPE, - (char **)&encoder_inst->output_type, 0); - params[1] = - OSSL_PARAM_construct_utf8_ptr(OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE, - (char **)&encoder_inst->output_structure, - 0); - params[2] = - OSSL_PARAM_construct_utf8_ptr(OSSL_ENCODER_PARAM_INPUT_TYPE, - (char **)&encoder_inst->input_type, 0); - params[3] = OSSL_PARAM_construct_end(); - - if (!encoder->get_params(params) - || !OSSL_PARAM_modified(¶ms[0])) - goto err; - if (!OSSL_ENCODER_up_ref(encoder)) { ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INTERNAL_ERROR); goto err; } + prov = OSSL_ENCODER_get0_provider(encoder); + libctx = ossl_provider_libctx(prov); + props = ossl_encoder_parsed_properties(encoder); + if (props == NULL) { + ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, + "there are no property definitions with encoder %s", + OSSL_ENCODER_get0_name(encoder)); + goto err; + } + + /* The "output" property is mandatory */ + prop = ossl_property_find_property(props, libctx, "output"); + encoder_inst->output_type = ossl_property_get_string_value(libctx, prop); + if (encoder_inst->output_type == NULL) { + ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, + "the mandatory 'output' property is missing " + "for encoder %s (properties: %s)", + OSSL_ENCODER_get0_name(encoder), + OSSL_ENCODER_get0_properties(encoder)); + goto err; + } + + /* The "structure" property is optional */ + prop = ossl_property_find_property(props, libctx, "structure"); + if (prop != NULL) + encoder_inst->output_structure + = ossl_property_get_string_value(libctx, prop); + encoder_inst->encoder = encoder; encoder_inst->encoderctx = encoderctx; return encoder_inst; @@ -260,8 +268,8 @@ static int ossl_encoder_ctx_add_encoder_inst(OSSL_ENCODER_CTX *ctx, "(ctx %p) Added encoder instance %p (encoder %p) with:\n", (void *)ctx, (void *)ei, (void *)ei->encoder); BIO_printf(trc_out, - " output type: %s, output structure: %s, input type :%s\n", - ei->output_type, ei->output_structure, ei->input_type); + " output type: %s, output structure: %s\n", + ei->output_type, ei->output_structure); } OSSL_TRACE_END(ENCODER); } return ok; @@ -362,14 +370,6 @@ OSSL_ENCODER_INSTANCE_get_encoder_ctx(OSSL_ENCODER_INSTANCE *encoder_inst) return encoder_inst->encoderctx; } -const char * -OSSL_ENCODER_INSTANCE_get_input_type(OSSL_ENCODER_INSTANCE *encoder_inst) -{ - if (encoder_inst == NULL) - return NULL; - return encoder_inst->input_type; -} - const char * OSSL_ENCODER_INSTANCE_get_output_type(OSSL_ENCODER_INSTANCE *encoder_inst) { @@ -566,6 +566,9 @@ static int encoder_process(struct encoder_process_data_st *data) data->ctx->construct(current_encoder_inst, data->ctx->construct_data); + /* Also set the data type, using the encoder implementation name */ + data->data_type = OSSL_ENCODER_get0_name(current_encoder); + /* Assume that the constructor recorded an error */ if (original_data != NULL) ok = 1; @@ -586,15 +589,12 @@ static int encoder_process(struct encoder_process_data_st *data) */ OSSL_PARAM *abstract_p = abstract; - const char *prev_input_type = - OSSL_ENCODER_INSTANCE_get_input_type(data->prev_encoder_inst); const char *prev_output_structure = OSSL_ENCODER_INSTANCE_get_output_structure(data->prev_encoder_inst); - if (prev_input_type != NULL) - *abstract_p++ = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - (char *)prev_input_type, 0); + *abstract_p++ = + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)data->data_type, 0); if (prev_output_structure != NULL) *abstract_p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, diff --git a/crypto/encode_decode/encoder_local.h b/crypto/encode_decode/encoder_local.h index d53f760379..a0b10dcd5e 100644 --- a/crypto/encode_decode/encoder_local.h +++ b/crypto/encode_decode/encoder_local.h @@ -14,6 +14,7 @@ #include #include "internal/cryptlib.h" #include "internal/passphrase.h" +#include "internal/property.h" #include "internal/refcount.h" struct ossl_endecode_base_st { @@ -22,6 +23,7 @@ struct ossl_endecode_base_st { char *name; const char *propdef; const char *description; + OSSL_PROPERTY_LIST *parsed_propdef; CRYPTO_REF_COUNT refcnt; CRYPTO_RWLOCK *lock; @@ -57,7 +59,6 @@ struct ossl_decoder_st { struct ossl_encoder_instance_st { OSSL_ENCODER *encoder; /* Never NULL */ void *encoderctx; /* Never NULL */ - const char *input_type; /* May be NULL */ const char *output_type; /* Never NULL */ const char *output_structure; /* May be NULL */ }; @@ -157,3 +158,8 @@ struct ossl_decoder_ctx_st { /* For any function that needs a passphrase reader */ struct ossl_passphrase_data_st pwdata; }; + +const OSSL_PROPERTY_LIST * +ossl_decoder_parsed_properties(const OSSL_DECODER *decoder); +const OSSL_PROPERTY_LIST * +ossl_encoder_parsed_properties(const OSSL_ENCODER *encoder); diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c index 81cebb2659..d50f1dcd0b 100644 --- a/crypto/encode_decode/encoder_meth.c +++ b/crypto/encode_decode/encoder_meth.c @@ -59,6 +59,7 @@ void OSSL_ENCODER_free(OSSL_ENCODER *encoder) if (ref > 0) return; OPENSSL_free(encoder->base.name); + ossl_property_free(encoder->base.parsed_propdef); ossl_provider_free(encoder->base.prov); CRYPTO_THREAD_lock_free(encoder->base.lock); OPENSSL_free(encoder); @@ -166,6 +167,7 @@ static void *encoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, { OSSL_ENCODER *encoder = NULL; const OSSL_DISPATCH *fns = algodef->implementation; + OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); if ((encoder = ossl_encoder_new()) == NULL) return NULL; @@ -176,6 +178,8 @@ static void *encoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, } encoder->base.propdef = algodef->property_definition; encoder->base.description = algodef->algorithm_description; + encoder->base.parsed_propdef + = ossl_parse_property(libctx, algodef->property_definition); for (; fns->function_id != 0; fns++) { switch (fns->function_id) { @@ -239,9 +243,7 @@ static void *encoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, || (encoder->newctx != NULL && encoder->freectx != NULL) || (encoder->import_object != NULL && encoder->free_object != NULL) || (encoder->import_object == NULL && encoder->free_object == NULL)) - || encoder->encode == NULL - || encoder->gettable_params == NULL - || encoder->get_params == NULL) { + || encoder->encode == NULL) { OSSL_ENCODER_free(encoder); ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INVALID_PROVIDER_FUNCTIONS); return NULL; @@ -433,6 +435,17 @@ const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder) return encoder->base.propdef; } +const OSSL_PROPERTY_LIST * +ossl_encoder_parsed_properties(const OSSL_ENCODER *encoder) +{ + if (!ossl_assert(encoder != NULL)) { + ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + return encoder->base.parsed_propdef; +} + int ossl_encoder_get_number(const OSSL_ENCODER *encoder) { if (!ossl_assert(encoder != NULL)) { diff --git a/crypto/err/err.c b/crypto/err/err.c index 84bb429c64..9b1a15d5bd 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -125,6 +125,8 @@ static ERR_STRING_DATA ERR_str_reasons[] = { * unsupported. */ {ERR_R_FETCH_FAILED, "fetch failed"}, + + {ERR_R_INVALID_PROPERTY_DEFINITION, "invalid property definition"}, {0, NULL}, }; #endif diff --git a/crypto/property/build.info b/crypto/property/build.info index 56f26760c6..dac9ab7a3b 100644 --- a/crypto/property/build.info +++ b/crypto/property/build.info @@ -1,5 +1,5 @@ LIBS=../../libcrypto -$COMMON=property_string.c property_parse.c property.c defn_cache.c +$COMMON=property_string.c property_parse.c property_query.c property.c defn_cache.c SOURCE[../../libcrypto]=$COMMON property_err.c SOURCE[../../providers/libfips.a]=$COMMON SOURCE[../../providers/liblegacy.a]=$COMMON diff --git a/crypto/property/property_local.h b/crypto/property/property_local.h index 8cc3a51270..db1b0a5ee4 100644 --- a/crypto/property/property_local.h +++ b/crypto/property/property_local.h @@ -13,6 +13,27 @@ typedef int OSSL_PROPERTY_IDX; +typedef enum { + OSSL_PROPERTY_OPER_EQ, OSSL_PROPERTY_OPER_NE, OSSL_PROPERTY_OVERRIDE +} OSSL_PROPERTY_OPER; + +struct ossl_property_definition_st { + OSSL_PROPERTY_IDX name_idx; + OSSL_PROPERTY_TYPE type; + OSSL_PROPERTY_OPER oper; + unsigned int optional : 1; + union { + int64_t int_val; /* Signed integer */ + OSSL_PROPERTY_IDX str_val; /* String */ + } v; +}; + +struct ossl_property_list_st { + int n; + unsigned int has_optional : 1; + OSSL_PROPERTY_DEFINITION properties[1]; +}; + /* Property string functions */ OSSL_PROPERTY_IDX ossl_property_name(OSSL_LIB_CTX *ctx, const char *s, int create); diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 6352def860..149e1956b7 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -19,35 +19,9 @@ #include "property_local.h" #include "e_os.h" -typedef enum { - PROPERTY_TYPE_STRING, PROPERTY_TYPE_NUMBER, - PROPERTY_TYPE_VALUE_UNDEFINED -} PROPERTY_TYPE; - -typedef enum { - PROPERTY_OPER_EQ, PROPERTY_OPER_NE, PROPERTY_OVERRIDE -} PROPERTY_OPER; - -typedef struct { - OSSL_PROPERTY_IDX name_idx; - PROPERTY_TYPE type; - PROPERTY_OPER oper; - unsigned int optional : 1; - union { - int64_t int_val; /* Signed integer */ - OSSL_PROPERTY_IDX str_val; /* String */ - } v; -} PROPERTY_DEFINITION; - -struct ossl_property_list_st { - int n; - unsigned int has_optional : 1; - PROPERTY_DEFINITION properties[1]; -}; - static OSSL_PROPERTY_IDX ossl_property_true, ossl_property_false; -DEFINE_STACK_OF(PROPERTY_DEFINITION) +DEFINE_STACK_OF(OSSL_PROPERTY_DEFINITION) static const char *skip_space(const char *s) { @@ -120,7 +94,7 @@ static int parse_name(OSSL_LIB_CTX *ctx, const char *t[], int create, return 1; } -static int parse_number(const char *t[], PROPERTY_DEFINITION *res) +static int parse_number(const char *t[], OSSL_PROPERTY_DEFINITION *res) { const char *s = *t; int64_t v = 0; @@ -136,12 +110,12 @@ static int parse_number(const char *t[], PROPERTY_DEFINITION *res) return 0; } *t = skip_space(s); - res->type = PROPERTY_TYPE_NUMBER; + res->type = OSSL_PROPERTY_TYPE_NUMBER; res->v.int_val = v; return 1; } -static int parse_hex(const char *t[], PROPERTY_DEFINITION *res) +static int parse_hex(const char *t[], OSSL_PROPERTY_DEFINITION *res) { const char *s = *t; int64_t v = 0; @@ -161,12 +135,12 @@ static int parse_hex(const char *t[], PROPERTY_DEFINITION *res) return 0; } *t = skip_space(s); - res->type = PROPERTY_TYPE_NUMBER; + res->type = OSSL_PROPERTY_TYPE_NUMBER; res->v.int_val = v; return 1; } -static int parse_oct(const char *t[], PROPERTY_DEFINITION *res) +static int parse_oct(const char *t[], OSSL_PROPERTY_DEFINITION *res) { const char *s = *t; int64_t v = 0; @@ -182,13 +156,13 @@ static int parse_oct(const char *t[], PROPERTY_DEFINITION *res) return 0; } *t = skip_space(s); - res->type = PROPERTY_TYPE_NUMBER; + res->type = OSSL_PROPERTY_TYPE_NUMBER; res->v.int_val = v; return 1; } static int parse_string(OSSL_LIB_CTX *ctx, const char *t[], char delim, - PROPERTY_DEFINITION *res, const int create) + OSSL_PROPERTY_DEFINITION *res, const int create) { char v[1000]; const char *s = *t; @@ -214,12 +188,12 @@ static int parse_string(OSSL_LIB_CTX *ctx, const char *t[], char delim, res->v.str_val = ossl_property_value(ctx, v, create); } *t = skip_space(s + 1); - res->type = PROPERTY_TYPE_STRING; + res->type = OSSL_PROPERTY_TYPE_STRING; return !err; } static int parse_unquoted(OSSL_LIB_CTX *ctx, const char *t[], - PROPERTY_DEFINITION *res, const int create) + OSSL_PROPERTY_DEFINITION *res, const int create) { char v[1000]; const char *s = *t; @@ -247,12 +221,12 @@ static int parse_unquoted(OSSL_LIB_CTX *ctx, const char *t[], res->v.str_val = ossl_property_value(ctx, v, create); } *t = skip_space(s); - res->type = PROPERTY_TYPE_STRING; + res->type = OSSL_PROPERTY_TYPE_STRING; return !err; } static int parse_value(OSSL_LIB_CTX *ctx, const char *t[], - PROPERTY_DEFINITION *res, int create) + OSSL_PROPERTY_DEFINITION *res, int create) { const char *s = *t; int r = 0; @@ -282,11 +256,11 @@ static int parse_value(OSSL_LIB_CTX *ctx, const char *t[], return r; } -static int pd_compare(const PROPERTY_DEFINITION *const *p1, - const PROPERTY_DEFINITION *const *p2) +static int pd_compare(const OSSL_PROPERTY_DEFINITION *const *p1, + const OSSL_PROPERTY_DEFINITION *const *p2) { - const PROPERTY_DEFINITION *pd1 = *p1; - const PROPERTY_DEFINITION *pd2 = *p2; + const OSSL_PROPERTY_DEFINITION *pd1 = *p1; + const OSSL_PROPERTY_DEFINITION *pd2 = *p2; if (pd1->name_idx < pd2->name_idx) return -1; @@ -295,7 +269,7 @@ static int pd_compare(const PROPERTY_DEFINITION *const *p1, return 0; } -static void pd_free(PROPERTY_DEFINITION *pd) +static void pd_free(OSSL_PROPERTY_DEFINITION *pd) { OPENSSL_free(pd); } @@ -304,21 +278,21 @@ static void pd_free(PROPERTY_DEFINITION *pd) * Convert a stack of property definitions and queries into a fixed array. * The items are sorted for efficient query. The stack is not freed. */ -static OSSL_PROPERTY_LIST *stack_to_property_list(STACK_OF(PROPERTY_DEFINITION) - *sk) +static OSSL_PROPERTY_LIST * +stack_to_property_list(STACK_OF(OSSL_PROPERTY_DEFINITION) *sk) { - const int n = sk_PROPERTY_DEFINITION_num(sk); + const int n = sk_OSSL_PROPERTY_DEFINITION_num(sk); OSSL_PROPERTY_LIST *r; int i; r = OPENSSL_malloc(sizeof(*r) + (n <= 0 ? 0 : n - 1) * sizeof(r->properties[0])); if (r != NULL) { - sk_PROPERTY_DEFINITION_sort(sk); + sk_OSSL_PROPERTY_DEFINITION_sort(sk); r->has_optional = 0; for (i = 0; i < n; i++) { - r->properties[i] = *sk_PROPERTY_DEFINITION_value(sk, i); + r->properties[i] = *sk_OSSL_PROPERTY_DEFINITION_value(sk, i); r->has_optional |= r->properties[i].optional; } r->n = n; @@ -328,13 +302,13 @@ static OSSL_PROPERTY_LIST *stack_to_property_list(STACK_OF(PROPERTY_DEFINITION) OSSL_PROPERTY_LIST *ossl_parse_property(OSSL_LIB_CTX *ctx, const char *defn) { - PROPERTY_DEFINITION *prop = NULL; + OSSL_PROPERTY_DEFINITION *prop = NULL; OSSL_PROPERTY_LIST *res = NULL; - STACK_OF(PROPERTY_DEFINITION) *sk; + STACK_OF(OSSL_PROPERTY_DEFINITION) *sk; const char *s = defn; int done; - if (s == NULL || (sk = sk_PROPERTY_DEFINITION_new(&pd_compare)) == NULL) + if (s == NULL || (sk = sk_OSSL_PROPERTY_DEFINITION_new(&pd_compare)) == NULL) return NULL; s = skip_space(s); @@ -349,7 +323,7 @@ OSSL_PROPERTY_LIST *ossl_parse_property(OSSL_LIB_CTX *ctx, const char *defn) prop->optional = 0; if (!parse_name(ctx, &s, 1, &prop->name_idx)) goto err; - prop->oper = PROPERTY_OPER_EQ; + prop->oper = OSSL_PROPERTY_OPER_EQ; if (prop->name_idx == 0) { ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, "Unknown name HERE-->%s", start); @@ -363,11 +337,11 @@ OSSL_PROPERTY_LIST *ossl_parse_property(OSSL_LIB_CTX *ctx, const char *defn) } } else { /* A name alone means a true Boolean */ - prop->type = PROPERTY_TYPE_STRING; + prop->type = OSSL_PROPERTY_TYPE_STRING; prop->v.str_val = ossl_property_true; } - if (!sk_PROPERTY_DEFINITION_push(sk, prop)) + if (!sk_OSSL_PROPERTY_DEFINITION_push(sk, prop)) goto err; prop = NULL; done = !match_ch(&s, ','); @@ -381,19 +355,19 @@ OSSL_PROPERTY_LIST *ossl_parse_property(OSSL_LIB_CTX *ctx, const char *defn) err: OPENSSL_free(prop); - sk_PROPERTY_DEFINITION_pop_free(sk, &pd_free); + sk_OSSL_PROPERTY_DEFINITION_pop_free(sk, &pd_free); return res; } OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s, int create_values) { - STACK_OF(PROPERTY_DEFINITION) *sk; + STACK_OF(OSSL_PROPERTY_DEFINITION) *sk; OSSL_PROPERTY_LIST *res = NULL; - PROPERTY_DEFINITION *prop = NULL; + OSSL_PROPERTY_DEFINITION *prop = NULL; int done; - if (s == NULL || (sk = sk_PROPERTY_DEFINITION_new(&pd_compare)) == NULL) + if (s == NULL || (sk = sk_OSSL_PROPERTY_DEFINITION_new(&pd_compare)) == NULL) return NULL; s = skip_space(s); @@ -405,7 +379,7 @@ OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s, memset(&prop->v, 0, sizeof(prop->v)); if (match_ch(&s, '-')) { - prop->oper = PROPERTY_OVERRIDE; + prop->oper = OSSL_PROPERTY_OVERRIDE; prop->optional = 0; if (!parse_name(ctx, &s, 1, &prop->name_idx)) goto err; @@ -416,21 +390,21 @@ OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s, goto err; if (match_ch(&s, '=')) { - prop->oper = PROPERTY_OPER_EQ; + prop->oper = OSSL_PROPERTY_OPER_EQ; } else if (MATCH(&s, "!=")) { - prop->oper = PROPERTY_OPER_NE; + prop->oper = OSSL_PROPERTY_OPER_NE; } else { /* A name alone is a Boolean comparison for true */ - prop->oper = PROPERTY_OPER_EQ; - prop->type = PROPERTY_TYPE_STRING; + prop->oper = OSSL_PROPERTY_OPER_EQ; + prop->type = OSSL_PROPERTY_TYPE_STRING; prop->v.str_val = ossl_property_true; goto skip_value; } if (!parse_value(ctx, &s, prop, create_values)) - prop->type = PROPERTY_TYPE_VALUE_UNDEFINED; + prop->type = OSSL_PROPERTY_TYPE_VALUE_UNDEFINED; skip_value: - if (!sk_PROPERTY_DEFINITION_push(sk, prop)) + if (!sk_OSSL_PROPERTY_DEFINITION_push(sk, prop)) goto err; prop = NULL; done = !match_ch(&s, ','); @@ -444,7 +418,7 @@ skip_value: err: OPENSSL_free(prop); - sk_PROPERTY_DEFINITION_pop_free(sk, &pd_free); + sk_OSSL_PROPERTY_DEFINITION_pop_free(sk, &pd_free); return res; } @@ -459,7 +433,7 @@ int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, { int i; OSSL_PROPERTY_IDX name_id; - const PROPERTY_DEFINITION *prop = NULL; + const OSSL_PROPERTY_DEFINITION *prop = NULL; if (prop_list == NULL) return 0; @@ -471,12 +445,12 @@ int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, for (i = 0; i < prop_list->n; ++i) { if (prop[i].name_idx == name_id) { /* Do a separate check for override as it does not set type */ - if (prop[i].optional || prop[i].oper == PROPERTY_OVERRIDE) + if (prop[i].optional || prop[i].oper == OSSL_PROPERTY_OVERRIDE) return 0; - return (prop[i].type == PROPERTY_TYPE_STRING - && ((prop[i].oper == PROPERTY_OPER_EQ + return (prop[i].type == OSSL_PROPERTY_TYPE_STRING + && ((prop[i].oper == OSSL_PROPERTY_OPER_EQ && prop[i].v.str_val == ossl_property_true) - || (prop[i].oper == PROPERTY_OPER_NE + || (prop[i].oper == OSSL_PROPERTY_OPER_NE && prop[i].v.str_val != ossl_property_true))); } } @@ -490,13 +464,13 @@ int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, const OSSL_PROPERTY_LIST *defn) { - const PROPERTY_DEFINITION *const q = query->properties; - const PROPERTY_DEFINITION *const d = defn->properties; + const OSSL_PROPERTY_DEFINITION *const q = query->properties; + const OSSL_PROPERTY_DEFINITION *const d = defn->properties; int i = 0, j = 0, matches = 0; - PROPERTY_OPER oper; + OSSL_PROPERTY_OPER oper; while (i < query->n) { - if ((oper = q[i].oper) == PROPERTY_OVERRIDE) { + if ((oper = q[i].oper) == OSSL_PROPERTY_OVERRIDE) { i++; continue; } @@ -509,8 +483,8 @@ int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, const int eq = q[i].type == d[j].type && memcmp(&q[i].v, &d[j].v, sizeof(q[i].v)) == 0; - if ((eq && oper == PROPERTY_OPER_EQ) - || (!eq && oper == PROPERTY_OPER_NE)) + if ((eq && oper == OSSL_PROPERTY_OPER_EQ) + || (!eq && oper == OSSL_PROPERTY_OPER_NE)) matches++; else if (!q[i].optional) return -1; @@ -525,15 +499,15 @@ int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, * definition. The former fails for any comparison except inequality, * the latter is treated as a comparison against the Boolean false. */ - if (q[i].type == PROPERTY_TYPE_VALUE_UNDEFINED) { - if (oper == PROPERTY_OPER_NE) + if (q[i].type == OSSL_PROPERTY_TYPE_VALUE_UNDEFINED) { + if (oper == OSSL_PROPERTY_OPER_NE) matches++; else if (!q[i].optional) return -1; - } else if (q[i].type != PROPERTY_TYPE_STRING - || (oper == PROPERTY_OPER_EQ + } else if (q[i].type != OSSL_PROPERTY_TYPE_STRING + || (oper == OSSL_PROPERTY_OPER_EQ && q[i].v.str_val != ossl_property_false) - || (oper == PROPERTY_OPER_NE + || (oper == OSSL_PROPERTY_OPER_NE && q[i].v.str_val == ossl_property_false)) { if (!q[i].optional) return -1; @@ -557,9 +531,9 @@ void ossl_property_free(OSSL_PROPERTY_LIST *p) OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, const OSSL_PROPERTY_LIST *b) { - const PROPERTY_DEFINITION *const ap = a->properties; - const PROPERTY_DEFINITION *const bp = b->properties; - const PROPERTY_DEFINITION *copy; + const OSSL_PROPERTY_DEFINITION *const ap = a->properties; + const OSSL_PROPERTY_DEFINITION *const bp = b->properties; + const OSSL_PROPERTY_DEFINITION *copy; OSSL_PROPERTY_LIST *r; int i, j, n; const int t = a->n + b->n; @@ -689,7 +663,7 @@ size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, size_t bufsize) { int i; - const PROPERTY_DEFINITION *prop = NULL; + const OSSL_PROPERTY_DEFINITION *prop = NULL; size_t needed = 0; const char *val; @@ -710,7 +684,7 @@ size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, if (prop->optional) put_char('?', &buf, &bufsize, &needed); - else if (prop->oper == PROPERTY_OVERRIDE) + else if (prop->oper == OSSL_PROPERTY_OVERRIDE) put_char('-', &buf, &bufsize, &needed); val = ossl_property_name_str(ctx, prop->name_idx); @@ -719,21 +693,21 @@ size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, put_str(val, &buf, &bufsize, &needed); switch (prop->oper) { - case PROPERTY_OPER_NE: + case OSSL_PROPERTY_OPER_NE: put_char('!', &buf, &bufsize, &needed); /* fall through */ - case PROPERTY_OPER_EQ: + case OSSL_PROPERTY_OPER_EQ: put_char('=', &buf, &bufsize, &needed); /* put value */ switch (prop->type) { - case PROPERTY_TYPE_STRING: + case OSSL_PROPERTY_TYPE_STRING: val = ossl_property_value_str(ctx, prop->v.str_val); if (val == NULL) return 0; put_str(val, &buf, &bufsize, &needed); break; - case PROPERTY_TYPE_NUMBER: + case OSSL_PROPERTY_TYPE_NUMBER: put_num(prop->v.int_val, &buf, &bufsize, &needed); break; diff --git a/crypto/property/property_query.c b/crypto/property/property_query.c new file mode 100644 index 0000000000..dfcb034042 --- /dev/null +++ b/crypto/property/property_query.c @@ -0,0 +1,53 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/propertyerr.h" +#include "internal/property.h" +#include "property_local.h" + +const OSSL_PROPERTY_DEFINITION * +ossl_property_find_property(const OSSL_PROPERTY_LIST *list, + OSSL_LIB_CTX *libctx, const char *name) +{ + OSSL_PROPERTY_IDX name_idx; + int i; + + if (list == NULL || name == NULL + || (name_idx = ossl_property_name(libctx, name, 0)) == 0) + return NULL; + + for (i = 0; i < list->n; i++) + if (list->properties[i].name_idx == name_idx) + return &list->properties[i]; + return NULL; +} + +OSSL_PROPERTY_TYPE ossl_property_get_type(const OSSL_PROPERTY_DEFINITION *prop) +{ + return prop->type; +} + +const char *ossl_property_get_string_value(OSSL_LIB_CTX *libctx, + const OSSL_PROPERTY_DEFINITION *prop) +{ + const char *value = NULL; + + if (prop != NULL && prop->type == OSSL_PROPERTY_TYPE_STRING) + value = ossl_property_value_str(libctx, prop->v.str_val); + return value; +} + +int64_t ossl_property_get_number_value(const OSSL_PROPERTY_DEFINITION *prop) +{ + int64_t value = 0; + + if (prop != NULL && prop->type == OSSL_PROPERTY_TYPE_NUMBER) + value = prop->v.int_val; + return value; +} diff --git a/doc/man3/OSSL_ENCODER_CTX.pod b/doc/man3/OSSL_ENCODER_CTX.pod index d4ea01060f..9dc9b71ab1 100644 --- a/doc/man3/OSSL_ENCODER_CTX.pod +++ b/doc/man3/OSSL_ENCODER_CTX.pod @@ -16,7 +16,6 @@ OSSL_ENCODER_CTX_get_num_encoders, OSSL_ENCODER_INSTANCE, OSSL_ENCODER_INSTANCE_get_encoder, OSSL_ENCODER_INSTANCE_get_encoder_ctx, -OSSL_ENCODER_INSTANCE_get_input_type, OSSL_ENCODER_INSTANCE_get_output_type, OSSL_ENCODER_INSTANCE_get_output_structure, OSSL_ENCODER_CONSTRUCT, @@ -55,8 +54,6 @@ OSSL_ENCODER_CTX_set_cleanup void * OSSL_ENCODER_INSTANCE_get_encoder_ctx(OSSL_ENCODER_INSTANCE *encoder_inst); const char * - OSSL_ENCODER_INSTANCE_get_input_type(OSSL_ENCODER_INSTANCE *encoder_inst); - const char * OSSL_ENCODER_INSTANCE_get_output_type(OSSL_ENCODER_INSTANCE *encoder_inst); const char * OSSL_ENCODER_INSTANCE_get_output_structure(OSSL_ENCODER_INSTANCE *encoder_inst); @@ -161,14 +158,6 @@ implementation of the encoder instance I. OSSL_ENCODER_INSTANCE_get_encoder_ctx() can be used to get the encoder implementation's provider context of the encoder instance I. -OSSL_ENCODER_INSTANCE_get_input_type() can be used to get the input type for -the encoder implementation of the encoder instance I. -This may be NULL. - -OSSL_ENCODER_INSTANCE_get_output_type() can be used to get the output type -for the encoder implementation of the encoder instance I. -This will never be NULL. - OSSL_ENCODER_INSTANCE_get_output_type() can be used to get the output type for the encoder implementation of the encoder instance I. This will never be NULL. diff --git a/doc/man7/provider-decoder.pod b/doc/man7/provider-decoder.pod index 23b4fbc9df..2ac56cf1d1 100644 --- a/doc/man7/provider-decoder.pod +++ b/doc/man7/provider-decoder.pod @@ -117,7 +117,11 @@ Properties can be used to further specify details about an implementation: =item input This property is used to specify what format of input the implementation -can decode. OpenSSL providers recognize the following input types: +can decode. + +This property is I. + +OpenSSL providers recognize the following input types: =over 4 @@ -142,9 +146,27 @@ An implementation with that input type decodes PVK formatted data. =item structure This property is used to specify the structure that the decoded data is -expected to have. An example could be C, to specify explicitly that -the object to be decoded (presumably an asymmetric key pair, in this case) -is wrapped in a PKCS#8 structure. +expected to have. + +This property is I. + +Structures currently recognised by built-in decoders: + +=over 4 + +=item "type-specific" + +Type specific structure. + +=item "pkcs8" + +Structure according to the PKCS#8 specification. + +=item "SubjectPublicKeyInfo" + +Encoding of public keys according to the Subject Public Key Info of RFC 5280. + +=back =back @@ -236,80 +258,6 @@ possible for some other decoder implementation to get a different result. The conditions to stop the decoding process are at the discretion of the implementation. -=head2 Decoder parameters - -The decoder implementation itself has parameters that can be used to -determine how it fits in a chain of decoders: - -=over 4 - -=item "input-type" (B) - -This is used to specify the input type for a decoder implementation. - -This parameter is I. - -Input types currently recognized by built-in decoders: - -=over 4 - -=item "DER" - -ASN.1 DER encoded binary data - -=item "PEM" - -Base64 encoded data with PEM headers - -=item "MSBLOB" - -Private or public key encoding according to Microsoft specification - -=item "PVK" - -Encrypted private key encoding according to Microsoft specification - -=back - -=for comment If we had functionality to get the value of a specific property -in a set of properties, it would be possible to determine the input type -from the C property. - -=item "input-structure" (B) - -This is used to specify the outermost input structure for a decoder -implementation. - -For example, an input of type "DER" for a key pair could be structured -using PKCS#8, or a key type specific structure, such as PKCS#1 for RSA -keys. - -This parameter is I. - -Input structures currently recognized by built-in decoders: - -=over 4 - -=item "type-specific" - -Type specific structure. - -=item "PKCS8" - -Structure according to the PKCS#8 specification. - -=item "SubjectPublicKeyInfo" - -Encoding of public keys according to the Subject Public Key Info of RFC 5280. - -=back - -=for comment If we had functionality to get the value of a specific property -in a set of properties, it would be possible to determine the input -structure from the C property. - -=back - =head2 Decoder operation parameters There are currently no operation parameters currently recognised by the diff --git a/doc/man7/provider-encoder.pod b/doc/man7/provider-encoder.pod index 9032036a6e..274f1456ec 100644 --- a/doc/man7/provider-encoder.pod +++ b/doc/man7/provider-encoder.pod @@ -133,8 +133,12 @@ Properties can be used to further specify details about an implementation: =item output -This property is used to specify what type of output implementation -produces. OpenSSL providers recognize the following output types: +This property is used to specify what type of output the implementation +produces. + +This property is I. + +OpenSSL providers recognize the following output types: =over 4 @@ -169,6 +173,8 @@ object. An example could be C, to specify explicitly that an object (presumably an asymmetric key pair, in this case) will be wrapped in a PKCS#8 structure as part of the encoding. +This property is I. + =back The possible values of both these properties is open ended. A provider may @@ -240,47 +246,6 @@ The encoding functions also take an B function pointer along with a pointer to application data I, which should be used when a pass phrase prompt is needed. -=head2 Encoder parameters - -The ENCODER implementation itself has parameters that can be used to -determine how it fits in a chain of encoders: - -=over 4 - -=item "input-type" (B) - -This is used to specify a distinct type name for the object passed as -I to OSSL_FUNC_encoder_encode. - -This parameter is an optional parameter, to be used if the name of the -implementation can be ambiguous because of aliases, and something more -deterministic is needed. - -=item "output-type" (B) - -This is used to specify the output type for an ENCODER implementation. - -This parameter is I. - -=for comment If we had functionality to get the value of a specific property -in a set of properties, it would be possible to determine the output type -from the C property. - -=item "output-structure" (B) - -This is used to specify the outermost output structure for an ENCODER -implementation. - -For example, an output of type "DER" for a key pair could be structured -using PKCS#8, or a key type specific structure, such as PKCS#1 for RSA -keys. - -=for comment If we had functionality to get the value of a specific property -in a set of properties, it would be possible to determine the output -structure from the C property. - -=back - =head2 Encoder operation parameters Operation parameters currently recognised by built-in encoders are as diff --git a/include/internal/property.h b/include/internal/property.h index 856cd740ad..bcea21d80c 100644 --- a/include/internal/property.h +++ b/include/internal/property.h @@ -17,6 +17,12 @@ typedef struct ossl_method_store_st OSSL_METHOD_STORE; typedef struct ossl_property_list_st OSSL_PROPERTY_LIST; +typedef enum { + OSSL_PROPERTY_TYPE_STRING, OSSL_PROPERTY_TYPE_NUMBER, + OSSL_PROPERTY_TYPE_VALUE_UNDEFINED +} OSSL_PROPERTY_TYPE; +typedef struct ossl_property_definition_st OSSL_PROPERTY_DEFINITION; + /* Initialisation */ int ossl_property_parse_init(OSSL_LIB_CTX *ctx); @@ -33,6 +39,15 @@ int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, /* Free a parsed property list */ void ossl_property_free(OSSL_PROPERTY_LIST *p); +/* Get a property from a property list */ +const OSSL_PROPERTY_DEFINITION * +ossl_property_find_property(const OSSL_PROPERTY_LIST *list, + OSSL_LIB_CTX *libctx, const char *name); +OSSL_PROPERTY_TYPE ossl_property_get_type(const OSSL_PROPERTY_DEFINITION *prop); +const char *ossl_property_get_string_value(OSSL_LIB_CTX *libctx, + const OSSL_PROPERTY_DEFINITION *prop); +int64_t ossl_property_get_number_value(const OSSL_PROPERTY_DEFINITION *prop); + /* Implementation store functions */ OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx); diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 5ecde3c994..097dbc1c04 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -468,16 +468,11 @@ extern "C" { */ #define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER #define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -#define OSSL_ENCODER_PARAM_INPUT_TYPE "input-type" -#define OSSL_ENCODER_PARAM_OUTPUT_TYPE "output-type" -#define OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE "output-structure" /* Currently PVK only, but reusable for others as needed */ #define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level" #define OSSL_ENCODER_PARAM_SAVE_PARAMETERS "save-parameters" /* integer */ #define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES -#define OSSL_DECODER_PARAM_INPUT_TYPE "input-type" -#define OSSL_DECODER_PARAM_INPUT_STRUCTURE "input-structure" /* Passphrase callback parameters */ #define OSSL_PASSPHRASE_PARAM_INFO "info" diff --git a/include/openssl/encoder.h b/include/openssl/encoder.h index e62e33fc89..c37a6f16f2 100644 --- a/include/openssl/encoder.h +++ b/include/openssl/encoder.h @@ -84,8 +84,6 @@ OSSL_ENCODER_INSTANCE_get_encoder(OSSL_ENCODER_INSTANCE *encoder_inst); void * OSSL_ENCODER_INSTANCE_get_encoder_ctx(OSSL_ENCODER_INSTANCE *encoder_inst); const char * -OSSL_ENCODER_INSTANCE_get_input_type(OSSL_ENCODER_INSTANCE *encoder_inst); -const char * OSSL_ENCODER_INSTANCE_get_output_type(OSSL_ENCODER_INSTANCE *encoder_inst); const char * OSSL_ENCODER_INSTANCE_get_output_structure(OSSL_ENCODER_INSTANCE *encoder_inst); diff --git a/include/openssl/err.h.in b/include/openssl/err.h.in index f7d5c174a1..4bc5d1eea5 100644 --- a/include/openssl/err.h.in +++ b/include/openssl/err.h.in @@ -357,6 +357,7 @@ static ossl_unused ossl_inline int ERR_COMMON_ERROR(unsigned long errcode) # define ERR_R_MISSING_ASN1_EOS (267|ERR_RFLAG_COMMON) # define ERR_R_UNSUPPORTED (268|ERR_RFLAG_COMMON) # define ERR_R_FETCH_FAILED (269|ERR_RFLAG_COMMON) +# define ERR_R_INVALID_PROPERTY_DEFINITION (270|ERR_RFLAG_COMMON) typedef struct ERR_string_data_st { unsigned long error; diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index b3fd87ca05..22ee075b19 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -177,39 +177,6 @@ static void der2key_freectx(void *vctx) OPENSSL_free(ctx); } -static const OSSL_PARAM * -der2key_gettable_params(void *provctx, const struct keytype_desc_st *desc) -{ - static const OSSL_PARAM gettables[] = { - { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - static const OSSL_PARAM gettables_w_structure[] = { - { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - { OSSL_DECODER_PARAM_INPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - return desc->structure_name != NULL ? gettables_w_structure : gettables; -} - -static int der2key_get_params(OSSL_PARAM params[], - const struct keytype_desc_st *desc) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER")) - return 0; - if (desc->structure_name != NULL) { - p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_STRUCTURE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, desc->structure_name)) - return 0; - } - - return 1; -} - static int der2key_check_selection(int selection, const struct keytype_desc_st *desc) { @@ -791,25 +758,11 @@ static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) DO_##kind(keytype) }; \ \ static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ - static OSSL_FUNC_decoder_gettable_params_fn \ - kind##_der2##keytype##_gettable_params; \ - static OSSL_FUNC_decoder_get_params_fn \ - kind##_der2##keytype##_get_params; \ \ static void *kind##_der2##keytype##_newctx(void *provctx) \ { \ return der2key_newctx(provctx, &kind##_##keytype##_desc); \ } \ - static const OSSL_PARAM * \ - kind##_der2##keytype##_gettable_params(void *provctx) \ - { \ - return \ - der2key_gettable_params(provctx, &kind##_##keytype##_desc); \ - } \ - static int kind##_der2##keytype##_get_params(OSSL_PARAM params[]) \ - { \ - return der2key_get_params(params, &kind##_##keytype##_desc); \ - } \ static int kind##_der2##keytype##_does_selection(void *provctx, \ int selection) \ { \ @@ -822,10 +775,6 @@ static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) (void (*)(void))kind##_der2##keytype##_newctx }, \ { OSSL_FUNC_DECODER_FREECTX, \ (void (*)(void))der2key_freectx }, \ - { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \ - (void (*)(void))kind##_der2##keytype##_gettable_params }, \ - { OSSL_FUNC_DECODER_GET_PARAMS, \ - (void (*)(void))kind##_der2##keytype##_get_params }, \ { OSSL_FUNC_DECODER_DOES_SELECTION, \ (void (*)(void))kind##_der2##keytype##_does_selection }, \ { OSSL_FUNC_DECODER_DECODE, \ diff --git a/providers/implementations/encode_decode/decode_msblob2key.c b/providers/implementations/encode_decode/decode_msblob2key.c index 84b259591b..15dc8b05a7 100644 --- a/providers/implementations/encode_decode/decode_msblob2key.c +++ b/providers/implementations/encode_decode/decode_msblob2key.c @@ -47,8 +47,6 @@ struct keytype_desc_st { }; static OSSL_FUNC_decoder_freectx_fn msblob2key_freectx; -static OSSL_FUNC_decoder_gettable_params_fn msblob2key_gettable_params; -static OSSL_FUNC_decoder_get_params_fn msblob2key_get_params; static OSSL_FUNC_decoder_decode_fn msblob2key_decode; static OSSL_FUNC_decoder_export_object_fn msblob2key_export_object; @@ -79,27 +77,6 @@ static void msblob2key_freectx(void *vctx) OPENSSL_free(ctx); } -static const OSSL_PARAM *msblob2key_gettable_params(ossl_unused void *provctx) -{ - static const OSSL_PARAM gettables[] = { - { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - return gettables; -} - -static int msblob2key_get_params(OSSL_PARAM params[]) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "MSBLOB")) - return 0; - - return 1; -} - static int msblob2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, OSSL_CALLBACK *data_cb, void *data_cbarg, OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) @@ -278,10 +255,6 @@ static void rsa_adjust(void *key, struct msblob2key_ctx_st *ctx) (void (*)(void))msblob2##keytype##_newctx }, \ { OSSL_FUNC_DECODER_FREECTX, \ (void (*)(void))msblob2key_freectx }, \ - { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \ - (void (*)(void))msblob2key_gettable_params }, \ - { OSSL_FUNC_DECODER_GET_PARAMS, \ - (void (*)(void))msblob2key_get_params }, \ { OSSL_FUNC_DECODER_DECODE, \ (void (*)(void))msblob2key_decode }, \ { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ diff --git a/providers/implementations/encode_decode/decode_pem2der.c b/providers/implementations/encode_decode/decode_pem2der.c index 4249ce9cc7..318efcc6af 100644 --- a/providers/implementations/encode_decode/decode_pem2der.c +++ b/providers/implementations/encode_decode/decode_pem2der.c @@ -41,8 +41,6 @@ static int read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin, static OSSL_FUNC_decoder_newctx_fn pem2der_newctx; static OSSL_FUNC_decoder_freectx_fn pem2der_freectx; -static OSSL_FUNC_decoder_gettable_params_fn pem2der_gettable_params; -static OSSL_FUNC_decoder_get_params_fn pem2der_get_params; static OSSL_FUNC_decoder_decode_fn pem2der_decode; /* @@ -68,27 +66,6 @@ static void pem2der_freectx(void *vctx) OPENSSL_free(ctx); } -static const OSSL_PARAM *pem2der_gettable_params(void *provctx) -{ - static const OSSL_PARAM gettables[] = { - { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - return gettables; -} - -static int pem2der_get_params(OSSL_PARAM params[]) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "PEM")) - return 0; - - return 1; -} - /* pem_password_cb compatible function */ struct pem2der_pass_data_st { OSSL_PASSPHRASE_CALLBACK *cb; @@ -262,10 +239,6 @@ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, const OSSL_DISPATCH ossl_pem_to_der_decoder_functions[] = { { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))pem2der_newctx }, { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))pem2der_freectx }, - { OSSL_FUNC_DECODER_GETTABLE_PARAMS, - (void (*)(void))pem2der_gettable_params }, - { OSSL_FUNC_DECODER_GET_PARAMS, - (void (*)(void))pem2der_get_params }, { OSSL_FUNC_DECODER_DECODE, (void (*)(void))pem2der_decode }, { 0, NULL } }; diff --git a/providers/implementations/encode_decode/decode_pvk2key.c b/providers/implementations/encode_decode/decode_pvk2key.c index b69b2416a5..5c26bfb908 100644 --- a/providers/implementations/encode_decode/decode_pvk2key.c +++ b/providers/implementations/encode_decode/decode_pvk2key.c @@ -47,8 +47,6 @@ struct keytype_desc_st { }; static OSSL_FUNC_decoder_freectx_fn pvk2key_freectx; -static OSSL_FUNC_decoder_gettable_params_fn pvk2key_gettable_params; -static OSSL_FUNC_decoder_get_params_fn pvk2key_get_params; static OSSL_FUNC_decoder_decode_fn pvk2key_decode; static OSSL_FUNC_decoder_export_object_fn pvk2key_export_object; @@ -79,27 +77,6 @@ static void pvk2key_freectx(void *vctx) OPENSSL_free(ctx); } -static const OSSL_PARAM *pvk2key_gettable_params(ossl_unused void *provctx) -{ - static const OSSL_PARAM gettables[] = { - { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - return gettables; -} - -static int pvk2key_get_params(OSSL_PARAM params[]) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "PVK")) - return 0; - - return 1; -} - static int pvk2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, OSSL_CALLBACK *data_cb, void *data_cbarg, OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) @@ -243,10 +220,6 @@ static void rsa_adjust(void *key, struct pvk2key_ctx_st *ctx) (void (*)(void))pvk2##keytype##_newctx }, \ { OSSL_FUNC_DECODER_FREECTX, \ (void (*)(void))pvk2key_freectx }, \ - { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \ - (void (*)(void))pvk2key_gettable_params }, \ - { OSSL_FUNC_DECODER_GET_PARAMS, \ - (void (*)(void))pvk2key_get_params }, \ { OSSL_FUNC_DECODER_DECODE, \ (void (*)(void))pvk2key_decode }, \ { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index 8d32c64fbf..f986ec124e 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -376,9 +376,6 @@ static int key_to_type_specific_pem_param_bio(BIO *out, const void *key, } #endif -#define der_output_type "DER" -#define pem_output_type "PEM" - /* ---------------------------------------------------------------------- */ #ifndef OPENSSL_NO_DH @@ -881,47 +878,6 @@ static void key2any_freectx(void *vctx) OPENSSL_free(ctx); } -static const OSSL_PARAM *key2any_gettable_params(void *provctx, int structure) -{ - static const OSSL_PARAM gettables[] = { - { OSSL_ENCODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - static const OSSL_PARAM gettables_w_structure[] = { - { OSSL_ENCODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - { OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - return structure ? gettables_w_structure : gettables; -} - -static int key2any_get_params(OSSL_PARAM params[], const char *input_type, - const char *output_type, - const char *output_struct) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_INPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, input_type)) - return 0; - - p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, output_type)) - return 0; - - if (output_struct != NULL) { - p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, output_struct)) - return 0; - } - - return 1; -} - static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) { static const OSSL_PARAM settables[] = { @@ -1066,13 +1022,6 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, * referred to by name, and for each name, the following macros are defined * (braces not included): * - * {kind}_output_structure - * - * A string that names the output structure. This is used as a selection - * criterion for each implementation. It may be NULL, which means that - * there is only one possible output structure for the implemented output - * type. - * * DO_{kind}_selection_mask * * A mask of selection bits that must not be zero. This is used as a @@ -1093,13 +1042,11 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, */ /* PKCS#8 is a structure for private keys only */ -#define PKCS8_output_structure "pkcs8" #define DO_PKCS8_selection_mask DO_PRIVATE_KEY_selection_mask #define DO_PKCS8(impl, type, output) \ DO_PRIVATE_KEY(impl, type, pkcs8, output) /* SubjectPublicKeyInfo is a structure for public keys only */ -#define SubjectPublicKeyInfo_output_structure "SubjectPublicKeyInfo" #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask #define DO_SubjectPublicKeyInfo(impl, type, output) \ DO_PUBLIC_KEY(impl, type, spki, output) @@ -1119,24 +1066,20 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, * - type_specific_no_pub Supports all parts of an EVP_PKEY * except public key */ -#define type_specific_params_output_structure "type-specific" #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask #define DO_type_specific_params(impl, type, output) \ DO_PARAMETERS(impl, type, type_specific, output) -#define type_specific_keypair_output_structure "type-specific" #define DO_type_specific_keypair_selection_mask \ ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask ) #define DO_type_specific_keypair(impl, type, output) \ DO_PRIVATE_KEY(impl, type, type_specific, output) \ DO_PUBLIC_KEY(impl, type, type_specific, output) -#define type_specific_output_structure "type-specific" #define DO_type_specific_selection_mask \ ( DO_type_specific_keypair_selection_mask \ | DO_type_specific_params_selection_mask ) #define DO_type_specific(impl, type, output) \ DO_type_specific_keypair(impl, type, output) \ DO_type_specific_params(impl, type, output) -#define type_specific_no_pub_output_structure "type-specific" #define DO_type_specific_no_pub_selection_mask \ ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask) #define DO_type_specific_no_pub(impl, type, output) \ @@ -1149,46 +1092,36 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, * This only covers key types that are represented with i2d_{TYPE}PrivateKey, * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters. */ -#define RSA_output_structure "rsa" #define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask #define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output) -#define DH_output_structure "dh" #define DO_DH_selection_mask DO_type_specific_params_selection_mask #define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output) -#define DHX_output_structure "dhx" #define DO_DHX_selection_mask DO_type_specific_params_selection_mask #define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output) -#define DSA_output_structure "dsa" #define DO_DSA_selection_mask DO_type_specific_selection_mask #define DO_DSA(impl, type, output) DO_type_specific(impl, type, output) -#define EC_output_structure "ec" #define DO_EC_selection_mask DO_type_specific_selection_mask #define DO_EC(impl, type, output) DO_type_specific(impl, type, output) -#define SM2_output_structure "sm2" #define DO_SM2_selection_mask DO_type_specific_selection_mask #define DO_SM2(impl, type, output) DO_type_specific(impl, type, output) /* PKCS#1 defines a structure for RSA private and public keys */ -#define PKCS1_output_structure "pkcs1" #define DO_PKCS1_selection_mask DO_RSA_selection_mask #define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output) /* PKCS#3 defines a structure for DH parameters */ -#define PKCS3_output_structure "pkcs3" #define DO_PKCS3_selection_mask DO_DH_selection_mask #define DO_PKCS3(impl, type, output) DO_DH(impl, type, output) /* X9.42 defines a structure for DHx parameters */ -#define X9_42_output_structure "X9.42" #define DO_X9_42_selection_mask DO_DHX_selection_mask #define DO_X9_42(impl, type, output) DO_DHX(impl, type, output) /* X9.62 defines a structure for EC keys and parameters */ -#define X9_62_output_structure "X9.62" #define DO_X9_62_selection_mask DO_EC_selection_mask #define DO_X9_62(impl, type, output) DO_EC(impl, type, output) @@ -1214,10 +1147,6 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, * ossl_##impl##_to_##kind##_##output##_encoder_functions */ #define MAKE_ENCODER(impl, type, evp_type, kind, output) \ - static OSSL_FUNC_encoder_gettable_params_fn \ - impl##_to_##kind##_##output##_gettable_params; \ - static OSSL_FUNC_encoder_get_params_fn \ - impl##_to_##kind##_##output##_get_params; \ static OSSL_FUNC_encoder_import_object_fn \ impl##_to_##kind##_##output##_import_object; \ static OSSL_FUNC_encoder_free_object_fn \ @@ -1225,19 +1154,6 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, static OSSL_FUNC_encoder_encode_fn \ impl##_to_##kind##_##output##_encode; \ \ - static const OSSL_PARAM * \ - impl##_to_##kind##_##output##_gettable_params(void *provctx) \ - { \ - return key2any_gettable_params(provctx, \ - kind##_output_structure != NULL); \ - } \ - static int \ - impl##_to_##kind##_##output##_get_params(OSSL_PARAM params[]) \ - { \ - return key2any_get_params(params, impl##_input_type, \ - output##_output_type, \ - kind##_output_structure); \ - } \ static void * \ impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ const OSSL_PARAM params[]) \ @@ -1281,10 +1197,6 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, (void (*)(void))key2any_newctx }, \ { OSSL_FUNC_ENCODER_FREECTX, \ (void (*)(void))key2any_freectx }, \ - { OSSL_FUNC_ENCODER_GETTABLE_PARAMS, \ - (void (*)(void))impl##_to_##kind##_##output##_gettable_params }, \ - { OSSL_FUNC_ENCODER_GET_PARAMS, \ - (void (*)(void))impl##_to_##kind##_##output##_get_params }, \ { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ (void (*)(void))key2any_settable_ctx_params }, \ { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ diff --git a/providers/implementations/encode_decode/encode_key2blob.c b/providers/implementations/encode_decode/encode_key2blob.c index c58940b0a6..19a7d171db 100644 --- a/providers/implementations/encode_decode/encode_key2blob.c +++ b/providers/implementations/encode_decode/encode_key2blob.c @@ -38,8 +38,6 @@ static int write_blob(void *provctx, OSSL_CORE_BIO *cout, static OSSL_FUNC_encoder_newctx_fn key2blob_newctx; static OSSL_FUNC_encoder_freectx_fn key2blob_freectx; -static OSSL_FUNC_encoder_gettable_params_fn key2blob_gettable_params; -static OSSL_FUNC_encoder_get_params_fn key2blob_get_params; static void *key2blob_newctx(void *provctx) { @@ -50,27 +48,6 @@ static void key2blob_freectx(void *vctx) { } -static const OSSL_PARAM *key2blob_gettable_params(ossl_unused void *provctx) -{ - static const OSSL_PARAM gettables[] = { - { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - return gettables; -} - -static int key2blob_get_params(OSSL_PARAM params[]) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "blob")) - return 0; - - return 1; -} - static int key2blob_check_selection(int selection, int selection_mask) { /* @@ -179,10 +156,6 @@ static int key2blob_encode(void *vctx, const void *key, int selection, (void (*)(void))key2blob_newctx }, \ { OSSL_FUNC_ENCODER_FREECTX, \ (void (*)(void))key2blob_freectx }, \ - { OSSL_FUNC_ENCODER_GETTABLE_PARAMS, \ - (void (*)(void))key2blob_gettable_params }, \ - { OSSL_FUNC_ENCODER_GET_PARAMS, \ - (void (*)(void))key2blob_get_params }, \ { OSSL_FUNC_ENCODER_DOES_SELECTION, \ (void (*)(void))impl##2blob_does_selection }, \ { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ diff --git a/providers/implementations/encode_decode/encode_key2ms.c b/providers/implementations/encode_decode/encode_key2ms.c index 79012e673e..3933a0d420 100644 --- a/providers/implementations/encode_decode/encode_key2ms.c +++ b/providers/implementations/encode_decode/encode_key2ms.c @@ -63,7 +63,6 @@ static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout, } static OSSL_FUNC_encoder_freectx_fn key2ms_freectx; -static OSSL_FUNC_encoder_gettable_params_fn key2ms_gettable_params; static OSSL_FUNC_encoder_does_selection_fn key2ms_does_selection; static struct key2ms_ctx_st *key2ms_newctx(void *provctx) @@ -85,38 +84,6 @@ static void key2ms_freectx(void *vctx) OPENSSL_free(ctx); } -static const OSSL_PARAM *key2ms_gettable_params(ossl_unused void *provctx) -{ - static const OSSL_PARAM gettables[] = { - { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - return gettables; -} - -static int key2msblob_get_params(OSSL_PARAM params[]) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "MSBLOB")) - return 0; - - return 1; -} - -static int key2pvk_get_params(OSSL_PARAM params[]) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "PVK")) - return 0; - - return 1; -} - static const OSSL_PARAM *key2pvk_settable_ctx_params(ossl_unused void *provctx) { static const OSSL_PARAM settables[] = { @@ -240,10 +207,6 @@ static int key2pvk_encode(void *vctx, const void *key, int selection, (void (*)(void))key2ms_newctx }, \ { OSSL_FUNC_ENCODER_FREECTX, \ (void (*)(void))key2ms_freectx }, \ - { OSSL_FUNC_ENCODER_GETTABLE_PARAMS, \ - (void (*)(void))key2ms_gettable_params }, \ - { OSSL_FUNC_ENCODER_GET_PARAMS, \ - (void (*)(void))key2##output##_get_params }, \ output##_set_params \ { OSSL_FUNC_ENCODER_DOES_SELECTION, \ (void (*)(void))key2ms_does_selection }, \ diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index 9bdbe52656..a1fc7ab498 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -795,31 +795,6 @@ static void key2text_freectx(ossl_unused void *vctx) { } -static const OSSL_PARAM *key2text_gettable_params(void *provctx) -{ - static const OSSL_PARAM gettables[] = { - { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - return gettables; -} - -static int key2text_get_params(OSSL_PARAM params[], const char *input_type) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_INPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, input_type)) - return 0; - - p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "TEXT")) - return 0; - - return 1; -} - static int key2text_encode(void *vctx, const void *key, int selection, OSSL_CORE_BIO *cout, int (*key2text)(BIO *out, const void *key, @@ -839,18 +814,12 @@ static int key2text_encode(void *vctx, const void *key, int selection, } #define MAKE_TEXT_ENCODER(impl, type) \ - static OSSL_FUNC_encoder_get_params_fn \ - impl##2text_get_params; \ static OSSL_FUNC_encoder_import_object_fn \ impl##2text_import_object; \ static OSSL_FUNC_encoder_free_object_fn \ impl##2text_free_object; \ static OSSL_FUNC_encoder_encode_fn impl##2text_encode; \ \ - static int impl##2text_get_params(OSSL_PARAM params[]) \ - { \ - return key2text_get_params(params, impl##_input_type); \ - } \ static void *impl##2text_import_object(void *ctx, int selection, \ const OSSL_PARAM params[]) \ { \ @@ -881,10 +850,6 @@ static int key2text_encode(void *vctx, const void *key, int selection, (void (*)(void))key2text_newctx }, \ { OSSL_FUNC_ENCODER_FREECTX, \ (void (*)(void))key2text_freectx }, \ - { OSSL_FUNC_ENCODER_GETTABLE_PARAMS, \ - (void (*)(void))key2text_gettable_params }, \ - { OSSL_FUNC_ENCODER_GET_PARAMS, \ - (void (*)(void))impl##2text_get_params }, \ { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ (void (*)(void))impl##2text_import_object }, \ { OSSL_FUNC_ENCODER_FREE_OBJECT, \ diff --git a/providers/implementations/storemgmt/file_store_der2obj.c b/providers/implementations/storemgmt/file_store_der2obj.c index 4f90535842..5f71ea500d 100644 --- a/providers/implementations/storemgmt/file_store_der2obj.c +++ b/providers/implementations/storemgmt/file_store_der2obj.c @@ -52,31 +52,8 @@ static void der2obj_freectx(void *vctx) { } -static OSSL_FUNC_decoder_gettable_params_fn der2obj_gettable_params; -static OSSL_FUNC_decoder_get_params_fn der2obj_get_params; static OSSL_FUNC_decoder_decode_fn der2obj_decode; -static const OSSL_PARAM *der2obj_gettable_params(void *provctx) -{ - static const OSSL_PARAM gettables[] = { - { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, - OSSL_PARAM_END, - }; - - return gettables; -} - -static int der2obj_get_params(OSSL_PARAM params[]) -{ - OSSL_PARAM *p; - - p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER")) - return 0; - - return 1; -} - static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection, OSSL_CALLBACK *data_cb, void *data_cbarg, OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) @@ -124,12 +101,9 @@ static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection, static const OSSL_DISPATCH der_to_obj_decoder_functions[] = { { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))der2obj_newctx }, { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))der2obj_freectx }, - { OSSL_FUNC_DECODER_GETTABLE_PARAMS, - (void (*)(void))der2obj_gettable_params }, - { OSSL_FUNC_DECODER_GET_PARAMS, (void (*)(void))der2obj_get_params }, { OSSL_FUNC_DECODER_DECODE, (void (*)(void))der2obj_decode }, { 0, NULL } }; const OSSL_ALGORITHM ossl_der_to_obj_algorithm = - { "obj", NULL, der_to_obj_decoder_functions }; + { "obj", "input=DER", der_to_obj_decoder_functions }; diff --git a/util/libcrypto.num b/util/libcrypto.num index 5c36c4d44a..182cd2b158 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5249,7 +5249,6 @@ OSSL_ENCODER_CTX_get_num_encoders ? 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_CTX_set_selection ? 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_INSTANCE_get_encoder ? 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_INSTANCE_get_encoder_ctx ? 3_0_0 EXIST::FUNCTION: -OSSL_ENCODER_INSTANCE_get_input_type ? 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_INSTANCE_get_output_type ? 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_CTX_set_construct ? 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_CTX_set_construct_data ? 3_0_0 EXIST::FUNCTION: From pauli at openssl.org Sat Jun 5 10:48:26 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Sat, 05 Jun 2021 10:48:26 +0000 Subject: [openssl] master update Message-ID: <1622890106.809655.21051.nullmailer@dev.openssl.org> The branch master has been updated via 76157664c1eb0f8d9f4e50c4bff8c521f7318b44 (commit) via fce102304a340ef1a90361a03c86bd2401f0b6c3 (commit) via fa95fc1eb5eb7e84523f09248c0ce7f771cfdf58 (commit) from 6a5f97a671de6d4d9f0cd6f6fc23ad89ca4ad69f (commit) - Log ----------------------------------------------------------------- commit 76157664c1eb0f8d9f4e50c4bff8c521f7318b44 Author: Pauli Date: Fri Jun 4 14:35:53 2021 +1000 property: move additional query functions to property_query.c Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15614) commit fce102304a340ef1a90361a03c86bd2401f0b6c3 Author: Pauli Date: Fri Jun 4 14:25:14 2021 +1000 property: improve ossl_property_find_property() function This function searches a property list for a specific property and returns a pointer to the definition if found. The existing version was O(n) time, the improved O(log n). Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15614) commit fa95fc1eb5eb7e84523f09248c0ce7f771cfdf58 Author: Pauli Date: Fri Jun 4 13:19:23 2021 +1000 Rename `n` field to `num_properties` in property definition structure. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15614) ----------------------------------------------------------------------- Summary of changes: crypto/property/build.info | 1 - crypto/property/property_local.h | 4 ++- crypto/property/property_parse.c | 59 ++++++++-------------------------------- crypto/property/property_query.c | 39 ++++++++++++++++++++++---- 4 files changed, 49 insertions(+), 54 deletions(-) diff --git a/crypto/property/build.info b/crypto/property/build.info index dac9ab7a3b..12a6b8c9de 100644 --- a/crypto/property/build.info +++ b/crypto/property/build.info @@ -2,4 +2,3 @@ LIBS=../../libcrypto $COMMON=property_string.c property_parse.c property_query.c property.c defn_cache.c SOURCE[../../libcrypto]=$COMMON property_err.c SOURCE[../../providers/libfips.a]=$COMMON -SOURCE[../../providers/liblegacy.a]=$COMMON diff --git a/crypto/property/property_local.h b/crypto/property/property_local.h index db1b0a5ee4..46c5dbe3cc 100644 --- a/crypto/property/property_local.h +++ b/crypto/property/property_local.h @@ -29,11 +29,13 @@ struct ossl_property_definition_st { }; struct ossl_property_list_st { - int n; + int num_properties; unsigned int has_optional : 1; OSSL_PROPERTY_DEFINITION properties[1]; }; +extern OSSL_PROPERTY_IDX ossl_property_true, ossl_property_false; + /* Property string functions */ OSSL_PROPERTY_IDX ossl_property_name(OSSL_LIB_CTX *ctx, const char *s, int create); diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 149e1956b7..21228b4a39 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -19,7 +19,7 @@ #include "property_local.h" #include "e_os.h" -static OSSL_PROPERTY_IDX ossl_property_true, ossl_property_false; +OSSL_PROPERTY_IDX ossl_property_true, ossl_property_false; DEFINE_STACK_OF(OSSL_PROPERTY_DEFINITION) @@ -295,7 +295,7 @@ stack_to_property_list(STACK_OF(OSSL_PROPERTY_DEFINITION) *sk) r->properties[i] = *sk_OSSL_PROPERTY_DEFINITION_value(sk, i); r->has_optional |= r->properties[i].optional; } - r->n = n; + r->num_properties = n; } return r; } @@ -422,41 +422,6 @@ err: return res; } -/* Does a property query have any optional clauses */ -int ossl_property_has_optional(const OSSL_PROPERTY_LIST *query) -{ - return query->has_optional ? 1 : 0; -} - -int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, - const OSSL_PROPERTY_LIST *prop_list) -{ - int i; - OSSL_PROPERTY_IDX name_id; - const OSSL_PROPERTY_DEFINITION *prop = NULL; - - if (prop_list == NULL) - return 0; - - if (!parse_name(ctx, &property_name, 0, &name_id)) - return 0; - - prop = prop_list->properties; - for (i = 0; i < prop_list->n; ++i) { - if (prop[i].name_idx == name_id) { - /* Do a separate check for override as it does not set type */ - if (prop[i].optional || prop[i].oper == OSSL_PROPERTY_OVERRIDE) - return 0; - return (prop[i].type == OSSL_PROPERTY_TYPE_STRING - && ((prop[i].oper == OSSL_PROPERTY_OPER_EQ - && prop[i].v.str_val == ossl_property_true) - || (prop[i].oper == OSSL_PROPERTY_OPER_NE - && prop[i].v.str_val != ossl_property_true))); - } - } - return 0; -} - /* * Compare a query against a definition. * Return the number of clauses matched or -1 if a mandatory clause is false. @@ -469,12 +434,12 @@ int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, int i = 0, j = 0, matches = 0; OSSL_PROPERTY_OPER oper; - while (i < query->n) { + while (i < query->num_properties) { if ((oper = q[i].oper) == OSSL_PROPERTY_OVERRIDE) { i++; continue; } - if (j < defn->n) { + if (j < defn->num_properties) { if (q[i].name_idx > d[j].name_idx) { /* skip defn, not in query */ j++; continue; @@ -536,7 +501,7 @@ OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, const OSSL_PROPERTY_DEFINITION *copy; OSSL_PROPERTY_LIST *r; int i, j, n; - const int t = a->n + b->n; + const int t = a->num_properties + b->num_properties; r = OPENSSL_malloc(sizeof(*r) + (t == 0 ? 0 : t - 1) * sizeof(r->properties[0])); @@ -544,10 +509,10 @@ OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, return NULL; r->has_optional = 0; - for (i = j = n = 0; i < a->n || j < b->n; n++) { - if (i >= a->n) { + for (i = j = n = 0; i < a->num_properties || j < b->num_properties; n++) { + if (i >= a->num_properties) { copy = &bp[j++]; - } else if (j >= b->n) { + } else if (j >= b->num_properties) { copy = &ap[i++]; } else if (ap[i].name_idx <= bp[j].name_idx) { if (ap[i].name_idx == bp[j].name_idx) @@ -559,7 +524,7 @@ OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, memcpy(r->properties + n, copy, sizeof(r->properties[0])); r->has_optional |= copy->optional; } - r->n = n; + r->num_properties = n; if (n != t) r = OPENSSL_realloc(r, sizeof(*r) + (n - 1) * sizeof(r->properties[0])); return r; @@ -672,9 +637,9 @@ size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, *buf = '\0'; return 1; } - if (list->n != 0) - prop = &list->properties[list->n - 1]; - for (i = 0; i < list->n; i++, prop--) { + if (list->num_properties != 0) + prop = &list->properties[list->num_properties - 1]; + for (i = 0; i < list->num_properties; i++, prop--) { /* Skip invalid names */ if (prop->name_idx == 0) continue; diff --git a/crypto/property/property_query.c b/crypto/property/property_query.c index dfcb034042..1352bc009e 100644 --- a/crypto/property/property_query.c +++ b/crypto/property/property_query.c @@ -11,21 +11,27 @@ #include "internal/property.h" #include "property_local.h" +static int property_idx_cmp(const void *keyp, const void *compare) +{ + OSSL_PROPERTY_IDX key = *(const OSSL_PROPERTY_IDX *)keyp; + const OSSL_PROPERTY_DEFINITION *defn = + (const OSSL_PROPERTY_DEFINITION *)compare; + + return key - defn->name_idx; +} + const OSSL_PROPERTY_DEFINITION * ossl_property_find_property(const OSSL_PROPERTY_LIST *list, OSSL_LIB_CTX *libctx, const char *name) { OSSL_PROPERTY_IDX name_idx; - int i; if (list == NULL || name == NULL || (name_idx = ossl_property_name(libctx, name, 0)) == 0) return NULL; - for (i = 0; i < list->n; i++) - if (list->properties[i].name_idx == name_idx) - return &list->properties[i]; - return NULL; + return ossl_bsearch(&name_idx, list->properties, list->num_properties, + sizeof(*list->properties), &property_idx_cmp, 0); } OSSL_PROPERTY_TYPE ossl_property_get_type(const OSSL_PROPERTY_DEFINITION *prop) @@ -51,3 +57,26 @@ int64_t ossl_property_get_number_value(const OSSL_PROPERTY_DEFINITION *prop) value = prop->v.int_val; return value; } + +/* Does a property query have any optional clauses */ +int ossl_property_has_optional(const OSSL_PROPERTY_LIST *query) +{ + return query->has_optional ? 1 : 0; +} + +int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, + const OSSL_PROPERTY_LIST *prop_list) +{ + const OSSL_PROPERTY_DEFINITION *prop; + + prop = ossl_property_find_property(prop_list, ctx, property_name); + /* Do a separate check for override as it does not set type */ + if (prop == NULL || prop->optional || prop->oper == OSSL_PROPERTY_OVERRIDE) + return 0; + return (prop->type == OSSL_PROPERTY_TYPE_STRING + && ((prop->oper == OSSL_PROPERTY_OPER_EQ + && prop->v.str_val == ossl_property_true) + || (prop->oper == OSSL_PROPERTY_OPER_NE + && prop->v.str_val != ossl_property_true))); +} + From pauli at openssl.org Sun Jun 6 00:26:40 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 06 Jun 2021 00:26:40 +0000 Subject: [openssl] master update Message-ID: <1622939200.105040.29003.nullmailer@dev.openssl.org> The branch master has been updated via 0ebef5b5098e5d15cf2e7f48a78b22cced41f352 (commit) via ee96d128d0975683ee978726bbd4753d1a447897 (commit) from 76157664c1eb0f8d9f4e50c4bff8c521f7318b44 (commit) - Log ----------------------------------------------------------------- commit 0ebef5b5098e5d15cf2e7f48a78b22cced41f352 Author: Pauli Date: Fri Jun 4 20:14:07 2021 +1000 doc: update generated image files Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15616) commit ee96d128d0975683ee978726bbd4753d1a447897 Author: Pauli Date: Fri Jun 4 20:13:15 2021 +1000 doc: update Graphviz images to have a transparent background Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15616) ----------------------------------------------------------------------- Summary of changes: doc/life-cycles/cipher.dot | 2 ++ doc/life-cycles/digest.dot | 2 ++ doc/life-cycles/kdf.dot | 2 ++ doc/life-cycles/mac.dot | 2 ++ doc/life-cycles/pkey.dot | 1 + doc/life-cycles/rand.dot | 2 ++ doc/man7/img/kdf.png | Bin 29120 -> 22285 bytes doc/man7/img/mac.png | Bin 56417 -> 42741 bytes doc/man7/img/rand.png | Bin 41597 -> 30526 bytes 9 files changed, 11 insertions(+) diff --git a/doc/life-cycles/cipher.dot b/doc/life-cycles/cipher.dot index 6f1acb4026..8736ce7026 100644 --- a/doc/life-cycles/cipher.dot +++ b/doc/life-cycles/cipher.dot @@ -1,4 +1,6 @@ digraph cipher { + bgcolor="transparent"; + begin [label=start, color="#deeaee", style="filled"]; newed [fontcolor="#c94c4c", style="solid"]; diff --git a/doc/life-cycles/digest.dot b/doc/life-cycles/digest.dot index 989342fd10..4ad7f79e45 100644 --- a/doc/life-cycles/digest.dot +++ b/doc/life-cycles/digest.dot @@ -1,4 +1,6 @@ digraph digest { + bgcolor="transparent"; + begin [label=start, color="#deeaee", style="filled"]; newed [label=newed, fontcolor="#c94c4c", style="solid"]; initialised [label=initialised, fontcolor="#c94c4c"]; diff --git a/doc/life-cycles/kdf.dot b/doc/life-cycles/kdf.dot index 4729dcdeba..b0e925685d 100644 --- a/doc/life-cycles/kdf.dot +++ b/doc/life-cycles/kdf.dot @@ -1,4 +1,6 @@ strict digraph kdf { + bgcolor="transparent"; + begin [label=start, color="#deeaee", style="filled"]; newed [label="newed", fontcolor="#c94c4c", style="solid"]; deriving [label="deriving", fontcolor="#c94c4c"]; diff --git a/doc/life-cycles/mac.dot b/doc/life-cycles/mac.dot index 799d90e7d3..c841c5f218 100644 --- a/doc/life-cycles/mac.dot +++ b/doc/life-cycles/mac.dot @@ -1,4 +1,6 @@ digraph mac { + bgcolor="transparent"; + begin [label=start, color="#deeaee", style="filled"]; newed [fontcolor="#c94c4c", style="solid"]; initialised [fontcolor="#c94c4c"]; diff --git a/doc/life-cycles/pkey.dot b/doc/life-cycles/pkey.dot index 1662c4ef3d..58b3a0c5bb 100644 --- a/doc/life-cycles/pkey.dot +++ b/doc/life-cycles/pkey.dot @@ -1,4 +1,5 @@ strict digraph pkey { + bgcolor="transparent"; layout=circo begin [label=start, color="#deeaee", style="filled"]; diff --git a/doc/life-cycles/rand.dot b/doc/life-cycles/rand.dot index 5aa225f314..df740b7a9b 100644 --- a/doc/life-cycles/rand.dot +++ b/doc/life-cycles/rand.dot @@ -1,4 +1,6 @@ strict digraph rand { + bgcolor="transparent"; + begin [label=start, color="#deeaee", style="filled"]; newed [fontcolor="#c94c4c", style="solid"]; instantiated [fontcolor="#c94c4c"]; diff --git a/doc/man7/img/kdf.png b/doc/man7/img/kdf.png index 3a3d153af0..144e398a21 100644 Binary files a/doc/man7/img/kdf.png and b/doc/man7/img/kdf.png differ diff --git a/doc/man7/img/mac.png b/doc/man7/img/mac.png index 620f50a6f3..d3978767c9 100644 Binary files a/doc/man7/img/mac.png and b/doc/man7/img/mac.png differ diff --git a/doc/man7/img/rand.png b/doc/man7/img/rand.png index 56d213f389..7572ca6fd8 100644 Binary files a/doc/man7/img/rand.png and b/doc/man7/img/rand.png differ From levitte at openssl.org Sun Jun 6 05:36:39 2021 From: levitte at openssl.org (Richard Levitte) Date: Sun, 06 Jun 2021 05:36:39 +0000 Subject: [openssl] master update Message-ID: <1622957799.182434.16449.nullmailer@dev.openssl.org> The branch master has been updated via 97cf9b05fa1cdb8e4e7f60016aa95ae0e976e8c3 (commit) via d00be9f38760b5f143a7cdecf6c61ad6316f4cc8 (commit) from 0ebef5b5098e5d15cf2e7f48a78b22cced41f352 (commit) - Log ----------------------------------------------------------------- commit 97cf9b05fa1cdb8e4e7f60016aa95ae0e976e8c3 Author: Richard Levitte Date: Wed Jun 2 21:19:18 2021 +0200 test/recipes/80-test_cmp_http.t: Don't trust $server_port in start_mock_server() Even if $server_port isn't touched, it's still a number coming from configuration. It's therefore not trustable as an indicator that the ACCEPT line delivered a port number or an error indication. $accept_msg is used instead to capture the port if there is one, and be a better indicator of error. Fixes #15557 Fixes #15571 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/15580) commit d00be9f38760b5f143a7cdecf6c61ad6316f4cc8 Author: Richard Levitte Date: Wed Jun 2 08:14:08 2021 +0200 test/recipes/80-test_cmp_http.t: Simplify test_cmp_http() test_cmp_http() made some assumptions about what values that exit_checker could get that aren't quite right. Furthermore, the expected result isn't about exit codes, but about true or false. This is better served by getting the value from OpenSSL::Test::run(), and checking that value against $expected_result with Test::More::is(). Fixes #15557 Fixes #15571 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/15580) ----------------------------------------------------------------------- Summary of changes: test/recipes/80-test_cmp_http.t | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index 910c751eec..9c99226721 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -12,7 +12,7 @@ use strict; use warnings; use POSIX; -use OpenSSL::Test qw/:DEFAULT with data_file data_dir srctop_dir bldtop_dir result_dir/; +use OpenSSL::Test qw/:DEFAULT data_file data_dir srctop_dir bldtop_dir result_dir/; use OpenSSL::Test::Utils; BEGIN { @@ -133,19 +133,17 @@ sub test_cmp_http { $params = [ '-server', "127.0.0.1:$server_port", @$params ] unless grep { $_ eq '-server' } @$params; - with({ exit_checker => sub { - my $actual_result = shift == 0; - my $OK = $actual_result == $expected_result; - if ($faillog && !$OK) { + unless (is(my $actual_result = run(cmd([$path_app, @$params,])), + $expected_result, + $title)) { + if ($faillog) { my $quote_spc_empty = sub { $_ eq "" ? '""' : $_ =~ m/ / ? '"'.$_.'"' : $_ }; my $invocation = "$path_app ".join(' ', map $quote_spc_empty->($_), @$params); print $faillog "$server_name $aspect \"$title\" ($i/$n)". " expected=$expected_result actual=$actual_result\n"; print $faillog "$invocation\n\n"; } - return $OK; } }, - sub { ok(run(cmd([$path_app, @$params,])), - $title); }); + } } sub test_cmp_http_aspect { @@ -278,19 +276,30 @@ sub start_mock_server { my $pid = open($server_fh, "$cmd|") or die "Trying to $cmd"; print "Pid is: $pid\n"; if ($server_port == 0) { + # Clear it first + $server_port = undef; + # Find out the actual server port while (<$server_fh>) { print; s/\R$//; # Better chomp next unless (/^ACCEPT/); - $server_port = $server_tls = $kur_port = $pbm_port = $1 - if m/^ACCEPT\s.*?:(\d+)$/; + + # $1 may be undefined, which is OK to assign to $server_port, + # as that gets detected further down. + /^ACCEPT\s.*:(\d+)$/; + $server_port = $1; + last; } + + unless (defined $server_port) { + stop_mock_server($pid); + return 0; + } } - return $pid if $server_port =~ m/^(\d+)$/; - stop_mock_server($pid); - return 0; + $server_tls = $kur_port = $pbm_port = $server_port; + return $pid; } sub stop_mock_server { From scan-admin at coverity.com Sun Jun 6 07:47:58 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 06 Jun 2021 07:47:58 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <60bc7dae6e264_11cb282adfcae659a473716@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DIVr3_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeETGLyOX2ZJNZmEzXVBBjTCgtM497yX-2FAps52zyk9Jr1LC3l5GeJErMK3NrKXwV3GOsJtsyHyiDmFJc4MTD6MqrI8NamHuXVrpTvJUeSuCV-2FV-2BBBX3jQuQfWxFoN48VSUGaE7Xxfiu11q8QRgfMFu4Y2EBhFXyr9DdOlr0kJPNw6x3-2F7qNevzKjO-2BQ3103eqrs-3D Build ID: 390435 Analysis Summary: New defects found: 12 Defects eliminated: 14 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXd-2FlwX83-2FVVdybfzIMOby0qA-3D-3DAMiT_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeETGLyOX2ZJNZmEzXVBBjTCgtM497yX-2FAps52zyk9Jr1B49Z6UV7DgFTLptuz81MfjlUCUbbb0J7zvrBfoSnKDAlLuUwZwlpMmlJiXir3chqC-2FBgUTJyBz4o2vk4gwBK7xSVt5QANOXOly7BonMryoIYhnbhGaiMC2M2vJMjP-2BW5rD5lOi8C-2FGCNsRUKT7grCs-3D From scan-admin at coverity.com Sun Jun 6 07:52:20 2021 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 06 Jun 2021 07:52:20 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <60bc7eb3eddf5_11cd7d2adfcae659a47371b@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DL2Nk_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeEbkQ5iWkQe8ldD4-2F0Q66QFF3AfvnQ9l-2FIj8Sr0ktLqQv8LnTYyGRz302toQyGwTthbfFdbx5ZQab4BghvS-2BPgr7vhR4VDdHiiNN1e-2FSkIvTQNrfZqi5g1BlPPt4JyAruZC1Q5JdxGAjayGwiAectUcCuyyPJdhHaeufVGviDJ9-2BU8sG32lWcz6AaWkAp2UlP4-3D Build ID: 390436 Analysis Summary: New defects found: 0 Defects eliminated: 0 From openssl at openssl.org Sun Jun 6 22:10:56 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 06 Jun 2021 22:10:56 +0000 Subject: Still FAILED build of OpenSSL branch master with options --strict-warnings Message-ID: <1623017456.509755.4027720.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config --strict-warnings Commit log since last time: 97cf9b05fa test/recipes/80-test_cmp_http.t: Don't trust $server_port in start_mock_server() d00be9f387 test/recipes/80-test_cmp_http.t: Simplify test_cmp_http() 0ebef5b509 doc: update generated image files ee96d128d0 doc: update Graphviz images to have a transparent background 76157664c1 property: move additional query functions to property_query.c fce102304a property: improve ossl_property_find_property() function fa95fc1eb5 Rename `n` field to `num_properties` in property definition structure. 6a5f97a671 PROV: drop get_params() and gettable_params() from all encoder implementatio e982e04f5d ENCODER: use property definitions instead of getting implementation parameters 73c02a6201 ENCODER: Drop OSSL_ENCODER_PARAM_INPUT_TYPE 6462a4f050 PROV: drop get_params() and gettable_params() from all decoder implementations 9379bf943a DECODER: use property definitions instead of getting implementation parameters 6ec3b2cf49 property: Add functionality to query data from a property definition 0b3fe363e6 make update-fips-checksums 50360c1a4b FIPS: don't include crypto/passphrase.c in libfips.a 3d9d1ce529 Add documentation for newly added ASN1 functions d2b6c06274 Ensure libctx/propq is propagated when handling X509_REQ 7be04a3ac4 Give ASN.1 objects the ability to report their libctx/propq 6282d6c284 Make sure X509_dup() also dup's any associated EVP_PKEY c631378058 Use the new ASN.1 libctx aware capabilities in CMP 5dca2afca3 Use the new ASN.1 libctx aware functions in CMS dea2878fac Teach more of the ASN.1 code about libctx/propq c8a9af97c9 Teach the ASN.1 code how to create embedded objects with libctx/propq 6265348346 Fix evp_extra_test to use libctx in an X509_PUBKEY d6ded941c9 Provide the ability to create an X509_PUBKEY with a libctx/propq f43f9d6313 Test a bad SmtpUTF8Mailbox name constraint 39145c4111 Check that we got the expected name type when verifying name constraints 0e0a47377f Update fips checksums to drop the ssl headers 085e3cecbd Move libssl related defines used by fips provider to prov_ssl.h 51cda01c61 req: detect a bad choice of digest early 6a2f82b439 req: fix default bits handling for -newkey 5d8ea84efa 80-test_http.t: Rename to 79-test_http.t, add basic HTTP server ACCEPT test c796cc9768 80-test_cmp_http.t: Improve comparison on server_port variable 43c2456f0f Add md-nits task f570d33b02 Only call dtls1_start_timer() once d0196ddcba CI windows.yml: Silence 'nmake' builds except 'minimal'; ci.yml: make 'minimal' build verbose Build log ended with (last 100 lines): not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80F1ED58A17F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80F1ED58A17F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 80F1ED58A17F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623017245 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80F1ED58A17F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80F1ED58A17F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 80F1ED58A17F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623017245 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80F1ED58A17F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80F1ED58A17F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 80F1ED58A17F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623017245 not ok 6 - iteration 6 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80F1ED58A17F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80F1ED58A17F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 80F1ED58A17F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623017245 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80F1ED58A17F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 80F1ED58A17F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 80F1ED58A17F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623017245 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1623017245 not ok 1 - test_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/gosttest ../../../openssl/test/recipes/90-test_gost_data/server-cert2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-cert2012.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2012.pem => 1 not ok 1 - running gosttest # ------------------------------------------------------------------------------ # Failed test 'running gosttest' # at ../openssl/test/recipes/90-test_gost.t line 39. # Looks like you failed 1 test of 1.90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_ige.t ...................... ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_includes.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslbuffers.t ............... ok 80-test_ssl_old.t .................. ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok # Killing mock server with pid=401876680-test_cmp_http.t ................. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 95-test_external_pyca.t ............ skipped: No external tests in this configuration 90-test_store.t .................... ok 90-test_sslapi.t ................... ok Test Summary Report ------------------- 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=236, Tests=3236, 157 wallclock secs (13.18 usr 1.34 sys + 448.49 cusr 58.17 csys = 521.18 CPU) Result: FAIL make[1]: *** [Makefile:3228: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' make: *** [Makefile:3224: tests] Error 2 From tomas at openssl.org Mon Jun 7 06:37:26 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Mon, 07 Jun 2021 06:37:26 +0000 Subject: [openssl] master update Message-ID: <1623047846.375455.27814.nullmailer@dev.openssl.org> The branch master has been updated via dce7272d08601929a494b9367f4e70163c524cb3 (commit) from 97cf9b05fa1cdb8e4e7f60016aa95ae0e976e8c3 (commit) - Log ----------------------------------------------------------------- commit dce7272d08601929a494b9367f4e70163c524cb3 Author: Tomas Mraz Date: Fri Jun 4 17:01:24 2021 +0200 Elimination of some sources not needed in the FIPS_MODULE Unfortunately in terms of fips.sources this does not mean much given the way how the .h files are added via the dependency information from the compiler. Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15622) ----------------------------------------------------------------------- Summary of changes: crypto/rand/build.info | 2 +- crypto/rand/rand_lib.c | 24 ++++++++++++------------ crypto/rand/rand_local.h | 2 ++ crypto/rand/rand_meth.c | 4 ---- include/crypto/sm2.h | 2 +- 5 files changed, 16 insertions(+), 18 deletions(-) diff --git a/crypto/rand/build.info b/crypto/rand/build.info index 500667c332..a74282516f 100644 --- a/crypto/rand/build.info +++ b/crypto/rand/build.info @@ -7,7 +7,7 @@ IF[{- !$disabled{'egd'} -}] $CRYPTO=$CRYPTO rand_egd.c ENDIF IF[{- !$disabled{'deprecated-3.0'} -}] - $COMMON=$COMMON rand_meth.c + $CRYPTO=$CRYPTO rand_meth.c ENDIF SOURCE[../../libcrypto]=$COMMON $CRYPTO diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index a3305b76b4..62bd1d6796 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -10,25 +10,25 @@ /* We need to use some engine deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED -#include -#include -#include -#include #include -#include -#include "internal/cryptlib.h" #include -#include "crypto/rand.h" -#include "crypto/cryptlib.h" -#include #include +#include "internal/cryptlib.h" #include "internal/thread_once.h" +#include "crypto/rand.h" +#include "crypto/cryptlib.h" #include "rand_local.h" -#include "e_os.h" #ifndef FIPS_MODULE +# include +# include +# include +# include +# include +# include # include "crypto/rand_pool.h" # include "prov/seeding.h" +# include "e_os.h" # ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ @@ -319,7 +319,7 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, unsigned int strength) { EVP_RAND_CTX *rand; -#ifndef OPENSSL_NO_DEPRECATED_3_0 +#if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE) const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) { @@ -348,7 +348,7 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, unsigned int strength) { EVP_RAND_CTX *rand; -#ifndef OPENSSL_NO_DEPRECATED_3_0 +#if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE) const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) { diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h index 3b4ad8ca65..31428f20c8 100644 --- a/crypto/rand/rand_local.h +++ b/crypto/rand/rand_local.h @@ -25,7 +25,9 @@ # define PRIMARY_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */ # define SECONDARY_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */ +# ifndef FIPS_MODULE /* The global RAND method, and the global buffer and DRBG instance. */ extern RAND_METHOD ossl_rand_meth; +# endif #endif diff --git a/crypto/rand/rand_meth.c b/crypto/rand/rand_meth.c index 49bf0acdf5..276763057d 100644 --- a/crypto/rand/rand_meth.c +++ b/crypto/rand/rand_meth.c @@ -61,9 +61,5 @@ RAND_METHOD ossl_rand_meth = { RAND_METHOD *RAND_OpenSSL(void) { -#ifndef FIPS_MODULE return &ossl_rand_meth; -#else - return NULL; -#endif } diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h index e3278a31e6..165c01810f 100644 --- a/include/crypto/sm2.h +++ b/include/crypto/sm2.h @@ -15,7 +15,7 @@ # include -# ifndef OPENSSL_NO_SM2 +# if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) # include # include "crypto/types.h" From matt at openssl.org Mon Jun 7 10:07:26 2021 From: matt at openssl.org (Matt Caswell) Date: Mon, 07 Jun 2021 10:07:26 +0000 Subject: [openssl] master update Message-ID: <1623060446.626237.13518.nullmailer@dev.openssl.org> The branch master has been updated via 8984b552e74761c30f87b33cd5f0b436a27f8cbc (commit) from dce7272d08601929a494b9367f4e70163c524cb3 (commit) - Log ----------------------------------------------------------------- commit 8984b552e74761c30f87b33cd5f0b436a27f8cbc Author: Matt Caswell Date: Fri Jun 4 09:39:32 2021 +0100 Fix generate_ssl_tests.pl Fix the generate_ssl_tests.pl script so that it can be run standalone from the command line according to the instructions in test/README.ssltest.md Fixes #11430 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15617) ----------------------------------------------------------------------- Summary of changes: test/generate_ssl_tests.pl | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl index cdb35cc150..1783d1729e 100644 --- a/test/generate_ssl_tests.pl +++ b/test/generate_ssl_tests.pl @@ -11,22 +11,30 @@ use strict; use warnings; +use Cwd qw/abs_path/; use File::Basename; use File::Spec::Functions; use OpenSSL::Test qw/srctop_dir srctop_file/; use OpenSSL::Test::Utils; -# This block needs to run before 'use lib srctop_dir' directives. -BEGIN { - OpenSSL::Test::setup("no_test_here", quiet => 1); -} - use FindBin; use lib "$FindBin::Bin/../util/perl"; use OpenSSL::fallback "$FindBin::Bin/../external/perl/MODULES.txt"; use Text::Template 1.46; +my $input_file; +my $provider; + +BEGIN { + #Input file may be relative to cwd, but setup below changes the cwd, so + #figure out the absolute path first + $input_file = abs_path(shift); + $provider = shift; + + OpenSSL::Test::setup("no_test_here", quiet => 1); +} + use lib "$FindBin::Bin/ssl-tests"; use vars qw/@ISA/; @@ -140,8 +148,6 @@ sub read_config { warn $@ if $@; } -my $input_file = shift; -my $provider = shift; # Reads the tests into ssltests::tests. read_config($input_file, $provider); print_templates(); From tomas at openssl.org Mon Jun 7 10:31:36 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Mon, 07 Jun 2021 10:31:36 +0000 Subject: [openssl] master update Message-ID: <1623061896.789459.18560.nullmailer@dev.openssl.org> The branch master has been updated via 6d2e0076e6a8146f3bdaa60151b2fa6e4df0d1bf (commit) from 8984b552e74761c30f87b33cd5f0b436a27f8cbc (commit) - Log ----------------------------------------------------------------- commit 6d2e0076e6a8146f3bdaa60151b2fa6e4df0d1bf Author: FdaSilvaYY Date: Thu Jun 3 16:28:21 2021 +0200 Use rd instead rmdir to avoid collision with rmdir.exe from cygwin or msys Original idea by Mladen Turk @mturk Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15610) ----------------------------------------------------------------------- Summary of changes: Configurations/windows-makefile.tmpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index d6ba2d13fd..34b6c7878a 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -461,10 +461,10 @@ libclean: -del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb clean: libclean - -rmdir /Q /S $(HTMLDOCS1_BLDDIRS) - -rmdir /Q /S $(HTMLDOCS3_BLDDIRS) - -rmdir /Q /S $(HTMLDOCS5_BLDDIRS) - -rmdir /Q /S $(HTMLDOCS7_BLDDIRS) + -rd /Q /S $(HTMLDOCS1_BLDDIRS) + -rd /Q /S $(HTMLDOCS3_BLDDIRS) + -rd /Q /S $(HTMLDOCS5_BLDDIRS) + -rd /Q /S $(HTMLDOCS7_BLDDIRS) {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -} {- join("\n\t", map { "-del /Q /F $_" } @MODULES) -} {- join("\n\t", map { "-del /Q /F $_" } @SCRIPTS) -} @@ -474,7 +474,7 @@ clean: libclean -del /Q /S /F engines\*.lib engines\*.exp -del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp -del /Q /S /F test\*.exp - -rmdir /Q /S test\test-runs + -rd /Q /S test\test-runs distclean: clean -del /Q /F configdata.pm From openssl at openssl.org Mon Jun 7 22:10:42 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 07 Jun 2021 22:10:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options --strict-warnings Message-ID: <1623103842.634685.4132986.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config --strict-warnings Commit log since last time: 6d2e0076e6 Use rd instead rmdir 8984b552e7 Fix generate_ssl_tests.pl dce7272d08 Elimination of some sources not needed in the FIPS_MODULE Build log ended with (last 100 lines): not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 805120C66F7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 805120C66F7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 805120C66F7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623103631 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 805120C66F7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 805120C66F7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 805120C66F7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623103631 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 805120C66F7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 805120C66F7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 805120C66F7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623103631 not ok 6 - iteration 6 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 805120C66F7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 805120C66F7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 805120C66F7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623103631 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 805120C66F7F0000:error:0300009C:digital envelope routines:pkey_set_type:unsupported algorithm:../openssl/crypto/evp/p_lib.c:1531: # 805120C66F7F0000:error:0580006F:x509 certificate routines:x509_pubkey_decode:unsupported algorithm:../openssl/crypto/x509/x_pubkey.c:338: # 805120C66F7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623103631 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1623103631 not ok 1 - test_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/gosttest ../../../openssl/test/recipes/90-test_gost_data/server-cert2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-cert2012.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2012.pem => 1 not ok 1 - running gosttest # ------------------------------------------------------------------------------ # Failed test 'running gosttest' # at ../openssl/test/recipes/90-test_gost.t line 39. # Looks like you failed 1 test of 1.90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_srp.t ...................... ok 90-test_shlibload.t ................ ok 90-test_sslbuffers.t ............... ok 80-test_ssl_old.t .................. ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok # Killing mock server with pid=412404680-test_cmp_http.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 91-test_pkey_check.t ............... ok 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 90-test_store.t .................... ok 90-test_sslapi.t ................... ok Test Summary Report ------------------- 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=236, Tests=3236, 154 wallclock secs (13.75 usr 1.39 sys + 446.76 cusr 61.62 csys = 523.52 CPU) Result: FAIL make[1]: *** [Makefile:3242: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' make: *** [Makefile:3238: tests] Error 2 From pauli at openssl.org Tue Jun 8 04:33:22 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 04:33:22 +0000 Subject: [openssl] master update Message-ID: <1623126802.696980.30479.nullmailer@dev.openssl.org> The branch master has been updated via 063e019738b90fcf0a3ab7b1654ce8976805b0b3 (commit) via ff555f81365d1c09a408019924cace4a0f457ef6 (commit) from 6d2e0076e6a8146f3bdaa60151b2fa6e4df0d1bf (commit) - Log ----------------------------------------------------------------- commit 063e019738b90fcf0a3ab7b1654ce8976805b0b3 Author: Juergen Christ Date: Wed Jun 2 19:33:50 2021 +0200 Test EVP_CipherInit sequences and resets Various EVP_CipherInit sequences including partial inits and initializations with different "enc" flags caused problems on s390x. Similarly, cipher reinitialization and especially GCM reinitialization with different tag length led to wrong results. Add some unit tests to cover these rather exotic use cases. Signed-off-by: Juergen Christ Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15521) commit ff555f81365d1c09a408019924cace4a0f457ef6 Author: Juergen Christ Date: Fri May 28 15:02:52 2021 +0200 Fix CipherInit on s390x. Various different initialization sequences led to bugs on s390x due to caching and processing during key setting. Since, e.g., the direction does not necessarily have to be correct during initialization, this produced bugs in s390x which were not present on other architectures. Fix this by recomputing the function codes on the fly during updates and final operations. Signed-off-by: Juergen Christ Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15521) ----------------------------------------------------------------------- Summary of changes: providers/implementations/ciphers/cipher_aes_gcm.h | 1 + .../ciphers/cipher_aes_gcm_hw_s390x.inc | 46 +- .../ciphers/cipher_aes_hw_s390x.inc | 27 +- test/evp_extra_test.c | 474 +++++++++++++++++++++ 4 files changed, 517 insertions(+), 31 deletions(-) diff --git a/providers/implementations/ciphers/cipher_aes_gcm.h b/providers/implementations/ciphers/cipher_aes_gcm.h index bcffa15871..46b5ee3859 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm.h +++ b/providers/implementations/ciphers/cipher_aes_gcm.h @@ -29,6 +29,7 @@ typedef struct prov_aes_gcm_ctx_st { S390X_KMA_PARAMS kma; } param; unsigned int fc; + unsigned int hsflag; /* hash subkey set flag */ unsigned char ares[16]; unsigned char mres[16]; unsigned char kres[16]; diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_s390x.inc index f797093928..c45657952b 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm_hw_s390x.inc +++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_s390x.inc @@ -15,6 +15,12 @@ /* iv + padding length for iv lengths != 12 */ #define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) +/* Additional flag or'ed to fc for decryption */ +#define S390X_gcm_decrypt_flag(ctx) (((ctx)->enc) ? 0 : S390X_DECRYPT) + +#define S390X_gcm_fc(A,C) ((A)->plat.s390x.fc | (A)->plat.s390x.hsflag |\ + S390X_gcm_decrypt_flag((C))) + static int s390x_aes_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key, size_t keylen) { @@ -23,8 +29,6 @@ static int s390x_aes_gcm_initkey(PROV_GCM_CTX *ctx, ctx->key_set = 1; memcpy(&actx->plat.s390x.param.kma.k, key, keylen); actx->plat.s390x.fc = S390X_AES_FC(keylen); - if (!ctx->enc) - actx->plat.s390x.fc |= S390X_DECRYPT; return 1; } @@ -46,6 +50,7 @@ static int s390x_aes_gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, memcpy(&kma->j0, iv, ivlen); kma->j0.w[3] = 1; kma->cv.w = 1; + actx->plat.s390x.hsflag = 0; } else { unsigned long long ivbits = ivlen << 3; size_t len = S390X_gcm_ivpadlen(ivlen); @@ -63,7 +68,7 @@ static int s390x_aes_gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, * param. */ s390x_kma(iv_zero_pad, len, NULL, 0, NULL, actx->plat.s390x.fc, kma); - actx->plat.s390x.fc |= S390X_KMA_HS; /* The hash subkey is set */ + actx->plat.s390x.hsflag = S390X_KMA_HS; /* The hash subkey is set */ /* Copy the 128 bit GHASH result into J0 and clear the tag */ kma->j0.g[0] = kma->t.g[0]; @@ -81,13 +86,15 @@ static int s390x_aes_gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag) PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; S390X_KMA_PARAMS *kma = &actx->plat.s390x.param.kma; unsigned char out[AES_BLOCK_SIZE]; + unsigned int fc; int rc; kma->taadl <<= 3; kma->tpcl <<= 3; + fc = S390X_gcm_fc(actx, ctx) | S390X_KMA_LAAD | S390X_KMA_LPC; s390x_kma(actx->plat.s390x.ares, actx->plat.s390x.areslen, actx->plat.s390x.mres, actx->plat.s390x.mreslen, out, - actx->plat.s390x.fc | S390X_KMA_LAAD | S390X_KMA_LPC, kma); + fc, kma); /* gctx->mres already returned to the caller */ OPENSSL_cleanse(out, actx->plat.s390x.mreslen); @@ -110,12 +117,13 @@ static int s390x_aes_gcm_one_shot(PROV_GCM_CTX *ctx, { PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; S390X_KMA_PARAMS *kma = &actx->plat.s390x.param.kma; + unsigned int fc; int rc; kma->taadl = aad_len << 3; kma->tpcl = in_len << 3; - s390x_kma(aad, aad_len, in, in_len, out, - actx->plat.s390x.fc | S390X_KMA_LAAD | S390X_KMA_LPC, kma); + fc = S390X_gcm_fc(actx, ctx) | S390X_KMA_LAAD | S390X_KMA_LPC; + s390x_kma(aad, aad_len, in, in_len, out, fc, kma); if (ctx->enc) { memcpy(tag, kma->t.b, taglen); @@ -136,6 +144,7 @@ static int s390x_aes_gcm_aad_update(PROV_GCM_CTX *ctx, PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx; S390X_KMA_PARAMS *kma = &actx->plat.s390x.param.kma; unsigned long long alen; + unsigned int fc; int n, rem; /* If already processed pt/ct then error */ @@ -160,9 +169,9 @@ static int s390x_aes_gcm_aad_update(PROV_GCM_CTX *ctx, } /* ctx->ares contains a complete block if offset has wrapped around */ if (!n) { - s390x_kma(actx->plat.s390x.ares, 16, NULL, 0, NULL, - actx->plat.s390x.fc, kma); - actx->plat.s390x.fc |= S390X_KMA_HS; + fc = S390X_gcm_fc(actx, ctx); + s390x_kma(actx->plat.s390x.ares, 16, NULL, 0, NULL, fc, kma); + actx->plat.s390x.hsflag = S390X_KMA_HS; } actx->plat.s390x.areslen = n; } @@ -172,8 +181,9 @@ static int s390x_aes_gcm_aad_update(PROV_GCM_CTX *ctx, /* Add any remaining 16 byte blocks (128 bit each) */ len &= ~(size_t)0xf; if (len) { - s390x_kma(aad, len, NULL, 0, NULL, actx->plat.s390x.fc, kma); - actx->plat.s390x.fc |= S390X_KMA_HS; + fc = S390X_gcm_fc(actx, ctx); + s390x_kma(aad, len, NULL, 0, NULL, fc, kma); + actx->plat.s390x.hsflag = S390X_KMA_HS; aad += len; } @@ -200,6 +210,7 @@ static int s390x_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, S390X_KMA_PARAMS *kma = &actx->plat.s390x.param.kma; const unsigned char *inptr; unsigned long long mlen; + unsigned int fc; union { unsigned int w[4]; unsigned char b[16]; @@ -212,6 +223,7 @@ static int s390x_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, return 0; kma->tpcl = mlen; + fc = S390X_gcm_fc(actx, ctx) | S390X_KMA_LAAD; n = actx->plat.s390x.mreslen; if (n) { inptr = in; @@ -225,9 +237,9 @@ static int s390x_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, /* ctx->mres contains a complete block if offset has wrapped around */ if (!n) { s390x_kma(actx->plat.s390x.ares, actx->plat.s390x.areslen, - actx->plat.s390x.mres, 16, buf.b, - actx->plat.s390x.fc | S390X_KMA_LAAD, kma); - actx->plat.s390x.fc |= S390X_KMA_HS; + actx->plat.s390x.mres, 16, buf.b, fc, kma); + actx->plat.s390x.hsflag = S390X_KMA_HS; + fc |= S390X_KMA_HS; actx->plat.s390x.areslen = 0; /* previous call already encrypted/decrypted its remainder, @@ -249,10 +261,10 @@ static int s390x_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, len &= ~(size_t)0xf; if (len) { s390x_kma(actx->plat.s390x.ares, actx->plat.s390x.areslen, in, len, out, - actx->plat.s390x.fc | S390X_KMA_LAAD, kma); + fc, kma); in += len; out += len; - actx->plat.s390x.fc |= S390X_KMA_HS; + actx->plat.s390x.hsflag = S390X_KMA_HS; actx->plat.s390x.areslen = 0; } @@ -268,7 +280,7 @@ static int s390x_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, buf.w[2] = kma->j0.w[2]; buf.w[3] = kma->cv.w + 1; s390x_km(buf.b, 16, actx->plat.s390x.kres, - actx->plat.s390x.fc & 0x1f, &kma->k); + fc & 0x1f, &kma->k); } n = actx->plat.s390x.mreslen; diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc index c298dfafd7..c8282dbd08 100644 --- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc +++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc @@ -14,6 +14,8 @@ #include "s390x_arch.h" +#include + #define s390x_aes_cbc_initkey cipher_hw_aes_initkey #define s390x_aes_cfb1_initkey cipher_hw_aes_initkey #define s390x_aes_ctr_initkey cipher_hw_aes_initkey @@ -34,9 +36,6 @@ static int s390x_aes_ecb_initkey(PROV_CIPHER_CTX *dat, PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; adat->plat.s390x.fc = S390X_AES_FC(keylen); - if (!dat->enc) - adat->plat.s390x.fc |= S390X_DECRYPT; - memcpy(adat->plat.s390x.param.km.k, key, keylen); return 1; } @@ -45,8 +44,10 @@ static int s390x_aes_ecb_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, const unsigned char *in, size_t len) { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + unsigned int modifier = adat->base.enc ? 0 : S390X_DECRYPT; - s390x_km(in, len, out, adat->plat.s390x.fc, &adat->plat.s390x.param.km); + s390x_km(in, len, out, adat->plat.s390x.fc | modifier, + &adat->plat.s390x.param.km); return 1; } @@ -90,7 +91,8 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, if (rem) { s390x_km(adat->plat.s390x.param.kmo_kmf.cv, 16, - adat->plat.s390x.param.kmo_kmf.cv, adat->plat.s390x.fc, + adat->plat.s390x.param.kmo_kmf.cv, + adat->plat.s390x.fc, adat->plat.s390x.param.kmo_kmf.k); while (rem--) { @@ -111,9 +113,6 @@ static int s390x_aes_cfb128_initkey(PROV_CIPHER_CTX *dat, adat->plat.s390x.fc = S390X_AES_FC(keylen); adat->plat.s390x.fc |= 16 << 24; /* 16 bytes cipher feedback */ - if (!dat->enc) - adat->plat.s390x.fc |= S390X_DECRYPT; - adat->plat.s390x.res = 0; memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); return 1; @@ -123,6 +122,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, const unsigned char *in, size_t len) { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + unsigned int modifier = adat->base.enc ? 0 : S390X_DECRYPT; int n = adat->plat.s390x.res; int rem; unsigned char tmp; @@ -142,7 +142,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, len &= ~(size_t)0xf; if (len) { - s390x_kmf(in, len, out, adat->plat.s390x.fc, + s390x_kmf(in, len, out, adat->plat.s390x.fc | modifier, &adat->plat.s390x.param.kmo_kmf); out += len; @@ -152,7 +152,8 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, if (rem) { s390x_km(adat->plat.s390x.param.kmo_kmf.cv, 16, adat->plat.s390x.param.kmo_kmf.cv, - S390X_AES_FC(dat->keylen), adat->plat.s390x.param.kmo_kmf.k); + S390X_AES_FC(dat->keylen), + adat->plat.s390x.param.kmo_kmf.k); while (rem--) { tmp = in[n]; @@ -174,9 +175,6 @@ static int s390x_aes_cfb8_initkey(PROV_CIPHER_CTX *dat, adat->plat.s390x.fc = S390X_AES_FC(keylen); adat->plat.s390x.fc |= 1 << 24; /* 1 byte cipher feedback */ - if (!dat->enc) - adat->plat.s390x.fc |= S390X_DECRYPT; - memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); return 1; } @@ -185,9 +183,10 @@ static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat, unsigned char *out, const unsigned char *in, size_t len) { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; + unsigned int modifier = adat->base.enc ? 0 : S390X_DECRYPT; memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen); - s390x_kmf(in, len, out, adat->plat.s390x.fc, + s390x_kmf(in, len, out, adat->plat.s390x.fc | modifier, &adat->plat.s390x.param.kmo_kmf); memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen); return 1; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f26330b5d8..61f6b4ce00 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -402,6 +402,95 @@ static const unsigned char kExampleED25519PubKeyDER[] = { #endif +static const unsigned char kCFBDefaultKey[] = { + 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, + 0x09, 0xCF, 0x4F, 0x3C +}; + +static const unsigned char kGCMDefaultKey[32] = { 0 }; + +static const unsigned char kGCMResetKey[] = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, + 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 +}; + +static const unsigned char iCFBIV[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, + 0x0C, 0x0D, 0x0E, 0x0F +}; + +static const unsigned char iGCMDefaultIV[12] = { 0 }; + +static const unsigned char iGCMResetIV1[] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad +}; + +static const unsigned char iGCMResetIV2[] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 +}; + +static const unsigned char cfbPlaintext[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, + 0x73, 0x93, 0x17, 0x2A +}; + +static const unsigned char gcmDefaultPlaintext[16] = { 0 }; + +static const unsigned char gcmResetPlaintext[] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, + 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, + 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 +}; + +static const unsigned char cfbCiphertext[] = { + 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, + 0xE8, 0x3C, 0xFB, 0x4A +}; + +static const unsigned char gcmDefaultCiphertext[] = { + 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, + 0xba, 0xf3, 0x9d, 0x18 +}; + +static const unsigned char gcmResetCiphertext1[] = { + 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, + 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, + 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, + 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, + 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f +}; + +static const unsigned char gcmResetCiphertext2[] = { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, + 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, + 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 +}; + +static const unsigned char gcmAAD[] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 +}; + +static const unsigned char gcmDefaultTag[] = { + 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, + 0xd4, 0x8a, 0xb9, 0x19 +}; + +static const unsigned char gcmResetTag1[] = { + 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, + 0xfe, 0x2e, 0xa8, 0xf2 +}; + +static const unsigned char gcmResetTag2[] = { + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, + 0xbb, 0x2d, 0x55, 0x1b +}; + typedef struct APK_DATA_st { const unsigned char *kder; size_t size; @@ -2895,6 +2984,387 @@ static int test_names_do_all(void) return testresult; } +typedef struct { + const char *cipher; + const unsigned char *key; + const unsigned char *iv; + const unsigned char *input; + const unsigned char *expected; + const unsigned char *tag; + size_t ivlen; /* 0 if we do not need to set a specific IV len */ + size_t inlen; + size_t expectedlen; + size_t taglen; + int keyfirst; + int initenc; + int finalenc; +} EVP_INIT_TEST_st; + +static const EVP_INIT_TEST_st evp_init_tests[] = { + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, + cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), + 0, 1, 0, 1 + }, + { + "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, + gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), + sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), + sizeof(gcmDefaultTag), 1, 0, 1 + }, + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, + cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), + 0, 0, 0, 1 + }, + { + "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, + gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), + sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), + sizeof(gcmDefaultTag), 0, 0, 1 + }, + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, + cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), + 0, 1, 1, 0 + }, + { + "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, + gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), + sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), + sizeof(gcmDefaultTag), 1, 1, 0 + }, + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, + cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), + 0, 0, 1, 0 + }, + { + "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, + gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), + sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), + sizeof(gcmDefaultTag), 0, 1, 0 + } +}; + +static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) +{ + int res = 0; + + if (t->ivlen != 0) { + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL))) + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) + goto err; + res = 1; + err: + return res; +} + +/* + * Test step-wise cipher initialization via EVP_CipherInit_ex where the + * arguments are given one at a time and a final adjustment to the enc + * parameter sets the correct operation. + */ +static int test_evp_init_seq(int idx) +{ + int outlen1, outlen2; + int testresult = 0; + unsigned char outbuf[1024]; + unsigned char tag[16]; + const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *type = NULL; + size_t taglen = sizeof(tag); + char *errmsg = NULL; + + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + errmsg = "CTX_ALLOC"; + goto err; + } + if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) { + errmsg = "CIPHER_FETCH"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { + errmsg = "EMPTY_ENC_INIT"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { + errmsg = "PADDING"; + goto err; + } + if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { + errmsg = "KEY_INIT (before iv)"; + goto err; + } + if (!evp_init_seq_set_iv(ctx, t)) { + errmsg = "IV_INIT"; + goto err; + } + if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { + errmsg = "KEY_INIT (after iv)"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { + errmsg = "FINAL_ENC_INIT"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { + errmsg = "CIPHER_UPDATE"; + goto err; + } + if (t->finalenc == 0 && t->tag != NULL) { + /* Set expected tag */ + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + t->taglen, (void *)t->tag))) { + errmsg = "SET_TAG"; + goto err; + } + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL"; + goto err; + } + if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT"; + goto err; + } + if (t->finalenc != 0 && t->tag != NULL) { + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + errmsg = "GET_TAG"; + goto err; + } + if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { + errmsg = "TAG_ERROR"; + goto err; + } + } + testresult = 1; + err: + if (errmsg != NULL) + TEST_info("evp_init_test %d: %s", idx, errmsg); + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(type); + return testresult; +} + +typedef struct { + const unsigned char *input; + const unsigned char *expected; + size_t inlen; + size_t expectedlen; + int enc; +} EVP_RESET_TEST_st; + +static const EVP_RESET_TEST_st evp_reset_tests[] = { + { + cfbPlaintext, cfbCiphertext, + sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 + }, + { + cfbCiphertext, cfbPlaintext, + sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 + } +}; + +/* + * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already + * been used. + */ +static int test_evp_reset(int idx) +{ + const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; + int outlen1, outlen2; + int testresult = 0; + unsigned char outbuf[1024]; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *type = NULL; + char *errmsg = NULL; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { + errmsg = "CTX_ALLOC"; + goto err; + } + if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) { + errmsg = "CIPHER_FETCH"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { + errmsg = "CIPHER_INIT"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { + errmsg = "PADDING"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { + errmsg = "CIPHER_UPDATE"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL"; + goto err; + } + if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { + errmsg = "CIPHER_REINIT"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { + errmsg = "CIPHER_UPDATE (reinit)"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL (reinit)"; + goto err; + } + if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT (reinit)"; + goto err; + } + testresult = 1; + err: + if (errmsg != NULL) + TEST_info("test_evp_reset %d: %s", idx, errmsg); + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(type); + return testresult; +} + +typedef struct { + const unsigned char *iv1; + const unsigned char *iv2; + const unsigned char *expected1; + const unsigned char *expected2; + const unsigned char *tag1; + const unsigned char *tag2; + size_t ivlen1; + size_t ivlen2; + size_t expectedlen1; + size_t expectedlen2; +} TEST_GCM_IV_REINIT_st; + +static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { + { + iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, + gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), + sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) + }, + { + iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, + gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), + sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) + } +}; + +static int test_gcm_reinit(int idx) +{ + int outlen1, outlen2, outlen3; + int testresult = 0; + unsigned char outbuf[1024]; + unsigned char tag[16]; + const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *type = NULL; + size_t taglen = sizeof(tag); + char *errmsg = NULL; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { + errmsg = "CTX_ALLOC"; + goto err; + } + if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) { + errmsg = "CIPHER_FETCH"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { + errmsg = "ENC_INIT"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) { + errmsg = "SET_IVLEN1"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { + errmsg = "SET_IV1"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { + errmsg = "AAD1"; + goto err; + } + EVP_CIPHER_CTX_set_padding(ctx, 0); + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, + sizeof(gcmResetPlaintext)))) { + errmsg = "CIPHER_UPDATE1"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL1"; + goto err; + } + if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT1"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + errmsg = "GET_TAG1"; + goto err; + } + if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { + errmsg = "TAG_ERROR1"; + goto err; + } + /* Now reinit */ + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) { + errmsg = "SET_IVLEN2"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { + errmsg = "SET_IV2"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { + errmsg = "AAD2"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, + sizeof(gcmResetPlaintext)))) { + errmsg = "CIPHER_UPDATE2"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL2"; + goto err; + } + if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT2"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + errmsg = "GET_TAG2"; + goto err; + } + if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { + errmsg = "TAG_ERROR2"; + goto err; + } + testresult = 1; + err: + if (errmsg != NULL) + TEST_info("evp_init_test %d: %s", idx, errmsg); + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(type); + return testresult; +} + + typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, @@ -3011,6 +3481,10 @@ int setup_tests(void) ADD_TEST(test_names_do_all); + ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); + ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); + ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); + return 1; } From pauli at openssl.org Tue Jun 8 05:15:20 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 05:15:20 +0000 Subject: [openssl] master update Message-ID: <1623129320.870426.5762.nullmailer@dev.openssl.org> The branch master has been updated via 5135a9bd9280301a24640a6bf5125c144e28cfdd (commit) from 063e019738b90fcf0a3ab7b1654ce8976805b0b3 (commit) - Log ----------------------------------------------------------------- commit 5135a9bd9280301a24640a6bf5125c144e28cfdd Author: Shane Lontis Date: Thu Jun 3 10:54:13 2021 +1000 Document missing EC/SM2 params Fixes #15548 Document OSSL_PKEY_PARAM_EC_PUB_X, OSSL_PKEY_PARAM_EC_PUB_Y and OSSL_PKEY_PARAM_DEFAULT_DIGEST Added a section related to parameters for SM2. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15601) ----------------------------------------------------------------------- Summary of changes: doc/man7/EVP_PKEY-EC.pod | 13 +++++++++++++ doc/man7/EVP_PKEY-SM2.pod | 20 +++++++++++++++++++- providers/implementations/keymgmt/ec_kmgmt.c | 4 ++-- 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod index 82892492e3..31d92bf8a1 100644 --- a/doc/man7/EVP_PKEY-EC.pod +++ b/doc/man7/EVP_PKEY-EC.pod @@ -122,6 +122,19 @@ Used for getting and setting the encoding of an EC public key. The public key is expected to be a point conforming to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. +=item "qx" (B) + +Used for getting the EC public key X component. + +=item "qy" (B) + +Used for getting the EC public key Y component. + +=item (B) + +Getter that returns the default digest name. +(Currently returns "SHA256" as of OpenSSL 3.0). + =back The following Gettable types are also available for the built-in EC algorithm: diff --git a/doc/man7/EVP_PKEY-SM2.pod b/doc/man7/EVP_PKEY-SM2.pod index bb6258c873..4f0e240f3f 100644 --- a/doc/man7/EVP_PKEY-SM2.pod +++ b/doc/man7/EVP_PKEY-SM2.pod @@ -15,6 +15,24 @@ both signature and encryption schemes via the EVP interface. When doing the B signature algorithm, it requires a distinguishing identifier to form the message prefix which is hashed before the real message is hashed. +=head2 Common SM2 parameters + +SM2 uses the parameters defined in L. +The following parameters are different: + +=over 4 + +=item "cofactor" (B) + +This parameter is ignored for B. + +=item (B) + +Getter that returns the default digest name. +(Currently returns "SM3" as of OpenSSL 3.0). + +=back + =head1 NOTES B signatures can be generated by using the 'DigestSign' series of APIs, for @@ -63,7 +81,7 @@ L =head1 COPYRIGHT -Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 6cd9aa3d38..24d4df543b 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -763,8 +763,8 @@ static const OSSL_PARAM ec_known_gettable_params[] = { EC_IMEXPORTABLE_DOM_PARAMETERS, EC2M_GETTABLE_DOM_PARAMS EC_IMEXPORTABLE_PUBLIC_KEY, - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_Y, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_PUB_Y, NULL, 0), EC_IMEXPORTABLE_PRIVATE_KEY, EC_IMEXPORTABLE_OTHER_PARAMETERS, OSSL_PARAM_END From pauli at openssl.org Tue Jun 8 05:16:27 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 05:16:27 +0000 Subject: [openssl] master update Message-ID: <1623129387.384922.8049.nullmailer@dev.openssl.org> The branch master has been updated via f41fd10d90fb5202f4c05f8842b4a4f25afd51d0 (commit) from 5135a9bd9280301a24640a6bf5125c144e28cfdd (commit) - Log ----------------------------------------------------------------- commit f41fd10d90fb5202f4c05f8842b4a4f25afd51d0 Author: Shane Lontis Date: Thu Jun 3 19:09:38 2021 +1000 Add a gettable for provider ciphers to return the EVP_CIPH_RAND_KEY flag Fixes #15531 DES and TDES set this flag which could possibly be used by applications. The gettable cipher param OSSL_CIPHER_PARAM_HAS_RAND_KEY has been added. Note that EVP_CIPHER_CTX_rand_key() uses this flag. Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15606) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_lib.c | 10 +++++--- doc/man3/EVP_EncryptInit.pod | 12 +++++++-- include/openssl/core_names.h | 1 + providers/implementations/ciphers/cipher_des.c | 2 +- providers/implementations/ciphers/cipher_tdes.h | 2 +- .../implementations/ciphers/cipher_tdes_wrap.c | 2 +- providers/implementations/ciphers/ciphercommon.c | 7 +++++ .../implementations/include/prov/ciphercommon.h | 5 ++-- test/evp_libctx_test.c | 30 ++++++++++++++++++++++ 9 files changed, 61 insertions(+), 10 deletions(-) diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index bb91b22678..0b08c9adfd 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -340,12 +340,12 @@ int EVP_CIPHER_get_type(const EVP_CIPHER *cipher) int evp_cipher_cache_constants(EVP_CIPHER *cipher) { - int ok, aead = 0, custom_iv = 0, cts = 0, multiblock = 0; + int ok, aead = 0, custom_iv = 0, cts = 0, multiblock = 0, randkey = 0; size_t ivlen = 0; size_t blksz = 0; size_t keylen = 0; unsigned int mode = 0; - OSSL_PARAM params[9]; + OSSL_PARAM params[10]; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz); params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen); @@ -357,7 +357,9 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher) params[6] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CTS, &cts); params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, &multiblock); - params[8] = OSSL_PARAM_construct_end(); + params[8] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, + &randkey); + params[9] = OSSL_PARAM_construct_end(); ok = evp_do_ciph_getparams(cipher, params) > 0; if (ok) { cipher->block_size = blksz; @@ -374,6 +376,8 @@ int evp_cipher_cache_constants(EVP_CIPHER *cipher) cipher->flags |= EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; if (cipher->ccipher != NULL) cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER; + if (randkey) + cipher->flags |= EVP_CIPH_RAND_KEY; if (OSSL_PARAM_locate_const(EVP_CIPHER_gettable_ctx_params(cipher), OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS)) cipher->flags |= EVP_CIPH_FLAG_CUSTOM_ASN1; diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 965e0d9248..4b90cdd780 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -679,6 +679,12 @@ TLS ciphers. Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the cached value. +=item "has-randkey" (B) + +Gets 1 if the cipher algorithm I supports the gettable EVP_CIPHER_CTX +parameter B. Only DES and 3DES set this to 1, +all other OpenSSL ciphers return 0. + =back =head2 Gettable and Settable EVP_CIPHER_CTX parameters @@ -1115,6 +1121,10 @@ See L "cts". See L "tls-multi". +=item EVP_CIPH_RAND_KEY + +See L "has-randkey". + =back EVP_CIPHER_flags() uses the following flags for legacy purposes only: @@ -1131,8 +1141,6 @@ EVP_CIPHER_flags() uses the following flags for legacy purposes only: =item EVP_CIPH_CUSTOM_KEY_LENGTH -=item EVP_CIPH_RAND_KEY - =item EVP_CIPH_CUSTOM_COPY =item EVP_CIPH_FLAG_DEFAULT_ASN1 diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 097dbc1c04..f99497e229 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -75,6 +75,7 @@ extern "C" { #define OSSL_CIPHER_PARAM_CUSTOM_IV "custom-iv" /* int, 0 or 1 */ #define OSSL_CIPHER_PARAM_CTS "cts" /* int, 0 or 1 */ #define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK "tls-multi" /* int, 0 or 1 */ +#define OSSL_CIPHER_PARAM_HAS_RAND_KEY "has-randkey" /* int, 0 or 1 */ #define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */ #define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */ #define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */ diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index d03d65b668..c6d13466f7 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -20,7 +20,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define DES_FLAGS 0 +#define DES_FLAGS PROV_CIPHER_FLAG_RAND_KEY static OSSL_FUNC_cipher_freectx_fn des_freectx; static OSSL_FUNC_cipher_encrypt_init_fn des_einit; diff --git a/providers/implementations/ciphers/cipher_tdes.h b/providers/implementations/ciphers/cipher_tdes.h index d3d885bd18..93f9d1744d 100644 --- a/providers/implementations/ciphers/cipher_tdes.h +++ b/providers/implementations/ciphers/cipher_tdes.h @@ -13,7 +13,7 @@ #define DES_BLOCK_SIZE 8 #define TDES_IVLEN 8 -#define TDES_FLAGS 0 +#define TDES_FLAGS PROV_CIPHER_FLAG_RAND_KEY typedef struct prov_tdes_ctx_st { PROV_CIPHER_CTX base; /* Must be first */ diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index f6a859539e..1b4539a64c 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -22,7 +22,7 @@ #include "prov/implementations.h" #include "prov/providercommon.h" -#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV +#define TDES_WRAP_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV | PROV_CIPHER_FLAG_RAND_KEY static OSSL_FUNC_cipher_update_fn tdes_wrap_update; static OSSL_FUNC_cipher_cipher_fn tdes_wrap_cipher; diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index b5a0d43b78..fa383165d8 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -30,6 +30,7 @@ static const OSSL_PARAM cipher_known_gettable_params[] = { OSSL_PARAM_int(OSSL_CIPHER_PARAM_CUSTOM_IV, NULL), OSSL_PARAM_int(OSSL_CIPHER_PARAM_CTS, NULL), OSSL_PARAM_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, NULL), + OSSL_PARAM_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, NULL), OSSL_PARAM_END }; const OSSL_PARAM *ossl_cipher_generic_gettable_params(ossl_unused void *provctx) @@ -72,6 +73,12 @@ int ossl_cipher_generic_get_params(OSSL_PARAM params[], unsigned int md, ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } + p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_HAS_RAND_KEY); + if (p != NULL + && !OSSL_PARAM_set_int(p, (flags & PROV_CIPHER_FLAG_RAND_KEY) != 0)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL && !OSSL_PARAM_set_size_t(p, kbits / 8)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index 7ccc9c7047..91c4c914be 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -36,9 +36,10 @@ typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out, #define PROV_CIPHER_FLAG_CUSTOM_IV 0x0002 #define PROV_CIPHER_FLAG_CTS 0x0004 #define PROV_CIPHER_FLAG_TLS1_MULTIBLOCK 0x0008 +#define PROV_CIPHER_FLAG_RAND_KEY 0x0010 /* Internal flags that are only used within the provider */ -#define PROV_CIPHER_FLAG_VARIABLE_LENGTH 0x0010 -#define PROV_CIPHER_FLAG_INVERSE_CIPHER 0x0020 +#define PROV_CIPHER_FLAG_VARIABLE_LENGTH 0x0100 +#define PROV_CIPHER_FLAG_INVERSE_CIPHER 0x0200 struct prov_cipher_ctx_st { block128_f block; diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c index b9794b6b7d..bfbbafdbab 100644 --- a/test/evp_libctx_test.c +++ b/test/evp_libctx_test.c @@ -557,6 +557,33 @@ static int kem_rsa_gen_recover(void) return ret; } +#ifndef OPENSSL_NO_DES +/* + * This test makes sure that EVP_CIPHER_CTX_rand_key() works correctly + * For fips mode this code would produce an error if the flag is not set. + */ +static int test_cipher_tdes_randkey(void) +{ + int ret; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *tdes_cipher = NULL, *aes_cipher = NULL; + unsigned char key[24] = { 0 }; + + ret = TEST_ptr(aes_cipher = EVP_CIPHER_fetch(libctx, "AES-256-CBC", NULL)) + && TEST_int_eq(EVP_CIPHER_get_flags(aes_cipher) & EVP_CIPH_RAND_KEY, 0) + && TEST_ptr(tdes_cipher = EVP_CIPHER_fetch(libctx, "DES-EDE3-CBC", NULL)) + && TEST_int_ne(EVP_CIPHER_get_flags(tdes_cipher) & EVP_CIPH_RAND_KEY, 0) + && TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + && TEST_true(EVP_CipherInit_ex(ctx, tdes_cipher, NULL, NULL, NULL, 1)) + && TEST_true(EVP_CIPHER_CTX_rand_key(ctx, key)); + + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(tdes_cipher); + EVP_CIPHER_free(aes_cipher); + return ret; +} +#endif /* OPENSSL_NO_DES */ + static int kem_rsa_params(void) { int ret = 0; @@ -716,6 +743,9 @@ int setup_tests(void) ADD_TEST(kem_rsa_params); #ifndef OPENSSL_NO_DH ADD_TEST(kem_invalid_keytype); +#endif +#ifndef OPENSSL_NO_DES + ADD_TEST(test_cipher_tdes_randkey); #endif return 1; } From pauli at openssl.org Tue Jun 8 05:17:29 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 05:17:29 +0000 Subject: [openssl] master update Message-ID: <1623129449.310613.16950.nullmailer@dev.openssl.org> The branch master has been updated via 5d43bfa7d58c6af5e40d6615edc83c709df2852b (commit) from f41fd10d90fb5202f4c05f8842b4a4f25afd51d0 (commit) - Log ----------------------------------------------------------------- commit 5d43bfa7d58c6af5e40d6615edc83c709df2852b Author: Dr. David von Oheimb Date: Thu Jun 3 12:56:11 2021 +0200 BIO_write-ex(): Improve behavior in corner cases and documentation Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15608) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bio_lib.c | 17 +++++++++++------ doc/man3/BIO_read.pod | 16 +++++++++++----- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 80b81db5c4..cdce122796 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -332,8 +332,11 @@ int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes) static int bio_write_intern(BIO *b, const void *data, size_t dlen, size_t *written) { + size_t local_written; int ret; + if (written != NULL) + *written = 0; /* * b == NULL is not an error but just means that zero bytes are written. * Do not raise an error here. @@ -356,15 +359,17 @@ static int bio_write_intern(BIO *b, const void *data, size_t dlen, return -1; } - ret = b->method->bwrite(b, data, dlen, written); + ret = b->method->bwrite(b, data, dlen, &local_written); if (ret > 0) - b->num_write += (uint64_t)*written; + b->num_write += (uint64_t)local_written; if (HAS_CALLBACK(b)) ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, data, - dlen, 0, 0L, ret, written); + dlen, 0, 0L, ret, &local_written); + if (written != NULL) + *written = local_written; return ret; } @@ -373,13 +378,13 @@ int BIO_write(BIO *b, const void *data, int dlen) size_t written; int ret; - if (dlen < 0) + if (dlen <= 0) return 0; ret = bio_write_intern(b, data, (size_t)dlen, &written); if (ret > 0) { - /* *written should always be <= dlen */ + /* written should always be <= dlen */ ret = (int)written; } @@ -388,7 +393,7 @@ int BIO_write(BIO *b, const void *data, int dlen) int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written) { - return bio_write_intern(b, data, dlen, written) > 0; + return bio_write_intern(b, data, dlen, written) >= 0; } int BIO_puts(BIO *b, const char *buf) diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod index d9201ef3b7..08104b1b92 100644 --- a/doc/man3/BIO_read.pod +++ b/doc/man3/BIO_read.pod @@ -25,8 +25,9 @@ BIO_read_ex() attempts to read I bytes from BIO I and places the data in I. If any bytes were successfully read then the number of bytes read is stored in I<*readbytes>. -BIO_write_ex() attempts to write I bytes from I to BIO I. If -successful then the number of bytes written is stored in I<*written>. +BIO_write_ex() attempts to write I bytes from I to BIO I. +If successful then the number of bytes written is stored in I<*written> +unless I is NULL. No data is written if I is NULL. BIO_read() attempts to read I bytes from BIO I and places the data in I. @@ -55,10 +56,15 @@ BIO_puts() attempts to write a NUL-terminated string I to BIO I. =head1 RETURN VALUES -BIO_read_ex() and BIO_write_ex() return 1 if data was successfully read or -written, and 0 otherwise. +BIO_read_ex() returns 1 if data was successfully read, and 0 otherwise. -BIO_write() and BIO_write_ex() return 0 if the BIO I is NULL. +BIO_write_ex() returns 1 if no error was encountered writing data, 0 otherwise. +Write to NULL B is not considered as an error. + +BIO_write() returns -2 if the "write" operation is not implemented by the BIO +or -1 on other errors. +Otherwise it returns the number of bytes written. +This may be 0 if the BIO I is NULL or I. BIO_gets() returns -2 if the "gets" operation is not implemented by the BIO or -1 on other errors. From pauli at openssl.org Tue Jun 8 05:18:26 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 05:18:26 +0000 Subject: [openssl] master update Message-ID: <1623129506.469247.14602.nullmailer@dev.openssl.org> The branch master has been updated via 69e0f8cca691dc474300422c48e14713ace8dd2c (commit) from 5d43bfa7d58c6af5e40d6615edc83c709df2852b (commit) - Log ----------------------------------------------------------------- commit 69e0f8cca691dc474300422c48e14713ace8dd2c Author: Shane Lontis Date: Mon Jun 7 11:33:28 2021 +1000 Fix AIX FIPS DEP. The entry point needs the option 'binitfini', but it was not being added since the perl code to detect the match did not work. The entry point for AIX is no longer static - so a wrapper has been added to call the static version. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15636) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 2 +- Configurations/unix-Makefile.tmpl | 2 +- providers/fips/self_test.c | 16 +++++++++++++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index a07624e96b..138ad8a6ae 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1180,7 +1180,7 @@ my %targets = ( module_ldflags => "-Wl,-G,-bsymbolic,-bnoentry", shared_ldflag => "-Wl,-G,-bsymbolic,-bnoentry", shared_defflag => "-Wl,-bE:", - shared_fipsflag => "-Wl,-binitfini:init:cleanup", + shared_fipsflag => "-Wl,-binitfini:_init:_cleanup", perl_platform => 'AIX', }, "aix-gcc" => { diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 80f38dd1a2..ff04e65163 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1838,7 +1838,7 @@ EOF my @deps = compute_lib_depends(@{$args{deps}}); my $shared_def = join("", map { ' '.$target{shared_defflag}.$_ } @defs); # Next line needs to become "less magic" (see PR #11950) - $shared_def .= ' '.$target{shared_fipsflag} if (m/providers\/fips/ && defined $target{shared_fipsflag}); + $shared_def .= ' '.$target{shared_fipsflag} if (defined $target{shared_fipsflag} && $shared_def =~ m/providers\/fips/); my $objs = join(" \\\n\t\t", fill_lines(' ', $COLUMNS - 16, @objs)); my $deps = join(" \\\n" . ' ' x (length($dso) + 2), fill_lines(' ', $COLUMNS - length($dso) - 2, diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index a4d7a4ffe2..e6813e292d 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -105,10 +105,24 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) } return TRUE; } -#elif defined(__sun) || defined(_AIX) +#elif defined(__sun) # pragma init(init) # pragma fini(cleanup) +#elif defined(_AIX) +void _init(void); +void _cleanup(void); +# pragma init(_init) +# pragma fini(_cleanup) +void _init(void) +{ + init(); +} +void _cleanup(void) +{ + cleanup(); +} + #elif defined(__hpux) # pragma init "init" # pragma fini "cleanup" From dev at ddvo.net Tue Jun 8 05:48:54 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 08 Jun 2021 05:48:54 +0000 Subject: [openssl] master update Message-ID: <1623131334.309107.3255.nullmailer@dev.openssl.org> The branch master has been updated via 09345c8cab01d0030234a001c7b2d64eac1e75ae (commit) via 3cd4e5e73f8efc652c00fc8071b035bef7dc149c (commit) via f9ac6f6956a23bd89e1d6bc9b5dcbb3df06544a1 (commit) via 2576b9c31c66aabd2464a2c404a15421208607eb (commit) via f1343f45d6bf636b0778396bd6e2b68ff5884a3b (commit) via 62d2386bf8a8712e2b433e55f694ff898e4aded7 (commit) from 69e0f8cca691dc474300422c48e14713ace8dd2c (commit) - Log ----------------------------------------------------------------- commit 09345c8cab01d0030234a001c7b2d64eac1e75ae Author: Dr. David von Oheimb Date: Thu Mar 4 08:47:51 2021 +0100 Move trust-related decls from x509.h.in to x509_vfy.h.in Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13735) commit 3cd4e5e73f8efc652c00fc8071b035bef7dc149c Author: Dr. David von Oheimb Date: Thu Mar 4 07:36:21 2021 +0100 x509.h.in: extended 'documenting' comment on X509_TRUST_OK_ANY_EKU This hopefully alleviates the fact that the name is unclear/misleading. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13735) commit f9ac6f6956a23bd89e1d6bc9b5dcbb3df06544a1 Author: Dr. David von Oheimb Date: Wed Dec 23 23:29:04 2020 +0100 Improve the documentation of cert path building and validation Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13735) commit 2576b9c31c66aabd2464a2c404a15421208607eb Author: Dr. David von Oheimb Date: Mon Jan 4 08:50:42 2021 +0100 X509_STORE_CTX_new.pod and x509_vfy.h.in: rename some params for clarity, improve their doc Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13735) commit f1343f45d6bf636b0778396bd6e2b68ff5884a3b Author: Dr. David von Oheimb Date: Mon Jan 4 08:49:17 2021 +0100 x509_vfy.c: Improve a couple of internally documenting comments Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13735) commit 62d2386bf8a8712e2b433e55f694ff898e4aded7 Author: Dr. David von Oheimb Date: Mon Jan 4 08:48:24 2021 +0100 x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13735) ----------------------------------------------------------------------- Summary of changes: crypto/x509/build.info | 2 +- crypto/x509/v3_purp.c | 8 +- crypto/x509/{x509_trs.c => x509_trust.c} | 2 +- crypto/x509/x509_vfy.c | 20 +- doc/man1/openssl-verification-options.pod | 344 +++++++++++++++++++++++----- doc/man1/openssl-verify.pod.in | 43 ++-- doc/man1/openssl-x509.pod.in | 134 +---------- doc/man3/SSL_CTX_add1_chain_cert.pod | 7 +- doc/man3/SSL_CTX_load_verify_locations.pod | 15 +- doc/man3/SSL_CTX_set1_verify_cert_store.pod | 3 + doc/man3/X509_STORE_CTX_get_error.pod | 6 + doc/man3/X509_STORE_CTX_new.pod | 57 +++-- doc/man3/X509_STORE_add_cert.pod | 4 + doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 +- include/openssl/x509.h.in | 70 ------ include/openssl/x509_vfy.h.in | 77 ++++++- 16 files changed, 460 insertions(+), 334 deletions(-) rename crypto/x509/{x509_trs.c => x509_trust.c} (99%) diff --git a/crypto/x509/build.info b/crypto/x509/build.info index 05c8e3003b..8820f983bb 100644 --- a/crypto/x509/build.info +++ b/crypto/x509/build.info @@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\ x509_set.c x509cset.c x509rset.c x509_err.c \ x509name.c x509_v3.c x509_ext.c x509_att.c \ x509_meth.c x509_lu.c x_all.c x509_txt.c \ - x509_trs.c by_file.c by_dir.c by_store.c x509_vpm.c \ + x509_trust.c by_file.c by_dir.c by_store.c x509_vpm.c \ x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \ x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c \ v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_utf8.c v3_lib.c \ diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index bcec4194fa..a6ebbd5f94 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -894,10 +894,10 @@ static int no_check_purpose(const X509_PURPOSE *xp, const X509 *x, * This can be used to prune a set of possible issuer certificates which * have been looked up using some simple method such as by subject name. * These are: - * 1. Check issuer_name(subject) == subject_name(issuer) - * 2. If akid(subject) exists, check that it matches issuer - * 3. Check that issuer public key algorithm matches subject signature algorithm - * 4. Check that any key_usage(issuer) allows certificate signing + * 1. issuer_name(subject) == subject_name(issuer) + * 2. If akid(subject) exists, it matches the respective issuer fields. + * 3. subject signature algorithm == issuer public key algorithm + * 4. If key_usage(issuer) exists, it allows for signing subject. * Note that this does not include actually checking the signature. * Returns 0 for OK, or positive for reason for mismatch * where reason codes match those for X509_verify_cert(). diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trust.c similarity index 99% rename from crypto/x509/x509_trs.c rename to crypto/x509/x509_trust.c index bbde32af70..ff578aee73 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trust.c @@ -239,7 +239,7 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) static int trust_compat(X509_TRUST *trust, X509 *x, int flags) { - /* Call for side-effect of computing hash and caching extensions */ + /* Call for side-effect of setting EXFLAG_SS for self-signed-certs */ if (X509_check_purpose(x, -1, 0) != 1) return X509_TRUST_UNTRUSTED; if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && (x->ex_flags & EXFLAG_SS)) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index bb54a064bc..f020d4864d 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -356,8 +356,8 @@ static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer) return 0; } -/* - * Alternative lookup method: look from a STACK stored in other_ctx. +/*- + * Alternative get_issuer method: look up from a STACK_OF(X509) in other_ctx. * Returns -1 on internal error. */ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) @@ -368,7 +368,10 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return 0; } -/* Returns NULL on internal error (such as out of memory) */ +/*- + * Alternative lookup method: look from a STACK stored in other_ctx. + * Returns NULL on internal error (such as out of memory). + */ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, const X509_NAME *nm) { @@ -834,7 +837,7 @@ static int check_trust(X509_STORE_CTX *ctx, int num_untrusted) for (i = num_untrusted; i < num; i++) { x = sk_X509_value(ctx->chain, i); trust = X509_check_trust(x, ctx->param->trust, 0); - /* If explicitly trusted return trusted */ + /* If explicitly trusted (so not neutral nor rejected) return trusted */ if (trust == X509_TRUST_TRUSTED) goto trusted; if (trust == X509_TRUST_REJECTED) @@ -1816,7 +1819,7 @@ static int internal_verify(X509_STORE_CTX *ctx) } } - /* in addition to RFC 5280, do also for trusted (root) cert */ + /* In addition to RFC 5280 requirements do also for trust anchor cert */ /* Calls verify callback as needed */ if (!ossl_x509_check_cert_time(ctx, xs, n)) return 0; @@ -2451,8 +2454,8 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, } /* - * Set alternative lookup method: just a STACK of trusted certificates. This - * avoids X509_STORE nastiness where it isn't needed. + * Set alternative get_issuer method: just from a STACK of trusted certificates. + * This avoids the complexity of X509_STORE where it is not needed. */ void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) { @@ -3004,7 +3007,8 @@ static int build_chain(X509_STORE_CTX *ctx) #define S_DOTRUSTED (1 << 1) /* Search trusted store */ #define S_DOALTERNATE (1 << 2) /* Retry with pruned alternate chain */ /* - * Set up search policy, untrusted if possible, trusted-first if enabled. + * Set up search policy, untrusted if possible, trusted-first if enabled, + * which is the default. * If we're doing DANE and not doing PKIX-TA/PKIX-EE, we never look in the * trust_store, otherwise we might look there first. If not trusted-first, * and alternate chains are not disabled, try building an alternate chain diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod index bc7658a9f9..1c91c77852 100644 --- a/doc/man1/openssl-verification-options.pod +++ b/doc/man1/openssl-verification-options.pod @@ -13,51 +13,156 @@ I =head1 DESCRIPTION -Many OpenSSL commands and various other uses of the crypto library function -L verify X.509 certificates. The details of how each -command handles errors are documented on the specific command page. +There are many situations where X.509 certificates are verified +within the OpenSSL libraries and in various OpenSSL commands. + +Certificate verification is implemented by L. +It is a complicated process consisting of a number of steps +and depending on numerous options. +The most important of them are detailed in the following sections. + +In a nutshell, a valid chain of certifciates needs to be built up and verified +starting from the I that is to be verified +and ending in a certificate that due to some policy is trusted. +Verification is done relative to the given I, which is the intended use +of the target certificate, such as SSL server, or by default for any purpose. + +The details of how each OpenSSL command handles errors +are documented on the specific command page. + +DANE support is documented in L, +L, L, +L, and L. + +=head2 Trust Anchors + +In general, according to RFC 4158 and RFC 5280, a I is +any public key and related subject distinguished name (DN) that +for some reason is considered trusted +and thus is acceptable as the root of a chain of certificates. + +In practice, trust anchors are given in the form of certificates, +where their essential fields are the public key and the subject DN. +In addition to the requirements in RFC 5280, +OpenSSL checks the validity period of such certificates +and makes use of some further fields. +In particular, the subject key identifier extension, if present, +is used for matching trust anchors during chain building. + +In the most simple and common case, trust anchors are by default +all self-signed "root" CA certificates that are placed in the I, +which is a collection of certificates that are trusted for certain uses. +This is akin to what is used in the trust stores of Mozilla Firefox, +or Apple's and Microsoft's certificate stores, ... + +From the OpenSSL perspective, a trust anchor is a certificate +that should be augmented with an explicit designation for which +uses of a target certificate the certificate may serve as a trust anchor. +In PEM encoding, this is indicated by the C string. +Such a designation provides a set of positive trust attributes +explicitly stating trust for the listed purposes +and/or a set of negative trust attributes +explicitly rejecting the use for the listed purposes. +The purposes are encoded using the values defined for the extended key usages +(EKUs) that may be given in X.509 extensions of end-entity certificates. +See also the L section below. + +The currently recognized uses are +B (SSL client use), B (SSL server use), +B (S/MIME email use), B (object signer use), +B (OCSP responder use), B (OCSP request use), +B (TSA server use), and B. +As of OpenSSL 1.1.0, the last of these blocks all uses when rejected or +enables all uses when trusted. + +A certificate, which may be CA certificate or an end-entity certificate, +is considered a trust anchor for the given use +if and only if all the following conditions hold: -Certificate verification is a complicated process, consisting of -a number of separate steps that are detailed in the following paragraphs. +=over 4 + +=item * + +It is an an element of the trust store. + +=item * + +It does not have a negative trust attribute rejecting the given use. + +=item * + +It has a positive trust attribute accepting the given use +or (by default) one of the following compatibilty conditions apply: +It is self-signed or the B<-partial_chain> option is given +(which corresponds to the B flag being set). + +=back + +=head2 Certification Path Building First, a certificate chain is built up starting from the target certificate -and typically ending in a self-signed "root" CA certificate. -It is an error if the whole chain cannot be built up -unless the B<-partial_chain> option is given. +and ending in a trust anchor. + The chain is built up iteratively, looking up in turn -the certificate of the signer ("issuer") of the current certificate. -If a certificate is found that appears to be its own issuer -it is assumed to be the self-signed root, which must be trusted. - -The process of looking up the issuer's certificate itself involves a number -of steps. -All available certificates with a subject name that matches the issuer -name of the current certificate are subject to further tests. -The relevant authority key identifier components of the current certificate -(if present) must match the subject key identifier (if present) -and issuer and serial number of the candidate issuer certificate. +a certificate with suitable key usage that +matches as an issuer of the current "subject" certificate as described below. If there is such a certificate, the first one found that is currently valid is taken, otherwise the one that expired most recently of all such certificates. +For efficiency, no backtracking is performed, thus +any further candidate issuer certificates that would match equally are ignored. + +When a self-signed certificate has been added, chain construction stops. +In this case it must fully match a trust anchor, otherwise chain building fails. + +A candidate issuer certificate matches a subject certificate +if all of the following conditions hold: + +=over 4 + +=item * + +Its subject name matches the issuer name of the subject certificate. + +=item * + +If the subject certificate has an authority key identifier extension, +each of its sub-fields equals the corresponding subject key identifier, serial +number, and issuer field of the candidate issuer certificate, +as far as the respective fields are present in both certificates. + +item * + +The certificate signature algorithm used to sign the subject certificate +is supported and +equals the public key algorithm of the candidate issuer certificate. + +=back The lookup first searches for issuer certificates in the trust store. If it does not find a match there it consults -the list of untrusted "intermediate" CA certificates (if provided). -The last certificate (which typically is of a root CA) is always looked up -in the trusted certificate list; an exact match must be found there. +the list of untrusted ("intermediate" CA) certificates, if provided. + +=head2 Certification Path Validation + +When the certificate chain building process was successful +the chain components and their links are checked thoroughly. + +The first step is to check that each certificate is well-formed. +Part of these checks are enabled only if the B<-x509_strict> option is given. The second step is to check the extensions of every untrusted certificate -for consistency with the supplied purpose. -If the B<-purpose> option is not included then no checks are done. -The target or "leaf" certificate must have extensions compatible with the -supplied purpose and all other certificates must also be valid CA certificates. +for consistency with the given purpose. +If the B<-purpose> option is not included then no such checks are done. +The target certificate must not have an EKU extension that is incompatible with +the given purpose, and all other certificates must be valid CA certificates. The precise extensions required are described in more detail in L. -The third step is to check the trust settings on the last certficate, -typically of a root CA. -It should be trusted for the supplied purpose. -For compatibility with previous versions of OpenSSL, -a certificate with no trust settings is considered to be valid for all purposes. +The third step is to check the trust settings on the last certificate +(which typically is a self-signed root CA certificate). +It must be trusted for the given use. +For compatibility with previous versions of OpenSSL, a self-signed certificate +with no trust attributes is considered to be valid for all uses. The fourth, and final, step is to check the validity of the certificate chain. For each element in the chain, including the root CA certificate, @@ -78,23 +183,25 @@ valid. If any operation fails then the certificate is not valid. =head2 Trusted Certificate Options -The following options specify how to select the trusted root certificates, -also known as trust anchors. -A collection of trusted roots is called a I. +The following options specify how to supply the certificates +that can be used as trust anchors for certain uses. +As mentioned, a collection of such certificates is called a I. Note that OpenSSL does not provide a default set of trust anchors. Many Linux distributions include a system default and configure OpenSSL to point to that. Mozilla maintains an influential trust store that can be found at L. -The certificates to trust can be specified using following options. +The certificates to add to the trust store +can be specified using following options. =over 4 =item B<-CAfile> I -Load the specified file which contains one or more PEM-format certificates -of CA's that are trusted. +Load the specified file which contains a certificate +or several of them in case the input is in PEM or PKCS#12 format. +PEM-encoded certificates may also have trust attributes set. =item B<-no-CAfile> @@ -102,8 +209,9 @@ Do not load the default file of trusted certificates. =item B<-CApath> I

-Use the specified directory as a list of trust certificates. That is, -files should be named with the hash of the X.509 SubjectName of each +Use the specified directory as a collection of trusted certificates, +i.e., a trust store. +Files should be named with the hash value of the X.509 SubjectName of each certificate. This is so that the library can extract the IssuerName, hash it, and directly lookup the file to get the issuer certificate. See L for information on creating this type of directory. @@ -114,8 +222,8 @@ Do not use the default directory of trusted certificates. =item B<-CAstore> I -Use I as a store of trusted CA certificates. The URI may -indicate a single certificate, as well as a collection of them. +Use I as a store of CA certificates. +The URI may indicate a single certificate, as well as a collection of them. With URIs in the C scheme, this acts as B<-CAfile> or B<-CApath>, depending on if the URI indicates a single file or directory. @@ -127,7 +235,7 @@ chain (for example with L). =item B<-no-CAstore> -Do not use the default store. +Do not use the default store of trusted CA certificates. =back @@ -267,9 +375,10 @@ keys shorter than 1024 bits. =item B<-partial_chain> -Allow verification to succeed even if a I chain cannot be built to a -self-signed trust-anchor, provided it is possible to construct a chain to a -trusted certificate that might not be self-signed. +Allow verification to succeed if an incomplete chain can be built. +That is, a chain ending in a certificate that normally would not be trusted +(because it has no matching positive trust attributes and is not self-signed) +but is an element of the trust store. This certificate may be self-issued or belong to an intermediate CA. =item B<-check_ss_sig> @@ -299,20 +408,20 @@ effect. =item B<-trusted> I -Parse I as a set of one or more certificates in PEM format. -All certificates must be self-signed, unless the -B<-partial_chain> option is specified. +Parse I as a set of one or more certificates. +Each of them qualifies as trusted if has a suitable positive trust attribute +or it is self-signed or the B<-partial_chain> option is specified. This option implies the B<-no-CAfile>, B<-no-CApath>, and B<-no-CAstore> options and it cannot be used with the B<-CAfile>, B<-CApath> or B<-CAstore> options, so -only certificates in the file are trust anchors. +only certificates specified using the B<-trusted> option are trust anchors. This option may be used multiple times. =item B<-untrusted> I -Parse I as a set of one or more certificates in PEM format. -All certificates are untrusted certificates (typically of intermedate CAs) -that may be used to -construct a certificate chain from the subject certificate to a trust anchor. +Parse I as a set of one or more certificates. +All certificates (typically of intermediate CAs) are considered untrusted +and may be used to +construct a certificate chain from the target certificate to a trust anchor. This option may be used multiple times. =item B<-policy> I @@ -346,7 +455,8 @@ Set policy variable inhibit-policy-mapping (see RFC5280). The intended use for the certificate. If this option is not specified, this command will not consider certificate purpose during chain verification. Currently accepted uses are B, B, B, -B, B. +B, B, B, B, B, +and . =item B<-verify_depth> I @@ -376,7 +486,8 @@ Use default verification policies like trust model and required certificate policies identified by I. The trust model determines which auxiliary trust or reject OIDs are applicable to verifying the given certificate chain. -See the B<-addtrust> and B<-addreject> options for L. +They can be given using the B<-addtrust> and B<-addreject> options +for L. Supported policy names include: B, B, B, B, B. These mimics the combinations of purpose and trust settings used in SSL, CMS @@ -426,6 +537,128 @@ This option has no effect and is retained for backward compatibility only. =back +=head2 Certificate Extensions + +Options like B<-purpose> lead to checking the certificate extensions, +which determine what the target certificate and intermediate CA certificates +can be used for. + +=head3 Basic Constraints + +The basicConstraints extension CA flag is used to determine whether the +certificate can be used as a CA. If the CA flag is true then it is a CA, +if the CA flag is false then it is not a CA. B CAs should have the +CA flag set to true. + +If the basicConstraints extension is absent, +which includes the case that it is an X.509v1 certificate, +then the certificate is considered to be a "possible CA" and +other extensions are checked according to the intended use of the certificate. +The treatment of certificates without basicConstraints as a CA +is presently supported, but this could change in the future. + +=head3 Key Usage + +If the keyUsage extension is present then additional restraints are +made on the uses of the certificate. A CA certificate B have the +keyCertSign bit set if the keyUsage extension is present. + +=head3 Extended Key Usage + +The extKeyUsage (EKU) extension places additional restrictions on the +certificate uses. If this extension is present (whether critical or not) +the key can only be used for the purposes specified. + +A complete description of each check is given below. The comments about +basicConstraints and keyUsage and X.509v1 certificates above apply to B +CA certificates. + + +=over 4 + +=item B + +The extended key usage extension must be absent or include the "web client +authentication" OID. The keyUsage extension must be absent or it must have the +digitalSignature bit set. The Netscape certificate type must be absent +or it must have the SSL client bit set. + +=item B + +The extended key usage extension must be absent or include the "web client +authentication" OID. +The Netscape certificate type must be absent or it must have the SSL CA bit set. +This is used as a work around if the basicConstraints extension is absent. + +=item B + +The extended key usage extension must be absent or include the "web server +authentication" and/or one of the SGC OIDs. The keyUsage extension must be +absent or it +must have the digitalSignature, the keyEncipherment set or both bits set. +The Netscape certificate type must be absent or have the SSL server bit set. + +=item B + +The extended key usage extension must be absent or include the "web server +authentication" and/or one of the SGC OIDs. The Netscape certificate type must +be absent or the SSL CA bit must be set. +This is used as a work around if the basicConstraints extension is absent. + +=item B + +For Netscape SSL clients to connect to an SSL server it must have the +keyEncipherment bit set if the keyUsage extension is present. This isn't +always valid because some cipher suites use the key for digital signing. +Otherwise it is the same as a normal SSL server. + +=item B + +The extended key usage extension must be absent or include the "email +protection" OID. The Netscape certificate type must be absent or should have the +S/MIME bit set. If the S/MIME bit is not set in the Netscape certificate type +then the SSL client bit is tolerated as an alternative but a warning is shown. +This is because some Verisign certificates don't set the S/MIME bit. + +=item B + +In addition to the common S/MIME client tests the digitalSignature bit or +the nonRepudiation bit must be set if the keyUsage extension is present. + +=item B + +In addition to the common S/MIME tests the keyEncipherment bit must be set +if the keyUsage extension is present. + +=item B + +The extended key usage extension must be absent or include the "email +protection" OID. The Netscape certificate type must be absent or must have the +S/MIME CA bit set. +This is used as a work around if the basicConstraints extension is absent. + +=item B + +The keyUsage extension must be absent or it must have the CRL signing bit +set. + +=item B + +The normal CA tests apply. Except in this case the basicConstraints extension +must be present. + +=back + +=head1 BUGS + +The issuer checks still suffer from limitations in the underlying X509_LOOKUP +API. One consequence of this is that trusted certificates with matching +subject name must appear in a file (as specified by the B<-CAfile> option), +a directory (as specified by B<-CApath>), +or a store (as specified by B<-CAstore>). +If there are multiple such matches, possibly in multiple locations, +only the first one (in the mentioned order of locations) is recognised. + =head1 SEE ALSO L, @@ -438,7 +671,6 @@ L, L, L - =head1 HISTORY The checks enabled by B<-x509_strict> have been extended in OpenSSL 3.0. diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in index ef9ced3a5c..7e51af6eac 100644 --- a/doc/man1/openssl-verify.pod.in +++ b/doc/man1/openssl-verify.pod.in @@ -9,12 +9,12 @@ openssl-verify - certificate verification command B B [B<-help>] -[B<-CRLfile> I] +[B<-CRLfile> I|I] [B<-crl_download>] [B<-show_chain>] [B<-verbose>] -[B<-trusted> I] -[B<-untrusted> I] +[B<-trusted> I|I] +[B<-untrusted> I|I] [B<-vfyopt> I:I] {- $OpenSSL::safe::opt_name_synopsis -} {- $OpenSSL::safe::opt_trust_synopsis -} @@ -36,11 +36,11 @@ problems, this program attempts to display all of them. Print out a usage message. -=item B<-CRLfile> I +=item B<-CRLfile> I|I The file or URI should contain one or more CRLs in PEM or DER format. This option can be specified more than once to include CRLs from multiple -Is. +sources. =item B<-crl_download> @@ -56,19 +56,19 @@ flagged as "untrusted". Print extra information about the operations being performed. -=item B<-trusted> I +=item B<-trusted> I|I + +A file or URI of (more or less) trusted certificates. +See L for more information on trust settings. -A file or URI of trusted certificates in PEM, DER, or PKCS#12 format. This option can be specified more than once to load certificates from multiple -Is. +sources. -=item B<-untrusted> I +=item B<-untrusted> I|I -A file or URI of untrusted certificates in PEM, DER, or PKCS#12 format -to use for chain building. +A file or URI of untrusted certificates to use for chain building. This option can be specified more than once to load certificates from multiple -Is. - +sources. =item B<-vfyopt> I:I @@ -126,23 +126,6 @@ F<< >>. This command ignores many errors, in order to allow all the problems with a certificate chain to be determined. -=head1 BUGS - -Although the issuer checks are a considerable improvement over the old -technique they still suffer from limitations in the underlying X509_LOOKUP -API. One consequence of this is that trusted certificates with matching -subject name must either appear in a file (as specified by the B<-CAfile> -option), a directory (as specified by B<-CApath>), or a store (as specified -by B<-CAstore>). If they occur in more than one location then only the -certificates in the file will be recognised. - -Previous versions of OpenSSL assume certificates with matching subject -name are identical and mishandled them. - -Previous versions of this documentation swapped the meaning of the -B and -B error codes. - =head1 SEE ALSO L, diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 24c7a5a34a..65b6487481 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -305,9 +305,9 @@ Prints the OCSP responder address(es) if any. =item B<-purpose> -This option performs tests on the certificate extensions and prints -the results. For a more complete description see the -L section. +This option performs tests on the certificate extensions and outputs +the results. For a more complete description see +L. =item B<-pubkey> @@ -518,7 +518,7 @@ Trust settings currently are only used with a root CA. They allow a finer control over the purposes the root CA can be used for. For example, a CA may be trusted for SSL client but not SSL server use. -See the description in L for more information +See L for more information on the meaning of trust settings. Future versions of OpenSSL will recognize trust settings on any @@ -545,13 +545,10 @@ Clears all the permitted or trusted uses of the certificate. =item B<-addtrust> I -Adds a trusted certificate use. -Any object name can be used here but currently only B (SSL client -use), B (SSL server use), B (S/MIME email) -and B are used. -As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or -enables all purposes when trusted. -Other OpenSSL applications may define additional uses. +Adds an allowed trust anchor purpose. +Any object name can be used here but currently only those +listed in L are supported. +Other OpenSSL applications may define additional purposes. =item B<-clrreject> @@ -559,7 +556,7 @@ Clears all the prohibited or rejected uses of the certificate. =item B<-addreject> I -Adds a prohibited use. +Adds a prohibited trust anchor purpose. It accepts the same values as the B<-addtrust> option. =back @@ -732,119 +729,6 @@ The B<-email> option searches the subject name and the subject alternative name extension. Only unique email addresses will be printed out: it will not print the same address more than once. -=head1 CERTIFICATE EXTENSIONS - -The B<-purpose> option checks the certificate extensions and determines -what the certificate can be used for. The actual checks done are rather -complex and include various hacks and workarounds to handle broken -certificates and software. - -The same code is used when verifying untrusted certificates in chains -so this section is useful if a chain is rejected by the verify code. - -The basicConstraints extension CA flag is used to determine whether the -certificate can be used as a CA. If the CA flag is true then it is a CA, -if the CA flag is false then it is not a CA. B CAs should have the -CA flag set to true. - -If the basicConstraints extension is absent then the certificate is -considered to be a "possible CA" other extensions are checked according -to the intended use of the certificate. A warning is given in this case -because the certificate should really not be regarded as a CA: however -it is allowed to be a CA to work around some broken software. - -If the certificate is a V1 certificate (and thus has no extensions) and -it is self-signed it is also assumed to be a CA but a warning is again -given: this is to work around the problem of Verisign roots which are V1 -self-signed certificates. - -If the keyUsage extension is present then additional restraints are -made on the uses of the certificate. A CA certificate B have the -keyCertSign bit set if the keyUsage extension is present. - -The extended key usage extension places additional restrictions on the -certificate uses. If this extension is present (whether critical or not) -the key can only be used for the purposes specified. - -A complete description of each test is given below. The comments about -basicConstraints and keyUsage and V1 certificates above apply to B -CA certificates. - - -=over 4 - -=item B - -The extended key usage extension must be absent or include the "web client -authentication" OID. keyUsage must be absent or it must have the -digitalSignature bit set. Netscape certificate type must be absent or it must -have the SSL client bit set. - -=item B - -The extended key usage extension must be absent or include the "web client -authentication" OID. Netscape certificate type must be absent or it must have -the SSL CA bit set: this is used as a work around if the basicConstraints -extension is absent. - -=item B - -The extended key usage extension must be absent or include the "web server -authentication" and/or one of the SGC OIDs. keyUsage must be absent or it -must have the digitalSignature, the keyEncipherment set or both bits set. -Netscape certificate type must be absent or have the SSL server bit set. - -=item B - -The extended key usage extension must be absent or include the "web server -authentication" and/or one of the SGC OIDs. Netscape certificate type must -be absent or the SSL CA bit must be set: this is used as a work around if the -basicConstraints extension is absent. - -=item B - -For Netscape SSL clients to connect to an SSL server it must have the -keyEncipherment bit set if the keyUsage extension is present. This isn't -always valid because some cipher suites use the key for digital signing. -Otherwise it is the same as a normal SSL server. - -=item B - -The extended key usage extension must be absent or include the "email -protection" OID. Netscape certificate type must be absent or should have the -S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type -then the SSL client bit is tolerated as an alternative but a warning is shown: -this is because some Verisign certificates don't set the S/MIME bit. - -=item B - -In addition to the common S/MIME client tests the digitalSignature bit or -the nonRepudiation bit must be set if the keyUsage extension is present. - -=item B - -In addition to the common S/MIME tests the keyEncipherment bit must be set -if the keyUsage extension is present. - -=item B - -The extended key usage extension must be absent or include the "email -protection" OID. Netscape certificate type must be absent or must have the -S/MIME CA bit set: this is used as a work around if the basicConstraints -extension is absent. - -=item B - -The keyUsage extension must be absent or it must have the CRL signing bit -set. - -=item B - -The normal CA tests apply. Except in this case the basicConstraints extension -must be present. - -=back - =head1 BUGS It is possible to produce invalid certificates or requests by specifying the diff --git a/doc/man3/SSL_CTX_add1_chain_cert.pod b/doc/man3/SSL_CTX_add1_chain_cert.pod index cd6beb311a..81394f1ad5 100644 --- a/doc/man3/SSL_CTX_add1_chain_cert.pod +++ b/doc/man3/SSL_CTX_add1_chain_cert.pod @@ -52,8 +52,9 @@ SSL_CTX_clear_chain_certs() clears any existing chain associated with the current certificate of B. (This is implemented by calling SSL_CTX_set0_chain() with B set to B). -SSL_CTX_build_cert_chain() builds the certificate chain for B normally -this uses the chain store or the verify store if the chain store is not set. +SSL_CTX_build_cert_chain() builds the certificate chain for B. +Normally this uses the chain store +or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. The B parameter can be set to B to use existing chain certificates as untrusted CAs, B @@ -63,6 +64,8 @@ sanity checking and rearranging them if necessary), the flag B ignores any errors during verification: if flag B is also set verification errors are cleared from the error queue. +Details of the chain building process are described in +L. Each of these functions operates on the I end entity (i.e. server or client) certificate. This is the last certificate loaded or diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod index 7408a2080d..da64738700 100644 --- a/doc/man3/SSL_CTX_load_verify_locations.pod +++ b/doc/man3/SSL_CTX_load_verify_locations.pod @@ -33,6 +33,9 @@ locations for B, at which CA certificates for verification purposes are located. The certificates available via B, B and B are trusted. +Details of the certificate verification and chain checking process are +described in L. + SSL_CTX_set_default_verify_paths() specifies that the default locations from which CA certificates are loaded should be used. There is one default directory, one default file and one default store. @@ -85,14 +88,10 @@ The certificates in B are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate. -When looking up CA certificates, the OpenSSL library will first search the -certificates in B, then those in B. Certificate matching -is done based on the subject name, the key identifier (if present), and the -serial number as taken from the certificate to be verified. If these data -do not match, the next certificate will be tried. If a first certificate -matching the parameters is found, the verification process will be performed; -no other certificates for the same parameters will be searched in case of -failure. +When looking up CA certificates for chain building, the OpenSSL library +will search for suitable certificates first in B, then in B. +Details of the chain building process are described in +L. If B is not NULL, it's a URI for to a store, which may represent a single container or a whole catalogue of containers. diff --git a/doc/man3/SSL_CTX_set1_verify_cert_store.pod b/doc/man3/SSL_CTX_set1_verify_cert_store.pod index 780a3c72fa..d83fff9b2f 100644 --- a/doc/man3/SSL_CTX_set1_verify_cert_store.pod +++ b/doc/man3/SSL_CTX_set1_verify_cert_store.pod @@ -52,6 +52,9 @@ the server's certificate chain and a SSL/TLS server will use it to verify any client certificate chain. The chain store is used to build the certificate chain. +Details of the chain building and checking process are described in +L and +L. If the mode B is set or a certificate chain is configured already (for example using the functions such as diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index fad51ea756..023025afca 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -460,6 +460,12 @@ If an unrecognised error code is passed to X509_verify_cert_error_string() the numerical value of the unknown code is returned in a static buffer. This is not thread safe but will never happen unless an invalid code is passed. +=head1 BUGS + +Previous versions of this documentation swapped the meaning of the +B and +B error codes. + =head1 SEE ALSO L, L, diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index f2f6a01c44..b982dc9c7e 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -5,10 +5,10 @@ X509_STORE_CTX_new_ex, X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, -X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, +X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, X509_STORE_CTX_verify_fn @@ -24,24 +24,24 @@ X509_STORE_CTX_verify_fn void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, - X509 *target, STACK_OF(X509) *chain); + X509 *target, STACK_OF(X509) *untrusted); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); - void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); - STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); - void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); - int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); int X509_STORE_CTX_get_num_untrusted(const X509_STORE_CTX *ctx); + STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); + void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); + int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); @@ -66,7 +66,6 @@ X509_STORE_CTX_free() completely frees up I. After this call I is no longer valid. If I is NULL nothing is done. -X509_STORE_CTX_init() sets up I for a subsequent verification operation. It must be called before each call to L or L, i.e., a context is only good for one verification. If you want to verify a further certificate or chain with the same I @@ -75,9 +74,9 @@ The trusted certificate store is set to I of type B. This may be NULL because there are no trusted certificates or because they are provided simply as a list using X509_STORE_CTX_set0_trusted_stack(). The certificate to be verified is set to I, -and a list of additional certificates may be provided in I, +and a list of additional certificates may be provided in I, which will be untrusted but may be used to build the chain. -Each of the I, I and I parameters can be NULL. +Each of the I, I and I parameters can be NULL. Yet note that L and L will need a verification target. This can also be set using X509_STORE_CTX_set_cert(). @@ -87,17 +86,18 @@ this can be also set indirectly using X509_STORE_CTX_set0_untrusted(). X509_STORE_CTX_set0_trusted_stack() sets the set of trusted certificates of I to I. This is an alternative way of specifying trusted certificates -instead of using an B. +instead of using an B where its complexity is not needed +or to make sure that only the given set I of certificates are trusted. X509_STORE_CTX_set_cert() sets the target certificate to be verified in I -to I. +to I. + +X509_STORE_CTX_set0_verified_chain() sets the validated chain to I. +Ownership of the chain is transferred to I, +and so it should not be free'd by the caller. -X509_STORE_CTX_set0_verified_chain() sets the validated chain used -by I to be I. -Ownership of the chain is transferred to I and should not be -free'd by the caller. X509_STORE_CTX_get0_chain() returns the internal pointer used by the -I that contains the validated chain. +I that contains the constructed (output) chain. X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate verification to I. These CRLs will only be used if CRL verification is @@ -108,6 +108,9 @@ for example in a PKCS#7 structure. X509_STORE_CTX_get0_param() retrieves an internal pointer to the verification parameters associated with I. +X509_STORE_CTX_set0_param() sets the internal verification parameter pointer +to I. After this call B should not be used. + X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the stack of untrusted certificates associated with I. @@ -116,17 +119,27 @@ of untrusted certificates associated with I to I. X509_STORE_CTX_verify() will take the first element, if any, as its default target if the target certificate is not set explicitly. -X509_STORE_CTX_set0_param() sets the internal verification parameter pointer -to I. After this call B should not be used. +X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates +that were used in building the chain. +This is can be used after calling L and similar functions. +With L, this does not count the first chain element. + +X509_STORE_CTX_get0_chain() returns the internal pointer used by the +I that contains the validated chain. + +Details of the chain building and checking process are described in +L and +L. + +X509_STORE_CTX_set0_verified_chain() sets the validated chain used +by I to be I. +Ownership of the chain is transferred to I, +and so it should not be free'd by the caller. X509_STORE_CTX_set_default() looks up and sets the default verification method to I. This uses the function X509_VERIFY_PARAM_lookup() to find an appropriate set of parameters from I. -X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates -that were used in building the chain following a call to L. -With L, this does not count the first chain element. - X509_STORE_CTX_set_verify() provides the capability for overriding the default verify function. This function is responsible for verifying chain signatures and expiration times. diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod index b1034a3c09..f53a345621 100644 --- a/doc/man3/X509_STORE_add_cert.pod +++ b/doc/man3/X509_STORE_add_cert.pod @@ -53,6 +53,10 @@ It admits multiple lookup mechanisms and efficient scaling performance with large numbers of certificates, and a great deal of flexibility in how validation and policy checks are performed. +Details of the chain building and checking process are described in +L and +L. + L creates an empty B structure, which contains no information about trusted certificates or where such certificates are located on disk, and is generally not usable. Normally, trusted diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 6265915d9c..9eedb339d1 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -317,7 +317,7 @@ trust store to be treated as trust anchors, in the same way as self-signed root CA certificates. This makes it possible to trust self-issued certificates as well as certificates issued by an intermediate CA without having to trust their ancestor root CA. -With OpenSSL 1.1.0 and later and set, chain +With OpenSSL 1.1.0 and later and B set, chain construction stops as soon as the first certificate contained in the trust store is added to the chain, whether that certificate is a self-signed "root" certificate or a not self-signed "intermediate" or self-issued certificate. diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 38c7b42c22..39aae063f6 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -111,54 +111,6 @@ typedef struct X509_req_st X509_REQ; typedef struct x509_cert_aux_st X509_CERT_AUX; typedef struct x509_cinf_st X509_CINF; -/* This is used for a table of trust checking functions */ - -typedef struct x509_trust_st { - int trust; - int flags; - int (*check_trust) (struct x509_trust_st *, X509 *, int); - char *name; - int arg1; - void *arg2; -} X509_TRUST; -{- - generate_stack_macros("X509_TRUST"); --} - - -/* standard trust ids */ - -# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ - -# define X509_TRUST_COMPAT 1 -# define X509_TRUST_SSL_CLIENT 2 -# define X509_TRUST_SSL_SERVER 3 -# define X509_TRUST_EMAIL 4 -# define X509_TRUST_OBJECT_SIGN 5 -# define X509_TRUST_OCSP_SIGN 6 -# define X509_TRUST_OCSP_REQUEST 7 -# define X509_TRUST_TSA 8 - -/* Keep these up to date! */ -# define X509_TRUST_MIN 1 -# define X509_TRUST_MAX 8 - -/* trust_flags values */ -# define X509_TRUST_DYNAMIC (1U << 0) -# define X509_TRUST_DYNAMIC_NAME (1U << 1) -/* No compat trust if self-signed, preempts "DO_SS" */ -# define X509_TRUST_NO_SS_COMPAT (1U << 2) -/* Compat trust if no explicit accepted trust EKUs */ -# define X509_TRUST_DO_SS_COMPAT (1U << 3) -/* Accept "anyEKU" as a wildcard trust OID */ -# define X509_TRUST_OK_ANY_EKU (1U << 4) - -/* check_trust return codes */ - -# define X509_TRUST_TRUSTED 1 -# define X509_TRUST_REJECTED 2 -# define X509_TRUST_UNTRUSTED 3 - /* Flags for X509_print_ex() */ # define X509_FLAG_COMPAT 0 @@ -625,21 +577,10 @@ ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x); void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *d_id); ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x); -int X509_trusted(const X509 *x); int X509_alias_set1(X509 *x, const unsigned char *name, int len); int X509_keyid_set1(X509 *x, const unsigned char *id, int len); unsigned char *X509_alias_get0(X509 *x, int *len); unsigned char *X509_keyid_get0(X509 *x, int *len); -int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, - int); -int X509_TRUST_set(int *t, int trust); -int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); -int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); -void X509_trust_clear(X509 *x); -void X509_reject_clear(X509 *x); - -STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); -STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); DECLARE_ASN1_FUNCTIONS(X509_REVOKED) DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) @@ -1134,17 +1075,6 @@ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, X509_ALGOR **pa, const X509_PUBKEY *pub); int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b); -int X509_check_trust(X509 *x, int id, int flags); -int X509_TRUST_get_count(void); -X509_TRUST *X509_TRUST_get0(int idx); -int X509_TRUST_get_by_id(int id); -int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), - const char *name, int arg1, void *arg2); -void X509_TRUST_cleanup(void); -int X509_TRUST_get_flags(const X509_TRUST *xp); -char *X509_TRUST_get0_name(const X509_TRUST *xp); -int X509_TRUST_get_trust(const X509_TRUST *xp); - # ifdef __cplusplus } # endif diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in index 126c1d658a..80f18bd787 100644 --- a/include/openssl/x509_vfy.h.in +++ b/include/openssl/x509_vfy.h.in @@ -72,11 +72,76 @@ typedef enum { .generate_stack_macros("X509_VERIFY_PARAM"); -} +/* This is used for a table of trust checking functions */ +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust) (struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; +{- + generate_stack_macros("X509_TRUST"); +-} + +/* standard trust ids */ +# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ +# define X509_TRUST_COMPAT 1 +# define X509_TRUST_SSL_CLIENT 2 +# define X509_TRUST_SSL_SERVER 3 +# define X509_TRUST_EMAIL 4 +# define X509_TRUST_OBJECT_SIGN 5 +# define X509_TRUST_OCSP_SIGN 6 +# define X509_TRUST_OCSP_REQUEST 7 +# define X509_TRUST_TSA 8 +/* Keep these up to date! */ +# define X509_TRUST_MIN 1 +# define X509_TRUST_MAX 8 + +/* trust_flags values */ +# define X509_TRUST_DYNAMIC (1U << 0) +# define X509_TRUST_DYNAMIC_NAME (1U << 1) +/* No compat trust if self-signed, preempts "DO_SS" */ +# define X509_TRUST_NO_SS_COMPAT (1U << 2) +/* Compat trust if no explicit accepted trust EKUs */ +# define X509_TRUST_DO_SS_COMPAT (1U << 3) +/* Accept "anyEKU" as a wildcard rejection OID and as a wildcard trust OID */ +# define X509_TRUST_OK_ANY_EKU (1U << 4) + +/* check_trust return codes */ +# define X509_TRUST_TRUSTED 1 +# define X509_TRUST_REJECTED 2 +# define X509_TRUST_UNTRUSTED 3 + +int X509_TRUST_set(int *t, int trust); +int X509_TRUST_get_count(void); +X509_TRUST *X509_TRUST_get0(int idx); +int X509_TRUST_get_by_id(int id); +int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2); +void X509_TRUST_cleanup(void); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +int X509_trusted(const X509 *x); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); + +int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); +int X509_check_trust(X509 *x, int id, int flags); + +int X509_verify_cert(X509_STORE_CTX *ctx); +int X509_STORE_CTX_verify(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_build_chain(X509 *target, STACK_OF(X509) *certs, X509_STORE *store, int with_self_signed, OSSL_LIB_CTX *libctx, const char *propq); -int X509_verify_cert(X509_STORE_CTX *ctx); -int X509_STORE_CTX_verify(X509_STORE_CTX *ctx); int X509_STORE_set_depth(X509_STORE *store, int depth); @@ -401,8 +466,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void); int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); void X509_STORE_CTX_free(X509_STORE_CTX *ctx); -int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, - X509 *target, STACK_OF(X509) *chain); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, + X509 *target, STACK_OF(X509) *untrusted); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); @@ -601,9 +666,9 @@ X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); -void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); -void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, From tomas at openssl.org Tue Jun 8 07:20:25 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Tue, 08 Jun 2021 07:20:25 +0000 Subject: [openssl] master update Message-ID: <1623136825.263496.15833.nullmailer@dev.openssl.org> The branch master has been updated via fccf3dcef42f12b0ac2b1ab8979125a2511dc271 (commit) from 09345c8cab01d0030234a001c7b2d64eac1e75ae (commit) - Log ----------------------------------------------------------------- commit fccf3dcef42f12b0ac2b1ab8979125a2511dc271 Author: Tomas Mraz Date: Fri Jun 4 13:56:41 2021 +0200 X509_digest_sig: Handle RSA-PSS and EDDSA certificates Identify digest from sigalg params for RSA-PSS and fallback to SHA-256 for EDDSA. Fixes #15477 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/15618) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x_all.c | 54 +++++++++++++++++++++++++++++++++++++++++------- doc/man3/X509_digest.pod | 4 +++- 2 files changed, 50 insertions(+), 8 deletions(-) diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 88c75c3d36..a0ad56bca4 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -26,6 +26,7 @@ #include "internal/asn1.h" #include "crypto/pkcs7.h" #include "crypto/x509.h" +#include "crypto/rsa.h" int X509_verify(X509 *a, EVP_PKEY *r) { @@ -437,8 +438,8 @@ ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert) { unsigned int len; unsigned char hash[EVP_MAX_MD_SIZE]; - int md_NID; - const EVP_MD *md = NULL; + int mdnid, pknid; + EVP_MD *md = NULL; ASN1_OCTET_STRING *new = NULL; if (cert == NULL) { @@ -446,18 +447,57 @@ ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert) return NULL; } - if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &md_NID, NULL) - || (md = EVP_get_digestbynid(md_NID)) == NULL) { - ERR_raise(ERR_LIB_CMP, X509_R_UNSUPPORTED_ALGORITHM); + if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &mdnid, &pknid)) { + ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS); + return NULL; + } + + if (mdnid == NID_undef) { + if (pknid == EVP_PKEY_RSA_PSS) { + RSA_PSS_PARAMS *pss = ossl_rsa_pss_decode(&cert->sig_alg); + const EVP_MD *mgf1md, *mmd = NULL; + int saltlen, trailerfield; + + if (pss == NULL + || !ossl_rsa_pss_get_param_unverified(pss, &mmd, &mgf1md, + &saltlen, + &trailerfield) + || mmd == NULL) { + RSA_PSS_PARAMS_free(pss); + ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); + return NULL; + } + RSA_PSS_PARAMS_free(pss); + /* Fetch explicitly and do not fallback */ + if ((md = EVP_MD_fetch(cert->libctx, EVP_MD_get0_name(mmd), + cert->propq)) == NULL) + /* Error code from fetch is sufficient */ + return NULL; + } else if (pknid != NID_undef) { + /* Default to SHA-256 for known algorithms without a digest */ + if ((md = EVP_MD_fetch(cert->libctx, "SHA256", + cert->propq)) == NULL) + return NULL; + } else { + /* A completely unknown algorithm */ + ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); + return NULL; + } + } else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid), + cert->propq)) == NULL + && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) { + ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); return NULL; } if (!X509_digest(cert, md, hash, &len) || (new = ASN1_OCTET_STRING_new()) == NULL) - return NULL; + goto err; if (!(ASN1_OCTET_STRING_set(new, hash, len))) { ASN1_OCTET_STRING_free(new); - return NULL; + new = NULL; } + err: + EVP_MD_free(md); return new; } diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod index 36af772cc7..5d6167934d 100644 --- a/doc/man3/X509_digest.pod +++ b/doc/man3/X509_digest.pod @@ -40,7 +40,9 @@ PKCS7_ISSUER_AND_SERIAL_digest =head1 DESCRIPTION X509_digest_sig() calculates a digest of the given certificate -using the same hash algorithm as in its signature. +using the same hash algorithm as in its signature with a fallback to B +for algorithms where the digest is an integral part of the signature algorithm +such as with B signatures. X509_pubkey_digest() returns a digest of the DER representation of the public key in the specified X509 B object. From pauli at openssl.org Tue Jun 8 08:53:24 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 08:53:24 +0000 Subject: [openssl] master update Message-ID: <1623142404.975873.24242.nullmailer@dev.openssl.org> The branch master has been updated via 178fa72ed5c6b26ac3d6bab1a45e732ee6458565 (commit) from fccf3dcef42f12b0ac2b1ab8979125a2511dc271 (commit) - Log ----------------------------------------------------------------- commit 178fa72ed5c6b26ac3d6bab1a45e732ee6458565 Author: Daniel Bevenius Date: Mon Jun 7 06:01:54 2021 +0200 Add aix64-gcc-as architecture and p2align callback This commit adds an architecture named aix64-gcc-as which can generate assembler source code compatible with AIX assembler (as) instead of the GNU Assembler (gas). This architecture name is then used in a callback for the .p2align directive which is not available in AIX as. The motivation for this addition came out of an issue we ran into when working on upgrading OpenSSL in Node.js. We ran into the following compilation error on one of the CI machines that uses AIX: 05:39:05 Assembler: 05:39:05 crypto/bn/ppc64-mont-fixed.s: line 4: Error In Syntax This machine is using AIX Version 7.2 and does not have gas installed and the .p2align directive is causing this error. After asking around if it would be possible to install GAS on this machine I learned that AIX GNU utils are not maintained as well as the native AIX ones and we (Red Hat/IBM) have run into issues with the GNU utils in the past and if possible it would be preferable to be able to use the AIX native assembler. Refs: https://github.com/nodejs/node/pull/38512 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15638) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 4 ++++ crypto/perlasm/ppc-xlate.pl | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 138ad8a6ae..dfff5ea4ae 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1212,6 +1212,10 @@ my %targets = ( AR => add("-X64"), RANLIB => add("-X64"), }, + "aix64-gcc-as" => { + inherit_from => [ "aix64-gcc" ], + perlasm_scheme => "aix64-as", + }, "aix-cc" => { inherit_from => [ "aix-common" ], CC => "cc", diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index 14fd06dec4..c81fb6a47a 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -83,6 +83,10 @@ my $text = sub { $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64(le|v2)/); $ret; }; +my $p2align = sub { + my $ret = ($flavour =~ /aix64-as/) ? "" : ".p2align $line"; + $ret; +}; my $machine = sub { my $junk = shift; my $arch = shift; From pauli at openssl.org Tue Jun 8 08:59:45 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 08:59:45 +0000 Subject: [openssl] master update Message-ID: <1623142785.817400.26094.nullmailer@dev.openssl.org> The branch master has been updated via 95c8a5125207a62362345d85be77531ad9654edd (commit) via 75653c100f0465206567150035a166bf42996540 (commit) via dbf021c20ec62c57aa9dcb4a071611960f2dde0e (commit) via b1307e94210c342df8ab736d7295110b20f003eb (commit) via c0fc3fe3496ec02b0cafb252b7764f53cc3ae643 (commit) via e748b4fbae59c08ba3e1bf2aef94fcc0ec642aae (commit) via f7a19d6402fa7dd73f323b8b15a946ed3ec42efb (commit) via 7f0dc8da7d0c9ed29e5aff30f2afc4902b01e2f5 (commit) via 8809fdff9350f13e30c51925b73a3b1e172c0511 (commit) via 7b9e2361778f71321ada562930e4661d2865fffd (commit) via 618523e728dc884bad481324bfe7b8967199c00d (commit) via e4d69413c25beedddf1463308fdf3dbf24cfe449 (commit) from 178fa72ed5c6b26ac3d6bab1a45e732ee6458565 (commit) - Log ----------------------------------------------------------------- commit 95c8a5125207a62362345d85be77531ad9654edd Author: Pauli Date: Mon Jun 7 19:05:54 2021 +1000 doc: add PKEY life cycle documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit 75653c100f0465206567150035a166bf42996540 Author: Pauli Date: Mon Jun 7 19:07:30 2021 +1000 doc: build changes for PKEY life cycle documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit dbf021c20ec62c57aa9dcb4a071611960f2dde0e Author: Pauli Date: Mon Jun 7 15:14:47 2021 +1000 doc: add build info for cipher life cycle documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit b1307e94210c342df8ab736d7295110b20f003eb Author: Pauli Date: Mon Jun 7 15:14:25 2021 +1000 doc: add references to cipher life cycle documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit c0fc3fe3496ec02b0cafb252b7764f53cc3ae643 Author: Pauli Date: Mon Jun 7 15:11:28 2021 +1000 doc: add cipher life cycle documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit e748b4fbae59c08ba3e1bf2aef94fcc0ec642aae Author: Pauli Date: Mon Jun 7 14:41:27 2021 +1000 doc: improve the cipher life cycle diagram Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit f7a19d6402fa7dd73f323b8b15a946ed3ec42efb Author: Pauli Date: Mon Jun 7 12:38:25 2021 +1000 doc-nits: support out of source execution Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit 7f0dc8da7d0c9ed29e5aff30f2afc4902b01e2f5 Author: Pauli Date: Mon Jun 7 12:35:06 2021 +1000 doc: remove empty section Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit 8809fdff9350f13e30c51925b73a3b1e172c0511 Author: Pauli Date: Mon Jun 7 12:28:29 2021 +1000 doc: add references to digest life cycle documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit 7b9e2361778f71321ada562930e4661d2865fffd Author: Pauli Date: Mon Jun 7 12:28:02 2021 +1000 doc: add digest life cycle documentation Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit 618523e728dc884bad481324bfe7b8967199c00d Author: Pauli Date: Mon Jun 7 12:27:39 2021 +1000 doc: add digest lifecycle diagram Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) commit e4d69413c25beedddf1463308fdf3dbf24cfe449 Author: Pauli Date: Mon Jun 7 12:27:17 2021 +1000 life-cycles: update digest state table Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15637) ----------------------------------------------------------------------- Summary of changes: doc/build.info | 23 +- doc/internal/man3/evp_md_get_number.pod | 3 - doc/life-cycles/cipher.dot | 12 +- doc/life-cycles/lifecycles.ods | Bin 16752 -> 17042 bytes doc/man3/EVP_DigestInit.pod | 7 +- doc/man3/EVP_EncryptInit.pod | 8 +- doc/man7/img/cipher.png | Bin 0 -> 81349 bytes doc/man7/img/digest.png | Bin 0 -> 56894 bytes doc/man7/img/pkey.png | Bin 0 -> 148963 bytes doc/man7/life_cycle-cipher.pod | 370 +++++++++++ .../{life_cycle-mac.pod => life_cycle-digest.pod} | 145 +++-- doc/man7/life_cycle-mac.pod | 2 +- doc/man7/life_cycle-pkey.pod | 713 +++++++++++++++++++++ doc/man7/provider-cipher.pod | 8 +- doc/man7/provider-digest.pod | 8 +- util/find-doc-nits | 2 +- 16 files changed, 1211 insertions(+), 90 deletions(-) create mode 100644 doc/man7/img/cipher.png create mode 100644 doc/man7/img/digest.png create mode 100644 doc/man7/img/pkey.png create mode 100644 doc/man7/life_cycle-cipher.pod copy doc/man7/{life_cycle-mac.pod => life_cycle-digest.pod} (51%) create mode 100644 doc/man7/life_cycle-pkey.pod diff --git a/doc/build.info b/doc/build.info index 946cc24032..4529e3c72f 100644 --- a/doc/build.info +++ b/doc/build.info @@ -4375,6 +4375,14 @@ DEPEND[html/man7/fips_module.html]=man7/fips_module.pod GENERATE[html/man7/fips_module.html]=man7/fips_module.pod DEPEND[man/man7/fips_module.7]=man7/fips_module.pod GENERATE[man/man7/fips_module.7]=man7/fips_module.pod +DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod +GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod +DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod +GENERATE[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod +DEPEND[html/man7/life_cycle-digest.html]=man7/life_cycle-digest.pod +GENERATE[html/man7/life_cycle-digest.html]=man7/life_cycle-digest.pod +DEPEND[man/man7/life_cycle-digest.7]=man7/life_cycle-digest.pod +GENERATE[man/man7/life_cycle-digest.7]=man7/life_cycle-digest.pod DEPEND[html/man7/life_cycle-kdf.html]=man7/life_cycle-kdf.pod GENERATE[html/man7/life_cycle-kdf.html]=man7/life_cycle-kdf.pod DEPEND[man/man7/life_cycle-kdf.7]=man7/life_cycle-kdf.pod @@ -4383,6 +4391,10 @@ DEPEND[html/man7/life_cycle-mac.html]=man7/life_cycle-mac.pod GENERATE[html/man7/life_cycle-mac.html]=man7/life_cycle-mac.pod DEPEND[man/man7/life_cycle-mac.7]=man7/life_cycle-mac.pod GENERATE[man/man7/life_cycle-mac.7]=man7/life_cycle-mac.pod +DEPEND[html/man7/life_cycle-pkey.html]=man7/life_cycle-pkey.pod +GENERATE[html/man7/life_cycle-pkey.html]=man7/life_cycle-pkey.pod +DEPEND[man/man7/life_cycle-pkey.7]=man7/life_cycle-pkey.pod +GENERATE[man/man7/life_cycle-pkey.7]=man7/life_cycle-pkey.pod DEPEND[html/man7/life_cycle-rand.html]=man7/life_cycle-rand.pod GENERATE[html/man7/life_cycle-rand.html]=man7/life_cycle-rand.pod DEPEND[man/man7/life_cycle-rand.7]=man7/life_cycle-rand.pod @@ -4513,8 +4525,11 @@ DEPEND[html/man7/x509.html]=man7/x509.pod GENERATE[html/man7/x509.html]=man7/x509.pod DEPEND[man/man7/x509.7]=man7/x509.pod GENERATE[man/man7/x509.7]=man7/x509.pod -IMAGEDOCS[man7]=man7/img/kdf.png \ +IMAGEDOCS[man7]=man7/img/cipher.png \ +man7/img/digest.png \ +man7/img/kdf.png \ man7/img/mac.png \ +man7/img/pkey.png \ man7/img/rand.png HTMLDOCS[man7]=html/man7/EVP_ASYM_CIPHER-SM2.html \ html/man7/EVP_CIPHER-AES.html \ @@ -4600,8 +4615,11 @@ html/man7/ct.html \ html/man7/des_modes.html \ html/man7/evp.html \ html/man7/fips_module.html \ +html/man7/life_cycle-cipher.html \ +html/man7/life_cycle-digest.html \ html/man7/life_cycle-kdf.html \ html/man7/life_cycle-mac.html \ +html/man7/life_cycle-pkey.html \ html/man7/life_cycle-rand.html \ html/man7/migration_guide.html \ html/man7/openssl-core.h.html \ @@ -4718,8 +4736,11 @@ man/man7/ct.7 \ man/man7/des_modes.7 \ man/man7/evp.7 \ man/man7/fips_module.7 \ +man/man7/life_cycle-cipher.7 \ +man/man7/life_cycle-digest.7 \ man/man7/life_cycle-kdf.7 \ man/man7/life_cycle-mac.7 \ +man/man7/life_cycle-pkey.7 \ man/man7/life_cycle-rand.7 \ man/man7/migration_guide.7 \ man/man7/openssl-core.h.7 \ diff --git a/doc/internal/man3/evp_md_get_number.pod b/doc/internal/man3/evp_md_get_number.pod index 8e5bbd4437..3c85f58b99 100644 --- a/doc/internal/man3/evp_md_get_number.pod +++ b/doc/internal/man3/evp_md_get_number.pod @@ -96,9 +96,6 @@ Returns the internal dynamic number assigned to the given I. All of these functions return the provider specific identification number for the specified algorithm. -=head1 SEE ALSO - - =head1 HISTORY This functionality was added to OpenSSL 3.0. diff --git a/doc/life-cycles/cipher.dot b/doc/life-cycles/cipher.dot index 8736ce7026..c1d5b83468 100644 --- a/doc/life-cycles/cipher.dot +++ b/doc/life-cycles/cipher.dot @@ -24,30 +24,28 @@ digraph cipher { finaled -> finaled [label="EVP_CIPHER_CTX_get_params\n(AEAD encryption)", style=dashed]; finaled -> end [label="EVP_CIPHER_CTX_free"]; - finaled -> newed [label="EVP_CIPHER_CTX_reset", style=dashed, - color="#034f84", fontcolor="#034f84"]; - updated -> newed [label="EVP_CIPHER_CTX_reset", style=dashed, - color="#034f84", fontcolor="#034f84"]; newed -> d_initialised [label="EVP_DecryptInit"]; d_initialised -> d_initialised [label="EVP_DecryptInit\n(not required but allowed)", style=dashed]; d_initialised -> d_updated [label="EVP_DecryptUpdate", weight=2]; d_updated -> d_updated [label="EVP_DecryptUpdate"]; d_updated -> finaled [label="EVP_DecryptFinal"]; - d_updated -> newed [label="EVP_CIPHER_CTX_reset", style=dashed, - color="#034f84", fontcolor="#034f84"]; newed -> e_initialised [label="EVP_EncryptInit"]; e_initialised -> e_initialised [label="EVP_EncryptInit\n(not required but allowed)", style=dashed]; e_initialised -> e_updated [label="EVP_EncryptUpdate", weight=2]; e_updated -> e_updated [label="EVP_EncryptUpdate"]; e_updated -> finaled [label="EVP_EncryptFinal"]; - e_updated -> newed [label="EVP_CIPHER_CTX_reset", style=dashed, + most -> newed [label="EVP_CIPHER_CTX_reset", style=dashed, + color="#034f84", fontcolor="#034f84"]; + most [label="any of the initialised\nupdated or finaled states", style=dashed, color="#034f84", fontcolor="#034f84"]; } /* This is a version with a single flavour which is easier to comprehend digraph cipher { + bgcolor="transparent"; + begin [label=start, color="#deeaee", style="filled"]; newed [fontcolor="#c94c4c", style="solid"]; initialised [fontcolor="#c94c4c"]; diff --git a/doc/life-cycles/lifecycles.ods b/doc/life-cycles/lifecycles.ods index f80a76e622..6cc2030a9e 100644 Binary files a/doc/life-cycles/lifecycles.ods and b/doc/life-cycles/lifecycles.ods differ diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 201c011095..dd822a4ca0 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -691,7 +691,11 @@ L, L, L, L, -L +L, +L, +L, +L, +L The full list of digest algorithms are provided below. @@ -706,7 +710,6 @@ L, L, L, L -L =head1 HISTORY diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 4b90cdd780..a03c31ea35 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -1611,7 +1611,11 @@ Encryption using AES-CBC with a 256-bit key with "CS1" ciphertext stealing. =head1 SEE ALSO -L +L, +L, +L, +L, +L Supported ciphers are listed in: @@ -1628,7 +1632,7 @@ L, L, L, L, -L +L, =head1 HISTORY diff --git a/doc/man7/img/cipher.png b/doc/man7/img/cipher.png new file mode 100644 index 0000000000..79b8b621e6 Binary files /dev/null and b/doc/man7/img/cipher.png differ diff --git a/doc/man7/img/digest.png b/doc/man7/img/digest.png new file mode 100644 index 0000000000..9f35deb5dc Binary files /dev/null and b/doc/man7/img/digest.png differ diff --git a/doc/man7/img/pkey.png b/doc/man7/img/pkey.png new file mode 100644 index 0000000000..d31b5d3841 Binary files /dev/null and b/doc/man7/img/pkey.png differ diff --git a/doc/man7/life_cycle-cipher.pod b/doc/man7/life_cycle-cipher.pod new file mode 100644 index 0000000000..227cc18b8d --- /dev/null +++ b/doc/man7/life_cycle-cipher.pod @@ -0,0 +1,370 @@ +=pod + +=head1 NAME + +life_cycle-cipher - The cipher algorithm life-cycle + +=head1 DESCRIPTION + +All symmetric ciphers (CIPHERs) go through a number of stages in their +life-cycle: + +=over 4 + +=item start + +This state represents the CIPHER before it has been allocated. It is the +starting state for any life-cycle transitions. + +=item newed + +This state represents the CIPHER after it has been allocated. + +=item initialised + +These states represent the CIPHER when it is set up and capable of processing +input. There are three possible initialised states: + +=over 4 + +=item initialised using EVP_CipherInit + +=item initialised for decryption using EVP_DecryptInit + +=item initialised for encryption using EVP_EncryptInit + +=back + +=item updated + +These states represent the CIPHER when it is set up and capable of processing +additional input or generating output. The three possible states directly +correspond to those for initialised above. The three different streams should +not be mixed. + +=item finaled + +This state represents the CIPHER when it has generated output. + +=item freed + +This state is entered when the CIPHER is freed. It is the terminal state +for all life-cycle transitions. + +=back + +=head2 State Transition Diagram + +The usual life-cycle of a CIPHER is illustrated: + +=begin man + + +---------------------------+ + | | + | start | + | | + +---------------------------+ + - - - - - - - - - - - - - + + | ' any of the initialised ' + | EVP_CIPHER_CTX_new ' updated or finaled states ' + v ' ' + +---------------------------+ + - - - - - - - - - - - - - + + | | | + | newed | | EVP_CIPHER_CTX_reset + | | <----+ + +---------------------------+ + | | | + +---------+ | +---------+ + EVP_DecryptInit | | EVP_CipherInit | EVP_EncryptInit + v v v + +---------------------------+ +---------------------------+ +---------------------------+ + | | | | | | + | initialised | | initialised | | initialised | + | for decryption | | | | for encryption | + +---------------------------+ +---------------------------+ +---------------------------+ + | | | + | EVP_DecryptUpdate | EVP_CipherUpdate EVP_EncryptUpdate | + | v | + | +---------------------------+ | + | | |--------------------+ | + | | updated | EVP_CipherUpdate | | + | | | <------------------+ | + v +---------------------------+ v + +---------------------------+ | +---------------------------+ + | |---------------------+ | | | + | updated | EVP_DecryptUpdate | | | updated |------+ + | for decryption | <-------------------+ | | for encryption | | + +---------------------------+ | +---------------------------+ | + | EVP_CipherFinal | | ^ | + +-------+ | +--------+ | | + EVP_DecryptFinal | | | EVP_EncryptFinal +-------------------+ + v v v EVP_EncryptUpdate + +---------------------------+ + | |-----------------------------+ + | finaled | | + | | <---------------------------+ + +---------------------------+ EVP_CIPHER_CTX_get_params + | (AEAD encryption) + | EVP_CIPHER_CTX_free + v + +---------------------------+ + | | + | freed | + | | + +---------------------------+ + +=end man + +=for html + +=head2 Formal State Transitions + +This section defines all of the legal state transitions. +This is the canonical list. + +=begin man + + Function Call ---------------------------------------------- Current State ----------------------------------------------- + start newed initialised updated finaled initialised updated initialised updated freed + decryption decryption encryption encryption + EVP_CIPHER_CTX_new newed + EVP_CipherInit initialised initialised initialised initialised initialised initialised initialised initialised + EVP_DecryptInit initialised initialised initialised initialised initialised initialised initialised initialised + decryption decryption decryption decryption decryption decryption decryption decryption + EVP_EncryptInit initialised initialised initialised initialised initialised initialised initialised initialised + encryption encryption encryption encryption encryption encryption encryption encryption + EVP_CipherUpdate updated updated + EVP_DecryptUpdate updated updated + decryption decryption + EVP_EncryptUpdate updated updated + encryption encryption + EVP_CipherFinal finaled + EVP_DecryptFinal finaled + EVP_EncryptFinal finaled + EVP_CIPHER_CTX_free freed freed freed freed freed freed freed freed freed + EVP_CIPHER_CTX_reset newed newed newed newed newed newed newed newed + EVP_CIPHER_CTX_get_params newed initialised updated initialised updated initialised updated + decryption decryption encryption encryption + EVP_CIPHER_CTX_set_params newed initialised updated initialised updated initialised updated + decryption decryption encryption encryption + EVP_CIPHER_CTX_gettable_params newed initialised updated initialised updated initialised updated + decryption decryption encryption encryption + EVP_CIPHER_CTX_settable_params newed initialised updated initialised updated initialised updated + decryption decryption encryption encryption + +=end man + +=begin html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Function CallCurrent State
startnewedinitialisedupdatedfinaledinitialised
decryption		updated
decryption		initialised
encryption		updated
encryption		freed
EVP_CIPHER_CTX_newnewed
EVP_CipherInitinitialisedinitialisedinitialisedinitialisedinitialisedinitialisedinitialisedinitialised
EVP_DecryptInitinitialised
decryption		initialised
decryption		initialised
decryption		initialised
decryption		initialised
decryption		initialised
decryption		initialised
decryption		initialised
decryption
EVP_EncryptInitinitialised
encryption		initialised
encryption		initialised
encryption		initialised
encryption		initialised
encryption		initialised
encryption		initialised
encryption		initialised
encryption
EVP_CipherUpdateupdatedupdated
EVP_DecryptUpdateupdated
decryption		updated
decryption
EVP_EncryptUpdateupdated
encryption		updated
encryption
EVP_CipherFinalfinaled
EVP_DecryptFinalfinaled
decryption
EVP_EncryptFinalfinaled
decryption
EVP_CIPHER_CTX_freefreedfreedfreedfreedfreedfreedfreedfreedfreed
EVP_CIPHER_CTX_resetnewednewednewednewednewednewednewed
EVP_CIPHER_CTX_get_paramsnewedinitialisedupdatedinitialised
decryption		updated
decryption		initialised
encryption		updated
encryption
EVP_CIPHER_CTX_set_paramsnewedinitialisedupdatedinitialised
decryption		updated
decryption		initialised
encryption		updated
encryption
EVP_CIPHER_CTX_gettable_paramsnewedinitialisedupdatedinitialised
decryption		updated
decryption		initialised
encryption		updated
encryption
EVP_CIPHER_CTX_settable_paramsnewedinitialisedupdatedinitialised
decryption		updated
decryption		initialised
encryption		updated
encryption
+ +=end html + +=head1 NOTES + +At some point the EVP layer will begin enforcing the transitions described +herein. + +=head1 SEE ALSO + +L, L + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/life_cycle-mac.pod b/doc/man7/life_cycle-digest.pod similarity index 51% copy from doc/man7/life_cycle-mac.pod copy to doc/man7/life_cycle-digest.pod index 7875e53cbe..5425f57dd5 100644 --- a/doc/man7/life_cycle-mac.pod +++ b/doc/man7/life_cycle-digest.pod @@ -2,88 +2,87 @@ =head1 NAME -life_cycle-mac - The MAC algorithm life-cycle +life_cycle-digest - The digest algorithm life-cycle =head1 DESCRIPTION -All message authentication codes (MACs) -go through a number of stages in their life-cycle: +All message digests (MDs) go through a number of stages in their life-cycle: =over 4 =item start -This state represents the MAC before it has been allocated. It is the +This state represents the MD before it has been allocated. It is the starting state for any life-cycle transitions. =item newed -This state represents the MAC after it has been allocated. +This state represents the MD after it has been allocated. =item initialised -This state represents the MAC when it is set up and capable of processing +This state represents the MD when it is set up and capable of processing input. =item updated -This state represents the MAC when it is set up and capable of processing +This state represents the MD when it is set up and capable of processing additional input or generating output. =item finaled -This state represents the MAC when it has generated output. +This state represents the MD when it has generated output. =item freed -This state is entered when the MAC is freed. It is the terminal state +This state is entered when the MD is freed. It is the terminal state for all life-cycle transitions. =back =head2 State Transition Diagram -The usual life-cycle of a MAC is illustrated: +The usual life-cycle of a MD is illustrated: =begin man - +-------------------+ - | start | - +-------------------+ - | - | EVP_MAC_CTX_new - v - +-------------------+ - | newed | - +-------------------+ - | - | EVP_MAC_init - v - +-------------------+ - +> | initialised | <+ - | +-------------------+ | - | | | - | | EVP_MAC_update | EVP_MAC_init - | v | - EVP_MAC_init | +-------------------+ | - | | updated | -+ - | +-------------------+ - | | | - | | EVP_MAC_final | EVP_MAC_finalXOF - | v v - | +-------------------+ - +- | finaled | - +-------------------+ - | - | EVP_MAC_CTX_free - v - +-------------------+ - | freed | - +-------------------+ + +-------------------+ + | start | + +-------------------+ + | + | EVP_MD_CTX_new + v + +-------------------+ EVP_MD_CTX_reset + | newed | <------------------------------+ + +-------------------+ | + | | + | EVP_DigestInit | + v | + +-------------------+ | + +--> | initialised | <+ EVP_DigestInit | + | +-------------------+ | | + | | | EVP_DigestUpdate | + | | EVP_DigestUpdate | +------------------+ | + | v | v | | + | +------------------------------------------------+ | + EVP_DigestInit | | updated | --+ + | +------------------------------------------------+ | + | | | | + | | EVP_DigestFinal | EVP_DigestFinalXOF | + | v v | + | +------------------------------------------------+ | + +--- | finaled | --+ + +------------------------------------------------+ + | + | EVP_MD_CTX_free + v + +-------------------+ + | freed | + +-------------------+ =end man -=for html +=for html =head2 Formal State Transitions @@ -92,18 +91,19 @@ This is the canonical list. =begin man - Function Call ------------- Current State ------------- - start newed initialised updated finaled freed - EVP_MAC_CTX_new newed - EVP_MAC_init initialised initialised initialised initialised - EVP_MAC_update updated updated - EVP_MAC_final finaled - EVP_MAC_finalXOF finaled - EVP_MAC_CTX_free freed freed freed freed freed - EVP_MAC_CTX_get_params newed initialised updated - EVP_MAC_CTX_set_params newed initialised updated - EVP_MAC_CTX_gettable_params newed initialised updated - EVP_MAC_CTX_settable_params newed initialised updated + Function Call --------------------- Current State ---------------------- + start newed initialised updated finaled freed + EVP_MD_CTX_new newed + EVP_DigestInit initialised initialised initialised initialised + EVP_DigestUpdate updated updated + EVP_DigestFinal finaled + EVP_DigestFinalXOF finaled + EVP_MD_CTX_free freed freed freed freed freed + EVP_MD_CTX_reset newed newed newed newed + EVP_MD_CTX_get_params newed initialised updated + EVP_MD_CTX_set_params newed initialised updated + EVP_MD_CTX_gettable_params newed initialised updated + EVP_MD_CTX_settable_params newed initialised updated =end man @@ -119,70 +119,77 @@ This is the canonical list. updated finaled freed -EVP_MAC_CTX_new +EVP_MD_CTX_new newed -EVP_MAC_init +EVP_DigestInit initialised initialised initialised initialised -EVP_MAC_update +EVP_DigestUpdate updated updated -EVP_MAC_final +EVP_DigestFinal finaled -EVP_MAC_finalXOF +EVP_DigestFinalXOF finaled -EVP_MAC_CTX_free +EVP_MD_CTX_free freed freed freed freed freed -EVP_MAC_CTX_get_params +EVP_MD_CTX_reset + + newed + newed + newed + newed + +EVP_MD_CTX_get_params newed initialised updated -EVP_MAC_CTX_set_params +EVP_MD_CTX_set_params newed initialised updated -EVP_MAC_CTX_gettable_params +EVP_MD_CTX_gettable_params newed initialised updated -EVP_MAC_CTX_settable_params +EVP_MD_CTX_settable_params newed initialised @@ -200,11 +207,7 @@ herein. =head1 SEE ALSO -L, L. - -=head1 HISTORY - -The provider MAC interface was introduced in OpenSSL 3.0. +L, L =head1 COPYRIGHT diff --git a/doc/man7/life_cycle-mac.pod b/doc/man7/life_cycle-mac.pod index 7875e53cbe..1a9a008818 100644 --- a/doc/man7/life_cycle-mac.pod +++ b/doc/man7/life_cycle-mac.pod @@ -92,7 +92,7 @@ This is the canonical list. =begin man - Function Call ------------- Current State ------------- + Function Call --------------------- Current State ---------------------- start newed initialised updated finaled freed EVP_MAC_CTX_new newed EVP_MAC_init initialised initialised initialised initialised diff --git a/doc/man7/life_cycle-pkey.pod b/doc/man7/life_cycle-pkey.pod new file mode 100644 index 0000000000..6768750f48 --- /dev/null +++ b/doc/man7/life_cycle-pkey.pod @@ -0,0 +1,713 @@ +=pod + +=head1 NAME + +life_cycle-pkey - The PKEY algorithm life-cycle + +=head1 DESCRIPTION + +All public keys (PKEYs) go through a number of stages in their life-cycle: + +=over 4 + +=item start + +This state represents the PKEY before it has been allocated. It is the +starting state for any life-cycle transitions. + +=item newed + +This state represents the PKEY after it has been allocated. + +=item decapsulate + +This state represents the PKEY when it is ready to perform a private key decapsulation +opeartion. + +=item decrypt + +This state represents the PKEY when it is ready to decrypt some ciphertext. + +=item derive + +This state represents the PKEY when it is ready to derive a shared secret. + +=item digest sign + +This state represents the PKEY when it is ready to perform a private key signature +operation. + +=item encapsulate + +This state represents the PKEY when it is ready to perform a public key encapsulation +opeartion. + +=item encrypt + +This state represents the PKEY when it is ready to encrypt some plaintext. + +=item key generation + +This state represents the PKEY when it is ready to generate a new public/private key. + +=item parameter generation + +This state represents the PKEY when it is ready to generate key parameters. + +=item verify + +This state represents the PKEY when it is ready to verify a public key signature. + +=item verify recover + +This state represents the PKEY when it is ready to recover a public key signature data. + +=item freed + +This state is entered when the PKEY is freed. It is the terminal state +for all life-cycle transitions. + +=back + +=head2 State Transition Diagram + +The usual life-cycle of a PKEY object is illustrated: + +=begin man + + +-------------+ + | | + | start | + | | + EVP_PKEY_derive +-------------+ + +-------------+ EVP_PKEY_derive_set_peer | +-------------+ + | |----------------------------+ | +----------------------------| | + | derive | | | | EVP_PKEY_verify | verify | + | |<---------------------------+ | +--------------------------->| | + +-------------+ | +-------------+ + ^ | ^ + | EVP_PKEY_derive_init | EVP_PKEY_verify_init | + +---------------------------------------+ | +---------------------------------------+ + | | | + +-------------+ | | | +-------------+ + | |----------------------------+ | | | +----------------------------| | + | digest sign | EVP_PKEY_sign | | | | | EVP_PKEY_verify_recover | verify | + | |<---------------------------+ | | | +--------------------------->| recover | + +-------------+ | | | +-------------+ + ^ | | | ^ + | EVP_PKEY_sign_init | | | EVP_PKEY_verify_recover_init | + +---------------------------------+ | | | +---------------------------------+ + | | | | | + +-------------+ | | | | | +-------------+ + | |----------------------------+ | | | | | +----------------------------| | + | decapsulate | EVP_PKEY_decapsulate | | | | | | | EVP_PKEY_decrypt | decrypt | + | |<---------------------------+ | | v | | +--------------------------->| | + +-------------+ | +-------------+ | +-------------+ + ^ +---| |---+ ^ + | EVP_PKEY_decapsulate_init | | EVP_PKEY_decrypt_init | + +-------------------------------------| newed |-------------------------------------+ + | | + +---| |---+ + +-------------+ | +-------------+ | +-------------+ + | |----------------------------+ | | | | +----------------------------| | + | encapsulate | EVP_PKEY_encapsulate | | | | | | EVP_PKEY_encrypt | encrypt | + | |<---------------------------+ | | | | +--------------------------->| | + +-------------+ | | | | +-------------+ + ^ | | | | ^ + | EVP_PKEY_encapsulate_init | | | | EVP_PKEY_encrypt_init | + +---------------------------------+ | | +---------------------------------+ + | | + +---------------------------------------+ +---------------------------------------+ + | EVP_PKEY_paramgen_init EVP_PKEY_keygen_init | + v v + +-------------+ +-------------+ + | |----------------------------+ +----------------------------| | + | parameter | | | | key | + | generation |<---------------------------+ +--------------------------->| generation | + +-------------+ EVP_PKEY_paramgen EVP_PKEY_keygen +-------------+ + EVP_PKEY_gen EVP_PKEY_gen + + + + - - - - - + +-----------+ + ' ' EVP_PKEY_CTX_free | | + ' any state '------------------->| freed | + ' ' | | + + - - - - - + +-----------+ + +=end man + +=for html + +=head2 Formal State Transitions + +This section defines all of the legal state transitions. +This is the canonical list. + +=begin man + + Function Call ---------------------------------------------------------------------- Current State ---------------------------------------------------------------------- + start newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key freed + sign recover generation generation + EVP_PKEY_CTX_new newed + EVP_PKEY_CTX_new_id newed + EVP_PKEY_CTX_new_from_name newed + EVP_PKEY_CTX_new_from_pkey newed + EVP_PKEY_sign_init digest digest digest digest digest digest digest digest digest digest digest + sign sign sign sign sign sign sign sign sign sign sign + EVP_PKEY_sign digest + sign + EVP_PKEY_verify_init verify verify verify verify verify verify verify verify verify verify verify + EVP_PKEY_verify verify + EVP_PKEY_verify_recover_init verify verify verify verify verify verify verify verify verify verify verify + recover recover recover recover recover recover recover recover recover recover recover + EVP_PKEY_verify_recover verify + recover + EVP_PKEY_encrypt_init encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt encrypt + EVP_PKEY_encrypt encrypt + EVP_PKEY_decrypt_init decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt decrypt + EVP_PKEY_decrypt decrypt + EVP_PKEY_derive_init derive derive derive derive derive derive derive derive derive derive derive + EVP_PKEY_derive_set_peer derive + EVP_PKEY_derive derive + EVP_PKEY_encapsulate_init encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate encapsulate + EVP_PKEY_encapsulate encapsulate + EVP_PKEY_decapsulate_init decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate decapsulate + EVP_PKEY_decapsulate decapsulate + EVP_PKEY_paramgen_init parameter parameter parameter parameter parameter parameter parameter parameter parameter parameter parameter + generation generation generation generation generation generation generation generation generation generation generation + EVP_PKEY_paramgen parameter + generation + EVP_PKEY_keygen_init key key key key key key key key key key key + generation generation generation generation generation generation generation generation generation generation generation + EVP_PKEY_keygen key + generation + EVP_PKEY_gen parameter key + generation generation + EVP_PKEY_CTX_get_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key + sign recover generation generation + EVP_PKEY_CTX_set_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key + sign recover generation generation + EVP_PKEY_CTX_gettable_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key + sign recover generation generation + EVP_PKEY_CTX_settable_params newed digest verify verify encrypt decrypt derive encapsulate decapsulate parameter key + sign recover generation generation + EVP_PKEY_CTX_free freed freed freed freed freed freed freed freed freed freed freed freed + +=end man + +=begin html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Function CallCurrent State
startneweddigest
sign		verifyverify
recover		encryptdecryptderiveencapsulatedecapsulateparameter
generation		key
generation		freed
EVP_PKEY_CTX_newnewed
EVP_PKEY_CTX_new_idnewed
EVP_PKEY_CTX_new_from_namenewed
EVP_PKEY_CTX_new_from_pkeynewed
EVP_PKEY_sign_initdigest
sign		digest
sign		digest
sign		digest
sign		digest
sign		digest
sign		digest
sign		digest
sign		digest
sign		digest
sign		digest
sign
EVP_PKEY_signdigest
sign
EVP_PKEY_verify_initverifyverifyverifyverifyverifyverifyverifyverifyverifyverifyverify
EVP_PKEY_verifyverify
EVP_PKEY_verify_recover_initverify
recover		verify
recover		verify
recover		verify
recover		verify
recover		verify
recover		verify
recover		verify
recover		verify
recover		verify
recover		verify
recover
EVP_PKEY_verify_recoververify
recover
EVP_PKEY_encrypt_initencryptencryptencryptencryptencryptencryptencryptencryptencryptencryptencrypt
EVP_PKEY_encryptencrypt
EVP_PKEY_decrypt_initdecryptdecryptdecryptdecryptdecryptdecryptdecryptdecryptdecryptdecryptdecrypt
EVP_PKEY_decryptdecrypt
EVP_PKEY_derive_initderivederivederivederivederivederivederivederivederivederivederive
EVP_PKEY_derive_set_peerderive
EVP_PKEY_derivederive
EVP_PKEY_encapsulate_initencapsulateencapsulateencapsulateencapsulateencapsulateencapsulateencapsulateencapsulateencapsulateencapsulateencapsulate
EVP_PKEY_encapsulateencapsulate
EVP_PKEY_decapsulate_initdecapsulatedecapsulatedecapsulatedecapsulatedecapsulatedecapsulatedecapsulatedecapsulatedecapsulatedecapsulatedecapsulate
EVP_PKEY_decapsulatedecapsulate
EVP_PKEY_paramgen_initparameter
generation		parameter
generation		parameter
generation		parameter
generation		parameter
generation		parameter
generation		parameter
generation		parameter
generation		parameter
generation		parameter
generation		parameter
generation
EVP_PKEY_paramgenparameter
generation
EVP_PKEY_keygen_initkey
generation		key
generation		key
generation		key
generation		key
generation		key
generation		key
generation		key
generation		key
generation		key
generation		key
generation
EVP_PKEY_keygenkey
generation
EVP_PKEY_genparameter
generation		key
generation
EVP_PKEY_CTX_get_paramsneweddigest
sign		verifyverify
recover		encryptdecryptderiveencapsulatedecapsulateparameter
generation		key
generation
EVP_PKEY_CTX_set_paramsneweddigest
sign		verifyverify
recover		encryptdecryptderiveencapsulatedecapsulateparameter
generation		key
generation
EVP_PKEY_CTX_gettable_paramsneweddigest
sign		verifyverify
recover		encryptdecryptderiveencapsulatedecapsulateparameter
generation		key
generation
EVP_PKEY_CTX_settable_paramsneweddigest
sign		verifyverify
recover		encryptdecryptderiveencapsulatedecapsulateparameter
generation		key
generation
EVP_PKEY_CTX_freefreedfreedfreedfreedfreedfreedfreedfreedfreedfreedfreedfreed
+ +=end html + +=head1 NOTES + +At some point the EVP layer will begin enforcing the transitions described +herein. + +=head1 SEE ALSO + +L, +L, L, L, +L, L, L, +L, L, L + +=head1 HISTORY + +The provider PKEY interface was introduced in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index 52e8417e73..b4a87a3282 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -223,7 +223,13 @@ array, or NULL if none is offered. =head1 SEE ALSO L, L, L, -L +L, +L, L, L, +L, L, L, +L, L, L, +L, L, L, +L, +L, L =head1 HISTORY diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index bacdbf4821..63f30d77b5 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -262,7 +262,13 @@ produces larger digests is unusable with those API calls. =head1 SEE ALSO L, L, L, -L +L, +L, L, L, +L, L, L, +L, L, L, +L, L, L, +L, L, +L, L =head1 HISTORY diff --git a/util/find-doc-nits b/util/find-doc-nits index 467f551093..7244c589e8 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -1139,7 +1139,7 @@ if ( $opt_c ) { # Get the lists of generic options. my $active = ""; - open OFH, "apps/include/opt.h" + open OFH, catdir($config{sourcedir}, "apps/include/opt.h") or die "Can't open apps/include/opt.h to list generic options, $!"; while ( ) { chop; From mark at openssl.org Tue Jun 8 09:30:09 2021 From: mark at openssl.org (Mark J. Cox) Date: Tue, 08 Jun 2021 09:30:09 +0000 Subject: [web] master update Message-ID: <1623144609.708643.27051.nullmailer@dev.openssl.org> The branch master has been updated via f0be824328dc1cbbe56c1adb943d180c86aa4642 (commit) via db238e8d834b6775edcda71f30ca73ba54824872 (commit) from 2e8cfad0e7a3155e8cdeae1a2d9d0cfa9a4efe80 (commit) - Log ----------------------------------------------------------------- commit f0be824328dc1cbbe56c1adb943d180c86aa4642 Merge: 2e8cfad db238e8 Author: Mark J. Cox Date: Tue Jun 8 10:25:55 2021 +0100 Merge pull request #242 from iamamoose/f5sponsor Add NGINX sponsorship logo commit db238e8d834b6775edcda71f30ca73ba54824872 Author: Mark J. Cox Date: Tue Jun 8 10:22:49 2021 +0100 Add NGINX sponsorship logo ----------------------------------------------------------------------- Summary of changes: img/nginx-logo-med.png | Bin 0 -> 7253 bytes support/acks.html | 7 +++++++ 2 files changed, 7 insertions(+) create mode 100644 img/nginx-logo-med.png diff --git a/img/nginx-logo-med.png b/img/nginx-logo-med.png new file mode 100644 index 0000000..d850df4 Binary files /dev/null and b/img/nginx-logo-med.png differ diff --git a/support/acks.html b/support/acks.html index 3bce679..418652c 100644 --- a/support/acks.html +++ b/support/acks.html @@ -37,6 +37,13 @@ } +

Gold:

+ + +

Bronze:

beslist.nl

From pauli at openssl.org Tue Jun 8 09:34:33 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 09:34:33 +0000 Subject: [openssl] master update Message-ID: <1623144873.628619.22230.nullmailer@dev.openssl.org> The branch master has been updated via 69807ab8ed5d5b3b0bb59f418cb3a7658de005a3 (commit) via cec8854cc90794a0696c518efabd90e0279658db (commit) via 3f617061eceb2f33fb40682cc7b14cc4f9a2143f (commit) via dacb0d8f79debfe6b47f4b17ed6a51449dd7e484 (commit) via 9428977994921d23b6aabc047298db3c55867709 (commit) via 0341ff9774283b85179bc07c0cfc80d6e547771e (commit) via 042f8f70cb8fb21445ed20d07e2624d5a2bba4e4 (commit) via b0a0ab07b4313cc893b17880b4399bdb804837c5 (commit) via 6c1d17c802678364a8a8d7d69ee2aba2ac76a854 (commit) via 37bbe449294b63f87b03e792cae465b0b095299a (commit) from 95c8a5125207a62362345d85be77531ad9654edd (commit) - Log ----------------------------------------------------------------- commit 69807ab8ed5d5b3b0bb59f418cb3a7658de005a3 Author: Pauli Date: Mon Jun 7 21:07:21 2021 +1000 evp: avoid some calls to EVP_CIPHER_CTX_get_iv_length() because it's been called already Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) commit cec8854cc90794a0696c518efabd90e0279658db Author: Pauli Date: Mon Jun 7 09:49:04 2021 +1000 evp: fix Coverity 1485670 argument cannot be negative Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) commit 3f617061eceb2f33fb40682cc7b14cc4f9a2143f Author: Pauli Date: Mon Jun 7 09:45:40 2021 +1000 evp: fix Coverity 1485669 improper use of negative value Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) commit dacb0d8f79debfe6b47f4b17ed6a51449dd7e484 Author: Pauli Date: Mon Jun 7 09:42:54 2021 +1000 evp: fix Coverity 1485668 argument cannot be negative Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) commit 9428977994921d23b6aabc047298db3c55867709 Author: Pauli Date: Mon Jun 7 09:39:55 2021 +1000 pkcs12: fix Coverity 1485667 logically dead code Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) commit 0341ff9774283b85179bc07c0cfc80d6e547771e Author: Pauli Date: Mon Jun 7 09:36:04 2021 +1000 evp: fix coverity 1485666 argument cannot be negative Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) commit 042f8f70cb8fb21445ed20d07e2624d5a2bba4e4 Author: Pauli Date: Mon Jun 7 09:28:49 2021 +1000 evp: fix improper use of negative value issues Coverity issues 1485662, 1485663 & 1485664. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) commit b0a0ab07b4313cc893b17880b4399bdb804837c5 Author: Pauli Date: Mon Jun 7 09:26:42 2021 +1000 afalg: fix coverity 1485661 improper use of negative value Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) commit 6c1d17c802678364a8a8d7d69ee2aba2ac76a854 Author: Pauli Date: Mon Jun 7 09:23:41 2021 +1000 fix coverity 1485660 improper use of negative value Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) commit 37bbe449294b63f87b03e792cae465b0b095299a Author: Pauli Date: Mon Jun 7 09:20:16 2021 +1000 bio: improve error checking fixing coverity 1485659 & 1485665 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15635) ----------------------------------------------------------------------- Summary of changes: crypto/evp/bio_ok.c | 8 ++++++-- crypto/evp/ctrl_params_translate.c | 4 ++++ crypto/evp/e_aes.c | 21 +++++++++++++++------ crypto/evp/e_aria.c | 7 ++++++- crypto/evp/e_bf.c | 6 +++++- crypto/evp/e_sm4.c | 7 ++++++- crypto/evp/evp_enc.c | 15 +++++++++------ crypto/pkcs12/p12_mutl.c | 11 +++++------ engines/e_afalg.c | 7 ++++--- engines/e_padlock.c | 7 ++++++- 10 files changed, 66 insertions(+), 27 deletions(-) diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 97641d11d1..97e67fcb68 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -483,9 +483,11 @@ static int sig_in(BIO *b) void *md_data; ctx = BIO_get_data(b); - md = ctx->md; + if ((md = ctx->md) == NULL) + goto berr; digest = EVP_MD_CTX_get0_md(md); - md_size = EVP_MD_get_size(digest); + if ((md_size = EVP_MD_get_size(digest)) < 0) + goto berr; md_data = EVP_MD_CTX_get0_md_data(md); if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size) @@ -562,6 +564,8 @@ static int block_in(BIO *b) ctx = BIO_get_data(b); md = ctx->md; md_size = EVP_MD_get_size(EVP_MD_CTX_get0_md(md)); + if (md_size < 0) + goto berr; assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ tl = ctx->buf[0]; diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index e289c7df7b..6998dcc6fc 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1704,6 +1704,10 @@ static int get_ec_decoded_from_explicit_params(enum state state, #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: val = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey)); + if (val < 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); + return 0; + } break; #endif default: diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 2c2a4ba90c..6d5506056e 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -2516,9 +2516,14 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - unsigned int num = EVP_CIPHER_CTX_get_num(ctx); + int n = EVP_CIPHER_CTX_get_num(ctx); + unsigned int num; EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); + if (n < 0) + return 0; + num = (unsigned int)n; + if (dat->stream.ctr) CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv, @@ -3550,21 +3555,25 @@ typedef struct { static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { + int len; EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); - if (!iv && !key) + + if (iv == NULL && key == NULL) return 1; - if (key) { + if (key != NULL) { if (EVP_CIPHER_CTX_is_encrypting(ctx)) AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &wctx->ks.ks); else AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, &wctx->ks.ks); - if (!iv) + if (iv == NULL) wctx->iv = NULL; } - if (iv) { - memcpy(ctx->iv, iv, EVP_CIPHER_CTX_get_iv_length(ctx)); + if (iv != NULL) { + if ((len = EVP_CIPHER_CTX_get_iv_length(ctx)) < 0) + return 0; + memcpy(ctx->iv, iv, len); wctx->iv = ctx->iv; } return 1; diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index f53528ea5c..7e1fda33e1 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -175,9 +175,14 @@ const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - unsigned int num = EVP_CIPHER_CTX_get_num(ctx); + int n = EVP_CIPHER_CTX_get_num(ctx); + unsigned int num; EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY, ctx); + if (n < 0) + return 0; + num = (unsigned int)n; + CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, EVP_CIPHER_CTX_buf_noconst(ctx), &num, (block128_f) ossl_aria_encrypt); diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index 734e77f0a9..e3ff568757 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -38,7 +38,11 @@ IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx), key); + int len = EVP_CIPHER_CTX_get_key_length(ctx); + + if (len < 0) + return 0; + BF_set_key(&data(ctx)->ks, len, key); return 1; } diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index 39bec569f7..abd603015c 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -74,9 +74,14 @@ IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { - unsigned int num = EVP_CIPHER_CTX_get_num(ctx); + int n = EVP_CIPHER_CTX_get_num(ctx); + unsigned int num; EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx); + if (n < 0) + return 0; + num = (unsigned int)n; + CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, EVP_CIPHER_CTX_buf_noconst(ctx), &num, (block128_f)ossl_sm4_encrypt); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index f39e9b8c90..5188e73602 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -344,16 +344,19 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, n = EVP_CIPHER_CTX_get_iv_length(ctx); if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv))) return 0; - if (iv) - memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_get_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_get_iv_length(ctx)); + if (iv != NULL) + memcpy(ctx->oiv, iv, n); + memcpy(ctx->iv, ctx->oiv, n); break; case EVP_CIPH_CTR_MODE: ctx->num = 0; /* Don't reuse IV for CTR mode */ - if (iv) - memcpy(ctx->iv, iv, EVP_CIPHER_CTX_get_iv_length(ctx)); + if (iv != NULL) { + if ((n = EVP_CIPHER_CTX_get_iv_length(ctx)) <= 0) + return 0; + memcpy(ctx->iv, iv, n); + } break; default: @@ -361,7 +364,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, } } - if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { + if (key != NULL || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { if (!ctx->cipher->init(ctx, key, iv, enc)) return 0; } diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 88655651a0..afdb8d688b 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -249,23 +249,22 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 0; } } - if (!saltlen) + if (saltlen == 0) saltlen = PKCS12_SALT_LEN; - if (saltlen < 0) + else if (saltlen < 0) return 0; if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) { ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); return 0; } p12->mac->salt->length = saltlen; - if (!salt) { - if (saltlen < 0) - return 0; + if (salt == NULL) { if (RAND_bytes_ex(p12->authsafes->ctx.libctx, p12->mac->salt->data, (size_t)saltlen, 0) <= 0) return 0; - } else + } else { memcpy(p12->mac->salt->data, salt, saltlen); + } X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_get_type(md_type)), V_ASN1_NULL, NULL)) { diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 93b3b3f02e..f36665acf6 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -544,7 +544,7 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ciphertype; - int ret; + int ret, len; afalg_ctx *actx; const char *ciphername; @@ -588,8 +588,9 @@ static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (ret < 1) return 0; - - ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_get_key_length(ctx)); + if ((len = EVP_CIPHER_CTX_get_key_length(ctx)) <= 0) + goto err; + ret = afalg_set_key(actx, key, len); if (ret < 1) goto err; diff --git a/engines/e_padlock.c b/engines/e_padlock.c index a22fc476e6..5662bf5b50 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -457,7 +457,12 @@ padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, const unsigned char *in_arg, size_t nbytes) { struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx); - unsigned int num = EVP_CIPHER_CTX_get_num(ctx); + int n = EVP_CIPHER_CTX_get_num(ctx); + unsigned int num; + + if (n < 0) + return 0; + num = (unsigned int)n; CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes, cdata, EVP_CIPHER_CTX_iv_noconst(ctx), From pauli at openssl.org Tue Jun 8 11:05:44 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 11:05:44 +0000 Subject: [openssl] master update Message-ID: <1623150344.217948.7244.nullmailer@dev.openssl.org> The branch master has been updated via 907720f0644bf6b7ad4fa94f03ac29402ae597ab (commit) from 69807ab8ed5d5b3b0bb59f418cb3a7658de005a3 (commit) - Log ----------------------------------------------------------------- commit 907720f0644bf6b7ad4fa94f03ac29402ae597ab Author: Larkin Nickle Date: Wed Jun 2 14:17:40 2021 -0400 Fix compilation on systems with empty _POSIX_TIMERS Systems such as Tru64 ship with broken headers that have _POSIX_TIMERS defined but empty. CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15598) ----------------------------------------------------------------------- Summary of changes: providers/implementations/rands/seeding/rand_unix.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index f77f6e0324..2e6429344c 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -76,7 +76,9 @@ static uint64_t get_timer_bits(void); * macro that might be undefined. */ # undef OSSL_POSIX_TIMER_OKAY -# if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0 +/* On some systems, _POSIX_TIMERS is defined but empty. + * Subtracting by 0 when comparing avoids an error in this case. */ +# if defined(_POSIX_TIMERS) && _POSIX_TIMERS -0 > 0 # if defined(__GLIBC__) # if defined(__GLIBC_PREREQ) # if __GLIBC_PREREQ(2, 17) From pauli at openssl.org Tue Jun 8 12:01:55 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 08 Jun 2021 12:01:55 +0000 Subject: [openssl] master update Message-ID: <1623153715.719753.17639.nullmailer@dev.openssl.org> The branch master has been updated via 92b835376a81ed310c9b365094ba670bc231f64c (commit) from 907720f0644bf6b7ad4fa94f03ac29402ae597ab (commit) - Log ----------------------------------------------------------------- commit 92b835376a81ed310c9b365094ba670bc231f64c Author: Tomas Mraz Date: Mon Jun 7 11:54:04 2021 +0200 EVP_PKEY_new_raw_private_key: Allow zero length keys Allocate at least one byte to distinguish a zero length key from an unset key. Fixes #15632 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15643) ----------------------------------------------------------------------- Summary of changes: providers/implementations/keymgmt/mac_legacy_kmgmt.c | 3 ++- test/evp_extra_test.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index 3b378d38ff..e1e2609dfa 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -190,7 +190,8 @@ static int mac_key_fromdata(MAC_KEY *key, const OSSL_PARAM params[]) return 0; } OPENSSL_secure_clear_free(key->priv_key, key->priv_key_len); - key->priv_key = OPENSSL_secure_malloc(p->data_size); + /* allocate at least one byte to distinguish empty key from no key set */ + key->priv_key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1); if (key->priv_key == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return 0; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 61f6b4ce00..33bb698ff3 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1681,6 +1681,9 @@ static struct keys_st { } keys[] = { { EVP_PKEY_HMAC, "0123456789", NULL + }, + { + EVP_PKEY_HMAC, "", NULL #ifndef OPENSSL_NO_POLY1305 }, { EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL From matt at openssl.org Tue Jun 8 18:06:31 2021 From: matt at openssl.org (Matt Caswell) Date: Tue, 08 Jun 2021 18:06:31 +0000 Subject: [openssl] master update Message-ID: <1623175591.364881.18810.nullmailer@dev.openssl.org> The branch master has been updated via 4bf696c1d05d19ad495995309981f91f265cdaf2 (commit) via 1df8322ce0b54d171dea1a364a3c78a8a4980f65 (commit) via 33fb6ed3ecee73fe2de9047e7bca0bdf2c39303f (commit) via 15fd6c235ca5d7da7ffdb62b2a01c5815e284620 (commit) via b2f1b36592806afcaae79289c33756fb0af5b4ca (commit) via 237cb05d342338ac42852cfdec21b900458a537c (commit) via 29bf83c889c44236f33004ea2a6126c6d92e8b7a (commit) via f8da1d800580fb521b450b51f9e07ad1c3c1798d (commit) via 2b049e933a8d017fa667e69b5b0ec4437eb8d68c (commit) via 7834d50fa92c622e3a1b29a38abbbec2afd1290d (commit) via eaf867011edfd9ec0d2ca6bc36b0d17812be7844 (commit) from 92b835376a81ed310c9b365094ba670bc231f64c (commit) - Log ----------------------------------------------------------------- commit 4bf696c1d05d19ad495995309981f91f265cdaf2 Author: Matt Caswell Date: Mon Jun 7 14:54:24 2021 +0100 Correctly detect decode errors when checking if a key is supported If we have an unsupported key type we may get a decode error and therefore we should detect that. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit 1df8322ce0b54d171dea1a364a3c78a8a4980f65 Author: Matt Caswell Date: Fri Jun 4 14:16:42 2021 +0100 Simplify error reporting in X509_PUBKEY_get0() The X509_PUBKEY_get0() was attempting to recreate any errors that might have occurred from the earlier decode process when obtaining the EVP_PKEY. This is brittle at best and the approach would only work with legacy keys. We remove this and just report an error directly. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit 33fb6ed3ecee73fe2de9047e7bca0bdf2c39303f Author: Matt Caswell Date: Fri May 28 14:03:25 2021 +0100 Use the fips-and-base.cnf config file in CMP tests Two CMP tests were using the fips.cnf config file. However to ensure that decoders are available the fips-and-base.cnf config file needs to be used instead. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit 15fd6c235ca5d7da7ffdb62b2a01c5815e284620 Author: Matt Caswell Date: Fri May 28 13:39:17 2021 +0100 Mark some priv/public key paris as only available in the default provider Now that we actually load public keys from providers we need to mark some key paris in the evp tests as only available there. Otherwise we get test failures when only the FIPS Provider is loaded. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit b2f1b36592806afcaae79289c33756fb0af5b4ca Author: Matt Caswell Date: Fri May 28 11:07:24 2021 +0100 Actually use a legacy route in pem_read_bio_key_legacy() The function pem_read_bio_key_legacy() is a fallback route if we failed to load a key via a provider. We should be using the legacy specific d2i functions to force legacy otherwise we end up using a provider anyway Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit 237cb05d342338ac42852cfdec21b900458a537c Author: Matt Caswell Date: Thu May 27 18:00:07 2021 +0100 Just look for "Unable to load Public Key" if no SM2 The X509 test was looking for some specific errors when printing an SM2 X509 certificate when SM2 is disabled. In fact these errors appear in the middle of the certificate printing which is quite odd. There is also a separate error "Unable to load Public Key" which is more cleanly printed. With the recent change to using provided keys in certs the old errors are no longer output. However printing them in the middle of the cert is probably not right anyway. So we just rely on the "Unable to load Public Key" message. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit 29bf83c889c44236f33004ea2a6126c6d92e8b7a Author: Matt Caswell Date: Thu May 27 16:48:37 2021 +0100 Only use the legacy route to decode a public key if we have to We should use a provider to decode a SubjectPublicKeyInfo structure if we can. We should only use the legacy route if we are forcing legacy, or if an ENGINE is in use. Fixes #15393 Fixes #15327 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit f8da1d800580fb521b450b51f9e07ad1c3c1798d Author: Matt Caswell Date: Thu May 27 16:47:14 2021 +0100 Ensure that we consume all the data when decoding an SPKI If we are decoding a SubjectPublicKeyInfo structure then we must use all of the data and must not have bytes "left over". Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit 2b049e933a8d017fa667e69b5b0ec4437eb8d68c Author: Matt Caswell Date: Thu May 27 16:24:00 2021 +0100 Use the right class/tag when decoding an embedded key When a key (SubjectPublicKeyInfo) is embedded in some other structure it may use an implicit tag. However the decoders can only handle the universal class and don't know how to interpret the implicit tag. Therefore we modify the data into a form the decoders can handle. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit 7834d50fa92c622e3a1b29a38abbbec2afd1290d Author: Matt Caswell Date: Tue May 25 15:19:56 2021 +0100 Fix CTLOG_new_from_base64_ex() Ensure that the libctx/propq are passed to d2i_PUBKEY_ex() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) commit eaf867011edfd9ec0d2ca6bc36b0d17812be7844 Author: Matt Caswell Date: Fri May 21 17:26:35 2021 +0100 Fix the expected output of printing certificates Now that we are using provided keys when loading a certificate the pretty printing formatting is cosmetically different. We need to adjust expected test output accordingly. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15504) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/d2i_pr.c | 10 +-- crypto/ct/ct_b64.c | 2 +- crypto/pem/pem_pkey.c | 6 +- crypto/x509/x_pubkey.c | 112 +++++++++++++++++--------- include/crypto/asn1.h | 4 + include/crypto/x509.h | 2 + test/certs/cyrillic.msb | 2 +- test/certs/cyrillic.utf8 | 2 +- test/evp_test.c | 1 + test/recipes/25-test_x509.t | 2 +- test/recipes/30-test_evp_data/evppkey_ecc.txt | 100 +++++++++++++++++++++++ test/recipes/65-test_cmp_server.t | 2 +- test/recipes/65-test_cmp_vfy.t | 2 +- 13 files changed, 198 insertions(+), 49 deletions(-) diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 58b7646227..3b28460d4b 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -74,9 +74,9 @@ err: return NULL; } -static EVP_PKEY * -d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, const char *propq) +EVP_PKEY * +ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *ret; const unsigned char *p = *pp; @@ -149,7 +149,7 @@ EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp, ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq); /* try the legacy path if the decoder failed */ if (ret == NULL) - ret = d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); + ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); return ret; } @@ -208,7 +208,7 @@ static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a, keytype = EVP_PKEY_RSA; } sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); - return d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); + return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); } /* diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c index 8dd137096c..5dae44d5ef 100644 --- a/crypto/ct/ct_b64.c +++ b/crypto/ct/ct_b64.c @@ -153,7 +153,7 @@ int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64, } p = pkey_der; - pkey = d2i_PUBKEY(NULL, &p, pkey_der_len); + pkey = d2i_PUBKEY_ex(NULL, &p, pkey_der_len, libctx, propq); OPENSSL_free(pkey_der); if (pkey == NULL) { ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_INVALID_KEY); diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 01877057dc..ca6b2a2132 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -23,6 +23,7 @@ #include #include #include "crypto/asn1.h" +#include "crypto/x509.h" #include "crypto/evp.h" #include "pem_local.h" @@ -157,9 +158,10 @@ static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x, ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); if (ameth == NULL || ameth->old_priv_decode == NULL) goto p8err; - ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len); + ret = ossl_d2i_PrivateKey_legacy(ameth->pkey_id, x, &p, len, libctx, + propq); } else if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) { - ret = d2i_PUBKEY(x, &p, len); + ret = ossl_d2i_PUBKEY_legacy(x, &p, len); } else if ((slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { ret = EVP_PKEY_new(); if (ret == NULL) diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 2fe5724743..3f447c4c12 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -17,6 +17,7 @@ #include "internal/cryptlib.h" #include #include +#include #include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/x509.h" @@ -111,9 +112,11 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, const char *propq) { const unsigned char *in_saved = *in; + size_t publen; X509_PUBKEY *pubkey; int ret; OSSL_DECODER_CTX *dctx = NULL; + unsigned char *tmpbuf = NULL; if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, libctx, propq)) return 0; @@ -128,6 +131,12 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, tag, aclass, opt, ctx)) <= 0) return ret; + publen = *in - in_saved; + if (!ossl_assert(publen > 0)) { + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); + return 0; + } + pubkey = (X509_PUBKEY *)*pval; EVP_PKEY_free(pubkey->pkey); pubkey->pkey = NULL; @@ -151,8 +160,24 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, /* Try to decode it into an EVP_PKEY with OSSL_DECODER */ if (ret <= 0 && !pubkey->flag_force_legacy) { - const unsigned char *p = in_saved; + const unsigned char *p; char txtoidname[OSSL_MAX_NAME_SIZE]; + size_t slen = publen; + + /* + * The decoders don't know how to handle anything other than Universal + * class so we modify the data accordingly. + */ + if (aclass != V_ASN1_UNIVERSAL) { + tmpbuf = OPENSSL_memdup(in_saved, publen); + if (tmpbuf == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); + return 0; + } + in_saved = tmpbuf; + *tmpbuf = V_ASN1_CONSTRUCTED | V_ASN1_SEQUENCE; + } + p = in_saved; if (OBJ_obj2txt(txtoidname, sizeof(txtoidname), pubkey->algor->algorithm, 0) <= 0) { @@ -167,15 +192,26 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, pubkey->propq)) != NULL) /* * As said higher up, we're being opportunistic. In other words, - * we don't care about what the return value signals. + * we don't care if we fail. */ - OSSL_DECODER_from_data(dctx, &p, NULL); + if (OSSL_DECODER_from_data(dctx, &p, &slen)) { + if (slen != 0) { + /* + * If we successfully decoded then we *must* consume all the + * bytes. + */ + ERR_clear_last_mark(); + ERR_raise(ERR_LIB_ASN1, EVP_R_DECODE_ERROR); + goto end; + } + } } ERR_pop_to_mark(); ret = 1; end: OSSL_DECODER_CTX_free(dctx); + OPENSSL_free(tmpbuf); return ret; } @@ -327,14 +363,30 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) */ static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key) { - EVP_PKEY *pkey = EVP_PKEY_new(); + EVP_PKEY *pkey; + int nid; + + nid = OBJ_obj2nid(key->algor->algorithm); + if (!key->flag_force_legacy) { +#ifndef OPENSSL_NO_ENGINE + ENGINE *e = NULL; + + e = ENGINE_get_pkey_meth_engine(nid); + if (e == NULL) + return 0; + ENGINE_finish(e); +#else + return 0; +#endif + } + pkey = EVP_PKEY_new(); if (pkey == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); return -1; } - if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) { + if (!EVP_PKEY_set_type(pkey, nid)) { ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); goto error; } @@ -362,30 +414,18 @@ static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key) EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key) { - EVP_PKEY *ret = NULL; - - if (key == NULL || key->public_key == NULL) + if (key == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return NULL; + } - if (key->pkey != NULL) - return key->pkey; - - /* - * When the key ASN.1 is initially parsed an attempt is made to - * decode the public key and cache the EVP_PKEY structure. If this - * operation fails the cached value will be NULL. Parsing continues - * to allow parsing of unknown key types or unsupported forms. - * We repeat the decode operation so the appropriate errors are left - * in the queue. - */ - x509_pubkey_decode(&ret, key); - /* If decode doesn't fail something bad happened */ - if (ret != NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); - EVP_PKEY_free(ret); + if (key->pkey == NULL) { + /* We failed to decode the key when we loaded it, or it was never set */ + ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); + return NULL; } - return NULL; + return key->pkey; } EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key) @@ -453,8 +493,8 @@ static EVP_PKEY *d2i_PUBKEY_int(EVP_PKEY **a, } /* For the algorithm specific d2i functions further down */ -static EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a, - const unsigned char **pp, long length) +EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, + long length) { return d2i_PUBKEY_int(a, pp, length, NULL, NULL, 1, d2i_X509_PUBKEY); } @@ -531,7 +571,7 @@ RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) const unsigned char *q; q = *pp; - pkey = d2i_PUBKEY_legacy(NULL, &q, length); + pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; key = EVP_PKEY_get1_RSA(pkey); @@ -572,7 +612,7 @@ DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length) const unsigned char *q; q = *pp; - pkey = d2i_PUBKEY_legacy(NULL, &q, length); + pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DH) @@ -613,7 +653,7 @@ DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length) const unsigned char *q; q = *pp; - pkey = d2i_PUBKEY_legacy(NULL, &q, length); + pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DHX) @@ -656,7 +696,7 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) const unsigned char *q; q = *pp; - pkey = d2i_PUBKEY_legacy(NULL, &q, length); + pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; key = EVP_PKEY_get1_DSA(pkey); @@ -699,7 +739,7 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) int type; q = *pp; - pkey = d2i_PUBKEY_legacy(NULL, &q, length); + pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; type = EVP_PKEY_get_id(pkey); @@ -742,7 +782,7 @@ ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a, const unsigned char *q; q = *pp; - pkey = d2i_PUBKEY_legacy(NULL, &q, length); + pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; key = ossl_evp_pkey_get1_ED25519(pkey); @@ -783,7 +823,7 @@ ECX_KEY *ossl_d2i_ED448_PUBKEY(ECX_KEY **a, const unsigned char *q; q = *pp; - pkey = d2i_PUBKEY_legacy(NULL, &q, length); + pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) @@ -825,7 +865,7 @@ ECX_KEY *ossl_d2i_X25519_PUBKEY(ECX_KEY **a, const unsigned char *q; q = *pp; - pkey = d2i_PUBKEY_legacy(NULL, &q, length); + pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X25519) @@ -867,7 +907,7 @@ ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a, const unsigned char *q; q = *pp; - pkey = d2i_PUBKEY_legacy(NULL, &q, length); + pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); if (pkey == NULL) return NULL; if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X448) diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h index 829c5980d2..dd0b54aad6 100644 --- a/include/crypto/asn1.h +++ b/include/crypto/asn1.h @@ -142,4 +142,8 @@ X509_ALGOR *ossl_x509_algor_mgf1_decode(X509_ALGOR *alg); int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md); int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm); +EVP_PKEY * ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, + const unsigned char **pp, long length, + OSSL_LIB_CTX *libctx, const char *propq); + #endif /* ndef OSSL_CRYPTO_ASN1_H */ diff --git a/include/crypto/x509.h b/include/crypto/x509.h index 936ab790de..acb1d7b64a 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -354,4 +354,6 @@ ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a, const unsigned char **pp, long length); int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp); # endif +EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, + long length); #endif diff --git a/test/certs/cyrillic.msb b/test/certs/cyrillic.msb index 092c38aa0b..aeae813f45 100644 --- a/test/certs/cyrillic.msb +++ b/test/certs/cyrillic.msb @@ -10,7 +10,7 @@ Certificate: Subject: C=RU, ST=\U041C\U043E\U0441\U043A\U0432\U0430, L=\U041C\U043E\U0441\U043A\U0432\U0430, O=\U0414\U043C\U0438\U0442\U0440\U0438\U0439 \U0411\U0435\U043B\U044F\U0432\U0441\U043A\U0438\U0439, OU=\U042F, CN=Dmitry Belyavskiy, emailAddress=beldmit at example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) + Public-Key: (2048 bit) Modulus: 00:a4:57:96:36:55:6d:95:21:25:17:f8:85:87:53: ba:bc:d5:9a:d6:dc:21:66:72:30:36:ca:94:43:3c: diff --git a/test/certs/cyrillic.utf8 b/test/certs/cyrillic.utf8 index 243534e36d..b444f98e9d 100644 --- a/test/certs/cyrillic.utf8 +++ b/test/certs/cyrillic.utf8 @@ -10,7 +10,7 @@ Certificate: Subject: C=RU, ST=??????, L=??????, O=??????? ?????????, OU=?, CN=Dmitry Belyavskiy, emailAddress=beldmit at example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) + Public-Key: (2048 bit) Modulus: 00:a4:57:96:36:55:6d:95:21:25:17:f8:85:87:53: ba:bc:d5:9a:d6:dc:21:66:72:30:36:ca:94:43:3c: diff --git a/test/evp_test.c b/test/evp_test.c index 059de1251f..6ba72b405b 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -3348,6 +3348,7 @@ static int key_unsupported(void) long reason = ERR_GET_REASON(err); if ((lib == ERR_LIB_EVP && reason == EVP_R_UNSUPPORTED_ALGORITHM) + || (lib == ERR_LIB_EVP && reason == EVP_R_DECODE_ERROR) || reason == ERR_R_UNSUPPORTED) { ERR_clear_error(); return 1; diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 1324f754e9..5b6f8279e7 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -127,6 +127,6 @@ ok(test_errors("RC2-40-CBC", "v3-certs-RC2.p12", '-passin', 'pass:v3-certs'), SKIP: { skip "sm2 not disabled", 1 if !disabled("sm2"); - ok(test_errors("unknown group|unsupported algorithm", "sm2.pem", '-text'), + ok(test_errors("Unable to load Public Key", "sm2.pem", '-text'), "error loading unsupported sm2 cert"); } diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt index 33bab64d28..ea61f7febe 100644 --- a/test/recipes/30-test_evp_data/evppkey_ecc.txt +++ b/test/recipes/30-test_evp_data/evppkey_ecc.txt @@ -24,6 +24,7 @@ MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBXgoOgVlWTLQnrQZXgQuSBcIS3bQAlXQ+yJhS03B 4G8rKQXbrc0mvWsF -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2pnb163v1:ALICE_cf_c2pnb163v1_PUB PrivateKey=BOB_cf_c2pnb163v1 @@ -37,6 +38,7 @@ MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAEDLAAEBn9J0jo39aFVZqhBsAKZ6bViAu6zBC8WaFGExnpZ KuBh8tP8VSTHPCHF -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2pnb163v1:BOB_cf_c2pnb163v1_PUB # ECDH Alice with Bob peer @@ -100,6 +102,7 @@ MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVnlL7lMBaASwCIJaf9x2LgNPVmEAb43huHQlo3Q 4PzawHXQoYm/qgDd -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2pnb163v2:ALICE_cf_c2pnb163v2_PUB PrivateKey=BOB_cf_c2pnb163v2 @@ -113,6 +116,7 @@ MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAIDLAAEAVWNIKn7/WMfzuNnd5ws9J0DI2CfBkEJizZHAFqy kBF3juAQuARgxuT6 -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2pnb163v2:BOB_cf_c2pnb163v2_PUB # ECDH Alice with Bob peer @@ -176,6 +180,7 @@ MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEBx1HRyjuBMjt+vlbWaQbKOpNvWKFAslzEbPv6MpK YnObLnq34LRuWznb -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2pnb163v3:ALICE_cf_c2pnb163v3_PUB PrivateKey=BOB_cf_c2pnb163v3 @@ -189,6 +194,7 @@ MEMwEwYHKoZIzj0CAQYIKoZIzj0DAAMDLAAEAqXF7rsAZ40Z1PT4TeeC45RKTxP4AJBAdfuknJ/J DZnBLhxBwtqnfUpA -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2pnb163v3:BOB_cf_c2pnb163v3_PUB # ECDH Alice with Bob peer @@ -252,6 +258,7 @@ MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEPjME7IV6Tuz2P++wIT60hRxTkk0M0PNgvqYcUoCI iw3girDLhNzOu3IQ8Ac= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2pnb176v1:ALICE_cf_c2pnb176v1_PUB PrivateKey=BOB_cf_c2pnb176v1 @@ -265,6 +272,7 @@ MEUwEwYHKoZIzj0CAQYIKoZIzj0DAAQDLgAEpJn1IDmFj5LceLGfY2wlhI1VHq5vJ+qNIAOXVZhX uMtp6pzy63rCEK53bgs= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2pnb176v1:BOB_cf_c2pnb176v1_PUB # ECDH Alice with Bob peer @@ -329,6 +337,7 @@ ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAEL+IHOL2IfeLRiE6Wqsc0Frqjq7t/JnBmhN1lMB9Y Yj3+Btcne4CPWf8KvfGjAdMs6JKP4A== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2pnb208w1:ALICE_cf_c2pnb208w1_PUB PrivateKey=BOB_cf_c2pnb208w1 @@ -343,6 +352,7 @@ ME0wEwYHKoZIzj0CAQYIKoZIzj0DAAoDNgAENBvdzCDOIvu9zo7reJq1ummhR+0jaDc+EoSlW984 cl9FTi/JJznwC+RNgwVfJ1WKJun1YA== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2pnb208w1:BOB_cf_c2pnb208w1_PUB # ECDH Alice with Bob peer @@ -407,6 +417,7 @@ MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAE0IH60bGi46FDzEprGZ8EBK5uMMcVke/txeBRNGHQ DzG68r3EMLZkOfE1+g04MN7HgY7zt3jMYb8ImyLRmvqR2abjs6c= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2pnb272w1:ALICE_cf_c2pnb272w1_PUB PrivateKey=BOB_cf_c2pnb272w1 @@ -421,6 +432,7 @@ MF0wEwYHKoZIzj0CAQYIKoZIzj0DABADRgAEIeIkcMHAuOgvHt2Wp52vVe0DYPNnUX79t/mLSx03 cUlDmcxL7vIXdx9hB4OmQBYbm+YLDNfTFGAIlDfr2tELpVVPWPo= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2pnb272w1:BOB_cf_c2pnb272w1_PUB # ECDH Alice with Bob peer @@ -485,6 +497,7 @@ MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEvoaqRX6qiNQiFH1BhgLCPTpYszoRhmlLirkvlw/Q iXBlfQ7U4g+iRR/kmu2RlwwOHgNNL+mWcvLkFfS8Kr4jzv1EY1Ecx96n21l0YQ== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2pnb304w1:ALICE_cf_c2pnb304w1_PUB PrivateKey=BOB_cf_c2pnb304w1 @@ -499,6 +512,7 @@ MGUwEwYHKoZIzj0CAQYIKoZIzj0DABEDTgAEYuAq/6Yw5HxMeMohlWmwl+ZK4ZQucfr1tWDKwhDb kAOUO2P/Q/H+uelM3VVwxeu6A1kaX7K0UZpNa96NRBwI4aevc+vOxCgYkGt9BA== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2pnb304w1:BOB_cf_c2pnb304w1_PUB # ECDH Alice with Bob peer @@ -564,6 +578,7 @@ euvf3cpPXBvxUawJXfO9FwFRQabDRagGP99Walidd2JW8nWDWZgZMKj15Wh+4bp2dZHc2tPIIHHd 3makbwQ= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2pnb368w1:ALICE_cf_c2pnb368w1_PUB PrivateKey=BOB_cf_c2pnb368w1 @@ -579,6 +594,7 @@ At+zYlpzGax1oJ1CW8fGA0Gu0RnvAfDeW9vgrtzshH1Vy/Ni6a7LPho99PtUP2nzUBnv+hfhFSra gqfRaOs= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2pnb368w1:BOB_cf_c2pnb368w1_PUB # ECDH Alice with Bob peer @@ -644,6 +660,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEG9iuZmnhz2H/YQKmVUaO//fm7hvV+CP5c2iszpR3 7lRimqLWHPyvKgcP+PRCIUom -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2tnb191v1:ALICE_cf_c2tnb191v1_PUB PrivateKey=BOB_cf_c2tnb191v1 @@ -658,6 +675,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAUDMgAEdO/4ii8gi8eQfBrv3XmsOETwIfT8OIpBW/kUoHD+ adqalcB6SIWOfoJReDLcpxAD -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2tnb191v1:BOB_cf_c2tnb191v1_PUB # ECDH Alice with Bob peer @@ -722,6 +740,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEAyQdwZYRIiv7O4/WRLDKJ249TM8dr2Y+Oz8rSxCI UVvJT/Jv9m462J6Iz1XOohhP -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2tnb191v2:ALICE_cf_c2tnb191v2_PUB PrivateKey=BOB_cf_c2tnb191v2 @@ -736,6 +755,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAYDMgAEBVkB4O6fFvGzMHv4BF51muFA0npOGKoOdKbIIMQY JBIoz1RNNXTcgdpguLcrvcPJ -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2tnb191v2:BOB_cf_c2tnb191v2_PUB # ECDH Alice with Bob peer @@ -800,6 +820,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEL4NGEUX2CXY18MyoH1inKq5kde9RGr25ODm/0BEX HWsGvDE2HC+6pL2BMl3MRCty -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2tnb191v3:ALICE_cf_c2tnb191v3_PUB PrivateKey=BOB_cf_c2tnb191v3 @@ -814,6 +835,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAAcDMgAEPKekNkT9mQ8KRCTR2RwCFkhNvsjL+/mLHYzbMrYe QFIb5QwXAdbg2tEOl7yj9qkk -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2tnb191v3:BOB_cf_c2tnb191v3_PUB # ECDH Alice with Bob peer @@ -878,6 +900,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEUgG/uMWy4k0R/kbVJEapF6r5ik4Q9WPsDXAd0856 dVL8PvBXgixk2tKfyY1xUVebcEVlgdZP1pN1Xyvi -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2tnb239v1:ALICE_cf_c2tnb239v1_PUB PrivateKey=BOB_cf_c2tnb239v1 @@ -892,6 +915,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAsDPgAEcwKt31cWaoFUd7QxYSdwgMDOqEhjPbD3Z9AfR3tc G77/MY5z1oQegqImBog645vtPWI8lZd1zcl6QYRS -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2tnb239v1:BOB_cf_c2tnb239v1_PUB # ECDH Alice with Bob peer @@ -956,6 +980,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAEKzpycflUrsyqVV/+fzvC2+AuX3r0b0Syn8acvn78 VnKA9mZKwPLWhnMJcLyzarIzc/6/UcfYGNmTyUlG -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2tnb239v2:ALICE_cf_c2tnb239v2_PUB PrivateKey=BOB_cf_c2tnb239v2 @@ -970,6 +995,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAAwDPgAETPSkhMs3JW3BG66FSfCov76JKdcRiBhMCW453Wku N7yBxBmWjeclHhnXIzfc4qM4qf9n3KzMSXejPVYg -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2tnb239v2:BOB_cf_c2tnb239v2_PUB # ECDH Alice with Bob peer @@ -1034,6 +1060,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEOu2HIAUX+r6IbRlrPUJUBDL814dR++maVAAkUIjD H33ewqcI9ZLtpvuR8P8hgRNUTXlh1GWgrB6F21Eo -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2tnb239v3:ALICE_cf_c2tnb239v3_PUB PrivateKey=BOB_cf_c2tnb239v3 @@ -1048,6 +1075,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAA0DPgAEVaEi76wyzlpzkkSElf4SmGZ7kf1ghHMP82HkGk7K BC10zUyppoSOAr0eX4pHAkDUF1m/KGoJa7QcJJww -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2tnb239v3:BOB_cf_c2tnb239v3_PUB # ECDH Alice with Bob peer @@ -1113,6 +1141,7 @@ RLMN7C4rRmqiJakD11QtOforOgbPW5r/v7t4TUWIlq8jV7kapJNtxQtg/S87L0NQGgHBq/lnJL8x fN3Y -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2tnb359v1:ALICE_cf_c2tnb359v1_PUB PrivateKey=BOB_cf_c2tnb359v1 @@ -1128,6 +1157,7 @@ ZNX8SSS79Zf2HsQl+LWIZyzeYzoHobKXufChw9/H4ThS58VwV5/0hoE929PIgJ1MSEqr5LvJXi+b R8fe -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2tnb359v1:BOB_cf_c2tnb359v1_PUB # ECDH Alice with Bob peer @@ -1194,6 +1224,7 @@ pGEMTh8B+YfkWuq+IDY5zSqNKtg7cRlAFX2dlHhRSvNxrN3DJCrhe/TQq8SIYawcqEQnM39F8hHM 7VQJLEsBpJ/WUonwMJXknjgfONP7GA== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_c2tnb431r1:ALICE_cf_c2tnb431r1_PUB PrivateKey=BOB_cf_c2tnb431r1 @@ -1209,6 +1240,7 @@ fb9kEbBLU+QixSbYZOrqPasesDV9dApDXF+w6EfIeNyJEK5Lk+aXamrn7fRMUAQ2m7+Odp87GgA+ 8Cg6YpgbK314SK5STziqoZwzEISJ9w== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_c2tnb431r1:BOB_cf_c2tnb431r1_PUB # ECDH Alice with Bob peer @@ -1274,6 +1306,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAET6wOPoDU3BeU7VKozsGEvDeJs//9Z/aNEcbbLQ0d g5IzsS/XMJzifjCJZgNsb7mi -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_prime192v2:ALICE_cf_prime192v2_PUB PrivateKey=BOB_cf_prime192v2 @@ -1288,6 +1321,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQIDMgAEcgWNAOL4pZCmouZl+be+rC0yLAJkm2YuPWs+FX2u Y6OU1aHkkspZTC1uUVWjchy5 -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_prime192v2:BOB_cf_prime192v2_PUB # ECDH Alice with Bob peer @@ -1316,6 +1350,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE1+mLeiT/jjHO71IL/C/ZcnF6+yj9FV6eqfuPdHAi MsDRFCB6/h8TcCUFuospu5l0 -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_prime192v3:ALICE_cf_prime192v3_PUB PrivateKey=BOB_cf_prime192v3 @@ -1330,6 +1365,7 @@ MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAEv35bOz0xqLeJqpZdZ8LyiUgsJMBEtN2UMJm8blX2 vMWAgEeLhzar86BUlS7dZwS7 -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_prime192v3:BOB_cf_prime192v3_PUB # ECDH Alice with Bob peer @@ -1358,6 +1394,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEMqQLCgDR9njkq9QELuOu+J/9YGcxJHULdvxHImLW RXqBUM5Xea+Qk2SKIpWcogxr2zFeQyeLj2bQysuo -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_prime239v1:ALICE_cf_prime239v1_PUB PrivateKey=BOB_cf_prime239v1 @@ -1372,6 +1409,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQQDPgAEBR5m/kllh025oO4GvqALkjRliVv7q4x8ro/tkYnT L2U4hkT6xUeRu9QC4KOz7KUVH+nBbQASL4XQg/3C -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_prime239v1:BOB_cf_prime239v1_PUB # ECDH Alice with Bob peer @@ -1400,6 +1438,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAETH77jXHBItV673gTNK/HTFldo4VxPiscbideUgKd CWjdVsXebgAZbqQwf0h9QWcIgM7K7ODdW5kCuZ1G -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_prime239v2:ALICE_cf_prime239v2_PUB PrivateKey=BOB_cf_prime239v2 @@ -1414,6 +1453,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQUDPgAELUQYo0UH8HbK/RMD2jVphBU+iB4OTOfvaaTlHq06 dcJ8a9a+mAQKhb1OZVEq1n4nQsgRiI1rPxugVERM -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_prime239v2:BOB_cf_prime239v2_PUB # ECDH Alice with Bob peer @@ -1442,6 +1482,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEZEN48pqgLF08Yjj/8BLM2Nr5ZhpYxyBurbzKRuBb GLpzZLteJN9vZjN7ouNpMxLVUFQxTOwpsvUw86Lk -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_prime239v3:ALICE_cf_prime239v3_PUB PrivateKey=BOB_cf_prime239v3 @@ -1456,6 +1497,7 @@ MFUwEwYHKoZIzj0CAQYIKoZIzj0DAQYDPgAEQUWKqohAPAoIYEZOvc1QwSlcB+gW0febaNxGOy47 LaIWdsNM7GJVP9xpdSwm/L+Dip/oH4E59f3SiOAd -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_prime239v3:BOB_cf_prime239v3_PUB # ECDH Alice with Bob peer @@ -1482,6 +1524,7 @@ PublicKey=ALICE_cf_secp112r1_PUB MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEYIawfjH3qRrJJWwuG3Ys5ZhDJsmdWi34aHgKAA== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp112r1:ALICE_cf_secp112r1_PUB PrivateKey=BOB_cf_secp112r1 @@ -1494,6 +1537,7 @@ PublicKey=BOB_cf_secp112r1_PUB MDIwEAYHKoZIzj0CAQYFK4EEAAYDHgAEchh3iQdPN1rrzrpdZRQ95G6tvdwEBQ+gfu1tvA== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp112r1:BOB_cf_secp112r1_PUB # ECDH Alice with Bob peer @@ -1520,6 +1564,7 @@ PublicKey=ALICE_cf_secp112r2_PUB MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEHK9uNAILHBmPZdKKh79/nzYE0HbvC//rA7i0Xw== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp112r2:ALICE_cf_secp112r2_PUB PrivateKey=BOB_cf_secp112r2 @@ -1532,6 +1577,7 @@ PublicKey=BOB_cf_secp112r2_PUB MDIwEAYHKoZIzj0CAQYFK4EEAAcDHgAEUzBLNQupqUpGgmZl9JVjKBpwusl52rFg5OVFJA== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp112r2:BOB_cf_secp112r2_PUB # ECDH Alice with Bob peer @@ -1593,6 +1639,7 @@ PublicKey=ALICE_cf_secp128r1_PUB MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAEG0XMAdrAZOPUW6L9ADU8XK8sZr7dtIcDinSWU1zSV9s= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp128r1:ALICE_cf_secp128r1_PUB PrivateKey=BOB_cf_secp128r1 @@ -1605,6 +1652,7 @@ PublicKey=BOB_cf_secp128r1_PUB MDYwEAYHKoZIzj0CAQYFK4EEABwDIgAE82nknsOS+u8mybP0KJqQhvm83gbPNTZOcvm0ZDVR5sU= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp128r1:BOB_cf_secp128r1_PUB # ECDH Alice with Bob peer @@ -1631,6 +1679,7 @@ PublicKey=ALICE_cf_secp128r2_PUB MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAEOKiPRGtZXwxmvTr35NmUkNsAGGk9RKNA4D5BE9ZrjZQ= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp128r2:ALICE_cf_secp128r2_PUB PrivateKey=BOB_cf_secp128r2 @@ -1643,6 +1692,7 @@ PublicKey=BOB_cf_secp128r2_PUB MDYwEAYHKoZIzj0CAQYFK4EEAB0DIgAELph7h27BYjIINC2EddcpIOxKbdz8Xe7h3Az1ZuR9bAI= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp128r2:BOB_cf_secp128r2_PUB # ECDH Alice with Bob peer @@ -1705,6 +1755,7 @@ MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAEcVWIjtPZn1cHckclpn5jKDCphQUVHxFN5tSeFG9wsJZT EvqPyLS64w== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp160k1:ALICE_cf_secp160k1_PUB PrivateKey=BOB_cf_secp160k1 @@ -1718,6 +1769,7 @@ MD4wEAYHKoZIzj0CAQYFK4EEAAkDKgAESGN41cAj8Fg4pAJM7FUKHiawbCR0b9unMpZWxqOKeW1/ bxT/CqEkyw== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp160k1:BOB_cf_secp160k1_PUB # ECDH Alice with Bob peer @@ -1745,6 +1797,7 @@ MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEO78GZuBaCfJjHK97c9N21z+4mm37b5x7/Hr3Xc4pUbtb OoNj/A+W9w== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp160r1:ALICE_cf_secp160r1_PUB PrivateKey=BOB_cf_secp160r1 @@ -1758,6 +1811,7 @@ MD4wEAYHKoZIzj0CAQYFK4EEAAgDKgAEBKDbBSPTwmb00MFvMtJMxQ2YDmcPOZHE8YbVr5hp8s5J Jwy17FaNNg== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp160r1:BOB_cf_secp160r1_PUB # ECDH Alice with Bob peer @@ -1785,6 +1839,7 @@ MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAE4V+25YCpVkKF6NF/UPc1SYxohYWcf3qT3JDoPRhnm/rj mSqCCA6gUw== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp160r2:ALICE_cf_secp160r2_PUB PrivateKey=BOB_cf_secp160r2 @@ -1798,6 +1853,7 @@ MD4wEAYHKoZIzj0CAQYFK4EEAB4DKgAEB7YVzBmzhnIdouvN/nb8VMXCqO8dkhmebyVzoD0oAzuH nN+SfWr6aQ== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp160r2:BOB_cf_secp160r2_PUB # ECDH Alice with Bob peer @@ -1825,6 +1881,7 @@ MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEyV4EzMZglBXtYdn38hNTrCGflAsJprMkxkOlw58chZ25 6EAu7gVvYDTpnRkymKyH -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp192k1:ALICE_cf_secp192k1_PUB PrivateKey=BOB_cf_secp192k1 @@ -1838,6 +1895,7 @@ MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAE990Tnmh9QQQHVHuLpfrAsgjvB9R2MJXzhBZN1WvtxLqF OZ2oFMP0Kfcr7HbI7a5j -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp192k1:BOB_cf_secp192k1_PUB # ECDH Alice with Bob peer @@ -1866,6 +1924,7 @@ ME4wEAYHKoZIzj0CAQYFK4EEACADOgAE4o7LGdJDixqJZ5imnqaX4IeE55NG4W0HEe72LVC7pmn2 e3m7uC92ZQhduF9lJli4dXD5en/1wkE= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp224k1:ALICE_cf_secp224k1_PUB PrivateKey=BOB_cf_secp224k1 @@ -1880,6 +1939,7 @@ ME4wEAYHKoZIzj0CAQYFK4EEACADOgAEzp00m0DaADn1mGiDCT7K1LZnoj/vCxHPowUDC9yQd17K KpJM5sGILrTkkgxqtt5pBeYE1NC1QUQ= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp224k1:BOB_cf_secp224k1_PUB # ECDH Alice with Bob peer @@ -1908,6 +1968,7 @@ MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAElytZZZHc9CelGzZkNGpzY2CHQ+3z6tUnfsQxUmtiZnUg 7oKfQC5BV8pZ5WYNPWnbT0RRg5kyBtzry9oQIhO5Lw== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_secp256k1:ALICE_cf_secp256k1_PUB PrivateKey=BOB_cf_secp256k1 @@ -1922,6 +1983,7 @@ MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE2BQeSJOa7kJAQsAPUbLseHjHhMe3tUOAl3bqoDqtrfO+ 2m2MP/IC/R9Kof2nmaiQ6DostdbS8kB+CnnprK375w== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_secp256k1:BOB_cf_secp256k1_PUB # ECDH Alice with Bob peer @@ -1948,6 +2010,7 @@ PublicKey=ALICE_cf_sect113r1_PUB MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEASO9jcamlg1pRE7JffrTAe9kyRZO2xrymHXoGdnA -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_sect113r1:ALICE_cf_sect113r1_PUB PrivateKey=BOB_cf_sect113r1 @@ -1960,6 +2023,7 @@ PublicKey=BOB_cf_sect113r1_PUB MDQwEAYHKoZIzj0CAQYFK4EEAAQDIAAEATykaf/cvJzLOUto1EbbAEz/3++nut6q0dcJOQeV -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_sect113r1:BOB_cf_sect113r1_PUB # ECDH Alice with Bob peer @@ -2021,6 +2085,7 @@ PublicKey=ALICE_cf_sect113r2_PUB MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAFvQ4JgQTS8kjGeVfuITAS81qNcOQvt3PYa1HuCk -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_sect113r2:ALICE_cf_sect113r2_PUB PrivateKey=BOB_cf_sect113r2 @@ -2033,6 +2098,7 @@ PublicKey=BOB_cf_sect113r2_PUB MDQwEAYHKoZIzj0CAQYFK4EEAAUDIAAEAUoS3of8y28meYu/NoI5AVdhJZCuDjMqFHTriWY4 -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_sect113r2:BOB_cf_sect113r2_PUB # ECDH Alice with Bob peer @@ -2095,6 +2161,7 @@ MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEBXCuXD6wOOif91GUlJNKXf8FBNw8crgqi5aEJEZbCdBJ Ag== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_sect131r1:ALICE_cf_sect131r1_PUB PrivateKey=BOB_cf_sect131r1 @@ -2108,6 +2175,7 @@ MDgwEAYHKoZIzj0CAQYFK4EEABYDJAAEB8vGy3OQXwWKcJUSSJbCtpMBjFgJeZxzAaI420+B1B+1 5A== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_sect131r1:BOB_cf_sect131r1_PUB # ECDH Alice with Bob peer @@ -2171,6 +2239,7 @@ MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEA5+Y20L8q989I4jnKknZ7hcGlQ6RUIGni9RahT88kB/d dw== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_sect131r2:ALICE_cf_sect131r2_PUB PrivateKey=BOB_cf_sect131r2 @@ -2184,6 +2253,7 @@ MDgwEAYHKoZIzj0CAQYFK4EEABcDJAAEB2G2uNkhQNjjl0/Ov6UYpxoFaWNXO+qy7poV6cdrFN7z pA== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_sect131r2:BOB_cf_sect131r2_PUB # ECDH Alice with Bob peer @@ -2247,6 +2317,7 @@ MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEA0f195HCcD4D+7wWyl3QuPkRovG/ATy5l7fpMl4BNIg/ sbtEXluCzANF -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_sect163r1:ALICE_cf_sect163r1_PUB PrivateKey=BOB_cf_sect163r1 @@ -2260,6 +2331,7 @@ MEAwEAYHKoZIzj0CAQYFK4EEAAIDLAAEAul/oBKr9B5MsPHWGF+q07j0JC+WAxj1JzfcIXR98n+r 9FHWU5LC5pDM -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_sect163r1:BOB_cf_sect163r1_PUB # ECDH Alice with Bob peer @@ -2323,6 +2395,7 @@ MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAeqP0VQobenduwtf4MPmlYQVDjUmxKq50QFHnaBfzwXY 1TYShZZgBr0R6a5dUGCbiF0= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_sect193r1:ALICE_cf_sect193r1_PUB PrivateKey=BOB_cf_sect193r1 @@ -2336,6 +2409,7 @@ MEgwEAYHKoZIzj0CAQYFK4EEABgDNAAEAaFZVIeqfV9wbPydaBSJKSWJjVyFVSB/QQB5rHonYQmK f40zok8PJS6ratIcZwk/n20= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_sect193r1:BOB_cf_sect193r1_PUB # ECDH Alice with Bob peer @@ -2399,6 +2473,7 @@ MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAIn7oSu3adu4ChNXniHKkMIv9gT24rpzzwAeCTDPIkUT kJ+Tit6e4RpgkB/dph4V+uI= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_sect193r2:ALICE_cf_sect193r2_PUB PrivateKey=BOB_cf_sect193r2 @@ -2412,6 +2487,7 @@ MEgwEAYHKoZIzj0CAQYFK4EEABkDNAAEAFdSLKI0tlwZDpkndutOLsnHii1aJO8snwEJ0m/AZgMp xiDevOQ/xE9SpMX25W7YqkU= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_sect193r2:BOB_cf_sect193r2_PUB # ECDH Alice with Bob peer @@ -2476,6 +2552,7 @@ MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEf5paOMjzcnpVAPMQnIkikE4K2jne3ubX2TD1P3aedknF lUr6tOU4BsiUQJACF90rQ9/KdeR5mYvYHzvI -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_sect239k1:ALICE_cf_sect239k1_PUB PrivateKey=BOB_cf_sect239k1 @@ -2490,6 +2567,7 @@ MFIwEAYHKoZIzj0CAQYFK4EEAAMDPgAEKnjJ4RHe+EiElXMrF4ou7VGy1pn0ZiO17FouF31Zbvjc TcbhfE6ziXM8sekQJBwcwRKQ9+G/Qzq/2A9x -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_sect239k1:BOB_cf_sect239k1_PUB # ECDH Alice with Bob peer @@ -2554,6 +2632,7 @@ MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAZkrhWBz/Q4GB8DY4Ia114ew6H7Eg7ri2uxwxd3rAZs5 /ShvunNyndjCt3Qaq8sulBM0nUyERSDakyD+ -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls10:ALICE_cf_wap-wsg-idm-ecid-wtls10_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls10 @@ -2568,6 +2647,7 @@ MFIwEAYHKoZIzj0CAQYFZysBBAoDPgAEAGavw4ChHCoWplAumMEBwJgJ2aYtw+utu4vhWnscAPIT IJ4IiIGj18rCFBap1sgVbpXjhEBLYg6Itwv2 -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls10:BOB_cf_wap-wsg-idm-ecid-wtls10_PUB # ECDH Alice with Bob peer @@ -2632,6 +2712,7 @@ MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEABttgKKYeGZRmcH/5UZR56lOSgbU4TH2AuIhvj88AL6H zTCX9elzXpck+u22bnmkuvL2A8XKB5+fabMR -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls11:ALICE_cf_wap-wsg-idm-ecid-wtls11_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls11 @@ -2646,6 +2727,7 @@ MFIwEAYHKoZIzj0CAQYFZysBBAsDPgAEAL6Xj/KCmXAQAAo847t0bl0wqBrteWRg93OvIJsPAAOE ehdIgJyruc3KsH0RFlipu5QD8pnGSIXvif19 -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls11:BOB_cf_wap-wsg-idm-ecid-wtls11_PUB # ECDH Alice with Bob peer @@ -2710,6 +2792,7 @@ ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAE0t0WqG/pFsiCt6agmebw3FCEWAzf9BpNLuzoCkPEe0Li bqn5udrckL6s3stwCTVFaZUfY2qS9QE= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls12:ALICE_cf_wap-wsg-idm-ecid-wtls12_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls12 @@ -2724,6 +2807,7 @@ ME4wEAYHKoZIzj0CAQYFZysBBAwDOgAEvyxedqaWkoAOMjaV5W3/tJpheiHAR0zV6BlIeUuGP2mx +xsOK9/QB7hzipq9cXx1K/dXu58EoSY= -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls12:BOB_cf_wap-wsg-idm-ecid-wtls12_PUB # ECDH Alice with Bob peer @@ -2750,6 +2834,7 @@ PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEACBNPI48xxsPVQBy07jRAAcWzbIkMo8BQotxpfGJ -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls1:ALICE_cf_wap-wsg-idm-ecid-wtls1_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls1 @@ -2762,6 +2847,7 @@ PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls1_PUB MDQwEAYHKoZIzj0CAQYFZysBBAEDIAAEAEeHMSBTx/EtOu+bjBinALHSkQuJyiP3mg1tu+I2 -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls1:BOB_cf_wap-wsg-idm-ecid-wtls1_PUB # ECDH Alice with Bob peer @@ -2824,6 +2910,7 @@ MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEBRIzvK9o7eO2NGmtPFV/zo9/1mlvBwjG7+e6hbPG1KdI 01f8oGBuXMQH -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls3:ALICE_cf_wap-wsg-idm-ecid-wtls3_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls3 @@ -2837,6 +2924,7 @@ MEAwEAYHKoZIzj0CAQYFZysBBAMDLAAEAYOspjEbzyZw61jCtUrxARr+w66nBH+73QIvlaRVSG/4 hlBUf5kmG4Yn -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls3:BOB_cf_wap-wsg-idm-ecid-wtls3_PUB # ECDH Alice with Bob peer @@ -2899,6 +2987,7 @@ PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAW3K4Mus5+KAJVGLzEYrAYuCJSEYXFTo17aW0TwN -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls4:ALICE_cf_wap-wsg-idm-ecid-wtls4_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls4 @@ -2911,6 +3000,7 @@ PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls4_PUB MDQwEAYHKoZIzj0CAQYFZysBBAQDIAAEAI0F7ixGqOhnYpsuR80nAdTdSXM+YbcUbLe/U/xG -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls4:BOB_cf_wap-wsg-idm-ecid-wtls4_PUB # ECDH Alice with Bob peer @@ -2973,6 +3063,7 @@ MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEAH5xyUrvbuN+tWmRhwqrQfFHPHNUBKtAGvJuvSFVwTKk uFzn9fPvIDe6 -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls5:ALICE_cf_wap-wsg-idm-ecid-wtls5_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls5 @@ -2986,6 +3077,7 @@ MEAwEAYHKoZIzj0CAQYFZysBBAUDLAAEBdXxEk0L2XAVzRNLPcnMxGXXyDfZAoA1Qw2XpOfVWIVR jdoMGRgUuJmO -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls5:BOB_cf_wap-wsg-idm-ecid-wtls5_PUB # ECDH Alice with Bob peer @@ -3048,6 +3140,7 @@ PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAERPw/8Ip/RrXr0gMgLGRQeiQ4Qd6W+Li0ylGKzg== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls6:ALICE_cf_wap-wsg-idm-ecid-wtls6_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls6 @@ -3060,6 +3153,7 @@ PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls6_PUB MDIwEAYHKoZIzj0CAQYFZysBBAYDHgAEhJXqpYGxE/l1X/LiBeyRbIcyzqPxUP5Tkv3U3w== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls6:BOB_cf_wap-wsg-idm-ecid-wtls6_PUB # ECDH Alice with Bob peer @@ -3087,6 +3181,7 @@ MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEwQLnZ70n45RLqRtAGNzEa3Rl/9nwyjqYUtw2eeHhnNLT feGY4CNH0w== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls7:ALICE_cf_wap-wsg-idm-ecid-wtls7_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls7 @@ -3100,6 +3195,7 @@ MD4wEAYHKoZIzj0CAQYFZysBBAcDKgAEZGN44YbN5r3zcNtOHrvbQLt8/lE7BHp4D/9eKLmwFDn1 QneRu3xwPA== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls7:BOB_cf_wap-wsg-idm-ecid-wtls7_PUB # ECDH Alice with Bob peer @@ -3126,6 +3222,7 @@ PublicKey=ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEJD0h4HEfchwxqhp9eMHh9gczQKHX4MtWVoAxKQ== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls8:ALICE_cf_wap-wsg-idm-ecid-wtls8_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls8 @@ -3138,6 +3235,7 @@ PublicKey=BOB_cf_wap-wsg-idm-ecid-wtls8_PUB MDIwEAYHKoZIzj0CAQYFZysBBAgDHgAEZawmRmzr9P+jihImUi6ykOzaSH484JhMKNdrgw== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls8:BOB_cf_wap-wsg-idm-ecid-wtls8_PUB # ECDH Alice with Bob peer @@ -3165,6 +3263,7 @@ MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAET0ppOvd9DU4v+tkKDQ5wRBrN1FwD9+F9t5l3Im+mz3rw DB/RYdZuUg== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=ALICE_cf_wap-wsg-idm-ecid-wtls9:ALICE_cf_wap-wsg-idm-ecid-wtls9_PUB PrivateKey=BOB_cf_wap-wsg-idm-ecid-wtls9 @@ -3178,6 +3277,7 @@ MD4wEAYHKoZIzj0CAQYFZysBBAkDKgAEWc37LGt6lt90iF4lhtDYNFdjAqoczebuNgzGff/Uq8ov a3EVJ9yK1A== -----END PUBLIC KEY----- +Availablein = default PrivPubKeyPair=BOB_cf_wap-wsg-idm-ecid-wtls9:BOB_cf_wap-wsg-idm-ecid-wtls9_PUB # ECDH Alice with Bob peer diff --git a/test/recipes/65-test_cmp_server.t b/test/recipes/65-test_cmp_server.t index 478de7751a..ba09fbe924 100644 --- a/test/recipes/65-test_cmp_server.t +++ b/test/recipes/65-test_cmp_server.t @@ -36,5 +36,5 @@ ok(run(test([@basic_cmd, "none"]))); ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")]))); unless ($no_fips) { - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); + ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")]))); } diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t index cc0ef8cee7..f722800e27 100644 --- a/test/recipes/65-test_cmp_vfy.t +++ b/test/recipes/65-test_cmp_vfy.t @@ -47,5 +47,5 @@ ok(run(test([@basic_cmd, "none"]))); ok(run(test([@basic_cmd, "default", srctop_file("test", "default.cnf")]))); unless ($no_fips) { - ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips.cnf")]))); + ok(run(test([@basic_cmd, "fips", srctop_file("test", "fips-and-base.cnf")]))); } From no-reply at appveyor.com Tue Jun 8 18:20:05 2021 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 08 Jun 2021 18:20:05 +0000 Subject: Build failed: openssl master.42260 Message-ID: <20210608182005.1.169BF87943CAFFA4@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 8 22:10:43 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 08 Jun 2021 22:10:43 +0000 Subject: Still FAILED build of OpenSSL branch master with options --strict-warnings Message-ID: <1623190243.469216.43035.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config --strict-warnings Commit log since last time: 1355659bb8 OpenSSL::Test.pm: Replace all uses of rel2abs() with abs_path() 4bf696c1d0 Correctly detect decode errors when checking if a key is supported 1df8322ce0 Simplify error reporting in X509_PUBKEY_get0() 33fb6ed3ec Use the fips-and-base.cnf config file in CMP tests 15fd6c235c Mark some priv/public key paris as only available in the default provider b2f1b36592 Actually use a legacy route in pem_read_bio_key_legacy() 237cb05d34 Just look for "Unable to load Public Key" if no SM2 29bf83c889 Only use the legacy route to decode a public key if we have to f8da1d8005 Ensure that we consume all the data when decoding an SPKI 2b049e933a Use the right class/tag when decoding an embedded key 7834d50fa9 Fix CTLOG_new_from_base64_ex() eaf867011e Fix the expected output of printing certificates 92b835376a EVP_PKEY_new_raw_private_key: Allow zero length keys 907720f064 Fix compilation on systems with empty _POSIX_TIMERS 69807ab8ed evp: avoid some calls to EVP_CIPHER_CTX_get_iv_length() because it's been called already cec8854cc9 evp: fix Coverity 1485670 argument cannot be negative 3f617061ec evp: fix Coverity 1485669 improper use of negative value dacb0d8f79 evp: fix Coverity 1485668 argument cannot be negative 9428977994 pkcs12: fix Coverity 1485667 logically dead code 0341ff9774 evp: fix coverity 1485666 argument cannot be negative 042f8f70cb evp: fix improper use of negative value issues b0a0ab07b4 afalg: fix coverity 1485661 improper use of negative value 6c1d17c802 fix coverity 1485660 improper use of negative value 37bbe44929 bio: improve error checking fixing coverity 1485659 & 1485665 95c8a51252 doc: add PKEY life cycle documentation 75653c100f doc: build changes for PKEY life cycle documentation dbf021c20e doc: add build info for cipher life cycle documentation b1307e9421 doc: add references to cipher life cycle documentation c0fc3fe349 doc: add cipher life cycle documentation e748b4fbae doc: improve the cipher life cycle diagram f7a19d6402 doc-nits: support out of source execution 7f0dc8da7d doc: remove empty section 8809fdff93 doc: add references to digest life cycle documentation 7b9e236177 doc: add digest life cycle documentation 618523e728 doc: add digest lifecycle diagram e4d69413c2 life-cycles: update digest state table 178fa72ed5 Add aix64-gcc-as architecture and p2align callback fccf3dcef4 X509_digest_sig: Handle RSA-PSS and EDDSA certificates 09345c8cab Move trust-related decls from x509.h.in to x509_vfy.h.in 3cd4e5e73f x509.h.in: extended 'documenting' comment on X509_TRUST_OK_ANY_EKU f9ac6f6956 Improve the documentation of cert path building and validation 2576b9c31c X509_STORE_CTX_new.pod and x509_vfy.h.in: rename some params for clarity, improve their doc f1343f45d6 x509_vfy.c: Improve a couple of internally documenting comments 62d2386bf8 x509_trs.c: rename to x509_trust.c and correct comment in trust_compat() 69e0f8cca6 Fix AIX FIPS DEP. 5d43bfa7d5 BIO_write-ex(): Improve behavior in corner cases and documentation f41fd10d90 Add a gettable for provider ciphers to return the EVP_CIPH_RAND_KEY flag 5135a9bd92 Document missing EC/SM2 params 063e019738 Test EVP_CipherInit sequences and resets ff555f8136 Fix CipherInit on s390x. Build log ended with (last 100 lines): # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80B19ACB517F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80B19ACB517F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623190037 not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80B19ACB517F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80B19ACB517F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623190037 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80B19ACB517F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80B19ACB517F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623190037 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80B19ACB517F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80B19ACB517F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623190037 not ok 6 - iteration 6 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80B19ACB517F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80B19ACB517F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623190037 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80B19ACB517F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80B19ACB517F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623190037 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1623190037 not ok 1 - test_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/gosttest ../../../openssl/test/recipes/90-test_gost_data/server-cert2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-cert2012.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2012.pem => 1 not ok 1 - running gosttest # ------------------------------------------------------------------------------ # Failed test 'running gosttest' # at ../openssl/test/recipes/90-test_gost.t line 39. # Looks like you failed 1 test of 1.90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_ige.t ...................... ok 90-test_memleak.t .................. ok 90-test_includes.t ................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_srp.t ...................... ok 90-test_shlibload.t ................ ok 90-test_sslbuffers.t ............... ok # Killing mock server with pid=3410380-test_cmp_http.t ................. ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 80-test_ssl_old.t .................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13ccs.t ................. ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 91-test_pkey_check.t ............... ok 95-test_external_krb5.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 95-test_external_pyca.t ............ skipped: No external tests in this configuration 90-test_store.t .................... ok 90-test_sslapi.t ................... ok Test Summary Report ------------------- 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=236, Tests=3236, 158 wallclock secs (12.48 usr 1.32 sys + 471.61 cusr 57.74 csys = 543.15 CPU) Result: FAIL make[1]: *** [Makefile:3228: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' make: *** [Makefile:3224: tests] Error 2 From no-reply at appveyor.com Wed Jun 9 00:24:59 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 09 Jun 2021 00:24:59 +0000 Subject: Build failed: openssl master.42261 Message-ID: <20210609002459.1.814B9F7619891B6A@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 9 06:25:35 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 09 Jun 2021 06:25:35 +0000 Subject: Build failed: openssl master.42262 Message-ID: <20210609062535.1.401DCEA3F4EF2F23@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Jun 9 07:38:05 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 09 Jun 2021 07:38:05 +0000 Subject: [openssl] master update Message-ID: <1623224285.371552.5625.nullmailer@dev.openssl.org> The branch master has been updated via 1af9b646e87115e0bd4782a9326564c9bef63bda (commit) from 1355659bb83388a6ad98c730f38e94ec4e414b6b (commit) - Log ----------------------------------------------------------------- commit 1af9b646e87115e0bd4782a9326564c9bef63bda Author: Pauli Date: Tue Jun 8 13:50:38 2021 +1000 keymgmt: better detect when a key manager can be reused Fixes #14159 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15652) ----------------------------------------------------------------------- Summary of changes: crypto/evp/keymgmt_lib.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index bbca3ddef5..f3dd876cfd 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -107,8 +107,16 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) if (pk->keydata == NULL) return NULL; - /* If |keymgmt| matches the "origin" |keymgmt|, no more to do */ - if (pk->keymgmt == keymgmt) + /* + * If |keymgmt| matches the "origin" |keymgmt|, there is no more to do. + * The "origin" is determined by the |keymgmt| pointers being identical + * or when the provider and the name ID match. The latter case handles the + * situation where the fetch cache is flushed and a "new" key manager is + * created. + */ + if (pk->keymgmt == keymgmt + || (pk->keymgmt->name_id == keymgmt->name_id + && pk->keymgmt->prov == keymgmt->prov)) return pk->keydata; if (!CRYPTO_THREAD_read_lock(pk->lock)) From pauli at openssl.org Wed Jun 9 08:02:00 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 09 Jun 2021 08:02:00 +0000 Subject: [openssl] master update Message-ID: <1623225720.851685.14923.nullmailer@dev.openssl.org> The branch master has been updated via f8ab78f6c2b5faee74c3056d237d418e2f53d6a8 (commit) from 1af9b646e87115e0bd4782a9326564c9bef63bda (commit) - Log ----------------------------------------------------------------- commit f8ab78f6c2b5faee74c3056d237d418e2f53d6a8 Author: Rich Salz Date: Mon Jun 7 12:06:26 2021 -0400 Remove I_CAN_LIVE_WITH_LNK4049 Fixes #9332 Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15649) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 6 ++++++ e_os.h | 15 --------------- 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 9b5ef88342..e0423a8491 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,12 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Version of MSVC earlier than 1300 could get link warnings, which could + be suppressed if the undocumented -DI_CAN_LIVE_WITH_LNK4049 was set. + Support for this flag has been removed. + + *Rich Salz* + * Rework and make DEBUG macros consistent. Remove unused -DCONF_DEBUG, -DBN_CTX_DEBUG, and REF_PRINT. Add a new tracing category and use it for printing reference counts. Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG diff --git a/e_os.h b/e_os.h index 56ea62d06f..e1608ae55d 100644 --- a/e_os.h +++ b/e_os.h @@ -147,21 +147,6 @@ FILE *__iob_func(); # define stdin (&__iob_func()[0]) # define stdout (&__iob_func()[1]) # define stderr (&__iob_func()[2]) -# elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049) -# undef stdin -# undef stdout -# undef stderr - /* - * pre-1300 has __p__iob(), but it's available only in msvcrt.lib, - * or in other words with /MD. Declaring implicit import, i.e. with - * _imp_ prefix, works correctly with all compiler options, but - * without /MD results in LINK warning LNK4049: 'locally defined - * symbol "__iob" imported'. - */ -extern FILE *_imp___iob; -# define stdin (&_imp___iob[0]) -# define stdout (&_imp___iob[1]) -# define stderr (&_imp___iob[2]) # endif # endif # endif From dev at ddvo.net Wed Jun 9 12:03:53 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 09 Jun 2021 12:03:53 +0000 Subject: [openssl] master update Message-ID: <1623240233.416369.1336.nullmailer@dev.openssl.org> The branch master has been updated via d63053bbdfa226c85e9cec06c35283296e254a84 (commit) via ee1d1db824a68f80c4cbdcbffbd7b4026f57a4f2 (commit) from f8ab78f6c2b5faee74c3056d237d418e2f53d6a8 (commit) - Log ----------------------------------------------------------------- commit d63053bbdfa226c85e9cec06c35283296e254a84 Author: Dr. David von Oheimb Date: Mon Jun 7 11:50:43 2021 +0200 80-test_cmp_http.t: Improve the way the test server is launched and killed Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15642) commit ee1d1db824a68f80c4cbdcbffbd7b4026f57a4f2 Author: Dr. David von Oheimb Date: Mon Jun 7 11:44:23 2021 +0200 80-test_cmp_http.t: Simplify and prevent hangs on server not launching/behaving correctly Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15642) ----------------------------------------------------------------------- Summary of changes: apps/include/s_apps.h | 2 +- apps/lib/http_server.c | 2 +- apps/lib/s_socket.c | 29 +++++++++++++++-------------- test/recipes/79-test_http.t | 5 +++-- test/recipes/80-test_cmp_http.t | 35 ++++++++++++----------------------- 5 files changed, 32 insertions(+), 41 deletions(-) diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index 18dbd50d31..d610df40be 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -16,7 +16,7 @@ #define PROTOCOL "tcp" typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); -int report_server_accept(BIO *out, int asock, int with_address); +int report_server_accept(BIO *out, int asock, int with_address, int with_pid); int do_server(int *accept_sock, const char *host, const char *port, int family, int type, int protocol, do_server_cb cb, unsigned char *context, int naccept, BIO *bio_s_out); diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c index 1858d04ccb..03faac7707 100644 --- a/apps/lib/http_server.c +++ b/apps/lib/http_server.c @@ -241,7 +241,7 @@ BIO *http_server_init_bio(const char *prog, const char *port) /* Report back what address and port are used */ BIO_get_fd(acbio, &asock); - if (!report_server_accept(bio_out, asock, 1)) { + if (!report_server_accept(bio_out, asock, 1, 1)) { log_message(prog, LOG_ERR, "Error printing ACCEPT string"); goto err; } diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index fbe913e37a..36dbe615d2 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -191,9 +191,9 @@ out: return ret; } -int report_server_accept(BIO *out, int asock, int with_address) +int report_server_accept(BIO *out, int asock, int with_address, int with_pid) { - int success = 0; + int success = 1; if (BIO_printf(out, "ACCEPT") <= 0) return 0; @@ -205,22 +205,23 @@ int report_server_accept(BIO *out, int asock, int with_address) if ((info.addr = BIO_ADDR_new()) != NULL && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL - && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL - && BIO_printf(out, - strchr(hostname, ':') == NULL - ? /* IPv4 */ " %s:%s\n" - : /* IPv6 */ " [%s]:%s\n", - hostname, service) > 0) - success = 1; - else + && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL) { + success = BIO_printf(out, + strchr(hostname, ':') == NULL + ? /* IPv4 */ " %s:%s" + : /* IPv6 */ " [%s]:%s", + hostname, service) > 0; + } else { (void)BIO_printf(out, "unknown:error\n"); - + success = 0; + } OPENSSL_free(hostname); OPENSSL_free(service); BIO_ADDR_free(info.addr); - } else if (BIO_printf(out, "\n") > 0) { - success = 1; } + if (with_pid) + success = success && BIO_printf(out, " PID=%d", getpid()) > 0; + success = success && BIO_printf(out, "\n") > 0; (void)BIO_flush(out); return success; @@ -331,7 +332,7 @@ int do_server(int *accept_sock, const char *host, const char *port, BIO_ADDRINFO_free(res); res = NULL; - if (!report_server_accept(bio_s_out, asock, sock_port == 0)) { + if (!report_server_accept(bio_s_out, asock, sock_port == 0, 0)) { BIO_closesocket(asock); ERR_print_errors(bio_err); goto end; diff --git a/test/recipes/79-test_http.t b/test/recipes/79-test_http.t index b5bb74393a..939e7fc099 100644 --- a/test/recipes/79-test_http.t +++ b/test/recipes/79-test_http.t @@ -19,8 +19,9 @@ SKIP: { skip "OCSP disabled", 1 if disabled("ocsp"); my $cmd = [qw{openssl ocsp -index any -port 0}]; my @output = run(app($cmd), capture => 1); - ok($output[0] =~ /^ACCEPT (0.0.0.0|\[::\]):(\d+?)$/ && $2 >= 1024, - "HTTP server auto-selects and reports local port >= 1024"); + ok($output[0] =~ /^ACCEPT (0.0.0.0|\[::\]):(\d+?) PID=(\d+)$/ + && $2 >= 1024 && $3 > 0, + "HTTP server auto-selects and reports local port >= 1024 and pid > 0"); } ok(run(test(["http_test", srctop_file("test", "certs", "ca-cert.pem")]))); diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index 9c99226721..10f2b84c68 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -12,7 +12,7 @@ use strict; use warnings; use POSIX; -use OpenSSL::Test qw/:DEFAULT data_file data_dir srctop_dir bldtop_dir result_dir/; +use OpenSSL::Test qw/:DEFAULT cmdstr data_file data_dir srctop_dir bldtop_dir result_dir/; use OpenSSL::Test::Utils; BEGIN { @@ -266,38 +266,27 @@ sub load_tests { sub start_mock_server { my $args = $_[0]; # optional further CLI arguments - my $dir = bldtop_dir(""); - local $ENV{LD_LIBRARY_PATH} = $dir; - local $ENV{DYLD_LIBRARY_PATH} = $dir; - my $cmd = bldtop_dir($app) . " -config server.cnf $args"; + my $cmd = cmdstr(app(['openssl', 'cmp', '-config', 'server.cnf', + $args ? $args : ()]), display => 1); print "Current directory is ".getcwd()."\n"; print "Launching mock server: $cmd\n"; die "Invalid port: $server_port" unless $server_port =~ m/^\d+$/; my $pid = open($server_fh, "$cmd|") or die "Trying to $cmd"; print "Pid is: $pid\n"; if ($server_port == 0) { - # Clear it first - $server_port = undef; - # Find out the actual server port while (<$server_fh>) { - print; + print "Server output: $_"; + next if m/using section/; s/\R$//; # Better chomp - next unless (/^ACCEPT/); - - # $1 may be undefined, which is OK to assign to $server_port, - # as that gets detected further down. - /^ACCEPT\s.*:(\d+)$/; - $server_port = $1; - - last; - } - - unless (defined $server_port) { - stop_mock_server($pid); - return 0; + ($server_port, $pid) = ($1, $2) if /^ACCEPT\s.*:(\d+) PID=(\d+)$/; + last; # Do not loop further to prevent hangs on server misbehavior } } + unless ($server_port > 0) { + stop_mock_server($pid); + return 0; + } $server_tls = $kur_port = $pbm_port = $server_port; return $pid; } @@ -305,5 +294,5 @@ sub start_mock_server { sub stop_mock_server { my $pid = $_[0]; print "Killing mock server with pid=$pid\n"; - kill('QUIT', $pid) if $pid; + kill('QUIT', $pid); } From no-reply at appveyor.com Wed Jun 9 12:56:32 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 09 Jun 2021 12:56:32 +0000 Subject: Build failed: openssl master.42275 Message-ID: <20210609125632.1.F053D9A01D67A27B@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 9 14:05:06 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 09 Jun 2021 14:05:06 +0000 Subject: Build failed: openssl master.42276 Message-ID: <20210609140506.1.E30DDD706052BC89@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Wed Jun 9 14:06:53 2021 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 09 Jun 2021 14:06:53 +0000 Subject: [openssl] master update Message-ID: <1623247613.651726.7794.nullmailer@dev.openssl.org> The branch master has been updated via 320fc032b98cc452c5dc96600b16da40b155123b (commit) via 80070e478a780c0b28ffad6fae6828ef060ebe1d (commit) via 65a97b2c38c224f47e313868e01f58138d934478 (commit) from d63053bbdfa226c85e9cec06c35283296e254a84 (commit) - Log ----------------------------------------------------------------- commit 320fc032b98cc452c5dc96600b16da40b155123b Author: Dr. David von Oheimb Date: Tue Jun 8 11:54:20 2021 +0200 25-test_verify.t: Add test case: accept trusted self-signed EE cert with key usage keyCertSign also when strict Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15656) commit 80070e478a780c0b28ffad6fae6828ef060ebe1d Author: Dr. David von Oheimb Date: Tue Jun 8 11:23:34 2021 +0200 test/certs/mkcert.sh: Correct description of geneealt parameters Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15656) commit 65a97b2c38c224f47e313868e01f58138d934478 Author: Dr. David von Oheimb Date: Mon Jun 7 12:16:25 2021 +0200 25-test_verify.t: Prevent expiration of test case 'Name constraints bad othername name constraint' Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15656) ----------------------------------------------------------------------- Summary of changes: test/certs/ee-ss-with-keyCertSign.pem | 19 +++++++++++++++++++ test/certs/mkcert.sh | 4 ++-- test/recipes/25-test_verify.t | 13 ++++++++----- 3 files changed, 29 insertions(+), 7 deletions(-) create mode 100644 test/certs/ee-ss-with-keyCertSign.pem diff --git a/test/certs/ee-ss-with-keyCertSign.pem b/test/certs/ee-ss-with-keyCertSign.pem new file mode 100644 index 0000000000..a2f3bbe3b6 --- /dev/null +++ b/test/certs/ee-ss-with-keyCertSign.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEzCCAfugAwIBAgIBATANBgkqhkiG9w0BAQsFADAeMRwwGgYDVQQDDBNFRSB3 +aXRoIGtleUNlcnRTaWduMCAXDTIxMDYwODA5MzYyMFoYDzIxMjEwNjA5MDkzNjIw +WjAeMRwwGgYDVQQDDBNFRSB3aXRoIGtleUNlcnRTaWduMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVgK9R9PHN2ta7e +ky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7iILvo3LiU2IF +RU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0cQjMGeK4EOCPl +53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrSluVX+4yRZIo8 +JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj1+/Qckk+W625 +G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQABo1owWDAJBgNV +HRMEAjAAMAsGA1UdDwQEAwIChDAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfh +c6IwHwYDVR0jBBgwFoAU55viKq2KbDrLdlHljgeYIpfhc6IwDQYJKoZIhvcNAQEL +BQADggEBAJGmRJpl4aa34SRZPb02TMTYCU/ieL6wqNJ2qXHinJQtHRuvEIVVaW4c +k3u/hNftu0ZtI2Y/dxQ2tybA4qP1ICkGU6VWAMJLSH83Fvz+6WsQB69zWNAwvVtz +8BVggIEv13RdZbpn10h3lNeLejBGAzYbwLMWpsjYHSNsYC5aqpg+y7mgPyuRDjRR +N26FdQjJEe9Px92h32dK6xxTS2LCiqHlimQCq+gRP/97rZLXNoyHLC6cfGCJpsEV +fFAH44emO2ouODBrQqZRvn+SV7ubWTTeJwY/aK+Wdvu/w3mEwNNDCDqCfE6c6p9h +zAk0no0/4w1o15ua7N+j/9q4iGJxx3k= +-----END CERTIFICATE----- diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index 3b7f4e5f03..8ccf7bc6e3 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -195,11 +195,11 @@ genpc() { -set_serial 2 -days "${DAYS}" } -# Usage: $0 geneealt keyname certname eekeyname eecertname alt1 alt2 ... +# Usage: $0 geneealt keyname certname cakeyname cacertname alt1 alt2 ... # # Note: takes csr on stdin, so must be used with $0 req like this: # -# $0 req keyname dn | $0 geneealt keyname certname eekeyname eecertname alt ... +# $0 req keyname dn | $0 geneealt keyname certname cakeyname cacertname alt ... geneealt() { local key=$1; shift local cert=$1; shift diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t index 3ed408b795..269b2ba4aa 100644 --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -28,7 +28,7 @@ sub verify { run(app([@args])); } -plan tests => 156; +plan tests => 157; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -371,10 +371,11 @@ ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), #Check that we get the expected failure return code with({ exit_checker => sub { return shift == 2; } }, - sub { - ok(verify("bad-othername-namec", "", ["bad-othername-namec-inter"], [], "-partial_chain"), - "Name constraints bad othername name constraint"); - }); + sub { + ok(verify("bad-othername-namec", "", ["bad-othername-namec-inter"], [], + "-partial_chain", "-attime", "1623060000"), + "Name constraints bad othername name constraint"); + }); ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"), "Accept PSS signature using SHA1 at auth level 0"); @@ -411,6 +412,8 @@ ok(verify("root-cert-rsa2", "", ["root-cert-rsa2"], [], "-check_ss_sig"), ok(verify("ee-self-signed", "", ["ee-self-signed"], [], "-attime", "1593565200"), "accept trusted self-signed EE cert excluding key usage keyCertSign"); +ok(verify("ee-ss-with-keyCertSign", "", ["ee-ss-with-keyCertSign"], []), + "accept trusted self-signed EE cert with key usage keyCertSign also when strict"); SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 6 From levitte at openssl.org Wed Jun 9 15:02:02 2021 From: levitte at openssl.org (Richard Levitte) Date: Wed, 09 Jun 2021 15:02:02 +0000 Subject: [openssl] master update Message-ID: <1623250922.736728.10512.nullmailer@dev.openssl.org> The branch master has been updated via ef2194c4ade7b765ccf9a6e8f97d88b0fa6b223d (commit) via 8ea5a6b523bf363751e52a1fddc93f5f9b11e803 (commit) via 6a2b8ff392a304bbb106528653397b864acc53fa (commit) from 320fc032b98cc452c5dc96600b16da40b155123b (commit) - Log ----------------------------------------------------------------- commit ef2194c4ade7b765ccf9a6e8f97d88b0fa6b223d Author: Richard Levitte Date: Thu May 27 12:51:04 2021 +0200 DECODER & ENCODER: Add better tracing Now that we have functions to get the name and properties of the diverse implementations, we can as well display them for clarity. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15498) commit 8ea5a6b523bf363751e52a1fddc93f5f9b11e803 Author: Richard Levitte Date: Thu May 27 12:44:19 2021 +0200 DECODER: Adapt addition of extra decoder implementations The new PKCS#8 decoder implementation decodes from DER to DER. OSSL_DECODER_CTX_add_extra() wasn't suited for this case; we had to modify it to walk through all existing decoder implementations, and filter out those that aren't suitable. This also turns out to fix the possibility to have more than one extra decoder implementation that produces the same type of encoding, for example several different wrapper formats that all decoder into DER. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15498) commit 6a2b8ff392a304bbb106528653397b864acc53fa Author: Richard Levitte Date: Thu May 27 12:34:03 2021 +0200 Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8 This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo", which is sensible considering we already have "SubjectPublicKeyInfo". We also add "EncryptedPrivateKeyInfo", and use it for a special decoder that detects and decrypts an EncryptedPrivateKeyInfo structured DER blob into a PrivateKeyInfo structured DER blob and passes that on to the next decoder implementation. The result of this change is that PKCS#8 decryption should only happen once per decoding instead of once for every expected key type. Furthermore, this new decoder implementation sets the data type to the OID of the algorithmIdentifier field, thus reducing how many decoder implementations are tentativaly run further down the call chain. Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15498) ----------------------------------------------------------------------- Summary of changes: apps/rsa.c | 2 +- crypto/asn1/d2i_pr.c | 2 +- crypto/asn1/i2d_evp.c | 2 +- crypto/encode_decode/decoder_lib.c | 228 ++++++++++++++------- crypto/encode_decode/decoder_meth.c | 7 +- crypto/encode_decode/decoder_pkey.c | 13 ++ crypto/encode_decode/encoder_lib.c | 10 +- crypto/encode_decode/encoder_local.h | 3 +- crypto/encode_decode/encoder_meth.c | 7 +- crypto/evp/evp_pkey.c | 6 +- crypto/pem/pem_local.h | 2 +- crypto/pem/pem_pk8.c | 2 +- doc/man3/OSSL_ENCODER_to_bio.pod | 4 +- doc/man7/openssl-glossary.pod | 10 +- providers/decoders.inc | 31 +-- providers/encoders.inc | 48 ++--- providers/implementations/encode_decode/build.info | 2 +- .../implementations/encode_decode/decode_der2key.c | 89 +++----- .../encode_decode/decode_epki2pki.c | 153 ++++++++++++++ .../implementations/encode_decode/decode_pem2der.c | 4 +- .../implementations/encode_decode/encode_key2any.c | 228 ++++++++++++++------- .../implementations/include/prov/implementations.h | 67 +++--- test/endecode_test.c | 10 +- test/evp_pkey_provided_test.c | 4 +- 24 files changed, 619 insertions(+), 315 deletions(-) create mode 100644 providers/implementations/encode_decode/decode_epki2pki.c diff --git a/apps/rsa.c b/apps/rsa.c index c4f65cac10..3e9d320ea3 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -322,7 +322,7 @@ int rsa_main(int argc, char **argv) if (traditional) output_structure = "pkcs1"; /* "type-specific" would work too */ else - output_structure = "pkcs8"; + output_structure = "PrivateKeyInfo"; } } diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 3b28460d4b..720b7fd6c0 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -32,7 +32,7 @@ d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp, EVP_PKEY *pkey = NULL, *bak_a = NULL; EVP_PKEY **ppkey = &pkey; const char *key_name = NULL; - const char *input_structures[] = { "type-specific", "pkcs8", NULL }; + const char *input_structures[] = { "type-specific", "PrivateKeyInfo", NULL }; int i, ret; if (keytype != EVP_PKEY_NONE) { diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c index e1d5b7c7c4..8b36388263 100644 --- a/crypto/asn1/i2d_evp.c +++ b/crypto/asn1/i2d_evp.c @@ -97,7 +97,7 @@ int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp) if (evp_pkey_is_provided(a)) { static const struct type_and_structure_st output_info[] = { { "DER", "type-specific" }, - { "DER", "pkcs8" }, + { "DER", "PrivateKeyInfo" }, { NULL, } }; diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c index bf9b17f754..eb90a9eaf5 100644 --- a/crypto/encode_decode/decoder_lib.c +++ b/crypto/encode_decode/decoder_lib.c @@ -288,11 +288,11 @@ int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, if (ok) { OSSL_TRACE_BEGIN(DECODER) { BIO_printf(trc_out, - "(ctx %p) Added decoder instance %p (decoder %p) with:\n", - (void *)ctx, (void *)di, (void *)di->decoder); - BIO_printf(trc_out, - " input type: %s, input structure: %s\n", - di->input_type, di->input_structure); + "(ctx %p) Added decoder instance %p for decoder %p\n" + " %s with %s\n", + (void *)ctx, (void *)di, (void *)di->decoder, + OSSL_DECODER_get0_name(di->decoder), + OSSL_DECODER_get0_properties(di->decoder)); } OSSL_TRACE_END(DECODER); } return ok; @@ -331,6 +331,105 @@ int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder) return 0; } +struct collect_extra_decoder_data_st { + OSSL_DECODER_CTX *ctx; + const char *output_type; + /* + * 0 to check that the decoder's input type is the same as the decoder name + * 1 to check that the decoder's input type differs from the decoder name + */ + enum { IS_SAME = 0, IS_DIFFERENT = 1 } type_check; + size_t w_prev_start, w_prev_end; /* "previous" decoders */ + size_t w_new_start, w_new_end; /* "new" decoders */ +}; + +static void collect_extra_decoder(OSSL_DECODER *decoder, void *arg) +{ + struct collect_extra_decoder_data_st *data = arg; + size_t j; + const OSSL_PROVIDER *prov = OSSL_DECODER_get0_provider(decoder); + void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov); + + if (OSSL_DECODER_is_a(decoder, data->output_type)) { + void *decoderctx = NULL; + OSSL_DECODER_INSTANCE *di = NULL; + + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + "(ctx %p) [%d] Checking out decoder %p:\n" + " %s with %s\n", + (void *)data->ctx, data->type_check, (void *)decoder, + OSSL_DECODER_get0_name(decoder), + OSSL_DECODER_get0_properties(decoder)); + } OSSL_TRACE_END(DECODER); + + /* + * Check that we don't already have this decoder in our stack, + * starting with the previous windows but also looking at what + * we have added in the current window. + */ + for (j = data->w_prev_start; j < data->w_new_end; j++) { + OSSL_DECODER_INSTANCE *check_inst = + sk_OSSL_DECODER_INSTANCE_value(data->ctx->decoder_insts, j); + + if (decoder->base.algodef == check_inst->decoder->base.algodef) { + /* We found it, so don't do anything more */ + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + " REJECTED: already exists in the chain\n"); + } OSSL_TRACE_END(DECODER); + return; + } + } + + if ((decoderctx = decoder->newctx(provctx)) == NULL) + return; + + if ((di = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) { + decoder->freectx(decoderctx); + return; + } + + switch (data->type_check) { + case IS_SAME: + /* If it differs, this is not a decoder to add for now. */ + if (!OSSL_DECODER_is_a(decoder, + OSSL_DECODER_INSTANCE_get_input_type(di))) { + ossl_decoder_instance_free(di); + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + " REJECTED: input type doesn't match output type\n"); + } OSSL_TRACE_END(DECODER); + return; + } + break; + case IS_DIFFERENT: + /* If it's the same, this is not a decoder to add for now. */ + if (OSSL_DECODER_is_a(decoder, + OSSL_DECODER_INSTANCE_get_input_type(di))) { + ossl_decoder_instance_free(di); + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + " REJECTED: input type matches output type\n"); + } OSSL_TRACE_END(DECODER); + return; + } + break; + } + + /* + * Apart from keeping w_new_end up to date, We don't care about + * errors here. If it doesn't collect, then it doesn't... + */ + if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) { + ossl_decoder_instance_free(di); + return; + } + + data->w_new_end++; + } +} + int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, OSSL_LIB_CTX *libctx, const char *propq) { @@ -357,10 +456,9 @@ int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, * +----------------+ * <--- w_new_end */ - size_t w_prev_start, w_prev_end; /* "previous" decoders */ - size_t w_new_start, w_new_end; /* "new" decoders */ - size_t count = 0; /* Calculates how many were added in each iteration */ + struct collect_extra_decoder_data_st data; size_t depth = 0; /* Counts the number of iterations */ + size_t count; /* Calculates how many were added in each iteration */ if (!ossl_assert(ctx != NULL)) { ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); @@ -374,71 +472,48 @@ int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, if (ctx->decoder_insts == NULL) return 1; - w_prev_start = 0; - w_prev_end = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts); + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, "(ctx %p) Looking for extra decoders\n", + (void *)ctx); + } OSSL_TRACE_END(DECODER); + + memset(&data, 0, sizeof(data)); + data.ctx = ctx; + data.w_prev_start = 0; + data.w_prev_end = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts); do { size_t i; - w_new_start = w_new_end = w_prev_end; - - for (i = w_prev_start; i < w_prev_end; i++) { - OSSL_DECODER_INSTANCE *decoder_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); - const char *input_type = - OSSL_DECODER_INSTANCE_get_input_type(decoder_inst); - OSSL_DECODER *decoder = NULL; - - /* - * If the caller has specified what the initial input should be, - * and the decoder implementation we're looking at has that - * input type, there's no point adding on more implementations - * on top of this one, so we don't. - */ - if (ctx->start_input_type != NULL - && strcasecmp(ctx->start_input_type, input_type) == 0) - continue; - - ERR_set_mark(); - decoder = OSSL_DECODER_fetch(libctx, input_type, propq); - ERR_pop_to_mark(); - - if (decoder != NULL) { - size_t j; - - /* - * Check that we don't already have this decoder in our - * stack We only need to check among the newly added ones. - */ - for (j = w_new_start; j < w_new_end; j++) { - OSSL_DECODER_INSTANCE *check_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, j); - - if (decoder == check_inst->decoder) { - /* We found it, so drop the new fetch */ - OSSL_DECODER_free(decoder); - decoder = NULL; - break; - } - } - } + data.w_new_start = data.w_new_end = data.w_prev_end; + + /* + * Two iterations: + * 0. All decoders that have the same name as their input type. + * This allows for decoders that unwrap some data in a specific + * encoding, and pass the result on with the same encoding. + * 1. All decoders that a different name than their input type. + */ + for (data.type_check = IS_SAME; + data.type_check <= IS_DIFFERENT; + data.type_check++) { + for (i = data.w_prev_start; i < data.w_prev_end; i++) { + OSSL_DECODER_INSTANCE *decoder_inst = + sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); + + data.output_type + = OSSL_DECODER_INSTANCE_get_input_type(decoder_inst); - if (decoder == NULL) - continue; - /* - * Apart from keeping w_new_end up to date, We don't care about - * errors here. If it doesn't collect, then it doesn't... - */ - if (OSSL_DECODER_CTX_add_decoder(ctx, decoder)) /* ref++ */ - w_new_end++; - OSSL_DECODER_free(decoder); /* ref-- */ + OSSL_DECODER_do_all_provided(libctx, + collect_extra_decoder, &data); + } } /* How many were added in this iteration */ - count = w_new_end - w_new_start; + count = data.w_new_end - data.w_new_start; /* Slide the "previous decoder" windows */ - w_prev_start = w_new_start; - w_prev_end = w_new_end; + data.w_prev_start = data.w_new_start; + data.w_prev_end = data.w_new_end; depth++; } while (count != 0 && depth <= 10); @@ -619,7 +694,21 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) data->flag_construct_called = 0; if (ctx->construct != NULL) { - int rv = ctx->construct(decoder_inst, params, ctx->construct_data); + int rv; + + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + "(ctx %p) %s Running constructor\n", + (void *)new_data.ctx, LEVEL); + } OSSL_TRACE_END(DECODER); + + rv = ctx->construct(decoder_inst, params, ctx->construct_data); + + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + "(ctx %p) %s Running constructor => %d\n", + (void *)new_data.ctx, LEVEL, rv); + } OSSL_TRACE_END(DECODER); data->flag_construct_called = 1; ok = (rv > 0); @@ -715,11 +804,12 @@ static int decoder_process(const OSSL_PARAM params[], void *arg) OSSL_TRACE_BEGIN(DECODER) { BIO_printf(trc_out, - "(ctx %p) %s [%u] Considering decoder instance %p, which has:\n" - " input type: %s, input structure: %s, decoder: %p\n", + "(ctx %p) %s [%u] Considering decoder instance %p (decoder %p):\n" + " %s with %s\n", (void *)new_data.ctx, LEVEL, (unsigned int)i, - (void *)new_decoder_inst, new_input_type, - new_input_structure, (void *)new_decoder); + (void *)new_decoder_inst, (void *)new_decoder, + OSSL_DECODER_get0_name(new_decoder), + OSSL_DECODER_get0_properties(new_decoder)); } OSSL_TRACE_END(DECODER); /* diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c index e203c5fe66..2177e539ef 100644 --- a/crypto/encode_decode/decoder_meth.c +++ b/crypto/encode_decode/decoder_meth.c @@ -176,8 +176,7 @@ void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, OSSL_DECODER_free(decoder); return NULL; } - decoder->base.propdef = algodef->property_definition; - decoder->base.description = algodef->algorithm_description; + decoder->base.algodef = algodef; decoder->base.parsed_propdef = ossl_parse_property(libctx, algodef->property_definition); @@ -422,7 +421,7 @@ const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder) return 0; } - return decoder->base.propdef; + return decoder->base.algodef->property_definition; } const OSSL_PROPERTY_LIST * @@ -453,7 +452,7 @@ const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder) const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder) { - return decoder->base.description; + return decoder->base.algodef->algorithm_description; } int OSSL_DECODER_is_a(const OSSL_DECODER *decoder, const char *name) diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c index c9ccb2200a..cdd9841ea9 100644 --- a/crypto/encode_decode/decoder_pkey.c +++ b/crypto/encode_decode/decoder_pkey.c @@ -265,7 +265,20 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg) return; } + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + "(ctx %p) Checking out decoder %p:\n" + " %s with %s\n", + (void *)data->ctx, (void *)decoder, + OSSL_DECODER_get0_name(decoder), + OSSL_DECODER_get0_properties(decoder)); + } OSSL_TRACE_END(DECODER); + if (!decoder_check_input_structure(data->ctx, di)) { + OSSL_TRACE_BEGIN(DECODER) { + BIO_printf(trc_out, + " REJECTED: not the desired input structure\n"); + } OSSL_TRACE_END(DECODER); ossl_decoder_instance_free(di); /* Not a fatal error. Just return */ return; diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c index cb47e8bc71..6c20fbb3d1 100644 --- a/crypto/encode_decode/encoder_lib.c +++ b/crypto/encode_decode/encoder_lib.c @@ -265,11 +265,11 @@ static int ossl_encoder_ctx_add_encoder_inst(OSSL_ENCODER_CTX *ctx, if (ok) { OSSL_TRACE_BEGIN(ENCODER) { BIO_printf(trc_out, - "(ctx %p) Added encoder instance %p (encoder %p) with:\n", - (void *)ctx, (void *)ei, (void *)ei->encoder); - BIO_printf(trc_out, - " output type: %s, output structure: %s\n", - ei->output_type, ei->output_structure); + "(ctx %p) Added encoder instance %p (encoder %p):\n" + " %s with %s\n", + (void *)ctx, (void *)ei, (void *)ei->encoder, + OSSL_ENCODER_get0_name(ei->encoder), + OSSL_ENCODER_get0_properties(ei->encoder)); } OSSL_TRACE_END(ENCODER); } return ok; diff --git a/crypto/encode_decode/encoder_local.h b/crypto/encode_decode/encoder_local.h index a0b10dcd5e..c1885ffc77 100644 --- a/crypto/encode_decode/encoder_local.h +++ b/crypto/encode_decode/encoder_local.h @@ -21,8 +21,7 @@ struct ossl_endecode_base_st { OSSL_PROVIDER *prov; int id; char *name; - const char *propdef; - const char *description; + const OSSL_ALGORITHM *algodef; OSSL_PROPERTY_LIST *parsed_propdef; CRYPTO_REF_COUNT refcnt; diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c index d50f1dcd0b..5e57848054 100644 --- a/crypto/encode_decode/encoder_meth.c +++ b/crypto/encode_decode/encoder_meth.c @@ -176,8 +176,7 @@ static void *encoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, OSSL_ENCODER_free(encoder); return NULL; } - encoder->base.propdef = algodef->property_definition; - encoder->base.description = algodef->algorithm_description; + encoder->base.algodef = algodef; encoder->base.parsed_propdef = ossl_parse_property(libctx, algodef->property_definition); @@ -432,7 +431,7 @@ const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder) return 0; } - return encoder->base.propdef; + return encoder->base.algodef->property_definition; } const OSSL_PROPERTY_LIST * @@ -463,7 +462,7 @@ const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *encoder) const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *encoder) { - return encoder->base.description; + return encoder->base.algodef->algorithm_description; } int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name) diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 420b69399a..683f4bec54 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -79,8 +79,8 @@ EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, p8_data = encoded_data; len = encoded_len; - dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "pkcs8", EVP_PKEY_NONE, - 0, libctx, propq); + dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "PrivateKeyInfo", + EVP_PKEY_NONE, 0, libctx, propq); if (dctx == NULL || !OSSL_DECODER_from_data(dctx, &p8_data, &len)) /* try legacy */ @@ -115,7 +115,7 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey) const unsigned char *pp; if ((ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, - "DER", "pkcs8", + "DER", "PrivateKeyInfo", NULL)) == NULL || !OSSL_ENCODER_to_data(ctx, &der, &derlen)) goto error; diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h index a84ca80be1..5cc1c76fdb 100644 --- a/crypto/pem/pem_local.h +++ b/crypto/pem/pem_local.h @@ -31,7 +31,7 @@ * Properties, named according to the ASN.1 names used throughout libcrypto. */ # define PEM_STRUCTURE_PUBKEY "SubjectPublicKeyInfo" -# define PEM_STRUCTURE_PrivateKey "pkcs8" +# define PEM_STRUCTURE_PrivateKey "PrivateKeyInfo" # define PEM_STRUCTURE_Parameters "type-specific" # define PEM_STRUCTURE_RSAPrivateKey "type-specific" diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index ab86448db9..4742f02fef 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -74,7 +74,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid, const char *outtype = isder ? "DER" : "PEM"; OSSL_ENCODER_CTX *ctx = OSSL_ENCODER_CTX_new_for_pkey(x, OSSL_KEYMGMT_SELECT_ALL, - outtype, "pkcs8", propq); + outtype, "PrivateKeyInfo", propq); if (ctx == NULL) return 0; diff --git a/doc/man3/OSSL_ENCODER_to_bio.pod b/doc/man3/OSSL_ENCODER_to_bio.pod index 315f0a5122..365c74ad05 100644 --- a/doc/man3/OSSL_ENCODER_to_bio.pod +++ b/doc/man3/OSSL_ENCODER_to_bio.pod @@ -61,7 +61,7 @@ To encode a pkey as PKCS#8 with PEM format into a bio: OSSL_ENCODER_CTX *ectx; const char *format = "PEM"; - const char *structure = "pkcs8"; /* PKCS#8 structure */ + const char *structure = "PrivateKeyInfo"; /* PKCS#8 structure */ const unsigned char *pass = "my password"; ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, @@ -86,7 +86,7 @@ AES-256-CBC into a buffer: OSSL_ENCODER_CTX *ectx; const char *format = "DER"; - const char *structure = "pkcs8"; /* PKCS#8 structure */ + const char *structure = "PrivateKeyInfo"; /* PKCS#8 structure */ const unsigned char *pass = "my password"; unsigned char *data = NULL; size_t datalen; diff --git a/doc/man7/openssl-glossary.pod b/doc/man7/openssl-glossary.pod index fad11e5695..16ff2f3176 100644 --- a/doc/man7/openssl-glossary.pod +++ b/doc/man7/openssl-glossary.pod @@ -158,11 +158,13 @@ This is defined in IETF RFC 1421: L -=item PKCS#8 (also known as "pkcs8" in some parts of OpenSSL) +=item PKCS#8 -PKCS#8 is a specification of an ASN.1 structure that OpenSSL uses for -storing or transmitting any private key in a key type agnostic manner, and -has both an unencrypted and an encrypted form. +PKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing +or transmitting any private key in a key type agnostic manner. +There are two structures worth noting for OpenSSL use, one that contains the +key data in unencrypted form (known as "PrivateKeyInfo") and an encrypted +wrapper structure (known as "EncryptedPrivateKeyInfo"). This is specified in RFC 5208: diff --git a/providers/decoders.inc b/providers/decoders.inc index a92abe03e2..02b2b32c3f 100644 --- a/providers/decoders.inc +++ b/providers/decoders.inc @@ -15,7 +15,8 @@ #define DECODER_STRUCTURE_type_specific_params "type-specific" #define DECODER_STRUCTURE_type_specific "type-specific" #define DECODER_STRUCTURE_type_specific_no_pub "type-specific" -#define DECODER_STRUCTURE_PKCS8 "pkcs8" +#define DECODER_STRUCTURE_EncryptedPrivateKeyInfo "EncryptedPrivateKeyInfo" +#define DECODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" #define DECODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" #define DECODER_STRUCTURE_DH "dh" #define DECODER_STRUCTURE_DHX "dhx" @@ -35,17 +36,17 @@ (ossl_##_structure##_##_input##_to_##_output##_decoder_functions) } #ifndef OPENSSL_NO_DH -DECODER_w_structure("DH", der, PKCS8, dh, yes), +DECODER_w_structure("DH", der, PrivateKeyInfo, dh, yes), DECODER_w_structure("DH", der, SubjectPublicKeyInfo, dh, yes), DECODER_w_structure("DH", der, type_specific_params, dh, yes), DECODER_w_structure("DH", der, DH, dh, yes), -DECODER_w_structure("DHX", der, PKCS8, dhx, yes), +DECODER_w_structure("DHX", der, PrivateKeyInfo, dhx, yes), DECODER_w_structure("DHX", der, SubjectPublicKeyInfo, dhx, yes), DECODER_w_structure("DHX", der, type_specific_params, dhx, yes), DECODER_w_structure("DHX", der, DHX, dhx, yes), #endif #ifndef OPENSSL_NO_DSA -DECODER_w_structure("DSA", der, PKCS8, dsa, yes), +DECODER_w_structure("DSA", der, PrivateKeyInfo, dsa, yes), DECODER_w_structure("DSA", der, SubjectPublicKeyInfo, dsa, yes), DECODER_w_structure("DSA", der, type_specific, dsa, yes), DECODER_w_structure("DSA", der, DSA, dsa, yes), @@ -53,30 +54,36 @@ DECODER("DSA", msblob, dsa, yes), DECODER("DSA", pvk, dsa, yes), #endif #ifndef OPENSSL_NO_EC -DECODER_w_structure("EC", der, PKCS8, ec, yes), +DECODER_w_structure("EC", der, PrivateKeyInfo, ec, yes), DECODER_w_structure("EC", der, SubjectPublicKeyInfo, ec, yes), DECODER_w_structure("EC", der, type_specific_no_pub, ec, yes), DECODER_w_structure("EC", der, EC, ec, yes), -DECODER_w_structure("ED25519", der, PKCS8, ed25519, yes), +DECODER_w_structure("ED25519", der, PrivateKeyInfo, ed25519, yes), DECODER_w_structure("ED25519", der, SubjectPublicKeyInfo, ed25519, yes), -DECODER_w_structure("ED448", der, PKCS8, ed448, yes), +DECODER_w_structure("ED448", der, PrivateKeyInfo, ed448, yes), DECODER_w_structure("ED448", der, SubjectPublicKeyInfo, ed448, yes), -DECODER_w_structure("X25519", der, PKCS8, x25519, yes), +DECODER_w_structure("X25519", der, PrivateKeyInfo, x25519, yes), DECODER_w_structure("X25519", der, SubjectPublicKeyInfo, x25519, yes), -DECODER_w_structure("X448", der, PKCS8, x448, yes), +DECODER_w_structure("X448", der, PrivateKeyInfo, x448, yes), DECODER_w_structure("X448", der, SubjectPublicKeyInfo, x448, yes), # ifndef OPENSSL_NO_SM2 -DECODER_w_structure("SM2", der, PKCS8, sm2, yes), +DECODER_w_structure("SM2", der, PrivateKeyInfo, sm2, yes), DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, yes), # endif #endif -DECODER_w_structure("RSA", der, PKCS8, rsa, yes), +DECODER_w_structure("RSA", der, PrivateKeyInfo, rsa, yes), DECODER_w_structure("RSA", der, SubjectPublicKeyInfo, rsa, yes), DECODER_w_structure("RSA", der, type_specific_keypair, rsa, yes), DECODER_w_structure("RSA", der, RSA, rsa, yes), -DECODER_w_structure("RSA-PSS", der, PKCS8, rsapss, yes), +DECODER_w_structure("RSA-PSS", der, PrivateKeyInfo, rsapss, yes), DECODER_w_structure("RSA-PSS", der, SubjectPublicKeyInfo, rsapss, yes), DECODER("RSA", msblob, rsa, yes), DECODER("RSA", pvk, rsa, yes), DECODER("DER", pem, der, yes), +/* + * A decoder that recognises PKCS#8 EncryptedPrivateKeyInfo structure + * and decrypts it, passing on the unencrypted PrivateKeyInfo in DER + * form to the next decoder. + */ +DECODER_w_structure("DER", der, EncryptedPrivateKeyInfo, der, yes), diff --git a/providers/encoders.inc b/providers/encoders.inc index 71f4f13848..a1034f45de 100644 --- a/providers/encoders.inc +++ b/providers/encoders.inc @@ -15,7 +15,7 @@ #define ENCODER_STRUCTURE_type_specific_params "type-specific" #define ENCODER_STRUCTURE_type_specific "type-specific" #define ENCODER_STRUCTURE_type_specific_no_pub "type-specific" -#define ENCODER_STRUCTURE_PKCS8 "pkcs8" +#define ENCODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" #define ENCODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" #define ENCODER_STRUCTURE_DH "dh" #define ENCODER_STRUCTURE_DHX "dhx" @@ -127,70 +127,70 @@ ENCODER("DSA", dsa, yes, pvk), #endif /* - * Entries for PKCS#8 and SubjectPublicKeyInfo. + * Entries for PKCS#8 (PrivateKeyInfo) and SubjectPublicKeyInfo. * The "der" ones are added convenience for any user that wants to use * OSSL_ENCODER directly. * The "pem" ones also support PEM_write_bio_PrivateKey() and * PEM_write_bio_PUBKEY(). */ -ENCODER_w_structure("RSA", rsa, yes, der, PKCS8), -ENCODER_w_structure("RSA", rsa, yes, pem, PKCS8), +ENCODER_w_structure("RSA", rsa, yes, der, PrivateKeyInfo), +ENCODER_w_structure("RSA", rsa, yes, pem, PrivateKeyInfo), ENCODER_w_structure("RSA", rsa, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("RSA", rsa, yes, pem, SubjectPublicKeyInfo), -ENCODER_w_structure("RSA-PSS", rsapss, yes, der, PKCS8), -ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, PKCS8), +ENCODER_w_structure("RSA-PSS", rsapss, yes, der, PrivateKeyInfo), +ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, PrivateKeyInfo), ENCODER_w_structure("RSA-PSS", rsapss, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, SubjectPublicKeyInfo), #ifndef OPENSSL_NO_DH -ENCODER_w_structure("DH", dh, yes, der, PKCS8), -ENCODER_w_structure("DH", dh, yes, pem, PKCS8), +ENCODER_w_structure("DH", dh, yes, der, PrivateKeyInfo), +ENCODER_w_structure("DH", dh, yes, pem, PrivateKeyInfo), ENCODER_w_structure("DH", dh, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("DH", dh, yes, pem, SubjectPublicKeyInfo), -ENCODER_w_structure("DHX", dhx, yes, der, PKCS8), -ENCODER_w_structure("DHX", dhx, yes, pem, PKCS8), +ENCODER_w_structure("DHX", dhx, yes, der, PrivateKeyInfo), +ENCODER_w_structure("DHX", dhx, yes, pem, PrivateKeyInfo), ENCODER_w_structure("DHX", dhx, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("DHX", dhx, yes, pem, SubjectPublicKeyInfo), #endif #ifndef OPENSSL_NO_DSA -ENCODER_w_structure("DSA", dsa, yes, der, PKCS8), -ENCODER_w_structure("DSA", dsa, yes, pem, PKCS8), +ENCODER_w_structure("DSA", dsa, yes, der, PrivateKeyInfo), +ENCODER_w_structure("DSA", dsa, yes, pem, PrivateKeyInfo), ENCODER_w_structure("DSA", dsa, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("DSA", dsa, yes, pem, SubjectPublicKeyInfo), #endif #ifndef OPENSSL_NO_EC -ENCODER_w_structure("EC", ec, yes, der, PKCS8), -ENCODER_w_structure("EC", ec, yes, pem, PKCS8), +ENCODER_w_structure("EC", ec, yes, der, PrivateKeyInfo), +ENCODER_w_structure("EC", ec, yes, pem, PrivateKeyInfo), ENCODER_w_structure("EC", ec, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("EC", ec, yes, pem, SubjectPublicKeyInfo), -ENCODER_w_structure("X25519", x25519, yes, der, PKCS8), -ENCODER_w_structure("X25519", x25519, yes, pem, PKCS8), +ENCODER_w_structure("X25519", x25519, yes, der, PrivateKeyInfo), +ENCODER_w_structure("X25519", x25519, yes, pem, PrivateKeyInfo), ENCODER_w_structure("X25519", x25519, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("X25519", x25519, yes, pem, SubjectPublicKeyInfo), -ENCODER_w_structure("X448", x448, yes, der, PKCS8), -ENCODER_w_structure("X448", x448, yes, pem, PKCS8), +ENCODER_w_structure("X448", x448, yes, der, PrivateKeyInfo), +ENCODER_w_structure("X448", x448, yes, pem, PrivateKeyInfo), ENCODER_w_structure("X448", x448, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("X448", x448, yes, pem, SubjectPublicKeyInfo), -ENCODER_w_structure("ED25519", ed25519, yes, der, PKCS8), -ENCODER_w_structure("ED25519", ed25519, yes, pem, PKCS8), +ENCODER_w_structure("ED25519", ed25519, yes, der, PrivateKeyInfo), +ENCODER_w_structure("ED25519", ed25519, yes, pem, PrivateKeyInfo), ENCODER_w_structure("ED25519", ed25519, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("ED25519", ed25519, yes, pem, SubjectPublicKeyInfo), -ENCODER_w_structure("ED448", ed448, yes, der, PKCS8), -ENCODER_w_structure("ED448", ed448, yes, pem, PKCS8), +ENCODER_w_structure("ED448", ed448, yes, der, PrivateKeyInfo), +ENCODER_w_structure("ED448", ed448, yes, pem, PrivateKeyInfo), ENCODER_w_structure("ED448", ed448, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("ED448", ed448, yes, pem, SubjectPublicKeyInfo), # ifndef OPENSSL_NO_SM2 -ENCODER_w_structure("SM2", sm2, yes, der, PKCS8), -ENCODER_w_structure("SM2", sm2, yes, pem, PKCS8), +ENCODER_w_structure("SM2", sm2, yes, der, PrivateKeyInfo), +ENCODER_w_structure("SM2", sm2, yes, pem, PrivateKeyInfo), ENCODER_w_structure("SM2", sm2, yes, der, SubjectPublicKeyInfo), ENCODER_w_structure("SM2", sm2, yes, pem, SubjectPublicKeyInfo), # endif diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info index 537d393261..22f11cbceb 100644 --- a/providers/implementations/encode_decode/build.info +++ b/providers/implementations/encode_decode/build.info @@ -6,7 +6,7 @@ $DECODER_GOAL=../../libdefault.a SOURCE[$ENCODER_GOAL]=endecoder_common.c -SOURCE[$DECODER_GOAL]=decode_der2key.c decode_pem2der.c \ +SOURCE[$DECODER_GOAL]=decode_der2key.c decode_epki2pki.c decode_pem2der.c \ decode_msblob2key.c decode_pvk2key.c SOURCE[$ENCODER_GOAL]=encode_key2any.c encode_key2text.c encode_key2ms.c diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 22ee075b19..7de44ed75d 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -41,8 +41,7 @@ typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); typedef void free_key_fn(void *); typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, - struct der2key_ctx_st *, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg); + struct der2key_ctx_st *); struct keytype_desc_st { const char *keytype_name; const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ @@ -65,7 +64,7 @@ struct keytype_desc_st { d2i_of_void *d2i_private_key; /* From type-specific DER */ d2i_of_void *d2i_public_key; /* From type-specific DER */ d2i_of_void *d2i_key_params; /* From type-specific DER */ - d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PKCS#8, possibly encrypted */ + d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ /* @@ -114,36 +113,13 @@ typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq); static void *der2key_decode_p8(const unsigned char **input_der, long input_der_len, struct der2key_ctx_st *ctx, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg, key_from_pkcs8_t *key_from_pkcs8) { - X509_SIG *p8 = NULL; PKCS8_PRIV_KEY_INFO *p8inf = NULL; const X509_ALGOR *alg = NULL; void *key = NULL; - ctx->flag_fatal = 0; - - ERR_set_mark(); - if ((p8 = d2i_X509_SIG(NULL, input_der, input_der_len)) != NULL) { - char pbuf[PEM_BUFSIZE]; - size_t plen = 0; - - ERR_clear_last_mark(); - - if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) - ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); - else - p8inf = PKCS8_decrypt_ex(p8, pbuf, plen, PROV_LIBCTX_OF(ctx->provctx), NULL); - if (p8inf == NULL) - ctx->flag_fatal = 1; - X509_SIG_free(p8); - } else { - /* Pop any errors that might have been raised by d2i_X509_SIG. */ - ERR_pop_to_mark(); - p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len); - } - if (p8inf != NULL + if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL); @@ -247,8 +223,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { derp = der; if (ctx->desc->d2i_PKCS8 != NULL) { - key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx, - pw_cb, pw_cbarg); + key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); if (ctx->flag_fatal) goto end; } else if (ctx->desc->d2i_private_key != NULL) { @@ -360,10 +335,9 @@ static int der2key_export_object(void *vctx, # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + struct der2key_ctx_st *ctx) { - return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg, + return der2key_decode_p8(der, der_len, ctx, (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8); } @@ -396,10 +370,9 @@ static void dh_adjust(void *key, struct der2key_ctx_st *ctx) # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + struct der2key_ctx_st *ctx) { - return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg, + return der2key_decode_p8(der, der_len, ctx, (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8); } @@ -422,10 +395,9 @@ static void dsa_adjust(void *key, struct der2key_ctx_st *ctx) # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + struct der2key_ctx_st *ctx) { - return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg, + return der2key_decode_p8(der, der_len, ctx, (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); } @@ -452,10 +424,9 @@ static void ec_adjust(void *key, struct der2key_ctx_st *ctx) */ static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + struct der2key_ctx_st *ctx) { - return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg, + return der2key_decode_p8(der, der_len, ctx, (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8); } @@ -511,10 +482,9 @@ static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx) # define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + struct der2key_ctx_st *ctx) { - return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg, + return der2key_decode_p8(der, der_len, ctx, (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); } @@ -533,10 +503,9 @@ static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len, #define rsa_d2i_key_params NULL static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, - struct der2key_ctx_st *ctx, - OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) + struct der2key_ctx_st *ctx) { - return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg, + return der2key_decode_p8(der, der_len, ctx, (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8); } @@ -650,8 +619,8 @@ static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) keytype##_adjust, \ keytype##_free -#define DO_PKCS8(keytype) \ - "pkcs8", keytype##_evp_type, \ +#define DO_PrivateKeyInfo(keytype) \ + "PrivateKeyInfo", keytype##_evp_type, \ ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ NULL, \ NULL, \ @@ -785,42 +754,42 @@ static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) } #ifndef OPENSSL_NO_DH -MAKE_DECODER("DH", dh, dh, PKCS8); +MAKE_DECODER("DH", dh, dh, PrivateKeyInfo); MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo); MAKE_DECODER("DH", dh, dh, type_specific_params); MAKE_DECODER("DH", dh, dh, DH); -MAKE_DECODER("DHX", dhx, dhx, PKCS8); +MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo); MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo); MAKE_DECODER("DHX", dhx, dhx, type_specific_params); MAKE_DECODER("DHX", dhx, dhx, DHX); #endif #ifndef OPENSSL_NO_DSA -MAKE_DECODER("DSA", dsa, dsa, PKCS8); +MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo); MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo); MAKE_DECODER("DSA", dsa, dsa, type_specific); MAKE_DECODER("DSA", dsa, dsa, DSA); #endif #ifndef OPENSSL_NO_EC -MAKE_DECODER("EC", ec, ec, PKCS8); +MAKE_DECODER("EC", ec, ec, PrivateKeyInfo); MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo); MAKE_DECODER("EC", ec, ec, type_specific_no_pub); MAKE_DECODER("EC", ec, ec, EC); -MAKE_DECODER("X25519", x25519, ecx, PKCS8); +MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo); MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo); -MAKE_DECODER("X448", x448, ecx, PKCS8); +MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo); MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo); -MAKE_DECODER("ED25519", ed25519, ecx, PKCS8); +MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo); MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo); -MAKE_DECODER("ED448", ed448, ecx, PKCS8); +MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo); MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo); # ifndef OPENSSL_NO_SM2 -MAKE_DECODER("SM2", sm2, ec, PKCS8); +MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo); MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo); # endif #endif -MAKE_DECODER("RSA", rsa, rsa, PKCS8); +MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo); MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo); MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair); MAKE_DECODER("RSA", rsa, rsa, RSA); -MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8); +MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo); MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo); diff --git a/providers/implementations/encode_decode/decode_epki2pki.c b/providers/implementations/encode_decode/decode_epki2pki.c new file mode 100644 index 0000000000..c0d014aef1 --- /dev/null +++ b/providers/implementations/encode_decode/decode_epki2pki.c @@ -0,0 +1,153 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "internal/asn1.h" +#include "internal/sizes.h" +#include "prov/bio.h" +#include "prov/implementations.h" +#include "endecoder_local.h" + +static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx; +static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx; +static OSSL_FUNC_decoder_decode_fn epki2pki_decode; + +/* + * Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding. + */ +struct epki2pki_ctx_st { + PROV_CTX *provctx; +}; + +static void *epki2pki_newctx(void *provctx) +{ + struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) + ctx->provctx = provctx; + return ctx; +} + +static void epki2pki_freectx(void *vctx) +{ + struct epki2pki_ctx_st *ctx = vctx; + + OPENSSL_free(ctx); +} + +/* + * The selection parameter in epki2pki_decode() is not used by this function + * because it's not relevant just to decode EncryptedPrivateKeyInfo to + * PrivateKeyInfo. + */ +static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + struct epki2pki_ctx_st *ctx = vctx; + BUF_MEM *mem = NULL; + unsigned char *der = NULL; + const unsigned char *pder = NULL; + long der_len = 0; + X509_SIG *p8 = NULL; + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + const X509_ALGOR *alg = NULL; + BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin); + int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + + BIO_free(in); + + /* We return "empty handed". This is not an error. */ + if (!ok) + return 1; + + pder = der = (unsigned char *)mem->data; + der_len = (long)mem->length; + OPENSSL_free(mem); + + ok = 1; /* Assume good */ + ERR_set_mark(); + if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) { + char pbuf[1024]; + size_t plen = 0; + + ERR_clear_last_mark(); + + if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) { + ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); + } else { + const ASN1_OCTET_STRING *oct; + unsigned char *new_der = NULL; + int new_der_len = 0; + + X509_SIG_get0(p8, &alg, &oct); + if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen, + oct->data, oct->length, + &new_der, &new_der_len, 0, + PROV_LIBCTX_OF(ctx->provctx), NULL)) { + ok = 0; + } else { + OPENSSL_free(der); + der = new_der; + der_len = new_der_len; + } + alg = NULL; + } + X509_SIG_free(p8); + } else { + ERR_pop_to_mark(); + } + + ERR_set_mark(); + pder = der; + p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len); + ERR_pop_to_mark(); + + if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) { + /* + * We have something and recognised it as PrivateKeyInfo, so let's + * pass all the applicable data to the callback. + */ + char keytype[OSSL_MAX_NAME_SIZE]; + OSSL_PARAM params[5], *p = params; + int objtype = OSSL_OBJECT_PKEY; + + OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + keytype, 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, + "PrivateKeyInfo", 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, + der, der_len); + *p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype); + *p = OSSL_PARAM_construct_end(); + + ok = data_cb(params, data_cbarg); + } + PKCS8_PRIV_KEY_INFO_free(p8inf); + OPENSSL_free(der); + return ok; +} + +const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = { + { OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx }, + { OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx }, + { OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode }, + { 0, NULL } +}; diff --git a/providers/implementations/encode_decode/decode_pem2der.c b/providers/implementations/encode_decode/decode_pem2der.c index 318efcc6af..16f3322354 100644 --- a/providers/implementations/encode_decode/decode_pem2der.c +++ b/providers/implementations/encode_decode/decode_pem2der.c @@ -101,8 +101,8 @@ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, * These entries should be in longest to shortest order to avoid * mixups. */ - { "ENCRYPTED PRIVATE KEY", "pkcs8" }, - { "PRIVATE KEY", "pkcs8" }, + { "ENCRYPTED PRIVATE KEY", "EncryptedPrivateKeyInfo" }, + { "PRIVATE KEY", "PrivateKeyInfo" }, { "PUBLIC KEY", "SubjectPublicKeyInfo" }, { "PARAMETERS", NULL } diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index f986ec124e..855866cbfe 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -128,12 +128,14 @@ static X509_SIG *key_to_encp8(const void *key, int key_nid, { PKCS8_PRIV_KEY_INFO *p8info = key_to_p8info(key, key_nid, params, params_type, k2d); - X509_SIG *p8 = p8info_to_encp8(p8info, ctx); + X509_SIG *p8 = NULL; - if (p8info == NULL) + if (p8info == NULL) { free_asn1_data(params_type, params); - - PKCS8_PRIV_KEY_INFO_free(p8info); + } else { + p8 = p8info_to_encp8(p8info, ctx); + PKCS8_PRIV_KEY_INFO_free(p8info); + } return p8; } @@ -162,81 +164,141 @@ static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid, } /* - * key_to_pkcs8_* produce encoded output with the key data pkcs8 - * in a structure. For private keys, that structure is PKCS#8, and for - * public keys, it's X.509 SubjectPublicKeyInfo. Parameters don't have - * any defined envelopment of that kind. + * key_to_epki_* produce encoded output with the private key data in a + * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require + * that there's an intent to encrypt, anything else is an error. + * They are currently only called from the corresponding key_to_pki_ function. + * + * key_to_pki_* primarly produce encoded output with the private key data + * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if + * there is an intent to encrypt the data, the corresponding key_to_epki_* + * function is used instead. + * + * key_to_spki_* produce encoded output with the public key data in an + * X.509 SubjectPublicKeyInfo. + * + * Key parameters don't have any defined envelopment of this kind, but are + * included in some manner in the output from the functions described above, + * either in the AlgorithmIdentifier's parameter field, or as part of the + * key data itself. */ -static int key_to_pkcs8_der_priv_bio(BIO *out, const void *key, - int key_nid, - ossl_unused const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) + +static int key_to_epki_der_priv_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; + X509_SIG *p8; + + if (!ctx->cipher_intent) + return 0; if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; - if (ctx->cipher_intent) { - X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); + p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); + if (p8 != NULL) + ret = i2d_PKCS8_bio(out, p8); - if (p8 != NULL) - ret = i2d_PKCS8_bio(out, p8); + X509_SIG_free(p8); - X509_SIG_free(p8); - } else { - PKCS8_PRIV_KEY_INFO *p8info = - key_to_p8info(key, key_nid, str, strtype, k2d); + return ret; +} - if (p8info != NULL) - ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); - else - free_asn1_data(strtype, str); +static int key_to_epki_pem_priv_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + X509_SIG *p8; - PKCS8_PRIV_KEY_INFO_free(p8info); - } + if (!ctx->cipher_intent) + return 0; + + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, + &str, &strtype)) + return 0; + + p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); + if (p8 != NULL) + ret = PEM_write_bio_PKCS8(out, p8); + + X509_SIG_free(p8); return ret; } -static int key_to_pkcs8_pem_priv_bio(BIO *out, const void *key, - int key_nid, - ossl_unused const char *pemname, - key_to_paramstring_fn *p2s, - i2d_of_void *k2d, - struct key2any_ctx_st *ctx) +static int key_to_pki_der_priv_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) { int ret = 0; void *str = NULL; int strtype = V_ASN1_UNDEF; + PKCS8_PRIV_KEY_INFO *p8info; + + if (ctx->cipher_intent) + return key_to_epki_der_priv_bio(out, key, key_nid, pemname, + p2s, k2d, ctx); if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) return 0; - if (ctx->cipher_intent) { - X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); + p8info = key_to_p8info(key, key_nid, str, strtype, k2d); - if (p8 != NULL) - ret = PEM_write_bio_PKCS8(out, p8); + if (p8info != NULL) + ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); + else + free_asn1_data(strtype, str); - X509_SIG_free(p8); - } else { - PKCS8_PRIV_KEY_INFO *p8info = - key_to_p8info(key, key_nid, str, strtype, k2d); + PKCS8_PRIV_KEY_INFO_free(p8info); - if (p8info != NULL) - ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); - else - free_asn1_data(strtype, str); + return ret; +} - PKCS8_PRIV_KEY_INFO_free(p8info); - } +static int key_to_pki_pem_priv_bio(BIO *out, const void *key, + int key_nid, + ossl_unused const char *pemname, + key_to_paramstring_fn *p2s, + i2d_of_void *k2d, + struct key2any_ctx_st *ctx) +{ + int ret = 0; + void *str = NULL; + int strtype = V_ASN1_UNDEF; + PKCS8_PRIV_KEY_INFO *p8info; + + if (ctx->cipher_intent) + return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, + p2s, k2d, ctx); + + if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, + &str, &strtype)) + return 0; + + p8info = key_to_p8info(key, key_nid, str, strtype, k2d); + + if (p8info != NULL) + ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); + else + free_asn1_data(strtype, str); + + PKCS8_PRIV_KEY_INFO_free(p8info); return ret; } @@ -427,7 +489,7 @@ static int dh_spki_pub_to_der(const void *dh, unsigned char **pder) return ret; } -static int dh_pkcs8_priv_to_der(const void *dh, unsigned char **pder) +static int dh_pki_priv_to_der(const void *dh, unsigned char **pder) { const BIGNUM *bn = NULL; ASN1_INTEGER *priv_key = NULL; @@ -540,7 +602,7 @@ static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder) return ret; } -static int dsa_pkcs8_priv_to_der(const void *dsa, unsigned char **pder) +static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder) { const BIGNUM *bn = NULL; ASN1_INTEGER *priv_key = NULL; @@ -639,7 +701,7 @@ static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder) return i2o_ECPublicKey(eckey, pder); } -static int ec_pkcs8_priv_to_der(const void *veckey, unsigned char **pder) +static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder) { EC_KEY *eckey = (EC_KEY *)veckey; unsigned int old_flags; @@ -700,7 +762,7 @@ static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) return ecxkey->keylen; } -static int ecx_pkcs8_priv_to_der(const void *vecxkey, unsigned char **pder) +static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder) { const ECX_KEY *ecxkey = vecxkey; ASN1_OCTET_STRING oct; @@ -826,7 +888,7 @@ static int prepare_rsa_params(const void *rsa, int nid, int save, * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey| * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field. */ -#define rsa_pkcs8_priv_to_der rsa_type_specific_priv_to_der +#define rsa_pki_priv_to_der rsa_type_specific_priv_to_der #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der #define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey #define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey @@ -1041,10 +1103,18 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, * the same. */ -/* PKCS#8 is a structure for private keys only */ -#define DO_PKCS8_selection_mask DO_PRIVATE_KEY_selection_mask -#define DO_PKCS8(impl, type, output) \ - DO_PRIVATE_KEY(impl, type, pkcs8, output) +/* + * PKCS#8 defines two structures for private keys only: + * - PrivateKeyInfo (raw unencrypted form) + * - EncryptedPrivateKeyInfo (encrypted wrapping) + * + * To allow a certain amount of flexibility, we allow the routines + * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a + * passphrase callback has been passed to them. + */ +#define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask +#define DO_PrivateKeyInfo(impl, type, output) \ + DO_PRIVATE_KEY(impl, type, pki, output) /* SubjectPublicKeyInfo is a structure for public keys only */ #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask @@ -1258,55 +1328,55 @@ MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem); * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). */ -MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS8, der); -MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS8, pem); +MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der); +MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem); MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der); MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS8, der); -MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS8, pem); +MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der); +MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem); MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der); MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem); #ifndef OPENSSL_NO_DH -MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS8, der); -MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS8, pem); +MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der); +MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem); MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der); MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PKCS8, der); -MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PKCS8, pem); +MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der); +MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem); MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der); MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem); #endif #ifndef OPENSSL_NO_DSA -MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PKCS8, der); -MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PKCS8, pem); +MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der); +MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem); MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der); MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem); #endif #ifndef OPENSSL_NO_EC -MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PKCS8, der); -MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PKCS8, pem); +MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der); +MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); # ifndef OPENSSL_NO_SM2 -MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PKCS8, der); -MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PKCS8, pem); +MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der); +MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); # endif -MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PKCS8, der); -MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PKCS8, pem); +MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der); +MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem); MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der); MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PKCS8, der); -MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PKCS8, pem); +MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); +MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PKCS8, der); -MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PKCS8, pem); +MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der); +MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem); MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der); MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem); -MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PKCS8, der); -MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PKCS8, pem); +MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); +MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); #endif diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index ae09ccd506..7b59e7308d 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -323,8 +323,8 @@ extern const OSSL_DISPATCH ossl_rsa_asym_kem_functions[]; /* Encoders */ extern const OSSL_DISPATCH ossl_rsa_to_PKCS1_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_rsa_to_PKCS1_pem_encoder_functions[]; -extern const OSSL_DISPATCH ossl_rsa_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_rsa_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_rsa_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_rsa_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_rsa_to_RSA_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_rsa_to_RSA_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_rsa_to_SubjectPublicKeyInfo_der_encoder_functions[]; @@ -337,8 +337,8 @@ extern const OSSL_DISPATCH ossl_rsa_to_type_specific_keypair_pem_encoder_functio extern const OSSL_DISPATCH ossl_rsapss_to_PKCS1_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_rsapss_to_PKCS1_pem_encoder_functions[]; -extern const OSSL_DISPATCH ossl_rsapss_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_rsapss_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_rsapss_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_rsapss_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_rsapss_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_rsapss_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_rsapss_to_text_encoder_functions[]; @@ -347,8 +347,8 @@ extern const OSSL_DISPATCH ossl_dh_to_DH_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_dh_to_DH_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_dh_to_PKCS3_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_dh_to_PKCS3_pem_encoder_functions[]; -extern const OSSL_DISPATCH ossl_dh_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_dh_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_dh_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_dh_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_dh_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_dh_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_dh_to_type_specific_params_der_encoder_functions[]; @@ -357,8 +357,8 @@ extern const OSSL_DISPATCH ossl_dh_to_text_encoder_functions[]; extern const OSSL_DISPATCH ossl_dhx_to_DHX_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_dhx_to_DHX_pem_encoder_functions[]; -extern const OSSL_DISPATCH ossl_dhx_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_dhx_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_dhx_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_dhx_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_dhx_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_dhx_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_dhx_to_X9_42_der_encoder_functions[]; @@ -369,8 +369,8 @@ extern const OSSL_DISPATCH ossl_dhx_to_text_encoder_functions[]; extern const OSSL_DISPATCH ossl_dsa_to_DSA_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_dsa_to_DSA_pem_encoder_functions[]; -extern const OSSL_DISPATCH ossl_dsa_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_dsa_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_dsa_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_dsa_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_dsa_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_dsa_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_dsa_to_type_specific_pem_encoder_functions[]; @@ -382,8 +382,8 @@ extern const OSSL_DISPATCH ossl_dsa_to_text_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_EC_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_EC_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_blob_encoder_functions[]; -extern const OSSL_DISPATCH ossl_ec_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_ec_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ec_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ec_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_X9_62_der_encoder_functions[]; @@ -396,8 +396,8 @@ extern const OSSL_DISPATCH ossl_ec_to_text_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_SM2_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_SM2_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_blob_encoder_functions[]; -extern const OSSL_DISPATCH ossl_sm2_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_sm2_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_sm2_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_sm2_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_type_specific_no_pub_pem_encoder_functions[]; @@ -405,84 +405,85 @@ extern const OSSL_DISPATCH ossl_sm2_to_type_specific_no_pub_der_encoder_function extern const OSSL_DISPATCH ossl_sm2_to_text_encoder_functions[]; #endif -extern const OSSL_DISPATCH ossl_ed25519_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_ed25519_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ed25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ed25519_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_ed25519_to_OSSL_current_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_ed25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH ossl_ed448_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_ed448_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ed448_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ed448_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_ed448_to_OSSL_current_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_ed448_to_text_encoder_functions[]; -extern const OSSL_DISPATCH ossl_x25519_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_x25519_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_x25519_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_x25519_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_x25519_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_x25519_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_x25519_to_OSSL_current_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_x25519_to_text_encoder_functions[]; -extern const OSSL_DISPATCH ossl_x448_to_PKCS8_der_encoder_functions[]; -extern const OSSL_DISPATCH ossl_x448_to_PKCS8_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_x448_to_PrivateKeyInfo_der_encoder_functions[]; +extern const OSSL_DISPATCH ossl_x448_to_PrivateKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_x448_to_SubjectPublicKeyInfo_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_x448_to_SubjectPublicKeyInfo_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_x448_to_OSSL_current_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_x448_to_text_encoder_functions[]; /* Decoders */ -extern const OSSL_DISPATCH ossl_PKCS8_der_to_dh_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_dh_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_dh_decoder_functions[]; extern const OSSL_DISPATCH ossl_type_specific_params_der_to_dh_decoder_functions[]; extern const OSSL_DISPATCH ossl_DH_der_to_dh_decoder_functions[]; -extern const OSSL_DISPATCH ossl_PKCS8_der_to_dhx_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_dhx_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_dhx_decoder_functions[]; extern const OSSL_DISPATCH ossl_type_specific_params_der_to_dhx_decoder_functions[]; extern const OSSL_DISPATCH ossl_DHX_der_to_dhx_decoder_functions[]; -extern const OSSL_DISPATCH ossl_PKCS8_der_to_dsa_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_dsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_dsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_type_specific_der_to_dsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_DSA_der_to_dsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_msblob_to_dsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_pvk_to_dsa_decoder_functions[]; -extern const OSSL_DISPATCH ossl_PKCS8_der_to_ec_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ec_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ec_decoder_functions[]; extern const OSSL_DISPATCH ossl_type_specific_no_pub_der_to_ec_decoder_functions[]; extern const OSSL_DISPATCH ossl_EC_der_to_ec_decoder_functions[]; -extern const OSSL_DISPATCH ossl_PKCS8_der_to_x25519_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_x25519_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_x25519_decoder_functions[]; -extern const OSSL_DISPATCH ossl_PKCS8_der_to_x448_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_x448_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_x448_decoder_functions[]; -extern const OSSL_DISPATCH ossl_PKCS8_der_to_ed25519_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ed25519_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ed25519_decoder_functions[]; -extern const OSSL_DISPATCH ossl_PKCS8_der_to_ed448_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ed448_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ed448_decoder_functions[]; #ifndef OPENSSL_NO_SM2 -extern const OSSL_DISPATCH ossl_PKCS8_der_to_sm2_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_sm2_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_sm2_decoder_functions[]; #endif -extern const OSSL_DISPATCH ossl_PKCS8_der_to_rsa_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_rsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_rsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_type_specific_keypair_der_to_rsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_RSA_der_to_rsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_msblob_to_rsa_decoder_functions[]; extern const OSSL_DISPATCH ossl_pvk_to_rsa_decoder_functions[]; -extern const OSSL_DISPATCH ossl_PKCS8_der_to_rsapss_decoder_functions[]; +extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_rsapss_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_rsapss_decoder_functions[]; +extern const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[]; extern const OSSL_DISPATCH ossl_pem_to_der_decoder_functions[]; extern const OSSL_DISPATCH ossl_file_store_functions[]; diff --git a/test/endecode_test.c b/test/endecode_test.c index f800d7738c..d28ea3c812 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -526,7 +526,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "DER", "pkcs8", NULL, NULL, + "DER", "PrivateKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_unprotected_PKCS8_DER, dump_der, 0); @@ -548,7 +548,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "PEM", "pkcs8", NULL, NULL, + "PEM", "PrivateKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_unprotected_PKCS8_PEM, dump_pem, 0); @@ -703,7 +703,8 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key) return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "DER", "pkcs8", pass, pass_cipher, + "DER", "PrivateKeyInfo", + pass, pass_cipher, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_protected_PKCS8_DER, dump_der, 0); @@ -725,7 +726,8 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key) return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "PEM", "pkcs8", pass, pass_cipher, + "PEM", "PrivateKeyInfo", + pass, pass_cipher, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_protected_PKCS8_PEM, dump_pem, 0); diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index bdfa3cd754..f075f40b0c 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -176,14 +176,14 @@ static int test_print_key_type_using_encoder(const char *alg, int type, case PRIV_PEM: output_type = "PEM"; - output_structure = "pkcs8"; + output_structure = "PrivateKeyInfo"; selection = OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; break; case PRIV_DER: output_type = "DER"; - output_structure = "pkcs8"; + output_structure = "PrivateKeyInfo"; selection = OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; break; From no-reply at appveyor.com Wed Jun 9 20:10:02 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 09 Jun 2021 20:10:02 +0000 Subject: Build failed: openssl master.42277 Message-ID: <20210609201002.1.215502F13D96A70E@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 9 21:11:48 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 09 Jun 2021 21:11:48 +0000 Subject: Build failed: openssl master.42278 Message-ID: <20210609211148.1.561DAC75EA7EE71F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 9 21:55:26 2021 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 09 Jun 2021 21:55:26 +0000 Subject: Build failed: openssl master.42279 Message-ID: <20210609215526.1.8831854768B77331@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jun 9 22:11:29 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 09 Jun 2021 22:11:29 +0000 Subject: Still FAILED build of OpenSSL branch master with options --strict-warnings Message-ID: <1623276689.774812.147486.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config --strict-warnings Commit log since last time: ef2194c4ad DECODER & ENCODER: Add better tracing 8ea5a6b523 DECODER: Adapt addition of extra decoder implementations 6a2b8ff392 Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8 320fc032b9 25-test_verify.t: Add test case: accept trusted self-signed EE cert with key usage keyCertSign also when strict 80070e478a test/certs/mkcert.sh: Correct description of geneealt parameters 65a97b2c38 25-test_verify.t: Prevent expiration of test case 'Name constraints bad othername name constraint' d63053bbdf 80-test_cmp_http.t: Improve the way the test server is launched and killed ee1d1db824 80-test_cmp_http.t: Simplify and prevent hangs on server not launching/behaving correctly f8ab78f6c2 Remove I_CAN_LIVE_WITH_LNK4049 1af9b646e8 keymgmt: better detect when a key manager can be reused Build log ended with (last 100 lines): # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8041FD9A2C7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 8041FD9A2C7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623276479 not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8041FD9A2C7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 8041FD9A2C7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623276479 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8041FD9A2C7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 8041FD9A2C7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623276479 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8041FD9A2C7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 8041FD9A2C7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623276479 not ok 6 - iteration 6 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8041FD9A2C7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 8041FD9A2C7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623276479 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 8041FD9A2C7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 8041FD9A2C7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623276479 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1623276479 not ok 1 - test_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/gosttest ../../../openssl/test/recipes/90-test_gost_data/server-cert2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-cert2012.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2012.pem => 1 not ok 1 - running gosttest # ------------------------------------------------------------------------------ # Failed test 'running gosttest' # at ../openssl/test/recipes/90-test_gost.t line 39. # Looks like you failed 1 test of 1.90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_ige.t ...................... ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_includes.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslbuffers.t ............... ok # Killing mock server with pid=13852380-test_cmp_http.t ................. ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 80-test_ssl_old.t .................. ok 90-test_store.t .................... ok 90-test_sslapi.t ................... ok Test Summary Report ------------------- 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=236, Tests=3237, 197 wallclock secs (13.47 usr 1.36 sys + 637.33 cusr 61.84 csys = 714.00 CPU) Result: FAIL make[1]: *** [Makefile:3239: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' make: *** [Makefile:3235: tests] Error 2 From pauli at openssl.org Thu Jun 10 04:19:12 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 10 Jun 2021 04:19:12 +0000 Subject: [openssl] master update Message-ID: <1623298752.340369.20436.nullmailer@dev.openssl.org> The branch master has been updated via b6298a7f8de45b287bfbad5de282fbceb68abb02 (commit) via 1dc8eb5be0375b1e3f33f711b3a62712b3042a6b (commit) via 807bb4255473986439c00a2fe3c798e7120709ba (commit) from ef2194c4ade7b765ccf9a6e8f97d88b0fa6b223d (commit) - Log ----------------------------------------------------------------- commit b6298a7f8de45b287bfbad5de282fbceb68abb02 Author: Pauli Date: Wed Jun 9 13:40:54 2021 +1000 util: convert SHA* one shots back to being functions Reviewed-by: Richard Levitte Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/15668) commit 1dc8eb5be0375b1e3f33f711b3a62712b3042a6b Author: Pauli Date: Wed Jun 9 13:40:27 2021 +1000 changes: fix woring that mentions SHA* one shot functions are deprecated Reviewed-by: Richard Levitte Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/15668) commit 807bb4255473986439c00a2fe3c798e7120709ba Author: Pauli Date: Wed Jun 9 13:38:30 2021 +1000 sha: convert SHA one shot macros back to being functions Fixes #15655 Reviewed-by: Richard Levitte Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/15668) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 4 ++-- crypto/sha/sha1_one.c | 26 ++++++++++++++++++++++++++ include/openssl/sha.h | 16 +++++----------- util/libcrypto.num | 10 +++++----- util/other.syms | 5 ----- 5 files changed, 38 insertions(+), 23 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index e0423a8491..5b0f0df11e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -690,8 +690,8 @@ breaking changes, and mappings for the large list of deprecated functions. *Paul Dale* - * The low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224, SHA256, - SHA384, SHA512 and Whirlpool digest functions have been deprecated. + * The low-level MD2, MD4, MD5, MDC2, RIPEMD160 and Whirlpool digest + functions have been deprecated. *Paul Dale and David von Oheimb* diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c index a21a1aded3..d6f5d1ecce 100644 --- a/crypto/sha/sha1_one.c +++ b/crypto/sha/sha1_one.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "crypto/sha.h" unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md) @@ -33,3 +34,28 @@ unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md) OPENSSL_cleanse(&c, sizeof(c)); return md; } + +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) +{ + return EVP_Q_digest(NULL, "SHA1", NULL, d, n, md, NULL) ? md : NULL; +} + +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) +{ + return EVP_Q_digest(NULL, "SHA224", NULL, d, n, md, NULL) ? md : NULL; +} + +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) +{ + return EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL; +} + +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) +{ + return EVP_Q_digest(NULL, "SHA384", NULL, d, n, md, NULL) ? md : NULL; +} + +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) +{ + return EVP_Q_digest(NULL, "SHA512", NULL, d, n, md, NULL) ? md : NULL; +} diff --git a/include/openssl/sha.h b/include/openssl/sha.h index eac4b79302..6e65a04089 100644 --- a/include/openssl/sha.h +++ b/include/openssl/sha.h @@ -17,7 +17,6 @@ # endif # include -# include # include # ifdef __cplusplus @@ -53,8 +52,7 @@ OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c); OSSL_DEPRECATEDIN_3_0 void SHA1_Transform(SHA_CTX *c, const unsigned char *data); # endif -# define SHA1(d, n, md) \ - (EVP_Q_digest(NULL, "SHA1", NULL, d, n, md, NULL) ? md : NULL) +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); # ifndef OPENSSL_NO_DEPRECATED_3_0 # define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a @@ -80,10 +78,8 @@ OSSL_DEPRECATEDIN_3_0 void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); # endif -# define SHA224(d, n, md) \ - (EVP_Q_digest(NULL, "SHA224", NULL, d, n, md, NULL) ? md : NULL) -# define SHA256(d, n, md) \ - (EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL) +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); # define SHA224_DIGEST_LENGTH 28 # define SHA256_DIGEST_LENGTH 32 @@ -132,10 +128,8 @@ OSSL_DEPRECATEDIN_3_0 void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); # endif -# define SHA384(d, n, md) \ - (EVP_Q_digest(NULL, "SHA384", NULL, d, n, md, NULL) ? md : NULL) -# define SHA512(d, n, md) \ - (EVP_Q_digest(NULL, "SHA512", NULL, d, n, md, NULL) ? md : NULL) +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); # ifdef __cplusplus } diff --git a/util/libcrypto.num b/util/libcrypto.num index 182cd2b158..8776e721a8 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1144,7 +1144,7 @@ BN_security_bits 1171 3_0_0 EXIST::FUNCTION: X509_PURPOSE_get0_name 1172 3_0_0 EXIST::FUNCTION: TS_TST_INFO_get_serial 1173 3_0_0 EXIST::FUNCTION:TS ASN1_PCTX_get_str_flags 1174 3_0_0 EXIST::FUNCTION: -SHA256 1175 3_0_0 NOEXIST::FUNCTION: +SHA256 1175 3_0_0 EXIST::FUNCTION: X509_LOOKUP_hash_dir 1176 3_0_0 EXIST::FUNCTION: ASN1_BIT_STRING_check 1177 3_0_0 EXIST::FUNCTION: ENGINE_set_default_RAND 1178 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE @@ -1375,7 +1375,7 @@ EVP_MD_meth_get_cleanup 1408 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ SRP_Calc_server_key 1409 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP BN_mod_exp_simple 1410 3_0_0 EXIST::FUNCTION: BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION: -SHA512 1412 3_0_0 NOEXIST::FUNCTION: +SHA512 1412 3_0_0 EXIST::FUNCTION: X509_STORE_CTX_get_explicit_policy 1413 3_0_0 EXIST::FUNCTION: EVP_DecodeBlock 1414 3_0_0 EXIST::FUNCTION: OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION: @@ -2460,7 +2460,7 @@ BN_generate_dsa_nonce 2512 3_0_0 EXIST::FUNCTION: X509_verify_cert 2513 3_0_0 EXIST::FUNCTION: X509_policy_level_get0_node 2514 3_0_0 EXIST::FUNCTION: X509_REQ_get_attr 2515 3_0_0 EXIST::FUNCTION: -SHA1 2516 3_0_0 NOEXIST::FUNCTION: +SHA1 2516 3_0_0 EXIST::FUNCTION: X509_print 2517 3_0_0 EXIST::FUNCTION: d2i_AutoPrivateKey 2518 3_0_0 EXIST::FUNCTION: X509_REQ_new 2519 3_0_0 EXIST::FUNCTION: @@ -2927,7 +2927,7 @@ EC_GROUP_set_asn1_flag 2991 3_0_0 EXIST::FUNCTION:EC EVP_PKEY_new 2992 3_0_0 EXIST::FUNCTION: i2d_POLICYINFO 2993 3_0_0 EXIST::FUNCTION: BN_get_flags 2994 3_0_0 EXIST::FUNCTION: -SHA384 2995 3_0_0 NOEXIST::FUNCTION: +SHA384 2995 3_0_0 EXIST::FUNCTION: NCONF_get_string 2996 3_0_0 EXIST::FUNCTION: d2i_PROXY_CERT_INFO_EXTENSION 2997 3_0_0 EXIST::FUNCTION: EC_POINT_point2buf 2998 3_0_0 EXIST::FUNCTION:EC @@ -3510,7 +3510,7 @@ EVP_MD_meth_dup 3588 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ ENGINE_unregister_ciphers 3589 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE X509_issuer_and_serial_cmp 3590 3_0_0 EXIST::FUNCTION: OCSP_response_create 3591 3_0_0 EXIST::FUNCTION:OCSP -SHA224 3592 3_0_0 NOEXIST::FUNCTION: +SHA224 3592 3_0_0 EXIST::FUNCTION: MD2_options 3593 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2 X509_REQ_it 3595 3_0_0 EXIST::FUNCTION: RAND_bytes 3596 3_0_0 EXIST::FUNCTION: diff --git a/util/other.syms b/util/other.syms index 8e1824c220..cf3455bcca 100644 --- a/util/other.syms +++ b/util/other.syms @@ -447,11 +447,6 @@ PEM_FLAG_EAY_COMPATIBLE define PEM_FLAG_ONLY_B64 define PEM_FLAG_SECURE define RAND_cleanup define deprecated 1.1.0 -SHA1 define -SHA224 define -SHA256 define -SHA384 define -SHA512 define SSL_COMP_free_compression_methods define deprecated 1.1.0 SSL_CTX_add0_chain_cert define SSL_CTX_add1_chain_cert define From no-reply at appveyor.com Thu Jun 10 05:01:31 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 05:01:31 +0000 Subject: Build failed: openssl master.42280 Message-ID: <20210610050131.1.A3D99A1DF621D86C@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jun 10 06:34:55 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 10 Jun 2021 06:34:55 +0000 Subject: [openssl] master update Message-ID: <1623306895.529152.4235.nullmailer@dev.openssl.org> The branch master has been updated via 5ac6d7d21b4e896fee2eca0488915faaea196448 (commit) from b6298a7f8de45b287bfbad5de282fbceb68abb02 (commit) - Log ----------------------------------------------------------------- commit 5ac6d7d21b4e896fee2eca0488915faaea196448 Author: Richard Levitte Date: Tue Jun 8 12:22:31 2021 +0200 APPS: Restore the possibility to combine -pubout with -text This applies to the 'openssl pkey' command. Fixes #15645 Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15658) ----------------------------------------------------------------------- Summary of changes: apps/pkey.c | 10 +++++++--- doc/man1/openssl-pkey.pod.in | 6 ++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/apps/pkey.c b/apps/pkey.c index 781f376837..fb3899b08e 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -175,15 +175,19 @@ int pkey_main(int argc, char **argv) if (argc != 0) goto opthelp; - if (noout && pubout) - BIO_printf(bio_err, - "Warning: The -pubout option is ignored with -noout\n"); if (text && text_pub) BIO_printf(bio_err, "Warning: The -text option is ignored with -text_pub\n"); if (traditional && (noout || outformat != FORMAT_PEM)) BIO_printf(bio_err, "Warning: The -traditional is ignored since there is no PEM output\n"); + + /* -pubout and -text is the same as -text_pub */ + if (!text_pub && pubout && text) { + text = 0; + text_pub = 1; + } + private = (!noout && !pubout) || (text && !text_pub); if (ciphername != NULL) { diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in index bf45643bce..34d57f7d14 100644 --- a/doc/man1/openssl-pkey.pod.in +++ b/doc/man1/openssl-pkey.pod.in @@ -131,10 +131,12 @@ option is specified then the older "traditional" format is used instead. =item B<-pubout> -By default the encoded private and public key is output; -this option restricts the encoded output to the public components. +By default the private and public key is output; +this option restricts the output to the public components. This option is automatically set if the input is a public key. +When combined with B<-text>, this is equivalent to B<-text_pub>. + =item B<-noout> Do not output the key in encoded form. From no-reply at appveyor.com Thu Jun 10 07:18:11 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 07:18:11 +0000 Subject: Build failed: openssl master.42281 Message-ID: <20210610071811.1.ABDFB71801C9C530@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Jun 10 08:12:11 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 10 Jun 2021 08:12:11 +0000 Subject: [openssl] master update Message-ID: <1623312731.562989.6017.nullmailer@dev.openssl.org> The branch master has been updated via 5a9dbfc58ab280ec426ed013f5aed5a5660b938a (commit) from 5ac6d7d21b4e896fee2eca0488915faaea196448 (commit) - Log ----------------------------------------------------------------- commit 5a9dbfc58ab280ec426ed013f5aed5a5660b938a Author: Pauli Date: Wed Jun 9 11:58:48 2021 +1000 err: clear flags better when clearing errors. An attempt to clear an error with malloced data didn't clear the flags. Now it clears all flags except the malloced flag. Fixes #12530 Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15667) ----------------------------------------------------------------------- Summary of changes: crypto/err/err_local.h | 3 +++ test/errtest.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/crypto/err/err_local.h b/crypto/err/err_local.h index 678f92dc04..d4e19dff24 100644 --- a/crypto/err/err_local.h +++ b/crypto/err/err_local.h @@ -27,6 +27,7 @@ static ossl_inline void err_clear_data(ERR_STATE *es, size_t i, int deall) es->err_data_flags[i] = 0; } else if (es->err_data[i] != NULL) { es->err_data[i][0] = '\0'; + es->err_data_flags[i] = ERR_TXT_MALLOCED; } } else { es->err_data[i] = NULL; @@ -68,6 +69,8 @@ static ossl_inline void err_set_debug(ERR_STATE *es, size_t i, static ossl_inline void err_set_data(ERR_STATE *es, size_t i, void *data, size_t datasz, int flags) { + if ((es->err_data_flags[i] & ERR_TXT_MALLOCED) != 0) + OPENSSL_free(es->err_data[i]); es->err_data[i] = data; es->err_data_size[i] = datasz; es->err_data_flags[i] = flags; diff --git a/test/errtest.c b/test/errtest.c index e19501a036..2d827ff893 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -287,6 +287,53 @@ static int test_marks(void) return 1; } +static int test_clear_error(void) +{ + int flags = -1; + const char *data = NULL; + int res = 0; + + /* Raise an error with data and clear it */ + ERR_raise_data(0, 0, "hello %s", "world"); + ERR_peek_error_data(&data, &flags); + if (!TEST_str_eq(data, "hello world") + || !TEST_int_eq(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) + goto err; + ERR_clear_error(); + + /* Raise a new error without data */ + ERR_raise(0, 0); + ERR_peek_error_data(&data, &flags); + if (!TEST_str_eq(data, "") + || !TEST_int_eq(flags, ERR_TXT_MALLOCED)) + goto err; + ERR_clear_error(); + + /* Raise a new error with data */ + ERR_raise_data(0, 0, "goodbye %s world", "cruel"); + ERR_peek_error_data(&data, &flags); + if (!TEST_str_eq(data, "goodbye cruel world") + || !TEST_int_eq(flags, ERR_TXT_STRING | ERR_TXT_MALLOCED)) + goto err; + ERR_clear_error(); + + /* + * Raise a new error without data to check that the malloced storage + * is freed properly + */ + ERR_raise(0, 0); + ERR_peek_error_data(&data, &flags); + if (!TEST_str_eq(data, "") + || !TEST_int_eq(flags, ERR_TXT_MALLOCED)) + goto err; + ERR_clear_error(); + + res = 1; + err: + ERR_clear_error(); + return res; +} + int setup_tests(void) { ADD_TEST(preserves_system_error); @@ -296,5 +343,6 @@ int setup_tests(void) ADD_TEST(test_print_error_format); #endif ADD_TEST(test_marks); + ADD_TEST(test_clear_error); return 1; } From pauli at openssl.org Thu Jun 10 08:27:55 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 10 Jun 2021 08:27:55 +0000 Subject: [openssl] master update Message-ID: <1623313675.387890.14529.nullmailer@dev.openssl.org> The branch master has been updated via de5a0198b22c36884fd36021d9e4f589b939674f (commit) from 5a9dbfc58ab280ec426ed013f5aed5a5660b938a (commit) - Log ----------------------------------------------------------------- commit de5a0198b22c36884fd36021d9e4f589b939674f Author: Tomas Mraz Date: Mon Jun 7 16:56:20 2021 +0200 Fix use after free in OSSL_HTTP_REQ_CTX_set1_req() Fixes #15647 Reviewed-by: David von Oheimb Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15648) ----------------------------------------------------------------------- Summary of changes: crypto/http/http_client.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index e7e0183b59..79fe9ccd41 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -126,7 +126,8 @@ void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx) if (rctx->free_wbio) BIO_free_all(rctx->wbio); /* do not free rctx->rbio */ - BIO_free(rctx->mem); /* this may indirectly call ERR_clear_error() */ + BIO_free(rctx->mem); + BIO_free(rctx->req); OPENSSL_free(rctx->buf); OPENSSL_free(rctx->proxy); OPENSSL_free(rctx->server); @@ -260,8 +261,8 @@ int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx, return 1; } -static int set_content(OSSL_HTTP_REQ_CTX *rctx, - const char *content_type, BIO *req) +static int set1_content(OSSL_HTTP_REQ_CTX *rctx, + const char *content_type, BIO *req) { long req_len; @@ -285,10 +286,16 @@ static int set_content(OSSL_HTTP_REQ_CTX *rctx, && BIO_printf(rctx->mem, "Content-Type: %s\r\n", content_type) <= 0) return 0; - rctx->req = req; - if ((req_len = BIO_ctrl(req, BIO_CTRL_INFO, 0, NULL)) <= 0) - return 1; /* streaming BIO may not support querying size */ - return BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) > 0; + /* streaming BIO may not support querying size */ + if ((req_len = BIO_ctrl(req, BIO_CTRL_INFO, 0, NULL)) <= 0 + || BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) > 0) { + if (!BIO_up_ref(req)) + return 0; + BIO_free(rctx->req); + rctx->req = req; + return 1; + } + return 0; } int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, @@ -303,7 +310,7 @@ int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type } res = (mem = ASN1_item_i2d_mem_bio(it, req)) != NULL - && set_content(rctx, content_type, mem); + && set1_content(rctx, content_type, mem); BIO_free(mem); return res; } @@ -965,7 +972,7 @@ int OSSL_HTTP_set_request(OSSL_HTTP_REQ_CTX *rctx, const char *path, && add1_headers(rctx, headers, rctx->server) && OSSL_HTTP_REQ_CTX_set_expected(rctx, expected_content_type, expect_asn1, timeout, keep_alive) - && set_content(rctx, content_type, req); + && set1_content(rctx, content_type, req); } /*- From pauli at openssl.org Thu Jun 10 08:32:42 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 10 Jun 2021 08:32:42 +0000 Subject: [openssl] master update Message-ID: <1623313962.762095.18811.nullmailer@dev.openssl.org> The branch master has been updated via 25959e04c350c2b82d545ea38b18ff714acf61ba (commit) from de5a0198b22c36884fd36021d9e4f589b939674f (commit) - Log ----------------------------------------------------------------- commit 25959e04c350c2b82d545ea38b18ff714acf61ba Author: Todd Short Date: Fri Apr 5 14:17:22 2019 -0400 Optimize session cache flushing Sort SSL_SESSION structures by timeout in the linked list. Iterate over the linked list for timeout, stopping when no more session can be flushed. Do SSL_SESSION_free() outside of SSL_CTX lock Update timeout upon use Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8687) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_session_cache_mode.pod | 5 + include/openssl/ssl.h.in | 1 + ssl/ssl_asn1.c | 11 +- ssl/ssl_local.h | 9 +- ssl/ssl_sess.c | 207 ++++++++++++++++++++++------ ssl/statem/statem_clnt.c | 7 +- ssl/statem/statem_srvr.c | 5 +- test/sslapitest.c | 124 +++++++++++++++++ 8 files changed, 310 insertions(+), 59 deletions(-) diff --git a/doc/man3/SSL_CTX_set_session_cache_mode.pod b/doc/man3/SSL_CTX_set_session_cache_mode.pod index 26febc6986..a698ffde5d 100644 --- a/doc/man3/SSL_CTX_set_session_cache_mode.pod +++ b/doc/man3/SSL_CTX_set_session_cache_mode.pod @@ -105,6 +105,11 @@ prevents these additions to the internal cache as well. Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time. +=item SSL_SESS_CACHE_UPDATE_TIME + +Updates the timestamp of the session when it is used, increasing the lifespan +of the session. The session timeout applies to last use, rather then creation +time. =back diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 2c34fd2a9a..9c00eb3d13 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -670,6 +670,7 @@ typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id, # define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 # define SSL_SESS_CACHE_NO_INTERNAL \ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) +# define SSL_SESS_CACHE_UPDATE_TIME 0x0400 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); # define SSL_CTX_sess_number(ctx) \ diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index c4479c2dd6..2cbd95fa1b 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -163,8 +163,8 @@ int i2d_SSL_SESSION(const SSL_SESSION *in, unsigned char **pp) ssl_session_oinit(&as.session_id_context, &sid_ctx, in->sid_ctx, in->sid_ctx_length); - as.time = in->time; - as.timeout = in->timeout; + as.time = (int64_t)in->time; + as.timeout = (int64_t)in->timeout; as.verify_result = in->verify_result; as.peer = in->peer; @@ -302,14 +302,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->master_key_length = tmpl; if (as->time != 0) - ret->time = (long)as->time; + ret->time = (time_t)as->time; else - ret->time = (long)time(NULL); + ret->time = time(NULL); if (as->timeout != 0) - ret->timeout = (long)as->timeout; + ret->timeout = (time_t)as->timeout; else ret->timeout = 3; + ssl_session_calculate_timeout(ret); X509_free(ret->peer); ret->peer = as->peer; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 09413a44fa..def53739a1 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -593,8 +593,10 @@ struct ssl_session_st { */ long verify_result; /* only for servers */ CRYPTO_REF_COUNT references; - long timeout; - long time; + time_t timeout; + time_t time; + time_t calc_timeout; + int timeout_ovf; unsigned int compress_meth; /* Need to lookup the method */ const SSL_CIPHER *cipher; unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used to @@ -634,6 +636,7 @@ struct ssl_session_st { unsigned char *ticket_appdata; size_t ticket_appdata_len; uint32_t flags; + SSL_CTX *owner; CRYPTO_RWLOCK *lock; }; @@ -2843,6 +2846,8 @@ int ssl_srp_ctx_init_intern(SSL *s); int ssl_srp_calc_a_param_intern(SSL *s); int ssl_srp_server_param_with_username_intern(SSL *s, int *ad); +void ssl_session_calculate_timeout(SSL_SESSION* ss); + # else /* OPENSSL_UNIT_TEST */ # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 3409795628..b526984289 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -24,6 +24,58 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); +DEFINE_STACK_OF(SSL_SESSION) + +__owur static int sess_timedout(time_t t, SSL_SESSION *ss) +{ + /* if timeout overflowed, it can never timeout! */ + if (ss->timeout_ovf) + return 0; + return t > ss->calc_timeout; +} + +/* + * Returns -1/0/+1 as other XXXcmp-type functions + * Takes overflow of calculated timeout into consideration + */ +__owur static int timeoutcmp(SSL_SESSION *a, SSL_SESSION *b) +{ + /* if only one overflowed, then it is greater */ + if (a->timeout_ovf && !b->timeout_ovf) + return 1; + if (!a->timeout_ovf && b->timeout_ovf) + return -1; + /* No overflow, or both overflowed, so straight compare is safe */ + if (a->calc_timeout < b->calc_timeout) + return -1; + if (a->calc_timeout > b->calc_timeout) + return 1; + return 0; +} + +/* + * Calculates effective timeout, saving overflow state + * Locking must be done by the caller of this function + */ +void ssl_session_calculate_timeout(SSL_SESSION *ss) +{ + /* Force positive timeout */ + if (ss->timeout < 0) + ss->timeout = 0; + ss->calc_timeout = ss->time + ss->timeout; + /* + * |timeout| is always zero or positive, so the check for + * overflow only needs to consider if |time| is positive + */ + ss->timeout_ovf = ss->time > 0 && ss->calc_timeout < ss->time; + /* + * N.B. Realistic overflow can only occur in our lifetimes on a + * 32-bit machine in January 2038. + * However, There are no controls to limit the |timeout| + * value, except to keep it positive. + */ +} + /* * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because, * unlike in earlier protocol versions, the session ticket may not have been @@ -83,7 +135,8 @@ SSL_SESSION *SSL_SESSION_new(void) ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */ - ss->time = (unsigned long)time(NULL); + ss->time = time(NULL); + ssl_session_calculate_timeout(ss); ss->lock = CRYPTO_THREAD_lock_new(); if (ss->lock == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); @@ -587,7 +640,7 @@ int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello) goto err; } - if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */ + if (sess_timedout(time(NULL), ret)) { tsan_counter(&s->session_ctx->stats.sess_timeout); if (try_session_cache) { /* session was from the cache, so remove it */ @@ -688,9 +741,12 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) s = c; } - /* Put at the head of the queue unless it is already in the cache */ - if (s == NULL) - SSL_SESSION_list_add(ctx, c); + /* Adjust last used time, and add back into the cache at the appropriate spot */ + if (ctx->session_cache_mode & SSL_SESS_CACHE_UPDATE_TIME) { + c->time = time(NULL); + ssl_session_calculate_timeout(c); + } + SSL_SESSION_list_add(ctx, c); if (s != NULL) { /* @@ -832,9 +888,21 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) { - if (s == NULL) + time_t new_timeout = (time_t)t; + + if (s == NULL || t < 0) return 0; - s->timeout = t; + if (s->owner != NULL) { + if (!CRYPTO_THREAD_write_lock(s->owner->lock)) + return 0; + s->timeout = new_timeout; + ssl_session_calculate_timeout(s); + SSL_SESSION_list_add(s->owner, s); + CRYPTO_THREAD_unlock(s->owner->lock); + } else { + s->timeout = new_timeout; + ssl_session_calculate_timeout(s); + } return 1; } @@ -842,21 +910,33 @@ long SSL_SESSION_get_timeout(const SSL_SESSION *s) { if (s == NULL) return 0; - return s->timeout; + return (long)s->timeout; } long SSL_SESSION_get_time(const SSL_SESSION *s) { if (s == NULL) return 0; - return s->time; + return (long)s->time; } long SSL_SESSION_set_time(SSL_SESSION *s, long t) { + time_t new_time = (time_t)t; + if (s == NULL) return 0; - s->time = t; + if (s->owner != NULL) { + if (!CRYPTO_THREAD_write_lock(s->owner->lock)) + return 0; + s->time = new_time; + ssl_session_calculate_timeout(s); + SSL_SESSION_list_add(s->owner, s); + CRYPTO_THREAD_unlock(s->owner->lock); + } else { + s->time = new_time; + ssl_session_calculate_timeout(s); + } return t; } @@ -1050,47 +1130,52 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) return 0; } -typedef struct timeout_param_st { - SSL_CTX *ctx; - long time; - LHASH_OF(SSL_SESSION) *cache; -} TIMEOUT_PARAM; - -static void timeout_cb(SSL_SESSION *s, TIMEOUT_PARAM *p) -{ - if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */ - /* - * The reason we don't call SSL_CTX_remove_session() is to save on - * locking overhead - */ - (void)lh_SSL_SESSION_delete(p->cache, s); - SSL_SESSION_list_remove(p->ctx, s); - s->not_resumable = 1; - if (p->ctx->remove_session_cb != NULL) - p->ctx->remove_session_cb(p->ctx, s); - SSL_SESSION_free(s); - } -} - -IMPLEMENT_LHASH_DOALL_ARG(SSL_SESSION, TIMEOUT_PARAM); - void SSL_CTX_flush_sessions(SSL_CTX *s, long t) { + STACK_OF(SSL_SESSION) *sk; + SSL_SESSION *current; unsigned long i; - TIMEOUT_PARAM tp; - tp.ctx = s; - tp.cache = s->sessions; - if (tp.cache == NULL) - return; - tp.time = t; if (!CRYPTO_THREAD_write_lock(s->lock)) return; + + sk = sk_SSL_SESSION_new_null(); i = lh_SSL_SESSION_get_down_load(s->sessions); lh_SSL_SESSION_set_down_load(s->sessions, 0); - lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp); + + /* + * Iterate over the list from the back (oldest), and stop + * when a session can no longer be removed. + * Add the session to a temporary list to be freed outside + * the SSL_CTX lock. + * But still do the remove_session_cb() within the lock. + */ + while (s->session_cache_tail != NULL) { + current = s->session_cache_tail; + if (t == 0 || sess_timedout((time_t)t, current)) { + lh_SSL_SESSION_delete(s->sessions, current); + SSL_SESSION_list_remove(s, current); + current->not_resumable = 1; + if (s->remove_session_cb != NULL) + s->remove_session_cb(s, current); + /* + * Throw the session on a stack, it's entirely plausible + * that while freeing outside the critical section, the + * session could be re-added, so avoid using the next/prev + * pointers. If the stack failed to create, or the session + * couldn't be put on the stack, just free it here + */ + if (sk == NULL || !sk_SSL_SESSION_push(sk, current)) + SSL_SESSION_free(current); + } else { + break; + } + } + lh_SSL_SESSION_set_down_load(s->sessions, i); CRYPTO_THREAD_unlock(s->lock); + + sk_SSL_SESSION_pop_free(sk, SSL_SESSION_free); } int ssl_clear_bad_session(SSL *s) @@ -1132,10 +1217,13 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) } } s->prev = s->next = NULL; + s->owner = NULL; } static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) { + SSL_SESSION *next; + if ((s->next != NULL) && (s->prev != NULL)) SSL_SESSION_list_remove(ctx, s); @@ -1145,11 +1233,40 @@ static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) s->prev = (SSL_SESSION *)&(ctx->session_cache_head); s->next = (SSL_SESSION *)&(ctx->session_cache_tail); } else { - s->next = ctx->session_cache_head; - s->next->prev = s; - s->prev = (SSL_SESSION *)&(ctx->session_cache_head); - ctx->session_cache_head = s; + if (timeoutcmp(s, ctx->session_cache_head) >= 0) { + /* + * if we timeout after (or the same time as) the first + * session, put us first - usual case + */ + s->next = ctx->session_cache_head; + s->next->prev = s; + s->prev = (SSL_SESSION *)&(ctx->session_cache_head); + ctx->session_cache_head = s; + } else if (timeoutcmp(s, ctx->session_cache_tail) < 0) { + /* if we timeout before the last session, put us last */ + s->prev = ctx->session_cache_tail; + s->prev->next = s; + s->next = (SSL_SESSION *)&(ctx->session_cache_tail); + ctx->session_cache_tail = s; + } else { + /* + * we timeout somewhere in-between - if there is only + * one session in the cache it will be caught above + */ + next = ctx->session_cache_head->next; + while (next != (SSL_SESSION*)&(ctx->session_cache_tail)) { + if (timeoutcmp(s, next) >= 0) { + s->next = next; + s->prev = next->prev; + next->prev->next = s; + next->prev = s; + break; + } + next = next->next; + } + } } + s->owner = ctx; } void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index e8e9f94651..472a4a366b 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2510,11 +2510,8 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) s->session = new_sess; } - /* - * Technically the cast to long here is not guaranteed by the C standard - - * but we use it elsewhere, so this should be ok. - */ - s->session->time = (long)time(NULL); + s->session->time = time(NULL); + ssl_session_calculate_timeout(s->session); OPENSSL_free(s->session->ext.tick); s->session->ext.tick = NULL; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index c1c0d455e1..35e023b781 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3633,7 +3633,7 @@ static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, */ if (!WPACKET_put_bytes_u32(pkt, (s->hit && !SSL_IS_TLS13(s)) - ? 0 : s->session->timeout)) { + ? 0 : (uint32_t)s->session->timeout)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -3930,7 +3930,8 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) } s->session->master_key_length = hashlen; - s->session->time = (long)time(NULL); + s->session->time = time(NULL); + ssl_session_calculate_timeout(s->session); if (s->s3.alpn_selected != NULL) { OPENSSL_free(s->session->ext.alpn_selected); s->session->ext.alpn_selected = diff --git a/test/sslapitest.c b/test/sslapitest.c index 2b73e43305..ba642e6070 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -8122,6 +8122,129 @@ end: } #endif /* OPENSSL_NO_TLS1_2 */ +static int test_session_timeout(int test) +{ + /* + * Test session ordering and timeout + * Can't explicitly test performance of the new code, + * but can test to see if the ordering of the sessions + * are correct, and they they are removed as expected + */ + SSL_SESSION *early = NULL; + SSL_SESSION *middle = NULL; + SSL_SESSION *late = NULL; + SSL_CTX *ctx; + int testresult = 0; + long now = (long)time(NULL); +#define TIMEOUT 10 + + if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method())) + || !TEST_ptr(early = SSL_SESSION_new()) + || !TEST_ptr(middle = SSL_SESSION_new()) + || !TEST_ptr(late = SSL_SESSION_new())) + goto end; + + /* assign unique session ids */ + early->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + memset(early->session_id, 1, SSL3_SSL_SESSION_ID_LENGTH); + middle->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + memset(middle->session_id, 2, SSL3_SSL_SESSION_ID_LENGTH); + late->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + memset(late->session_id, 3, SSL3_SSL_SESSION_ID_LENGTH); + + if (!TEST_int_eq(SSL_CTX_add_session(ctx, early), 1) + || !TEST_int_eq(SSL_CTX_add_session(ctx, middle), 1) + || !TEST_int_eq(SSL_CTX_add_session(ctx, late), 1)) + goto end; + + /* Make sure they are all added */ + if (!TEST_ptr(early->prev) + || !TEST_ptr(middle->prev) + || !TEST_ptr(late->prev)) + goto end; + + if (!TEST_int_ne(SSL_SESSION_set_time(early, now - 10), 0) + || !TEST_int_ne(SSL_SESSION_set_time(middle, now), 0) + || !TEST_int_ne(SSL_SESSION_set_time(late, now + 10), 0)) + goto end; + + if (!TEST_int_ne(SSL_SESSION_set_timeout(early, TIMEOUT), 0) + || !TEST_int_ne(SSL_SESSION_set_timeout(middle, TIMEOUT), 0) + || !TEST_int_ne(SSL_SESSION_set_timeout(late, TIMEOUT), 0)) + goto end; + + /* Make sure they are all still there */ + if (!TEST_ptr(early->prev) + || !TEST_ptr(middle->prev) + || !TEST_ptr(late->prev)) + goto end; + + /* Make sure they are in the expected order */ + if (!TEST_ptr_eq(late->next, middle) + || !TEST_ptr_eq(middle->next, early) + || !TEST_ptr_eq(early->prev, middle) + || !TEST_ptr_eq(middle->prev, late)) + goto end; + + /* This should remove "early" */ + SSL_CTX_flush_sessions(ctx, now + TIMEOUT - 1); + if (!TEST_ptr_null(early->prev) + || !TEST_ptr(middle->prev) + || !TEST_ptr(late->prev)) + goto end; + + /* This should remove "middle" */ + SSL_CTX_flush_sessions(ctx, now + TIMEOUT + 1); + if (!TEST_ptr_null(early->prev) + || !TEST_ptr_null(middle->prev) + || !TEST_ptr(late->prev)) + goto end; + + /* This should remove "late" */ + SSL_CTX_flush_sessions(ctx, now + TIMEOUT + 11); + if (!TEST_ptr_null(early->prev) + || !TEST_ptr_null(middle->prev) + || !TEST_ptr_null(late->prev)) + goto end; + + /* Add them back in again */ + if (!TEST_int_eq(SSL_CTX_add_session(ctx, early), 1) + || !TEST_int_eq(SSL_CTX_add_session(ctx, middle), 1) + || !TEST_int_eq(SSL_CTX_add_session(ctx, late), 1)) + goto end; + + /* Make sure they are all added */ + if (!TEST_ptr(early->prev) + || !TEST_ptr(middle->prev) + || !TEST_ptr(late->prev)) + goto end; + + /* This should remove all of them */ + SSL_CTX_flush_sessions(ctx, 0); + if (!TEST_ptr_null(early->prev) + || !TEST_ptr_null(middle->prev) + || !TEST_ptr_null(late->prev)) + goto end; + + (void)SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_UPDATE_TIME + | SSL_CTX_get_session_cache_mode(ctx)); + + /* make sure |now| is NOT equal to the current time */ + now -= 10; + if (!TEST_int_ne(SSL_SESSION_set_time(early, now), 0) + || !TEST_int_eq(SSL_CTX_add_session(ctx, early), 1) + || !TEST_long_ne(SSL_SESSION_get_time(early), now)) + goto end; + + testresult = 1; + end: + SSL_CTX_free(ctx); + SSL_SESSION_free(early); + SSL_SESSION_free(middle); + SSL_SESSION_free(late); + return testresult; +} + /* * Test 0: Client sets servername and server acknowledges it (TLSv1.2) * Test 1: Client sets servername and server does not acknowledge it (TLSv1.2) @@ -9287,6 +9410,7 @@ int setup_tests(void) #endif ADD_TEST(test_inherit_verify_param); ADD_TEST(test_set_alpn); + ADD_ALL_TESTS(test_session_timeout, 1); return 1; err: From matt at openssl.org Thu Jun 10 09:04:31 2021 From: matt at openssl.org (Matt Caswell) Date: Thu, 10 Jun 2021 09:04:31 +0000 Subject: [openssl] master update Message-ID: <1623315871.469603.26585.nullmailer@dev.openssl.org> The branch master has been updated via 726f92e016bac53175ed5d5321bce1ddf6b207d6 (commit) from 25959e04c350c2b82d545ea38b18ff714acf61ba (commit) - Log ----------------------------------------------------------------- commit 726f92e016bac53175ed5d5321bce1ddf6b207d6 Author: Arran Cudbard-Bell Date: Tue Jun 8 16:45:38 2021 -0500 Enable ssl-trace by default There doesn't appear to be a good reason to omit protocol message tracing by default. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/15665) ----------------------------------------------------------------------- Summary of changes: Configure | 3 +-- INSTALL.md | 9 ++++++--- doc/man1/openssl-s_client.pod.in | 3 +-- doc/man1/openssl-s_server.pod.in | 3 +-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Configure b/Configure index f6951bbb18..c6e85b3e48 100755 --- a/Configure +++ b/Configure @@ -548,7 +548,6 @@ our %disabled = ( # "what" => "comment" "msan" => "default", "rc5" => "default", "sctp" => "default", - "ssl-trace" => "default", "ssl3" => "default", "ssl3-method" => "default", "trace" => "default", @@ -575,7 +574,7 @@ my @disable_cascades = ( "rc2", "rc4", "rmd160", "seed", "siphash", "siv", "sm3", "sm4", "srp", - "srtp", "ssl3-method", + "srtp", "ssl3-method", "ssl-trace", "ts", "ui-console", "whirlpool", "fips-securitychecks" ], sub { $config{processor} eq "386" } diff --git a/INSTALL.md b/INSTALL.md index 1855dcd128..202a66885e 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -850,11 +850,14 @@ disengage SSE2 code paths upon application start-up, but if you aim for wider "audience" running such kernel, consider `no-sse2`. Both the `386` and `no-asm` options imply `no-sse2`. -### enable-ssl-trace +### no-ssl-trace -Build with the SSL Trace capabilities. +Don't build with SSL Trace capabilities. -This adds the `-trace` option to `s_client` and `s_server`. +This removes the `-trace` option from `s_client` and `s_server`, and omits the +`SSL_trace()` function from libssl. + +Disabling `ssl-trace` may provide a small reduction in libssl binary size. ### no-static-engine diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 985ca4125d..144e367d4e 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -460,8 +460,7 @@ Show all protocol messages with hex dump. =item B<-trace> -Show verbose trace output of protocol messages. OpenSSL needs to be compiled -with B for this option to work. +Show verbose trace output of protocol messages. =item B<-msgfile> I diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 27522fc04b..97852ae7bf 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -536,8 +536,7 @@ Configure SSL_CTX using the given configuration value. =item B<-trace> -Show verbose trace output of protocol messages. OpenSSL needs to be compiled -with B for this option to work. +Show verbose trace output of protocol messages. =item B<-brief> From no-reply at appveyor.com Thu Jun 10 09:09:36 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 09:09:36 +0000 Subject: Build failed: openssl master.42282 Message-ID: <20210610090936.1.CEEDE0AA055A5417@appveyor.com> An HTML attachment was scrubbed... URL: From patrick.steuer at de.ibm.com Thu Jun 10 09:19:39 2021 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Thu, 10 Jun 2021 09:19:39 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1623316779.950682.27586.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 668893a9207adbed5186fcc6ac24ac3458cc7883 (commit) via dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 (commit) from bfcdfdee50b0adb9a6e448f07fd8f1c87c919cda (commit) - Log ----------------------------------------------------------------- commit 668893a9207adbed5186fcc6ac24ac3458cc7883 Author: Patrick Steuer Date: Tue Jun 8 10:22:53 2021 +0200 Test EVP_CipherInit sequences and resets Various EVP_CipherInit sequences including partial inits and initializations with different "enc" flags caused problems on s390x. Similarly, cipher reinitialization and especially GCM reinitialization with different tag length led to wrong results. Add some unit tests to cover these rather exotic use cases. Signed-off-by: Patrick Steuer Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14900) commit dc67210d909b5dd7a50f60a96f36f3f5a891b1c8 Author: Patrick Steuer Date: Fri Apr 16 15:09:46 2021 +0000 s390x: cipher must set EVP_CIPH_ALWAYS_CALL_INIT flag The s390x cipher implementations must call their init function even if the key argument is NULL to allow initializing the cipher operation's context in any order. Signed-off-by: Patrick Steuer Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14900) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 166 ++++++++---------- test/evp_extra_test.c | 473 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 547 insertions(+), 92 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 405ddbf9bf..b5ea4032fd 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1168,9 +1168,9 @@ typedef struct { static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); -# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_cbc_CAPABLE 1 -# define S390X_aes_256_cbc_CAPABLE 1 +# define S390X_aes_128_cbc_CAPABLE 0 /* checked by callee */ +# define S390X_aes_192_cbc_CAPABLE 0 +# define S390X_aes_256_cbc_CAPABLE 0 # define S390X_AES_CBC_CTX EVP_AES_KEY # define s390x_aes_cbc_init_key aes_init_key @@ -1190,11 +1190,11 @@ static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx, S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); - cctx->fc = S390X_AES_FC(keylen); - if (!enc) - cctx->fc |= S390X_DECRYPT; + cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT); + + if (key != NULL) + memcpy(cctx->km.param.k, key, keylen); - memcpy(cctx->km.param.k, key, keylen); return 1; } @@ -1222,14 +1222,17 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *ivec, int enc) { S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); - const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); + const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); - memcpy(cctx->kmo.param.cv, iv, ivlen); - memcpy(cctx->kmo.param.k, key, keylen); cctx->fc = S390X_AES_FC(keylen); + + if (key != NULL) + memcpy(cctx->kmo.param.k, key, keylen); + cctx->res = 0; + memcpy(cctx->kmo.param.cv, oiv, ivlen); return 1; } @@ -1287,18 +1290,18 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *ivec, int enc) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); - const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); + const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); - cctx->fc = S390X_AES_FC(keylen); - cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */ - if (!enc) - cctx->fc |= S390X_DECRYPT; + cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT) + | (16 << 24); /* 16 bytes cipher feedback */ + + if (key != NULL) + memcpy(cctx->kmf.param.k, key, keylen); cctx->res = 0; - memcpy(cctx->kmf.param.cv, iv, ivlen); - memcpy(cctx->kmf.param.k, key, keylen); + memcpy(cctx->kmf.param.cv, oiv, ivlen); return 1; } @@ -1360,17 +1363,18 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *ivec, int enc) { S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); - const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); + const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx); const int keylen = EVP_CIPHER_CTX_key_length(ctx); const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); - cctx->fc = S390X_AES_FC(keylen); - cctx->fc |= 1 << 24; /* 1 byte cipher feedback */ - if (!enc) - cctx->fc |= S390X_DECRYPT; + cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT) + | (1 << 24); /* 1 byte cipher feedback flag */ + + if (key != NULL) + memcpy(cctx->kmf.param.k, key, keylen); - memcpy(cctx->kmf.param.cv, iv, ivlen); - memcpy(cctx->kmf.param.k, key, keylen); + cctx->res = 0; + memcpy(cctx->kmf.param.cv, oiv, ivlen); return 1; } @@ -1393,9 +1397,9 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len); -# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ -# define S390X_aes_192_ctr_CAPABLE 1 -# define S390X_aes_256_ctr_CAPABLE 1 +# define S390X_aes_128_ctr_CAPABLE 0 /* checked by callee */ +# define S390X_aes_192_ctr_CAPABLE 0 +# define S390X_aes_256_ctr_CAPABLE 0 # define S390X_AES_CTR_CTX EVP_AES_KEY # define s390x_aes_ctr_init_key aes_init_key @@ -1563,8 +1567,7 @@ static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in, /*- * Initialize context structure. Code is big-endian. */ -static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx, - const unsigned char *iv) +static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx) { ctx->kma.param.t.g[0] = 0; ctx->kma.param.t.g[1] = 0; @@ -1575,12 +1578,11 @@ static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx, ctx->kreslen = 0; if (ctx->ivlen == 12) { - memcpy(&ctx->kma.param.j0, iv, ctx->ivlen); + memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen); ctx->kma.param.j0.w[3] = 1; ctx->kma.param.cv.w = 1; } else { /* ctx->iv has the right size and is already padded. */ - memcpy(ctx->iv, iv, ctx->ivlen); s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL, ctx->fc, &ctx->kma.param); ctx->fc |= S390X_KMA_HS; @@ -1694,7 +1696,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) if (gctx->iv_gen == 0 || gctx->key_set == 0) return 0; - s390x_aes_gcm_setiv(gctx, gctx->iv); + s390x_aes_gcm_setiv(gctx); if (arg <= 0 || arg > gctx->ivlen) arg = gctx->ivlen; @@ -1714,7 +1716,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); - s390x_aes_gcm_setiv(gctx, gctx->iv); + s390x_aes_gcm_setiv(gctx); gctx->iv_set = 1; return 1; @@ -1770,43 +1772,36 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) } /*- - * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned. + * Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned. */ static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); - int keylen; + const int keylen = EVP_CIPHER_CTX_key_length(ctx); - if (iv == NULL && key == NULL) - return 1; + gctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT); if (key != NULL) { - keylen = EVP_CIPHER_CTX_key_length(ctx); + gctx->fc &= ~S390X_KMA_HS; memcpy(&gctx->kma.param.k, key, keylen); - - gctx->fc = S390X_AES_FC(keylen); - if (!enc) - gctx->fc |= S390X_DECRYPT; - - if (iv == NULL && gctx->iv_set) - iv = gctx->iv; - - if (iv != NULL) { - s390x_aes_gcm_setiv(gctx, iv); - gctx->iv_set = 1; - } gctx->key_set = 1; - } else { - if (gctx->key_set) - s390x_aes_gcm_setiv(gctx, iv); - else - memcpy(gctx->iv, iv, gctx->ivlen); + } - gctx->iv_set = 1; + if (iv != NULL) { + memcpy(gctx->iv, iv, gctx->ivlen); gctx->iv_gen = 0; + gctx->iv_set = 1; } + + if (gctx->key_set && gctx->iv_set) + s390x_aes_gcm_setiv(gctx); + + gctx->fc &= ~(S390X_KMA_LPC | S390X_KMA_LAAD); + gctx->areslen = 0; + gctx->mreslen = 0; + gctx->kreslen = 0; return 1; } @@ -1895,7 +1890,6 @@ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* recall that we already did en-/decrypt gctx->mres * and returned it to caller... */ OPENSSL_cleanse(tmp, gctx->mreslen); - gctx->iv_set = 0; enc = EVP_CIPHER_CTX_encrypting(ctx); if (enc) { @@ -1929,8 +1923,8 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c) } # define S390X_AES_XTS_CTX EVP_AES_XTS_CTX -# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ -# define S390X_aes_256_xts_CAPABLE 1 +# define S390X_aes_128_xts_CAPABLE 0 /* checked by callee */ +# define S390X_aes_256_xts_CAPABLE 0 # define s390x_aes_xts_init_key aes_xts_init_key static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, @@ -2134,9 +2128,10 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); - unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx); + const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx); unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); const int enc = EVP_CIPHER_CTX_encrypting(ctx); + unsigned char iv[EVP_MAX_IV_LENGTH]; if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) @@ -2152,8 +2147,9 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * Get explicit iv (sequence number). We already have fixed iv * (server/client_write_iv) here. */ - memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); - s390x_aes_ccm_setiv(cctx, ivec, len); + memcpy(iv, ivec, sizeof(iv)); + memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); + s390x_aes_ccm_setiv(cctx, iv, len); /* Process aad (sequence number|type|version|length) */ s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len); @@ -2180,42 +2176,35 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } /*- - * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is - * returned. + * Set key or iv or enc/dec. Returns 1 if successful. + * Otherwise 0 is returned. */ static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); - unsigned char *ivec; - int keylen; + const int keylen = EVP_CIPHER_CTX_key_length(ctx); + unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx); - if (iv == NULL && key == NULL) - return 1; + cctx->aes.ccm.fc = S390X_AES_FC(keylen); if (key != NULL) { - keylen = EVP_CIPHER_CTX_key_length(ctx); - cctx->aes.ccm.fc = S390X_AES_FC(keylen); memcpy(cctx->aes.ccm.kmac_param.k, key, keylen); - - /* Store encoded m and l. */ - cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) - | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; - memset(cctx->aes.ccm.nonce.b + 1, 0, - sizeof(cctx->aes.ccm.nonce.b)); - cctx->aes.ccm.blocks = 0; - cctx->aes.ccm.key_set = 1; } - if (iv != NULL) { - ivec = EVP_CIPHER_CTX_iv_noconst(ctx); memcpy(ivec, iv, 15 - cctx->aes.ccm.l); - cctx->aes.ccm.iv_set = 1; } + /* Store encoded m and l. */ + cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) + | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; + memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1); + + cctx->aes.ccm.blocks = 0; + cctx->aes.ccm.len_set = 0; return 1; } @@ -2230,8 +2219,9 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); const int enc = EVP_CIPHER_CTX_encrypting(ctx); + const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx); + unsigned char *buf; int rv; - unsigned char *buf, *ivec; if (!cctx->aes.ccm.key_set) return -1; @@ -2253,7 +2243,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (out == NULL) { /* Update(): Pass message length. */ if (in == NULL) { - ivec = EVP_CIPHER_CTX_iv_noconst(ctx); s390x_aes_ccm_setiv(cctx, ivec, len); cctx->aes.ccm.len_set = 1; @@ -2279,7 +2268,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, * In case message length was not previously set explicitly via * Update(), set it now. */ - ivec = EVP_CIPHER_CTX_iv_noconst(ctx); s390x_aes_ccm_setiv(cctx, ivec, len); cctx->aes.ccm.len_set = 1; @@ -2304,9 +2292,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (rv == -1) OPENSSL_cleanse(out, len); - cctx->aes.ccm.iv_set = 0; - cctx->aes.ccm.tag_set = 0; - cctx->aes.ccm.len_set = 0; return rv; } } @@ -2414,9 +2399,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); - cctx->aes.ccm.tag_set = 0; - cctx->aes.ccm.iv_set = 0; - cctx->aes.ccm.len_set = 0; return 1; case EVP_CTRL_COPY: @@ -2453,7 +2435,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize, \ keylen / 8, \ ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ + flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \ s390x_aes_##mode##_init_key, \ s390x_aes_##mode##_cipher, \ NULL, \ @@ -2490,7 +2472,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ blocksize, \ (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \ ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ + flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \ s390x_aes_##mode##_init_key, \ s390x_aes_##mode##_cipher, \ s390x_aes_##mode##_cleanup, \ diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index f7ee73e6e2..754b2d1bf1 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -320,6 +320,96 @@ static const unsigned char pExampleECParamDER[] = { }; #endif +static const unsigned char kCFBDefaultKey[] = { + 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, + 0x09, 0xCF, 0x4F, 0x3C +}; + +static const unsigned char kGCMDefaultKey[32] = { 0 }; + +static const unsigned char kGCMResetKey[] = { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, + 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 +}; + +static const unsigned char iCFBIV[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, + 0x0C, 0x0D, 0x0E, 0x0F +}; + +static const unsigned char iGCMDefaultIV[12] = { 0 }; + +static const unsigned char iGCMResetIV1[] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad +}; + +static const unsigned char iGCMResetIV2[] = { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 +}; + +static const unsigned char cfbPlaintext[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, + 0x73, 0x93, 0x17, 0x2A +}; + +static const unsigned char gcmDefaultPlaintext[16] = { 0 }; + +static const unsigned char gcmResetPlaintext[] = { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, + 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, + 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 +}; + +static const unsigned char cfbCiphertext[] = { + 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, + 0xE8, 0x3C, 0xFB, 0x4A +}; + +static const unsigned char gcmDefaultCiphertext[] = { + 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, + 0xba, 0xf3, 0x9d, 0x18 +}; + +static const unsigned char gcmResetCiphertext1[] = { + 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, + 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, + 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, + 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, + 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f +}; + +static const unsigned char gcmResetCiphertext2[] = { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, + 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, + 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 +}; + +static const unsigned char gcmAAD[] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 +}; + +static const unsigned char gcmDefaultTag[] = { + 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, + 0xd4, 0x8a, 0xb9, 0x19 +}; + +static const unsigned char gcmResetTag1[] = { + 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, + 0xfe, 0x2e, 0xa8, 0xf2 +}; + +static const unsigned char gcmResetTag2[] = { + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, + 0xbb, 0x2d, 0x55, 0x1b +}; + + typedef struct APK_DATA_st { const unsigned char *kder; size_t size; @@ -330,6 +420,385 @@ typedef struct APK_DATA_st { int type; /* 0 for private, 1 for public, 2 for params */ } APK_DATA; +typedef struct { + const char *cipher; + const unsigned char *key; + const unsigned char *iv; + const unsigned char *input; + const unsigned char *expected; + const unsigned char *tag; + size_t ivlen; /* 0 if we do not need to set a specific IV len */ + size_t inlen; + size_t expectedlen; + size_t taglen; + int keyfirst; + int initenc; + int finalenc; +} EVP_INIT_TEST_st; + +static const EVP_INIT_TEST_st evp_init_tests[] = { + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, + cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), + 0, 1, 0, 1 + }, + { + "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, + gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), + sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), + sizeof(gcmDefaultTag), 1, 0, 1 + }, + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, + cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), + 0, 0, 0, 1 + }, + { + "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, + gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), + sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), + sizeof(gcmDefaultTag), 0, 0, 1 + }, + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, + cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), + 0, 1, 1, 0 + }, + { + "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, + gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), + sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), + sizeof(gcmDefaultTag), 1, 1, 0 + }, + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, + cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), + 0, 0, 1, 0 + }, + { + "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, + gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), + sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), + sizeof(gcmDefaultTag), 0, 1, 0 + } +}; + +static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) +{ + int res = 0; + + if (t->ivlen != 0) { + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL))) + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) + goto err; + res = 1; + err: + return res; +} + +/* + * Test step-wise cipher initialization via EVP_CipherInit_ex where the + * arguments are given one at a time and a final adjustment to the enc + * parameter sets the correct operation. + */ +static int test_evp_init_seq(int idx) +{ + int outlen1, outlen2; + int testresult = 0; + unsigned char outbuf[1024]; + unsigned char tag[16]; + const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *type = NULL; + size_t taglen = sizeof(tag); + char *errmsg = NULL; + + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + errmsg = "CTX_ALLOC"; + goto err; + } + if (!TEST_ptr(type = EVP_get_cipherbyname(t->cipher))) { + errmsg = "GET_CIPHERBYNAME"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { + errmsg = "EMPTY_ENC_INIT"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { + errmsg = "PADDING"; + goto err; + } + if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { + errmsg = "KEY_INIT (before iv)"; + goto err; + } + if (!evp_init_seq_set_iv(ctx, t)) { + errmsg = "IV_INIT"; + goto err; + } + if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { + errmsg = "KEY_INIT (after iv)"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { + errmsg = "FINAL_ENC_INIT"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { + errmsg = "CIPHER_UPDATE"; + goto err; + } + if (t->finalenc == 0 && t->tag != NULL) { + /* Set expected tag */ + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + t->taglen, (void *)t->tag))) { + errmsg = "SET_TAG"; + goto err; + } + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL"; + goto err; + } + if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT"; + goto err; + } + if (t->finalenc != 0 && t->tag != NULL) { + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + errmsg = "GET_TAG"; + goto err; + } + if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { + errmsg = "TAG_ERROR"; + goto err; + } + } + testresult = 1; + err: + if (errmsg != NULL) + TEST_info("evp_init_test %d: %s", idx, errmsg); + EVP_CIPHER_CTX_free(ctx); + return testresult; +} + +typedef struct { + const unsigned char *input; + const unsigned char *expected; + size_t inlen; + size_t expectedlen; + int enc; +} EVP_RESET_TEST_st; + +static const EVP_RESET_TEST_st evp_reset_tests[] = { + { + cfbPlaintext, cfbCiphertext, + sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 + }, + { + cfbCiphertext, cfbPlaintext, + sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 + } +}; + +/* + * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already + * been used. + */ +static int test_evp_reset(int idx) +{ + const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; + int outlen1, outlen2; + int testresult = 0; + unsigned char outbuf[1024]; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *type = NULL; + char *errmsg = NULL; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { + errmsg = "CTX_ALLOC"; + goto err; + } + if (!TEST_ptr(type = EVP_get_cipherbyname("aes-128-cfb"))) { + errmsg = "GET_CIPHERBYNAME"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { + errmsg = "CIPHER_INIT"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { + errmsg = "PADDING"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { + errmsg = "CIPHER_UPDATE"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL"; + goto err; + } + if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { + errmsg = "CIPHER_REINIT"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { + errmsg = "CIPHER_UPDATE (reinit)"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL (reinit)"; + goto err; + } + if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT (reinit)"; + goto err; + } + testresult = 1; + err: + if (errmsg != NULL) + TEST_info("test_evp_reset %d: %s", idx, errmsg); + EVP_CIPHER_CTX_free(ctx); + return testresult; +} + +typedef struct { + const unsigned char *iv1; + const unsigned char *iv2; + const unsigned char *expected1; + const unsigned char *expected2; + const unsigned char *tag1; + const unsigned char *tag2; + size_t ivlen1; + size_t ivlen2; + size_t expectedlen1; + size_t expectedlen2; +} TEST_GCM_IV_REINIT_st; + +static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { + { + iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, + gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), + sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) + }, + { + iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, + gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), + sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) + } +}; + +static int test_gcm_reinit(int idx) +{ + int outlen1, outlen2, outlen3; + int testresult = 0; + unsigned char outbuf[1024]; + unsigned char tag[16]; + const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *type = NULL; + size_t taglen = sizeof(tag); + char *errmsg = NULL; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { + errmsg = "CTX_ALLOC"; + goto err; + } + if (!TEST_ptr(type = EVP_get_cipherbyname("aes-256-gcm"))) { + errmsg = "GET_CIPHERBYNAME"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { + errmsg = "ENC_INIT"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) { + errmsg = "SET_IVLEN1"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { + errmsg = "SET_IV1"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { + errmsg = "AAD1"; + goto err; + } + EVP_CIPHER_CTX_set_padding(ctx, 0); + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, + sizeof(gcmResetPlaintext)))) { + errmsg = "CIPHER_UPDATE1"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL1"; + goto err; + } + if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT1"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + errmsg = "GET_TAG1"; + goto err; + } + if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { + errmsg = "TAG_ERROR1"; + goto err; + } + /* Now reinit */ + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) { + errmsg = "SET_IVLEN2"; + goto err; + } + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { + errmsg = "SET_IV2"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { + errmsg = "AAD2"; + goto err; + } + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, + sizeof(gcmResetPlaintext)))) { + errmsg = "CIPHER_UPDATE2"; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { + errmsg = "CIPHER_FINAL2"; + goto err; + } + if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { + errmsg = "WRONG_RESULT2"; + goto err; + } + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { + errmsg = "GET_TAG2"; + goto err; + } + if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { + errmsg = "TAG_ERROR2"; + goto err; + } + testresult = 1; + err: + if (errmsg != NULL) + TEST_info("evp_init_test %d: %s", idx, errmsg); + EVP_CIPHER_CTX_free(ctx); + return testresult; +} + + + static APK_DATA keydata[] = { {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, @@ -1218,5 +1687,9 @@ int setup_tests(void) ADD_TEST(test_EVP_PKEY_set1_DH); #endif + ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); + ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); + ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); + return 1; } From tomas at openssl.org Thu Jun 10 09:56:41 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 10 Jun 2021 09:56:41 +0000 Subject: [openssl] master update Message-ID: <1623319001.987954.11908.nullmailer@dev.openssl.org> The branch master has been updated via 20e80ad1bc7e432f85e696d7272cbac3c69b5633 (commit) from 726f92e016bac53175ed5d5321bce1ddf6b207d6 (commit) - Log ----------------------------------------------------------------- commit 20e80ad1bc7e432f85e696d7272cbac3c69b5633 Author: Tomas Mraz Date: Tue Jun 8 18:25:09 2021 +0200 store: Avoid spurious error from decoding at EOF Fixes #15596 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15661) ----------------------------------------------------------------------- Summary of changes: providers/implementations/storemgmt/file_store.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c index 04021f49c2..d9c465581e 100644 --- a/providers/implementations/storemgmt/file_store.c +++ b/providers/implementations/storemgmt/file_store.c @@ -518,6 +518,7 @@ static int file_load_file(struct file_ctx_st *ctx, OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) { struct file_load_data_st data; + int ret, err; /* Setup the decoders (one time shot per session */ @@ -533,7 +534,16 @@ static int file_load_file(struct file_ctx_st *ctx, /* Launch */ - return OSSL_DECODER_from_bio(ctx->_.file.decoderctx, ctx->_.file.file); + ERR_set_mark(); + ret = OSSL_DECODER_from_bio(ctx->_.file.decoderctx, ctx->_.file.file); + if (BIO_eof(ctx->_.file.file) + && ((err = ERR_peek_last_error()) != 0) + && ERR_GET_LIB(err) == ERR_LIB_OSSL_DECODER + && ERR_GET_REASON(err) == ERR_R_UNSUPPORTED) + ERR_pop_to_mark(); + else + ERR_clear_last_mark(); + return ret; } /*- From no-reply at appveyor.com Thu Jun 10 10:00:42 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 10:00:42 +0000 Subject: Build failed: openssl master.42283 Message-ID: <20210610100042.1.6E19E1CF879F72D4@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jun 10 10:46:04 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 10:46:04 +0000 Subject: Build failed: openssl master.42284 Message-ID: <20210610104604.1.F118D99C1C5048C3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jun 10 11:30:16 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 11:30:16 +0000 Subject: Build failed: openssl master.42285 Message-ID: <20210610113016.1.2992D515BB498FE7@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Jun 10 12:10:53 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 10 Jun 2021 12:10:53 +0000 Subject: [openssl] master update Message-ID: <1623327053.245537.9629.nullmailer@dev.openssl.org> The branch master has been updated via 586820831afdd01954d82cb068e252cb1772081c (commit) from 20e80ad1bc7e432f85e696d7272cbac3c69b5633 (commit) - Log ----------------------------------------------------------------- commit 586820831afdd01954d82cb068e252cb1772081c Author: Petr Gotthard Date: Tue Jun 8 19:57:48 2021 +0200 doc: fix OSSL_PARAM_BLD pointers in the example Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15663) ----------------------------------------------------------------------- Summary of changes: doc/man3/OSSL_PARAM_BLD.pod | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/doc/man3/OSSL_PARAM_BLD.pod b/doc/man3/OSSL_PARAM_BLD.pod index 9190e81c01..fdc9ec3081 100644 --- a/doc/man3/OSSL_PARAM_BLD.pod +++ b/doc/man3/OSSL_PARAM_BLD.pod @@ -138,15 +138,15 @@ This example shows how to create an OSSL_PARAM array that contains an RSA private key. OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); - OSSL_PARAM *params; + OSSL_PARAM *params = NULL; if (bld == NULL - || !OSSL_PARAM_BLD_push_BN(&bld, "p", p) - || !OSSL_PARAM_BLD_push_BN(&bld, "q", q) - || !OSSL_PARAM_BLD_push_uint(&bld, "e", e) - || !OSSL_PARAM_BLD_push_BN(&bld, "n", n) - || !OSSL_PARAM_BLD_push_BN(&bld, "d", d) - || (params = OSSL_PARAM_BLD_to_param(&bld)) == NULL) + || !OSSL_PARAM_BLD_push_BN(bld, "p", p) + || !OSSL_PARAM_BLD_push_BN(bld, "q", q) + || !OSSL_PARAM_BLD_push_uint(bld, "e", e) + || !OSSL_PARAM_BLD_push_BN(bld, "n", n) + || !OSSL_PARAM_BLD_push_BN(bld, "d", d) + || (params = OSSL_PARAM_BLD_to_param(bld)) == NULL) goto err; OSSL_PARAM_BLD_free(bld); /* Use params */ @@ -159,7 +159,7 @@ This example shows how to create an OSSL_PARAM array that contains an RSA public key. OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); - OSSL_PARAM *params; + OSSL_PARAM *params = NULL; if (nld == NULL || !OSSL_PARAM_BLD_push_BN(bld, "n", n) From no-reply at appveyor.com Thu Jun 10 12:47:57 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 12:47:57 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.42286 Message-ID: <20210610124757.1.588B9D989ACC80EA@appveyor.com> An HTML attachment was scrubbed... URL: From tomas at openssl.org Thu Jun 10 13:24:24 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 10 Jun 2021 13:24:24 +0000 Subject: [openssl] master update Message-ID: <1623331464.335424.18495.nullmailer@dev.openssl.org> The branch master has been updated via bedda72ff771a41c317daa7bdb7cbe14608fbc03 (commit) from 586820831afdd01954d82cb068e252cb1772081c (commit) - Log ----------------------------------------------------------------- commit bedda72ff771a41c317daa7bdb7cbe14608fbc03 Author: Richard Levitte Date: Thu Jun 10 13:00:54 2021 +0200 OpenSSL::Test: Treat SRCDATA directory specially, as it might not exist Not all tests come with a SRCDATA directory. if it doesn't exist, we simply drop it from the internal table of directories. OpenSSL::Test::srcdata_dir() and OpenSSL::Test::srcdata_file() may return undef in that case. However, recipes shouldn't try to refer to a non-existing data directory, so if that happens, it's a programming error and must be corrected. Fixes #15679 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15700) ----------------------------------------------------------------------- Summary of changes: util/perl/OpenSSL/Test.pm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index ee6962931b..00db3d41c8 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -995,6 +995,10 @@ sub __env { rmtree($directories{RESULTS}, { safe => 0, keep_root => 1 }); mkpath($directories{RESULTS}); + # All directories are assumed to exist, except for SRCDATA. If that one + # doesn't exist, just drop it. + delete $directories{SRCDATA} unless -d $directories{SRCDATA}; + push @direnv, "TOP" if $ENV{TOP}; push @direnv, "SRCTOP" if $ENV{SRCTOP}; push @direnv, "BLDTOP" if $ENV{BLDTOP}; @@ -1094,6 +1098,8 @@ sub __fuzz_file { sub __data_file { BAIL_OUT("Must run setup() first") if (! $test_name); + return undef unless exists $directories{SRCDATA}; + my $f = pop; return catfile($directories{SRCDATA}, at _,$f); } @@ -1101,6 +1107,8 @@ sub __data_file { sub __data_dir { BAIL_OUT("Must run setup() first") if (! $test_name); + return undef unless exists $directories{SRCDATA}; + return catdir($directories{SRCDATA}, at _); } @@ -1200,7 +1208,8 @@ sub __cwd { print STDERR "\n"; print STDERR " \$directories{BLDTEST} = \"$directories{BLDTEST}\"\n"; print STDERR " \$directories{SRCTEST} = \"$directories{SRCTEST}\"\n"; - print STDERR " \$directories{SRCDATA} = \"$directories{SRCDATA}\"\n"; + print STDERR " \$directories{SRCDATA} = \"$directories{SRCDATA}\"\n" + if exists $directories{SRCDATA}; print STDERR " \$directories{RESULTS} = \"$directories{RESULTS}\"\n"; print STDERR " \$directories{BLDAPPS} = \"$directories{BLDAPPS}\"\n"; print STDERR " \$directories{SRCAPPS} = \"$directories{SRCAPPS}\"\n"; From no-reply at appveyor.com Thu Jun 10 13:35:32 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 13:35:32 +0000 Subject: Build failed: openssl master.42287 Message-ID: <20210610133532.1.596A51A3554340F0@appveyor.com> An HTML attachment was scrubbed... URL: From tomas at openssl.org Thu Jun 10 15:58:46 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Thu, 10 Jun 2021 15:58:46 +0000 Subject: [openssl] master update Message-ID: <1623340726.298309.14822.nullmailer@dev.openssl.org> The branch master has been updated via ef0449135c4e4e7f04bbeafbd76ce7b5c0518088 (commit) from bedda72ff771a41c317daa7bdb7cbe14608fbc03 (commit) - Log ----------------------------------------------------------------- commit ef0449135c4e4e7f04bbeafbd76ce7b5c0518088 Author: Shane Lontis Date: Wed Jun 9 17:34:55 2021 +1000 Fix s_server app to not report an error when using a non DH certificate. Fixes #15071 It always tries loading the cert as DH which previously did not produce an error. The errors are not suppressed for these operations. The output now matches previous versions of OpenSSL. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15670) ----------------------------------------------------------------------- Summary of changes: apps/include/apps.h | 3 +++ apps/lib/apps.c | 76 +++++++++++++++++++++++++++++++++++++++-------------- apps/s_server.c | 10 ++++--- 3 files changed, 66 insertions(+), 23 deletions(-) diff --git a/apps/include/apps.h b/apps/include/apps.h index 47a5f7f6f4..c9f77f6067 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -121,6 +121,9 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *desc); EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, const char *keytype, const char *desc); +EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, + const char *keytype, const char *desc, + int suppress_decode_errors); char *next_item(char *opt); /* in list separated by comma and/or space */ int load_cert_certs(const char *uri, X509 **pcert, STACK_OF(X509) **pcerts, diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 8604c75251..9aae725fc6 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -75,6 +75,14 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); +static +int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, + const char *pass, const char *desc, + EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, + X509 **pcert, STACK_OF(X509) **pcerts, + X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls, + int suppress_decode_errors); int app_init(long mesgwin); @@ -605,27 +613,37 @@ EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, return pkey; } -EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc) +EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, + const char *keytype, const char *desc, + int suppress_decode_errors) { EVP_PKEY *params = NULL; if (desc == NULL) desc = "key parameters"; - (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc, - NULL, NULL, ¶ms, NULL, NULL, NULL, NULL); + (void)load_key_certs_crls_suppress(uri, format, maybe_stdin, NULL, desc, + NULL, NULL, ¶ms, NULL, NULL, NULL, + NULL, suppress_decode_errors); if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) { - BIO_printf(bio_err, - "Unable to load %s from %s (unexpected parameters type)\n", - desc, uri); - ERR_print_errors(bio_err); + if (!suppress_decode_errors) { + BIO_printf(bio_err, + "Unable to load %s from %s (unexpected parameters type)\n", + desc, uri); + ERR_print_errors(bio_err); + } EVP_PKEY_free(params); params = NULL; } return params; } +EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, + const char *keytype, const char *desc) +{ + return load_keyparams_suppress(uri, format, maybe_stdin, keytype, desc, 0); +} + void app_bail_out(char *fmt, ...) { va_list args; @@ -866,12 +884,14 @@ static const char *format2string(int format) * In any case (also on error) the caller is responsible for freeing all members * of *pcerts and *pcrls (as far as they are not NULL). */ -int load_key_certs_crls(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls) +static +int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, + const char *pass, const char *desc, + EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, + X509 **pcert, STACK_OF(X509) **pcerts, + X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls, + int suppress_decode_errors) { PW_CB_DATA uidata; OSSL_STORE_CTX *ctx = NULL; @@ -890,6 +910,9 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, OSSL_PARAM itp[2]; const OSSL_PARAM *params = NULL; + if (suppress_decode_errors) + ERR_set_mark(); + if (ppkey != NULL) { *ppkey = NULL; cnt_expectations++; @@ -1074,12 +1097,14 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, any = 1; failed = "CRL"; } - if (failed != NULL) - BIO_printf(bio_err, "Could not read"); - if (any) - BIO_printf(bio_err, " any"); + if (!suppress_decode_errors) { + if (failed != NULL) + BIO_printf(bio_err, "Could not read"); + if (any) + BIO_printf(bio_err, " any"); + } } - if (failed != NULL) { + if (!suppress_decode_errors && failed != NULL) { if (desc != NULL && strstr(desc, failed) != NULL) { BIO_printf(bio_err, " %s", desc); } else { @@ -1092,9 +1117,22 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, BIO_printf(bio_err, "\n"); ERR_print_errors(bio_err); } + if (suppress_decode_errors) + ERR_pop_to_mark(); return failed == NULL; } +int load_key_certs_crls(const char *uri, int format, int maybe_stdin, + const char *pass, const char *desc, + EVP_PKEY **ppkey, EVP_PKEY **ppubkey, + EVP_PKEY **pparams, + X509 **pcert, STACK_OF(X509) **pcerts, + X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls) +{ + return load_key_certs_crls_suppress(uri, format, maybe_stdin, pass, desc, + ppkey, ppubkey, pparams, pcert, pcerts, + pcrl, pcrls, 0); +} #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) /* Return error for unknown extensions */ diff --git a/apps/s_server.c b/apps/s_server.c index 644fe1a905..009ac5a1eb 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2003,7 +2003,8 @@ int s_server_main(int argc, char *argv[]) if (dhfile != NULL) dhpkey = load_keyparams(dhfile, FORMAT_UNDEF, 0, "DH", "DH parameters"); else if (s_cert_file != NULL) - dhpkey = load_keyparams(s_cert_file, FORMAT_UNDEF, 0, "DH", "DH parameters"); + dhpkey = load_keyparams_suppress(s_cert_file, FORMAT_UNDEF, 0, "DH", + "DH parameters", 1); if (dhpkey != NULL) { BIO_printf(bio_s_out, "Setting temp DH parameters\n"); @@ -2035,9 +2036,10 @@ int s_server_main(int argc, char *argv[]) if (ctx2 != NULL) { if (dhfile != NULL) { - EVP_PKEY *dhpkey2 = load_keyparams(s_cert_file2, FORMAT_UNDEF, - 0, "DH", - "DH parameters"); + EVP_PKEY *dhpkey2 = load_keyparams_suppress(s_cert_file2, + FORMAT_UNDEF, + 0, "DH", + "DH parameters", 1); if (dhpkey2 != NULL) { BIO_printf(bio_s_out, "Setting temp DH parameters\n"); From levitte at openssl.org Thu Jun 10 15:59:58 2021 From: levitte at openssl.org (Richard Levitte) Date: Thu, 10 Jun 2021 15:59:58 +0000 Subject: [openssl] master update Message-ID: <1623340798.176799.16108.nullmailer@dev.openssl.org> The branch master has been updated via 7afef721ff93018a66f8e2e6b9e1ce3d48321bdf (commit) from ef0449135c4e4e7f04bbeafbd76ce7b5c0518088 (commit) - Log ----------------------------------------------------------------- commit 7afef721ff93018a66f8e2e6b9e1ce3d48321bdf Author: Richard Levitte Date: Thu Jun 10 16:43:27 2021 +0200 OpenSSL::Test: If __cwd() is to create the directory, do it early This is to ensure that abs_path() has an existing directory to look at. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15701) ----------------------------------------------------------------------- Summary of changes: util/perl/OpenSSL/Test.pm | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index 00db3d41c8..00aa4d841e 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -1124,6 +1124,14 @@ sub __data_dir { sub __cwd { my $dir = catdir(shift); my %opts = @_; + + # If the directory is to be created, we must do that before using + # abs_path(). + $dir = canonpath($dir); + if ($opts{create}) { + mkpath($dir); + } + my $abscurdir = abs_path(curdir()); my $absdir = abs_path($dir); my $reverse = abs2rel($abscurdir, $absdir); @@ -1143,11 +1151,6 @@ sub __cwd { # In this case, we won't even clean it out, for safety's sake. return "." if $reverse eq ""; - $dir = canonpath($dir); - if ($opts{create}) { - mkpath($dir); - } - # We are recalculating the directories we keep track of, but need to save # away the result for after having moved into the new directory. my %tmp_directories = (); @@ -1160,11 +1163,10 @@ sub __cwd { foreach (@dirtags) { if (!file_name_is_absolute($directories{$_})) { my $oldpath = abs_path($directories{$_}); - my $newbase = abs_path($dir); - my $newpath = abs2rel($oldpath, $newbase); + my $newpath = abs2rel($oldpath, $absdir); if ($debug) { print STDERR "DEBUG: [dir $_] old path: $oldpath\n"; - print STDERR "DEBUG: [dir $_] new base: $newbase\n"; + print STDERR "DEBUG: [dir $_] new base: $absdir\n"; print STDERR "DEBUG: [dir $_] resulting new path: $newpath\n"; } $tmp_directories{$_} = $newpath; @@ -1177,11 +1179,10 @@ sub __cwd { foreach (@direnv) { if (!file_name_is_absolute($ENV{$_})) { my $oldpath = abs_path($ENV{$_}); - my $newbase = abs_path($dir); - my $newpath = abs2rel($oldpath, $newbase); + my $newpath = abs2rel($oldpath, $absdir); if ($debug) { print STDERR "DEBUG: [env $_] old path: $oldpath\n"; - print STDERR "DEBUG: [env $_] new base: $newbase\n"; + print STDERR "DEBUG: [env $_] new base: $absdir\n"; print STDERR "DEBUG: [env $_] resulting new path: $newpath\n"; } $tmp_ENV{$_} = $newpath; From no-reply at appveyor.com Thu Jun 10 17:20:03 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 17:20:03 +0000 Subject: Build failed: openssl master.42289 Message-ID: <20210610172003.1.13A6972C67D226ED@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jun 10 20:32:01 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 20:32:01 +0000 Subject: Build failed: openssl master.42290 Message-ID: <20210610203201.1.40E66C30AD025289@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 10 22:11:16 2021 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 10 Jun 2021 22:11:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options --strict-warnings Message-ID: <1623363076.076761.251756.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 5.4.0-72-generic #80-Ubuntu SMP Mon Apr 12 17:35:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config --strict-warnings Commit log since last time: 7afef721ff OpenSSL::Test: If __cwd() is to create the directory, do it early ef0449135c Fix s_server app to not report an error when using a non DH certificate. bedda72ff7 OpenSSL::Test: Treat SRCDATA directory specially, as it might not exist 586820831a doc: fix OSSL_PARAM_BLD pointers in the example 20e80ad1bc store: Avoid spurious error from decoding at EOF 726f92e016 Enable ssl-trace by default 25959e04c3 Optimize session cache flushing de5a0198b2 Fix use after free in OSSL_HTTP_REQ_CTX_set1_req() 5a9dbfc58a err: clear flags better when clearing errors. 5ac6d7d21b APPS: Restore the possibility to combine -pubout with -text b6298a7f8d util: convert SHA* one shots back to being functions 1dc8eb5be0 changes: fix woring that mentions SHA* one shot functions are deprecated 807bb42554 sha: convert SHA one shot macros back to being functions Build log ended with (last 100 lines): # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80A194082A7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80A194082A7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623362885 not ok 3 - iteration 3 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80A194082A7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80A194082A7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623362885 not ok 4 - iteration 4 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80A194082A7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80A194082A7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623362885 not ok 5 - iteration 5 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80A194082A7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80A194082A7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623362885 not ok 6 - iteration 6 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80A194082A7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80A194082A7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623362885 not ok 7 - iteration 7 # ------------------------------------------------------------------------------ # ERROR: (int) 'SSL_CTX_use_certificate_file(serverctx, certfile, SSL_FILETYPE_PEM) == 1' failed @ ../openssl/test/helpers/ssltestlib.c:741 # [0] compared to [1] # ERROR: (bool) 'create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, &sctx, &cctx, ciphers[idx].certnum == 0 ? cert1 : cert2, ciphers[idx].certnum == 0 ? privkey1 : privkey2) == true' failed @ ../openssl/test/gosttest.c:57 # false # 80A194082A7F0000:error:03000072:digital envelope routines:X509_PUBKEY_get0:decode error:../openssl/crypto/x509/x_pubkey.c:424: # 80A194082A7F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../openssl/ssl/ssl_rsa.c:221: # OPENSSL_TEST_RAND_ORDER=1623362885 not ok 8 - iteration 8 # ------------------------------------------------------------------------------ # OPENSSL_TEST_RAND_ORDER=1623362885 not ok 1 - test_tls13 # ------------------------------------------------------------------------------ ../../util/wrap.pl ../../test/gosttest ../../../openssl/test/recipes/90-test_gost_data/server-cert2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2001.pem ../../../openssl/test/recipes/90-test_gost_data/server-cert2012.pem ../../../openssl/test/recipes/90-test_gost_data/server-key2012.pem => 1 not ok 1 - running gosttest # ------------------------------------------------------------------------------ # Failed test 'running gosttest' # at ../openssl/test/recipes/90-test_gost.t line 39. # Looks like you failed 1 test of 1.90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests 90-test_ige.t ...................... ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_includes.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslbuffers.t ............... ok # Killing mock server with pid=24284080-test_cmp_http.t ................. ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 91-test_pkey_check.t ............... ok 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 80-test_ssl_old.t .................. ok 90-test_store.t .................... ok 90-test_sslapi.t ................... ok Test Summary Report ------------------- 90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=236, Tests=3237, 194 wallclock secs (12.72 usr 1.32 sys + 622.59 cusr 55.76 csys = 692.39 CPU) Result: FAIL make[1]: *** [Makefile:3243: run_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/default' make: *** [Makefile:3239: tests] Error 2 From pauli at openssl.org Thu Jun 10 22:53:10 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 10 Jun 2021 22:53:10 +0000 Subject: [openssl] master update Message-ID: <1623365590.260748.14838.nullmailer@dev.openssl.org> The branch master has been updated via b19fcc66d382357617744690dc3363947de2cb6f (commit) via d475a9efcfb98fe2d207dbc56bed931ee35b74a6 (commit) via 6cf811e8678b23d03621c94a562181eb73ccc2e0 (commit) from 7afef721ff93018a66f8e2e6b9e1ce3d48321bdf (commit) - Log ----------------------------------------------------------------- commit b19fcc66d382357617744690dc3363947de2cb6f Author: Tomas Mraz Date: Wed Jun 9 17:04:12 2021 +0200 Document that provider name can be a full path Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15680) commit d475a9efcfb98fe2d207dbc56bed931ee35b74a6 Author: Tomas Mraz Date: Wed Jun 9 16:42:35 2021 +0200 dl_name_converter: Avoid unnecessary overallocation Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15680) commit 6cf811e8678b23d03621c94a562181eb73ccc2e0 Author: Tomas Mraz Date: Wed Jun 9 16:27:05 2021 +0200 ossl_provider_set_module_path: Prevent potential UAF Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15680) ----------------------------------------------------------------------- Summary of changes: crypto/dso/dso_dl.c | 2 +- crypto/provider_core.c | 1 + doc/man1/openssl.pod | 7 ++++++- doc/man3/OSSL_PROVIDER.pod | 7 ++++++- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index e41648548e..8d440ab3e2 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -224,7 +224,7 @@ static char *dl_name_converter(DSO *dso, const char *filename) len = strlen(filename); rsize = len + 1; transform = (strstr(filename, "/") == NULL); - { + if (transform) { /* We will convert this to "%s.s?" or "lib%s.s?" */ rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 30fa44d789..c6a8fa3f26 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -483,6 +483,7 @@ void ossl_provider_free(OSSL_PROVIDER *prov) int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path) { OPENSSL_free(prov->path); + prov->path = NULL; if (module_path == NULL) return 1; if ((prov->path = OPENSSL_strdup(module_path)) != NULL) diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 3b47ae9729..b6f4029a67 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -651,7 +651,12 @@ the PKCS#11 URI as defined in RFC 7512 should be possible to use directly: =item B<-provider> I -Load and initialize the provider identified by I. +Load and initialize the provider identified by I. The I +can be also a path to the provider module. In that case the provider name +will be the specified path and not just the provider module name. +Interpretation of relative paths is platform specific. The configured +"MODULESDIR" path, B environment variable, or the path +specified by B<-provider-path> is prepended to relative paths. See L for a more detailed description. =item B<-provider-path> I diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index 2b014c4671..bc4cc1641e 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -81,7 +81,12 @@ OSSL_PROVIDER_load() loads and initializes a provider. This may simply initialize a provider that was previously added with OSSL_PROVIDER_add_builtin() and run its given initialization function, or load a provider module with the given name and run its provider -entry point, C. +entry point, C. The I can be a path +to a provider module, in that case the provider name as returned +by OSSL_PROVIDER_get0_name() will be the path. Interpretation +of relative paths is platform dependent and they are relative +to the configured "MODULESDIR" directory or the path set in +the environment variable OPENSSL_MODULES if set. OSSL_PROVIDER_try_load() functions like OSSL_PROVIDER_load(), except that it does not disable the fallback providers if the provider cannot be From no-reply at appveyor.com Thu Jun 10 23:44:57 2021 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 10 Jun 2021 23:44:57 +0000 Subject: Build failed: openssl master.42291 Message-ID: <20210610234457.1.33BA36130C9A940B@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jun 11 02:56:38 2021 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 11 Jun 2021 02:56:38 +0000 Subject: Build failed: openssl master.42292 Message-ID: <20210611025638.1.2558BCF8D9349BDD@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Fri Jun 11 07:09:57 2021 From: levitte at openssl.org (Richard Levitte) Date: Fri, 11 Jun 2021 07:09:57 +0000 Subject: [openssl] master update Message-ID: <1623395397.960807.24558.nullmailer@dev.openssl.org> The branch master has been updated via 6309b799e940d57fdeb55ba4416a571283beb116 (commit) from b19fcc66d382357617744690dc3363947de2cb6f (commit) - Log ----------------------------------------------------------------- commit 6309b799e940d57fdeb55ba4416a571283beb116 Author: Richard Levitte Date: Thu Jun 10 07:25:56 2021 +0200 STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functions The argument order was different on this one. Fixes #15688 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15689) ----------------------------------------------------------------------- Summary of changes: crypto/store/store_lib.c | 4 ++-- crypto/store/store_meth.c | 6 +++--- doc/man3/OSSL_STORE_LOADER.pod | 6 +++--- include/openssl/store.h | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index f7939ea0dd..c0d9dafbdf 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -122,7 +122,7 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, #endif if (loader == NULL && (fetched_loader = - OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) { + OSSL_STORE_LOADER_fetch(libctx, schemes[i], propq)) != NULL) { const OSSL_PROVIDER *provider = OSSL_STORE_LOADER_get0_provider(fetched_loader); void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); @@ -975,7 +975,7 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, #endif if (loader == NULL && (fetched_loader = - OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) { + OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) { const OSSL_PROVIDER *provider = OSSL_STORE_LOADER_get0_provider(fetched_loader); void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c index cf2d1c6bba..a48e40d8c8 100644 --- a/crypto/store/store_meth.c +++ b/crypto/store/store_meth.c @@ -251,7 +251,7 @@ static void *construct_loader(const OSSL_ALGORITHM *algodef, /* * Flag to indicate that there was actual construction errors. This - * helps inner_evp_generic_fetch() determine what error it should + * helps inner_loader_fetch() determine what error it should * record on inaccessible algorithms. */ if (method == NULL) @@ -355,8 +355,8 @@ static OSSL_STORE_LOADER *inner_loader_fetch(OSSL_LIB_CTX *libctx, return method; } -OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(const char *scheme, - OSSL_LIB_CTX *libctx, +OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx, + const char *scheme, const char *properties) { return inner_loader_fetch(libctx, 0, scheme, properties); diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 04fd318897..d150d24b49 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -33,8 +33,8 @@ unregister STORE loaders for different URI schemes typedef struct ossl_store_loader_st OSSL_STORE_LOADER; - OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(const char *scheme, - OSSL_LIB_CTX *libctx, + OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx, + const char *scheme, const char *properties); int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader); void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); @@ -119,7 +119,7 @@ storage schemes. OSSL_STORE_LOADER_fetch() looks for an implementation for a storage I within the providers that has been loaded into the B -given by I, and with the properties given by I. +given by I, and with the properties given by I. OSSL_STORE_LOADER_up_ref() increments the reference count for the given I. diff --git a/include/openssl/store.h b/include/openssl/store.h index c3e9beeff6..3c1445e0e6 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -253,8 +253,8 @@ int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search); typedef struct ossl_store_loader_st OSSL_STORE_LOADER; -OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(const char *scheme, - OSSL_LIB_CTX *libctx, +OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx, + const char *scheme, const char *properties); int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader); void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); From tomas at openssl.org Fri Jun 11 07:36:52 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 11 Jun 2021 07:36:52 +0000 Subject: [openssl] master update Message-ID: <1623397012.317784.3307.nullmailer@dev.openssl.org> The branch master has been updated via baa47ad3b13eea1152e3773b606964f7bd87a720 (commit) from 6309b799e940d57fdeb55ba4416a571283beb116 (commit) - Log ----------------------------------------------------------------- commit baa47ad3b13eea1152e3773b606964f7bd87a720 Author: Todd Short Date: Wed Jun 9 10:03:10 2021 -0400 Fix FIPS provider value in docs Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15676) ----------------------------------------------------------------------- Summary of changes: doc/man7/OSSL_PROVIDER-FIPS.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index af423e6224..b70d22749c 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -18,7 +18,7 @@ defined: =over 4 -=item "provider=default" +=item "provider=fips" =item "fips=yes" From levitte at openssl.org Fri Jun 11 07:49:26 2021 From: levitte at openssl.org (Richard Levitte) Date: Fri, 11 Jun 2021 07:49:26 +0000 Subject: [openssl] master update Message-ID: <1623397766.157371.7242.nullmailer@dev.openssl.org> The branch master has been updated via 814b5133e9aca90f1edb99c38a26e55cd7e50e19 (commit) from baa47ad3b13eea1152e3773b606964f7bd87a720 (commit) - Log ----------------------------------------------------------------- commit 814b5133e9aca90f1edb99c38a26e55cd7e50e19 Author: Richard Levitte Date: Fri Jun 11 04:55:03 2021 +0200 apps/lib/s_socket.c: Alias getpid with _getpid for _WIN32 Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15710) ----------------------------------------------------------------------- Summary of changes: apps/lib/s_socket.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index 36dbe615d2..bddf16045f 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -26,6 +26,15 @@ typedef unsigned int u_int; #endif +#ifdef _WIN32 +/* + * With MSVC, certain POSIX functions have been renamed to have an underscore + * prefix. + */ +# include +# define getpid _getpid +#endif + #ifndef OPENSSL_NO_SOCK # include "apps.h" From tomas at openssl.org Fri Jun 11 07:51:36 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 11 Jun 2021 07:51:36 +0000 Subject: [openssl] master update Message-ID: <1623397896.089774.10445.nullmailer@dev.openssl.org> The branch master has been updated via 541d4f19957727d331c2e4353a26841f5d1fe32d (commit) via 20778ea7dad8c4f659dbb5dfcb4fac896e51ed6a (commit) via 451c2a95bd7b21677efedb7c4a8860d3178a5f65 (commit) from 814b5133e9aca90f1edb99c38a26e55cd7e50e19 (commit) - Log ----------------------------------------------------------------- commit 541d4f19957727d331c2e4353a26841f5d1fe32d Author: Tomas Mraz Date: Thu Jun 10 16:55:37 2021 +0200 fuzz/asn1parse: Use BIO_s_mem() as fallback output /dev/null is not available everywhere. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15672) commit 20778ea7dad8c4f659dbb5dfcb4fac896e51ed6a Author: Tomas Mraz Date: Wed Jun 9 13:48:21 2021 +0200 BIO_write_ex: No error only on 0 bytes to write Fixes #15682 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15672) commit 451c2a95bd7b21677efedb7c4a8860d3178a5f65 Author: Tomas Mraz Date: Wed Jun 9 12:27:51 2021 +0200 Windows CI: Enable fuzz test in plain build Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15672) ----------------------------------------------------------------------- Summary of changes: .github/workflows/windows.yml | 2 +- crypto/bio/bio_lib.c | 8 +++++++- doc/man3/BIO_read.pod | 7 +++++-- fuzz/asn1parse.c | 2 ++ 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index bcfa45a4ba..5c98695a70 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -57,7 +57,7 @@ jobs: run: nmake /S - name: test working-directory: _build - run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 + run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4 minimal: runs-on: windows-latest steps: diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index cdce122796..af7ad05bca 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -393,7 +393,13 @@ int BIO_write(BIO *b, const void *data, int dlen) int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written) { - return bio_write_intern(b, data, dlen, written) >= 0; + if (dlen == 0) { + /* no error */ + if (written != NULL) + *written = 0; + return 1; + } + return bio_write_intern(b, data, dlen, written) > 0; } int BIO_puts(BIO *b, const char *buf) diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod index 08104b1b92..a2d8ab3af0 100644 --- a/doc/man3/BIO_read.pod +++ b/doc/man3/BIO_read.pod @@ -27,7 +27,7 @@ stored in I<*readbytes>. BIO_write_ex() attempts to write I bytes from I to BIO I. If successful then the number of bytes written is stored in I<*written> -unless I is NULL. No data is written if I is NULL. +unless I is NULL. BIO_read() attempts to read I bytes from BIO I and places the data in I. @@ -59,7 +59,7 @@ BIO_puts() attempts to write a NUL-terminated string I to BIO I. BIO_read_ex() returns 1 if data was successfully read, and 0 otherwise. BIO_write_ex() returns 1 if no error was encountered writing data, 0 otherwise. -Write to NULL B is not considered as an error. +Requesting to write 0 bytes is not considered an error. BIO_write() returns -2 if the "write" operation is not implemented by the BIO or -1 on other errors. @@ -114,6 +114,9 @@ keep the '\n' at the end of the line in the buffer. BIO_get_line() was added in OpenSSL 3.0. +BIO_write_ex() returns 1 if the size of the data to write is 0 and the +I parameter of the function can be NULL since OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. diff --git a/fuzz/asn1parse.c b/fuzz/asn1parse.c index ac888e535a..72b0df8a46 100644 --- a/fuzz/asn1parse.c +++ b/fuzz/asn1parse.c @@ -24,6 +24,8 @@ static BIO *bio_out; int FuzzerInitialize(int *argc, char ***argv) { bio_out = BIO_new_file("/dev/null", "w"); + if (bio_out == NULL) + bio_out = BIO_new(BIO_s_mem()); OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ERR_clear_error(); CRYPTO_free_ex_index(0, -1); From levitte at openssl.org Fri Jun 11 08:04:56 2021 From: levitte at openssl.org (Richard Levitte) Date: Fri, 11 Jun 2021 08:04:56 +0000 Subject: [openssl] master update Message-ID: <1623398696.510850.15683.nullmailer@dev.openssl.org> The branch master has been updated via c24b3f2eda0235d04865bf258759d46d8a01608d (commit) from 541d4f19957727d331c2e4353a26841f5d1fe32d (commit) - Log ----------------------------------------------------------------- commit c24b3f2eda0235d04865bf258759d46d8a01608d Author: Richard Levitte Date: Thu Jun 10 09:41:22 2021 +0200 Clean away remaining Travis related files Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15692) ----------------------------------------------------------------------- Summary of changes: .travis-apt-pin.preferences | 15 --------------- .travis-create-release.sh | 3 --- 2 files changed, 18 deletions(-) delete mode 100644 .travis-apt-pin.preferences delete mode 100644 .travis-create-release.sh diff --git a/.travis-apt-pin.preferences b/.travis-apt-pin.preferences deleted file mode 100644 index 1797bd0414..0000000000 --- a/.travis-apt-pin.preferences +++ /dev/null @@ -1,15 +0,0 @@ -Package: clang-3.9 -Pin: release o=Ubuntu -Pin-Priority: -1 - -Package: libclang-common-3.9-dev -Pin: release o=Ubuntu -Pin-Priority: -1 - -Package: libclang1-3.9 -Pin: release o=Ubuntu -Pin-Priority: -1 - -Package: libllvm3.9v4 -Pin: release o=Ubuntu -Pin-Priority: -1 diff --git a/.travis-create-release.sh b/.travis-create-release.sh deleted file mode 100644 index 3407de7117..0000000000 --- a/.travis-create-release.sh +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/sh - -./util/mktar.sh --name=_srcdist From levitte at openssl.org Fri Jun 11 08:07:19 2021 From: levitte at openssl.org (Richard Levitte) Date: Fri, 11 Jun 2021 08:07:19 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1623398839.903907.18247.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 6e03ee56f4aec778a9d303f85c1d290a9e154aad (commit) from 668893a9207adbed5186fcc6ac24ac3458cc7883 (commit) - Log ----------------------------------------------------------------- commit 6e03ee56f4aec778a9d303f85c1d290a9e154aad Author: Richard Levitte Date: Thu Jun 10 09:43:07 2021 +0200 Clean away remaining Travis related files Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15693) ----------------------------------------------------------------------- Summary of changes: .travis-apt-pin.preferences | 15 --------------- .travis-create-release.sh | 3 --- 2 files changed, 18 deletions(-) delete mode 100644 .travis-apt-pin.preferences delete mode 100644 .travis-create-release.sh diff --git a/.travis-apt-pin.preferences b/.travis-apt-pin.preferences deleted file mode 100644 index 1797bd0414..0000000000 --- a/.travis-apt-pin.preferences +++ /dev/null @@ -1,15 +0,0 @@ -Package: clang-3.9 -Pin: release o=Ubuntu -Pin-Priority: -1 - -Package: libclang-common-3.9-dev -Pin: release o=Ubuntu -Pin-Priority: -1 - -Package: libclang1-3.9 -Pin: release o=Ubuntu -Pin-Priority: -1 - -Package: libllvm3.9v4 -Pin: release o=Ubuntu -Pin-Priority: -1 diff --git a/.travis-create-release.sh b/.travis-create-release.sh deleted file mode 100644 index 3407de7117..0000000000 --- a/.travis-create-release.sh +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/sh - -./util/mktar.sh --name=_srcdist From pauli at openssl.org Fri Jun 11 10:10:14 2021 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 11 Jun 2021 10:10:14 +0000 Subject: [openssl] master update Message-ID: <1623406214.496340.32237.nullmailer@dev.openssl.org> The branch master has been updated via 67eacb60a8a46b610b98533c7e8ae5bd199e49d7 (commit) from c24b3f2eda0235d04865bf258759d46d8a01608d (commit) - Log ----------------------------------------------------------------- commit 67eacb60a8a46b610b98533c7e8ae5bd199e49d7 Author: Tomas Mraz Date: Thu Jun 10 09:58:43 2021 +0200 Do not depend on the exact exit failure value of dgst app On most platforms the EXIT_FAILURE is 1 but on NonStop platform the EXIT_FAILURE is -1 truncated to 255. Fixes #15633 Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15694) ----------------------------------------------------------------------- Summary of changes: test/recipes/15-test_rsapss.t | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t index 5c8340259f..f80ce30673 100644 --- a/test/recipes/15-test_rsapss.t +++ b/test/recipes/15-test_rsapss.t @@ -33,21 +33,21 @@ ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sh srctop_file('test', 'testrsa.pem')])), "openssl dgst -sign [plain RSA key, PSS padding mode, no PSS restrictions]"); -with({ exit_checker => sub { return shift == 1; } }, - sub { ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', - '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])), - "openssl dgst -sign, expect to fail gracefully"); - ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647', - '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])), - "openssl dgst -sign, expect to fail gracefully"); - ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512', - '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', - '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', - srctop_file('test', 'testrsa.pem')])), - "openssl dgst -prverify, expect to fail gracefully"); - }); +ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', + '-sigopt', 'rsa_mgf1_md:sha512', srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign, expect to fail gracefully"); + +ok(!run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha512', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:2147483647', + '-sigopt', 'rsa_mgf1_md:sha1', srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign, expect to fail gracefully"); + +ok(!run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha512', + '-sigopt', 'rsa_padding_mode:pss', '-sigopt', 'rsa_pss_saltlen:max', + '-sigopt', 'rsa_mgf1_md:sha512', '-signature', 'testrsapss.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -prverify, expect to fail gracefully"); ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1', From tomas at openssl.org Fri Jun 11 10:34:33 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 11 Jun 2021 10:34:33 +0000 Subject: [openssl] master update Message-ID: <1623407673.084366.15234.nullmailer@dev.openssl.org> The branch master has been updated via 3eb4b5bfe66ba0911fffa05ff1e3a00f4c54d641 (commit) from 67eacb60a8a46b610b98533c7e8ae5bd199e49d7 (commit) - Log ----------------------------------------------------------------- commit 3eb4b5bfe66ba0911fffa05ff1e3a00f4c54d641 Author: Robbie Harwood Date: Mon May 24 17:11:53 2021 -0400 Update krb5 module and re-enable pkinit tests pkinit tests were disabled in cd0aca532091de4dfadf2f12b18dd99e9cba7615 Signed-off-by: Robbie Harwood Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15444) ----------------------------------------------------------------------- Summary of changes: krb5 | 2 +- test/recipes/95-test_external_krb5_data/krb5.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/krb5 b/krb5 index 3195e18f66..d6bf422796 160000 --- a/krb5 +++ b/krb5 @@ -1 +1 @@ -Subproject commit 3195e18f6608890866cf7a60ea538f4649d4fe82 +Subproject commit d6bf42279675100e3e4fe7c6e08eef74d49624cb diff --git a/test/recipes/95-test_external_krb5_data/krb5.sh b/test/recipes/95-test_external_krb5_data/krb5.sh index 6a6664c0ce..eeaa59f961 100755 --- a/test/recipes/95-test_external_krb5_data/krb5.sh +++ b/test/recipes/95-test_external_krb5_data/krb5.sh @@ -13,7 +13,7 @@ CFLAGS="-I`pwd`/$BLDTOP/include -I`pwd`/$SRCTOP/include" cd $SRCTOP/krb5/src autoreconf -./configure --with-ldap --with-prng-alg=os --disable-pkinit \ +./configure --with-ldap --with-prng-alg=os --enable-pkinit \ --with-crypto-impl=openssl --with-tls-impl=openssl \ CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" From tomas at openssl.org Fri Jun 11 10:40:44 2021 From: tomas at openssl.org (tomas at openssl.org) Date: Fri, 11 Jun 2021 10:40:44 +0000 Subject: [openssl] master update Message-ID: <1623408044.165708.20830.nullmailer@dev.openssl.org> The branch master has been updated via 8c5bff2220c4f39b48660afda40005871f53250d (commit) from 3eb4b5bfe66ba0911fffa05ff1e3a00f4c54d641 (commit) - Log ----------------------------------------------------------------- commit 8c5bff2220c4f39b48660afda40005871f53250d Author: William Edmisten Date: Mon Mar 1 18:33:29 2021 -0500 Add support for ISO 8601 datetime format Fixes #5430 Added the configuration file option "date_opt" to the openssl applications ca, crl and x509. Added ASN1_TIME_print_ex which supports the new datetime format using the flag ASN1_DTFLGS_ISO8601 Reviewed-by: Paul Dale Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14384) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 5 ++++ apps/ca.c | 40 +++++++++++++++------------ apps/crl.c | 12 ++++++-- apps/include/apps.h | 1 + apps/lib/apps.c | 9 ++++++ apps/x509.c | 16 +++++++++-- crypto/asn1/a_time.c | 36 ++++++++++++++++++++---- crypto/x509/t_x509.c | 4 +-- doc/man1/openssl-ca.pod.in | 6 ++++ doc/man1/openssl-crl.pod.in | 6 ++++ doc/man1/openssl-x509.pod.in | 6 ++++ doc/man3/ASN1_TIME_set.pod | 15 ++++++---- include/crypto/asn1.h | 2 +- include/openssl/asn1.h.in | 8 +++++- test/x509_time_test.c | 66 ++++++++++++++++++++++++++++++++++++++++---- util/libcrypto.num | 1 + 16 files changed, 191 insertions(+), 42 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5b0f0df11e..9eb5eeb19b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,11 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Add a configurable flag to output date formats as ISO 8601. Does not + change the default date format. + + *William Edmisten* + * Version of MSVC earlier than 1300 could get link warnings, which could be suppressed if the undocumented -DI_CAN_LIVE_WITH_LNK4049 was set. Support for this flag has been removed. diff --git a/apps/ca.c b/apps/ca.c index 32abc021a6..24883615ed 100755 --- a/apps/ca.c +++ b/apps/ca.c @@ -99,7 +99,7 @@ static int certify(X509 **xret, const char *infile, int informat, const char *enddate, long days, int batch, const char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign); + int default_op, int ext_copy, int selfsign, unsigned long dateopt); static int certify_cert(X509 **xret, const char *infile, int certformat, const char *passin, EVP_PKEY *pkey, X509 *x509, const char *dgst, @@ -110,7 +110,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat, int multirdn, int email_dn, const char *startdate, const char *enddate, long days, int batch, const char *ext_sect, CONF *conf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy); + unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt); static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509, const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts, @@ -119,7 +119,7 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, int multirdn, int email_dn, const char *startdate, const char *enddate, long days, const char *ext_sect, CONF *conf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy); + unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, @@ -127,7 +127,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, int email_dn, const char *startdate, const char *enddate, long days, int batch, int verbose, X509_REQ *req, const char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign); + int default_op, int ext_copy, int selfsign, unsigned long dateopt); static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); static int check_time_format(const char *str); @@ -148,7 +148,7 @@ typedef enum OPTION_choice { OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE, OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN, OPT_KEY, OPT_CERT, OPT_CERTFORM, OPT_SELFSIGN, - OPT_IN, OPT_INFORM, OPT_OUT, OPT_OUTDIR, OPT_VFYOPT, + OPT_IN, OPT_INFORM, OPT_OUT, OPT_DATEOPT, OPT_OUTDIR, OPT_VFYOPT, OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN, OPT_GENCRL, OPT_MSIE_HACK, OPT_CRL_LASTUPDATE, OPT_CRL_NEXTUPDATE, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC, @@ -171,6 +171,7 @@ const OPTIONS ca_options[] = { {"inform", OPT_INFORM, 'F', "CSR input format (DER or PEM); default PEM"}, {"infiles", OPT_INFILES, '-', "The last argument, requests to process"}, {"out", OPT_OUT, '>', "Where to put the output file(s)"}, + {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."}, {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"}, {"batch", OPT_BATCH, '-', "Don't ask questions"}, {"msie_hack", OPT_MSIE_HACK, '-', @@ -275,6 +276,7 @@ int ca_main(int argc, char **argv) char *dgst = NULL, *policy = NULL, *keyfile = NULL; char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL; int certformat = FORMAT_UNDEF, informat = FORMAT_UNDEF; + unsigned long dateopt = ASN1_DTFLGS_RFC822; const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL; const char *extensions = NULL, *extfile = NULL, *passinarg = NULL; char *passin = NULL; @@ -323,6 +325,10 @@ opthelp: case OPT_OUT: outfile = opt_arg(); break; + case OPT_DATEOPT: + if (!set_dateopt(&dateopt, opt_arg())) + goto opthelp; + break; case OPT_VERBOSE: verbose = 1; break; @@ -947,7 +953,7 @@ end_of_options: attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, extensions, conf, verbose, certopt, get_nameopt(), default_op, - ext_copy); + ext_copy, dateopt); if (j < 0) goto end; if (j > 0) { @@ -968,7 +974,7 @@ end_of_options: db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, conf, verbose, certopt, get_nameopt(), default_op, - ext_copy); + ext_copy, dateopt); if (j < 0) goto end; if (j > 0) { @@ -988,7 +994,7 @@ end_of_options: sigopts, vfyopts, attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, conf, verbose, - certopt, get_nameopt(), default_op, ext_copy, selfsign); + certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt); if (j < 0) goto end; if (j > 0) { @@ -1009,7 +1015,7 @@ end_of_options: attribs, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, extensions, conf, verbose, - certopt, get_nameopt(), default_op, ext_copy, selfsign); + certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt); if (j < 0) goto end; if (j > 0) { @@ -1357,7 +1363,7 @@ static int certify(X509 **xret, const char *infile, int informat, const char *enddate, long days, int batch, const char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign) + int default_op, int ext_copy, int selfsign, unsigned long dateopt) { X509_REQ *req = NULL; EVP_PKEY *pktmp = NULL; @@ -1396,7 +1402,7 @@ static int certify(X509 **xret, const char *infile, int informat, ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, verbose, req, ext_sect, lconf, certopt, nameopt, default_op, - ext_copy, selfsign); + ext_copy, selfsign, dateopt); end: ERR_print_errors(bio_err); @@ -1414,7 +1420,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat, int multirdn, int email_dn, const char *startdate, const char *enddate, long days, int batch, const char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy) + unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt) { X509 *template_cert = NULL; X509_REQ *rreq = NULL; @@ -1453,7 +1459,7 @@ static int certify_cert(X509 **xret, const char *infile, int certformat, ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch, verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op, - ext_copy, 0); + ext_copy, 0, dateopt); end: X509_REQ_free(rreq); @@ -1468,7 +1474,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, int email_dn, const char *startdate, const char *enddate, long days, int batch, int verbose, X509_REQ *req, const char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign) + int default_op, int ext_copy, int selfsign, unsigned long dateopt) { const X509_NAME *name = NULL; X509_NAME *CAname = NULL, *subject = NULL; @@ -1877,7 +1883,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, } BIO_printf(bio_err, "Certificate is to be certified until "); - ASN1_TIME_print(bio_err, X509_get0_notAfter(ret)); + ASN1_TIME_print_ex(bio_err, X509_get0_notAfter(ret), dateopt); if (days) BIO_printf(bio_err, " (%ld days)", days); BIO_printf(bio_err, "\n"); @@ -1970,7 +1976,7 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, int multirdn, int email_dn, const char *startdate, const char *enddate, long days, const char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy) + unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt) { STACK_OF(CONF_VALUE) *sk = NULL; LHASH_OF(CONF_VALUE) *parms = NULL; @@ -2083,7 +2089,7 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, 1, verbose, req, ext_sect, lconf, certopt, nameopt, default_op, - ext_copy, 0); + ext_copy, 0, dateopt); end: X509_REQ_free(req); CONF_free(parms); diff --git a/apps/crl.c b/apps/crl.c index ff7c314717..2158a107e5 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -23,7 +23,7 @@ typedef enum OPTION_choice { OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY, OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT, OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, - OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_TEXT, OPT_HASH, + OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_DATEOPT, OPT_TEXT, OPT_HASH, OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD, OPT_PROV_ENUM } OPTION_CHOICE; @@ -41,6 +41,7 @@ const OPTIONS crl_options[] = { OPT_SECTION("Output"), {"out", OPT_OUT, '>', "output file - default stdout"}, {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"}, + {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."}, {"text", OPT_TEXT, '-', "Print out a text format version"}, {"hash", OPT_HASH, '-', "Print hash value"}, #ifndef OPENSSL_NO_MD5 @@ -91,6 +92,7 @@ int crl_main(int argc, char **argv) int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF; int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0; int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0; + unsigned long dateopt = ASN1_DTFLGS_RFC822; int i; #ifndef OPENSSL_NO_MD5 int hash_old = 0; @@ -161,6 +163,10 @@ int crl_main(int argc, char **argv) case OPT_VERIFY: do_ver = 1; break; + case OPT_DATEOPT: + if (!set_dateopt(&dateopt, opt_arg())) + goto opthelp; + break; case OPT_TEXT: text = 1; break; @@ -327,13 +333,13 @@ int crl_main(int argc, char **argv) #endif if (lastupdate == i) { BIO_printf(bio_out, "lastUpdate="); - ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x)); + ASN1_TIME_print_ex(bio_out, X509_CRL_get0_lastUpdate(x), dateopt); BIO_printf(bio_out, "\n"); } if (nextupdate == i) { BIO_printf(bio_out, "nextUpdate="); if (X509_CRL_get0_nextUpdate(x)) - ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x)); + ASN1_TIME_print_ex(bio_out, X509_CRL_get0_nextUpdate(x), dateopt); else BIO_printf(bio_out, "NONE"); BIO_printf(bio_out, "\n"); diff --git a/apps/include/apps.h b/apps/include/apps.h index c9f77f6067..4b5c34f2e2 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -100,6 +100,7 @@ void print_bignum_var(BIO *, const BIGNUM *, const char*, void print_array(BIO *, const char *, int, const unsigned char *); int set_nameopt(const char *arg); unsigned long get_nameopt(void); +int set_dateopt(unsigned long *dateopt, const char *arg); int set_cert_ex(unsigned long *flags, const char *arg); int set_name_ex(unsigned long *flags, const char *arg); int set_ext_copy(int *copy_type, const char *arg); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 9aae725fc6..79fe4f8409 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1214,6 +1214,15 @@ int set_name_ex(unsigned long *flags, const char *arg) return 1; } +int set_dateopt(unsigned long *dateopt, const char *arg) +{ + if (strcasecmp(arg, "rfc_822") == 0) + *dateopt = ASN1_DTFLGS_RFC822; + else if (strcasecmp(arg, "iso_8601") == 0) + *dateopt = ASN1_DTFLGS_ISO8601; + return 0; +} + int set_ext_copy(int *copy_type, const char *arg) { if (strcasecmp(arg, "none") == 0) diff --git a/apps/x509.c b/apps/x509.c index 8ec6ba2db5..25c75e8574 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -44,7 +44,7 @@ typedef enum OPTION_choice { OPT_CAKEYFORM, OPT_VFYOPT, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE, OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_KEY, OPT_SIGNKEY, OPT_CA, OPT_CAKEY, OPT_CASERIAL, OPT_SET_SERIAL, OPT_NEW, OPT_FORCE_PUBKEY, OPT_SUBJ, - OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_NAMEOPT, + OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_DATEOPT, OPT_NAMEOPT, OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL, OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH, OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES, @@ -87,6 +87,7 @@ const OPTIONS x509_options[] = { OPT_SECTION("Certificate printing"), {"text", OPT_TEXT, '-', "Print the certificate in text form"}, + {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."}, {"certopt", OPT_CERTOPT, 's', "Various certificate text printing options"}, {"fingerprint", OPT_FINGERPRINT, '-', "Print the certificate fingerprint"}, {"alias", OPT_ALIAS, '-', "Print certificate alias"}, @@ -267,6 +268,7 @@ int x509_main(int argc, char **argv) int days = UNSET_DAYS; /* not explicitly set */ int x509toreq = 0, modulus = 0, print_pubkey = 0, pprint = 0; int CAformat = FORMAT_UNDEF, CAkeyformat = FORMAT_UNDEF; + unsigned long dateopt = ASN1_DTFLGS_RFC822; int fingerprint = 0, reqfile = 0, checkend = 0; int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF; int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0; @@ -330,6 +332,14 @@ int x509_main(int argc, char **argv) case OPT_REQ: reqfile = 1; break; + + case OPT_DATEOPT: + if (!set_dateopt(&dateopt, opt_arg())) { + BIO_printf(bio_err, + "Invalid date format: %s\n", opt_arg()); + goto end; + } + break; case OPT_COPY_EXTENSIONS: if (!set_ext_copy(&ext_copy, opt_arg())) { BIO_printf(bio_err, @@ -956,11 +966,11 @@ int x509_main(int argc, char **argv) X509_print_ex(out, x, get_nameopt(), certflag); } else if (i == startdate) { BIO_puts(out, "notBefore="); - ASN1_TIME_print(out, X509_get0_notBefore(x)); + ASN1_TIME_print_ex(out, X509_get0_notBefore(x), dateopt); BIO_puts(out, "\n"); } else if (i == enddate) { BIO_puts(out, "notAfter="); - ASN1_TIME_print(out, X509_get0_notAfter(x)); + ASN1_TIME_print_ex(out, X509_get0_notAfter(x), dateopt); BIO_puts(out, "\n"); } else if (i == fingerprint) { unsigned int n; diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index fb3bd2aca6..9b3074e47e 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -470,14 +470,22 @@ static const char _asn1_mon[12][4] = { "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; -/* returns 1 on success, 0 on BIO write error or parse failure */ +/* prints the time with the default date format (RFC 822) */ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) { - return ossl_asn1_time_print_ex(bp, tm) > 0; + return ASN1_TIME_print_ex(bp, tm, ASN1_DTFLGS_RFC822); +} + +/* returns 1 on success, 0 on BIO write error or parse failure */ +int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) +{ + return ossl_asn1_time_print_ex(bp, tm, flags) > 0; } + +/* prints the time with the date format of ISO 8601 */ /* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */ -int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm) +int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) { char *v; int gmt = 0, l; @@ -508,15 +516,33 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm) ++f_len; } - return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", + if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { + return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s", + stm.tm_year + 1900, stm.tm_mon + 1, + stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, f_len, f, + (gmt ? "Z" : "")) > 0; + } + else { + return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900, (gmt ? " GMT" : "")) > 0; + } } else { - return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", + if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { + return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s", + stm.tm_year + 1900, stm.tm_mon + 1, + stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, + (gmt ? "Z" : "")) > 0; + } + else { + return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, stm.tm_min, stm.tm_sec, stm.tm_year + 1900, (gmt ? " GMT" : "")) > 0; + } } } diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 8b84792b05..fdbdfd5b09 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -140,11 +140,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, goto err; if (BIO_write(bp, " Not Before: ", 24) <= 0) goto err; - if (ossl_asn1_time_print_ex(bp, X509_get0_notBefore(x)) == 0) + if (ossl_asn1_time_print_ex(bp, X509_get0_notBefore(x), ASN1_DTFLGS_RFC822) == 0) goto err; if (BIO_write(bp, "\n Not After : ", 25) <= 0) goto err; - if (ossl_asn1_time_print_ex(bp, X509_get0_notAfter(x)) == 0) + if (ossl_asn1_time_print_ex(bp, X509_get0_notAfter(x), ASN1_DTFLGS_RFC822) == 0) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index fc0b00c032..1d497e848e 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -44,6 +44,7 @@ B B [B<-inform> B|] [B<-out> I] [B<-notext>] +[B<-dateopt>] [B<-outdir> I] [B<-infiles>] [B<-spkac> I] @@ -209,6 +210,11 @@ self-signed certificate. Don't output the text form of a certificate to the output file. +=item B<-dateopt> + +Specify the date output format. Values are: rfc_822 and iso_8601. +Defaults to rfc_822. + =item B<-startdate> I This allows the start date to be explicitly set. The format of the diff --git a/doc/man1/openssl-crl.pod.in b/doc/man1/openssl-crl.pod.in index e642f5c117..7e15f6445a 100644 --- a/doc/man1/openssl-crl.pod.in +++ b/doc/man1/openssl-crl.pod.in @@ -13,6 +13,7 @@ B B [B<-outform> B|B] [B<-key> I] [B<-keyform> B|B|B] +[B<-dateopt>] [B<-text>] [B<-in> I] [B<-out> I] @@ -81,6 +82,11 @@ Output a comparison of the main CRL and the one specified here. Corrupt the signature before writing it; this can be useful for testing. +=item B<-dateopt> + +Specify the date output format. Values are: rfc_822 and iso_8601. +Defaults to rfc_822. + =item B<-text> Print out the CRL in text form. diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 65b6487481..0e073d6b05 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -24,6 +24,7 @@ B B [B<-outform> B|B] [B<-nocert>] [B<-noout>] +[B<-dateopt>] [B<-text>] [B<-certopt> I
+

+