Module Name: src
Committed By: christos
Date: Fri Jan 7 15:50:11 UTC 2022
Modified Files:
src/crypto/external/bsd/openssl/dist: CHANGES Configure NEWS README
src/crypto/external/bsd/openssl/dist/apps: s_client.c s_server.c
speed.c
src/crypto/external/bsd/openssl/dist/crypto: armcap.c ppccap.c uid.c
src/crypto/external/bsd/openssl/dist/crypto/asn1: a_strex.c
src/crypto/external/bsd/openssl/dist/crypto/bn/asm: mips.pl
src/crypto/external/bsd/openssl/dist/crypto/ec: ec_asn1.c
src/crypto/external/bsd/openssl/dist/crypto/engine: eng_lib.c
src/crypto/external/bsd/openssl/dist/crypto/evp: e_aes.c evp_enc.c
src/crypto/external/bsd/openssl/dist/crypto/objects: o_names.c
src/crypto/external/bsd/openssl/dist/crypto/rand: rand_unix.c
src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c
src/crypto/external/bsd/openssl/dist/ssl: d1_lib.c s3_cbc.c ssl_ciph.c
ssl_err.c ssl_lib.c t1_lib.c
src/crypto/external/bsd/openssl/dist/test: bntest.c ectest.c
evp_extra_test.c evp_test.c rsa_test.c
src/crypto/external/bsd/openssl/dist/test/testutil: format_output.c
tests.c
Log Message:
merge conflicts between openssl-1-1-1k and openssl-1-1-1m
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssl/dist/CHANGES \
src/crypto/external/bsd/openssl/dist/NEWS \
src/crypto/external/bsd/openssl/dist/README
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssl/dist/Configure
cvs rdiff -u -r1.23 -r1.24 \
src/crypto/external/bsd/openssl/dist/apps/s_client.c \
src/crypto/external/bsd/openssl/dist/apps/s_server.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssl/dist/apps/speed.c
cvs rdiff -u -r1.13 -r1.14 \
src/crypto/external/bsd/openssl/dist/crypto/armcap.c
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/openssl/dist/crypto/ppccap.c
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssl/dist/crypto/uid.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssl/dist/crypto/bn/asm/mips.pl
cvs rdiff -u -r1.11 -r1.12 \
src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssl/dist/crypto/engine/eng_lib.c
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
cvs rdiff -u -r1.13 -r1.14 \
src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c
cvs rdiff -u -r1.17 -r1.18 \
src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
cvs rdiff -u -r1.23 -r1.24 \
src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c
cvs rdiff -u -r1.20 -r1.21 \
src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c \
src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c
cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/test/bntest.c \
src/crypto/external/bsd/openssl/dist/test/ectest.c \
src/crypto/external/bsd/openssl/dist/test/evp_test.c \
src/crypto/external/bsd/openssl/dist/test/rsa_test.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/external/bsd/openssl/dist/test/testutil/format_output.c \
src/crypto/external/bsd/openssl/dist/test/testutil/tests.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/CHANGES
diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.27 src/crypto/external/bsd/openssl/dist/CHANGES:1.28
--- src/crypto/external/bsd/openssl/dist/CHANGES:1.27 Thu Mar 25 14:51:18 2021
+++ src/crypto/external/bsd/openssl/dist/CHANGES Fri Jan 7 10:50:10 2022
@@ -7,6 +7,91 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
+
+ *) Avoid loading of a dynamic engine twice.
+
+ [Bernd Edlinger]
+
+ *) Fixed building on Debian with kfreebsd kernels
+
+ [Mattias Ellert]
+
+ *) Prioritise DANE TLSA issuer certs over peer certs
+
+ [Viktor Dukhovni]
+
+ *) Fixed random API for MacOS prior to 10.12
+
+ These MacOS versions don't support the CommonCrypto APIs
+
+ [Lenny Primak]
+
+ Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
+
+ *) Fixed an SM2 Decryption Buffer Overflow.
+
+ In order to decrypt SM2 encrypted data an application is expected to call the
+ API function EVP_PKEY_decrypt(). Typically an application will call this
+ function twice. The first time, on entry, the "out" parameter can be NULL and,
+ on exit, the "outlen" parameter is populated with the buffer size required to
+ hold the decrypted plaintext. The application can then allocate a sufficiently
+ sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
+ value for the "out" parameter.
+
+ A bug in the implementation of the SM2 decryption code means that the
+ calculation of the buffer size required to hold the plaintext returned by the
+ first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
+ the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
+ called by the application a second time with a buffer that is too small.
+
+ A malicious attacker who is able present SM2 content for decryption to an
+ application could cause attacker chosen data to overflow the buffer by up to a
+ maximum of 62 bytes altering the contents of other data held after the
+ buffer, possibly changing application behaviour or causing the application to
+ crash. The location of the buffer is application dependent but is typically
+ heap allocated.
+ (CVE-2021-3711)
+ [Matt Caswell]
+
+ *) Fixed various read buffer overruns processing ASN.1 strings
+
+ ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
+ structure which contains a buffer holding the string data and a field holding
+ the buffer length. This contrasts with normal C strings which are repesented as
+ a buffer for the string data which is terminated with a NUL (0) byte.
+
+ Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
+ own "d2i" functions (and other similar parsing functions) as well as any string
+ whose value has been set with the ASN1_STRING_set() function will additionally
+ NUL terminate the byte array in the ASN1_STRING structure.
+
+ However, it is possible for applications to directly construct valid ASN1_STRING
+ structures which do not NUL terminate the byte array by directly setting the
+ "data" and "length" fields in the ASN1_STRING array. This can also happen by
+ using the ASN1_STRING_set0() function.
+
+ Numerous OpenSSL functions that print ASN.1 data have been found to assume that
+ the ASN1_STRING byte array will be NUL terminated, even though this is not
+ guaranteed for strings that have been directly constructed. Where an application
+ requests an ASN.1 structure to be printed, and where that ASN.1 structure
+ contains ASN1_STRINGs that have been directly constructed by the application
+ without NUL terminating the "data" field, then a read buffer overrun can occur.
+
+ The same thing can also occur during name constraints processing of certificates
+ (for example if a certificate has been directly constructed by the application
+ instead of loading it via the OpenSSL parsing functions, and the certificate
+ contains non NUL terminated ASN1_STRING structures). It can also occur in the
+ X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.
+
+ If a malicious actor can cause an application to directly construct an
+ ASN1_STRING and then process it through one of the affected OpenSSL functions
+ then this issue could be hit. This might result in a crash (causing a Denial of
+ Service attack). It could also result in the disclosure of private memory
+ contents (such as private keys, or sensitive plaintext).
+ (CVE-2021-3712)
+ [Matt Caswell]
+
Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
*) Fixed a problem with verifying a certificate chain when using the
Index: src/crypto/external/bsd/openssl/dist/NEWS
diff -u src/crypto/external/bsd/openssl/dist/NEWS:1.27 src/crypto/external/bsd/openssl/dist/NEWS:1.28
--- src/crypto/external/bsd/openssl/dist/NEWS:1.27 Thu Mar 25 14:51:18 2021
+++ src/crypto/external/bsd/openssl/dist/NEWS Fri Jan 7 10:50:10 2022
@@ -5,6 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
+
+ o None
+
+ Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
+
+ o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
+ o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712)
+
Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
o Fixed a problem with verifying a certificate chain when using the
Index: src/crypto/external/bsd/openssl/dist/README
diff -u src/crypto/external/bsd/openssl/dist/README:1.27 src/crypto/external/bsd/openssl/dist/README:1.28
--- src/crypto/external/bsd/openssl/dist/README:1.27 Thu Mar 25 14:51:18 2021
+++ src/crypto/external/bsd/openssl/dist/README Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1k 25 Mar 2021
+ OpenSSL 1.1.1m 14 Dec 2021
Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Index: src/crypto/external/bsd/openssl/dist/Configure
diff -u src/crypto/external/bsd/openssl/dist/Configure:1.28 src/crypto/external/bsd/openssl/dist/Configure:1.29
--- src/crypto/external/bsd/openssl/dist/Configure:1.28 Fri Feb 19 22:22:13 2021
+++ src/crypto/external/bsd/openssl/dist/Configure Fri Jan 7 10:50:10 2022
@@ -1304,16 +1304,19 @@ if ($disabled{"dynamic-engine"}) {
unless ($disabled{asan}) {
push @{$config{cflags}}, "-fsanitize=address";
+ push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX};
}
unless ($disabled{ubsan}) {
# -DPEDANTIC or -fnosanitize=alignment may also be required on some
# platforms.
push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all";
+ push @{$config{cxxflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all" if $config{CXX};
}
unless ($disabled{msan}) {
push @{$config{cflags}}, "-fsanitize=memory";
+ push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX};
}
unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"}
Index: src/crypto/external/bsd/openssl/dist/apps/s_client.c
diff -u src/crypto/external/bsd/openssl/dist/apps/s_client.c:1.23 src/crypto/external/bsd/openssl/dist/apps/s_client.c:1.24
--- src/crypto/external/bsd/openssl/dist/apps/s_client.c:1.23 Wed Dec 9 19:33:08 2020
+++ src/crypto/external/bsd/openssl/dist/apps/s_client.c Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -3161,6 +3161,8 @@ int s_client_main(int argc, char **argv)
#endif
OPENSSL_free(connectstr);
OPENSSL_free(bindstr);
+ OPENSSL_free(bindhost);
+ OPENSSL_free(bindport);
OPENSSL_free(host);
OPENSSL_free(port);
X509_VERIFY_PARAM_free(vpm);
Index: src/crypto/external/bsd/openssl/dist/apps/s_server.c
diff -u src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.23 src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.24
--- src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.23 Sun Apr 5 17:53:44 2020
+++ src/crypto/external/bsd/openssl/dist/apps/s_server.c Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -133,6 +133,17 @@ static unsigned int psk_server_cb(SSL *s
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");
+
+ if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) {
+ /*
+ * This callback is designed for use in (D)TLSv1.2 (or below). It is
+ * possible to use a single callback for all protocol versions - but it
+ * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we
+ * have psk_find_session_cb.
+ */
+ return 0;
+ }
+
if (identity == NULL) {
BIO_printf(bio_err, "Error: client did not send PSK identity\n");
goto out_err;
Index: src/crypto/external/bsd/openssl/dist/apps/speed.c
diff -u src/crypto/external/bsd/openssl/dist/apps/speed.c:1.20 src/crypto/external/bsd/openssl/dist/apps/speed.c:1.21
--- src/crypto/external/bsd/openssl/dist/apps/speed.c:1.20 Sat Mar 21 20:53:02 2020
+++ src/crypto/external/bsd/openssl/dist/apps/speed.c Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -1590,6 +1590,10 @@ int speed_main(int argc, char **argv)
case OPT_MULTI:
#ifndef NO_FORK
multi = atoi(opt_arg());
+ if (multi >= INT_MAX / (int)sizeof(int)) {
+ BIO_printf(bio_err, "%s: multi argument too large\n", prog);
+ return 0;
+ }
#endif
break;
case OPT_ASYNCJOBS:
@@ -3490,7 +3494,7 @@ static int do_multi(int multi, int size_
close(fd[1]);
mr = 1;
usertime = 0;
- free(fds);
+ OPENSSL_free(fds);
return 0;
}
printf("Forked child %d\n", n);
@@ -3603,7 +3607,7 @@ static int do_multi(int multi, int size_
fclose(f);
}
- free(fds);
+ OPENSSL_free(fds);
return 1;
}
#endif
Index: src/crypto/external/bsd/openssl/dist/crypto/armcap.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/armcap.c:1.13 src/crypto/external/bsd/openssl/dist/crypto/armcap.c:1.14
--- src/crypto/external/bsd/openssl/dist/crypto/armcap.c:1.13 Fri Feb 19 22:22:13 2021
+++ src/crypto/external/bsd/openssl/dist/crypto/armcap.c Fri Jan 7 10:50:10 2022
@@ -68,6 +68,12 @@ void OPENSSL_cpuid_setup(void) __attribu
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
+# elif defined(__ANDROID_API__)
+/* see https://developer.android.google.cn/ndk/guides/cpu-features */
+# if __ANDROID_API__ >= 18
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+# endif
# endif
# if defined(__FreeBSD__)
# include <sys/param.h>
@@ -88,23 +94,35 @@ static unsigned long getauxval(unsigned
# endif
/*
+ * Android: according to https://developer.android.com/ndk/guides/cpu-features,
+ * getauxval is supported starting with API level 18
+ */
+# if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+# endif
+
+/*
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP.
*/
+# ifndef AT_HWCAP
+# define AT_HWCAP 16
+# endif
+# ifndef AT_HWCAP2
+# define AT_HWCAP2 26
+# endif
# if defined(__arm__) || defined (__arm)
-# define HWCAP 16
- /* AT_HWCAP */
+# define HWCAP AT_HWCAP
# define HWCAP_NEON (1 << 12)
-# define HWCAP_CE 26
- /* AT_HWCAP2 */
+# define HWCAP_CE AT_HWCAP2
# define HWCAP_CE_AES (1 << 0)
# define HWCAP_CE_PMULL (1 << 1)
# define HWCAP_CE_SHA1 (1 << 2)
# define HWCAP_CE_SHA256 (1 << 3)
# elif defined(__aarch64__)
-# define HWCAP 16
- /* AT_HWCAP */
+# define HWCAP AT_HWCAP
# define HWCAP_NEON (1 << 1)
# define HWCAP_CE HWCAP
Index: src/crypto/external/bsd/openssl/dist/crypto/ppccap.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ppccap.c:1.19 src/crypto/external/bsd/openssl/dist/crypto/ppccap.c:1.20
--- src/crypto/external/bsd/openssl/dist/crypto/ppccap.c:1.19 Fri Feb 19 22:22:13 2021
+++ src/crypto/external/bsd/openssl/dist/crypto/ppccap.c Fri Jan 7 10:50:10 2022
@@ -219,6 +219,12 @@ size_t OPENSSL_instrument_bus2(unsigned
# if __GLIBC_PREREQ(2, 16)
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
+# elif defined(__ANDROID_API__)
+/* see https://developer.android.google.cn/ndk/guides/cpu-features */
+# if __ANDROID_API__ >= 18
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+# endif
# endif
#endif
Index: src/crypto/external/bsd/openssl/dist/crypto/uid.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/uid.c:1.7 src/crypto/external/bsd/openssl/dist/crypto/uid.c:1.8
--- src/crypto/external/bsd/openssl/dist/crypto/uid.c:1.7 Wed Jan 22 21:54:53 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/uid.c Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -17,7 +17,7 @@ int OPENSSL_issetugid(void)
return 0;
}
-#elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) || defined(__NetBSD__)
+#elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) || (defined(__GLIBC__) && defined(__FreeBSD_kernel__)) || defined(__NetBSD__)
# include OPENSSL_UNISTD
@@ -36,6 +36,12 @@ int OPENSSL_issetugid(void)
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
+# elif defined(__ANDROID_API__)
+/* see https://developer.android.google.cn/ndk/guides/cpu-features */
+# if __ANDROID_API__ >= 18
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+# endif
# endif
int OPENSSL_issetugid(void)
Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c:1.9 Sat Mar 21 20:53:03 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -280,6 +280,8 @@ static int do_dump(unsigned long lflags,
t.type = str->type;
t.value.ptr = (char *)str;
der_len = i2d_ASN1_TYPE(&t, NULL);
+ if (der_len <= 0)
+ return -1;
if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
return -1;
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/asm/mips.pl
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/asm/mips.pl:1.8 src/crypto/external/bsd/openssl/dist/crypto/bn/asm/mips.pl:1.9
--- src/crypto/external/bsd/openssl/dist/crypto/bn/asm/mips.pl:1.8 Sun Jun 21 18:16:53 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/mips.pl Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -1984,6 +1984,8 @@ $code.=<<___;
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+ sltu $at,$c_3,$t_2
+ $ADDU $c_1,$at
mflo ($t_1,$a_2,$a_0)
mfhi ($t_2,$a_2,$a_0)
___
@@ -2194,6 +2196,8 @@ $code.=<<___;
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
+ sltu $at,$c_3,$t_2
+ $ADDU $c_1,$at
mflo ($t_1,$a_2,$a_0)
mfhi ($t_2,$a_2,$a_0)
___
Index: src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c:1.11 src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c:1.12
--- src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c:1.11 Wed Dec 9 19:33:09 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -548,7 +548,7 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparamet
ECPARAMETERS_free(ret->value.parameters);
}
- if (EC_GROUP_get_asn1_flag(group)) {
+ if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) {
/*
* use the asn1 OID to describe the elliptic curve parameters
*/
@@ -761,7 +761,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters
ret->seed_len = params->curve->seed->length;
}
- if (!params->order || !params->base || !params->base->data) {
+ if (params->order == NULL
+ || params->base == NULL
+ || params->base->data == NULL
+ || params->base->length == 0) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
goto err;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/engine/eng_lib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/engine/eng_lib.c:1.8 src/crypto/external/bsd/openssl/dist/crypto/engine/eng_lib.c:1.9
--- src/crypto/external/bsd/openssl/dist/crypto/engine/eng_lib.c:1.8 Wed Dec 9 19:33:09 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/engine/eng_lib.c Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -67,6 +67,7 @@ void engine_set_all_null(ENGINE *e)
e->load_pubkey = NULL;
e->cmd_defns = NULL;
e->flags = 0;
+ e->dynamic_id = NULL;
}
int engine_free_util(ENGINE *e, int not_locked)
@@ -92,6 +93,7 @@ int engine_free_util(ENGINE *e, int not_
*/
if (e->destroy)
e->destroy(e);
+ engine_remove_dynamic_id(e, not_locked);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
OPENSSL_free(e);
return 1;
Index: src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.24 src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.25
--- src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.24 Wed Dec 9 19:33:09 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c Fri Jan 7 10:50:10 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -611,22 +611,22 @@ void aes_t4_decrypt(const unsigned char
*/
void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
unsigned char *ivec);
@@ -1168,9 +1168,9 @@ typedef struct {
static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
-# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
-# define S390X_aes_192_cbc_CAPABLE 1
-# define S390X_aes_256_cbc_CAPABLE 1
+# define S390X_aes_128_cbc_CAPABLE 0 /* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE 0
+# define S390X_aes_256_cbc_CAPABLE 0
# define S390X_AES_CBC_CTX EVP_AES_KEY
# define s390x_aes_cbc_init_key aes_init_key
@@ -1190,11 +1190,11 @@ static int s390x_aes_ecb_init_key(EVP_CI
S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
- cctx->fc = S390X_AES_FC(keylen);
- if (!enc)
- cctx->fc |= S390X_DECRYPT;
+ cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
+
+ if (key != NULL)
+ memcpy(cctx->km.param.k, key, keylen);
- memcpy(cctx->km.param.k, key, keylen);
return 1;
}
@@ -1222,14 +1222,17 @@ static int s390x_aes_ofb_init_key(EVP_CI
const unsigned char *ivec, int enc)
{
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
- memcpy(cctx->kmo.param.cv, iv, ivlen);
- memcpy(cctx->kmo.param.k, key, keylen);
cctx->fc = S390X_AES_FC(keylen);
+
+ if (key != NULL)
+ memcpy(cctx->kmo.param.k, key, keylen);
+
cctx->res = 0;
+ memcpy(cctx->kmo.param.cv, oiv, ivlen);
return 1;
}
@@ -1237,9 +1240,12 @@ static int s390x_aes_ofb_cipher(EVP_CIPH
const unsigned char *in, size_t len)
{
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int rem;
+ memcpy(cctx->kmo.param.cv, iv, ivlen);
while (n && len) {
*out = *in ^ cctx->kmo.param.cv[n];
n = (n + 1) & 0xf;
@@ -1268,6 +1274,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPH
}
}
+ memcpy(iv, cctx->kmo.param.cv, ivlen);
cctx->res = n;
return 1;
}
@@ -1287,18 +1294,18 @@ static int s390x_aes_cfb_init_key(EVP_CI
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
- cctx->fc = S390X_AES_FC(keylen);
- cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */
- if (!enc)
- cctx->fc |= S390X_DECRYPT;
+ cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
+ | (16 << 24); /* 16 bytes cipher feedback */
+
+ if (key != NULL)
+ memcpy(cctx->kmf.param.k, key, keylen);
cctx->res = 0;
- memcpy(cctx->kmf.param.cv, iv, ivlen);
- memcpy(cctx->kmf.param.k, key, keylen);
+ memcpy(cctx->kmf.param.cv, oiv, ivlen);
return 1;
}
@@ -1308,10 +1315,13 @@ static int s390x_aes_cfb_cipher(EVP_CIPH
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int rem;
unsigned char tmp;
+ memcpy(cctx->kmf.param.cv, iv, ivlen);
while (n && len) {
tmp = *in;
*out = cctx->kmf.param.cv[n] ^ tmp;
@@ -1344,6 +1354,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPH
}
}
+ memcpy(iv, cctx->kmf.param.cv, ivlen);
cctx->res = n;
return 1;
}
@@ -1360,17 +1371,18 @@ static int s390x_aes_cfb8_init_key(EVP_C
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
- cctx->fc = S390X_AES_FC(keylen);
- cctx->fc |= 1 << 24; /* 1 byte cipher feedback */
- if (!enc)
- cctx->fc |= S390X_DECRYPT;
+ cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
+ | (1 << 24); /* 1 byte cipher feedback flag */
- memcpy(cctx->kmf.param.cv, iv, ivlen);
- memcpy(cctx->kmf.param.k, key, keylen);
+ if (key != NULL)
+ memcpy(cctx->kmf.param.k, key, keylen);
+
+ cctx->res = 0;
+ memcpy(cctx->kmf.param.cv, oiv, ivlen);
return 1;
}
@@ -1378,8 +1390,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIP
const unsigned char *in, size_t len)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+ memcpy(cctx->kmf.param.cv, iv, ivlen);
s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+ memcpy(iv, cctx->kmf.param.cv, ivlen);
return 1;
}
@@ -1393,9 +1409,9 @@ static int s390x_aes_cfb8_cipher(EVP_CIP
static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
-# define S390X_aes_192_ctr_CAPABLE 1
-# define S390X_aes_256_ctr_CAPABLE 1
+# define S390X_aes_128_ctr_CAPABLE 0 /* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE 0
+# define S390X_aes_256_ctr_CAPABLE 0
# define S390X_AES_CTR_CTX EVP_AES_KEY
# define s390x_aes_ctr_init_key aes_init_key
@@ -1563,8 +1579,7 @@ static int s390x_aes_gcm(S390X_AES_GCM_C
/*-
* Initialize context structure. Code is big-endian.
*/
-static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
- const unsigned char *iv)
+static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx)
{
ctx->kma.param.t.g[0] = 0;
ctx->kma.param.t.g[1] = 0;
@@ -1575,12 +1590,11 @@ static void s390x_aes_gcm_setiv(S390X_AE
ctx->kreslen = 0;
if (ctx->ivlen == 12) {
- memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
+ memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen);
ctx->kma.param.j0.w[3] = 1;
ctx->kma.param.cv.w = 1;
} else {
/* ctx->iv has the right size and is already padded. */
- memcpy(ctx->iv, iv, ctx->ivlen);
s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
ctx->fc, &ctx->kma.param);
ctx->fc |= S390X_KMA_HS;
@@ -1694,7 +1708,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER
if (gctx->iv_gen == 0 || gctx->key_set == 0)
return 0;
- s390x_aes_gcm_setiv(gctx, gctx->iv);
+ s390x_aes_gcm_setiv(gctx);
if (arg <= 0 || arg > gctx->ivlen)
arg = gctx->ivlen;
@@ -1714,7 +1728,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER
return 0;
memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
- s390x_aes_gcm_setiv(gctx, gctx->iv);
+ s390x_aes_gcm_setiv(gctx);
gctx->iv_set = 1;
return 1;
@@ -1770,43 +1784,36 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER
}
/*-
- * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.
+ * Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned.
*/
static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
- int keylen;
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
- if (iv == NULL && key == NULL)
- return 1;
+ gctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
if (key != NULL) {
- keylen = EVP_CIPHER_CTX_key_length(ctx);
+ gctx->fc &= ~S390X_KMA_HS;
memcpy(&gctx->kma.param.k, key, keylen);
-
- gctx->fc = S390X_AES_FC(keylen);
- if (!enc)
- gctx->fc |= S390X_DECRYPT;
-
- if (iv == NULL && gctx->iv_set)
- iv = gctx->iv;
-
- if (iv != NULL) {
- s390x_aes_gcm_setiv(gctx, iv);
- gctx->iv_set = 1;
- }
gctx->key_set = 1;
- } else {
- if (gctx->key_set)
- s390x_aes_gcm_setiv(gctx, iv);
- else
- memcpy(gctx->iv, iv, gctx->ivlen);
+ }
- gctx->iv_set = 1;
+ if (iv != NULL) {
+ memcpy(gctx->iv, iv, gctx->ivlen);
gctx->iv_gen = 0;
+ gctx->iv_set = 1;
}
+
+ if (gctx->key_set && gctx->iv_set)
+ s390x_aes_gcm_setiv(gctx);
+
+ gctx->fc &= ~(S390X_KMA_LPC | S390X_KMA_LAAD);
+ gctx->areslen = 0;
+ gctx->mreslen = 0;
+ gctx->kreslen = 0;
return 1;
}
@@ -1895,7 +1902,6 @@ static int s390x_aes_gcm_cipher(EVP_CIPH
/* recall that we already did en-/decrypt gctx->mres
* and returned it to caller... */
OPENSSL_cleanse(tmp, gctx->mreslen);
- gctx->iv_set = 0;
enc = EVP_CIPHER_CTX_encrypting(ctx);
if (enc) {
@@ -1929,8 +1935,8 @@ static int s390x_aes_gcm_cleanup(EVP_CIP
}
# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX
-# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
-# define S390X_aes_256_xts_CAPABLE 1
+# define S390X_aes_128_xts_CAPABLE 0 /* checked by callee */
+# define S390X_aes_256_xts_CAPABLE 0
# define s390x_aes_xts_init_key aes_xts_init_key
static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
@@ -2134,9 +2140,10 @@ static int s390x_aes_ccm_tls_cipher(EVP_
const unsigned char *in, size_t len)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
- unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+ const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ unsigned char iv[EVP_MAX_IV_LENGTH];
if (out != in
|| len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
@@ -2152,8 +2159,9 @@ static int s390x_aes_ccm_tls_cipher(EVP_
* Get explicit iv (sequence number). We already have fixed iv
* (server/client_write_iv) here.
*/
- memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
- s390x_aes_ccm_setiv(cctx, ivec, len);
+ memcpy(iv, ivec, sizeof(iv));
+ memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ s390x_aes_ccm_setiv(cctx, iv, len);
/* Process aad (sequence number|type|version|length) */
s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
@@ -2180,42 +2188,35 @@ static int s390x_aes_ccm_tls_cipher(EVP_
}
/*-
- * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is
- * returned.
+ * Set key or iv or enc/dec. Returns 1 if successful.
+ * Otherwise 0 is returned.
*/
static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
- unsigned char *ivec;
- int keylen;
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+ unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
- if (iv == NULL && key == NULL)
- return 1;
+ cctx->aes.ccm.fc = S390X_AES_FC(keylen);
if (key != NULL) {
- keylen = EVP_CIPHER_CTX_key_length(ctx);
- cctx->aes.ccm.fc = S390X_AES_FC(keylen);
memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
-
- /* Store encoded m and l. */
- cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
- | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
- memset(cctx->aes.ccm.nonce.b + 1, 0,
- sizeof(cctx->aes.ccm.nonce.b));
- cctx->aes.ccm.blocks = 0;
-
cctx->aes.ccm.key_set = 1;
}
-
if (iv != NULL) {
- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
-
cctx->aes.ccm.iv_set = 1;
}
+ /* Store encoded m and l. */
+ cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
+ | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
+ memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1);
+
+ cctx->aes.ccm.blocks = 0;
+ cctx->aes.ccm.len_set = 0;
return 1;
}
@@ -2230,8 +2231,9 @@ static int s390x_aes_ccm_cipher(EVP_CIPH
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
+ unsigned char *buf;
int rv;
- unsigned char *buf, *ivec;
if (!cctx->aes.ccm.key_set)
return -1;
@@ -2253,7 +2255,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPH
if (out == NULL) {
/* Update(): Pass message length. */
if (in == NULL) {
- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
s390x_aes_ccm_setiv(cctx, ivec, len);
cctx->aes.ccm.len_set = 1;
@@ -2279,7 +2280,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPH
* In case message length was not previously set explicitly via
* Update(), set it now.
*/
- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
s390x_aes_ccm_setiv(cctx, ivec, len);
cctx->aes.ccm.len_set = 1;
@@ -2304,9 +2304,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPH
if (rv == -1)
OPENSSL_cleanse(out, len);
- cctx->aes.ccm.iv_set = 0;
- cctx->aes.ccm.tag_set = 0;
- cctx->aes.ccm.len_set = 0;
return rv;
}
}
@@ -2414,9 +2411,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER
return 0;
memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
- cctx->aes.ccm.tag_set = 0;
- cctx->aes.ccm.iv_set = 0;
- cctx->aes.ccm.len_set = 0;
return 1;
case EVP_CTRL_COPY:
@@ -2453,7 +2447,7 @@ static const EVP_CIPHER s390x_aes_##keyl
nid##_##keylen##_##nmode,blocksize, \
keylen / 8, \
ivlen, \
- flags | EVP_CIPH_##MODE##_MODE, \
+ flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \
s390x_aes_##mode##_init_key, \
s390x_aes_##mode##_cipher, \
NULL, \
@@ -2490,7 +2484,7 @@ static const EVP_CIPHER s390x_aes_##keyl
blocksize, \
(EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \
ivlen, \
- flags | EVP_CIPH_##MODE##_MODE, \
+ flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \
s390x_aes_##mode##_init_key, \
s390x_aes_##mode##_cipher, \
s390x_aes_##mode##_cleanup, \
Index: src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c:1.13 src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c:1.14
--- src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c:1.13 Thu Mar 25 14:51:19 2021
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c Fri Jan 7 10:50:10 2022
@@ -85,7 +85,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
* previous check attempted to avoid this if the same ENGINE and
* EVP_CIPHER could be used).
*/
- if (ctx->cipher) {
+ if (ctx->cipher
+#ifndef OPENSSL_NO_ENGINE
+ || ctx->engine
+#endif
+ || ctx->cipher_data) {
unsigned long flags = ctx->flags;
EVP_CIPHER_CTX_reset(ctx);
/* Restore encrypt and flags */
@@ -105,11 +109,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
/* There's an ENGINE for this job ... (apparently) */
const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
if (!c) {
- /*
- * One positive side-effect of US's export control history,
- * is that we should at least be able to avoid using US
- * misspellings of "initialisation"?
- */
+ ENGINE_finish(impl);
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c:1.9 Sat Mar 21 20:53:07 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/objects/o_names.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -67,8 +67,14 @@ static CRYPTO_ONCE init = CRYPTO_ONCE_ST
DEFINE_RUN_ONCE_STATIC(o_names_init)
{
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
- names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+ names_lh = NULL;
obj_lock = CRYPTO_THREAD_lock_new();
+ if (obj_lock != NULL)
+ names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+ if (names_lh == NULL) {
+ CRYPTO_THREAD_lock_free(obj_lock);
+ obj_lock = NULL;
+ }
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
return names_lh != NULL && obj_lock != NULL;
}
@@ -217,10 +223,8 @@ int OBJ_NAME_add(const char *name, int t
type &= ~OBJ_NAME_ALIAS;
onp = OPENSSL_malloc(sizeof(*onp));
- if (onp == NULL) {
- /* ERROR */
- goto unlock;
- }
+ if (onp == NULL)
+ return 0;
onp->name = name;
onp->alias = alias;
Index: src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.17 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.18
--- src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.17 Wed Dec 9 19:33:09 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -379,6 +379,11 @@ static ssize_t syscall_random(void *buf,
if (errno != ENOSYS)
return -1;
}
+# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
+ if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
+ return (ssize_t)buflen;
+
+ return -1;
# else
union {
void *p;
Index: src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.23 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.24
--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.23 Thu Mar 25 14:51:19 2021
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Fri Jan 7 10:50:11 2022
@@ -2924,6 +2924,26 @@ static int get_issuer(X509 **issuer, X50
return ok;
}
+static int augment_stack(STACK_OF(X509) *src, STACK_OF(X509) **dstPtr)
+{
+ if (src) {
+ STACK_OF(X509) *dst;
+ int i;
+
+ if (*dstPtr == NULL)
+ return ((*dstPtr = sk_X509_dup(src)) != NULL);
+
+ for (dst = *dstPtr, i = 0; i < sk_X509_num(src); ++i) {
+ if (!sk_X509_push(dst, sk_X509_value(src, i))) {
+ sk_X509_free(dst);
+ *dstPtr = NULL;
+ return 0;
+ }
+ }
+ }
+ return 1;
+}
+
static int build_chain(X509_STORE_CTX *ctx)
{
SSL_DANE *dane = ctx->dane;
@@ -2967,18 +2987,7 @@ static int build_chain(X509_STORE_CTX *c
}
/*
- * Shallow-copy the stack of untrusted certificates (with TLS, this is
- * typically the content of the peer's certificate message) so can make
- * multiple passes over it, while free to remove elements as we go.
- */
- if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
- ctx->error = X509_V_ERR_OUT_OF_MEM;
- return 0;
- }
-
- /*
- * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add
+ * If we got any "Cert(0) Full(0)" issuer certificates from DNS, *prepend*
* them to our working copy of the untrusted certificate stack. Since the
* caller of X509_STORE_CTX_init() may have provided only a leaf cert with
* no corresponding stack of untrusted certificates, we may need to create
@@ -2987,20 +2996,21 @@ static int build_chain(X509_STORE_CTX *c
* containing at least the leaf certificate, but we must be prepared for
* this to change. ]
*/
- if (DANETLS_ENABLED(dane) && dane->certs != NULL) {
- if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) {
- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
- ctx->error = X509_V_ERR_OUT_OF_MEM;
- return 0;
- }
- for (i = 0; i < sk_X509_num(dane->certs); ++i) {
- if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) {
- sk_X509_free(sktmp);
- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
- ctx->error = X509_V_ERR_OUT_OF_MEM;
- return 0;
- }
- }
+ if (DANETLS_ENABLED(dane) && !augment_stack(dane->certs, &sktmp)) {
+ X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
+ return 0;
+ }
+
+ /*
+ * Shallow-copy the stack of untrusted certificates (with TLS, this is
+ * typically the content of the peer's certificate message) so can make
+ * multiple passes over it, while free to remove elements as we go.
+ */
+ if (!augment_stack(ctx->untrusted, &sktmp)) {
+ X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
+ return 0;
}
/*
Index: src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.11 src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.12
--- src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.11 Fri Feb 19 22:22:13 2021
+++ src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c Fri Jan 7 10:50:11 2022
@@ -342,12 +342,11 @@ int dtls1_is_timer_expired(SSL *s)
return 1;
}
-void dtls1_double_timeout(SSL *s)
+static void dtls1_double_timeout(SSL *s)
{
s->d1->timeout_duration_us *= 2;
if (s->d1->timeout_duration_us > 60000000)
s->d1->timeout_duration_us = 60000000;
- dtls1_start_timer(s);
}
void dtls1_stop_timer(SSL *s)
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c:1.10 src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c:1.11
--- src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c:1.10 Sat Mar 21 20:53:10 2020
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -128,7 +128,7 @@ char ssl3_cbc_record_digest_supported(co
int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
unsigned char *md_out,
size_t *md_out_size,
- const unsigned char header[13],
+ const unsigned char *header,
const unsigned char *data,
size_t data_plus_mac_size,
size_t data_plus_mac_plus_padding_size,
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.20 src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.21
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.20 Sat Mar 21 20:53:10 2020
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -1601,6 +1601,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
if (!sk_SSL_CIPHER_push(cipherstack,
sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+ OPENSSL_free(co_list);
sk_SSL_CIPHER_free(cipherstack);
return NULL;
}
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.20 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.21
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.20 Thu Mar 25 14:51:19 2021
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c Fri Jan 7 10:50:11 2022
@@ -1684,6 +1684,8 @@ static int ssl_start_async_job(SSL *s, s
if (s->waitctx == NULL)
return -1;
}
+
+ s->rwstate = SSL_NOTHING;
switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
sizeof(struct ssl_async_args))) {
case ASYNC_ERR:
@@ -2119,6 +2121,11 @@ int SSL_key_update(SSL *s, int updatetyp
return 0;
}
+ if (RECORD_LAYER_write_pending(&s->rlayer)) {
+ SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY);
+ return 0;
+ }
+
ossl_statem_set_in_init(s, 1);
s->key_update = updatetype;
return 1;
@@ -2829,6 +2836,19 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *
}
#endif
+static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
+{
+ unsigned int idx;
+
+ if (protos_len < 2 || protos == NULL)
+ return 0;
+
+ for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
+ if (protos[idx] == 0)
+ return 0;
+ }
+ return idx == protos_len;
+}
/*
* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
* |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
@@ -2837,13 +2857,25 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned int protos_len)
{
- OPENSSL_free(ctx->ext.alpn);
- ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
- if (ctx->ext.alpn == NULL) {
+ unsigned char *alpn;
+
+ if (protos_len == 0 || protos == NULL) {
+ OPENSSL_free(ctx->ext.alpn);
+ ctx->ext.alpn = NULL;
ctx->ext.alpn_len = 0;
+ return 0;
+ }
+ /* Not valid per RFC */
+ if (!alpn_value_ok(protos, protos_len))
+ return 1;
+
+ alpn = OPENSSL_memdup(protos, protos_len);
+ if (alpn == NULL) {
SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}
+ OPENSSL_free(ctx->ext.alpn);
+ ctx->ext.alpn = alpn;
ctx->ext.alpn_len = protos_len;
return 0;
@@ -2857,13 +2889,25 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx
int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned int protos_len)
{
- OPENSSL_free(ssl->ext.alpn);
- ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
- if (ssl->ext.alpn == NULL) {
+ unsigned char *alpn;
+
+ if (protos_len == 0 || protos == NULL) {
+ OPENSSL_free(ssl->ext.alpn);
+ ssl->ext.alpn = NULL;
ssl->ext.alpn_len = 0;
+ return 0;
+ }
+ /* Not valid per RFC */
+ if (!alpn_value_ok(protos, protos_len))
+ return 1;
+
+ alpn = OPENSSL_memdup(protos, protos_len);
+ if (alpn == NULL) {
SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}
+ OPENSSL_free(ssl->ext.alpn);
+ ssl->ext.alpn = alpn;
ssl->ext.alpn_len = protos_len;
return 0;
@@ -4520,8 +4564,11 @@ int ssl_handshake_hash(SSL *s, unsigned
}
ctx = EVP_MD_CTX_new();
- if (ctx == NULL)
+ if (ctx == NULL) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+ ERR_R_INTERNAL_ERROR);
goto err;
+ }
if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
|| EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.18 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.19
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.18 Sun Apr 5 17:53:45 2020
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c Fri Jan 7 10:50:11 2022
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -85,6 +85,7 @@ static const ERR_STRING_DATA SSL_str_fun
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0),
"final_maxfragmentlen"},
+ {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_PSK, 0), "final_psk"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"},
@@ -948,6 +949,8 @@ static const ERR_STRING_DATA SSL_str_rea
"missing ecdsa signing cert"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION),
+ "missing psk kex modes extension"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE),
"missing rsa certificate"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT),
@@ -1018,6 +1021,8 @@ static const ERR_STRING_DATA SSL_str_rea
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
"null ssl method passed"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
+ "ocsp callback failure"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
"old session cipher not returned"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.33 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.34
--- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.33 Wed Dec 9 19:33:10 2020
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2441,7 +2441,8 @@ DH *ssl_get_auto_dh(SSL *s)
{
DH *dhp = NULL;
BIGNUM *p = NULL, *g = NULL;
- int dh_secbits = 80;
+ int dh_secbits = 80, sec_level_bits;
+
if (s->cert->dh_tmp_auto != 2) {
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
if (s->s3->tmp.new_cipher->strength_bits == 256)
@@ -2464,6 +2465,12 @@ DH *ssl_get_auto_dh(SSL *s)
BN_free(g);
return NULL;
}
+
+ /* Do not pick a prime that is too weak for the current security level */
+ sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL);
+ if (dh_secbits < sec_level_bits)
+ dh_secbits = sec_level_bits;
+
if (dh_secbits >= 192)
p = BN_get_rfc3526_prime_8192(NULL);
else if (dh_secbits >= 152)
Index: src/crypto/external/bsd/openssl/dist/test/bntest.c
diff -u src/crypto/external/bsd/openssl/dist/test/bntest.c:1.8 src/crypto/external/bsd/openssl/dist/test/bntest.c:1.9
--- src/crypto/external/bsd/openssl/dist/test/bntest.c:1.8 Sat Mar 21 20:53:11 2020
+++ src/crypto/external/bsd/openssl/dist/test/bntest.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,6 @@
/*
* Things in boring, not in openssl. TODO we should add them.
*/
-#define HAVE_BN_PADDED 0
#define HAVE_BN_SQRT 0
typedef struct filetest_st {
@@ -305,6 +304,75 @@ static int test_div_recip(void)
return st;
}
+static struct {
+ int n, divisor, result, remainder;
+} signed_mod_tests[] = {
+ { 10, 3, 3, 1 },
+ { -10, 3, -3, -1 },
+ { 10, -3, -3, 1 },
+ { -10, -3, 3, -1 },
+};
+
+static BIGNUM *set_signed_bn(int value)
+{
+ BIGNUM *bn = BN_new();
+
+ if (bn == NULL)
+ return NULL;
+ if (!BN_set_word(bn, value < 0 ? -value : value)) {
+ BN_free(bn);
+ return NULL;
+ }
+ BN_set_negative(bn, value < 0);
+ return bn;
+}
+
+static int test_signed_mod_replace_ab(int n)
+{
+ BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL;
+ int st = 0;
+
+ if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n))
+ || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor))
+ || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result))
+ || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder)))
+ goto err;
+
+ if (TEST_true(BN_div(a, b, a, b, ctx))
+ && TEST_BN_eq(a, c)
+ && TEST_BN_eq(b, d))
+ st = 1;
+ err:
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ return st;
+}
+
+static int test_signed_mod_replace_ba(int n)
+{
+ BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL;
+ int st = 0;
+
+ if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n))
+ || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor))
+ || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result))
+ || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder)))
+ goto err;
+
+ if (TEST_true(BN_div(b, a, a, b, ctx))
+ && TEST_BN_eq(b, c)
+ && TEST_BN_eq(a, d))
+ st = 1;
+ err:
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ return st;
+}
+
static int test_mod(void)
{
BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL;
@@ -326,8 +394,10 @@ static int test_mod(void)
BN_set_negative(b, rand_neg());
if (!(TEST_true(BN_mod(c, a, b, ctx))
&& TEST_true(BN_div(d, e, a, b, ctx))
- && TEST_true(BN_sub(e, e, c))
- && TEST_BN_eq_zero(e)))
+ && TEST_BN_eq(e, c)
+ && TEST_true(BN_mul(c, d, b, ctx))
+ && TEST_true(BN_add(d, c, e))
+ && TEST_BN_eq(d, a)))
goto err;
}
st = 1;
@@ -557,6 +627,51 @@ static int test_modexp_mont5(void)
if (!TEST_BN_eq(c, d))
goto err;
+ /*
+ * Regression test for overflow bug in bn_sqr_comba4/8 for
+ * mips-linux-gnu and mipsel-linux-gnu 32bit targets.
+ */
+ {
+ static const char *ehex[] = {
+ "95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee",
+ "38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5",
+ "8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a",
+ "5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985",
+ "2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1",
+ "a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680",
+ "b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e",
+ "da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465",
+ NULL};
+ static const char *phex[] = {
+ "f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241",
+ "a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31",
+ "2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053",
+ "c776d3982d391b6d04d642dda5cc6d1640174c09875addb70595658f89efb439",
+ "dc6fbd55f903aadd307982d3f659207f265e1ec6271b274521b7a5e28e8fd7a5",
+ "5df089292820477802a43cf5b6b94e999e8c9944ddebb0d0e95a60f88cb7e813",
+ "ba110d20e1024774107dd02949031864923b3cb8c3f7250d6d1287b0a40db6a4",
+ "7bd5a469518eb65aa207ddc47d8c6e5fc8e0c105be8fc1d4b57b2e27540471d5",
+ NULL};
+ static const char *mhex[] = {
+ "fef15d5ce4625f1bccfbba49fc8439c72bf8202af039a2259678941b60bb4a8f",
+ "2987e965d58fd8cf86a856674d519763d0e1211cc9f8596971050d56d9b35db3",
+ "785866cfbca17cfdbed6060be3629d894f924a89fdc1efc624f80d41a22f1900",
+ "9503fcc3824ef62ccb9208430c26f2d8ceb2c63488ec4c07437aa4c96c43dd8b",
+ "9289ed00a712ff66ee195dc71f5e4ead02172b63c543d69baf495f5fd63ba7bc",
+ "c633bd309c016e37736da92129d0b053d4ab28d21ad7d8b6fab2a8bbdc8ee647",
+ "d2fbcf2cf426cf892e6f5639e0252993965dfb73ccd277407014ea784aaa280c",
+ "b7b03972bc8b0baa72360bdb44b82415b86b2f260f877791cd33ba8f2d65229b",
+ NULL};
+
+ if (!TEST_true(parse_bigBN(&e, ehex))
+ || !TEST_true(parse_bigBN(&p, phex))
+ || !TEST_true(parse_bigBN(&m, mhex))
+ || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
+ || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx))
+ || !TEST_BN_eq(a, d))
+ goto err;
+ }
+
/* Zero input */
if (!TEST_true(BN_bntest_rand(p, 1024, 0, 0)))
goto err;
@@ -1660,52 +1775,52 @@ static int file_gcd(STANZA *s)
static int test_bn2padded(void)
{
-#if HAVE_BN_PADDED
uint8_t zeros[256], out[256], reference[128];
- BIGNUM *n = BN_new();
+ size_t bytes;
+ BIGNUM *n;
int st = 0;
/* Test edge case at 0. */
- if (n == NULL)
+ if (!TEST_ptr((n = BN_new())))
goto err;
- if (!TEST_true(BN_bn2bin_padded(NULL, 0, n)))
+ if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), 0))
goto err;
memset(out, -1, sizeof(out));
- if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n))
+ if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out)))
goto err;
memset(zeros, 0, sizeof(zeros));
if (!TEST_mem_eq(zeros, sizeof(zeros), out, sizeof(out)))
goto err;
/* Test a random numbers at various byte lengths. */
- for (size_t bytes = 128 - 7; bytes <= 128; bytes++) {
+ for (bytes = 128 - 7; bytes <= 128; bytes++) {
# define TOP_BIT_ON 0
# define BOTTOM_BIT_NOTOUCH 0
if (!TEST_true(BN_rand(n, bytes * 8, TOP_BIT_ON, BOTTOM_BIT_NOTOUCH)))
goto err;
- if (!TEST_int_eq(BN_num_bytes(n),A) bytes
- || TEST_int_eq(BN_bn2bin(n, reference), bytes))
+ if (!TEST_int_eq(BN_num_bytes(n), bytes)
+ || !TEST_int_eq(BN_bn2bin(n, reference), bytes))
goto err;
/* Empty buffer should fail. */
- if (!TEST_int_eq(BN_bn2bin_padded(NULL, 0, n)), 0)
+ if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), -1))
goto err;
/* One byte short should fail. */
- if (BN_bn2bin_padded(out, bytes - 1, n))
+ if (!TEST_int_eq(BN_bn2binpad(n, out, bytes - 1), -1))
goto err;
/* Exactly right size should encode. */
- if (!TEST_true(BN_bn2bin_padded(out, bytes, n))
- || TEST_mem_eq(out, bytes, reference, bytes))
+ if (!TEST_int_eq(BN_bn2binpad(n, out, bytes), bytes)
+ || !TEST_mem_eq(out, bytes, reference, bytes))
goto err;
/* Pad up one byte extra. */
- if (!TEST_true(BN_bn2bin_padded(out, bytes + 1, n))
+ if (!TEST_int_eq(BN_bn2binpad(n, out, bytes + 1), bytes + 1)
|| !TEST_mem_eq(out + 1, bytes, reference, bytes)
|| !TEST_mem_eq(out, 1, zeros, 1))
goto err;
/* Pad up to 256. */
- if (!TEST_true(BN_bn2bin_padded(out, sizeof(out)), n)
+ if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out))
|| !TEST_mem_eq(out + sizeof(out) - bytes, bytes,
reference, bytes)
- || !TEST_mem_eq(out, sizseof(out) - bytes,
+ || !TEST_mem_eq(out, sizeof(out) - bytes,
zeros, sizeof(out) - bytes))
goto err;
}
@@ -1714,9 +1829,6 @@ static int test_bn2padded(void)
err:
BN_free(n);
return st;
-#else
- return ctx != NULL;
-#endif
}
static int test_dec2bn(void)
@@ -2759,6 +2871,8 @@ int setup_tests(void)
if (n == 0) {
ADD_TEST(test_sub);
ADD_TEST(test_div_recip);
+ ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests));
+ ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests));
ADD_TEST(test_mod);
ADD_TEST(test_modexp_mont5);
ADD_TEST(test_kronecker);
Index: src/crypto/external/bsd/openssl/dist/test/ectest.c
diff -u src/crypto/external/bsd/openssl/dist/test/ectest.c:1.8 src/crypto/external/bsd/openssl/dist/test/ectest.c:1.9
--- src/crypto/external/bsd/openssl/dist/test/ectest.c:1.8 Wed Dec 9 19:33:10 2020
+++ src/crypto/external/bsd/openssl/dist/test/ectest.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -1124,7 +1124,56 @@ err:
BN_free(yplusone);
return r;
}
-# endif
+
+static int hybrid_point_encoding_test(void)
+{
+ BIGNUM *x = NULL, *y = NULL;
+ EC_GROUP *group = NULL;
+ EC_POINT *point = NULL;
+ unsigned char *buf = NULL;
+ size_t len;
+ int r = 0;
+
+ if (!TEST_true(BN_dec2bn(&x, "0"))
+ || !TEST_true(BN_dec2bn(&y, "1"))
+ || !TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_sect571k1))
+ || !TEST_ptr(point = EC_POINT_new(group))
+ || !TEST_true(EC_POINT_set_affine_coordinates(group, point, x, y, NULL))
+ || !TEST_size_t_ne(0, (len = EC_POINT_point2oct(group,
+ point,
+ POINT_CONVERSION_HYBRID,
+ NULL,
+ 0,
+ NULL)))
+ || !TEST_ptr(buf = OPENSSL_malloc(len))
+ || !TEST_size_t_eq(len, EC_POINT_point2oct(group,
+ point,
+ POINT_CONVERSION_HYBRID,
+ buf,
+ len,
+ NULL)))
+ goto err;
+
+ r = 1;
+
+ /* buf contains a valid hybrid point, check that we can decode it. */
+ if (!TEST_true(EC_POINT_oct2point(group, point, buf, len, NULL)))
+ r = 0;
+
+ /* Flip the y_bit and verify that the invalid encoding is rejected. */
+ buf[0] ^= 1;
+ if (!TEST_false(EC_POINT_oct2point(group, point, buf, len, NULL)))
+ r = 0;
+
+err:
+ BN_free(x);
+ BN_free(y);
+ EC_GROUP_free(group);
+ EC_POINT_free(point);
+ OPENSSL_free(buf);
+ return r;
+}
+#endif
static int internal_curve_test(int n)
{
@@ -2195,6 +2244,7 @@ int setup_tests(void)
ADD_ALL_TESTS(cardinality_test, crv_len);
ADD_TEST(prime_field_tests);
# ifndef OPENSSL_NO_EC2M
+ ADD_TEST(hybrid_point_encoding_test);
ADD_TEST(char2_field_tests);
ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
# endif
Index: src/crypto/external/bsd/openssl/dist/test/evp_test.c
diff -u src/crypto/external/bsd/openssl/dist/test/evp_test.c:1.8 src/crypto/external/bsd/openssl/dist/test/evp_test.c:1.9
--- src/crypto/external/bsd/openssl/dist/test/evp_test.c:1.8 Wed Jan 22 21:54:56 2020
+++ src/crypto/external/bsd/openssl/dist/test/evp_test.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1777,7 +1777,7 @@ static int kdf_test_run(EVP_TEST *t)
unsigned char *got = NULL;
size_t got_len = expected->output_len;
- if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
+ if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) {
t->err = "INTERNAL_ERROR";
goto err;
}
Index: src/crypto/external/bsd/openssl/dist/test/rsa_test.c
diff -u src/crypto/external/bsd/openssl/dist/test/rsa_test.c:1.8 src/crypto/external/bsd/openssl/dist/test/rsa_test.c:1.9
--- src/crypto/external/bsd/openssl/dist/test/rsa_test.c:1.8 Thu Mar 25 14:51:19 2021
+++ src/crypto/external/bsd/openssl/dist/test/rsa_test.c Fri Jan 7 10:50:11 2022
@@ -306,7 +306,6 @@ static int test_rsa_oaep(int idx)
int ret = 0;
RSA *key = NULL;
unsigned char ptext[256];
- unsigned char ctext[256];
static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
unsigned char ctext_ex[256];
int plen;
@@ -328,17 +327,17 @@ static int test_rsa_oaep(int idx)
/* Try decrypting corrupted ciphertexts. */
for (n = 0; n < clen; ++n) {
- ctext[n] ^= 1;
- num = RSA_private_decrypt(clen, ctext, ptext, key,
+ ctext_ex[n] ^= 1;
+ num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
RSA_PKCS1_OAEP_PADDING);
if (!TEST_int_le(num, 0))
goto err;
- ctext[n] ^= 1;
+ ctext_ex[n] ^= 1;
}
/* Test truncated ciphertexts, as well as negative length. */
for (n = -1; n < clen; ++n) {
- num = RSA_private_decrypt(n, ctext, ptext, key,
+ num = RSA_private_decrypt(n, ctext_ex, ptext, key,
RSA_PKCS1_OAEP_PADDING);
if (!TEST_int_le(num, 0))
goto err;
Index: src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c
diff -u src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.9 src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.10
--- src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.9 Sat Mar 21 20:53:11 2020
+++ src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <openssl/aes.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
@@ -19,6 +20,7 @@
#include <openssl/pem.h>
#include <openssl/kdf.h>
#include <openssl/dh.h>
+#include <openssl/engine.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "crypto/evp.h"
@@ -320,6 +322,96 @@ static const unsigned char pExampleECPar
};
#endif
+static const unsigned char kCFBDefaultKey[] = {
+ 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
+ 0x09, 0xCF, 0x4F, 0x3C
+};
+
+static const unsigned char kGCMDefaultKey[32] = { 0 };
+
+static const unsigned char kGCMResetKey[] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
+ 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+};
+
+static const unsigned char iCFBIV[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
+ 0x0C, 0x0D, 0x0E, 0x0F
+};
+
+static const unsigned char iGCMDefaultIV[12] = { 0 };
+
+static const unsigned char iGCMResetIV1[] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
+};
+
+static const unsigned char iGCMResetIV2[] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
+};
+
+static const unsigned char cfbPlaintext[] = {
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
+ 0x73, 0x93, 0x17, 0x2A
+};
+
+static const unsigned char gcmDefaultPlaintext[16] = { 0 };
+
+static const unsigned char gcmResetPlaintext[] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
+ 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
+ 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
+};
+
+static const unsigned char cfbCiphertext[] = {
+ 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
+ 0xE8, 0x3C, 0xFB, 0x4A
+};
+
+static const unsigned char gcmDefaultCiphertext[] = {
+ 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
+ 0xba, 0xf3, 0x9d, 0x18
+};
+
+static const unsigned char gcmResetCiphertext1[] = {
+ 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
+ 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
+ 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
+ 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
+ 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
+};
+
+static const unsigned char gcmResetCiphertext2[] = {
+ 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
+ 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+ 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
+ 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+ 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
+};
+
+static const unsigned char gcmAAD[] = {
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
+};
+
+static const unsigned char gcmDefaultTag[] = {
+ 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
+ 0xd4, 0x8a, 0xb9, 0x19
+};
+
+static const unsigned char gcmResetTag1[] = {
+ 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
+ 0xfe, 0x2e, 0xa8, 0xf2
+};
+
+static const unsigned char gcmResetTag2[] = {
+ 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
+ 0xbb, 0x2d, 0x55, 0x1b
+};
+
+
typedef struct APK_DATA_st {
const unsigned char *kder;
size_t size;
@@ -330,6 +422,494 @@ typedef struct APK_DATA_st {
int type; /* 0 for private, 1 for public, 2 for params */
} APK_DATA;
+typedef struct {
+ const char *cipher;
+ const unsigned char *key;
+ const unsigned char *iv;
+ const unsigned char *input;
+ const unsigned char *expected;
+ const unsigned char *tag;
+ size_t ivlen; /* 0 if we do not need to set a specific IV len */
+ size_t inlen;
+ size_t expectedlen;
+ size_t taglen;
+ int keyfirst;
+ int initenc;
+ int finalenc;
+} EVP_INIT_TEST_st;
+
+static const EVP_INIT_TEST_st evp_init_tests[] = {
+ {
+ "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
+ cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
+ 0, 1, 0, 1
+ },
+ {
+ "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
+ gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
+ sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
+ sizeof(gcmDefaultTag), 1, 0, 1
+ },
+ {
+ "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
+ cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
+ 0, 0, 0, 1
+ },
+ {
+ "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
+ gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
+ sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
+ sizeof(gcmDefaultTag), 0, 0, 1
+ },
+ {
+ "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
+ cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
+ 0, 1, 1, 0
+ },
+ {
+ "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
+ gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
+ sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
+ sizeof(gcmDefaultTag), 1, 1, 0
+ },
+ {
+ "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
+ cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
+ 0, 0, 1, 0
+ },
+ {
+ "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
+ gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
+ sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
+ sizeof(gcmDefaultTag), 0, 1, 0
+ }
+};
+
+static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
+{
+ int res = 0;
+
+ if (t->ivlen != 0) {
+ if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
+ goto err;
+ res = 1;
+ err:
+ return res;
+}
+
+/*
+ * Test step-wise cipher initialization via EVP_CipherInit_ex where the
+ * arguments are given one at a time and a final adjustment to the enc
+ * parameter sets the correct operation.
+ */
+static int test_evp_init_seq(int idx)
+{
+ int outlen1, outlen2;
+ int testresult = 0;
+ unsigned char outbuf[1024];
+ unsigned char tag[16];
+ const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
+ EVP_CIPHER_CTX *ctx = NULL;
+ const EVP_CIPHER *type = NULL;
+ size_t taglen = sizeof(tag);
+ char *errmsg = NULL;
+
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL) {
+ errmsg = "CTX_ALLOC";
+ goto err;
+ }
+ if (!TEST_ptr(type = EVP_get_cipherbyname(t->cipher))) {
+ errmsg = "GET_CIPHERBYNAME";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
+ errmsg = "EMPTY_ENC_INIT";
+ goto err;
+ }
+ if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
+ errmsg = "PADDING";
+ goto err;
+ }
+ if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
+ errmsg = "KEY_INIT (before iv)";
+ goto err;
+ }
+ if (!evp_init_seq_set_iv(ctx, t)) {
+ errmsg = "IV_INIT";
+ goto err;
+ }
+ if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
+ errmsg = "KEY_INIT (after iv)";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
+ errmsg = "FINAL_ENC_INIT";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
+ errmsg = "CIPHER_UPDATE";
+ goto err;
+ }
+ if (t->finalenc == 0 && t->tag != NULL) {
+ /* Set expected tag */
+ if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+ t->taglen, (void *)t->tag))) {
+ errmsg = "SET_TAG";
+ goto err;
+ }
+ }
+ if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
+ errmsg = "CIPHER_FINAL";
+ goto err;
+ }
+ if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
+ errmsg = "WRONG_RESULT";
+ goto err;
+ }
+ if (t->finalenc != 0 && t->tag != NULL) {
+ if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
+ errmsg = "GET_TAG";
+ goto err;
+ }
+ if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
+ errmsg = "TAG_ERROR";
+ goto err;
+ }
+ }
+ testresult = 1;
+ err:
+ if (errmsg != NULL)
+ TEST_info("evp_init_test %d: %s", idx, errmsg);
+ EVP_CIPHER_CTX_free(ctx);
+ return testresult;
+}
+
+typedef struct {
+ const unsigned char *input;
+ const unsigned char *expected;
+ size_t inlen;
+ size_t expectedlen;
+ int enc;
+} EVP_RESET_TEST_st;
+
+static const EVP_RESET_TEST_st evp_reset_tests[] = {
+ {
+ cfbPlaintext, cfbCiphertext,
+ sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
+ },
+ {
+ cfbCiphertext, cfbPlaintext,
+ sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
+ }
+};
+
+/*
+ * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
+ * been used.
+ */
+static int test_evp_reset(int idx)
+{
+ const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
+ int outlen1, outlen2;
+ int testresult = 0;
+ unsigned char outbuf[1024];
+ EVP_CIPHER_CTX *ctx = NULL;
+ const EVP_CIPHER *type = NULL;
+ char *errmsg = NULL;
+
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
+ errmsg = "CTX_ALLOC";
+ goto err;
+ }
+ if (!TEST_ptr(type = EVP_get_cipherbyname("aes-128-cfb"))) {
+ errmsg = "GET_CIPHERBYNAME";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
+ errmsg = "CIPHER_INIT";
+ goto err;
+ }
+ if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
+ errmsg = "PADDING";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
+ errmsg = "CIPHER_UPDATE";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
+ errmsg = "CIPHER_FINAL";
+ goto err;
+ }
+ if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
+ errmsg = "WRONG_RESULT";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
+ errmsg = "CIPHER_REINIT";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
+ errmsg = "CIPHER_UPDATE (reinit)";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
+ errmsg = "CIPHER_FINAL (reinit)";
+ goto err;
+ }
+ if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
+ errmsg = "WRONG_RESULT (reinit)";
+ goto err;
+ }
+ testresult = 1;
+ err:
+ if (errmsg != NULL)
+ TEST_info("test_evp_reset %d: %s", idx, errmsg);
+ EVP_CIPHER_CTX_free(ctx);
+ return testresult;
+}
+
+typedef struct {
+ const unsigned char *iv1;
+ const unsigned char *iv2;
+ const unsigned char *expected1;
+ const unsigned char *expected2;
+ const unsigned char *tag1;
+ const unsigned char *tag2;
+ size_t ivlen1;
+ size_t ivlen2;
+ size_t expectedlen1;
+ size_t expectedlen2;
+} TEST_GCM_IV_REINIT_st;
+
+static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
+ {
+ iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
+ gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
+ sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
+ },
+ {
+ iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
+ gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
+ sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
+ }
+};
+
+static int test_gcm_reinit(int idx)
+{
+ int outlen1, outlen2, outlen3;
+ int testresult = 0;
+ unsigned char outbuf[1024];
+ unsigned char tag[16];
+ const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
+ EVP_CIPHER_CTX *ctx = NULL;
+ const EVP_CIPHER *type = NULL;
+ size_t taglen = sizeof(tag);
+ char *errmsg = NULL;
+
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
+ errmsg = "CTX_ALLOC";
+ goto err;
+ }
+ if (!TEST_ptr(type = EVP_get_cipherbyname("aes-256-gcm"))) {
+ errmsg = "GET_CIPHERBYNAME";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
+ errmsg = "ENC_INIT";
+ goto err;
+ }
+ if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
+ errmsg = "SET_IVLEN1";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
+ errmsg = "SET_IV1";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
+ errmsg = "AAD1";
+ goto err;
+ }
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+ if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
+ sizeof(gcmResetPlaintext)))) {
+ errmsg = "CIPHER_UPDATE1";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
+ errmsg = "CIPHER_FINAL1";
+ goto err;
+ }
+ if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
+ errmsg = "WRONG_RESULT1";
+ goto err;
+ }
+ if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
+ errmsg = "GET_TAG1";
+ goto err;
+ }
+ if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
+ errmsg = "TAG_ERROR1";
+ goto err;
+ }
+ /* Now reinit */
+ if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
+ errmsg = "SET_IVLEN2";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
+ errmsg = "SET_IV2";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
+ errmsg = "AAD2";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
+ sizeof(gcmResetPlaintext)))) {
+ errmsg = "CIPHER_UPDATE2";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
+ errmsg = "CIPHER_FINAL2";
+ goto err;
+ }
+ if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
+ errmsg = "WRONG_RESULT2";
+ goto err;
+ }
+ if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
+ errmsg = "GET_TAG2";
+ goto err;
+ }
+ if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
+ errmsg = "TAG_ERROR2";
+ goto err;
+ }
+ testresult = 1;
+ err:
+ if (errmsg != NULL)
+ TEST_info("evp_init_test %d: %s", idx, errmsg);
+ EVP_CIPHER_CTX_free(ctx);
+ return testresult;
+}
+
+typedef struct {
+ const char *cipher;
+ int enc;
+} EVP_UPDATED_IV_TEST_st;
+
+static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
+ {
+ "aes-128-cfb", 1
+ },
+ {
+ "aes-128-cfb", 0
+ },
+ {
+ "aes-128-cfb1", 1
+ },
+ {
+ "aes-128-cfb1", 0
+ },
+ {
+ "aes-128-cfb128", 1
+ },
+ {
+ "aes-128-cfb128", 0
+ },
+ {
+ "aes-128-cfb8", 1
+ },
+ {
+ "aes-128-cfb8", 0
+ },
+ {
+ "aes-128-ofb", 1
+ },
+ {
+ "aes-128-ofb", 0
+ },
+ {
+ "aes-128-ctr", 1
+ },
+ {
+ "aes-128-ctr", 0
+ },
+ {
+ "aes-128-cbc", 1
+ },
+ {
+ "aes-128-cbc", 0
+ }
+};
+
+/*
+ * Test that the IV in the context is updated during a crypto operation for CFB
+ * and OFB.
+ */
+static int test_evp_updated_iv(int idx)
+{
+ const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
+ int outlen1, outlen2;
+ int testresult = 0;
+ unsigned char outbuf[1024];
+ EVP_CIPHER_CTX *ctx = NULL;
+ const EVP_CIPHER *type = NULL;
+ const unsigned char *updated_iv;
+ int iv_len;
+ char *errmsg = NULL;
+
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
+ errmsg = "CTX_ALLOC";
+ goto err;
+ }
+ if ((type = EVP_get_cipherbyname(t->cipher)) == NULL) {
+ TEST_info("cipher %s not supported, skipping", t->cipher);
+ goto ok;
+ }
+ if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
+ errmsg = "CIPHER_INIT";
+ goto err;
+ }
+ if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
+ errmsg = "PADDING";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
+ errmsg = "CIPHER_UPDATE";
+ goto err;
+ }
+ if (!TEST_ptr(updated_iv = EVP_CIPHER_CTX_iv(ctx))) {
+ errmsg = "CIPHER_CTX_IV";
+ goto err;
+ }
+ if (!TEST_true(iv_len = EVP_CIPHER_CTX_iv_length(ctx))) {
+ errmsg = "CIPHER_CTX_IV_LEN";
+ goto err;
+ }
+ if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
+ errmsg = "IV_NOT_UPDATED";
+ goto err;
+ }
+ if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
+ errmsg = "CIPHER_FINAL";
+ goto err;
+ }
+ ok:
+ testresult = 1;
+ err:
+ if (errmsg != NULL)
+ TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
+ EVP_CIPHER_CTX_free(ctx);
+ return testresult;
+}
+
static APK_DATA keydata[] = {
{kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
{kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
@@ -818,10 +1398,14 @@ static struct keys_st {
} keys[] = {
{
EVP_PKEY_HMAC, "0123456789", NULL
+#ifndef OPENSSL_NO_POLY1305
}, {
EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
+#endif
+#ifndef OPENSSL_NO_SIPHASH
}, {
EVP_PKEY_SIPHASH, "0123456789012345", NULL
+#endif
},
#ifndef OPENSSL_NO_EC
{
@@ -851,18 +1435,22 @@ static int test_set_get_raw_keys_int(int
EVP_PKEY *pkey;
/* Check if this algorithm supports public keys */
- if (keys[tst].pub == NULL)
+ if (pub && keys[tst].pub == NULL)
return 1;
memset(buf, 0, sizeof(buf));
if (pub) {
+#ifndef OPENSSL_NO_EC
inlen = strlen(keys[tst].pub);
in = (unsigned char *)keys[tst].pub;
pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
NULL,
in,
inlen);
+#else
+ return 1;
+#endif
} else {
inlen = strlen(keys[tst].priv);
in = (unsigned char *)keys[tst].priv;
@@ -873,6 +1461,7 @@ static int test_set_get_raw_keys_int(int
}
if (!TEST_ptr(pkey)
+ || !TEST_int_eq(EVP_PKEY_cmp(pkey, pkey), 1)
|| (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
|| (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
|| !TEST_true(len == inlen)
@@ -1171,10 +1760,172 @@ static int test_EVP_PKEY_set1_DH(void)
return ret;
}
-#endif
+#endif /* OPENSSL_NO_DH */
+
+#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
+/* Test we can create a signature keys with an associated ENGINE */
+static int test_signatures_with_engine(int tst)
+{
+ ENGINE *e;
+ const char *engine_id = "dasync";
+ EVP_PKEY *pkey = NULL;
+ const unsigned char badcmackey[] = { 0x00, 0x01 };
+ const unsigned char cmackey[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f
+ };
+ const unsigned char ed25519key[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+ };
+ const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
+ int testresult = 0;
+ EVP_MD_CTX *ctx = NULL;
+ unsigned char *mac = NULL;
+ size_t maclen = 0;
+ int ret;
+
+# ifdef OPENSSL_NO_CMAC
+ /* Skip CMAC tests in a no-cmac build */
+ if (tst <= 1)
+ return 1;
+# endif
+
+ if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
+ return 0;
+
+ if (!TEST_true(ENGINE_init(e))) {
+ ENGINE_free(e);
+ return 0;
+ }
+
+ switch (tst) {
+ case 0:
+ pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
+ EVP_aes_128_cbc());
+ break;
+ case 1:
+ pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
+ EVP_aes_128_cbc());
+ break;
+ case 2:
+ pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
+ sizeof(ed25519key));
+ break;
+ default:
+ TEST_error("Invalid test case");
+ goto err;
+ }
+ if (tst == 1) {
+ /*
+ * In 1.1.1 CMAC keys will fail to during EVP_PKEY_new_CMAC_key() if the
+ * key is bad. In later versions this isn't detected until later.
+ */
+ if (!TEST_ptr_null(pkey))
+ goto err;
+ } else {
+ if (!TEST_ptr(pkey))
+ goto err;
+ }
+
+ if (tst == 0 || tst == 1) {
+ /*
+ * We stop the test here for tests 0 and 1. The dasync engine doesn't
+ * actually support CMAC in 1.1.1.
+ */
+ testresult = 1;
+ goto err;
+ }
+
+ if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
+ goto err;
+
+ ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
+ pkey);
+ if (tst == 0) {
+ if (!TEST_true(ret))
+ goto err;
+
+ if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
+ || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
+ goto err;
+
+ if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
+ goto err;
+
+ if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
+ goto err;
+ } else {
+ /* We used a bad key. We expect a failure here */
+ if (!TEST_false(ret))
+ goto err;
+ }
+
+ testresult = 1;
+ err:
+ EVP_MD_CTX_free(ctx);
+ OPENSSL_free(mac);
+ EVP_PKEY_free(pkey);
+ ENGINE_finish(e);
+ ENGINE_free(e);
+
+ return testresult;
+}
+
+static int test_cipher_with_engine(void)
+{
+ ENGINE *e;
+ const char *engine_id = "dasync";
+ const unsigned char keyiv[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f
+ };
+ const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
+ int testresult = 0;
+ EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
+ unsigned char buf[AES_BLOCK_SIZE];
+ int len = 0;
+
+ if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
+ return 0;
+
+ if (!TEST_true(ENGINE_init(e))) {
+ ENGINE_free(e);
+ return 0;
+ }
+
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
+ || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
+ goto err;
+
+ if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
+ goto err;
+
+ /* Copy the ctx, and complete the operation with the new ctx */
+ if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
+ goto err;
+
+ if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
+ || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
+ goto err;
+
+ testresult = 1;
+ err:
+ EVP_CIPHER_CTX_free(ctx);
+ EVP_CIPHER_CTX_free(ctx2);
+ ENGINE_finish(e);
+ ENGINE_free(e);
+
+ return testresult;
+}
+#endif /* !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */
int setup_tests(void)
{
+#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
+ ENGINE_load_builtin_engines();
+#endif
ADD_TEST(test_EVP_DigestSignInit);
ADD_TEST(test_EVP_DigestVerifyInit);
ADD_TEST(test_EVP_Enveloped);
@@ -1209,5 +1960,19 @@ int setup_tests(void)
ADD_TEST(test_EVP_PKEY_set1_DH);
#endif
+ ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
+ ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
+ ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
+ ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
+
+#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
+# ifndef OPENSSL_NO_EC
+ ADD_ALL_TESTS(test_signatures_with_engine, 3);
+# else
+ ADD_ALL_TESTS(test_signatures_with_engine, 2);
+# endif
+ ADD_TEST(test_cipher_with_engine);
+#endif
+
return 1;
}
Index: src/crypto/external/bsd/openssl/dist/test/testutil/format_output.c
diff -u src/crypto/external/bsd/openssl/dist/test/testutil/format_output.c:1.5 src/crypto/external/bsd/openssl/dist/test/testutil/format_output.c:1.6
--- src/crypto/external/bsd/openssl/dist/test/testutil/format_output.c:1.5 Mon Mar 23 18:21:34 2020
+++ src/crypto/external/bsd/openssl/dist/test/testutil/format_output.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -107,8 +107,10 @@ static void test_fail_string_common(cons
if (diff && i > 0)
test_printf_stderr("%4s %s\n", "", bdiff);
}
- m1 += n1;
- m2 += n2;
+ if (m1 != NULL)
+ m1 += n1;
+ if (m2 != NULL)
+ m2 += n2;
l1 -= n1;
l2 -= n2;
cnt += width;
@@ -496,8 +498,10 @@ static void test_fail_memory_common(cons
if (diff && i > 0)
test_printf_stderr("%4s %s\n", "", bdiff);
}
- m1 += n1;
- m2 += n2;
+ if (m1 != NULL)
+ m1 += n1;
+ if (m2 != NULL)
+ m2 += n2;
l1 -= n1;
l2 -= n2;
cnt += bytes;
Index: src/crypto/external/bsd/openssl/dist/test/testutil/tests.c
diff -u src/crypto/external/bsd/openssl/dist/test/testutil/tests.c:1.5 src/crypto/external/bsd/openssl/dist/test/testutil/tests.c:1.6
--- src/crypto/external/bsd/openssl/dist/test/testutil/tests.c:1.5 Mon Mar 23 18:21:34 2020
+++ src/crypto/external/bsd/openssl/dist/test/testutil/tests.c Fri Jan 7 10:50:11 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -394,8 +394,8 @@ int test_BN_eq_word(const char *file, in
if (a != NULL && BN_is_word(a, w))
return 1;
- bw = BN_new();
- BN_set_word(bw, w);
+ if ((bw = BN_new()) != NULL)
+ BN_set_word(bw, w);
test_fail_bignum_message(NULL, file, line, "BIGNUM", bns, ws, "==", a, bw);
BN_free(bw);
return 0;
@@ -408,10 +408,10 @@ int test_BN_abs_eq_word(const char *file
if (a != NULL && BN_abs_is_word(a, w))
return 1;
- bw = BN_new();
- aa = BN_dup(a);
- BN_set_negative(aa, 0);
- BN_set_word(bw, w);
+ if ((aa = BN_dup(a)) != NULL)
+ BN_set_negative(aa, 0);
+ if ((bw = BN_new()) != NULL)
+ BN_set_word(bw, w);
test_fail_bignum_message(NULL, file, line, "BIGNUM", bns, ws, "abs==",
aa, bw);
BN_free(bw);
