Module Name: src
Committed By: christos
Date: Tue Jun 11 14:47:52 UTC 2024
Modified Files:
src/crypto/external/bsd/openssl/dist: Configure e_os.h
src/crypto/external/bsd/openssl/dist/apps: ocsp.c req.c s_server.c
speed.c
src/crypto/external/bsd/openssl/dist/apps/lib: opt.c
src/crypto/external/bsd/openssl/dist/crypto/bio: bio_lib.c
src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c bn_lib.c
bn_nist.c bn_rand.c
src/crypto/external/bsd/openssl/dist/crypto/err: openssl.ec
src/crypto/external/bsd/openssl/dist/crypto/evp: e_aes.c
src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa_lib.c
src/crypto/external/bsd/openssl/dist/include/internal: refcount.h
src/crypto/external/bsd/openssl/dist/include/openssl: bio.h.in
src/crypto/external/bsd/openssl/dist/ssl: d1_lib.c s3_enc.c s3_lib.c
ssl_ciph.c ssl_err.c ssl_lib.c ssl_sess.c t1_enc.c t1_lib.c
src/crypto/external/bsd/openssl/dist/test: bntest.c dsatest.c
ecdsatest.c evp_extra_test.c evp_test.c
Removed Files:
src/crypto/external/bsd/openssl/dist: FAQ.md
Log Message:
Merge conflicts between 3.0.12 and 3.0.14
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/crypto/external/bsd/openssl/dist/Configure
cvs rdiff -u -r1.1.1.1 -r0 src/crypto/external/bsd/openssl/dist/FAQ.md
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssl/dist/e_os.h
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssl/dist/apps/ocsp.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/apps/req.c
cvs rdiff -u -r1.29 -r1.30 \
src/crypto/external/bsd/openssl/dist/apps/s_server.c
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssl/dist/apps/speed.c
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/apps/lib/opt.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
cvs rdiff -u -r1.17 -r1.18 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/openssl/dist/crypto/err/openssl.ec
cvs rdiff -u -r1.26 -r1.27 \
src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/openssl/dist/include/internal/refcount.h
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/include/openssl/bio.h.in
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c \
src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c \
src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c
cvs rdiff -u -r1.38 -r1.39 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/test/bntest.c \
src/crypto/external/bsd/openssl/dist/test/evp_test.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/test/dsatest.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssl/dist/test/ecdsatest.c
cvs rdiff -u -r1.14 -r1.15 \
src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/Configure
diff -u src/crypto/external/bsd/openssl/dist/Configure:1.34 src/crypto/external/bsd/openssl/dist/Configure:1.35
--- src/crypto/external/bsd/openssl/dist/Configure:1.34 Wed Oct 25 13:17:49 2023
+++ src/crypto/external/bsd/openssl/dist/Configure Tue Jun 11 10:47:51 2024
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -405,6 +405,7 @@ my @disablables = (
"asan",
"asm",
"async",
+ "atexit",
"autoalginit",
"autoerrinit",
"autoload-config",
@@ -933,8 +934,6 @@ while (@argvcopy)
if (/^--prefix=(.*)$/)
{
$config{prefix}=$1;
- die "Directory given with --prefix MUST be absolute\n"
- unless file_name_is_absolute($config{prefix});
}
elsif (/^--api=(.*)$/)
{
@@ -1377,6 +1376,11 @@ foreach (keys %useradd) {
# At this point, we can forget everything about %user and %useradd,
# because it's now all been merged into the corresponding $config entry
+if ($config{prefix} && !$config{CROSS_COMPILE}) {
+ die "Directory given with --prefix MUST be absolute\n"
+ unless file_name_is_absolute($config{prefix});
+}
+
if (grep { $_ =~ /(?:^|\s)-static(?:\s|$)/ } @{$config{LDFLAGS}}) {
disable('static', 'pic', 'threads');
}
@@ -1832,11 +1836,12 @@ if ($builder eq "unified") {
my $base = shift;
my $dir = shift;
my $relativeto = shift || ".";
+ my $no_mkpath = shift // 0;
$dir = catdir($base,$dir) unless isabsolute($dir);
# Make sure the directories we're building in exists
- mkpath($dir);
+ mkpath($dir) unless $no_mkpath;
my $res = abs2rel(absolutedir($dir), rel2abs($relativeto));
#print STDERR "DEBUG[cleandir]: $dir , $base => $res\n";
@@ -1847,6 +1852,7 @@ if ($builder eq "unified") {
my $base = shift;
my $file = shift;
my $relativeto = shift || ".";
+ my $no_mkpath = shift // 0;
$file = catfile($base,$file) unless isabsolute($file);
@@ -1854,7 +1860,7 @@ if ($builder eq "unified") {
my $f = basename($file);
# Make sure the directories we're building in exists
- mkpath($d);
+ mkpath($d) unless $no_mkpath;
my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto));
#print STDERR "DEBUG[cleanfile]: $d , $f => $res\n";
@@ -1884,7 +1890,7 @@ if ($builder eq "unified") {
}
# Then, look in our standard directory
push @build_file_templates,
- ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) }
+ ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir, 1) }
@build_file_template_names );
my $build_file_template;
@@ -1899,7 +1905,7 @@ if ($builder eq "unified") {
}
$config{build_file_templates}
= [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"),
- $blddir),
+ $blddir, 1),
$build_file_template ];
my @build_dirs = ( [ ] ); # current directory
@@ -1908,7 +1914,7 @@ if ($builder eq "unified") {
# We want to detect configdata.pm in the source tree, so we
# don't use it if the build tree is different.
- my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
+ my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir, 1);
# Any source file that we recognise is placed in this hash table, with
# the list of its intended destinations as value. When everything has
@@ -2261,7 +2267,7 @@ EOF
my $dest = $_;
my $ddest = cleanfile($buildd, $_, $blddir);
foreach (@{$sources{$dest}}) {
- my $s = cleanfile($sourced, $_, $blddir);
+ my $s = cleanfile($sourced, $_, $blddir, 1);
# If it's generated or we simply don't find it in the source
# tree, we assume it's in the build tree.
@@ -2306,7 +2312,7 @@ EOF
my $dest = $_;
my $ddest = cleanfile($buildd, $_, $blddir);
foreach (@{$shared_sources{$dest}}) {
- my $s = cleanfile($sourced, $_, $blddir);
+ my $s = cleanfile($sourced, $_, $blddir, 1);
# If it's generated or we simply don't find it in the source
# tree, we assume it's in the build tree.
@@ -2361,7 +2367,7 @@ EOF
if scalar @{$generate{$_}} > 1;
my @generator = split /\s+/, $generate{$dest}->[0];
my $gen = $generator[0];
- $generator[0] = cleanfile($sourced, $gen, $blddir);
+ $generator[0] = cleanfile($sourced, $gen, $blddir, 1);
# If the generator is itself generated, it's in the build tree
if ($generate{$gen} || ! -f $generator[0]) {
@@ -2387,7 +2393,7 @@ EOF
} elsif ($dest eq '') {
$ddest = '';
} else {
- $ddest = cleanfile($sourced, $_, $blddir);
+ $ddest = cleanfile($sourced, $_, $blddir, 1);
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
@@ -2396,7 +2402,7 @@ EOF
}
}
foreach (@{$depends{$dest}}) {
- my $d = cleanfile($sourced, $_, $blddir);
+ my $d = cleanfile($sourced, $_, $blddir, 1);
my $d2 = cleanfile($buildd, $_, $blddir);
# If we know it's generated, or assume it is because we can't
@@ -2419,7 +2425,7 @@ EOF
foreach (keys %includes) {
my $dest = $_;
- my $ddest = cleanfile($sourced, $_, $blddir);
+ my $ddest = cleanfile($sourced, $_, $blddir, 1);
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
@@ -2427,7 +2433,7 @@ EOF
$ddest = cleanfile($buildd, $_, $blddir);
}
foreach (@{$includes{$dest}}) {
- my $is = cleandir($sourced, $_, $blddir);
+ my $is = cleandir($sourced, $_, $blddir, 1);
my $ib = cleandir($buildd, $_, $blddir);
push @{$unified_info{includes}->{$ddest}->{source}}, $is
unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}};
@@ -2440,7 +2446,7 @@ EOF
my $ddest;
if ($dest ne "") {
- $ddest = cleanfile($sourced, $dest, $blddir);
+ $ddest = cleanfile($sourced, $dest, $blddir, 1);
# If the destination doesn't exist in source, it can only
# be a generated file in the build tree.
@@ -2822,7 +2828,7 @@ my %template_vars = (
my $configdata_outname = 'configdata.pm';
open CONFIGDATA, ">$configdata_outname.new"
or die "Trying to create $configdata_outname.new: $!";
-my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir);
+my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir, 1);
my $configdata_tmpl =
OpenSSL::Template->new(TYPE => 'FILE', SOURCE => $configdata_tmplname);
$configdata_tmpl->fill_in(
Index: src/crypto/external/bsd/openssl/dist/e_os.h
diff -u src/crypto/external/bsd/openssl/dist/e_os.h:1.18 src/crypto/external/bsd/openssl/dist/e_os.h:1.19
--- src/crypto/external/bsd/openssl/dist/e_os.h:1.18 Sun May 7 14:40:15 2023
+++ src/crypto/external/bsd/openssl/dist/e_os.h Tue Jun 11 10:47:51 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -296,20 +296,18 @@ static ossl_inline void ossl_sleep(unsig
ts.tv_sec = (long int) (millis / 1000);
ts.tv_nsec = (long int) (millis % 1000) * 1000000ul;
nanosleep(&ts, NULL);
-# elif defined(__TANDEM)
-# if !defined(_REENTRANT)
+# elif defined(__TANDEM) && !defined(_REENTRANT)
# include <cextdecs.h(PROCESS_DELAY_)>
+
/* HPNS does not support usleep for non threaded apps */
PROCESS_DELAY_(millis * 1000);
-# elif defined(_SPT_MODEL_)
-# include <spthread.h>
-# include <spt_extensions.h>
- usleep(millis * 1000);
-# else
- usleep(millis * 1000);
-# endif
# else
- usleep(millis * 1000);
+ unsigned int s = (unsigned int)(millis / 1000);
+ unsigned int us = (unsigned int)((millis % 1000) * 1000);
+
+ if (s > 0)
+ sleep(s);
+ usleep(us);
# endif
}
#elif defined(_WIN32)
Index: src/crypto/external/bsd/openssl/dist/apps/ocsp.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.24 src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.25
--- src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.24 Sun May 7 14:40:15 2023
+++ src/crypto/external/bsd/openssl/dist/apps/ocsp.c Tue Jun 11 10:47:51 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,7 +11,7 @@
#ifdef OPENSSL_SYS_VMS
/* So fd_set and friends get properly defined on OpenVMS */
-# define _XOPEN_SOURCE_EXTENDED
+# define _XOPEN_SOURCE_EXTENDED 1
#endif
#include <stdio.h>
Index: src/crypto/external/bsd/openssl/dist/apps/req.c
diff -u src/crypto/external/bsd/openssl/dist/apps/req.c:1.6 src/crypto/external/bsd/openssl/dist/apps/req.c:1.7
--- src/crypto/external/bsd/openssl/dist/apps/req.c:1.6 Wed Oct 25 13:17:49 2023
+++ src/crypto/external/bsd/openssl/dist/apps/req.c Tue Jun 11 10:47:51 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -569,7 +569,7 @@ int req_main(int argc, char **argv)
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, addext_conf);
+ X509V3_set_nconf(&ctx, req_conf);
if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) {
BIO_printf(bio_err, "Error checking extensions defined using -addext\n");
goto end;
@@ -733,7 +733,7 @@ int req_main(int argc, char **argv)
}
goto end;
}
- BIO_free(out);
+ BIO_free_all(out);
out = NULL;
BIO_printf(bio_err, "-----\n");
}
Index: src/crypto/external/bsd/openssl/dist/apps/s_server.c
diff -u src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.29 src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.30
--- src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.29 Wed Oct 25 13:17:49 2023
+++ src/crypto/external/bsd/openssl/dist/apps/s_server.c Tue Jun 11 10:47:51 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -1670,6 +1670,11 @@ int s_server_main(int argc, char *argv[]
BIO_printf(bio_err, "Can only use -listen with DTLS\n");
goto end;
}
+
+ if (rev && socket_type == SOCK_DGRAM) {
+ BIO_printf(bio_err, "Can't use -rev with DTLS\n");
+ goto end;
+ }
#endif
if (stateless && socket_type != SOCK_STREAM) {
Index: src/crypto/external/bsd/openssl/dist/apps/speed.c
diff -u src/crypto/external/bsd/openssl/dist/apps/speed.c:1.23 src/crypto/external/bsd/openssl/dist/apps/speed.c:1.24
--- src/crypto/external/bsd/openssl/dist/apps/speed.c:1.23 Wed Oct 25 13:17:49 2023
+++ src/crypto/external/bsd/openssl/dist/apps/speed.c Tue Jun 11 10:47:51 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -727,8 +727,12 @@ static int EVP_Update_loop(void *args)
unsigned char *buf = tempargs->buf;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count, rc;
+ unsigned char faketag[16] = { 0xcc };
if (decrypt) {
+ if (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+ (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(faketag), faketag);
+ }
for (count = 0; COND(c[D_EVP][testnum]); count++) {
rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
if (rc != 1) {
Index: src/crypto/external/bsd/openssl/dist/apps/lib/opt.c
diff -u src/crypto/external/bsd/openssl/dist/apps/lib/opt.c:1.2 src/crypto/external/bsd/openssl/dist/apps/lib/opt.c:1.3
--- src/crypto/external/bsd/openssl/dist/apps/lib/opt.c:1.2 Sun May 7 14:40:15 2023
+++ src/crypto/external/bsd/openssl/dist/apps/lib/opt.c Tue Jun 11 10:47:51 2024
@@ -696,7 +696,12 @@ int opt_verify(int opt, X509_VERIFY_PARA
opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
return 0;
}
- X509_VERIFY_PARAM_add0_policy(vpm, otmp);
+ if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) {
+ ASN1_OBJECT_free(otmp);
+ opt_printf_stderr("%s: Internal error adding Policy %s\n",
+ prog, opt_arg());
+ return 0;
+ }
break;
case OPT_V_PURPOSE:
/* purpose name -> purpose index */
Index: src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c:1.9 Wed May 31 15:30:28 2023
+++ src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c Tue Jun 11 10:47:51 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -869,8 +869,12 @@ static int bio_wait(BIO *bio, time_t max
return 1;
#ifndef OPENSSL_NO_SOCK
- if (BIO_get_fd(bio, &fd) > 0 && fd < FD_SETSIZE)
- return BIO_socket_wait(fd, BIO_should_read(bio), max_time);
+ if (BIO_get_fd(bio, &fd) > 0) {
+ int ret = BIO_socket_wait(fd, BIO_should_read(bio), max_time);
+
+ if (ret != -1)
+ return ret;
+ }
#endif
/* fall back to polling since no sockets are available */
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.22 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.23
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.22 Sun May 7 14:40:17 2023
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c Tue Jun 11 10:47:51 2024
@@ -247,6 +247,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
wstart = bits - 1; /* The top bit of the window */
wend = 0; /* The bottom bit of the window */
+ if (r == p) {
+ BIGNUM *p_dup = BN_CTX_get(ctx);
+
+ if (p_dup == NULL || BN_copy(p_dup, p) == NULL)
+ goto err;
+ p = p_dup;
+ }
+
if (!BN_one(r))
goto err;
@@ -1321,6 +1329,11 @@ int BN_mod_exp_simple(BIGNUM *r, const B
return 0;
}
+ if (r == m) {
+ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
+
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
@@ -1366,6 +1379,14 @@ int BN_mod_exp_simple(BIGNUM *r, const B
wstart = bits - 1; /* The top bit of the window */
wend = 0; /* The bottom bit of the window */
+ if (r == p) {
+ BIGNUM *p_dup = BN_CTX_get(ctx);
+
+ if (p_dup == NULL || BN_copy(p_dup, p) == NULL)
+ goto err;
+ p = p_dup;
+ }
+
if (!BN_one(r))
goto err;
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c:1.17 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c:1.18
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c:1.17 Wed May 31 15:30:29 2023
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c Tue Jun 11 10:47:51 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -618,14 +618,29 @@ int BN_ucmp(const BIGNUM *a, const BIGNU
int i;
BN_ULONG t1, t2, *ap, *bp;
+ ap = a->d;
+ bp = b->d;
+
+ if (BN_get_flags(a, BN_FLG_CONSTTIME)
+ && a->top == b->top) {
+ int res = 0;
+
+ for (i = 0; i < b->top; i++) {
+ res = constant_time_select_int(constant_time_lt_bn(ap[i], bp[i]),
+ -1, res);
+ res = constant_time_select_int(constant_time_lt_bn(bp[i], ap[i]),
+ 1, res);
+ }
+ return res;
+ }
+
bn_check_top(a);
bn_check_top(b);
i = a->top - b->top;
if (i != 0)
return i;
- ap = a->d;
- bp = b->d;
+
for (i = a->top - 1; i >= 0; i--) {
t1 = ap[i];
t2 = bp[i];
@@ -737,11 +752,10 @@ int BN_is_bit_set(const BIGNUM *a, int n
return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
}
-int BN_mask_bits(BIGNUM *a, int n)
+int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n)
{
int b, w;
- bn_check_top(a);
if (n < 0)
return 0;
@@ -755,10 +769,21 @@ int BN_mask_bits(BIGNUM *a, int n)
a->top = w + 1;
a->d[w] &= ~(BN_MASK2 << b);
}
- bn_correct_top(a);
+ a->flags |= BN_FLG_FIXED_TOP;
return 1;
}
+int BN_mask_bits(BIGNUM *a, int n)
+{
+ int ret;
+
+ bn_check_top(a);
+ ret = ossl_bn_mask_bits_fixed_top(a, n);
+ if (ret)
+ bn_correct_top(a);
+ return ret;
+}
+
void BN_set_negative(BIGNUM *a, int b)
{
if (b && !BN_is_zero(a))
@@ -935,6 +960,22 @@ int BN_is_word(const BIGNUM *a, const BN
return BN_abs_is_word(a, w) && (!w || !a->neg);
}
+int ossl_bn_is_word_fixed_top(const BIGNUM *a, BN_ULONG w)
+{
+ int res, i;
+ const BN_ULONG *ap = a->d;
+
+ if (a->neg || a->top == 0)
+ return 0;
+
+ res = constant_time_select_int(constant_time_eq_bn(ap[0], w), 1, 0);
+
+ for (i = 1; i < a->top; i++)
+ res = constant_time_select_int(constant_time_is_zero_bn(ap[i]),
+ res, 0);
+ return res;
+}
+
int BN_is_odd(const BIGNUM *a)
{
return (a->top > 0) && (a->d[0] & 1);
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c:1.9 Wed May 31 15:30:29 2023
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c Tue Jun 11 10:47:51 2024
@@ -319,6 +319,28 @@ static void nist_cp_bn(BN_ULONG *dst, co
# endif
#endif /* BN_BITS2 != 64 */
+#ifdef NIST_INT64
+/* Helpers to load/store a 32-bit word (uint32_t) from/into a memory
+ * location and avoid potential aliasing issue. */
+static ossl_inline uint32_t load_u32(const void *ptr)
+{
+ uint32_t tmp;
+
+ memcpy(&tmp, ptr, sizeof(tmp));
+ return tmp;
+}
+
+static ossl_inline void store_lo32(void *ptr, NIST_INT64 val)
+{
+ /* A cast is needed for big-endian system: on a 32-bit BE system
+ * NIST_INT64 may be defined as well if the compiler supports 64-bit
+ * long long. */
+ uint32_t tmp = (uint32_t)val;
+
+ memcpy(ptr, &tmp, sizeof(tmp));
+}
+#endif /* NIST_INT64 */
+
#define nist_set_192(to, from, a1, a2, a3) \
{ \
bn_cp_64(to, 0, from, (a3) - 3) \
@@ -374,42 +396,42 @@ int BN_nist_mod_192(BIGNUM *r, const BIG
unsigned int *rp = (unsigned int *)r_d;
const unsigned int *bp = (const unsigned int *)buf.ui;
- acc = rp[0];
+ acc = load_u32(&rp[0]);
acc += bp[3 * 2 - 6];
acc += bp[5 * 2 - 6];
- rp[0] = (unsigned int)acc;
+ store_lo32(&rp[0], acc);
acc >>= 32;
- acc += rp[1];
+ acc += load_u32(&rp[1]);
acc += bp[3 * 2 - 5];
acc += bp[5 * 2 - 5];
- rp[1] = (unsigned int)acc;
+ store_lo32(&rp[1], acc);
acc >>= 32;
- acc += rp[2];
+ acc += load_u32(&rp[2]);
acc += bp[3 * 2 - 6];
acc += bp[4 * 2 - 6];
acc += bp[5 * 2 - 6];
- rp[2] = (unsigned int)acc;
+ store_lo32(&rp[2], acc);
acc >>= 32;
- acc += rp[3];
+ acc += load_u32(&rp[3]);
acc += bp[3 * 2 - 5];
acc += bp[4 * 2 - 5];
acc += bp[5 * 2 - 5];
- rp[3] = (unsigned int)acc;
+ store_lo32(&rp[3], acc);
acc >>= 32;
- acc += rp[4];
+ acc += load_u32(&rp[4]);
acc += bp[4 * 2 - 6];
acc += bp[5 * 2 - 6];
- rp[4] = (unsigned int)acc;
+ store_lo32(&rp[4], acc);
acc >>= 32;
- acc += rp[5];
+ acc += load_u32(&rp[5]);
acc += bp[4 * 2 - 5];
acc += bp[5 * 2 - 5];
- rp[5] = (unsigned int)acc;
+ store_lo32(&rp[5], acc);
carry = (int)(acc >> 32);
}
@@ -683,36 +705,36 @@ int BN_nist_mod_256(BIGNUM *r, const BIG
unsigned int *rp = (unsigned int *)r_d;
const unsigned int *bp = (const unsigned int *)buf.ui;
- acc = rp[0];
+ acc = load_u32(&rp[0]);
acc += bp[8 - 8];
acc += bp[9 - 8];
acc -= bp[11 - 8];
acc -= bp[12 - 8];
acc -= bp[13 - 8];
acc -= bp[14 - 8];
- rp[0] = (unsigned int)acc;
+ store_lo32(&rp[0], acc);
acc >>= 32;
- acc += rp[1];
+ acc += load_u32(&rp[1]);
acc += bp[9 - 8];
acc += bp[10 - 8];
acc -= bp[12 - 8];
acc -= bp[13 - 8];
acc -= bp[14 - 8];
acc -= bp[15 - 8];
- rp[1] = (unsigned int)acc;
+ store_lo32(&rp[1], acc);
acc >>= 32;
- acc += rp[2];
+ acc += load_u32(&rp[2]);
acc += bp[10 - 8];
acc += bp[11 - 8];
acc -= bp[13 - 8];
acc -= bp[14 - 8];
acc -= bp[15 - 8];
- rp[2] = (unsigned int)acc;
+ store_lo32(&rp[2], acc);
acc >>= 32;
- acc += rp[3];
+ acc += load_u32(&rp[3]);
acc += bp[11 - 8];
acc += bp[11 - 8];
acc += bp[12 - 8];
@@ -721,10 +743,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIG
acc -= bp[15 - 8];
acc -= bp[8 - 8];
acc -= bp[9 - 8];
- rp[3] = (unsigned int)acc;
+ store_lo32(&rp[3], acc);
acc >>= 32;
- acc += rp[4];
+ acc += load_u32(&rp[4]);
acc += bp[12 - 8];
acc += bp[12 - 8];
acc += bp[13 - 8];
@@ -732,10 +754,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIG
acc += bp[14 - 8];
acc -= bp[9 - 8];
acc -= bp[10 - 8];
- rp[4] = (unsigned int)acc;
+ store_lo32(&rp[4], acc);
acc >>= 32;
- acc += rp[5];
+ acc += load_u32(&rp[5]);
acc += bp[13 - 8];
acc += bp[13 - 8];
acc += bp[14 - 8];
@@ -743,10 +765,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIG
acc += bp[15 - 8];
acc -= bp[10 - 8];
acc -= bp[11 - 8];
- rp[5] = (unsigned int)acc;
+ store_lo32(&rp[5], acc);
acc >>= 32;
- acc += rp[6];
+ acc += load_u32(&rp[6]);
acc += bp[14 - 8];
acc += bp[14 - 8];
acc += bp[15 - 8];
@@ -755,10 +777,10 @@ int BN_nist_mod_256(BIGNUM *r, const BIG
acc += bp[13 - 8];
acc -= bp[8 - 8];
acc -= bp[9 - 8];
- rp[6] = (unsigned int)acc;
+ store_lo32(&rp[6], acc);
acc >>= 32;
- acc += rp[7];
+ acc += load_u32(&rp[7]);
acc += bp[15 - 8];
acc += bp[15 - 8];
acc += bp[15 - 8];
@@ -767,7 +789,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIG
acc -= bp[11 - 8];
acc -= bp[12 - 8];
acc -= bp[13 - 8];
- rp[7] = (unsigned int)acc;
+ store_lo32(&rp[7], acc);
carry = (int)(acc >> 32);
}
@@ -920,32 +942,32 @@ int BN_nist_mod_384(BIGNUM *r, const BIG
unsigned int *rp = (unsigned int *)r_d;
const unsigned int *bp = (const unsigned int *)buf.ui;
- acc = rp[0];
+ acc = load_u32(&rp[0]);
acc += bp[12 - 12];
acc += bp[21 - 12];
acc += bp[20 - 12];
acc -= bp[23 - 12];
- rp[0] = (unsigned int)acc;
+ store_lo32(&rp[0], acc);
acc >>= 32;
- acc += rp[1];
+ acc += load_u32(&rp[1]);
acc += bp[13 - 12];
acc += bp[22 - 12];
acc += bp[23 - 12];
acc -= bp[12 - 12];
acc -= bp[20 - 12];
- rp[1] = (unsigned int)acc;
+ store_lo32(&rp[1], acc);
acc >>= 32;
- acc += rp[2];
+ acc += load_u32(&rp[2]);
acc += bp[14 - 12];
acc += bp[23 - 12];
acc -= bp[13 - 12];
acc -= bp[21 - 12];
- rp[2] = (unsigned int)acc;
+ store_lo32(&rp[2], acc);
acc >>= 32;
- acc += rp[3];
+ acc += load_u32(&rp[3]);
acc += bp[15 - 12];
acc += bp[12 - 12];
acc += bp[20 - 12];
@@ -953,10 +975,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIG
acc -= bp[14 - 12];
acc -= bp[22 - 12];
acc -= bp[23 - 12];
- rp[3] = (unsigned int)acc;
+ store_lo32(&rp[3], acc);
acc >>= 32;
- acc += rp[4];
+ acc += load_u32(&rp[4]);
acc += bp[21 - 12];
acc += bp[21 - 12];
acc += bp[16 - 12];
@@ -967,10 +989,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIG
acc -= bp[15 - 12];
acc -= bp[23 - 12];
acc -= bp[23 - 12];
- rp[4] = (unsigned int)acc;
+ store_lo32(&rp[4], acc);
acc >>= 32;
- acc += rp[5];
+ acc += load_u32(&rp[5]);
acc += bp[22 - 12];
acc += bp[22 - 12];
acc += bp[17 - 12];
@@ -979,10 +1001,10 @@ int BN_nist_mod_384(BIGNUM *r, const BIG
acc += bp[21 - 12];
acc += bp[23 - 12];
acc -= bp[16 - 12];
- rp[5] = (unsigned int)acc;
+ store_lo32(&rp[5], acc);
acc >>= 32;
- acc += rp[6];
+ acc += load_u32(&rp[6]);
acc += bp[23 - 12];
acc += bp[23 - 12];
acc += bp[18 - 12];
@@ -990,48 +1012,48 @@ int BN_nist_mod_384(BIGNUM *r, const BIG
acc += bp[14 - 12];
acc += bp[22 - 12];
acc -= bp[17 - 12];
- rp[6] = (unsigned int)acc;
+ store_lo32(&rp[6], acc);
acc >>= 32;
- acc += rp[7];
+ acc += load_u32(&rp[7]);
acc += bp[19 - 12];
acc += bp[16 - 12];
acc += bp[15 - 12];
acc += bp[23 - 12];
acc -= bp[18 - 12];
- rp[7] = (unsigned int)acc;
+ store_lo32(&rp[7], acc);
acc >>= 32;
- acc += rp[8];
+ acc += load_u32(&rp[8]);
acc += bp[20 - 12];
acc += bp[17 - 12];
acc += bp[16 - 12];
acc -= bp[19 - 12];
- rp[8] = (unsigned int)acc;
+ store_lo32(&rp[8], acc);
acc >>= 32;
- acc += rp[9];
+ acc += load_u32(&rp[9]);
acc += bp[21 - 12];
acc += bp[18 - 12];
acc += bp[17 - 12];
acc -= bp[20 - 12];
- rp[9] = (unsigned int)acc;
+ store_lo32(&rp[9], acc);
acc >>= 32;
- acc += rp[10];
+ acc += load_u32(&rp[10]);
acc += bp[22 - 12];
acc += bp[19 - 12];
acc += bp[18 - 12];
acc -= bp[21 - 12];
- rp[10] = (unsigned int)acc;
+ store_lo32(&rp[10], acc);
acc >>= 32;
- acc += rp[11];
+ acc += load_u32(&rp[11]);
acc += bp[23 - 12];
acc += bp[20 - 12];
acc += bp[19 - 12];
acc -= bp[22 - 12];
- rp[11] = (unsigned int)acc;
+ store_lo32(&rp[11], acc);
carry = (int)(acc >> 32);
}
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c:1.7
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c:1.6 Sun May 7 14:40:17 2023
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_rand.c Tue Jun 11 10:47:51 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -186,8 +186,8 @@ static int bnrand_range(BNRAND_FLAG flag
} else {
do {
/* range = 11..._2 or range = 101..._2 */
- if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0,
- ctx))
+ if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY,
+ strength, ctx))
return 0;
if (!--count) {
@@ -240,17 +240,63 @@ int BN_pseudo_rand_range(BIGNUM *r, cons
# endif
#endif
+int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range,
+ unsigned int strength, BN_CTX *ctx)
+{
+ int n;
+ int count = 100;
+
+ if (r == NULL) {
+ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ if (range->neg || BN_is_zero(range)) {
+ ERR_raise(ERR_LIB_BN, BN_R_INVALID_RANGE);
+ return 0;
+ }
+
+ n = BN_num_bits(range); /* n > 0 */
+
+ /* BN_is_bit_set(range, n - 1) always holds */
+
+ if (n == 1) {
+ BN_zero(r);
+ } else {
+ BN_set_flags(r, BN_FLG_CONSTTIME);
+ do {
+ if (!bnrand(PRIVATE, r, n + 1, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY,
+ strength, ctx))
+ return 0;
+
+ if (!--count) {
+ ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS);
+ return 0;
+ }
+ ossl_bn_mask_bits_fixed_top(r, n);
+ }
+ while (BN_ucmp(r, range) >= 0);
+#ifdef BN_DEBUG
+ /* With BN_DEBUG on a fixed top number cannot be returned */
+ bn_correct_top(r);
+#endif
+ }
+
+ return 1;
+}
+
/*
- * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
- * BN_rand_range, it also includes the contents of |priv| and |message| in
- * the generation so that an RNG failure isn't fatal as long as |priv|
+ * ossl_bn_gen_dsa_nonce_fixed_top generates a random number 0 <= out < range.
+ * Unlike BN_rand_range, it also includes the contents of |priv| and |message|
+ * in the generation so that an RNG failure isn't fatal as long as |priv|
* remains secret. This is intended for use in DSA and ECDSA where an RNG
* weakness leads directly to private key exposure unless this function is
* used.
*/
-int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
- const BIGNUM *priv, const unsigned char *message,
- size_t message_len, BN_CTX *ctx)
+int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range,
+ const BIGNUM *priv,
+ const unsigned char *message,
+ size_t message_len, BN_CTX *ctx)
{
EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
/*
@@ -260,20 +306,24 @@ int BN_generate_dsa_nonce(BIGNUM *out, c
unsigned char random_bytes[64];
unsigned char digest[SHA512_DIGEST_LENGTH];
unsigned done, todo;
- /* We generate |range|+8 bytes of random output. */
- const unsigned num_k_bytes = BN_num_bytes(range) + 8;
+ /* We generate |range|+1 bytes of random output. */
+ const unsigned num_k_bytes = BN_num_bytes(range) + 1;
unsigned char private_bytes[96];
unsigned char *k_bytes = NULL;
+ const int max_n = 64; /* Pr(failure to generate) < 2^max_n */
+ int n;
int ret = 0;
EVP_MD *md = NULL;
OSSL_LIB_CTX *libctx = ossl_bn_get_libctx(ctx);
if (mdctx == NULL)
- goto err;
+ goto end;
k_bytes = OPENSSL_malloc(num_k_bytes);
if (k_bytes == NULL)
- goto err;
+ goto end;
+ /* Ensure top byte is set to avoid non-constant time in bin2bn */
+ k_bytes[0] = 0xff;
/* We copy |priv| into a local buffer to avoid exposing its length. */
if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) {
@@ -283,41 +333,60 @@ int BN_generate_dsa_nonce(BIGNUM *out, c
* length of the private key.
*/
ERR_raise(ERR_LIB_BN, BN_R_PRIVATE_KEY_TOO_LARGE);
- goto err;
+ goto end;
}
md = EVP_MD_fetch(libctx, "SHA512", NULL);
if (md == NULL) {
ERR_raise(ERR_LIB_BN, BN_R_NO_SUITABLE_DIGEST);
- goto err;
- }
- for (done = 0; done < num_k_bytes;) {
- if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), 0) <= 0)
- goto err;
-
- if (!EVP_DigestInit_ex(mdctx, md, NULL)
- || !EVP_DigestUpdate(mdctx, &done, sizeof(done))
- || !EVP_DigestUpdate(mdctx, private_bytes,
- sizeof(private_bytes))
- || !EVP_DigestUpdate(mdctx, message, message_len)
- || !EVP_DigestUpdate(mdctx, random_bytes, sizeof(random_bytes))
- || !EVP_DigestFinal_ex(mdctx, digest, NULL))
- goto err;
-
- todo = num_k_bytes - done;
- if (todo > SHA512_DIGEST_LENGTH)
- todo = SHA512_DIGEST_LENGTH;
- memcpy(k_bytes + done, digest, todo);
- done += todo;
+ goto end;
}
+ for (n = 0; n < max_n; n++) {
+ unsigned char i = 0;
- if (!BN_bin2bn(k_bytes, num_k_bytes, out))
- goto err;
- if (BN_mod(out, out, range, ctx) != 1)
- goto err;
- ret = 1;
+ for (done = 1; done < num_k_bytes;) {
+ if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes),
+ 0) <= 0)
+ goto end;
+
+ if (!EVP_DigestInit_ex(mdctx, md, NULL)
+ || !EVP_DigestUpdate(mdctx, &i, sizeof(i))
+ || !EVP_DigestUpdate(mdctx, private_bytes,
+ sizeof(private_bytes))
+ || !EVP_DigestUpdate(mdctx, message, message_len)
+ || !EVP_DigestUpdate(mdctx, random_bytes,
+ sizeof(random_bytes))
+ || !EVP_DigestFinal_ex(mdctx, digest, NULL))
+ goto end;
+
+ todo = num_k_bytes - done;
+ if (todo > SHA512_DIGEST_LENGTH)
+ todo = SHA512_DIGEST_LENGTH;
+ memcpy(k_bytes + done, digest, todo);
+ done += todo;
+ ++i;
+ }
- err:
+ if (!BN_bin2bn(k_bytes, num_k_bytes, out))
+ goto end;
+
+ /* Clear out the top bits and rejection filter into range */
+ BN_set_flags(out, BN_FLG_CONSTTIME);
+ ossl_bn_mask_bits_fixed_top(out, BN_num_bits(range));
+
+ if (BN_ucmp(out, range) < 0) {
+ ret = 1;
+#ifdef BN_DEBUG
+ /* With BN_DEBUG on a fixed top number cannot be returned */
+ bn_correct_top(out);
+#endif
+ goto end;
+ }
+ }
+ /* Failed to generate anything */
+ ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR);
+
+ end:
EVP_MD_CTX_free(mdctx);
EVP_MD_free(md);
OPENSSL_clear_free(k_bytes, num_k_bytes);
@@ -326,3 +395,20 @@ int BN_generate_dsa_nonce(BIGNUM *out, c
OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
return ret;
}
+
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+ const BIGNUM *priv, const unsigned char *message,
+ size_t message_len, BN_CTX *ctx)
+{
+ int ret;
+
+ ret = ossl_bn_gen_dsa_nonce_fixed_top(out, range, priv, message,
+ message_len, ctx);
+ /*
+ * This call makes the BN_generate_dsa_nonce non-const-time, thus we
+ * do not use it internally. But fixed_top BNs currently cannot be returned
+ * from public API calls.
+ */
+ bn_correct_top(out);
+ return ret;
+}
Index: src/crypto/external/bsd/openssl/dist/crypto/err/openssl.ec
diff -u src/crypto/external/bsd/openssl/dist/crypto/err/openssl.ec:1.7 src/crypto/external/bsd/openssl/dist/crypto/err/openssl.ec:1.8
--- src/crypto/external/bsd/openssl/dist/crypto/err/openssl.ec:1.7 Sun May 7 14:40:19 2023
+++ src/crypto/external/bsd/openssl/dist/crypto/err/openssl.ec Tue Jun 11 10:47:51 2024
@@ -76,6 +76,6 @@ R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE
R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
-R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115
+R SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116
-R TLS1_AD_NO_APPLICATION_PROTOCOL 1120
+R SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
Index: src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.26 src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.27
--- src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.26 Sun May 7 14:40:19 2023
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c Tue Jun 11 10:47:51 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -831,8 +831,6 @@ typedef struct {
/* KMO-AES parameter block - end */
} kmo;
unsigned int fc;
-
- int res;
} S390X_AES_OFB_CTX;
typedef struct {
@@ -849,8 +847,6 @@ typedef struct {
/* KMF-AES parameter block - end */
} kmf;
unsigned int fc;
-
- int res;
} S390X_AES_CFB_CTX;
typedef struct {
@@ -1002,7 +998,6 @@ static int s390x_aes_ofb_init_key(EVP_CI
memcpy(cctx->kmo.param.cv, iv, ivlen);
memcpy(cctx->kmo.param.k, key, keylen);
cctx->fc = S390X_AES_FC(keylen);
- cctx->res = 0;
return 1;
}
@@ -1012,7 +1007,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPH
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
- int n = cctx->res;
+ int n = ctx->num;
int rem;
memcpy(cctx->kmo.param.cv, iv, ivlen);
@@ -1045,7 +1040,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPH
}
memcpy(iv, cctx->kmo.param.cv, ivlen);
- cctx->res = n;
+ ctx->num = n;
return 1;
}
@@ -1063,7 +1058,6 @@ static int s390x_aes_cfb_init_key(EVP_CI
if (!enc)
cctx->fc |= S390X_DECRYPT;
- cctx->res = 0;
memcpy(cctx->kmf.param.cv, iv, ivlen);
memcpy(cctx->kmf.param.k, key, keylen);
return 1;
@@ -1077,7 +1071,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPH
const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
- int n = cctx->res;
+ int n = ctx->num;
int rem;
unsigned char tmp;
@@ -1115,7 +1109,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPH
}
memcpy(iv, cctx->kmf.param.cv, ivlen);
- cctx->res = n;
+ ctx->num = n;
return 1;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c:1.9 Wed Oct 25 13:17:50 2023
+++ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c Tue Jun 11 10:47:52 2024
@@ -999,6 +999,10 @@ int EVP_PKEY_CTX_set_rsa_pss_keygen_md_n
*/
int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
{
+ /* If key type not RSA return error */
+ if (!EVP_PKEY_CTX_is_a(ctx, "RSA"))
+ return -1;
+
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md));
}
@@ -1026,6 +1030,10 @@ int EVP_PKEY_CTX_get_rsa_oaep_md_name(EV
*/
int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
{
+ /* If key type not RSA return error */
+ if (!EVP_PKEY_CTX_is_a(ctx, "RSA"))
+ return -1;
+
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)md);
}
Index: src/crypto/external/bsd/openssl/dist/include/internal/refcount.h
diff -u src/crypto/external/bsd/openssl/dist/include/internal/refcount.h:1.7 src/crypto/external/bsd/openssl/dist/include/internal/refcount.h:1.8
--- src/crypto/external/bsd/openssl/dist/include/internal/refcount.h:1.7 Wed May 31 15:30:29 2023
+++ src/crypto/external/bsd/openssl/dist/include/internal/refcount.h Tue Jun 11 10:47:52 2024
@@ -134,14 +134,14 @@ static __inline int CRYPTO_DOWN_REF(vola
static __inline int CRYPTO_UP_REF(volatile int *val, int *ret,
ossl_unused void *lock)
{
- *ret = _InterlockedExchangeAdd(val, 1) + 1;
+ *ret = _InterlockedExchangeAdd((long volatile *)val, 1) + 1;
return 1;
}
static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret,
ossl_unused void *lock)
{
- *ret = _InterlockedExchangeAdd(val, -1) - 1;
+ *ret = _InterlockedExchangeAdd((long volatile *)val, -1) - 1;
return 1;
}
# endif
Index: src/crypto/external/bsd/openssl/dist/include/openssl/bio.h.in
diff -u src/crypto/external/bsd/openssl/dist/include/openssl/bio.h.in:1.2 src/crypto/external/bsd/openssl/dist/include/openssl/bio.h.in:1.3
--- src/crypto/external/bsd/openssl/dist/include/openssl/bio.h.in:1.2 Sun May 7 14:40:26 2023
+++ src/crypto/external/bsd/openssl/dist/include/openssl/bio.h.in Tue Jun 11 10:47:52 2024
@@ -844,7 +844,7 @@ int BIO_meth_set_puts(BIO_METHOD *biom,
int (*puts) (BIO *, const char *));
int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int);
int BIO_meth_set_gets(BIO_METHOD *biom,
- int (*gets) (BIO *, char *, int));
+ int (*ossl_gets) (BIO *, char *, int));
long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *);
int BIO_meth_set_ctrl(BIO_METHOD *biom,
long (*ctrl) (BIO *, int, long, void *));
Index: src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.13 src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.14
--- src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.13 Sun May 7 14:40:27 2023
+++ src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c Tue Jun 11 10:47:52 2024
@@ -130,6 +130,23 @@ void dtls1_clear_sent_buffer(SSL *s)
while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
frag = (hm_fragment *)item->data;
+
+ if (frag->msg_header.is_ccs) {
+ /*
+ * If we're freeing the CCS then we're done with the old
+ * enc_write_ctx/write_hash and they can be freed
+ */
+ if (s->enc_write_ctx
+ != frag->msg_header.saved_retransmit_state.enc_write_ctx)
+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state
+ .enc_write_ctx);
+
+ if (s->write_hash
+ != frag->msg_header.saved_retransmit_state.write_hash)
+ EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state
+ .write_hash);
+ }
+
dtls1_hm_fragment_free(frag);
pitem_free(item);
}
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c:1.13 src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c:1.14
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c:1.13 Wed Oct 25 13:17:50 2023
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_sess.c Tue Jun 11 10:47:52 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -152,16 +152,11 @@ SSL_SESSION *SSL_SESSION_new(void)
return ss;
}
-SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
-{
- return ssl_session_dup(src, 1);
-}
-
/*
* Create a new SSL_SESSION and duplicate the contents of |src| into it. If
* ticket == 0 then no ticket information is duplicated, otherwise it is.
*/
-SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
{
SSL_SESSION *dest;
@@ -285,6 +280,27 @@ SSL_SESSION *ssl_session_dup(const SSL_S
return NULL;
}
+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
+{
+ return ssl_session_dup_intern(src, 1);
+}
+
+/*
+ * Used internally when duplicating a session which might be already shared.
+ * We will have resumed the original session. Subsequently we might have marked
+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to
+ * resume from.
+ */
+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
+{
+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
+
+ if (sess != NULL)
+ sess->not_resumable = 0;
+
+ return sess;
+}
+
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
{
if (len)
@@ -515,6 +531,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s
ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©);
if (ret != NULL) {
+ if (ret->not_resumable) {
+ /* If its not resumable then ignore this session */
+ if (!copy)
+ SSL_SESSION_free(ret);
+ return NULL;
+ }
ssl_tsan_counter(s->session_ctx,
&s->session_ctx->stats.sess_cb_hit);
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.18 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.19
--- src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.18 Sun May 7 14:40:27 2023
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c Tue Jun 11 10:47:52 2024
@@ -225,7 +225,11 @@ int ssl3_change_cipher_state(SSL *s, int
goto err;
}
- if (EVP_CIPHER_get0_provider(c) != NULL
+ /*
+ * The cipher we actually ended up using in the EVP_CIPHER_CTX may be
+ * different to that in c if we have an ENGINE in use
+ */
+ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL
&& !tls_provider_set_tls_params(s, dd, c, m)) {
/* SSLfatal already called */
goto err;
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.31 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.32
--- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.31 Sun May 7 14:40:27 2023
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Tue Jun 11 10:47:52 2024
@@ -3365,6 +3365,10 @@ void ssl3_free(SSL *s)
OPENSSL_free(s->s3.alpn_selected);
OPENSSL_free(s->s3.alpn_proposed);
+#ifndef OPENSSL_NO_PSK
+ OPENSSL_free(s->s3.tmp.psk);
+#endif
+
#ifndef OPENSSL_NO_SRP
ssl_srp_ctx_free_intern(s);
#endif
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.24 src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.25
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.24 Sun May 7 14:40:27 2023
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Tue Jun 11 10:47:52 2024
@@ -465,7 +465,8 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_c
comp->method = method;
comp->id = SSL_COMP_ZLIB_IDX;
comp->name = COMP_get_name(method);
- sk_SSL_COMP_push(ssl_comp_methods, comp);
+ if (!sk_SSL_COMP_push(ssl_comp_methods, comp))
+ OPENSSL_free(comp);
sk_SSL_COMP_sort(ssl_comp_methods);
}
}
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.24 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.25
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.24 Wed Oct 25 13:17:50 2023
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c Tue Jun 11 10:47:52 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -341,17 +341,31 @@ static int dane_tlsa_add(SSL_DANE *dane,
case DANETLS_SELECTOR_CERT:
if (!d2i_X509(&cert, &p, ilen) || p < data ||
dlen != (size_t)(p - data)) {
+ X509_free(cert);
tlsa_free(t);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
return 0;
}
if (X509_get0_pubkey(cert) == NULL) {
+ X509_free(cert);
tlsa_free(t);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
return 0;
}
if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
+ /*
+ * The Full(0) certificate decodes to a seemingly valid X.509
+ * object with a plausible key, so the TLSA record is well
+ * formed. However, we don't actually need the certifiate for
+ * usages PKIX-EE(1) or DANE-EE(3), because at least the EE
+ * certificate is always presented by the peer. We discard the
+ * certificate, and just use the TLSA data as an opaque blob
+ * for matching the raw presented DER octets.
+ *
+ * DO NOT FREE `t` here, it will be added to the TLSA record
+ * list below!
+ */
X509_free(cert);
break;
}
@@ -376,6 +390,7 @@ static int dane_tlsa_add(SSL_DANE *dane,
case DANETLS_SELECTOR_SPKI:
if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
dlen != (size_t)(p - data)) {
+ EVP_PKEY_free(pkey);
tlsa_free(t);
ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
return 0;
@@ -1211,8 +1226,6 @@ void SSL_free(SSL *s)
SSL_SESSION_free(s->psksession);
OPENSSL_free(s->psksession_id);
- clear_ciphers(s);
-
ssl_cert_free(s->cert);
OPENSSL_free(s->shared_sigalgs);
/* Free up if allocated */
@@ -1248,6 +1261,12 @@ void SSL_free(SSL *s)
if (s->method != NULL)
s->method->ssl_free(s);
+ /*
+ * Must occur after s->method->ssl_free(). The DTLS sent_messages queue
+ * may reference the EVP_CIPHER_CTX/EVP_MD_CTX that are freed here.
+ */
+ clear_ciphers(s);
+
SSL_CTX_free(s->ctx);
ASYNC_WAIT_CTX_free(s->waitctx);
@@ -3717,9 +3736,10 @@ void ssl_update_cache(SSL *s, int mode)
/*
* If the session_id_length is 0, we are not supposed to cache it, and it
- * would be rather hard to do anyway :-)
+ * would be rather hard to do anyway :-). Also if the session has already
+ * been marked as not_resumable we should not cache it for later reuse.
*/
- if (s->session->session_id_length == 0)
+ if (s->session->session_id_length == 0 || s->session->not_resumable)
return;
/*
@@ -4972,6 +4992,8 @@ IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_
* If |dst| points to a NULL pointer, a new stack will be created and owned by
* the caller.
* Returns the number of SCTs moved, or a negative integer if an error occurs.
+ * The |dst| stack is created and possibly partially populated even in case
+ * of error, likewise the |src| stack may be left in an intermediate state.
*/
static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
sct_source_t origin)
@@ -4991,15 +5013,14 @@ static int ct_move_scts(STACK_OF(SCT) **
if (SCT_set_source(sct, origin) != 1)
goto err;
- if (sk_SCT_push(*dst, sct) <= 0)
+ if (!sk_SCT_push(*dst, sct))
goto err;
scts_moved += 1;
}
return scts_moved;
err:
- if (sct != NULL)
- sk_SCT_push(src, sct); /* Put the SCT back */
+ SCT_free(sct);
return -1;
}
@@ -5471,6 +5492,9 @@ int SSL_free_buffers(SSL *ssl)
if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
return 0;
+ if (RECORD_LAYER_data_present(rl))
+ return 0;
+
RECORD_LAYER_release(rl);
return 1;
}
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.20 src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.21
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c:1.20 Sun May 7 14:40:27 2023
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_err.c Tue Jun 11 10:47:52 2024
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -457,6 +457,8 @@ static const ERR_STRING_DATA SSL_str_rea
"tlsv1 alert insufficient security"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
"tlsv1 alert internal error"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL),
+ "tlsv1 alert no application protocol"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
"tlsv1 alert no renegotiation"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
@@ -465,6 +467,8 @@ static const ERR_STRING_DATA SSL_str_rea
"tlsv1 alert record overflow"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA),
"tlsv1 alert unknown ca"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY),
+ "tlsv1 alert unknown psk identity"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED),
"tlsv1 alert user cancelled"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.23 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.24
--- src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.23 Sun May 7 14:40:27 2023
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c Tue Jun 11 10:47:52 2024
@@ -427,7 +427,12 @@ int tls1_change_cipher_state(SSL *s, int
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
- if (EVP_CIPHER_get0_provider(c) != NULL
+
+ /*
+ * The cipher we actually ended up using in the EVP_CIPHER_CTX may be
+ * different to that in c if we have an ENGINE in use
+ */
+ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL
&& !tls_provider_set_tls_params(s, dd, c, m)) {
/* SSLfatal already called */
goto err;
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.38 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.39
--- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.38 Wed Oct 25 13:17:50 2023
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Tue Jun 11 10:47:52 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -734,7 +734,8 @@ static int gid_cb(const char *elem, int
return 0;
if (garg->gidcnt == garg->gidmax) {
uint16_t *tmp =
- OPENSSL_realloc(garg->gid_arr, garg->gidmax + GROUPLIST_INCREMENT);
+ OPENSSL_realloc(garg->gid_arr,
+ (garg->gidmax + GROUPLIST_INCREMENT) * sizeof(*garg->gid_arr));
if (tmp == NULL)
return 0;
garg->gidmax += GROUPLIST_INCREMENT;
Index: src/crypto/external/bsd/openssl/dist/test/bntest.c
diff -u src/crypto/external/bsd/openssl/dist/test/bntest.c:1.11 src/crypto/external/bsd/openssl/dist/test/bntest.c:1.12
--- src/crypto/external/bsd/openssl/dist/test/bntest.c:1.11 Sun May 7 14:40:27 2023
+++ src/crypto/external/bsd/openssl/dist/test/bntest.c Tue Jun 11 10:47:52 2024
@@ -891,6 +891,14 @@ static int test_gf2m_modinv(void)
|| !TEST_ptr(d = BN_new()))
goto err;
+ /* Test that a non-sensical, too small value causes a failure */
+ if (!TEST_true(BN_one(b[0])))
+ goto err;
+ if (!TEST_true(BN_bntest_rand(a, 512, 0, 0)))
+ goto err;
+ if (!TEST_false(BN_GF2m_mod_inv(c, a, b[0], ctx)))
+ goto err;
+
if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0]))
&& TEST_true(BN_GF2m_arr2poly(p1, b[1]))))
goto err;
@@ -2927,6 +2935,108 @@ err:
return res;
}
+static int test_mod_inverse(void)
+{
+ int res = 0;
+ char *str = NULL;
+ BIGNUM *a = NULL;
+ BIGNUM *b = NULL;
+ BIGNUM *r = NULL;
+
+ if (!TEST_true(BN_dec2bn(&a, "5193817943")))
+ goto err;
+ if (!TEST_true(BN_dec2bn(&b, "3259122431")))
+ goto err;
+ if (!TEST_ptr(r = BN_new()))
+ goto err;
+ if (!TEST_ptr_eq(BN_mod_inverse(r, a, b, ctx), r))
+ goto err;
+ if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL))
+ goto err;
+ if (!TEST_int_eq(strcmp(str, "2609653924"), 0))
+ goto err;
+
+ /* Note that this aliases the result with the modulus. */
+ if (!TEST_ptr_null(BN_mod_inverse(b, a, b, ctx)))
+ goto err;
+
+ res = 1;
+
+err:
+ BN_free(a);
+ BN_free(b);
+ BN_free(r);
+ OPENSSL_free(str);
+ return res;
+}
+
+static int test_mod_exp_alias(int idx)
+{
+ int res = 0;
+ char *str = NULL;
+ BIGNUM *a = NULL;
+ BIGNUM *b = NULL;
+ BIGNUM *c = NULL;
+ BIGNUM *r = NULL;
+
+ if (!TEST_true(BN_dec2bn(&a, "15")))
+ goto err;
+ if (!TEST_true(BN_dec2bn(&b, "10")))
+ goto err;
+ if (!TEST_true(BN_dec2bn(&c, "39")))
+ goto err;
+ if (!TEST_ptr(r = BN_new()))
+ goto err;
+
+ if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple
+ : BN_mod_exp_recp)(r, a, b, c, ctx), 1))
+ goto err;
+ if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL))
+ goto err;
+ if (!TEST_str_eq(str, "36"))
+ goto err;
+
+ OPENSSL_free(str);
+ str = NULL;
+
+ BN_copy(r, b);
+
+ /* Aliasing with exponent must work. */
+ if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple
+ : BN_mod_exp_recp)(r, a, r, c, ctx), 1))
+ goto err;
+ if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL))
+ goto err;
+ if (!TEST_str_eq(str, "36"))
+ goto err;
+
+ OPENSSL_free(str);
+ str = NULL;
+
+ /* Aliasing with modulus should return failure for the simple call. */
+ if (idx == 0) {
+ if (!TEST_int_eq(BN_mod_exp_simple(c, a, b, c, ctx), 0))
+ goto err;
+ } else {
+ if (!TEST_int_eq(BN_mod_exp_recp(c, a, b, c, ctx), 1))
+ goto err;
+ if (!TEST_ptr_ne(str = BN_bn2dec(c), NULL))
+ goto err;
+ if (!TEST_str_eq(str, "36"))
+ goto err;
+ }
+
+ res = 1;
+
+err:
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(r);
+ OPENSSL_free(str);
+ return res;
+}
+
static int file_test_run(STANZA *s)
{
static const FILETEST filetests[] = {
@@ -3036,6 +3146,8 @@ int setup_tests(void)
ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests));
ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests));
ADD_TEST(test_mod);
+ ADD_TEST(test_mod_inverse);
+ ADD_ALL_TESTS(test_mod_exp_alias, 2);
ADD_TEST(test_modexp_mont5);
ADD_TEST(test_kronecker);
ADD_TEST(test_rand);
Index: src/crypto/external/bsd/openssl/dist/test/evp_test.c
diff -u src/crypto/external/bsd/openssl/dist/test/evp_test.c:1.11 src/crypto/external/bsd/openssl/dist/test/evp_test.c:1.12
--- src/crypto/external/bsd/openssl/dist/test/evp_test.c:1.11 Wed Oct 25 13:17:51 2023
+++ src/crypto/external/bsd/openssl/dist/test/evp_test.c Tue Jun 11 10:47:52 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -696,6 +696,9 @@ static int cipher_test_enc(EVP_TEST *t,
int ok = 0, tmplen, chunklen, tmpflen, i;
EVP_CIPHER_CTX *ctx_base = NULL;
EVP_CIPHER_CTX *ctx = NULL;
+ int fips_dupctx_supported = (fips_provider_version_gt(libctx, 3, 0, 12)
+ && fips_provider_version_lt(libctx, 3, 1, 0))
+ || fips_provider_version_ge(libctx, 3, 1, 3);
t->err = "TEST_FAILURE";
if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new()))
@@ -826,12 +829,20 @@ static int cipher_test_enc(EVP_TEST *t,
/* Test that the cipher dup functions correctly if it is supported */
ERR_set_mark();
- if (EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
- EVP_CIPHER_CTX_free(ctx_base);
- ctx_base = NULL;
- } else {
+ if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) {
+ if (fips_dupctx_supported) {
+ TEST_info("Doing a copy of Cipher %s Fails!\n",
+ EVP_CIPHER_get0_name(expected->cipher));
+ ERR_print_errors_fp(stderr);
+ goto err;
+ } else {
+ TEST_info("Allowing copy fail as an old fips provider is in use.");
+ }
EVP_CIPHER_CTX_free(ctx);
ctx = ctx_base;
+ } else {
+ EVP_CIPHER_CTX_free(ctx_base);
+ ctx_base = NULL;
}
ERR_pop_to_mark();
@@ -1016,6 +1027,7 @@ static int cipher_test_run(EVP_TEST *t)
int rv, frag = 0;
size_t out_misalign, inp_misalign;
+ TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher));
if (!cdat->key) {
t->err = "NO_KEY";
return 0;
@@ -1408,6 +1420,7 @@ static int mac_test_run_mac(EVP_TEST *t)
EVP_MAC_CTX *ctx = NULL;
unsigned char *got = NULL;
size_t got_len = 0, size = 0;
+ size_t size_before_init = 0, size_after_init, size_val = 0;
int i, block_size = -1, output_size = -1;
OSSL_PARAM params[21], sizes[3], *psizes = sizes;
size_t params_n = 0;
@@ -1504,6 +1517,9 @@ static int mac_test_run_mac(EVP_TEST *t)
}
params_n++;
+ if (strcmp(tmpkey, "size") == 0)
+ size_val = (size_t)strtoul(tmpval, NULL, 0);
+
OPENSSL_free(tmpkey);
}
params[params_n] = OSSL_PARAM_construct_end();
@@ -1512,11 +1528,31 @@ static int mac_test_run_mac(EVP_TEST *t)
t->err = "MAC_CREATE_ERROR";
goto err;
}
-
+ if (fips_provider_version_gt(libctx, 3, 1, 4)
+ || (fips_provider_version_lt(libctx, 3, 1, 0)
+ && fips_provider_version_gt(libctx, 3, 0, 12)))
+ size_before_init = EVP_MAC_CTX_get_mac_size(ctx);
if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) {
t->err = "MAC_INIT_ERROR";
goto err;
}
+ size_after_init = EVP_MAC_CTX_get_mac_size(ctx);
+ if (!TEST_false(size_before_init == 0 && size_after_init == 0)) {
+ t->err = "MAC SIZE not set";
+ goto err;
+ }
+ if (size_before_init != 0) {
+ /* mac-size not modified by init params */
+ if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) {
+ t->err = "MAC SIZE check failed";
+ goto err;
+ }
+ /* mac-size modified by init params */
+ if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) {
+ t->err = "MAC SIZE check failed";
+ goto err;
+ }
+ }
if (expected->output_size >= 0)
*psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE,
&output_size);
@@ -2737,30 +2773,33 @@ static int kdf_test_ctrl(EVP_TEST *t, EV
if (!TEST_ptr(name = OPENSSL_strdup(value)))
return 0;
p = strchr(name, ':');
- if (p != NULL)
+ if (p == NULL)
+ p = "";
+ else
*p++ = '\0';
rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
- p != NULL ? strlen(p) : 0, NULL);
+ strlen(p), NULL);
*++kdata->p = OSSL_PARAM_construct_end();
if (!rv) {
t->err = "KDF_PARAM_ERROR";
OPENSSL_free(name);
return 0;
}
- if (p != NULL && strcmp(name, "digest") == 0) {
+ if (strcmp(name, "digest") == 0) {
if (is_digest_disabled(p)) {
TEST_info("skipping, '%s' is disabled", p);
t->skip = 1;
}
}
- if (p != NULL
- && (strcmp(name, "cipher") == 0
- || strcmp(name, "cekalg") == 0)
+
+ if ((strcmp(name, "cipher") == 0
+ || strcmp(name, "cekalg") == 0)
&& is_cipher_disabled(p)) {
TEST_info("skipping, '%s' is disabled", p);
t->skip = 1;
}
+
OPENSSL_free(name);
return 1;
}
Index: src/crypto/external/bsd/openssl/dist/test/dsatest.c
diff -u src/crypto/external/bsd/openssl/dist/test/dsatest.c:1.6 src/crypto/external/bsd/openssl/dist/test/dsatest.c:1.7
--- src/crypto/external/bsd/openssl/dist/test/dsatest.c:1.6 Wed May 31 15:30:30 2023
+++ src/crypto/external/bsd/openssl/dist/test/dsatest.c Tue Jun 11 10:47:52 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -332,6 +332,7 @@ static int test_dsa_sig_infinite_loop(vo
BIGNUM *p = NULL, *q = NULL, *g = NULL, *priv = NULL, *pub = NULL, *priv2 = NULL;
BIGNUM *badq = NULL, *badpriv = NULL;
const unsigned char msg[] = { 0x00 };
+ unsigned int signature_len0;
unsigned int signature_len;
unsigned char signature[64];
@@ -375,10 +376,13 @@ static int test_dsa_sig_infinite_loop(vo
goto err;
/* Test passing signature as NULL */
- if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len, dsa)))
+ if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len0, dsa))
+ || !TEST_int_gt(signature_len0, 0))
goto err;
- if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)))
+ if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))
+ || !TEST_int_gt(signature_len, 0)
+ || !TEST_int_le(signature_len, signature_len0))
goto err;
/* Test using a private key of zero fails - this causes an infinite loop without the retry test */
Index: src/crypto/external/bsd/openssl/dist/test/ecdsatest.c
diff -u src/crypto/external/bsd/openssl/dist/test/ecdsatest.c:1.8 src/crypto/external/bsd/openssl/dist/test/ecdsatest.c:1.9
--- src/crypto/external/bsd/openssl/dist/test/ecdsatest.c:1.8 Wed May 31 15:30:30 2023
+++ src/crypto/external/bsd/openssl/dist/test/ecdsatest.c Tue Jun 11 10:47:52 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -350,15 +350,39 @@ static int test_builtin_as_sm2(int n)
static int test_ecdsa_sig_NULL(void)
{
int ret;
+ unsigned int siglen0;
unsigned int siglen;
unsigned char dgst[128] = { 0 };
EC_KEY *eckey = NULL;
+ unsigned char *sig = NULL;
+ BIGNUM *kinv = NULL, *rp = NULL;
ret = TEST_ptr(eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1))
&& TEST_int_eq(EC_KEY_generate_key(eckey), 1)
- && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen, eckey), 1)
- && TEST_int_gt(siglen, 0);
+ && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen0,
+ eckey), 1)
+ && TEST_int_gt(siglen0, 0)
+ && TEST_ptr(sig = OPENSSL_malloc(siglen0))
+ && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), sig, &siglen,
+ eckey), 1)
+ && TEST_int_gt(siglen, 0)
+ && TEST_int_le(siglen, siglen0)
+ && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen,
+ eckey), 1)
+ && TEST_int_eq(ECDSA_sign_setup(eckey, NULL, &kinv, &rp), 1)
+ && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), NULL, &siglen,
+ kinv, rp, eckey), 1)
+ && TEST_int_gt(siglen, 0)
+ && TEST_int_le(siglen, siglen0)
+ && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), sig, &siglen0,
+ kinv, rp, eckey), 1)
+ && TEST_int_eq(siglen, siglen0)
+ && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen,
+ eckey), 1);
EC_KEY_free(eckey);
+ OPENSSL_free(sig);
+ BN_free(kinv);
+ BN_free(rp);
return ret;
}
Index: src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c
diff -u src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.14 src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.15
--- src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.14 Wed Oct 25 13:17:51 2023
+++ src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c Tue Jun 11 10:47:52 2024
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,6 +37,10 @@
#include "internal/sizes.h"
#include "crypto/evp.h"
+#ifdef STATIC_LEGACY
+OSSL_provider_init_fn ossl_legacy_provider_init;
+#endif
+
static OSSL_LIB_CTX *testctx = NULL;
static char *testpropq = NULL;
@@ -486,6 +490,10 @@ static const unsigned char cfbPlaintext[
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
0x73, 0x93, 0x17, 0x2A
};
+static const unsigned char cfbPlaintext_partial[] = {
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
+ 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+};
static const unsigned char gcmDefaultPlaintext[16] = { 0 };
@@ -502,6 +510,16 @@ static const unsigned char cfbCiphertext
0xE8, 0x3C, 0xFB, 0x4A
};
+static const unsigned char cfbCiphertext_partial[] = {
+ 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
+ 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
+};
+
+static const unsigned char ofbCiphertext_partial[] = {
+ 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
+ 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
+};
+
static const unsigned char gcmDefaultCiphertext[] = {
0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
0xba, 0xf3, 0x9d, 0x18
@@ -1082,7 +1100,7 @@ static int test_EC_priv_only_legacy(void
goto err;
eckey = NULL;
- while (dup_pk == NULL) {
+ for (;;) {
ret = 0;
ctx = EVP_MD_CTX_new();
if (!TEST_ptr(ctx))
@@ -1098,6 +1116,9 @@ static int test_EC_priv_only_legacy(void
EVP_MD_CTX_free(ctx);
ctx = NULL;
+ if (dup_pk != NULL)
+ break;
+
if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
goto err;
/* EVP_PKEY_eq() returns -2 with missing public keys */
@@ -1107,6 +1128,7 @@ static int test_EC_priv_only_legacy(void
if (!ret)
goto err;
}
+ ret = 1;
err:
EVP_MD_CTX_free(ctx);
@@ -2565,6 +2587,47 @@ static int test_emptyikm_HKDF(void)
return ret;
}
+static int test_empty_salt_info_HKDF(void)
+{
+ EVP_PKEY_CTX *pctx;
+ unsigned char out[20];
+ size_t outlen;
+ int ret = 0;
+ unsigned char salt[] = "";
+ unsigned char key[] = "012345678901234567890123456789";
+ unsigned char info[] = "";
+ const unsigned char expected[] = {
+ 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a,
+ 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06,
+ };
+ size_t expectedlen = sizeof(expected);
+
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
+ goto done;
+
+ outlen = sizeof(out);
+ memset(out, 0, outlen);
+
+ if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
+ sizeof(salt) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
+ sizeof(key) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
+ sizeof(info) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
+ || !TEST_mem_eq(out, outlen, expected, expectedlen))
+ goto done;
+
+ ret = 1;
+
+ done:
+ EVP_PKEY_CTX_free(pctx);
+
+ return ret;
+}
+
#ifndef OPENSSL_NO_EC
static int test_X509_PUBKEY_inplace(void)
{
@@ -3740,6 +3803,30 @@ static const EVP_INIT_TEST_st evp_init_t
}
};
+/* use same key, iv and plaintext for cfb and ofb */
+static const EVP_INIT_TEST_st evp_reinit_tests[] = {
+ {
+ "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
+ cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
+ sizeof(cfbCiphertext_partial), 0, 0, 1, 0
+ },
+ {
+ "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
+ cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
+ sizeof(cfbPlaintext_partial), 0, 0, 0, 0
+ },
+ {
+ "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
+ ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
+ sizeof(ofbCiphertext_partial), 0, 0, 1, 0
+ },
+ {
+ "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
+ cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
+ sizeof(cfbPlaintext_partial), 0, 0, 0, 0
+ },
+};
+
static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
{
int res = 0;
@@ -3844,6 +3931,44 @@ static int test_evp_init_seq(int idx)
return testresult;
}
+/*
+ * Test re-initialization of cipher context without changing key or iv.
+ * The result of both iteration should be the same.
+ */
+static int test_evp_reinit_seq(int idx)
+{
+ int outlen1, outlen2, outlen_final;
+ int testresult = 0;
+ unsigned char outbuf1[1024];
+ unsigned char outbuf2[1024];
+ const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
+ EVP_CIPHER_CTX *ctx = NULL;
+ EVP_CIPHER *type = NULL;
+
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
+ || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
+ /* setup cipher context */
+ || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
+ /* first iteration */
+ || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
+ || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
+ /* check test results iteration 1 */
+ || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
+ /* now re-init the context (same cipher, key and iv) */
+ || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
+ /* second iteration */
+ || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
+ || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
+ /* check test results iteration 2 */
+ || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
+ goto err;
+ testresult = 1;
+ err:
+ EVP_CIPHER_CTX_free(ctx);
+ EVP_CIPHER_free(type);
+ return testresult;
+}
+
typedef struct {
const unsigned char *input;
const unsigned char *expected;
@@ -3927,7 +4052,7 @@ static int test_evp_reset(int idx)
TEST_info("test_evp_reset %d: %s", idx, errmsg);
EVP_CIPHER_CTX_free(ctx);
EVP_CIPHER_free(type);
- return testresult;
+ return testresult;
}
typedef struct {
@@ -4164,6 +4289,134 @@ static int test_gcm_reinit(int idx)
return testresult;
}
+static const char *ivlen_change_ciphers[] = {
+ "AES-256-GCM",
+#ifndef OPENSSL_NO_OCB
+ "AES-256-OCB",
+#endif
+ "AES-256-CCM"
+};
+
+/* Negative test for ivlen change after iv being set */
+static int test_ivlen_change(int idx)
+{
+ int outlen;
+ int res = 0;
+ unsigned char outbuf[1024];
+ static const unsigned char iv[] = {
+ 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
+ 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
+ };
+ EVP_CIPHER_CTX *ctx = NULL;
+ EVP_CIPHER *ciph = NULL;
+ OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+ size_t ivlen = 13; /* non-default IV length */
+
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
+ goto err;
+
+ if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
+ testpropq)))
+ goto err;
+
+ if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
+ goto err;
+
+ if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
+ sizeof(gcmDefaultPlaintext))))
+ goto err;
+
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
+ &ivlen);
+ if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
+ goto err;
+
+ ERR_set_mark();
+ if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
+ sizeof(gcmDefaultPlaintext)))) {
+ ERR_clear_last_mark();
+ goto err;
+ }
+ ERR_pop_to_mark();
+
+ res = 1;
+ err:
+ EVP_CIPHER_CTX_free(ctx);
+ EVP_CIPHER_free(ciph);
+ return res;
+}
+
+static const char *keylen_change_ciphers[] = {
+#ifndef OPENSSL_NO_BF
+ "BF-ECB",
+#endif
+#ifndef OPENSSL_NO_CAST
+ "CAST5-ECB",
+#endif
+#ifndef OPENSSL_NO_RC2
+ "RC2-ECB",
+#endif
+#ifndef OPENSSL_NO_RC4
+ "RC4",
+#endif
+#ifndef OPENSSL_NO_RC5
+ "RC5-ECB",
+#endif
+ NULL
+};
+
+/* Negative test for keylen change after key was set */
+static int test_keylen_change(int idx)
+{
+ int outlen;
+ int res = 0;
+ unsigned char outbuf[1024];
+ static const unsigned char key[] = {
+ 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
+ 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
+ };
+ EVP_CIPHER_CTX *ctx = NULL;
+ EVP_CIPHER *ciph = NULL;
+ OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+ size_t keylen = 12; /* non-default key length */
+
+ if (lgcyprov == NULL)
+ return TEST_skip("Test requires legacy provider to be loaded");
+
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
+ goto err;
+
+ if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
+ testpropq)))
+ goto err;
+
+ if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
+ goto err;
+
+ if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
+ sizeof(gcmDefaultPlaintext))))
+ goto err;
+
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
+ &keylen);
+ if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
+ goto err;
+
+ ERR_set_mark();
+ if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
+ sizeof(gcmDefaultPlaintext)))) {
+ ERR_clear_last_mark();
+ goto err;
+ }
+ ERR_pop_to_mark();
+
+ res = 1;
+ err:
+ EVP_CIPHER_CTX_free(ctx);
+ EVP_CIPHER_free(ciph);
+ return res;
+}
+
#ifndef OPENSSL_NO_DEPRECATED_3_0
static EVP_PKEY_METHOD *custom_pmeth = NULL;
static const EVP_PKEY_METHOD *orig_pmeth = NULL;
@@ -5109,6 +5362,15 @@ int setup_tests(void)
testctx = OSSL_LIB_CTX_new();
if (!TEST_ptr(testctx))
return 0;
+#ifdef STATIC_LEGACY
+ /*
+ * This test is always statically linked against libcrypto. We must not
+ * attempt to load legacy.so that might be dynamically linked against
+ * libcrypto. Instead we use a built-in version of the legacy provider.
+ */
+ if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
+ return 0;
+#endif
/* Swap the libctx to test non-default context only */
nullprov = OSSL_PROVIDER_load(NULL, "null");
deflprov = OSSL_PROVIDER_load(testctx, "default");
@@ -5164,6 +5426,7 @@ int setup_tests(void)
#endif
ADD_TEST(test_HKDF);
ADD_TEST(test_emptyikm_HKDF);
+ ADD_TEST(test_empty_salt_info_HKDF);
#ifndef OPENSSL_NO_EC
ADD_TEST(test_X509_PUBKEY_inplace);
ADD_TEST(test_X509_PUBKEY_dup);
@@ -5213,8 +5476,12 @@ int setup_tests(void)
ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
+ ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
+ ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
+ if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
+ ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
#ifndef OPENSSL_NO_DEPRECATED_3_0
ADD_ALL_TESTS(test_custom_pmeth, 12);
