diff options
Diffstat (limited to 'src/crypto')
296 files changed, 6545 insertions, 5555 deletions
diff --git a/src/crypto/CMakeLists.txt b/src/crypto/CMakeLists.txt index 6858cbb..3115279 100644 --- a/src/crypto/CMakeLists.txt +++ b/src/crypto/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. ../include) +include_directories(../include) if(APPLE) if (${ARCH} STREQUAL "x86") @@ -57,7 +57,6 @@ if (${ARCH} STREQUAL "x86_64") set( CRYPTO_ARCH_SOURCES - cpu-x86_64-asm.${ASM_EXT} cpu-intel.c ) endif() @@ -66,7 +65,6 @@ if (${ARCH} STREQUAL "x86") set( CRYPTO_ARCH_SOURCES - cpu-x86-asm.${ASM_EXT} cpu-intel.c ) endif() @@ -230,6 +228,3 @@ add_executable( ) target_link_libraries(refcount_test crypto) - -perlasm(cpu-x86_64-asm.${ASM_EXT} cpu-x86_64-asm.pl) -perlasm(cpu-x86-asm.${ASM_EXT} cpu-x86-asm.pl) diff --git a/src/crypto/aes/CMakeLists.txt b/src/crypto/aes/CMakeLists.txt index 490f40a..c82d99a 100644 --- a/src/crypto/aes/CMakeLists.txt +++ b/src/crypto/aes/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) if (${ARCH} STREQUAL "x86_64") set( @@ -60,3 +60,12 @@ perlasm(aesni-x86.${ASM_EXT} asm/aesni-x86.pl) perlasm(aes-armv4.${ASM_EXT} asm/aes-armv4.pl) perlasm(bsaes-armv7.${ASM_EXT} asm/bsaes-armv7.pl) perlasm(aesv8-armx.${ASM_EXT} asm/aesv8-armx.pl) + +add_executable( + aes_test + + aes_test.cc + $<TARGET_OBJECTS:test_support> +) + +target_link_libraries(aes_test crypto) diff --git a/src/crypto/aes/aes_test.cc b/src/crypto/aes/aes_test.cc new file mode 100644 index 0000000..e488d81 --- /dev/null +++ b/src/crypto/aes/aes_test.cc @@ -0,0 +1,102 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <stdio.h> +#include <string.h> + +#include <openssl/aes.h> +#include <openssl/crypto.h> + + +static bool TestAES(const uint8_t *key, size_t key_len, + const uint8_t plaintext[AES_BLOCK_SIZE], + const uint8_t ciphertext[AES_BLOCK_SIZE]) { + AES_KEY aes_key; + if (AES_set_encrypt_key(key, key_len * 8, &aes_key) != 0) { + fprintf(stderr, "AES_set_encrypt_key failed\n"); + return false; + } + + // Test encryption. + uint8_t block[AES_BLOCK_SIZE]; + AES_encrypt(plaintext, block, &aes_key); + if (memcmp(block, ciphertext, AES_BLOCK_SIZE) != 0) { + fprintf(stderr, "AES_encrypt gave the wrong output\n"); + return false; + } + + // Test in-place encryption. + memcpy(block, plaintext, AES_BLOCK_SIZE); + AES_encrypt(block, block, &aes_key); + if (memcmp(block, ciphertext, AES_BLOCK_SIZE) != 0) { + fprintf(stderr, "AES_encrypt gave the wrong output\n"); + return false; + } + + if (AES_set_decrypt_key(key, key_len * 8, &aes_key) != 0) { + fprintf(stderr, "AES_set_decrypt_key failed\n"); + return false; + } + + // Test decryption. + AES_decrypt(ciphertext, block, &aes_key); + if (memcmp(block, plaintext, AES_BLOCK_SIZE) != 0) { + fprintf(stderr, "AES_decrypt gave the wrong output\n"); + return false; + } + + // Test in-place decryption. + memcpy(block, ciphertext, AES_BLOCK_SIZE); + AES_decrypt(block, block, &aes_key); + if (memcmp(block, plaintext, AES_BLOCK_SIZE) != 0) { + fprintf(stderr, "AES_decrypt gave the wrong output\n"); + return false; + } + return true; +} + +int main() { + CRYPTO_library_init(); + + // Test vectors from FIPS-197, Appendix C. + if (!TestAES((const uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + 128 / 8, + (const uint8_t *)"\x00\x11\x22\x33\x44\x55\x66\x77" + "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", + (const uint8_t *)"\x69\xc4\xe0\xd8\x6a\x7b\x04\x30" + "\xd8\xcd\xb7\x80\x70\xb4\xc5\x5a") || + !TestAES((const uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17", + 192 / 8, + (const uint8_t *)"\x00\x11\x22\x33\x44\x55\x66\x77" + "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", + (const uint8_t *)"\xdd\xa9\x7c\xa4\x86\x4c\xdf\xe0" + "\x6e\xaf\x70\xa0\xec\x0d\x71\x91") || + !TestAES((const uint8_t *)"\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17" + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", + 256 / 8, + (const uint8_t *)"\x00\x11\x22\x33\x44\x55\x66\x77" + "\x88\x99\xaa\xbb\xcc\xdd\xee\xff", + (const uint8_t *)"\x8e\xa2\xb7\xca\x51\x67\x45\xbf" + "\xea\xfc\x49\x90\x4b\x49\x60\x89")) { + return false; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/aes/asm/aes-586.pl b/src/crypto/aes/asm/aes-586.pl index 07fb94c..6e8a6a8 100755 --- a/src/crypto/aes/asm/aes-586.pl +++ b/src/crypto/aes/asm/aes-586.pl @@ -45,7 +45,7 @@ # the undertaken effort was that it appeared that in tight IA-32 # register window little-endian flavor could achieve slightly higher # Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent µ-archs... +# better performance on most recent µ-archs... # # Third version adds AES_cbc_encrypt implementation, which resulted in # up to 40% performance imrovement of CBC benchmark results. 40% was @@ -224,7 +224,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } $speed_limit=512; # chunks smaller than $speed_limit are # processed with compact routine in CBC mode $small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent µ-archs], but ~5 times smaller! + # recent µ-archs], but ~5 times smaller! # I favor compact code to minimize cache # contention and in hope to "collect" 5% back # in real-life applications... @@ -565,7 +565,7 @@ sub enctransform() # Performance is not actually extraordinary in comparison to pure # x86 code. In particular encrypt performance is virtually the same. # Decrypt performance on the other hand is 15-20% better on newer -# µ-archs [but we're thankful for *any* improvement here], and ~50% +# µ-archs [but we're thankful for *any* improvement here], and ~50% # better on PIII:-) And additionally on the pros side this code # eliminates redundant references to stack and thus relieves/ # minimizes the pressure on the memory bus. diff --git a/src/crypto/aes/asm/aes-armv4.pl b/src/crypto/aes/asm/aes-armv4.pl index 36cd3b6..882017a 100644 --- a/src/crypto/aes/asm/aes-armv4.pl +++ b/src/crypto/aes/asm/aes-armv4.pl @@ -65,7 +65,7 @@ $rounds="r12"; $code=<<___; #if defined(__arm__) #ifndef __KERNEL__ -# include "arm_arch.h" +# include <openssl/arm_arch.h> #else # define __ARM_ARCH__ __LINUX_ARM_ARCH__ #endif diff --git a/src/crypto/aes/asm/aesv8-armx.pl b/src/crypto/aes/asm/aesv8-armx.pl index b0916f6..121154a 100644 --- a/src/crypto/aes/asm/aesv8-armx.pl +++ b/src/crypto/aes/asm/aesv8-armx.pl @@ -45,7 +45,7 @@ open OUT,"| \"$^X\" $xlate $flavour $output"; $prefix="aes_v8"; $code=<<___; -#include "arm_arch.h" +#include <openssl/arm_arch.h> #if __ARM_MAX_ARCH__>=7 .text diff --git a/src/crypto/aes/asm/bsaes-armv7.pl b/src/crypto/aes/asm/bsaes-armv7.pl index 273f0b9..7fe349a 100644 --- a/src/crypto/aes/asm/bsaes-armv7.pl +++ b/src/crypto/aes/asm/bsaes-armv7.pl @@ -703,7 +703,7 @@ ___ $code.=<<___; #if defined(__arm__) #ifndef __KERNEL__ -# include "arm_arch.h" +# include <openssl/arm_arch.h> # define VFP_ABI_PUSH vstmdb sp!,{d8-d15} # define VFP_ABI_POP vldmia sp!,{d8-d15} diff --git a/src/crypto/arm_arch.h b/src/crypto/arm_arch.h deleted file mode 100644 index 0600fbb..0000000 --- a/src/crypto/arm_arch.h +++ /dev/null @@ -1,136 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#ifndef OPENSSL_HEADER_ARM_ARCH_H -#define OPENSSL_HEADER_ARM_ARCH_H - -#if !defined(__ARM_ARCH__) -# if defined(__CC_ARM) -# define __ARM_ARCH__ __TARGET_ARCH_ARM -# if defined(__BIG_ENDIAN) -# define __ARMEB__ -# else -# define __ARMEL__ -# endif -# elif defined(__GNUC__) -# if defined(__aarch64__) -# define __ARM_ARCH__ 8 -# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ -# define __ARMEB__ -# else -# define __ARMEL__ -# endif - /* Why doesn't gcc define __ARM_ARCH__? Instead it defines - * bunch of below macros. See all_architectires[] table in - * gcc/config/arm/arm.c. On a side note it defines - * __ARMEL__/__ARMEB__ for little-/big-endian. */ -# elif defined(__ARM_ARCH) -# define __ARM_ARCH__ __ARM_ARCH -# elif defined(__ARM_ARCH_8A__) -# define __ARM_ARCH__ 8 -# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ - defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ - defined(__ARM_ARCH_7EM__) -# define __ARM_ARCH__ 7 -# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ - defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ - defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ - defined(__ARM_ARCH_6T2__) -# define __ARM_ARCH__ 6 -# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ - defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ - defined(__ARM_ARCH_5TEJ__) -# define __ARM_ARCH__ 5 -# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) -# define __ARM_ARCH__ 4 -# else -# error "unsupported ARM architecture" -# endif -# endif -#endif - -/* Even when building for 32-bit ARM, support for aarch64 crypto instructions - * will be included. */ -#define __ARM_MAX_ARCH__ 8 - -#if !__ASSEMBLER__ - -/* OPENSSL_armcap_P contains flags describing the capabilities of the CPU and - * is easy for assembly code to acesss. For C code, see the functions in - * |cpu.h|. */ -extern uint32_t OPENSSL_armcap_P; - -#endif /* !__ASSEMBLER__ */ - -/* ARMV7_NEON is true when a NEON unit is present in the current CPU. */ -#define ARMV7_NEON (1 << 0) - -/* ARMV7_NEON_FUNCTIONAL is true when the NEON unit doesn't contain subtle bugs. - * The Poly1305 NEON code is known to trigger bugs in the NEON units of some - * phones. If this bit isn't set then the Poly1305 NEON code won't be used. - * See https://code.google.com/p/chromium/issues/detail?id=341598. */ -#define ARMV7_NEON_FUNCTIONAL (1 << 10) - -/* ARMV8_AES indicates support for hardware AES instructions. */ -#define ARMV8_AES (1 << 2) - -/* ARMV8_SHA1 indicates support for hardware SHA-1 instructions. */ -#define ARMV8_SHA1 (1 << 3) - -/* ARMV8_SHA256 indicates support for hardware SHA-256 instructions. */ -#define ARMV8_SHA256 (1 << 4) - -/* ARMV8_PMULL indicates support for carryless multiplication. */ -#define ARMV8_PMULL (1 << 5) - - -#endif /* OPENSSL_HEADER_THREAD_H */ diff --git a/src/crypto/asn1/CMakeLists.txt b/src/crypto/asn1/CMakeLists.txt index 283636e..41e3122 100644 --- a/src/crypto/asn1/CMakeLists.txt +++ b/src/crypto/asn1/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( asn1 diff --git a/src/crypto/asn1/a_bitstr.c b/src/crypto/asn1/a_bitstr.c index 8055f0c..8bad339 100644 --- a/src/crypto/asn1/a_bitstr.c +++ b/src/crypto/asn1/a_bitstr.c @@ -125,8 +125,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, if (len < 1) { - OPENSSL_PUT_ERROR(ASN1, c2i_ASN1_BIT_STRING, - ASN1_R_STRING_TOO_SHORT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT); goto err; } @@ -141,8 +140,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, padding = *(p++); if (padding > 7) { - OPENSSL_PUT_ERROR(ASN1, c2i_ASN1_BIT_STRING, - ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); goto err; } @@ -157,8 +155,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, s=(unsigned char *)OPENSSL_malloc((int)len); if (s == NULL) { - OPENSSL_PUT_ERROR(ASN1, c2i_ASN1_BIT_STRING, - ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } memcpy(s,p,(int)len); @@ -209,7 +206,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) w+1); if (c == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_BIT_STRING_set_bit, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return 0; } if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); diff --git a/src/crypto/asn1/a_bool.c b/src/crypto/asn1/a_bool.c index c30ee48..826bcf4 100644 --- a/src/crypto/asn1/a_bool.c +++ b/src/crypto/asn1/a_bool.c @@ -107,6 +107,6 @@ int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) *pp=p; return(ret); err: - OPENSSL_PUT_ERROR(ASN1, d2i_ASN1_BOOLEAN, i); + OPENSSL_PUT_ERROR(ASN1, i); return(ret); } diff --git a/src/crypto/asn1/a_bytes.c b/src/crypto/asn1/a_bytes.c index 8874f48..1904375 100644 --- a/src/crypto/asn1/a_bytes.c +++ b/src/crypto/asn1/a_bytes.c @@ -125,7 +125,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, *pp=p; return(ret); err: - OPENSSL_PUT_ERROR(ASN1, d2i_ASN1_type_bytes, i); + OPENSSL_PUT_ERROR(ASN1, i); if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_STRING_free(ret); return(NULL); @@ -243,7 +243,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, err: if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_STRING_free(ret); - OPENSSL_PUT_ERROR(ASN1, d2i_ASN1_bytes, i); + OPENSSL_PUT_ERROR(ASN1, i); return(NULL); } @@ -309,7 +309,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c) if (os != NULL) ASN1_STRING_free(os); return(1); err: - OPENSSL_PUT_ERROR(ASN1, asn1_collate_primitive, c->error); + OPENSSL_PUT_ERROR(ASN1, c->error); if (os != NULL) ASN1_STRING_free(os); if (b.data != NULL) OPENSSL_free(b.data); return(0); diff --git a/src/crypto/asn1/a_d2i_fp.c b/src/crypto/asn1/a_d2i_fp.c index 6022c74..97ec75b 100644 --- a/src/crypto/asn1/a_d2i_fp.c +++ b/src/crypto/asn1/a_d2i_fp.c @@ -75,7 +75,7 @@ void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_d2i_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB); return(NULL); } BIO_set_fp(b,in,BIO_NOCLOSE); @@ -129,7 +129,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_d2i_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB); return(NULL); } BIO_set_fp(b,in,BIO_NOCLOSE); @@ -154,7 +154,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) b=BUF_MEM_new(); if (b == NULL) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return -1; } @@ -167,20 +167,20 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } i=BIO_read(in,&(b->data[len]),want); if ((i < 0) && ((len-off) == 0)) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_NOT_ENOUGH_DATA); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA); goto err; } if (i > 0) { if (len+i < len) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_TOO_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG); goto err; } len+=i; @@ -211,7 +211,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) eos++; if (eos < 0) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_HEADER_TOO_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG); goto err; } want=HEADER_SIZE; @@ -235,12 +235,12 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (want > INT_MAX /* BIO_read takes an int length */ || len+want < len) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_TOO_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG); goto err; } if (!BUF_MEM_grow_clean(b,len+want)) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } while (want > 0) @@ -248,7 +248,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) i=BIO_read(in,&(b->data[len]),want); if (i <= 0) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_NOT_ENOUGH_DATA); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA); goto err; } /* This can't overflow because @@ -259,7 +259,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) } if (off + c.slen < off) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_TOO_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG); goto err; } off+=c.slen; @@ -274,7 +274,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (off > INT_MAX) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_TOO_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG); goto err; } diff --git a/src/crypto/asn1/a_dup.c b/src/crypto/asn1/a_dup.c index 8ec1c5f..5e87457 100644 --- a/src/crypto/asn1/a_dup.c +++ b/src/crypto/asn1/a_dup.c @@ -72,7 +72,7 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) i=i2d(x,NULL); b=OPENSSL_malloc(i+10); if (b == NULL) - { OPENSSL_PUT_ERROR(ASN1, ASN1_dup, ERR_R_MALLOC_FAILURE); return(NULL); } + { OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return(NULL); } p= b; i=i2d(x,&p); p2= b; @@ -95,7 +95,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x) i=ASN1_item_i2d(x,&b,it); if (b == NULL) - { OPENSSL_PUT_ERROR(ASN1, ASN1_item_dup, ERR_R_MALLOC_FAILURE); return(NULL); } + { OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return(NULL); } p= b; ret=ASN1_item_d2i(NULL,&p,i, it); OPENSSL_free(b); diff --git a/src/crypto/asn1/a_enum.c b/src/crypto/asn1/a_enum.c index a581a34..579dafd 100644 --- a/src/crypto/asn1/a_enum.c +++ b/src/crypto/asn1/a_enum.c @@ -84,7 +84,7 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) } if (a->data == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_ENUMERATED_set, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return(0); } d=v; @@ -147,7 +147,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) ret=ai; if (ret == NULL) { - OPENSSL_PUT_ERROR(ASN1, BN_to_ASN1_ENUMERATED, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; @@ -159,7 +159,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); if (!new_data) { - OPENSSL_PUT_ERROR(ASN1, BN_to_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } ret->data=new_data; @@ -177,7 +177,7 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) BIGNUM *ret; if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) - OPENSSL_PUT_ERROR(ASN1, ASN1_ENUMERATED_to_BN, ASN1_R_BN_LIB); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BN_LIB); else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1); return(ret); } diff --git a/src/crypto/asn1/a_gentm.c b/src/crypto/asn1/a_gentm.c index be093a4..7cb18a9 100644 --- a/src/crypto/asn1/a_gentm.c +++ b/src/crypto/asn1/a_gentm.c @@ -239,7 +239,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, p=OPENSSL_malloc(len); if (p == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_GENERALIZEDTIME_adj, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return(NULL); } if (s->data != NULL) diff --git a/src/crypto/asn1/a_i2d_fp.c b/src/crypto/asn1/a_i2d_fp.c index 11e40d3..74ded78 100644 --- a/src/crypto/asn1/a_i2d_fp.c +++ b/src/crypto/asn1/a_i2d_fp.c @@ -67,7 +67,7 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_i2d_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,out,BIO_NOCLOSE); @@ -76,7 +76,7 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) return(ret); } -int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, void *x) { char *b; unsigned char *p; @@ -86,7 +86,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) b=(char *)OPENSSL_malloc(n); if (b == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_i2d_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return(0); } @@ -116,7 +116,7 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_i2d_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,out,BIO_NOCLOSE); @@ -133,7 +133,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) n = ASN1_item_i2d(x, &b, it); if (b == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_i2d_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return(0); } diff --git a/src/crypto/asn1/a_int.c b/src/crypto/asn1/a_int.c index 2ecccc5..9a56534 100644 --- a/src/crypto/asn1/a_int.c +++ b/src/crypto/asn1/a_int.c @@ -257,7 +257,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, *pp=pend; return(ret); err: - OPENSSL_PUT_ERROR(ASN1, c2i_ASN1_INTEGER, i); + OPENSSL_PUT_ERROR(ASN1, i); if ((ret != NULL) && ((a == NULL) || (*a != ret))) M_ASN1_INTEGER_free(ret); return(NULL); @@ -327,7 +327,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, *pp=p; return(ret); err: - OPENSSL_PUT_ERROR(ASN1, d2i_ASN1_UINTEGER, i); + OPENSSL_PUT_ERROR(ASN1, i); if ((ret != NULL) && ((a == NULL) || (*a != ret))) M_ASN1_INTEGER_free(ret); return(NULL); @@ -350,7 +350,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) } if (a->data == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_INTEGER_set, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return(0); } d=v; @@ -413,7 +413,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) ret=ai; if (ret == NULL) { - OPENSSL_PUT_ERROR(ASN1, BN_to_ASN1_INTEGER, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } if (BN_is_negative(bn) && !BN_is_zero(bn)) @@ -426,7 +426,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); if (!new_data) { - OPENSSL_PUT_ERROR(ASN1, BN_to_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } ret->data=new_data; @@ -449,7 +449,7 @@ BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) BIGNUM *ret; if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) - OPENSSL_PUT_ERROR(ASN1, ASN1_INTEGER_to_BN, ASN1_R_BN_LIB); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BN_LIB); else if(ai->type == V_ASN1_NEG_INTEGER) BN_set_negative(ret, 1); return(ret); diff --git a/src/crypto/asn1/a_mbstr.c b/src/crypto/asn1/a_mbstr.c index 9abe659..42806d1 100644 --- a/src/crypto/asn1/a_mbstr.c +++ b/src/crypto/asn1/a_mbstr.c @@ -108,7 +108,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, case MBSTRING_BMP: if(len & 1) { - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ASN1_R_INVALID_BMPSTRING_LENGTH); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH); return -1; } nchar = len >> 1; @@ -116,7 +116,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, case MBSTRING_UNIV: if(len & 3) { - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); return -1; } nchar = len >> 2; @@ -127,7 +127,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, /* This counts the characters and does utf8 syntax checking */ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); if(ret < 0) { - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ASN1_R_INVALID_UTF8STRING); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UTF8STRING); return -1; } break; @@ -137,19 +137,19 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, break; default: - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ASN1_R_UNKNOWN_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); return -1; } if((minsize > 0) && (nchar < minsize)) { - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ASN1_R_STRING_TOO_SHORT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT); BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if((maxsize > 0) && (nchar > maxsize)) { - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ASN1_R_STRING_TOO_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_LONG); BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; @@ -157,7 +157,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, /* Now work out minimal type (if any) */ if(traverse_string(in, len, inform, type_str, &mask) < 0) { - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ASN1_R_ILLEGAL_CHARACTERS); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_CHARACTERS); return -1; } @@ -191,7 +191,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, free_out = 1; dest = ASN1_STRING_type_new(str_type); if(!dest) { - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return -1; } *out = dest; @@ -199,7 +199,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, /* If both the same type just copy across */ if(inform == outform) { if(!ASN1_STRING_set(dest, in, len)) { - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return -1; } return str_type; @@ -230,7 +230,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, } if(!(p = OPENSSL_malloc(outlen + 1))) { if(free_out) ASN1_STRING_free(dest); - OPENSSL_PUT_ERROR(ASN1, ASN1_mbstring_ncopy, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return -1; } dest->length = outlen; diff --git a/src/crypto/asn1/a_object.c b/src/crypto/asn1/a_object.c index 189886c..6ddfca9 100644 --- a/src/crypto/asn1/a_object.c +++ b/src/crypto/asn1/a_object.c @@ -106,13 +106,13 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) } else { - OPENSSL_PUT_ERROR(ASN1, a2d_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_FIRST_NUM_TOO_LARGE); goto err; } if (num <= 0) { - OPENSSL_PUT_ERROR(ASN1, a2d_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_SECOND_NUMBER); goto err; } c= *(p++); @@ -122,7 +122,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) if (num <= 0) break; if ((c != '.') && (c != ' ')) { - OPENSSL_PUT_ERROR(ASN1, a2d_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_SEPARATOR); goto err; } l=0; @@ -136,7 +136,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) break; if ((c < '0') || (c > '9')) { - OPENSSL_PUT_ERROR(ASN1, a2d_ASN1_OBJECT, ASN1_R_INVALID_DIGIT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_DIGIT); goto err; } if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) @@ -160,7 +160,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) { if ((first < 2) && (l >= 40)) { - OPENSSL_PUT_ERROR(ASN1, a2d_ASN1_OBJECT, ASN1_R_SECOND_NUMBER_TOO_LARGE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_SECOND_NUMBER_TOO_LARGE); goto err; } if (use_bn) @@ -204,7 +204,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) { if (len+i > olen) { - OPENSSL_PUT_ERROR(ASN1, a2d_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BUFFER_TOO_SMALL); goto err; } while (--i > 0) @@ -280,7 +280,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, if(ret) *pp = p; return ret; err: - OPENSSL_PUT_ERROR(ASN1, d2i_ASN1_OBJECT, i); + OPENSSL_PUT_ERROR(ASN1, i); return(NULL); } @@ -300,7 +300,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || p[len - 1] & 0x80) { - OPENSSL_PUT_ERROR(ASN1, c2i_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_OBJECT_ENCODING); return NULL; } /* Now 0 < len <= INT_MAX, so the cast is safe. */ @@ -309,7 +309,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { - OPENSSL_PUT_ERROR(ASN1, c2i_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_OBJECT_ENCODING); return NULL; } } @@ -350,7 +350,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, *pp=p; return(ret); err: - OPENSSL_PUT_ERROR(ASN1, c2i_ASN1_OBJECT, i); + OPENSSL_PUT_ERROR(ASN1, i); if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_OBJECT_free(ret); return(NULL); @@ -363,7 +363,7 @@ ASN1_OBJECT *ASN1_OBJECT_new(void) ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); if (ret == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_OBJECT_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return(NULL); } ret->length=0; diff --git a/src/crypto/asn1/a_strnid.c b/src/crypto/asn1/a_strnid.c index df849e1..d4316f7 100644 --- a/src/crypto/asn1/a_strnid.c +++ b/src/crypto/asn1/a_strnid.c @@ -215,13 +215,13 @@ int ASN1_STRING_TABLE_add(int nid, flags &= ~STABLE_FLAGS_MALLOC; if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); if(!stable) { - OPENSSL_PUT_ERROR(ASN1, ASN1_STRING_TABLE_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return 0; } if(!(tmp = ASN1_STRING_TABLE_get(nid))) { tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); if(!tmp) { - OPENSSL_PUT_ERROR(ASN1, ASN1_STRING_TABLE_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return 0; } tmp->flags = flags | STABLE_FLAGS_MALLOC; diff --git a/src/crypto/asn1/a_time.c b/src/crypto/asn1/a_time.c index e02e858..ac2cb48 100644 --- a/src/crypto/asn1/a_time.c +++ b/src/crypto/asn1/a_time.c @@ -85,7 +85,7 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, a->type ,V_ASN1_UNIVERSAL)); - OPENSSL_PUT_ERROR(ASN1, XXX, ASN1_R_EXPECTING_A_TIME); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPECTING_A_TIME); return -1; } #endif @@ -105,7 +105,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, ts=OPENSSL_gmtime(&t,&data); if (ts == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_TIME_adj, ASN1_R_ERROR_GETTING_TIME); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ERROR_GETTING_TIME); return NULL; } if (offset_day || offset_sec) diff --git a/src/crypto/asn1/a_utctm.c b/src/crypto/asn1/a_utctm.c index 52b010f..dbbbecb 100644 --- a/src/crypto/asn1/a_utctm.c +++ b/src/crypto/asn1/a_utctm.c @@ -81,12 +81,12 @@ ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); if (ret == NULL) { - OPENSSL_PUT_ERROR(ASN1, XXX, ERR_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ERR_R_NESTED_ASN1_ERROR); return(NULL); } if (!ASN1_UTCTIME_check(ret)) { - OPENSSL_PUT_ERROR(ASN1, XXX, ASN1_R_INVALID_TIME_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_TIME_FORMAT); goto err; } @@ -257,7 +257,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, p=OPENSSL_malloc(len); if (p == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_UTCTIME_adj, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } if (s->data != NULL) diff --git a/src/crypto/asn1/asn1_lib.c b/src/crypto/asn1/asn1_lib.c index 9aa2678..a109749 100644 --- a/src/crypto/asn1/asn1_lib.c +++ b/src/crypto/asn1/asn1_lib.c @@ -69,17 +69,10 @@ OPENSSL_DECLARE_ERROR_REASON(ASN1, MALLOC_FAILURE); /* Cross-module errors from crypto/x509/i2d_pr.c */ -OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, i2d_PrivateKey); OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE); /* Cross-module errors from crypto/x509/asn1_gen.c. * TODO(davidben): Remove these once asn1_gen.c is gone. */ -OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, ASN1_generate_v3); -OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, asn1_cb); -OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, parse_tagging); -OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, append_exp); -OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, asn1_str2type); -OPENSSL_DECLARE_ERROR_FUNCTION(ASN1, bitstr_cb); OPENSSL_DECLARE_ERROR_REASON(ASN1, DEPTH_EXCEEDED); OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BITSTRING_FORMAT); OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BOOLEAN); @@ -183,7 +176,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, #endif if (*plength > (omax - (p - *pp))) { - OPENSSL_PUT_ERROR(ASN1, ASN1_get_object, ASN1_R_TOO_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; @@ -191,7 +184,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, *pp=p; return(ret|inf); err: - OPENSSL_PUT_ERROR(ASN1, ASN1_get_object, ASN1_R_HEADER_TOO_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG); return(0x80); } @@ -433,7 +426,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) if (str->data == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_STRING_set, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); str->data=c; return(0); } @@ -469,7 +462,7 @@ ASN1_STRING *ASN1_STRING_type_new(int type) ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING)); if (ret == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_STRING_type_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return(NULL); } ret->length=0; diff --git a/src/crypto/asn1/asn_pack.c b/src/crypto/asn1/asn_pack.c index ee58fa5..e842a10 100644 --- a/src/crypto/asn1/asn_pack.c +++ b/src/crypto/asn1/asn_pack.c @@ -68,7 +68,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) if (!oct || !*oct) { if (!(octmp = ASN1_STRING_new ())) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_pack, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return NULL; } if (oct) *oct = octmp; @@ -80,11 +80,11 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) } if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_pack, ASN1_R_ENCODE_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ENCODE_ERROR); return NULL; } if (!octmp->data) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_pack, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return NULL; } return octmp; @@ -99,6 +99,6 @@ void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) p = oct->data; if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) - OPENSSL_PUT_ERROR(ASN1, ASN1_item_unpack, ASN1_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR); return ret; } diff --git a/src/crypto/asn1/bio_ndef.c b/src/crypto/asn1/bio_ndef.c index 2f7105d..f07d3de 100644 --- a/src/crypto/asn1/bio_ndef.c +++ b/src/crypto/asn1/bio_ndef.c @@ -112,7 +112,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) if (!aux || !aux->asn1_cb) { - OPENSSL_PUT_ERROR(ASN1, BIO_new_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_STREAMING_NOT_SUPPORTED); return NULL; } ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT)); diff --git a/src/crypto/asn1/f_enum.c b/src/crypto/asn1/f_enum.c index 530afe5..bcdb773 100644 --- a/src/crypto/asn1/f_enum.c +++ b/src/crypto/asn1/f_enum.c @@ -144,7 +144,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) i-=again; if (i%2 != 0) { - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ODD_NUMBER_OF_CHARS); goto err; } i/=2; @@ -158,7 +158,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) (unsigned int)num+i*2); if (sp == NULL) { - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } s=sp; @@ -177,7 +177,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) m=m-'A'+10; else { - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_ENUMERATED, ASN1_R_NON_HEX_CHARACTERS); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NON_HEX_CHARACTERS); goto err; } s[num+j]<<=4; @@ -197,7 +197,7 @@ err: if (0) { err_sl: - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_ENUMERATED, ASN1_R_SHORT_LINE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_SHORT_LINE); } if (s != NULL) OPENSSL_free(s); diff --git a/src/crypto/asn1/f_int.c b/src/crypto/asn1/f_int.c index 2c4fe6f..5186304 100644 --- a/src/crypto/asn1/f_int.c +++ b/src/crypto/asn1/f_int.c @@ -149,7 +149,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) i-=again; if (i%2 != 0) { - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ODD_NUMBER_OF_CHARS); goto err; } i/=2; @@ -162,7 +162,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) sp=OPENSSL_realloc_clean(s,slen,num+i*2); if (sp == NULL) { - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } s=sp; @@ -181,7 +181,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) m=m-'A'+10; else { - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_INTEGER, ASN1_R_NON_HEX_CHARACTERS); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NON_HEX_CHARACTERS); goto err; } s[num+j]<<=4; @@ -201,7 +201,7 @@ err: if (0) { err_sl: - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_INTEGER, ASN1_R_SHORT_LINE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_SHORT_LINE); } if (s != NULL) OPENSSL_free(s); diff --git a/src/crypto/asn1/f_string.c b/src/crypto/asn1/f_string.c index 2f53670..5a7fe36 100644 --- a/src/crypto/asn1/f_string.c +++ b/src/crypto/asn1/f_string.c @@ -142,7 +142,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) i-=again; if (i%2 != 0) { - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ODD_NUMBER_OF_CHARS); goto err; } i/=2; @@ -156,7 +156,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) (unsigned int)num+i*2); if (sp == NULL) { - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_STRING, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } s=sp; @@ -175,7 +175,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) m=m-'A'+10; else { - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_STRING, ASN1_R_NON_HEX_CHARACTERS); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NON_HEX_CHARACTERS); goto err; } s[num+j]<<=4; @@ -195,7 +195,7 @@ err: if (0) { err_sl: - OPENSSL_PUT_ERROR(ASN1, a2i_ASN1_STRING, ASN1_R_SHORT_LINE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_SHORT_LINE); } if (s != NULL) OPENSSL_free(s); diff --git a/src/crypto/asn1/tasn_dec.c b/src/crypto/asn1/tasn_dec.c index 73d3bb3..507a842 100644 --- a/src/crypto/asn1/tasn_dec.c +++ b/src/crypto/asn1/tasn_dec.c @@ -189,7 +189,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, */ if ((tag != -1) || opt) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); goto err; } return asn1_template_ex_d2i(pval, in, len, @@ -206,7 +206,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, &p, len, -1, 0, 1, ctx); if (!ret) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } @@ -215,7 +215,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, { /* If OPTIONAL, assume this is OK */ if (opt) return -1; - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_MSTRING_NOT_UNIVERSAL); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL); goto err; } /* Check tag matches bit map */ @@ -224,7 +224,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, /* If OPTIONAL, assume this is OK */ if (opt) return -1; - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_MSTRING_WRONG_TAG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MSTRING_WRONG_TAG); goto err; } return asn1_d2i_ex_primitive(pval, in, len, @@ -255,7 +255,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, &p, len, exptag, aclass, 1, ctx); if (!ret) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } if (ret == -1) @@ -283,7 +283,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, imphack = *wp; if (p == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) @@ -298,7 +298,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, if (ptmpval) return 1; - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; @@ -320,7 +320,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, } else if (!ASN1_item_ex_new(pval, it)) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } /* CHOICE type, try each possibility in turn */ @@ -340,7 +340,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, break; /* Otherwise must be an ASN1 parsing error */ errtt = tt; - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } @@ -354,7 +354,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, ASN1_item_ex_free(pval, it); return -1; } - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NO_MATCHING_CHOICE_TYPE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE); goto err; } @@ -380,7 +380,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, &p, len, tag, aclass, opt, ctx); if (!ret) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } else if (ret == -1) @@ -394,13 +394,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, else seq_nolen = seq_eoc; if (!cst) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); goto err; } if (!*pval && !ASN1_item_ex_new(pval, it)) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } @@ -437,7 +437,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, { if (!seq_eoc) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_UNEXPECTED_EOC); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC); goto err; } len -= p - q; @@ -479,13 +479,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, /* Check for EOC if expecting one */ if (seq_eoc && !asn1_check_eoc(&p, len)) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_MISSING_EOC); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC); goto err; } /* Check all data read */ if (!seq_nolen && len) { - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_SEQUENCE_LENGTH_MISMATCH); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_LENGTH_MISMATCH); goto err; } @@ -508,7 +508,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, else { errtt = seqtt; - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_FIELD_MISSING); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_FIELD_MISSING); goto err; } } @@ -524,7 +524,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, return 0; } auxerr: - OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_AUX_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR); err: ASN1_item_ex_free(pval, it); if (errtt) @@ -569,21 +569,21 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, q = p; if (!ret) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); return 0; } else if (ret == -1) return -1; if (!cst) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); return 0; } /* We've found the field so it can't be OPTIONAL now */ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); if (!ret) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); return 0; } /* We read the field in OK so update length */ @@ -593,7 +593,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, /* If NDEF we must have an EOC here */ if (!asn1_check_eoc(&p, len)) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_MISSING_EOC); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC); goto err; } } @@ -603,7 +603,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, * an error */ if (len) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_EXPLICIT_LENGTH_MISMATCH); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH); goto err; } } @@ -659,7 +659,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, &p, len, sktag, skaclass, opt, ctx); if (!ret) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); return 0; } else if (ret == -1) @@ -682,7 +682,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, if (!*val) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } @@ -696,7 +696,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, { if (!sk_eoc) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_UNEXPECTED_EOC); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC); goto err; } len -= p - q; @@ -708,20 +708,20 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } len -= p - q; if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } } if (sk_eoc) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_MISSING_EOC); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC); goto err; } } @@ -732,7 +732,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx); if (!ret) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } else if (ret == -1) @@ -745,7 +745,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, -1, 0, opt, ctx); if (!ret) { - OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; } else if (ret == -1) @@ -775,7 +775,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, long len; if (!pval) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_ILLEGAL_NULL); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL); return 0; /* Should never happen */ } @@ -793,12 +793,12 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char oclass; if (tag >= 0) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_ILLEGAL_TAGGED_ANY); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TAGGED_ANY); return 0; } if (opt) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_ILLEGAL_OPTIONAL_ANY); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OPTIONAL_ANY); return 0; } p = *in; @@ -806,7 +806,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, &p, inlen, -1, 0, 0, ctx); if (!ret) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); return 0; } if (oclass != V_ASN1_UNIVERSAL) @@ -823,7 +823,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, &p, inlen, tag, aclass, opt, ctx); if (!ret) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); return 0; } else if (ret == -1) @@ -843,7 +843,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, /* SEQUENCE and SET must be constructed */ else if (!cst) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_TYPE_NOT_CONSTRUCTED); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_CONSTRUCTED); return 0; } @@ -869,8 +869,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, || utype == V_ASN1_ENUMERATED) { /* These types only have primitive encodings. */ - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, - ASN1_R_TYPE_NOT_PRIMITIVE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_PRIMITIVE); return 0; } @@ -892,7 +891,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, /* Append a final null to string */ if (!BUF_MEM_grow_clean(&buf, len + 1)) { - OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return 0; } buf.data[len] = 0; @@ -960,7 +959,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, case V_ASN1_NULL: if (len) { - OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ASN1_R_NULL_IS_WRONG_LENGTH); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NULL_IS_WRONG_LENGTH); goto err; } *pval = (ASN1_VALUE *)1; @@ -969,7 +968,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, case V_ASN1_BOOLEAN: if (len != 1) { - OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); goto err; } else @@ -1016,12 +1015,12 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, default: if (utype == V_ASN1_BMPSTRING && (len & 1)) { - OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ASN1_R_BMPSTRING_IS_WRONG_LENGTH); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BMPSTRING_IS_WRONG_LENGTH); goto err; } if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) { - OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); goto err; } /* All based on ASN1_STRING and handled the same */ @@ -1030,7 +1029,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, stmp = ASN1_STRING_type_new(utype); if (!stmp) { - OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto err; } *pval = (ASN1_VALUE *)stmp; @@ -1053,7 +1052,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, { if (!ASN1_STRING_set(stmp, cont, len)) { - OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); ASN1_STRING_free(stmp); *pval = NULL; goto err; @@ -1115,7 +1114,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, -1, 0, 0, NULL)) { - OPENSSL_PUT_ERROR(ASN1, asn1_find_end, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); return 0; } if (inf) @@ -1126,7 +1125,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) } if (expected_eoc) { - OPENSSL_PUT_ERROR(ASN1, asn1_find_end, ASN1_R_MISSING_EOC); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC); return 0; } *in = p; @@ -1173,7 +1172,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, * constructed form */ if (!inf) { - OPENSSL_PUT_ERROR(ASN1, asn1_collect, ASN1_R_UNEXPECTED_EOC); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC); return 0; } inf = 0; @@ -1183,7 +1182,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) { - OPENSSL_PUT_ERROR(ASN1, asn1_collect, ASN1_R_NESTED_ASN1_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); return 0; } @@ -1192,7 +1191,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, { if (depth >= ASN1_MAX_STRING_NEST) { - OPENSSL_PUT_ERROR(ASN1, asn1_collect, ASN1_R_NESTED_ASN1_STRING); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_STRING); return 0; } if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, @@ -1205,7 +1204,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, } if (inf) { - OPENSSL_PUT_ERROR(ASN1, asn1_collect, ASN1_R_MISSING_EOC); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC); return 0; } *in = p; @@ -1220,7 +1219,7 @@ static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) len = buf->length; if (!BUF_MEM_grow_clean(buf, len + plen)) { - OPENSSL_PUT_ERROR(ASN1, collect_data, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return 0; } memcpy(buf->data + len, *p, plen); @@ -1288,7 +1287,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, */ if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { - OPENSSL_PUT_ERROR(ASN1, asn1_check_tlen, ASN1_R_TOO_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG); asn1_tlc_clear(ctx); return 0; } @@ -1297,7 +1296,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, if (i & 0x80) { - OPENSSL_PUT_ERROR(ASN1, asn1_check_tlen, ASN1_R_BAD_OBJECT_HEADER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_OBJECT_HEADER); asn1_tlc_clear(ctx); return 0; } @@ -1310,7 +1309,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, */ if (opt) return -1; asn1_tlc_clear(ctx); - OPENSSL_PUT_ERROR(ASN1, asn1_check_tlen, ASN1_R_WRONG_TAG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TAG); return 0; } /* We have a tag and class match: diff --git a/src/crypto/asn1/tasn_new.c b/src/crypto/asn1/tasn_new.c index 6d69dcb..c68fe06 100644 --- a/src/crypto/asn1/tasn_new.c +++ b/src/crypto/asn1/tasn_new.c @@ -209,7 +209,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, return 1; memerr: - OPENSSL_PUT_ERROR(ASN1, asn1_item_ex_combine_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); ASN1_item_ex_free(pval, it); #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_pop_info(); @@ -217,7 +217,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, return 0; auxerr: - OPENSSL_PUT_ERROR(ASN1, asn1_item_ex_combine_new, ASN1_R_AUX_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR); ASN1_item_ex_free(pval, it); #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_pop_info(); @@ -289,7 +289,7 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) skval = sk_ASN1_VALUE_new_null(); if (!skval) { - OPENSSL_PUT_ERROR(ASN1, ASN1_template_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); ret = 0; goto done; } diff --git a/src/crypto/asn1/tasn_prn.c b/src/crypto/asn1/tasn_prn.c index df19ff0..6a097a1 100644 --- a/src/crypto/asn1/tasn_prn.c +++ b/src/crypto/asn1/tasn_prn.c @@ -88,7 +88,7 @@ ASN1_PCTX *ASN1_PCTX_new(void) ret = OPENSSL_malloc(sizeof(ASN1_PCTX)); if (ret == NULL) { - OPENSSL_PUT_ERROR(ASN1, ASN1_PCTX_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return NULL; } ret->flags = 0; diff --git a/src/crypto/asn1/tasn_utl.c b/src/crypto/asn1/tasn_utl.c index ff3764e..960cdbb 100644 --- a/src/crypto/asn1/tasn_utl.c +++ b/src/crypto/asn1/tasn_utl.c @@ -260,8 +260,7 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, err: /* FIXME: should log the value or OID of unsupported type */ if (nullerr) { - OPENSSL_PUT_ERROR(ASN1, asn1_do_adb, - ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); } return NULL; } diff --git a/src/crypto/asn1/x_long.c b/src/crypto/asn1/x_long.c index 5c2f96e..7b1a6fe 100644 --- a/src/crypto/asn1/x_long.c +++ b/src/crypto/asn1/x_long.c @@ -150,7 +150,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, unsigned long utmp = 0; char *cp = (char *)pval; if(len > (int)sizeof(long)) { - OPENSSL_PUT_ERROR(ASN1, long_c2i, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } /* Is it negative? */ @@ -168,7 +168,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, ltmp = -ltmp; } if(ltmp == it->size) { - OPENSSL_PUT_ERROR(ASN1, long_c2i, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } memcpy(cp, <mp, sizeof(long)); diff --git a/src/crypto/base64/CMakeLists.txt b/src/crypto/base64/CMakeLists.txt index 42037a5..f1dba6c 100644 --- a/src/crypto/base64/CMakeLists.txt +++ b/src/crypto/base64/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( base64 diff --git a/src/crypto/bio/CMakeLists.txt b/src/crypto/bio/CMakeLists.txt index dbf5951..8de090a 100644 --- a/src/crypto/bio/CMakeLists.txt +++ b/src/crypto/bio/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( bio diff --git a/src/crypto/bio/bio.c b/src/crypto/bio/bio.c index 5ac5911..4bc98ba 100644 --- a/src/crypto/bio/bio.c +++ b/src/crypto/bio/bio.c @@ -90,7 +90,7 @@ static int bio_set(BIO *bio, const BIO_METHOD *method) { BIO *BIO_new(const BIO_METHOD *method) { BIO *ret = OPENSSL_malloc(sizeof(BIO)); if (ret == NULL) { - OPENSSL_PUT_ERROR(BIO, BIO_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BIO, ERR_R_MALLOC_FAILURE); return NULL; } @@ -153,7 +153,7 @@ static int bio_io(BIO *bio, void *buf, int len, size_t method_offset, } if (io_func == NULL) { - OPENSSL_PUT_ERROR(BIO, bio_io, BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return -2; } @@ -165,7 +165,7 @@ static int bio_io(BIO *bio, void *buf, int len, size_t method_offset, } if (!bio->init) { - OPENSSL_PUT_ERROR(BIO, bio_io, BIO_R_UNINITIALIZED); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNINITIALIZED); return -2; } @@ -217,7 +217,7 @@ long BIO_ctrl(BIO *bio, int cmd, long larg, void *parg) { } if (bio->method == NULL || bio->method->ctrl == NULL) { - OPENSSL_PUT_ERROR(BIO, BIO_ctrl, BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return -2; } @@ -323,7 +323,7 @@ long BIO_callback_ctrl(BIO *bio, int cmd, bio_info_cb fp) { } if (bio->method == NULL || bio->method->callback_ctrl == NULL) { - OPENSSL_PUT_ERROR(BIO, BIO_callback_ctrl, BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return 0; } @@ -462,6 +462,10 @@ void BIO_print_errors(BIO *bio) { ERR_print_errors_cb(print_bio, bio); } +void ERR_print_errors(BIO *bio) { + BIO_print_errors(bio); +} + /* bio_read_all reads everything from |bio| and prepends |prefix| to it. On * success, |*out| is set to an allocated buffer (which should be freed with * |OPENSSL_free|), |*out_len| is set to its length and one is returned. The diff --git a/src/crypto/bio/bio_mem.c b/src/crypto/bio/bio_mem.c index f3aad6f..ef56111 100644 --- a/src/crypto/bio/bio_mem.c +++ b/src/crypto/bio/bio_mem.c @@ -70,7 +70,7 @@ BIO *BIO_new_mem_buf(void *buf, int len) { const size_t size = len < 0 ? strlen((char *)buf) : (size_t)len; if (!buf && len != 0) { - OPENSSL_PUT_ERROR(BIO, BIO_new_mem_buf, BIO_R_NULL_PARAMETER); + OPENSSL_PUT_ERROR(BIO, BIO_R_NULL_PARAMETER); return NULL; } @@ -167,7 +167,7 @@ static int mem_write(BIO *bio, const char *in, int inl) { b = (BUF_MEM *)bio->ptr; if (bio->flags & BIO_FLAGS_MEM_RDONLY) { - OPENSSL_PUT_ERROR(BIO, mem_write, BIO_R_WRITE_TO_READ_ONLY_BIO); + OPENSSL_PUT_ERROR(BIO, BIO_R_WRITE_TO_READ_ONLY_BIO); goto err; } diff --git a/src/crypto/bio/buffer.c b/src/crypto/bio/buffer.c index 3fc0685..9d0cb3c 100644 --- a/src/crypto/bio/buffer.c +++ b/src/crypto/bio/buffer.c @@ -406,7 +406,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) { return ret; malloc_error: - OPENSSL_PUT_ERROR(BIO, buffer_ctrl, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BIO, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/src/crypto/bio/connect.c b/src/crypto/bio/connect.c index 32361bf..2ed2def 100644 --- a/src/crypto/bio/connect.c +++ b/src/crypto/bio/connect.c @@ -142,7 +142,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { case BIO_CONN_S_BEFORE: p = c->param_hostname; if (p == NULL) { - OPENSSL_PUT_ERROR(BIO, conn_state, BIO_R_NO_HOSTNAME_SPECIFIED); + OPENSSL_PUT_ERROR(BIO, BIO_R_NO_HOSTNAME_SPECIFIED); goto exit_loop; } for (; *p != 0; p++) { @@ -167,7 +167,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { } if (c->param_port == NULL) { - OPENSSL_PUT_ERROR(BIO, conn_state, BIO_R_NO_PORT_SPECIFIED); + OPENSSL_PUT_ERROR(BIO, BIO_R_NO_PORT_SPECIFIED); ERR_add_error_data(2, "host=", c->param_hostname); goto exit_loop; } @@ -175,7 +175,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { if (!bio_ip_and_port_to_socket_and_addr( &bio->num, &c->them, &c->them_length, c->param_hostname, c->param_port)) { - OPENSSL_PUT_ERROR(BIO, conn_state, BIO_R_UNABLE_TO_CREATE_SOCKET); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNABLE_TO_CREATE_SOCKET); ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port); goto exit_loop; } @@ -185,7 +185,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { if (c->nbio) { if (!bio_socket_nbio(bio->num, 1)) { - OPENSSL_PUT_ERROR(BIO, conn_state, BIO_R_ERROR_SETTING_NBIO); + OPENSSL_PUT_ERROR(BIO, BIO_R_ERROR_SETTING_NBIO); ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port); goto exit_loop; @@ -197,7 +197,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { sizeof(i)); if (ret < 0) { OPENSSL_PUT_SYSTEM_ERROR(setsockopt); - OPENSSL_PUT_ERROR(BIO, conn_state, BIO_R_KEEPALIVE); + OPENSSL_PUT_ERROR(BIO, BIO_R_KEEPALIVE); ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port); goto exit_loop; } @@ -211,7 +211,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { bio->retry_reason = BIO_RR_CONNECT; } else { OPENSSL_PUT_SYSTEM_ERROR(connect); - OPENSSL_PUT_ERROR(BIO, conn_state, BIO_R_CONNECT_ERROR); + OPENSSL_PUT_ERROR(BIO, BIO_R_CONNECT_ERROR); ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port); } @@ -232,7 +232,7 @@ static int conn_state(BIO *bio, BIO_CONNECT *c) { } else { BIO_clear_retry_flags(bio); OPENSSL_PUT_SYSTEM_ERROR(connect); - OPENSSL_PUT_ERROR(BIO, conn_state, BIO_R_NBIO_CONNECT_ERROR); + OPENSSL_PUT_ERROR(BIO, BIO_R_NBIO_CONNECT_ERROR); ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port); ret = 0; } @@ -464,7 +464,7 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) { break; case BIO_CTRL_SET_CALLBACK: { #if 0 /* FIXME: Should this be used? -- Richard Levitte */ - OPENSSL_PUT_ERROR(BIO, XXX, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(BIO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ret = -1; #else ret = 0; diff --git a/src/crypto/bio/file.c b/src/crypto/bio/file.c index 7f57aad..2d3ccfe 100644 --- a/src/crypto/bio/file.c +++ b/src/crypto/bio/file.c @@ -88,7 +88,7 @@ #define BIO_FP_APPEND 0x08 static FILE *open_file(const char *filename, const char *mode) { -#if defined(_WIN32) && defined(CP_UTF8) +#if defined(OPENSSL_WINDOWS) && defined(CP_UTF8) int sz, len_0 = (int)strlen(filename) + 1; DWORD flags; @@ -133,9 +133,9 @@ BIO *BIO_new_file(const char *filename, const char *mode) { ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); if (errno == ENOENT) { - OPENSSL_PUT_ERROR(BIO, BIO_new_file, BIO_R_NO_SUCH_FILE); + OPENSSL_PUT_ERROR(BIO, BIO_R_NO_SUCH_FILE); } else { - OPENSSL_PUT_ERROR(BIO, BIO_new_file, BIO_R_SYS_LIB); + OPENSSL_PUT_ERROR(BIO, BIO_R_SYS_LIB); } return NULL; } @@ -182,20 +182,19 @@ static int file_free(BIO *bio) { } static int file_read(BIO *b, char *out, int outl) { - int ret = 0; - if (!b->init) { return 0; } - ret = fread(out, 1, outl, (FILE *)b->ptr); + size_t ret = fread(out, 1, outl, (FILE *)b->ptr); if (ret == 0 && ferror((FILE *)b->ptr)) { OPENSSL_PUT_SYSTEM_ERROR(fread); - OPENSSL_PUT_ERROR(BIO, file_read, ERR_R_SYS_LIB); - ret = -1; + OPENSSL_PUT_ERROR(BIO, ERR_R_SYS_LIB); + return -1; } - return ret; + /* fread reads at most |outl| bytes, so |ret| fits in an int. */ + return (int)ret; } static int file_write(BIO *b, const char *in, int inl) { @@ -253,7 +252,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) { } else if (num & BIO_FP_READ) { BUF_strlcpy(p, "r", sizeof(p)); } else { - OPENSSL_PUT_ERROR(BIO, file_ctrl, BIO_R_BAD_FOPEN_MODE); + OPENSSL_PUT_ERROR(BIO, BIO_R_BAD_FOPEN_MODE); ret = 0; break; } @@ -261,7 +260,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) { if (fp == NULL) { OPENSSL_PUT_SYSTEM_ERROR(fopen); ERR_add_error_data(5, "fopen('", ptr, "','", p, "')"); - OPENSSL_PUT_ERROR(BIO, file_ctrl, ERR_R_SYS_LIB); + OPENSSL_PUT_ERROR(BIO, ERR_R_SYS_LIB); ret = 0; break; } diff --git a/src/crypto/bio/pair.c b/src/crypto/bio/pair.c index cc55950..6f78890 100644 --- a/src/crypto/bio/pair.c +++ b/src/crypto/bio/pair.c @@ -181,27 +181,25 @@ int BIO_zero_copy_get_read_buf(BIO* bio, uint8_t** out_read_buf, BIO_clear_retry_flags(bio); if (!bio->init) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_read_buf, BIO_R_UNINITIALIZED); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNINITIALIZED); return 0; } b = bio->ptr; if (!b || !b->peer) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_read_buf, - BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return 0; } peer_b = b->peer->ptr; if (!peer_b || !peer_b->peer || peer_b->peer->ptr != b) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_read_buf, - BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return 0; } if (peer_b->zero_copy_read_lock) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_read_buf, BIO_R_INVALID_ARGUMENT); + OPENSSL_PUT_ERROR(BIO, BIO_R_INVALID_ARGUMENT); return 0; } @@ -229,37 +227,32 @@ int BIO_zero_copy_get_read_buf_done(BIO* bio, size_t bytes_read) { assert(BIO_get_retry_flags(bio) == 0); if (!bio->init) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_read_buf_done, - BIO_R_UNINITIALIZED); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNINITIALIZED); return 0; } b = bio->ptr; if (!b || !b->peer) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_read_buf_done, - BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return 0; } peer_b = b->peer->ptr; if (!peer_b || !peer_b->peer || peer_b->peer->ptr != b) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_read_buf_done, - BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return 0; } if (!peer_b->zero_copy_read_lock) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_read_buf_done, - BIO_R_INVALID_ARGUMENT); + OPENSSL_PUT_ERROR(BIO, BIO_R_INVALID_ARGUMENT); return 0; } max_available = bio_zero_copy_get_read_buf(peer_b, &dummy_read_buf, &dummy_read_offset); if (bytes_read > max_available) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_read_buf_done, - BIO_R_INVALID_ARGUMENT); + OPENSSL_PUT_ERROR(BIO, BIO_R_INVALID_ARGUMENT); return 0; } @@ -318,35 +311,33 @@ int BIO_zero_copy_get_write_buf(BIO* bio, uint8_t** out_write_buf, BIO_clear_retry_flags(bio); if (!bio->init) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf, BIO_R_UNINITIALIZED); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNINITIALIZED); return 0; } b = bio->ptr; if (!b || !b->buf || !b->peer) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf, - BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return 0; } peer_b = b->peer->ptr; if (!peer_b || !peer_b->peer || peer_b->peer->ptr != b) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf, - BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return 0; } assert(b->buf != NULL); if (b->zero_copy_write_lock) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf, BIO_R_INVALID_ARGUMENT); + OPENSSL_PUT_ERROR(BIO, BIO_R_INVALID_ARGUMENT); return 0; } b->request = 0; if (b->closed) { /* Bio is already closed. */ - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf, BIO_R_BROKEN_PIPE); + OPENSSL_PUT_ERROR(BIO, BIO_R_BROKEN_PIPE); return 0; } @@ -369,43 +360,38 @@ int BIO_zero_copy_get_write_buf_done(BIO* bio, size_t bytes_written) { uint8_t* dummy_write_buf; if (!bio->init) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf_done, - BIO_R_UNINITIALIZED); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNINITIALIZED); return 0; } b = bio->ptr; if (!b || !b->buf || !b->peer) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf_done, - BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return 0; } peer_b = b->peer->ptr; if (!peer_b || !peer_b->peer || peer_b->peer->ptr != b) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf_done, - BIO_R_UNSUPPORTED_METHOD); + OPENSSL_PUT_ERROR(BIO, BIO_R_UNSUPPORTED_METHOD); return 0; } b->request = 0; if (b->closed) { /* BIO is already closed. */ - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf_done, BIO_R_BROKEN_PIPE); + OPENSSL_PUT_ERROR(BIO, BIO_R_BROKEN_PIPE); return 0; } if (!b->zero_copy_write_lock) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf_done, - BIO_R_INVALID_ARGUMENT); + OPENSSL_PUT_ERROR(BIO, BIO_R_INVALID_ARGUMENT); return 0; } rest = bio_zero_copy_get_write_buf(b, &dummy_write_buf, &dummy_write_offset); if (bytes_written > rest) { - OPENSSL_PUT_ERROR(BIO, BIO_zero_copy_get_write_buf_done, - BIO_R_INVALID_ARGUMENT); + OPENSSL_PUT_ERROR(BIO, BIO_R_INVALID_ARGUMENT); return 0; } @@ -525,7 +511,7 @@ static int bio_write(BIO *bio, const char *buf, int num_) { b->request = 0; if (b->closed) { /* we already closed */ - OPENSSL_PUT_ERROR(BIO, bio_write, BIO_R_BROKEN_PIPE); + OPENSSL_PUT_ERROR(BIO, BIO_R_BROKEN_PIPE); return -1; } @@ -590,7 +576,7 @@ static int bio_make_pair(BIO* bio1, BIO* bio2, b2 = bio2->ptr; if (b1->peer != NULL || b2->peer != NULL) { - OPENSSL_PUT_ERROR(BIO, bio_make_pair, BIO_R_IN_USE); + OPENSSL_PUT_ERROR(BIO, BIO_R_IN_USE); return 0; } @@ -605,7 +591,7 @@ static int bio_make_pair(BIO* bio1, BIO* bio2, b1->buf_externally_allocated = 0; b1->buf = OPENSSL_malloc(b1->size); if (b1->buf == NULL) { - OPENSSL_PUT_ERROR(BIO, bio_make_pair, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BIO, ERR_R_MALLOC_FAILURE); return 0; } } else { @@ -624,7 +610,7 @@ static int bio_make_pair(BIO* bio1, BIO* bio2, b2->buf_externally_allocated = 0; b2->buf = OPENSSL_malloc(b2->size); if (b2->buf == NULL) { - OPENSSL_PUT_ERROR(BIO, bio_make_pair, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BIO, ERR_R_MALLOC_FAILURE); return 0; } } else { diff --git a/src/crypto/bio/printf.c b/src/crypto/bio/printf.c index f51b396..2f5ae4a 100644 --- a/src/crypto/bio/printf.c +++ b/src/crypto/bio/printf.c @@ -95,7 +95,7 @@ int BIO_printf(BIO *bio, const char *format, ...) { out = OPENSSL_malloc(requested_len + 1); out_malloced = 1; if (out == NULL) { - OPENSSL_PUT_ERROR(BIO, BIO_printf, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BIO, ERR_R_MALLOC_FAILURE); return -1; } va_start(args, format); diff --git a/src/crypto/bio/socket_helper.c b/src/crypto/bio/socket_helper.c index b1cdd1a..01f635e 100644 --- a/src/crypto/bio/socket_helper.c +++ b/src/crypto/bio/socket_helper.c @@ -12,7 +12,8 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define _POSIX_SOURCE +#undef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 200112L #include <openssl/bio.h> #include <openssl/err.h> @@ -50,7 +51,7 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock, ret = getaddrinfo(hostname, port_str, &hint, &result); if (ret != 0) { - OPENSSL_PUT_ERROR(SYS, getaddrinfo, 0); + OPENSSL_PUT_ERROR(SYS, 0); ERR_add_error_data(1, gai_strerror(ret)); return 0; } diff --git a/src/crypto/bn/CMakeLists.txt b/src/crypto/bn/CMakeLists.txt index 2e0cb45..232e40a 100644 --- a/src/crypto/bn/CMakeLists.txt +++ b/src/crypto/bn/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) if (${ARCH} STREQUAL "x86_64") set( @@ -39,6 +39,7 @@ add_library( add.c asm/x86_64-gcc.c bn.c + bn_asn1.c cmp.c convert.c ctx.c diff --git a/src/crypto/bn/add.c b/src/crypto/bn/add.c index 1c6b2d7..a043d83 100644 --- a/src/crypto/bn/add.c +++ b/src/crypto/bn/add.c @@ -267,7 +267,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) { if (dif < 0) /* hmm... should not be happening */ { - OPENSSL_PUT_ERROR(BN, BN_usub, BN_R_ARG2_LT_ARG3); + OPENSSL_PUT_ERROR(BN, BN_R_ARG2_LT_ARG3); return 0; } diff --git a/src/crypto/bn/asm/armv4-mont.pl b/src/crypto/bn/asm/armv4-mont.pl index 0f1b6a9..4206fd8 100644 --- a/src/crypto/bn/asm/armv4-mont.pl +++ b/src/crypto/bn/asm/armv4-mont.pl @@ -79,7 +79,7 @@ $_n0="$num,#14*4"; $_num="$num,#15*4"; $_bpend=$_num; $code=<<___; -#include "arm_arch.h" +#include <openssl/arm_arch.h> .text .code 32 diff --git a/src/crypto/bn/bn.c b/src/crypto/bn/bn.c index f32d6b0..b342749 100644 --- a/src/crypto/bn/bn.c +++ b/src/crypto/bn/bn.c @@ -69,7 +69,7 @@ BIGNUM *BN_new(void) { BIGNUM *bn = OPENSSL_malloc(sizeof(BIGNUM)); if (bn == NULL) { - OPENSSL_PUT_ERROR(BN, BN_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); return NULL; } @@ -279,26 +279,26 @@ void BN_set_negative(BIGNUM *bn, int sign) { } } -BIGNUM *bn_wexpand(BIGNUM *bn, unsigned words) { +BIGNUM *bn_wexpand(BIGNUM *bn, size_t words) { BN_ULONG *a; - if (words <= (unsigned) bn->dmax) { + if (words <= (size_t)bn->dmax) { return bn; } if (words > (INT_MAX / (4 * BN_BITS2))) { - OPENSSL_PUT_ERROR(BN, bn_wexpand, BN_R_BIGNUM_TOO_LONG); + OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); return NULL; } if (bn->flags & BN_FLG_STATIC_DATA) { - OPENSSL_PUT_ERROR(BN, bn_wexpand, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); + OPENSSL_PUT_ERROR(BN, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); return NULL; } a = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words); if (a == NULL) { - OPENSSL_PUT_ERROR(BN, bn_wexpand, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); return NULL; } @@ -306,12 +306,16 @@ BIGNUM *bn_wexpand(BIGNUM *bn, unsigned words) { OPENSSL_free(bn->d); bn->d = a; - bn->dmax = words; + bn->dmax = (int)words; return bn; } -BIGNUM *bn_expand(BIGNUM *bn, unsigned bits) { +BIGNUM *bn_expand(BIGNUM *bn, size_t bits) { + if (bits + BN_BITS2 - 1 < bits) { + OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); + return NULL; + } return bn_wexpand(bn, (bits+BN_BITS2-1)/BN_BITS2); } diff --git a/src/crypto/bn/bn_asn1.c b/src/crypto/bn/bn_asn1.c new file mode 100644 index 0000000..9d70ba8 --- /dev/null +++ b/src/crypto/bn/bn_asn1.c @@ -0,0 +1,93 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/bn.h> + +#include <openssl/bytestring.h> +#include <openssl/err.h> + + +int BN_cbs2unsigned(CBS *cbs, BIGNUM *ret) { + CBS child; + if (!CBS_get_asn1(cbs, &child, CBS_ASN1_INTEGER) || + CBS_len(&child) == 0) { + OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); + return 0; + } + + if (CBS_data(&child)[0] & 0x80) { + OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); + return 0; + } + + /* INTEGERs must be minimal. */ + if (CBS_data(&child)[0] == 0x00 && + CBS_len(&child) > 1 && + !(CBS_data(&child)[1] & 0x80)) { + OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); + return 0; + } + + return BN_bin2bn(CBS_data(&child), CBS_len(&child), ret) != NULL; +} + +int BN_cbs2unsigned_buggy(CBS *cbs, BIGNUM *ret) { + CBS child; + if (!CBS_get_asn1(cbs, &child, CBS_ASN1_INTEGER) || + CBS_len(&child) == 0) { + OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); + return 0; + } + + /* This function intentionally does not reject negative numbers or non-minimal + * encodings. Estonian IDs issued between September 2014 to September 2015 are + * broken. See https://crbug.com/532048 and https://crbug.com/534766. + * + * TODO(davidben): Remove this code and callers in March 2016. */ + return BN_bin2bn(CBS_data(&child), CBS_len(&child), ret) != NULL; +} + +int BN_bn2cbb(CBB *cbb, const BIGNUM *bn) { + /* Negative numbers are unsupported. */ + if (BN_is_negative(bn)) { + OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); + return 0; + } + + CBB child; + if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) { + OPENSSL_PUT_ERROR(BN, BN_R_ENCODE_ERROR); + return 0; + } + + /* The number must be padded with a leading zero if the high bit would + * otherwise be set (or |bn| is zero). */ + if (BN_num_bits(bn) % 8 == 0 && + !CBB_add_u8(&child, 0x00)) { + OPENSSL_PUT_ERROR(BN, BN_R_ENCODE_ERROR); + return 0; + } + + uint8_t *out; + if (!CBB_add_space(&child, &out, BN_num_bytes(bn))) { + OPENSSL_PUT_ERROR(BN, BN_R_ENCODE_ERROR); + return 0; + } + BN_bn2bin(bn, out); + if (!CBB_flush(cbb)) { + OPENSSL_PUT_ERROR(BN, BN_R_ENCODE_ERROR); + return 0; + } + return 1; +} diff --git a/src/crypto/bn/bn_test.cc b/src/crypto/bn/bn_test.cc index 6a7d48c..47093a7 100644 --- a/src/crypto/bn/bn_test.cc +++ b/src/crypto/bn/bn_test.cc @@ -82,6 +82,7 @@ #include <openssl/mem.h> #include "../crypto/test/scoped_types.h" +#include "../crypto/test/test_util.h" // This program tests the BIGNUM implementation. It takes an optional -bc @@ -117,11 +118,13 @@ static bool test_exp_mod_zero(void); static bool test_small_prime(FILE *fp, BN_CTX *ctx); static bool test_mod_exp_mont5(FILE *fp, BN_CTX *ctx); static bool test_sqrt(FILE *fp, BN_CTX *ctx); -static bool test_bn2bin_padded(FILE *fp, BN_CTX *ctx); -static bool test_dec2bn(FILE *fp, BN_CTX *ctx); -static bool test_hex2bn(FILE *fp, BN_CTX *ctx); -static bool test_asc2bn(FILE *fp, BN_CTX *ctx); +static bool test_bn2bin_padded(BN_CTX *ctx); +static bool test_dec2bn(BN_CTX *ctx); +static bool test_hex2bn(BN_CTX *ctx); +static bool test_asc2bn(BN_CTX *ctx); +static bool test_mpi(); static bool test_rand(); +static bool test_asn1(); static const uint8_t kSample[] = "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" @@ -311,35 +314,15 @@ int main(int argc, char *argv[]) { } flush_fp(bc_file.get()); - message(bc_file.get(), "BN_bn2bin_padded"); - if (!test_bn2bin_padded(bc_file.get(), ctx.get())) { + if (!test_bn2bin_padded(ctx.get()) || + !test_dec2bn(ctx.get()) || + !test_hex2bn(ctx.get()) || + !test_asc2bn(ctx.get()) || + !test_mpi() || + !test_rand() || + !test_asn1()) { return 1; } - flush_fp(bc_file.get()); - - message(bc_file.get(), "BN_dec2bn"); - if (!test_dec2bn(bc_file.get(), ctx.get())) { - return 1; - } - flush_fp(bc_file.get()); - - message(bc_file.get(), "BN_hex2bn"); - if (!test_hex2bn(bc_file.get(), ctx.get())) { - return 1; - } - flush_fp(bc_file.get()); - - message(bc_file.get(), "BN_asc2bn"); - if (!test_asc2bn(bc_file.get(), ctx.get())) { - return 1; - } - flush_fp(bc_file.get()); - - message(bc_file.get(), "BN_rand"); - if (!test_rand()) { - return 1; - } - flush_fp(bc_file.get()); printf("PASS\n"); return 0; @@ -440,6 +423,16 @@ static bool test_div(FILE *fp, BN_CTX *ctx) { return false; } + if (!BN_one(a.get())) { + return false; + } + BN_zero(b.get()); + if (BN_div(d.get(), c.get(), a.get(), b.get(), ctx)) { + fprintf(stderr, "Division by zero succeeded!\n"); + return false; + } + ERR_clear_error(); + for (int i = 0; i < num0 + num1; i++) { if (i < num1) { if (!BN_rand(a.get(), 400, 0, 0) || @@ -837,18 +830,17 @@ static bool test_div_word(FILE *fp) { } for (int i = 0; i < num0; i++) { - BN_ULONG s; do { if (!BN_rand(a.get(), 512, -1, 0) || !BN_rand(b.get(), BN_BITS2, -1, 0)) { return false; } - s = b->d[0]; - } while (!s); + } while (BN_is_zero(b.get())); if (!BN_copy(b.get(), a.get())) { return false; } + BN_ULONG s = b->d[0]; BN_ULONG r = BN_div_word(b.get(), s); if (r == (BN_ULONG)-1) { return false; @@ -891,8 +883,27 @@ static bool test_mont(FILE *fp, BN_CTX *ctx) { ScopedBIGNUM B(BN_new()); ScopedBIGNUM n(BN_new()); ScopedBN_MONT_CTX mont(BN_MONT_CTX_new()); - if (!a || !b || !c || !d || !A || !B || !n || !mont || - !BN_rand(a.get(), 100, 0, 0) || + if (!a || !b || !c || !d || !A || !B || !n || !mont) { + return false; + } + + BN_zero(n.get()); + if (BN_MONT_CTX_set(mont.get(), n.get(), ctx)) { + fprintf(stderr, "BN_MONT_CTX_set succeeded for zero modulus!\n"); + return false; + } + ERR_clear_error(); + + if (!BN_set_word(n.get(), 16)) { + return false; + } + if (BN_MONT_CTX_set(mont.get(), n.get(), ctx)) { + fprintf(stderr, "BN_MONT_CTX_set succeeded for even modulus!\n"); + return false; + } + ERR_clear_error(); + + if (!BN_rand(a.get(), 100, 0, 0) || !BN_rand(b.get(), 100, 0, 0)) { return false; } @@ -932,6 +943,7 @@ static bool test_mont(FILE *fp, BN_CTX *ctx) { return false; } } + return true; } @@ -985,6 +997,16 @@ static bool test_mod_mul(FILE *fp, BN_CTX *ctx) { return false; } + if (!BN_one(a.get()) || !BN_one(b.get())) { + return false; + } + BN_zero(c.get()); + if (BN_mod_mul(e.get(), a.get(), b.get(), c.get(), ctx)) { + fprintf(stderr, "BN_mod_mul with zero modulus succeeded!\n"); + return false; + } + ERR_clear_error(); + for (int j = 0; j < 3; j++) { if (!BN_rand(c.get(), 1024, 0, 0)) { return false; @@ -1039,8 +1061,21 @@ static bool test_mod_exp(FILE *fp, BN_CTX *ctx) { ScopedBIGNUM c(BN_new()); ScopedBIGNUM d(BN_new()); ScopedBIGNUM e(BN_new()); - if (!a || !b || !c || !d || !e || - !BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery + if (!a || !b || !c || !d || !e) { + return false; + } + + if (!BN_one(a.get()) || !BN_one(b.get())) { + return false; + } + BN_zero(c.get()); + if (BN_mod_exp(d.get(), a.get(), b.get(), c.get(), ctx)) { + fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n"); + return 0; + } + ERR_clear_error(); + + if (!BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery return false; } for (int i = 0; i < num2; i++) { @@ -1079,8 +1114,32 @@ static bool test_mod_exp_mont_consttime(FILE *fp, BN_CTX *ctx) { ScopedBIGNUM c(BN_new()); ScopedBIGNUM d(BN_new()); ScopedBIGNUM e(BN_new()); - if (!a || !b || !c || !d || !e || - !BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery + if (!a || !b || !c || !d || !e) { + return false; + } + + if (!BN_one(a.get()) || !BN_one(b.get())) { + return false; + } + BN_zero(c.get()); + if (BN_mod_exp_mont_consttime(d.get(), a.get(), b.get(), c.get(), ctx, + nullptr)) { + fprintf(stderr, "BN_mod_exp_mont_consttime with zero modulus succeeded!\n"); + return 0; + } + ERR_clear_error(); + + if (!BN_set_word(c.get(), 16)) { + return false; + } + if (BN_mod_exp_mont_consttime(d.get(), a.get(), b.get(), c.get(), ctx, + nullptr)) { + fprintf(stderr, "BN_mod_exp_mont_consttime with even modulus succeeded!\n"); + return 0; + } + ERR_clear_error(); + + if (!BN_rand(c.get(), 30, 0, 1)) { // must be odd for montgomery return false; } for (int i = 0; i < num2; i++) { @@ -1208,8 +1267,9 @@ static bool test_exp(FILE *fp, BN_CTX *ctx) { if (!BN_one(e.get())) { return false; } - for (; !BN_is_zero(b.get()); BN_sub(b.get(), b.get(), BN_value_one())) { - if (!BN_mul(e.get(), e.get(), a.get(), ctx)) { + while (!BN_is_zero(b.get())) { + if (!BN_mul(e.get(), e.get(), a.get(), ctx) || + !BN_sub(b.get(), b.get(), BN_value_one())) { return false; } } @@ -1371,7 +1431,7 @@ static bool test_sqrt(FILE *fp, BN_CTX *ctx) { return true; } -static bool test_bn2bin_padded(FILE *fp, BN_CTX *ctx) { +static bool test_bn2bin_padded(BN_CTX *ctx) { uint8_t zeros[256], out[256], reference[128]; memset(zeros, 0, sizeof(zeros)); @@ -1448,7 +1508,7 @@ static int DecimalToBIGNUM(ScopedBIGNUM *out, const char *in) { return ret; } -static bool test_dec2bn(FILE *fp, BN_CTX *ctx) { +static bool test_dec2bn(BN_CTX *ctx) { ScopedBIGNUM bn; int ret = DecimalToBIGNUM(&bn, "0"); if (ret != 1 || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) { @@ -1490,7 +1550,7 @@ static int HexToBIGNUM(ScopedBIGNUM *out, const char *in) { return ret; } -static bool test_hex2bn(FILE *fp, BN_CTX *ctx) { +static bool test_hex2bn(BN_CTX *ctx) { ScopedBIGNUM bn; int ret = HexToBIGNUM(&bn, "0"); if (ret != 1 || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) { @@ -1533,7 +1593,7 @@ static ScopedBIGNUM ASCIIToBIGNUM(const char *in) { return ScopedBIGNUM(raw); } -static bool test_asc2bn(FILE *fp, BN_CTX *ctx) { +static bool test_asc2bn(BN_CTX *ctx) { ScopedBIGNUM bn = ASCIIToBIGNUM("0"); if (!bn || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) { fprintf(stderr, "BN_asc2bn gave a bad result.\n"); @@ -1585,6 +1645,63 @@ static bool test_asc2bn(FILE *fp, BN_CTX *ctx) { return true; } +struct MPITest { + const char *base10; + const char *mpi; + size_t mpi_len; +}; + +static const MPITest kMPITests[] = { + { "0", "\x00\x00\x00\x00", 4 }, + { "1", "\x00\x00\x00\x01\x01", 5 }, + { "-1", "\x00\x00\x00\x01\x81", 5 }, + { "128", "\x00\x00\x00\x02\x00\x80", 6 }, + { "256", "\x00\x00\x00\x02\x01\x00", 6 }, + { "-256", "\x00\x00\x00\x02\x81\x00", 6 }, +}; + +static bool test_mpi() { + uint8_t scratch[8]; + + for (size_t i = 0; i < sizeof(kMPITests) / sizeof(kMPITests[0]); i++) { + const MPITest &test = kMPITests[i]; + ScopedBIGNUM bn(ASCIIToBIGNUM(test.base10)); + const size_t mpi_len = BN_bn2mpi(bn.get(), NULL); + if (mpi_len > sizeof(scratch)) { + fprintf(stderr, "MPI test #%u: MPI size is too large to test.\n", + (unsigned)i); + return false; + } + + const size_t mpi_len2 = BN_bn2mpi(bn.get(), scratch); + if (mpi_len != mpi_len2) { + fprintf(stderr, "MPI test #%u: length changes.\n", (unsigned)i); + return false; + } + + if (mpi_len != test.mpi_len || + memcmp(test.mpi, scratch, mpi_len) != 0) { + fprintf(stderr, "MPI test #%u failed:\n", (unsigned)i); + hexdump(stderr, "Expected: ", test.mpi, test.mpi_len); + hexdump(stderr, "Got: ", scratch, mpi_len); + return false; + } + + ScopedBIGNUM bn2(BN_mpi2bn(scratch, mpi_len, NULL)); + if (bn2.get() == nullptr) { + fprintf(stderr, "MPI test #%u: failed to parse\n", (unsigned)i); + return false; + } + + if (BN_cmp(bn.get(), bn2.get()) != 0) { + fprintf(stderr, "MPI test #%u: wrong result\n", (unsigned)i); + return false; + } + } + + return true; +} + static bool test_rand() { ScopedBIGNUM bn(BN_new()); if (!bn) { @@ -1628,3 +1745,170 @@ static bool test_rand() { return true; } + +struct ASN1Test { + const char *value_ascii; + const char *der; + size_t der_len; +}; + +static const ASN1Test kASN1Tests[] = { + {"0", "\x02\x01\x00", 3}, + {"1", "\x02\x01\x01", 3}, + {"127", "\x02\x01\x7f", 3}, + {"128", "\x02\x02\x00\x80", 4}, + {"0xdeadbeef", "\x02\x05\x00\xde\xad\xbe\xef", 7}, + {"0x0102030405060708", + "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08", 10}, + {"0xffffffffffffffff", + "\x02\x09\x00\xff\xff\xff\xff\xff\xff\xff\xff", 11}, +}; + +struct ASN1InvalidTest { + const char *der; + size_t der_len; +}; + +static const ASN1InvalidTest kASN1InvalidTests[] = { + // Bad tag. + {"\x03\x01\x00", 3}, + // Empty contents. + {"\x02\x00", 2}, +}; + +// kASN1BuggyTests are incorrect encodings and how |BN_cbs2unsigned_buggy| +// should interpret them. +static const ASN1Test kASN1BuggyTests[] = { + // Negative numbers. + {"128", "\x02\x01\x80", 3}, + {"255", "\x02\x01\xff", 3}, + // Unnecessary leading zeros. + {"1", "\x02\x02\x00\x01", 4}, +}; + +static bool test_asn1() { + for (const ASN1Test &test : kASN1Tests) { + ScopedBIGNUM bn = ASCIIToBIGNUM(test.value_ascii); + if (!bn) { + return false; + } + + // Test that the input is correctly parsed. + ScopedBIGNUM bn2(BN_new()); + if (!bn2) { + return false; + } + CBS cbs; + CBS_init(&cbs, reinterpret_cast<const uint8_t*>(test.der), test.der_len); + if (!BN_cbs2unsigned(&cbs, bn2.get()) || CBS_len(&cbs) != 0) { + fprintf(stderr, "Parsing ASN.1 INTEGER failed.\n"); + return false; + } + if (BN_cmp(bn.get(), bn2.get()) != 0) { + fprintf(stderr, "Bad parse.\n"); + return false; + } + + // Test the value serializes correctly. + CBB cbb; + uint8_t *der; + size_t der_len; + CBB_zero(&cbb); + if (!CBB_init(&cbb, 0) || + !BN_bn2cbb(&cbb, bn.get()) || + !CBB_finish(&cbb, &der, &der_len)) { + CBB_cleanup(&cbb); + return false; + } + ScopedOpenSSLBytes delete_der(der); + if (der_len != test.der_len || + memcmp(der, reinterpret_cast<const uint8_t*>(test.der), der_len) != 0) { + fprintf(stderr, "Bad serialization.\n"); + return false; + } + + // |BN_cbs2unsigned_buggy| parses all valid input. + CBS_init(&cbs, reinterpret_cast<const uint8_t*>(test.der), test.der_len); + if (!BN_cbs2unsigned_buggy(&cbs, bn2.get()) || CBS_len(&cbs) != 0) { + fprintf(stderr, "Parsing ASN.1 INTEGER failed.\n"); + return false; + } + if (BN_cmp(bn.get(), bn2.get()) != 0) { + fprintf(stderr, "Bad parse.\n"); + return false; + } + } + + for (const ASN1InvalidTest &test : kASN1InvalidTests) { + ScopedBIGNUM bn(BN_new()); + if (!bn) { + return false; + } + CBS cbs; + CBS_init(&cbs, reinterpret_cast<const uint8_t*>(test.der), test.der_len); + if (BN_cbs2unsigned(&cbs, bn.get())) { + fprintf(stderr, "Parsed invalid input.\n"); + return false; + } + ERR_clear_error(); + + // All tests in kASN1InvalidTests are also rejected by + // |BN_cbs2unsigned_buggy|. + CBS_init(&cbs, reinterpret_cast<const uint8_t*>(test.der), test.der_len); + if (BN_cbs2unsigned_buggy(&cbs, bn.get())) { + fprintf(stderr, "Parsed invalid input.\n"); + return false; + } + ERR_clear_error(); + } + + for (const ASN1Test &test : kASN1BuggyTests) { + // These broken encodings are rejected by |BN_cbs2unsigned|. + ScopedBIGNUM bn(BN_new()); + if (!bn) { + return false; + } + + CBS cbs; + CBS_init(&cbs, reinterpret_cast<const uint8_t*>(test.der), test.der_len); + if (BN_cbs2unsigned(&cbs, bn.get())) { + fprintf(stderr, "Parsed invalid input.\n"); + return false; + } + ERR_clear_error(); + + // However |BN_cbs2unsigned_buggy| accepts them. + ScopedBIGNUM bn2 = ASCIIToBIGNUM(test.value_ascii); + if (!bn2) { + return false; + } + + CBS_init(&cbs, reinterpret_cast<const uint8_t*>(test.der), test.der_len); + if (!BN_cbs2unsigned_buggy(&cbs, bn.get()) || CBS_len(&cbs) != 0) { + fprintf(stderr, "Parsing (invalid) ASN.1 INTEGER failed.\n"); + return false; + } + + if (BN_cmp(bn.get(), bn2.get()) != 0) { + fprintf(stderr, "\"Bad\" parse.\n"); + return false; + } + } + + // Serializing negative numbers is not supported. + ScopedBIGNUM bn = ASCIIToBIGNUM("-1"); + if (!bn) { + return false; + } + CBB cbb; + CBB_zero(&cbb); + if (!CBB_init(&cbb, 0) || + BN_bn2cbb(&cbb, bn.get())) { + fprintf(stderr, "Serialized negative number.\n"); + CBB_cleanup(&cbb); + return false; + } + CBB_cleanup(&cbb); + + return true; +} diff --git a/src/crypto/bn/convert.c b/src/crypto/bn/convert.c index 531b661..0122709 100644 --- a/src/crypto/bn/convert.c +++ b/src/crypto/bn/convert.c @@ -56,7 +56,9 @@ #include <openssl/bn.h> +#include <assert.h> #include <ctype.h> +#include <limits.h> #include <stdio.h> #include <string.h> @@ -67,7 +69,8 @@ #include "internal.h" BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) { - unsigned num_words, m; + size_t num_words; + unsigned m; BN_ULONG word = 0; BIGNUM *bn = NULL; @@ -93,7 +96,10 @@ BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) { return NULL; } - ret->top = num_words; + /* |bn_wexpand| must check bounds on |num_words| to write it into + * |ret->dmax|. */ + assert(num_words <= INT_MAX); + ret->top = (int)num_words; ret->neg = 0; while (len--) { @@ -198,7 +204,7 @@ char *BN_bn2hex(const BIGNUM *bn) { buf = (char *)OPENSSL_malloc(bn->top * BN_BYTES * 2 + 2); if (buf == NULL) { - OPENSSL_PUT_ERROR(BN, BN_bn2hex, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); return NULL; } @@ -227,47 +233,59 @@ char *BN_bn2hex(const BIGNUM *bn) { return buf; } -/* decode_hex decodes |i| bytes of hex data from |in| and updates |bn|. */ -static void decode_hex(BIGNUM *bn, const char *in, int i) { - int h, m, j, k, c; - BN_ULONG l=0; - - j = i; /* least significant 'hex' */ - h = 0; - while (j > 0) { - m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j; - l = 0; - for (;;) { - c = in[j - m]; - if ((c >= '0') && (c <= '9')) { - k = c - '0'; - } else if ((c >= 'a') && (c <= 'f')) { - k = c - 'a' + 10; - } else if ((c >= 'A') && (c <= 'F')) { - k = c - 'A' + 10; - } else { - k = 0; /* paranoia */ - } +/* decode_hex decodes |in_len| bytes of hex data from |in| and updates |bn|. */ +static int decode_hex(BIGNUM *bn, const char *in, int in_len) { + if (in_len > INT_MAX/4) { + OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); + return 0; + } + /* |in_len| is the number of hex digits. */ + if (bn_expand(bn, in_len * 4) == NULL) { + return 0; + } - l = (l << 4) | k; + int i = 0; + while (in_len > 0) { + /* Decode one |BN_ULONG| at a time. */ + int todo = BN_BYTES * 2; + if (todo > in_len) { + todo = in_len; + } - if (--m <= 0) { - bn->d[h++] = l; - break; + BN_ULONG word = 0; + int j; + for (j = todo; j > 0; j--) { + char c = in[in_len - j]; + + BN_ULONG hex; + if (c >= '0' && c <= '9') { + hex = c - '0'; + } else if (c >= 'a' && c <= 'f') { + hex = c - 'a' + 10; + } else if (c >= 'A' && c <= 'F') { + hex = c - 'A' + 10; + } else { + hex = 0; + /* This shouldn't happen. The caller checks |isxdigit|. */ + assert(0); } + word = (word << 4) | hex; } - j -= (BN_BYTES * 2); + bn->d[i++] = word; + in_len -= todo; } - - bn->top = h; + assert(i <= bn->dmax); + bn->top = i; + return 1; } /* decode_dec decodes |in_len| bytes of decimal data from |in| and updates |bn|. */ -static void decode_dec(BIGNUM *bn, const char *in, int in_len) { +static int decode_dec(BIGNUM *bn, const char *in, int in_len) { int i, j; BN_ULONG l = 0; + /* Decode |BN_DEC_NUM| digits at a time. */ j = BN_DEC_NUM - (in_len % BN_DEC_NUM); if (j == BN_DEC_NUM) { j = 0; @@ -277,15 +295,18 @@ static void decode_dec(BIGNUM *bn, const char *in, int in_len) { l *= 10; l += in[i] - '0'; if (++j == BN_DEC_NUM) { - BN_mul_word(bn, BN_DEC_CONV); - BN_add_word(bn, l); + if (!BN_mul_word(bn, BN_DEC_CONV) || + !BN_add_word(bn, l)) { + return 0; + } l = 0; j = 0; } } + return 1; } -typedef void (*decode_func) (BIGNUM *bn, const char *in, int i); +typedef int (*decode_func) (BIGNUM *bn, const char *in, int in_len); typedef int (*char_test_func) (int c); static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, char_test_func want_char) { @@ -302,7 +323,7 @@ static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, char_test_ in++; } - for (i = 0; want_char((unsigned char)in[i]); i++) {} + for (i = 0; want_char((unsigned char)in[i]) && i + neg < INT_MAX; i++) {} num = i + neg; if (outp == NULL) { @@ -320,13 +341,10 @@ static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, char_test_ BN_zero(ret); } - /* i is the number of hex digests; */ - if (bn_expand(ret, i * 4) == NULL) { + if (!decode(ret, in, i)) { goto err; } - decode(ret, in, i); - bn_correct_top(ret); if (!BN_is_zero(ret)) { ret->neg = neg; @@ -365,7 +383,7 @@ char *BN_bn2dec(const BIGNUM *a) { (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG)); buf = (char *)OPENSSL_malloc(num + 3); if ((buf == NULL) || (bn_data == NULL)) { - OPENSSL_PUT_ERROR(BN, BN_bn2dec, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); goto err; } t = BN_dup(a); @@ -499,3 +517,81 @@ BN_ULONG BN_get_word(const BIGNUM *bn) { return BN_MASK2; } } + +size_t BN_bn2mpi(const BIGNUM *in, uint8_t *out) { + const size_t bits = BN_num_bits(in); + const size_t bytes = (bits + 7) / 8; + /* If the number of bits is a multiple of 8, i.e. if the MSB is set, + * prefix with a zero byte. */ + int extend = 0; + if (bytes != 0 && (bits & 0x07) == 0) { + extend = 1; + } + + const size_t len = bytes + extend; + if (len < bytes || + 4 + len < len || + (len & 0xffffffff) != len) { + /* If we cannot represent the number then we emit zero as the interface + * doesn't allow an error to be signalled. */ + if (out) { + memset(out, 0, 4); + } + return 4; + } + + if (out == NULL) { + return 4 + len; + } + + out[0] = len >> 24; + out[1] = len >> 16; + out[2] = len >> 8; + out[3] = len; + if (extend) { + out[4] = 0; + } + BN_bn2bin(in, out + 4 + extend); + if (in->neg && len > 0) { + out[4] |= 0x80; + } + return len + 4; +} + +BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) { + if (len < 4) { + OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); + return NULL; + } + const size_t in_len = ((size_t)in[0] << 24) | + ((size_t)in[1] << 16) | + ((size_t)in[2] << 8) | + ((size_t)in[3]); + if (in_len != len - 4) { + OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); + return NULL; + } + + if (out == NULL) { + out = BN_new(); + } + if (out == NULL) { + OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (in_len == 0) { + BN_zero(out); + return out; + } + + in += 4; + if (BN_bin2bn(in, in_len, out) == NULL) { + return NULL; + } + out->neg = ((*in) & 0x80) != 0; + if (out->neg) { + BN_clear_bit(out, BN_num_bits(out) - 1); + } + return out; +} diff --git a/src/crypto/bn/ctx.c b/src/crypto/bn/ctx.c index 0578376..48d9adf 100644 --- a/src/crypto/bn/ctx.c +++ b/src/crypto/bn/ctx.c @@ -124,7 +124,7 @@ struct bignum_ctx { BN_CTX *BN_CTX_new(void) { BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); if (!ret) { - OPENSSL_PUT_ERROR(BN, BN_CTX_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); return NULL; } @@ -153,7 +153,7 @@ void BN_CTX_start(BN_CTX *ctx) { ctx->err_stack++; } else if (!BN_STACK_push(&ctx->stack, ctx->used)) { /* (Try to) get a new frame pointer */ - OPENSSL_PUT_ERROR(BN, BN_CTX_start, BN_R_TOO_MANY_TEMPORARY_VARIABLES); + OPENSSL_PUT_ERROR(BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES); ctx->err_stack++; } } @@ -169,7 +169,7 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) { /* Setting too_many prevents repeated "get" attempts from * cluttering the error stack. */ ctx->too_many = 1; - OPENSSL_PUT_ERROR(BN, BN_CTX_get, BN_R_TOO_MANY_TEMPORARY_VARIABLES); + OPENSSL_PUT_ERROR(BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES); return NULL; } diff --git a/src/crypto/bn/div.c b/src/crypto/bn/div.c index 3588ea1..779dda2 100644 --- a/src/crypto/bn/div.c +++ b/src/crypto/bn/div.c @@ -125,7 +125,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, * so don't just rely on bn_check_top() here */ if ((num->top > 0 && num->d[num->top - 1] == 0) || (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) { - OPENSSL_PUT_ERROR(BN, BN_div, BN_R_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(BN, BN_R_NOT_INITIALIZED); return 0; } @@ -135,7 +135,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, } if (BN_is_zero(divisor)) { - OPENSSL_PUT_ERROR(BN, BN_div, BN_R_DIV_BY_ZERO); + OPENSSL_PUT_ERROR(BN, BN_R_DIV_BY_ZERO); return 0; } @@ -511,7 +511,7 @@ int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) { /* max_shift >= 0 */ if (max_shift < 0) { - OPENSSL_PUT_ERROR(BN, BN_mod_lshift_quick, BN_R_INPUT_NOT_REDUCED); + OPENSSL_PUT_ERROR(BN, BN_R_INPUT_NOT_REDUCED); return 0; } diff --git a/src/crypto/bn/exponentiation.c b/src/crypto/bn/exponentiation.c index d3063c9..6c5e11b 100644 --- a/src/crypto/bn/exponentiation.c +++ b/src/crypto/bn/exponentiation.c @@ -131,7 +131,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { if ((p->flags & BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - OPENSSL_PUT_ERROR(BN, BN_exp, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -173,8 +173,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { } } - if (r != rr) { - BN_copy(r, rr); + if (r != rr && !BN_copy(r, rr)) { + goto err; } ret = 1; @@ -333,7 +333,7 @@ static int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, j = 0; while (BN_ucmp(r, &(recp->N)) >= 0) { if (j++ > 2) { - OPENSSL_PUT_ERROR(BN, BN_div_recp, BN_R_BAD_RECIPROCAL); + OPENSSL_PUT_ERROR(BN, BN_R_BAD_RECIPROCAL); goto err; } if (!BN_usub(r, r, &(recp->N))) { @@ -427,7 +427,7 @@ static int mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - OPENSSL_PUT_ERROR(BN, mod_exp_recp, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } @@ -616,7 +616,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } if (!BN_is_odd(m)) { - OPENSSL_PUT_ERROR(BN, BN_mod_exp_mont, BN_R_CALLED_WITH_EVEN_MODULUS); + OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } bits = BN_num_bits(p); @@ -862,13 +862,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, unsigned char *powerbuf = NULL; BIGNUM tmp, am; - top = m->top; - - if (!(m->d[0] & 1)) { - OPENSSL_PUT_ERROR(BN, BN_mod_exp_mont_consttime, - BN_R_CALLED_WITH_EVEN_MODULUS); + if (!BN_is_odd(m)) { + OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } + + top = m->top; + bits = BN_num_bits(p); if (bits == 0) { ret = BN_one(rr); @@ -926,7 +926,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } } #endif - (void)0; /* Allocate a buffer large enough to hold all of the pre-computed * powers of am, am itself and tmp. @@ -1223,13 +1222,12 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - OPENSSL_PUT_ERROR(BN, BN_mod_exp_mont_word, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (!BN_is_odd(m)) { - OPENSSL_PUT_ERROR(BN, BN_mod_exp_mont_word, BN_R_CALLED_WITH_EVEN_MODULUS); + OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } @@ -1372,7 +1370,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, BN_MONT_CTX *mont = NULL; if (!(m->d[0] & 1)) { - OPENSSL_PUT_ERROR(BN, BN_mod_exp2_mont, BN_R_CALLED_WITH_EVEN_MODULUS); + OPENSSL_PUT_ERROR(BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } bits1 = BN_num_bits(p1); diff --git a/src/crypto/bn/gcd.c b/src/crypto/bn/gcd.c index 3132c29..e106149 100644 --- a/src/crypto/bn/gcd.c +++ b/src/crypto/bn/gcd.c @@ -223,20 +223,23 @@ err: } /* solves ax == 1 (mod n) */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, const BIGNUM *a, - const BIGNUM *n, BN_CTX *ctx); +static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, int *out_no_inverse, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx); -BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx) { +BIGNUM *BN_mod_inverse_ex(BIGNUM *out, int *out_no_inverse, const BIGNUM *a, + const BIGNUM *n, BN_CTX *ctx) { BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; BIGNUM *ret = NULL; int sign; if ((a->flags & BN_FLG_CONSTTIME) != 0 || (n->flags & BN_FLG_CONSTTIME) != 0) { - return BN_mod_inverse_no_branch(out, a, n, ctx); + return BN_mod_inverse_no_branch(out, out_no_inverse, a, n, ctx); } + *out_no_inverse = 0; + BN_CTX_start(ctx); A = BN_CTX_get(ctx); B = BN_CTX_get(ctx); @@ -522,7 +525,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a, const BIGNUM *n, } } } else { - OPENSSL_PUT_ERROR(BN, BN_mod_inverse, BN_R_NO_INVERSE); + *out_no_inverse = 1; + OPENSSL_PUT_ERROR(BN, BN_R_NO_INVERSE); goto err; } ret = R; @@ -535,16 +539,25 @@ err: return ret; } +BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx) { + int no_inverse; + return BN_mod_inverse_ex(out, &no_inverse, a, n, ctx); +} + /* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. * It does not contain branches that may leak sensitive information. */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, const BIGNUM *a, - const BIGNUM *n, BN_CTX *ctx) { +static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, int *out_no_inverse, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx) { BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; BIGNUM local_A, local_B; BIGNUM *pA, *pB; BIGNUM *ret = NULL; int sign; + *out_no_inverse = 0; + BN_CTX_start(ctx); A = BN_CTX_get(ctx); B = BN_CTX_get(ctx); @@ -682,7 +695,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *out, const BIGNUM *a, } } } else { - OPENSSL_PUT_ERROR(BN, BN_mod_inverse_no_branch, BN_R_NO_INVERSE); + *out_no_inverse = 1; + OPENSSL_PUT_ERROR(BN, BN_R_NO_INVERSE); goto err; } ret = R; diff --git a/src/crypto/bn/internal.h b/src/crypto/bn/internal.h index 2674b3c..0d0eb44 100644 --- a/src/crypto/bn/internal.h +++ b/src/crypto/bn/internal.h @@ -136,9 +136,9 @@ extern "C" { #endif -/* bn_expand acts the same as |BN_wexpand|, but takes a number of bits rather +/* bn_expand acts the same as |bn_wexpand|, but takes a number of bits rather * than a number of words. */ -BIGNUM *bn_expand(BIGNUM *bn, unsigned bits); +BIGNUM *bn_expand(BIGNUM *bn, size_t bits); #if defined(OPENSSL_64_BIT) diff --git a/src/crypto/bn/montgomery.c b/src/crypto/bn/montgomery.c index 152cf2d..c6c9c88 100644 --- a/src/crypto/bn/montgomery.c +++ b/src/crypto/bn/montgomery.c @@ -110,6 +110,7 @@ #include <string.h> +#include <openssl/err.h> #include <openssl/mem.h> #include <openssl/thread.h> @@ -176,6 +177,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { BIGNUM tmod; BN_ULONG buf[2]; + if (BN_is_zero(mod)) { + OPENSSL_PUT_ERROR(BN, BN_R_DIV_BY_ZERO); + return 0; + } + BN_CTX_start(ctx); Ri = BN_CTX_get(ctx); if (Ri == NULL) { diff --git a/src/crypto/bn/mul.c b/src/crypto/bn/mul.c index a17d766..029a59e 100644 --- a/src/crypto/bn/mul.c +++ b/src/crypto/bn/mul.c @@ -666,8 +666,8 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { end: bn_correct_top(rr); - if (r != rr) { - BN_copy(r, rr); + if (r != rr && !BN_copy(r, rr)) { + goto err; } ret = 1; @@ -877,8 +877,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { rr->top = max; } - if (rr != r) { - BN_copy(r, rr); + if (rr != r && !BN_copy(r, rr)) { + goto err; } ret = 1; diff --git a/src/crypto/bn/prime.c b/src/crypto/bn/prime.c index cf3afcf..bbb8fe0 100644 --- a/src/crypto/bn/prime.c +++ b/src/crypto/bn/prime.c @@ -362,11 +362,11 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, if (bits < 2) { /* There are no prime numbers this small. */ - OPENSSL_PUT_ERROR(BN, BN_generate_prime_ex, BN_R_BITS_TOO_SMALL); + OPENSSL_PUT_ERROR(BN, BN_R_BITS_TOO_SMALL); return 0; } else if (bits == 2 && safe) { /* The smallest safe prime (7) is three bits. */ - OPENSSL_PUT_ERROR(BN, BN_generate_prime_ex, BN_R_BITS_TOO_SMALL); + OPENSSL_PUT_ERROR(BN, BN_R_BITS_TOO_SMALL); return 0; } @@ -515,11 +515,10 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, /* A := abs(a) */ if (a->neg) { - BIGNUM *t; - if ((t = BN_CTX_get(ctx)) == NULL) { + BIGNUM *t = BN_CTX_get(ctx); + if (t == NULL || !BN_copy(t, a)) { goto err; } - BN_copy(t, a); t->neg = 0; A = t; } else { diff --git a/src/crypto/bn/random.c b/src/crypto/bn/random.c index 549ac48..3116e54 100644 --- a/src/crypto/bn/random.c +++ b/src/crypto/bn/random.c @@ -134,7 +134,7 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { buf = OPENSSL_malloc(bytes); if (buf == NULL) { - OPENSSL_PUT_ERROR(BN, BN_rand, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); goto err; } @@ -186,7 +186,7 @@ int BN_rand_range(BIGNUM *r, const BIGNUM *range) { unsigned count = 100; if (range->neg || BN_is_zero(range)) { - OPENSSL_PUT_ERROR(BN, BN_rand_range, BN_R_INVALID_RANGE); + OPENSSL_PUT_ERROR(BN, BN_R_INVALID_RANGE); return 0; } @@ -219,7 +219,7 @@ int BN_rand_range(BIGNUM *r, const BIGNUM *range) { } if (!--count) { - OPENSSL_PUT_ERROR(BN, BN_rand_range, BN_R_TOO_MANY_ITERATIONS); + OPENSSL_PUT_ERROR(BN, BN_R_TOO_MANY_ITERATIONS); return 0; } } while (BN_cmp(r, range) >= 0); @@ -231,7 +231,7 @@ int BN_rand_range(BIGNUM *r, const BIGNUM *range) { } if (!--count) { - OPENSSL_PUT_ERROR(BN, BN_rand_range, BN_R_TOO_MANY_ITERATIONS); + OPENSSL_PUT_ERROR(BN, BN_R_TOO_MANY_ITERATIONS); return 0; } } while (BN_cmp(r, range) >= 0); @@ -264,13 +264,13 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv, } if (BN_is_zero(range)) { - OPENSSL_PUT_ERROR(BN, BN_generate_dsa_nonce, BN_R_DIV_BY_ZERO); + OPENSSL_PUT_ERROR(BN, BN_R_DIV_BY_ZERO); goto err; } k_bytes = OPENSSL_malloc(num_k_bytes); if (!k_bytes) { - OPENSSL_PUT_ERROR(BN, BN_generate_dsa_nonce, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); goto err; } @@ -281,7 +281,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv, /* No reasonable DSA or ECDSA key should have a private key * this large and we don't handle this case in order to avoid * leaking the length of the private key. */ - OPENSSL_PUT_ERROR(BN, BN_generate_dsa_nonce, BN_R_PRIVATE_KEY_TOO_LARGE); + OPENSSL_PUT_ERROR(BN, BN_R_PRIVATE_KEY_TOO_LARGE); goto err; } memcpy(private_bytes, priv->d, todo); diff --git a/src/crypto/bn/rsaz_exp.h b/src/crypto/bn/rsaz_exp.h index 0bb6b0c..c752b45 100644 --- a/src/crypto/bn/rsaz_exp.h +++ b/src/crypto/bn/rsaz_exp.h @@ -1,32 +1,44 @@ -/****************************************************************************** -* Copyright(c) 2012, Intel Corp. -* Developers and authors: -* Shay Gueron (1, 2), and Vlad Krasnov (1) -* (1) Intel Corporation, Israel Development Center, Haifa, Israel -* (2) University of Haifa, Israel +/***************************************************************************** +* * +* Copyright (c) 2012, Intel Corporation * +* * +* All rights reserved. * +* * +* Redistribution and use in source and binary forms, with or without * +* modification, are permitted provided that the following conditions are * +* met: * +* * +* * Redistributions of source code must retain the above copyright * +* notice, this list of conditions and the following disclaimer. * +* * +* * Redistributions in binary form must reproduce the above copyright * +* notice, this list of conditions and the following disclaimer in the * +* documentation and/or other materials provided with the * +* distribution. * +* * +* * Neither the name of the Intel Corporation nor the names of its * +* contributors may be used to endorse or promote products derived from * +* this software without specific prior written permission. * +* * +* * +* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * +* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * +* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * +* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * +* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * +* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +* * ****************************************************************************** -* LICENSE: -* This submission to OpenSSL is to be made available under the OpenSSL -* license, and only to the OpenSSL project, in order to allow integration -* into the publicly distributed code. -* The use of this code, or portions of this code, or concepts embedded in -* this code, or modification of this code and/or algorithm(s) in it, or the -* use of this code for any other purpose than stated above, requires special -* licensing. -****************************************************************************** -* DISCLAIMER: -* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS AND THE COPYRIGHT OWNERS -* ``AS IS''. ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS OR THE COPYRIGHT -* OWNERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -* POSSIBILITY OF SUCH DAMAGE. -******************************************************************************/ +* Developers and authors: * +* Shay Gueron (1, 2), and Vlad Krasnov (1) * +* (1) Intel Corporation, Israel Development Center, Haifa, Israel * +* (2) University of Haifa, Israel * +*****************************************************************************/ #ifndef RSAZ_EXP_H #define RSAZ_EXP_H diff --git a/src/crypto/bn/shift.c b/src/crypto/bn/shift.c index f143996..defec92 100644 --- a/src/crypto/bn/shift.c +++ b/src/crypto/bn/shift.c @@ -69,7 +69,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) { BN_ULONG l; if (n < 0) { - OPENSSL_PUT_ERROR(BN, BN_lshift, BN_R_NEGATIVE_NUMBER); + OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); return 0; } @@ -138,7 +138,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) { BN_ULONG l, tmp; if (n < 0) { - OPENSSL_PUT_ERROR(BN, BN_rshift, BN_R_NEGATIVE_NUMBER); + OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); return 0; } diff --git a/src/crypto/bn/sqrt.c b/src/crypto/bn/sqrt.c index e71a818..2ed66c2 100644 --- a/src/crypto/bn/sqrt.c +++ b/src/crypto/bn/sqrt.c @@ -86,7 +86,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { return ret; } - OPENSSL_PUT_ERROR(BN, BN_mod_sqrt, BN_R_P_IS_NOT_PRIME); + OPENSSL_PUT_ERROR(BN, BN_R_P_IS_NOT_PRIME); return (NULL); } @@ -260,7 +260,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { } if (r == 0) { /* m divides p */ - OPENSSL_PUT_ERROR(BN, BN_mod_sqrt, BN_R_P_IS_NOT_PRIME); + OPENSSL_PUT_ERROR(BN, BN_R_P_IS_NOT_PRIME); goto end; } } while (r == 1 && ++i < 82); @@ -271,7 +271,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { * Even if p is not prime, we should have found some y * such that r == -1. */ - OPENSSL_PUT_ERROR(BN, BN_mod_sqrt, BN_R_TOO_MANY_ITERATIONS); + OPENSSL_PUT_ERROR(BN, BN_R_TOO_MANY_ITERATIONS); goto end; } @@ -286,7 +286,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { goto end; } if (BN_is_one(y)) { - OPENSSL_PUT_ERROR(BN, BN_mod_sqrt, BN_R_P_IS_NOT_PRIME); + OPENSSL_PUT_ERROR(BN, BN_R_P_IS_NOT_PRIME); goto end; } @@ -377,7 +377,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { while (!BN_is_one(t)) { i++; if (i == e) { - OPENSSL_PUT_ERROR(BN, BN_mod_sqrt, BN_R_NOT_A_SQUARE); + OPENSSL_PUT_ERROR(BN, BN_R_NOT_A_SQUARE); goto end; } if (!BN_mod_mul(t, t, t, p, ctx)) { @@ -413,7 +413,7 @@ vrfy: } if (!err && 0 != BN_cmp(x, A)) { - OPENSSL_PUT_ERROR(BN, BN_mod_sqrt, BN_R_NOT_A_SQUARE); + OPENSSL_PUT_ERROR(BN, BN_R_NOT_A_SQUARE); err = 1; } } @@ -434,7 +434,7 @@ int BN_sqrt(BIGNUM *out_sqrt, const BIGNUM *in, BN_CTX *ctx) { int ok = 0, last_delta_valid = 0; if (in->neg) { - OPENSSL_PUT_ERROR(BN, BN_sqrt, BN_R_NEGATIVE_NUMBER); + OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER); return 0; } if (BN_is_zero(in)) { @@ -452,7 +452,7 @@ int BN_sqrt(BIGNUM *out_sqrt, const BIGNUM *in, BN_CTX *ctx) { last_delta = BN_CTX_get(ctx); delta = BN_CTX_get(ctx); if (estimate == NULL || tmp == NULL || last_delta == NULL || delta == NULL) { - OPENSSL_PUT_ERROR(BN, BN_sqrt, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE); goto err; } @@ -470,7 +470,7 @@ int BN_sqrt(BIGNUM *out_sqrt, const BIGNUM *in, BN_CTX *ctx) { !BN_sqr(tmp, estimate, ctx) || /* |delta| = |in| - |tmp| */ !BN_sub(delta, in, tmp)) { - OPENSSL_PUT_ERROR(BN, BN_sqrt, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(BN, ERR_R_BN_LIB); goto err; } @@ -490,15 +490,15 @@ int BN_sqrt(BIGNUM *out_sqrt, const BIGNUM *in, BN_CTX *ctx) { } if (BN_cmp(tmp, in) != 0) { - OPENSSL_PUT_ERROR(BN, BN_sqrt, BN_R_NOT_A_SQUARE); + OPENSSL_PUT_ERROR(BN, BN_R_NOT_A_SQUARE); goto err; } ok = 1; err: - if (ok && out_sqrt == in) { - BN_copy(out_sqrt, estimate); + if (ok && out_sqrt == in && !BN_copy(out_sqrt, estimate)) { + ok = 0; } BN_CTX_end(ctx); return ok; diff --git a/src/crypto/buf/CMakeLists.txt b/src/crypto/buf/CMakeLists.txt index 19edf7d..63f1025 100644 --- a/src/crypto/buf/CMakeLists.txt +++ b/src/crypto/buf/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( buf diff --git a/src/crypto/buf/buf.c b/src/crypto/buf/buf.c index 5769e77..13b5ceb 100644 --- a/src/crypto/buf/buf.c +++ b/src/crypto/buf/buf.c @@ -67,7 +67,7 @@ BUF_MEM *BUF_MEM_new(void) { ret = OPENSSL_malloc(sizeof(BUF_MEM)); if (ret == NULL) { - OPENSSL_PUT_ERROR(BUF, BUF_MEM_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE); return NULL; } @@ -105,14 +105,14 @@ static size_t buf_mem_grow(BUF_MEM *buf, size_t len, char clean) { n = len + 3; if (n < len) { /* overflow */ - OPENSSL_PUT_ERROR(BUF, buf_mem_grow, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE); return 0; } n = n / 3; alloc_size = n * 4; if (alloc_size / 4 != n) { /* overflow */ - OPENSSL_PUT_ERROR(BUF, buf_mem_grow, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE); return 0; } @@ -127,7 +127,7 @@ static size_t buf_mem_grow(BUF_MEM *buf, size_t len, char clean) { } if (new_buf == NULL) { - OPENSSL_PUT_ERROR(BUF, buf_mem_grow, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE); len = 0; } else { buf->data = new_buf; @@ -180,12 +180,12 @@ char *BUF_strndup(const char *buf, size_t size) { alloc_size = size + 1; if (alloc_size < size) { /* overflow */ - OPENSSL_PUT_ERROR(BUF, BUF_strndup, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE); return NULL; } ret = OPENSSL_malloc(alloc_size); if (ret == NULL) { - OPENSSL_PUT_ERROR(BUF, BUF_strndup, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE); return NULL; } @@ -226,7 +226,7 @@ void *BUF_memdup(const void *data, size_t dst_size) { ret = OPENSSL_malloc(dst_size); if (ret == NULL) { - OPENSSL_PUT_ERROR(BUF, BUF_memdup, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/src/crypto/bytestring/CMakeLists.txt b/src/crypto/bytestring/CMakeLists.txt index cbbacf2..3462aee 100644 --- a/src/crypto/bytestring/CMakeLists.txt +++ b/src/crypto/bytestring/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( bytestring diff --git a/src/crypto/bytestring/bytestring_test.cc b/src/crypto/bytestring/bytestring_test.cc index 66e9c1e..e987e1b 100644 --- a/src/crypto/bytestring/bytestring_test.cc +++ b/src/crypto/bytestring/bytestring_test.cc @@ -109,7 +109,7 @@ static bool TestGetASN1() { static const uint8_t kData2[] = {0x30, 3, 1, 2}; static const uint8_t kData3[] = {0x30, 0x80}; static const uint8_t kData4[] = {0x30, 0x81, 1, 1}; - static const uint8_t kData5[] = {0x30, 0x82, 0, 1, 1}; + static const uint8_t kData5[4 + 0x80] = {0x30, 0x82, 0, 0x80}; static const uint8_t kData6[] = {0xa1, 3, 0x4, 1, 1}; static const uint8_t kData7[] = {0xa1, 3, 0x4, 2, 1}; static const uint8_t kData8[] = {0xa1, 3, 0x2, 1, 1}; @@ -649,6 +649,14 @@ static bool TestASN1Uint64() { return true; } +static int TestZero() { + CBB cbb; + CBB_zero(&cbb); + // Calling |CBB_cleanup| on a zero-state |CBB| must not crash. + CBB_cleanup(&cbb); + return 1; +} + int main(void) { CRYPTO_library_init(); @@ -665,7 +673,8 @@ int main(void) { !TestCBBASN1() || !TestBerConvert() || !TestASN1Uint64() || - !TestGetOptionalASN1Bool()) { + !TestGetOptionalASN1Bool() || + !TestZero()) { return 1; } diff --git a/src/crypto/bytestring/cbb.c b/src/crypto/bytestring/cbb.c index f1e09a2..1da6a21 100644 --- a/src/crypto/bytestring/cbb.c +++ b/src/crypto/bytestring/cbb.c @@ -20,6 +20,10 @@ #include <openssl/mem.h> +void CBB_zero(CBB *cbb) { + memset(cbb, 0, sizeof(CBB)); +} + static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) { struct cbb_buffer_st *base; @@ -243,6 +247,11 @@ int CBB_flush(CBB *cbb) { return 1; } +size_t CBB_len(const CBB *cbb) { + assert(cbb->child == NULL); + + return cbb->base->len; +} static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len) { diff --git a/src/crypto/bytestring/cbs.c b/src/crypto/bytestring/cbs.c index b8caedd..5e0c538 100644 --- a/src/crypto/bytestring/cbs.c +++ b/src/crypto/bytestring/cbs.c @@ -137,6 +137,15 @@ int CBS_get_bytes(CBS *cbs, CBS *out, size_t len) { return 1; } +int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) { + const uint8_t *v; + if (!cbs_get(cbs, &v, len)) { + return 0; + } + memcpy(out, v, len); + return 1; +} + static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) { uint32_t len; if (!cbs_get_u(cbs, &len, len_len)) { @@ -320,14 +329,19 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) { } int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned tag) { + int present = 0; + if (CBS_peek_asn1_tag(cbs, tag)) { if (!CBS_get_asn1(cbs, out, tag)) { return 0; } - *out_present = 1; - } else { - *out_present = 0; + present = 1; + } + + if (out_present != NULL) { + *out_present = present; } + return 1; } diff --git a/src/crypto/bytestring/internal.h b/src/crypto/bytestring/internal.h index 391ad19..b4ea7e5 100644 --- a/src/crypto/bytestring/internal.h +++ b/src/crypto/bytestring/internal.h @@ -38,14 +38,6 @@ extern "C" { * It returns one on success and zero otherwise. */ OPENSSL_EXPORT int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len); -/* CBS_get_any_ber_asn1_element acts the same as |CBS_get_any_asn1_element| but - * also allows indefinite-length elements to be returned. In that case, - * |*out_header_len| and |CBS_len(out)| will both be two as only the header is - * returned. */ -OPENSSL_EXPORT int CBS_get_any_ber_asn1_element(CBS *cbs, CBS *out, - unsigned *out_tag, - size_t *out_header_len); - #if defined(__cplusplus) } /* extern C */ diff --git a/src/crypto/chacha/CMakeLists.txt b/src/crypto/chacha/CMakeLists.txt index 6c3f87e..266e869 100644 --- a/src/crypto/chacha/CMakeLists.txt +++ b/src/crypto/chacha/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) if (${ARCH} STREQUAL "arm") set( diff --git a/src/crypto/chacha/chacha_vec_arm.S b/src/crypto/chacha/chacha_vec_arm.S index ddc374e..0f82627 100644 --- a/src/crypto/chacha/chacha_vec_arm.S +++ b/src/crypto/chacha/chacha_vec_arm.S @@ -23,6 +23,7 @@ # /opt/gcc-linaro-4.9-2014.11-x86_64_arm-linux-gnueabihf/bin/arm-linux-gnueabihf-gcc -O3 -mcpu=cortex-a8 -mfpu=neon -fpic -DASM_GEN -I ../../include -S chacha_vec.c -o - #if !defined(OPENSSL_NO_ASM) +#if defined(__arm__) || defined(__aarch64__) .syntax unified .cpu cortex-a8 @@ -1423,4 +1424,5 @@ CRYPTO_chacha_20_neon: .ident "GCC: (Linaro GCC 2014.11) 4.9.3 20141031 (prerelease)" .section .note.GNU-stack,"",%progbits +#endif /* __arm__ || __aarch64__ */ #endif /* !OPENSSL_NO_ASM */ diff --git a/src/crypto/chacha/chacha_vec_arm_generate.go b/src/crypto/chacha/chacha_vec_arm_generate.go index d681e8a..6d167b9 100644 --- a/src/crypto/chacha/chacha_vec_arm_generate.go +++ b/src/crypto/chacha/chacha_vec_arm_generate.go @@ -52,7 +52,8 @@ func main() { output.WriteString(compiler) output.WriteString(" ") output.WriteString(strings.Join(args, " ")) - output.WriteString("\n\n#if !defined(OPENSSL_NO_ASM)\n\n") + output.WriteString("\n\n#if !defined(OPENSSL_NO_ASM)\n") + output.WriteString("#if defined(__arm__) || defined(__aarch64__)\n\n") cmd := exec.Command(compiler, args...) cmd.Stderr = os.Stderr @@ -144,5 +145,6 @@ const attr28Block = ` ` const trailer = ` +#endif /* __arm__ || __aarch64__ */ #endif /* !OPENSSL_NO_ASM */ ` diff --git a/src/crypto/cipher/CMakeLists.txt b/src/crypto/cipher/CMakeLists.txt index 2775698..6b4c729 100644 --- a/src/crypto/cipher/CMakeLists.txt +++ b/src/crypto/cipher/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( cipher diff --git a/src/crypto/cipher/aead.c b/src/crypto/cipher/aead.c index 20d699d..7e747f8 100644 --- a/src/crypto/cipher/aead.c +++ b/src/crypto/cipher/aead.c @@ -30,11 +30,15 @@ size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead) { return aead->overhead; } size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; } +void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) { + memset(ctx, 0, sizeof(EVP_AEAD_CTX)); +} + int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, const uint8_t *key, size_t key_len, size_t tag_len, ENGINE *impl) { if (!aead->init) { - OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init, CIPHER_R_NO_DIRECTION_SET); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_DIRECTION_SET); ctx->aead = NULL; return 0; } @@ -47,8 +51,7 @@ int EVP_AEAD_CTX_init_with_direction(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, size_t tag_len, enum evp_aead_direction_t dir) { if (key_len != aead->key_len) { - OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_init_with_direction, - CIPHER_R_UNSUPPORTED_KEY_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_KEY_SIZE); ctx->aead = NULL; return 0; } @@ -101,12 +104,12 @@ int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t possible_out_len = in_len + ctx->aead->overhead; if (possible_out_len < in_len /* overflow */) { - OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); goto error; } if (!check_alias(in, in_len, out)) { - OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_seal, CIPHER_R_OUTPUT_ALIASES_INPUT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT); goto error; } @@ -128,7 +131,7 @@ int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len) { if (!check_alias(in, in_len, out)) { - OPENSSL_PUT_ERROR(CIPHER, EVP_AEAD_CTX_open, CIPHER_R_OUTPUT_ALIASES_INPUT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT); goto error; } diff --git a/src/crypto/cipher/aead_test.cc b/src/crypto/cipher/aead_test.cc index e4b75d6..baaee9e 100644 --- a/src/crypto/cipher/aead_test.cc +++ b/src/crypto/cipher/aead_test.cc @@ -22,6 +22,7 @@ #include <openssl/err.h> #include "../test/file_test.h" +#include "../test/scoped_types.h" #include "../test/stl_compat.h" @@ -35,18 +36,6 @@ // CT: 5294265a60 // TAG: 1d45758621762e061368e68868e2f929 -// EVP_AEAD_CTX lacks a zero state, so it doesn't fit easily into -// ScopedOpenSSLContext. -class EVP_AEAD_CTXScoper { - public: - EVP_AEAD_CTXScoper(EVP_AEAD_CTX *ctx) : ctx_(ctx) {} - ~EVP_AEAD_CTXScoper() { - EVP_AEAD_CTX_cleanup(ctx_); - } - private: - EVP_AEAD_CTX *ctx_; -}; - static bool TestAEAD(FileTest *t, void *arg) { const EVP_AEAD *aead = reinterpret_cast<const EVP_AEAD*>(arg); @@ -60,20 +49,19 @@ static bool TestAEAD(FileTest *t, void *arg) { return false; } - EVP_AEAD_CTX ctx; - if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), - key.size(), tag.size(), - evp_aead_seal)) { + ScopedEVP_AEAD_CTX ctx; + if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, + bssl::vector_data(&key), key.size(), + tag.size(), evp_aead_seal)) { t->PrintLine("Failed to init AEAD."); return false; } - EVP_AEAD_CTXScoper cleanup(&ctx); std::vector<uint8_t> out(in.size() + EVP_AEAD_max_overhead(aead)); if (!t->HasAttribute("NO_SEAL")) { size_t out_len; - if (!EVP_AEAD_CTX_seal(&ctx, bssl::vector_data(&out), &out_len, out.size(), - bssl::vector_data(&nonce), nonce.size(), + if (!EVP_AEAD_CTX_seal(ctx.get(), bssl::vector_data(&out), &out_len, + out.size(), bssl::vector_data(&nonce), nonce.size(), bssl::vector_data(&in), in.size(), bssl::vector_data(&ad), ad.size())) { t->PrintLine("Failed to run AEAD."); @@ -101,17 +89,17 @@ static bool TestAEAD(FileTest *t, void *arg) { // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be // reset after each operation. - EVP_AEAD_CTX_cleanup(&ctx); - if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), - key.size(), tag.size(), - evp_aead_open)) { + ctx.Reset(); + if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, + bssl::vector_data(&key), key.size(), + tag.size(), evp_aead_open)) { t->PrintLine("Failed to init AEAD."); return false; } std::vector<uint8_t> out2(out.size()); size_t out2_len; - int ret = EVP_AEAD_CTX_open(&ctx, + int ret = EVP_AEAD_CTX_open(ctx.get(), bssl::vector_data(&out2), &out2_len, out2.size(), bssl::vector_data(&nonce), nonce.size(), bssl::vector_data(&out), out.size(), @@ -137,10 +125,10 @@ static bool TestAEAD(FileTest *t, void *arg) { // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be // reset after each operation. - EVP_AEAD_CTX_cleanup(&ctx); - if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), - key.size(), tag.size(), - evp_aead_open)) { + ctx.Reset(); + if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, + bssl::vector_data(&key), key.size(), + tag.size(), evp_aead_open)) { t->PrintLine("Failed to init AEAD."); return false; } @@ -148,8 +136,8 @@ static bool TestAEAD(FileTest *t, void *arg) { // Garbage at the end isn't ignored. out.push_back(0); out2.resize(out.size()); - if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(), - bssl::vector_data(&nonce), nonce.size(), + if (EVP_AEAD_CTX_open(ctx.get(), bssl::vector_data(&out2), &out2_len, + out2.size(), bssl::vector_data(&nonce), nonce.size(), bssl::vector_data(&out), out.size(), bssl::vector_data(&ad), ad.size())) { t->PrintLine("Decrypted bad data with trailing garbage."); @@ -159,10 +147,10 @@ static bool TestAEAD(FileTest *t, void *arg) { // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be // reset after each operation. - EVP_AEAD_CTX_cleanup(&ctx); - if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, bssl::vector_data(&key), - key.size(), tag.size(), - evp_aead_open)) { + ctx.Reset(); + if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, + bssl::vector_data(&key), key.size(), + tag.size(), evp_aead_open)) { t->PrintLine("Failed to init AEAD."); return false; } @@ -171,8 +159,8 @@ static bool TestAEAD(FileTest *t, void *arg) { out[0] ^= 0x80; out.resize(out.size() - 1); out2.resize(out.size()); - if (EVP_AEAD_CTX_open(&ctx, bssl::vector_data(&out2), &out2_len, out2.size(), - bssl::vector_data(&nonce), nonce.size(), + if (EVP_AEAD_CTX_open(ctx.get(), bssl::vector_data(&out2), &out2_len, + out2.size(), bssl::vector_data(&nonce), nonce.size(), bssl::vector_data(&out), out.size(), bssl::vector_data(&ad), ad.size())) { t->PrintLine("Decrypted bad data with corrupted byte."); @@ -200,6 +188,7 @@ static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) { fprintf(stderr, "A silly tag length didn't trigger an error!\n"); return 0; } + ERR_clear_error(); /* Running a second, failed _init should not cause a memory leak. */ if (EVP_AEAD_CTX_init(&ctx, aead, key, key_len, @@ -208,6 +197,7 @@ static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) { fprintf(stderr, "A silly tag length didn't trigger an error!\n"); return 0; } + ERR_clear_error(); /* Calling _cleanup on an |EVP_AEAD_CTX| after a failed _init should be a * no-op. */ diff --git a/src/crypto/cipher/cipher.c b/src/crypto/cipher/cipher.c index 400c3f5..4401867 100644 --- a/src/crypto/cipher/cipher.c +++ b/src/crypto/cipher/cipher.c @@ -68,12 +68,18 @@ const EVP_CIPHER *EVP_get_cipherbynid(int nid) { switch (nid) { + case NID_rc2_cbc: + return EVP_rc2_cbc(); + case NID_rc2_40_cbc: + return EVP_rc2_40_cbc(); case NID_des_ede3_cbc: return EVP_des_ede3_cbc(); case NID_des_ede_cbc: return EVP_des_cbc(); case NID_aes_128_cbc: return EVP_aes_128_cbc(); + case NID_aes_192_cbc: + return EVP_aes_192_cbc(); case NID_aes_256_cbc: return EVP_aes_256_cbc(); default: @@ -115,7 +121,7 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) { int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { if (in == NULL || in->cipher == NULL) { - OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_copy, CIPHER_R_INPUT_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INPUT_NOT_INITIALIZED); return 0; } @@ -125,7 +131,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); if (!out->cipher_data) { - OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_copy, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); @@ -165,7 +171,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); if (!ctx->cipher_data) { ctx->cipher = NULL; - OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } } else { @@ -178,12 +184,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ctx->cipher = NULL; - OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, CIPHER_R_INITIALIZATION_ERROR); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INITIALIZATION_ERROR); return 0; } } } else if (!ctx->cipher) { - OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, CIPHER_R_NO_CIPHER_SET); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_CIPHER_SET); return 0; } @@ -338,8 +344,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) { bl = ctx->buf_len; if (ctx->flags & EVP_CIPH_NO_PADDING) { if (bl) { - OPENSSL_PUT_ERROR(CIPHER, EVP_EncryptFinal_ex, - CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *out_len = 0; @@ -434,8 +439,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) { b = ctx->cipher->block_size; if (ctx->flags & EVP_CIPH_NO_PADDING) { if (ctx->buf_len) { - OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, - CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; } *out_len = 0; @@ -444,8 +448,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) { if (b > 1) { if (ctx->buf_len || !ctx->final_used) { - OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, - CIPHER_R_WRONG_FINAL_BLOCK_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_WRONG_FINAL_BLOCK_LENGTH); return 0; } assert(b <= sizeof(ctx->final)); @@ -454,13 +457,13 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) { * Otherwise it provides a padding oracle. */ n = ctx->final[b - 1]; if (n == 0 || n > (int)b) { - OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } for (i = 0; i < n; i++) { if (ctx->final[--b] != n) { - OPENSSL_PUT_ERROR(CIPHER, EVP_DecryptFinal_ex, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } } @@ -538,19 +541,18 @@ uint32_t EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) { int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int command, int arg, void *ptr) { int ret; if (!ctx->cipher) { - OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_ctrl, CIPHER_R_NO_CIPHER_SET); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_NO_CIPHER_SET); return 0; } if (!ctx->cipher->ctrl) { - OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_ctrl, CIPHER_R_CTRL_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_CTRL_NOT_IMPLEMENTED); return 0; } ret = ctx->cipher->ctrl(ctx, command, arg, ptr); if (ret == -1) { - OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_ctrl, - CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED); return 0; } @@ -572,8 +574,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, unsigned key_len) { } if (key_len == 0 || !(c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { - OPENSSL_PUT_ERROR(CIPHER, EVP_CIPHER_CTX_set_key_length, - CIPHER_R_INVALID_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_KEY_LENGTH); return 0; } @@ -630,7 +631,7 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { return EVP_rc4(); } else if (OPENSSL_strcasecmp(name, "des-cbc") == 0) { return EVP_des_cbc(); - } else if (OPENSSL_strcasecmp(name, "3des-cbc") == 0 || + } else if (OPENSSL_strcasecmp(name, "des-ede3-cbc") == 0 || OPENSSL_strcasecmp(name, "3des") == 0) { return EVP_des_ede3_cbc(); } else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) { diff --git a/src/crypto/cipher/cipher_test.cc b/src/crypto/cipher/cipher_test.cc index 97a84e0..5f04178 100644 --- a/src/crypto/cipher/cipher_test.cc +++ b/src/crypto/cipher/cipher_test.cc @@ -69,6 +69,12 @@ static const EVP_CIPHER *GetCipher(const std::string &name) { if (name == "DES-CBC") { return EVP_des_cbc(); + } else if (name == "DES-ECB") { + return EVP_des_ecb(); + } else if (name == "DES-EDE") { + return EVP_des_ede(); + } else if (name == "DES-EDE-CBC") { + return EVP_des_ede_cbc(); } else if (name == "DES-EDE3-CBC") { return EVP_des_ede3_cbc(); } else if (name == "RC4") { @@ -104,6 +110,7 @@ static const EVP_CIPHER *GetCipher(const std::string &name) { static bool TestOperation(FileTest *t, const EVP_CIPHER *cipher, bool encrypt, + bool streaming, const std::vector<uint8_t> &key, const std::vector<uint8_t> &iv, const std::vector<uint8_t> &plaintext, @@ -160,11 +167,29 @@ static bool TestOperation(FileTest *t, (!aad.empty() && !EVP_CipherUpdate(ctx.get(), nullptr, &unused, bssl::vector_data(&aad), aad.size())) || - !EVP_CIPHER_CTX_set_padding(ctx.get(), 0) || - (!in->empty() && - !EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result), &result_len1, - bssl::vector_data(in), in->size())) || - !EVP_CipherFinal_ex(ctx.get(), bssl::vector_data(&result) + result_len1, + !EVP_CIPHER_CTX_set_padding(ctx.get(), 0)) { + t->PrintLine("Operation failed."); + return false; + } + if (streaming) { + for (size_t i = 0; i < in->size(); i++) { + uint8_t c = (*in)[i]; + int len; + if (!EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result) + result_len1, + &len, &c, 1)) { + t->PrintLine("Operation failed."); + return false; + } + result_len1 += len; + } + } else if (!in->empty() && + !EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result), + &result_len1, bssl::vector_data(in), + in->size())) { + t->PrintLine("Operation failed."); + return false; + } + if (!EVP_CipherFinal_ex(ctx.get(), bssl::vector_data(&result) + result_len1, &result_len2)) { t->PrintLine("Operation failed."); return false; @@ -236,15 +261,21 @@ static bool TestCipher(FileTest *t, void *arg) { } // By default, both directions are run, unless overridden by the operation. - if (operation != kDecrypt && - !TestOperation(t, cipher, true /* encrypt */, key, iv, plaintext, - ciphertext, aad, tag)) { - return false; + if (operation != kDecrypt) { + if (!TestOperation(t, cipher, true /* encrypt */, false /* single-shot */, + key, iv, plaintext, ciphertext, aad, tag) || + !TestOperation(t, cipher, true /* encrypt */, true /* streaming */, key, + iv, plaintext, ciphertext, aad, tag)) { + return false; + } } - if (operation != kEncrypt && - !TestOperation(t, cipher, false /* decrypt */, key, iv, plaintext, - ciphertext, aad, tag)) { - return false; + if (operation != kEncrypt) { + if (!TestOperation(t, cipher, false /* decrypt */, false /* single-shot */, + key, iv, plaintext, ciphertext, aad, tag) || + !TestOperation(t, cipher, false /* decrypt */, true /* streaming */, + key, iv, plaintext, ciphertext, aad, tag)) { + return false; + } } return true; diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c index 41d0aec..e8905f6 100644 --- a/src/crypto/cipher/e_aes.c +++ b/src/crypto/cipher/e_aes.c @@ -64,7 +64,7 @@ #include "../modes/internal.h" #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) -#include "../arm_arch.h" +#include <openssl/arm_arch.h> #endif @@ -98,8 +98,6 @@ typedef struct { #if !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_X86_64) || defined(OPENSSL_X86)) #define VPAES -extern unsigned int OPENSSL_ia32cap_P[]; - static char vpaes_capable(void) { return (OPENSSL_ia32cap_P[1] & (1 << (41 - 32))) != 0; } @@ -113,7 +111,6 @@ static char bsaes_capable(void) { #elif !defined(OPENSSL_NO_ASM) && \ (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) -#include "../arm_arch.h" #if defined(OPENSSL_ARM) && __ARM_MAX_ARCH__ >= 7 #define BSAES @@ -338,7 +335,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } if (ret < 0) { - OPENSSL_PUT_ERROR(CIPHER, aes_init_key, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -711,7 +708,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, } else { if (!ctx->encrypt) { if (gctx->taglen < 0 || - !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) { + !CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen)) { return -1; } gctx->iv_set = 0; @@ -853,7 +850,7 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, } if (ret < 0) { - OPENSSL_PUT_ERROR(CIPHER, aesni_init_key, CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1066,7 +1063,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, const size_t key_bits = key_len * 8; if (key_bits != 128 && key_bits != 256) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1075,7 +1072,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_init, CIPHER_R_TAG_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE); return 0; } @@ -1108,12 +1105,12 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, GCM128_CONTEXT gcm; if (in_len + gcm_ctx->tag_len < in_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + gcm_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_seal, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -1152,14 +1149,14 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out, GCM128_CONTEXT gcm; if (in_len < gcm_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - gcm_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -1185,7 +1182,7 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out, CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len); if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_gcm_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1239,7 +1236,7 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key, const size_t key_bits = key_len * 8; if (key_bits != 128 && key_bits != 256) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1248,14 +1245,13 @@ static int aead_aes_key_wrap_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, - CIPHER_R_UNSUPPORTED_TAG_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE); return 0; } kw_ctx = OPENSSL_malloc(sizeof(struct aead_aes_key_wrap_ctx)); if (kw_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_init, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } @@ -1293,8 +1289,7 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t A[AES_BLOCK_SIZE]; if (ad_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_UNSUPPORTED_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE); return 0; } @@ -1304,14 +1299,12 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (nonce_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } if (in_len % 8 != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } @@ -1320,32 +1313,29 @@ static int aead_aes_key_wrap_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, * conservatively cap it to 2^32-16 to stop 32-bit platforms complaining that * a comparison is always true. */ if (in_len > 0xfffffff0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } n = in_len / 8; if (n < 2) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } if (in_len + 8 < in_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (AES_set_encrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_seal, - CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1388,8 +1378,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t A[AES_BLOCK_SIZE]; if (ad_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_UNSUPPORTED_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_AD_SIZE); return 0; } @@ -1399,14 +1388,12 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (nonce_len != 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } if (in_len % 8 != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_UNSUPPORTED_INPUT_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_INPUT_SIZE); return 0; } @@ -1415,26 +1402,24 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, * conservatively cap it to 2^32-8 to stop 32-bit platforms complaining that * a comparison is always true. */ if (in_len > 0xfffffff8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (in_len < 24) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } n = (in_len / 8) - 1; if (max_out_len < in_len - 8) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (AES_set_decrypt_key(kw_ctx->key, kw_ctx->key_bits, &ks.ks) < 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, - CIPHER_R_AES_KEY_SETUP_FAILED); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_AES_KEY_SETUP_FAILED); return 0; } @@ -1457,7 +1442,7 @@ static int aead_aes_key_wrap_open(const EVP_AEAD_CTX *ctx, uint8_t *out, } if (CRYPTO_memcmp(A, nonce, 8) != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_key_wrap_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -1541,15 +1526,13 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, static const size_t hmac_key_len = 32; if (key_len < hmac_key_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, - CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } const size_t aes_key_len = key_len - hmac_key_len; if (aes_key_len != 16 && aes_key_len != 32) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, - CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; /* EVP_AEAD_CTX_init should catch this. */ } @@ -1558,15 +1541,13 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > EVP_AEAD_AES_CTR_HMAC_SHA256_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, - CIPHER_R_TAG_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE); return 0; } aes_ctx = OPENSSL_malloc(sizeof(struct aead_aes_ctr_hmac_sha256_ctx)); if (aes_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_init, - ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } @@ -1666,20 +1647,17 @@ static int aead_aes_ctr_hmac_sha256_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (in_len + aes_ctx->tag_len < in_len || /* This input is so large it would overflow the 32-bit block counter. */ in_len_64 >= (OPENSSL_U64(1) << 32) * AES_BLOCK_SIZE) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, - CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + aes_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_seal, - CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1703,22 +1681,19 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t plaintext_len; if (in_len < aes_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, - CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - aes_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, - CIPHER_R_UNSUPPORTED_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); return 0; } @@ -1727,8 +1702,7 @@ static int aead_aes_ctr_hmac_sha256_open(const EVP_AEAD_CTX *ctx, uint8_t *out, &aes_ctx->outer_init_state, ad, ad_len, nonce, in, plaintext_len); if (CRYPTO_memcmp(hmac_result, in + plaintext_len, aes_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_aes_ctr_hmac_sha256_open, - CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } diff --git a/src/crypto/cipher/e_chacha20poly1305.c b/src/crypto/cipher/e_chacha20poly1305.c index ebf0088..9dda1b0 100644 --- a/src/crypto/cipher/e_chacha20poly1305.c +++ b/src/crypto/cipher/e_chacha20poly1305.c @@ -42,7 +42,7 @@ static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key, } if (tag_len > POLY1305_TAG_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_init, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } @@ -107,23 +107,22 @@ static int aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, * Casting to uint64_t inside the conditional is not sufficient to stop * the warning. */ if (in_len_64 >= (1ull << 32) * 64 - 64) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (in_len + c20_ctx->tag_len < in_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + c20_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != CHACHA20_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_seal, CIPHER_R_IV_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE); return 0; } @@ -156,7 +155,7 @@ static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out, const uint64_t in_len_64 = in_len; if (in_len < c20_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -168,20 +167,19 @@ static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out, * Casting to uint64_t inside the conditional is not sufficient to stop * the warning. */ if (in_len_64 >= (1ull << 32) * 64 - 64) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (nonce_len != CHACHA20_NONCE_LEN) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_IV_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE); return 0; } plaintext_len = in_len - c20_ctx->tag_len; if (max_out_len < plaintext_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, - CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -195,7 +193,7 @@ static int aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, uint8_t *out, CRYPTO_poly1305_finish(&poly1305, mac); if (CRYPTO_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_chacha20_poly1305_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } diff --git a/src/crypto/cipher/e_des.c b/src/crypto/cipher/e_des.c index 74e1fce..b1d312c 100644 --- a/src/crypto/cipher/e_des.c +++ b/src/crypto/cipher/e_des.c @@ -96,6 +96,31 @@ static const EVP_CIPHER des_cbc = { const EVP_CIPHER *EVP_des_cbc(void) { return &des_cbc; } +static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t in_len) { + if (in_len < ctx->cipher->block_size) { + return 1; + } + in_len -= ctx->cipher->block_size; + + EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; + size_t i; + for (i = 0; i <= in_len; i += ctx->cipher->block_size) { + DES_ecb_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i), + &dat->ks.ks, ctx->encrypt); + } + return 1; +} + +static const EVP_CIPHER des_ecb = { + NID_des_ecb, 8 /* block_size */, 8 /* key_size */, + 0 /* iv_len */, sizeof(EVP_DES_KEY), EVP_CIPH_ECB_MODE, + NULL /* app_data */, des_init_key, des_ecb_cipher, + NULL /* cleanup */, NULL /* ctrl */, }; + +const EVP_CIPHER *EVP_des_ecb(void) { return &des_ecb; } + + typedef struct { union { double align; @@ -126,10 +151,57 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, return 1; } -static const EVP_CIPHER des3_cbc = { - NID_des_cbc, 8 /* block_size */, 24 /* key_size */, +static const EVP_CIPHER des_ede3_cbc = { + NID_des_ede3_cbc, 8 /* block_size */, 24 /* key_size */, 8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE, NULL /* app_data */, des_ede3_init_key, des_ede3_cbc_cipher, NULL /* cleanup */, NULL /* ctrl */, }; -const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des3_cbc; } +const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des_ede3_cbc; } + + +static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, + const uint8_t *iv, int enc) { + DES_cblock *deskey = (DES_cblock *) key; + DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data; + + DES_set_key(&deskey[0], &dat->ks.ks[0]); + DES_set_key(&deskey[1], &dat->ks.ks[1]); + DES_set_key(&deskey[0], &dat->ks.ks[2]); + + return 1; +} + +static const EVP_CIPHER des_ede_cbc = { + NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */, + 8 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE, + NULL /* app_data */, des_ede_init_key , des_ede3_cbc_cipher, + NULL /* cleanup */, NULL /* ctrl */, }; + +const EVP_CIPHER *EVP_des_ede_cbc(void) { return &des_ede_cbc; } + + +static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, + const uint8_t *in, size_t in_len) { + if (in_len < ctx->cipher->block_size) { + return 1; + } + in_len -= ctx->cipher->block_size; + + DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data; + size_t i; + for (i = 0; i <= in_len; i += ctx->cipher->block_size) { + DES_ecb3_encrypt((DES_cblock *) (in + i), (DES_cblock *) (out + i), + &dat->ks.ks[0], &dat->ks.ks[1], &dat->ks.ks[2], + ctx->encrypt); + } + return 1; +} + +static const EVP_CIPHER des_ede_ecb = { + NID_des_ede_cbc, 8 /* block_size */, 16 /* key_size */, + 0 /* iv_len */, sizeof(DES_EDE_KEY), EVP_CIPH_ECB_MODE, + NULL /* app_data */, des_ede_init_key , des_ede_ecb_cipher, + NULL /* cleanup */, NULL /* ctrl */, }; + +const EVP_CIPHER *EVP_des_ede(void) { return &des_ede_ecb; } diff --git a/src/crypto/cipher/e_rc2.c b/src/crypto/cipher/e_rc2.c index c90ab93..8ca7bba 100644 --- a/src/crypto/cipher/e_rc2.c +++ b/src/crypto/cipher/e_rc2.c @@ -395,13 +395,18 @@ static int rc2_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { case EVP_CTRL_INIT: key->key_bits = EVP_CIPHER_CTX_key_length(ctx) * 8; return 1; + case EVP_CTRL_SET_RC2_KEY_BITS: + /* Should be overridden by later call to |EVP_CTRL_INIT|, but + * people call it, so it may as well work. */ + key->key_bits = arg; + return 1; default: return -1; } } -static const EVP_CIPHER rc2_40_cbc_cipher = { +static const EVP_CIPHER rc2_40_cbc = { NID_rc2_40_cbc, 8 /* block size */, 5 /* 40 bit */, @@ -416,5 +421,23 @@ static const EVP_CIPHER rc2_40_cbc_cipher = { }; const EVP_CIPHER *EVP_rc2_40_cbc(void) { - return &rc2_40_cbc_cipher; + return &rc2_40_cbc; +} + +static const EVP_CIPHER rc2_cbc = { + NID_rc2_cbc, + 8 /* block size */, + 16 /* 128 bit */, + 8 /* iv len */, + sizeof(EVP_RC2_KEY), + EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + NULL /* app_data */, + rc2_init_key, + rc2_cbc_cipher, + NULL, + rc2_ctrl, +}; + +const EVP_CIPHER *EVP_rc2_cbc(void) { + return &rc2_cbc; } diff --git a/src/crypto/cipher/e_rc4.c b/src/crypto/cipher/e_rc4.c index 80dea36..e05b9fd 100644 --- a/src/crypto/cipher/e_rc4.c +++ b/src/crypto/cipher/e_rc4.c @@ -115,20 +115,20 @@ aead_rc4_md5_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, } if (tag_len > MD5_DIGEST_LENGTH) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_init, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } /* The keys consists of |MD5_DIGEST_LENGTH| bytes of HMAC(MD5) key followed * by some number of bytes of RC4 key. */ if (key_len <= MD5_DIGEST_LENGTH) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_init, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; } rc4_ctx = OPENSSL_malloc(sizeof(struct aead_rc4_md5_tls_ctx)); if (rc4_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_init, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } memset(rc4_ctx, 0, sizeof(struct aead_rc4_md5_tls_ctx)); @@ -185,22 +185,22 @@ static int aead_rc4_md5_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t digest[MD5_DIGEST_LENGTH]; if (in_len + rc4_ctx->tag_len < in_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_IV_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE); return 0; } if (max_out_len < in_len + rc4_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } @@ -288,21 +288,21 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t digest[MD5_DIGEST_LENGTH]; if (in_len < rc4_ctx->tag_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } plaintext_len = in_len - rc4_ctx->tag_len; if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len) { /* This requires that the caller provide space for the MAC, even though it * will always be removed on return. */ - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } @@ -366,7 +366,7 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, MD5_Final(digest, &md); if (CRYPTO_memcmp(out + plaintext_len, digest, rc4_ctx->tag_len)) { - OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } diff --git a/src/crypto/cipher/e_ssl3.c b/src/crypto/cipher/e_ssl3.c index 1031d9b..389c52f 100644 --- a/src/crypto/cipher/e_ssl3.c +++ b/src/crypto/cipher/e_ssl3.c @@ -85,12 +85,12 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, const EVP_CIPHER *cipher, const EVP_MD *md) { if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH && tag_len != EVP_MD_size(md)) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, CIPHER_R_UNSUPPORTED_TAG_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE); return 0; } if (key_len != EVP_AEAD_key_length(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; } @@ -102,7 +102,7 @@ static int aead_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, AEAD_SSL3_CTX *ssl3_ctx = OPENSSL_malloc(sizeof(AEAD_SSL3_CTX)); if (ssl3_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_init, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } EVP_CIPHER_CTX_init(&ssl3_ctx->cipher_ctx); @@ -133,29 +133,29 @@ static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (!ssl3_ctx->cipher_ctx.encrypt) { /* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */ - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_INVALID_OPERATION); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION); return 0; } if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len || in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + EVP_AEAD_max_overhead(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_IV_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_IV_TOO_LARGE); return 0; } if (ad_len != 11 - 2 /* length bytes */) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_seal, CIPHER_R_INVALID_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE); return 0; } @@ -217,36 +217,36 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, if (ssl3_ctx->cipher_ctx.encrypt) { /* Unlike a normal AEAD, an SSL3 AEAD may only be used in one direction. */ - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_INVALID_OPERATION); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION); return 0; } size_t mac_len = EVP_MD_CTX_size(&ssl3_ctx->md_ctx); if (in_len < mac_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } if (max_out_len < in_len) { /* This requires that the caller provide space for the MAC, even though it * will always be removed on return. */ - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (ad_len != 11 - 2 /* length bytes */) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_INVALID_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE); return 0; } if (in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } @@ -270,12 +270,12 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, if (EVP_CIPHER_CTX_mode(&ssl3_ctx->cipher_ctx) == EVP_CIPH_CBC_MODE) { unsigned padding_length = out[total - 1]; if (total < padding_length + 1 + mac_len) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } /* The padding must be minimal. */ if (padding_length + 1 > EVP_CIPHER_CTX_block_size(&ssl3_ctx->cipher_ctx)) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } data_len = total - padding_length - 1 - mac_len; @@ -289,7 +289,7 @@ static int aead_ssl3_open(const EVP_AEAD_CTX *ctx, uint8_t *out, return 0; } if (CRYPTO_memcmp(&out[data_len], mac, mac_len) != 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_ssl3_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -340,6 +340,13 @@ static int aead_des_ede3_cbc_sha1_ssl3_init(EVP_AEAD_CTX *ctx, EVP_sha1()); } +static int aead_null_sha1_ssl3_init(EVP_AEAD_CTX *ctx, const uint8_t *key, + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_ssl3_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(), + EVP_sha1()); +} + static const EVP_AEAD aead_rc4_md5_ssl3 = { MD5_DIGEST_LENGTH + 16, /* key len (MD5 + RC4) */ 0, /* nonce len */ @@ -405,6 +412,19 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_ssl3 = { NULL, /* get_rc4_state */ }; +static const EVP_AEAD aead_null_sha1_ssl3 = { + SHA_DIGEST_LENGTH, /* key len */ + 0, /* nonce len */ + SHA_DIGEST_LENGTH, /* overhead (SHA1) */ + SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ + aead_null_sha1_ssl3_init, + aead_ssl3_cleanup, + aead_ssl3_seal, + aead_ssl3_open, + NULL, /* get_rc4_state */ +}; + const EVP_AEAD *EVP_aead_rc4_md5_ssl3(void) { return &aead_rc4_md5_ssl3; } const EVP_AEAD *EVP_aead_rc4_sha1_ssl3(void) { return &aead_rc4_sha1_ssl3; } @@ -420,3 +440,5 @@ const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_ssl3(void) { const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_ssl3(void) { return &aead_des_ede3_cbc_sha1_ssl3; } + +const EVP_AEAD *EVP_aead_null_sha1_ssl3(void) { return &aead_null_sha1_ssl3; } diff --git a/src/crypto/cipher/e_tls.c b/src/crypto/cipher/e_tls.c index bed02cb..2778881 100644 --- a/src/crypto/cipher/e_tls.c +++ b/src/crypto/cipher/e_tls.c @@ -57,12 +57,12 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, char implicit_iv) { if (tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH && tag_len != EVP_MD_size(md)) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, CIPHER_R_UNSUPPORTED_TAG_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_TAG_SIZE); return 0; } if (key_len != EVP_AEAD_key_length(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, CIPHER_R_BAD_KEY_LENGTH); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH); return 0; } @@ -75,7 +75,7 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, AEAD_TLS_CTX *tls_ctx = OPENSSL_malloc(sizeof(AEAD_TLS_CTX)); if (tls_ctx == NULL) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_init, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); return 0; } EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx); @@ -109,7 +109,7 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (!tls_ctx->cipher_ctx.encrypt) { /* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */ - OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_OPERATION); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION); return 0; } @@ -117,22 +117,22 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, if (in_len + EVP_AEAD_max_overhead(ctx->aead) < in_len || in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ - OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } if (max_out_len < in_len + EVP_AEAD_max_overhead(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_nonce_length(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); return 0; } if (ad_len != 13 - 2 /* length bytes */) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_seal, CIPHER_R_INVALID_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE); return 0; } @@ -214,36 +214,36 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, if (tls_ctx->cipher_ctx.encrypt) { /* Unlike a normal AEAD, a TLS AEAD may only be used in one direction. */ - OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_OPERATION); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_OPERATION); return 0; } if (in_len < HMAC_size(&tls_ctx->hmac_ctx)) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } if (max_out_len < in_len) { /* This requires that the caller provide space for the MAC, even though it * will always be removed on return. */ - OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); return 0; } if (nonce_len != EVP_AEAD_nonce_length(ctx->aead)) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_NONCE_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); return 0; } if (ad_len != 13 - 2 /* length bytes */) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_INVALID_AD_SIZE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_AD_SIZE); return 0; } if (in_len > INT_MAX) { /* EVP_CIPHER takes int as input. */ - OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_TOO_LARGE); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } @@ -278,7 +278,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, (unsigned)HMAC_size(&tls_ctx->hmac_ctx)); /* Publicly invalid. This can be rejected in non-constant time. */ if (padding_ok == 0) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } } else { @@ -312,7 +312,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, if (!EVP_tls_cbc_digest_record(tls_ctx->hmac_ctx.md, mac, &mac_len, ad_fixed, out, data_plus_mac_len, total, tls_ctx->mac_key, tls_ctx->mac_key_len)) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } assert(mac_len == HMAC_size(&tls_ctx->hmac_ctx)); @@ -349,7 +349,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out, 0); good &= constant_time_eq_int(padding_ok, 1); if (!good) { - OPENSSL_PUT_ERROR(CIPHER, aead_tls_open, CIPHER_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT); return 0; } @@ -444,6 +444,13 @@ static int aead_rc4_sha1_tls_get_rc4_state(const EVP_AEAD_CTX *ctx, return 1; } +static int aead_null_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, + size_t key_len, size_t tag_len, + enum evp_aead_direction_t dir) { + return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(), + EVP_sha1(), 1 /* implicit iv */); +} + static const EVP_AEAD aead_rc4_sha1_tls = { SHA_DIGEST_LENGTH + 16, /* key len (SHA1 + RC4) */ 0, /* nonce len */ @@ -574,6 +581,19 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = { NULL, /* get_rc4_state */ }; +static const EVP_AEAD aead_null_sha1_tls = { + SHA_DIGEST_LENGTH, /* key len */ + 0, /* nonce len */ + SHA_DIGEST_LENGTH, /* overhead (SHA1) */ + SHA_DIGEST_LENGTH, /* max tag length */ + NULL, /* init */ + aead_null_sha1_tls_init, + aead_tls_cleanup, + aead_tls_seal, + aead_tls_open, + NULL, /* get_rc4_state */ +}; + const EVP_AEAD *EVP_aead_rc4_sha1_tls(void) { return &aead_rc4_sha1_tls; } const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void) { @@ -611,3 +631,5 @@ const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void) { const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void) { return &aead_des_ede3_cbc_sha1_tls_implicit_iv; } + +const EVP_AEAD *EVP_aead_null_sha1_tls(void) { return &aead_null_sha1_tls; } diff --git a/src/crypto/cipher/test/aes_128_gcm_tests.txt b/src/crypto/cipher/test/aes_128_gcm_tests.txt index 5f7ad35..75466fe 100644 --- a/src/crypto/cipher/test/aes_128_gcm_tests.txt +++ b/src/crypto/cipher/test/aes_128_gcm_tests.txt @@ -418,3 +418,9 @@ AD: 18e2ed6d500b176e49f7e1b5074c0b7dbfdefdf00a63d9fa2fea8c5e78a1c4ae00f17b234429 CT: 5f3627bd53f8da0bbe6f3c9246d6f96fe9abb91cdecf66ddd42f833d98f4d4634c2e1e1ad4088c84c22191bdb9d99ef227320e455dd112c4a9e9cca95724fcc9ae024ed12bf60a802d0b87b99d9bf22590786567c2962171d2b05bec9754c627608e9eba7bccc70540aa4da72e1e04b26d8f968b10230f707501c0091a8ac118f86e87aae1ac00257aee29c3345bd3839154977acd378fc1b2197f5c1fd8e12262f9c2974fb92dc481eeb51aadd44a8851f61b93a84ba57f2870df0423d289bfdcfe634f9ecb7d7c6110a95b49418a2dd6663377690275c205b3efa79a0a77c92567fb429d8ee437312a39df7516dc238f7b9414938223d7ec24d256d3fb3a5954a7c75dbd79486d49ba6bb38a7ccce0f58700260b71319adf98ab8684e34913abe2d9d97193e2 TAG: e690e89af39ff367f5d40a1b7c7ccd4f +KEY: 31323334353637383930313233343536 +NONCE: 31323334353637383930313233343536 +IN: 48656c6c6f2c20576f726c64 +AD: +CT: cec189d0e8419b90fb16d555 +TAG: 32893832a8d609224d77c2e56a922282 diff --git a/src/crypto/cipher/test/cipher_test.txt b/src/crypto/cipher/test/cipher_test.txt index 93cb8f3..21fffdb 100644 --- a/src/crypto/cipher/test/cipher_test.txt +++ b/src/crypto/cipher/test/cipher_test.txt @@ -38,6 +38,22 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 +# DES EDE CBC tests +Cipher = DES-EDE-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 7948C0DA4FE91CD815DCA96DBC9B60A857EB954F4DEB08EB98722642AE69257B + + +# DES EDE tests +Cipher = DES-EDE +Key = 0123456789abcdeff1e0d3c2b5a49786 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 22E889402E28422F8167AD279D90A566DA75B734E12C671FC2669AECB3E4FE8F + + # AES 128 ECB tests (from FIPS-197 test vectors, encrypt) Cipher = AES-128-ECB Key = 000102030405060708090A0B0C0D0E0F @@ -360,6 +376,13 @@ Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3d AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d +Cipher = AES-128-GCM +Key = 31323334353637383930313233343536 +IV = 31323334353637383930313233343536 +Plaintext = 48656c6c6f2c20576f726c64 +Ciphertext = cec189d0e8419b90fb16d555 +Tag = 32893832a8d609224d77c2e56a922282 +AAD = # OFB tests from OpenSSL upstream. @@ -535,3 +558,40 @@ Cipher = AES-192-ECB Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E + +# DES ECB tests + +Cipher = DES-ECB +Key = 0000000000000000 +Plaintext = 0000000000000000 +Ciphertext = 8CA64DE9C1B123A7 + +Cipher = DES-ECB +Key = FFFFFFFFFFFFFFFF +Plaintext = FFFFFFFFFFFFFFFF +Ciphertext = 7359B2163E4EDC58 + +Cipher = DES-ECB +Key = 3000000000000000 +Plaintext = 1000000000000001 +Ciphertext = 958E6E627A05557B + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 1111111111111111 +Ciphertext = F40379AB9E0EC533 + +Cipher = DES-ECB +Key = 0123456789ABCDEF +Plaintext = 1111111111111111 +Ciphertext = 17668DFC7292532D + +Cipher = DES-ECB +Key = 1111111111111111 +Plaintext = 0123456789ABCDEF +Ciphertext = 8A5AE1F81AB8F2DD + +Cipher = DES-ECB +Key = FEDCBA9876543210 +Plaintext = 0123456789ABCDEF +Ciphertext = ED39D950FA74BCC4 diff --git a/src/crypto/cmac/CMakeLists.txt b/src/crypto/cmac/CMakeLists.txt index 8ebd80c..bb3abc3 100644 --- a/src/crypto/cmac/CMakeLists.txt +++ b/src/crypto/cmac/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( cmac @@ -12,6 +12,8 @@ add_executable( cmac_test cmac_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(cmac_test crypto) diff --git a/src/crypto/cmac/cmac_test.cc b/src/crypto/cmac/cmac_test.cc index 0f06860..53f45d1 100644 --- a/src/crypto/cmac/cmac_test.cc +++ b/src/crypto/cmac/cmac_test.cc @@ -19,16 +19,13 @@ #include <openssl/cmac.h> #include "../test/scoped_types.h" +#include "../test/test_util.h" -static void dump(const uint8_t *got, const uint8_t *expected, size_t len) { - ScopedBIO bio(BIO_new_fp(stderr, 0 /* don't close */)); - - BIO_puts(bio.get(), "\nGot:\n"); - BIO_hexdump(bio.get(), got, len, 2 /* indent */); - BIO_puts(bio.get(), "Expected:\n"); - BIO_hexdump(bio.get(), expected, len, 2 /* indent */); - BIO_flush(bio.get()); +static void dump(const uint8_t *got, const uint8_t *want, size_t len) { + hexdump(stderr, "got :", got, len); + hexdump(stderr, "want:", want, len); + fflush(stderr); } static int test(const char *name, const uint8_t *key, size_t key_len, diff --git a/src/crypto/conf/CMakeLists.txt b/src/crypto/conf/CMakeLists.txt index 8046bb8..0a3c795 100644 --- a/src/crypto/conf/CMakeLists.txt +++ b/src/crypto/conf/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( conf diff --git a/src/crypto/conf/conf.c b/src/crypto/conf/conf.c index 213efc5..e098a2c 100644 --- a/src/crypto/conf/conf.c +++ b/src/crypto/conf/conf.c @@ -111,6 +111,16 @@ CONF *NCONF_new(void *method) { return conf; } +CONF_VALUE *CONF_VALUE_new(void) { + CONF_VALUE *v = OPENSSL_malloc(sizeof(CONF_VALUE)); + if (!v) { + OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE); + return NULL; + } + memset(v, 0, sizeof(CONF_VALUE)); + return v; +} + static void value_free_contents(CONF_VALUE *value) { if (value->section) { OPENSSL_free(value->section); @@ -137,29 +147,26 @@ void NCONF_free(CONF *conf) { return; } - lh_CONF_VALUE_doall(conf->data, value_free_contents); + lh_CONF_VALUE_doall(conf->data, value_free); lh_CONF_VALUE_free(conf->data); OPENSSL_free(conf); } CONF_VALUE *NCONF_new_section(const CONF *conf, const char *section) { STACK_OF(CONF_VALUE) *sk = NULL; - int ok = 0, i; + int ok = 0; CONF_VALUE *v = NULL, *old_value; sk = sk_CONF_VALUE_new_null(); - v = OPENSSL_malloc(sizeof(CONF_VALUE)); + v = CONF_VALUE_new(); if (sk == NULL || v == NULL) { goto err; } - i = strlen(section) + 1; - v->section = OPENSSL_malloc(i); + v->section = OPENSSL_strdup(section); if (v->section == NULL) { goto err; } - memcpy(v->section, section, i); - v->section[i-1] = 0; v->name = NULL; v->value = (char *)sk; @@ -285,7 +292,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) { rp = e; if (q) { if (r != q) { - OPENSSL_PUT_ERROR(CONF, str_copy, CONF_R_NO_CLOSE_BRACE); + OPENSSL_PUT_ERROR(CONF, CONF_R_NO_CLOSE_BRACE); goto err; } e++; @@ -304,7 +311,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) { } *rp = r; if (p == NULL) { - OPENSSL_PUT_ERROR(CONF, str_copy, CONF_R_VARIABLE_HAS_NO_VALUE); + OPENSSL_PUT_ERROR(CONF, CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from))); @@ -372,11 +379,12 @@ const char *NCONF_get_string(const CONF *conf, const char *section, return value->value; } -int add_string(const CONF *conf, CONF_VALUE *section, CONF_VALUE *value) { +static int add_string(const CONF *conf, CONF_VALUE *section, + CONF_VALUE *value) { STACK_OF(CONF_VALUE) *section_stack = (STACK_OF(CONF_VALUE)*) section->value; CONF_VALUE *old_value; - value->section = section->section; + value->section = OPENSSL_strdup(section->section); if (!sk_CONF_VALUE_push(section_stack, value)) { return 0; } @@ -505,20 +513,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { char *start, *psection, *pname; if ((buff = BUF_MEM_new()) == NULL) { - OPENSSL_PUT_ERROR(CONF, def_load_bio, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(CONF, ERR_R_BUF_LIB); goto err; } - section = (char *)OPENSSL_malloc(10); + section = OPENSSL_strdup("default"); if (section == NULL) { - OPENSSL_PUT_ERROR(CONF, def_load_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE); goto err; } - BUF_strlcpy(section, "default", 10); sv = NCONF_new_section(conf, section); if (sv == NULL) { - OPENSSL_PUT_ERROR(CONF, def_load_bio, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + OPENSSL_PUT_ERROR(CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } @@ -526,7 +533,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { again = 0; for (;;) { if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) { - OPENSSL_PUT_ERROR(CONF, def_load_bio, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(CONF, ERR_R_BUF_LIB); goto err; } p = &(buff->data[bufnum]); @@ -595,7 +602,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { ss = p; goto again; } - OPENSSL_PUT_ERROR(CONF, def_load_bio, CONF_R_MISSING_CLOSE_SQUARE_BRACKET); + OPENSSL_PUT_ERROR(CONF, CONF_R_MISSING_CLOSE_SQUARE_BRACKET); goto err; } *end = '\0'; @@ -606,7 +613,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { sv = NCONF_new_section(conf, section); } if (sv == NULL) { - OPENSSL_PUT_ERROR(CONF, def_load_bio, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + OPENSSL_PUT_ERROR(CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } continue; @@ -623,7 +630,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { } p = eat_ws(conf, end); if (*p != '=') { - OPENSSL_PUT_ERROR(CONF, def_load_bio, CONF_R_MISSING_EQUAL_SIGN); + OPENSSL_PUT_ERROR(CONF, CONF_R_MISSING_EQUAL_SIGN); goto err; } *end = '\0'; @@ -639,20 +646,17 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { p++; *p = '\0'; - if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) { - OPENSSL_PUT_ERROR(CONF, def_load_bio, ERR_R_MALLOC_FAILURE); + if (!(v = CONF_VALUE_new())) { goto err; } if (psection == NULL) { psection = section; } - v->name = (char *)OPENSSL_malloc(strlen(pname) + 1); - v->value = NULL; + v->name = OPENSSL_strdup(pname); if (v->name == NULL) { - OPENSSL_PUT_ERROR(CONF, def_load_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE); goto err; } - BUF_strlcpy(v->name, pname, strlen(pname) + 1); if (!str_copy(conf, psection, &(v->value), start)) { goto err; } @@ -662,14 +666,14 @@ static int def_load_bio(CONF *conf, BIO *in, long *out_error_line) { tv = NCONF_new_section(conf, psection); } if (tv == NULL) { - OPENSSL_PUT_ERROR(CONF, def_load_bio, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + OPENSSL_PUT_ERROR(CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } } else { tv = sv; } if (add_string(conf, tv, v) == 0) { - OPENSSL_PUT_ERROR(CONF, def_load_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE); goto err; } v = NULL; @@ -715,7 +719,7 @@ int NCONF_load(CONF *conf, const char *filename, long *out_error_line) { int ret; if (in == NULL) { - OPENSSL_PUT_ERROR(CONF, NCONF_load, ERR_R_SYS_LIB); + OPENSSL_PUT_ERROR(CONF, ERR_R_SYS_LIB); return 0; } @@ -736,7 +740,7 @@ int CONF_parse_list(const char *list, char sep, int remove_whitespace, const char *lstart, *tmpend, *p; if (list == NULL) { - OPENSSL_PUT_ERROR(CONF, CONF_parse_list, CONF_R_LIST_CANNOT_BE_NULL); + OPENSSL_PUT_ERROR(CONF, CONF_R_LIST_CANNOT_BE_NULL); return 0; } diff --git a/src/crypto/conf/internal.h b/src/crypto/conf/internal.h new file mode 100644 index 0000000..03d1a8f --- /dev/null +++ b/src/crypto/conf/internal.h @@ -0,0 +1,31 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H +#define OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* CONF_VALUE_new returns a freshly allocated and zeroed |CONF_VALUE|. */ +CONF_VALUE *CONF_VALUE_new(void); + + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_CRYPTO_CONF_INTERNAL_H */ diff --git a/src/crypto/cpu-arm.c b/src/crypto/cpu-arm.c index 74e937b..6e037ab 100644 --- a/src/crypto/cpu-arm.c +++ b/src/crypto/cpu-arm.c @@ -24,7 +24,7 @@ #include <signal.h> #endif -#include "arm_arch.h" +#include <openssl/arm_arch.h> /* We can't include <sys/auxv.h> because the Android SDK version against which @@ -70,12 +70,12 @@ static void sigill_handler(int signal) { siglongjmp(sigill_jmp, signal); } -void CRYPTO_arm_neon_probe(); +void CRYPTO_arm_neon_probe(void); // probe_for_NEON returns 1 if a NEON instruction runs successfully. Because // getauxval doesn't exist on Android until Jelly Bean, supporting NEON on // older devices requires this. -static int probe_for_NEON() { +static int probe_for_NEON(void) { int supported = 0; sigset_t sigmask; diff --git a/src/crypto/cpu-intel.c b/src/crypto/cpu-intel.c index df0e127..924bab0 100644 --- a/src/crypto/cpu-intel.c +++ b/src/crypto/cpu-intel.c @@ -68,8 +68,58 @@ #include <stdio.h> #include <string.h> -/* OPENSSL_ia32_cpuid is defined in cpu-x86_64-asm.pl. */ -extern uint64_t OPENSSL_ia32_cpuid(uint32_t*); +#if defined(OPENSSL_WINDOWS) +#pragma warning(push, 3) +#include <immintrin.h> +#include <intrin.h> +#pragma warning(pop) +#endif + + +/* OPENSSL_cpuid runs the cpuid instruction. |leaf| is passed in as EAX and ECX + * is set to zero. It writes EAX, EBX, ECX, and EDX to |*out_eax| through + * |*out_edx|. */ +static void OPENSSL_cpuid(uint32_t *out_eax, uint32_t *out_ebx, + uint32_t *out_ecx, uint32_t *out_edx, uint32_t leaf) { +#if defined(OPENSSL_WINDOWS) + int tmp[4]; + __cpuid(tmp, (int)leaf); + *out_eax = (uint32_t)tmp[0]; + *out_ebx = (uint32_t)tmp[1]; + *out_ecx = (uint32_t)tmp[2]; + *out_edx = (uint32_t)tmp[3]; +#elif defined(__pic__) && defined(OPENSSL_32_BIT) + /* Inline assembly may not clobber the PIC register. For 32-bit, this is EBX. + * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=47602. */ + __asm__ volatile ( + "xor %%ecx, %%ecx\n" + "mov %%ebx, %%edi\n" + "cpuid\n" + "xchg %%edi, %%ebx\n" + : "=a"(*out_eax), "=D"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) + : "a"(leaf) + ); +#else + __asm__ volatile ( + "xor %%ecx, %%ecx\n" + "cpuid\n" + : "=a"(*out_eax), "=b"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) + : "a"(leaf) + ); +#endif +} + +/* OPENSSL_xgetbv returns the value of an Intel Extended Control Register (XCR). + * Currently only XCR0 is defined by Intel so |xcr| should always be zero. */ +static uint64_t OPENSSL_xgetbv(uint32_t xcr) { +#if defined(OPENSSL_WINDOWS) + return (uint64_t)_xgetbv(xcr); +#else + uint32_t eax, edx; + __asm__ volatile ("xgetbv" : "=a"(eax), "=d"(edx) : "c"(xcr)); + return (((uint64_t)edx) << 32) | eax; +#endif +} /* handle_cpu_env applies the value from |in| to the CPUID values in |out[0]| * and |out[1]|. See the comment in |OPENSSL_cpuid_setup| about this. */ @@ -91,18 +141,101 @@ static void handle_cpu_env(uint32_t *out, const char *in) { } void OPENSSL_cpuid_setup(void) { - const char *env1, *env2; + /* Determine the vendor and maximum input value. */ + uint32_t eax, ebx, ecx, edx; + OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 0); -#if defined(OPENSSL_X86_64) - OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); -#else - uint64_t vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); - /* 1<<10 sets a reserved bit to indicate that the variable - * was already initialised. */ - OPENSSL_ia32cap_P[0] = ((uint32_t)vec) | (1 << 10); - OPENSSL_ia32cap_P[1] = vec >> 32; -#endif + uint32_t num_ids = eax; + + int is_intel = ebx == 0x756e6547 /* Genu */ && + edx == 0x49656e69 /* ineI */ && + ecx == 0x6c65746e /* ntel */; + int is_amd = ebx == 0x68747541 /* Auth */ && + edx == 0x69746e65 /* enti */ && + ecx == 0x444d4163 /* cAMD */; + + int has_amd_xop = 0; + if (is_amd) { + /* AMD-specific logic. + * See http://developer.amd.com/wordpress/media/2012/10/254811.pdf */ + OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 0x80000000); + uint32_t num_extended_ids = eax; + if (num_extended_ids >= 0x80000001) { + OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 0x80000001); + if (ecx & (1 << 11)) { + has_amd_xop = 1; + } + } + } + + uint32_t extended_features = 0; + if (num_ids >= 7) { + OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 7); + extended_features = ebx; + } + /* Determine the number of cores sharing an L1 data cache to adjust the + * hyper-threading bit. */ + uint32_t cores_per_cache = 0; + if (is_amd) { + /* AMD CPUs never share an L1 data cache between threads but do set the HTT + * bit on multi-core CPUs. */ + cores_per_cache = 1; + } else if (num_ids >= 4) { + /* TODO(davidben): The Intel manual says this CPUID leaf enumerates all + * caches using ECX and doesn't say which is first. Does this matter? */ + OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 4); + cores_per_cache = 1 + ((eax >> 14) & 0xfff); + } + + OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 1); + + /* Adjust the hyper-threading bit. */ + if (edx & (1 << 28)) { + uint32_t num_logical_cores = (ebx >> 16) & 0xff; + if (cores_per_cache == 1 || num_logical_cores <= 1) { + edx &= ~(1 << 28); + } + } + + /* Reserved bit #20 was historically repurposed to control the in-memory + * representation of RC4 state. Always set it to zero. */ + edx &= ~(1 << 20); + + /* Reserved bit #30 is repurposed to signal an Intel CPU. */ + if (is_intel) { + edx |= (1 << 30); + } else { + edx &= ~(1 << 30); + } + + /* The SDBG bit is repurposed to denote AMD XOP support. */ + if (has_amd_xop) { + ecx |= (1 << 11); + } else { + ecx &= ~(1 << 11); + } + + uint64_t xcr0 = 0; + if (ecx & (1 << 27)) { + /* XCR0 may only be queried if the OSXSAVE bit is set. */ + xcr0 = OPENSSL_xgetbv(0); + } + /* See Intel manual, section 14.3. */ + if ((xcr0 & 6) != 6) { + /* YMM registers cannot be used. */ + ecx &= ~(1 << 28); /* AVX */ + ecx &= ~(1 << 12); /* FMA */ + ecx &= ~(1 << 11); /* AMD XOP */ + extended_features &= ~(1 << 5); /* AVX2 */ + } + + OPENSSL_ia32cap_P[0] = edx; + OPENSSL_ia32cap_P[1] = ecx; + OPENSSL_ia32cap_P[2] = extended_features; + OPENSSL_ia32cap_P[3] = 0; + + const char *env1, *env2; env1 = getenv("OPENSSL_ia32cap"); if (env1 == NULL) { return; diff --git a/src/crypto/cpu-x86-asm.pl b/src/crypto/cpu-x86-asm.pl deleted file mode 100644 index 319c436..0000000 --- a/src/crypto/cpu-x86-asm.pl +++ /dev/null @@ -1,334 +0,0 @@ -#!/usr/bin/env perl - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC, "${dir}perlasm", "perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],"crypto/cpu-x86-asm"); - -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&function_begin("OPENSSL_ia32_cpuid"); - &xor ("edx","edx"); - &pushf (); - &pop ("eax"); - &mov ("ecx","eax"); - &xor ("eax",1<<21); - &push ("eax"); - &popf (); - &pushf (); - &pop ("eax"); - &xor ("ecx","eax"); - &xor ("eax","eax"); - &bt ("ecx",21); - &jnc (&label("nocpuid")); - &mov ("esi",&wparam(0)); - &mov (&DWP(8,"esi"),"eax"); # clear 3rd word - &cpuid (); - &mov ("edi","eax"); # max value for standard query level - - &xor ("eax","eax"); - &cmp ("ebx",0x756e6547); # "Genu" - &setne (&LB("eax")); - &mov ("ebp","eax"); - &cmp ("edx",0x49656e69); # "ineI" - &setne (&LB("eax")); - &or ("ebp","eax"); - &cmp ("ecx",0x6c65746e); # "ntel" - &setne (&LB("eax")); - &or ("ebp","eax"); # 0 indicates Intel CPU - &jz (&label("intel")); - - &cmp ("ebx",0x68747541); # "Auth" - &setne (&LB("eax")); - &mov ("esi","eax"); - &cmp ("edx",0x69746E65); # "enti" - &setne (&LB("eax")); - &or ("esi","eax"); - &cmp ("ecx",0x444D4163); # "cAMD" - &setne (&LB("eax")); - &or ("esi","eax"); # 0 indicates AMD CPU - &jnz (&label("intel")); - - # AMD specific - &mov ("eax",0x80000000); - &cpuid (); - &cmp ("eax",0x80000001); - &jb (&label("intel")); - &mov ("esi","eax"); - &mov ("eax",0x80000001); - &cpuid (); - &or ("ebp","ecx"); - &and ("ebp",1<<11|1); # isolate XOP bit - &cmp ("esi",0x80000008); - &jb (&label("intel")); - - &mov ("eax",0x80000008); - &cpuid (); - &movz ("esi",&LB("ecx")); # number of cores - 1 - &inc ("esi"); # number of cores - - &mov ("eax",1); - &xor ("ecx","ecx"); - &cpuid (); - &bt ("edx",28); - &jnc (&label("generic")); - &shr ("ebx",16); - &and ("ebx",0xff); - &cmp ("ebx","esi"); - &ja (&label("generic")); - &and ("edx",0xefffffff); # clear hyper-threading bit - &jmp (&label("generic")); - -&set_label("intel"); - &cmp ("edi",7); - &jb (&label("cacheinfo")); - - &mov ("esi",&wparam(0)); - &mov ("eax",7); - &xor ("ecx","ecx"); - &cpuid (); - &mov (&DWP(8,"esi"),"ebx"); - -&set_label("cacheinfo"); - &cmp ("edi",4); - &mov ("edi",-1); - &jb (&label("nocacheinfo")); - - &mov ("eax",4); - &mov ("ecx",0); # query L1D - &cpuid (); - &mov ("edi","eax"); - &shr ("edi",14); - &and ("edi",0xfff); # number of cores -1 per L1D - -&set_label("nocacheinfo"); - &mov ("eax",1); - &xor ("ecx","ecx"); - &cpuid (); - &and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0 - &cmp ("ebp",0); - &jne (&label("notintel")); - &or ("edx",1<<30); # set reserved bit#30 on Intel CPUs -&set_label("notintel"); - &bt ("edx",28); # test hyper-threading bit - &jnc (&label("generic")); - &and ("edx",0xefffffff); - &cmp ("edi",0); - &je (&label("generic")); - - &or ("edx",0x10000000); - &shr ("ebx",16); - &cmp (&LB("ebx"),1); - &ja (&label("generic")); - &and ("edx",0xefffffff); # clear hyper-threading bit if not - -&set_label("generic"); - &and ("ebp",1<<11); # isolate AMD XOP flag - &and ("ecx",0xfffff7ff); # force 11th bit to 0 - &mov ("esi","edx"); - &or ("ebp","ecx"); # merge AMD XOP flag - - &bt ("ecx",27); # check OSXSAVE bit - &jnc (&label("clear_avx")); - &xor ("ecx","ecx"); - &data_byte(0x0f,0x01,0xd0); # xgetbv - &and ("eax",6); - &cmp ("eax",6); - &je (&label("done")); - &cmp ("eax",2); - &je (&label("clear_avx")); -&set_label("clear_xmm"); - &and ("ebp",0xfdfffffd); # clear AESNI and PCLMULQDQ bits - &and ("esi",0xfeffffff); # clear FXSR -&set_label("clear_avx"); - &and ("ebp",0xefffe7ff); # clear AVX, FMA and AMD XOP bits - &mov ("edi",&wparam(0)); - &and (&DWP(8,"edi"),0xffffffdf); # clear AVX2 -&set_label("done"); - &mov ("eax","esi"); - &mov ("edx","ebp"); -&set_label("nocpuid"); -&function_end("OPENSSL_ia32_cpuid"); - -&external_label("OPENSSL_ia32cap_P"); - -&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("notsc")); - &rdtsc (); -&set_label("notsc"); - &ret (); -&function_end_B("OPENSSL_rdtsc"); - -# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], -# but it's safe to call it on any [supported] 32-bit platform... -# Just check for [non-]zero return value... -&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("nohalt")); # no TSC - - &data_word(0x9058900e); # push %cs; pop %eax - &and ("eax",3); - &jnz (&label("nohalt")); # not enough privileges - - &pushf (); - &pop ("eax"); - &bt ("eax",9); - &jnc (&label("nohalt")); # interrupts are disabled - - &rdtsc (); - &push ("edx"); - &push ("eax"); - &halt (); - &rdtsc (); - - &sub ("eax",&DWP(0,"esp")); - &sbb ("edx",&DWP(4,"esp")); - &add ("esp",8); - &ret (); - -&set_label("nohalt"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &ret (); -&function_end_B("OPENSSL_instrument_halt"); - -# Essentially there is only one use for this function. Under DJGPP: -# -# #include <go32.h> -# ... -# i=OPENSSL_far_spin(_dos_ds,0x46c); -# ... -# to obtain the number of spins till closest timer interrupt. - -&function_begin_B("OPENSSL_far_spin"); - &pushf (); - &pop ("eax"); - &bt ("eax",9); - &jnc (&label("nospin")); # interrupts are disabled - - &mov ("eax",&DWP(4,"esp")); - &mov ("ecx",&DWP(8,"esp")); - &data_word (0x90d88e1e); # push %ds, mov %eax,%ds - &xor ("eax","eax"); - &mov ("edx",&DWP(0,"ecx")); - &jmp (&label("spin")); - - &align (16); -&set_label("spin"); - &inc ("eax"); - &cmp ("edx",&DWP(0,"ecx")); - &je (&label("spin")); - - &data_word (0x1f909090); # pop %ds - &ret (); - -&set_label("nospin"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &ret (); -&function_end_B("OPENSSL_far_spin"); - -&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &mov ("ecx",&DWP(0,"ecx")); - &bt (&DWP(0,"ecx"),1); - &jnc (&label("no_x87")); - if ($sse2) { - &and ("ecx",1<<26|1<<24); # check SSE2 and FXSR bits - &cmp ("ecx",1<<26|1<<24); - &jne (&label("no_sse2")); - &pxor ("xmm0","xmm0"); - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &pxor ("xmm5","xmm5"); - &pxor ("xmm6","xmm6"); - &pxor ("xmm7","xmm7"); - &set_label("no_sse2"); - } - # just a bunch of fldz to zap the fp/mm bank followed by finit... - &data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9,0x90e3db9b); -&set_label("no_x87"); - &lea ("eax",&DWP(4,"esp")); - &ret (); -&function_end_B("OPENSSL_wipe_cpu"); - -&function_begin_B("OPENSSL_atomic_add"); - &mov ("edx",&DWP(4,"esp")); # fetch the pointer, 1st arg - &mov ("ecx",&DWP(8,"esp")); # fetch the increment, 2nd arg - &push ("ebx"); - &nop (); - &mov ("eax",&DWP(0,"edx")); -&set_label("spin"); - &lea ("ebx",&DWP(0,"eax","ecx")); - &nop (); - &data_word(0x1ab10ff0); # lock; cmpxchg %ebx,(%edx) # %eax is envolved and is always reloaded - &jne (&label("spin")); - &mov ("eax","ebx"); # OpenSSL expects the new value - &pop ("ebx"); - &ret (); -&function_end_B("OPENSSL_atomic_add"); - -# This function can become handy under Win32 in situations when -# we don't know which calling convention, __stdcall or __cdecl(*), -# indirect callee is using. In C it can be deployed as -# -#ifdef OPENSSL_CPUID_OBJ -# type OPENSSL_indirect_call(void *f,...); -# ... -# OPENSSL_indirect_call(func,[up to $max arguments]); -#endif -# -# (*) it's designed to work even for __fastcall if number of -# arguments is 1 or 2! -&function_begin_B("OPENSSL_indirect_call"); - { - my ($max,$i)=(7,); # $max has to be chosen as 4*n-1 - # in order to preserve eventual - # stack alignment - &push ("ebp"); - &mov ("ebp","esp"); - &sub ("esp",$max*4); - &mov ("ecx",&DWP(12,"ebp")); - &mov (&DWP(0,"esp"),"ecx"); - &mov ("edx",&DWP(16,"ebp")); - &mov (&DWP(4,"esp"),"edx"); - for($i=2;$i<$max;$i++) - { - # Some copies will be redundant/bogus... - &mov ("eax",&DWP(12+$i*4,"ebp")); - &mov (&DWP(0+$i*4,"esp"),"eax"); - } - &call_ptr (&DWP(8,"ebp"));# make the call... - &mov ("esp","ebp"); # ... and just restore the stack pointer - # without paying attention to what we called, - # (__cdecl *func) or (__stdcall *one). - &pop ("ebp"); - &ret (); - } -&function_end_B("OPENSSL_indirect_call"); - -&function_begin_B("OPENSSL_ia32_rdrand"); - &mov ("ecx",8); -&set_label("loop"); - &rdrand ("eax"); - &jc (&label("break")); - &loop (&label("loop")); -&set_label("break"); - &cmp ("eax",0); - &cmove ("eax","ecx"); - &ret (); -&function_end_B("OPENSSL_ia32_rdrand"); - -&hidden("OPENSSL_ia32cap_P"); - -&asm_finish(); diff --git a/src/crypto/cpu-x86_64-asm.pl b/src/crypto/cpu-x86_64-asm.pl deleted file mode 100644 index 89d7a6c..0000000 --- a/src/crypto/cpu-x86_64-asm.pl +++ /dev/null @@ -1,163 +0,0 @@ -#!/usr/bin/env perl - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order - ("%rdi","%rsi","%rdx","%rcx"); # Unix order - -print<<___; -.text - -.globl OPENSSL_ia32_cpuid -.type OPENSSL_ia32_cpuid,\@function,1 -.align 16 -OPENSSL_ia32_cpuid: - # On Windows, $arg1 is rcx, but that will be clobbered. So make Windows - # use the same register as Unix. - mov $arg1,%rdi - mov %rbx,%r8 # save %rbx - - xor %eax,%eax - mov %eax,8(%rdi) # clear 3rd word - cpuid - mov %eax,%r11d # max value for standard query level - - xor %eax,%eax - cmp \$0x756e6547,%ebx # "Genu" - setne %al - mov %eax,%r9d - cmp \$0x49656e69,%edx # "ineI" - setne %al - or %eax,%r9d - cmp \$0x6c65746e,%ecx # "ntel" - setne %al - or %eax,%r9d # 0 indicates Intel CPU - jz .Lintel - - cmp \$0x68747541,%ebx # "Auth" - setne %al - mov %eax,%r10d - cmp \$0x69746E65,%edx # "enti" - setne %al - or %eax,%r10d - cmp \$0x444D4163,%ecx # "cAMD" - setne %al - or %eax,%r10d # 0 indicates AMD CPU - jnz .Lintel - - # AMD specific - # See http://developer.amd.com/wordpress/media/2012/10/254811.pdf (1) - - mov \$0x80000000,%eax - cpuid - # Returns "The largest CPUID extended function input value supported by - # the processor implementation." in EAX. - cmp \$0x80000001,%eax - jb .Lintel - mov %eax,%r10d - mov \$0x80000001,%eax - cpuid - # Returns feature bits in ECX. See page 20 of [1]. - # TODO(fork): I think this should be a MOV. - or %ecx,%r9d - and \$0x00000801,%r9d # isolate AMD XOP bit, 1<<11 - - cmp \$0x80000008,%r10d - jb .Lintel - - mov \$0x80000008,%eax - cpuid - # Returns APIC ID and number of cores in ECX. See page 27 of [1]. - movzb %cl,%r10 # number of cores - 1 - inc %r10 # number of cores - - mov \$1,%eax - cpuid - # See page 13 of [1]. - bt \$28,%edx # test hyper-threading bit - jnc .Lgeneric - shr \$16,%ebx # number of logical processors - cmp %r10b,%bl - ja .Lgeneric - and \$0xefffffff,%edx # Clear hyper-threading bit. - jmp .Lgeneric - -.Lintel: - cmp \$4,%r11d - mov \$-1,%r10d - jb .Lnocacheinfo - - mov \$4,%eax - mov \$0,%ecx # query L1D - cpuid - mov %eax,%r10d - shr \$14,%r10d - and \$0xfff,%r10d # number of cores -1 per L1D - - cmp \$7,%r11d - jb .Lnocacheinfo - - mov \$7,%eax - xor %ecx,%ecx - cpuid - mov %ebx,8(%rdi) - -.Lnocacheinfo: - mov \$1,%eax - cpuid - # Gets feature information. See table 3-21 in the Intel manual. - and \$0xbfefffff,%edx # force reserved bits to 0 - cmp \$0,%r9d - jne .Lnotintel - or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs -.Lnotintel: - bt \$28,%edx # test hyper-threading bit - jnc .Lgeneric - and \$0xefffffff,%edx # ~(1<<28) - clear hyper-threading. - cmp \$0,%r10d - je .Lgeneric - - or \$0x10000000,%edx # 1<<28 - shr \$16,%ebx - cmp \$1,%bl # see if cache is shared - ja .Lgeneric - and \$0xefffffff,%edx # ~(1<<28) -.Lgeneric: - and \$0x00000800,%r9d # isolate AMD XOP flag - and \$0xfffff7ff,%ecx - or %ecx,%r9d # merge AMD XOP flag - - mov %edx,%r10d # %r9d:%r10d is copy of %ecx:%edx - bt \$27,%r9d # check OSXSAVE bit - jnc .Lclear_avx - xor %ecx,%ecx # XCR0 - .byte 0x0f,0x01,0xd0 # xgetbv - and \$6,%eax # isolate XMM and YMM state support - cmp \$6,%eax - je .Ldone -.Lclear_avx: - mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11) - and %eax,%r9d # clear AVX, FMA and AMD XOP bits - andl \$0xffffffdf,8(%rdi) # cleax AVX2, ~(1<<5) -.Ldone: - movl %r9d,4(%rdi) - movl %r10d,0(%rdi) - mov %r8,%rbx # restore %rbx - ret -.size OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid - -___ - -close STDOUT; # flush diff --git a/src/crypto/crypto.c b/src/crypto/crypto.c index d9bb07e..34d04b4 100644 --- a/src/crypto/crypto.c +++ b/src/crypto/crypto.c @@ -55,7 +55,7 @@ uint32_t OPENSSL_ia32cap_P[4] = {0}; #elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) -#include "arm_arch.h" +#include <openssl/arm_arch.h> #if defined(__ARM_NEON__) uint32_t OPENSSL_armcap_P = ARMV7_NEON | ARMV7_NEON_FUNCTIONAL; diff --git a/src/crypto/des/CMakeLists.txt b/src/crypto/des/CMakeLists.txt index 7d49ff3..f61fa14 100644 --- a/src/crypto/des/CMakeLists.txt +++ b/src/crypto/des/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( des diff --git a/src/crypto/des/des.c b/src/crypto/des/des.c index 9cd75f5..a5669a6 100644 --- a/src/crypto/des/des.c +++ b/src/crypto/des/des.c @@ -298,10 +298,8 @@ void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) { 0, 1, 1, 1, 1, 1, 1, 0}; uint32_t c, d, t, s, t2; const uint8_t *in; - uint32_t *k; int i; - k = &schedule->ks->deslong[0]; in = key->bytes; c2l(in, c); @@ -344,10 +342,10 @@ void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) { /* table contained 0213 4657 */ t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; - *(k++) = ROTATE(t2, 30) & 0xffffffffL; + schedule->subkeys[i][0] = ROTATE(t2, 30) & 0xffffffffL; t2 = ((s >> 16L) | (t & 0xffff0000L)); - *(k++) = ROTATE(t2, 26) & 0xffffffffL; + schedule->subkeys[i][1] = ROTATE(t2, 26) & 0xffffffffL; } } @@ -382,7 +380,6 @@ void DES_set_odd_parity(DES_cblock *key) { static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) { uint32_t l, r, t, u; - const uint32_t *s; r = data[0]; l = data[1]; @@ -398,43 +395,42 @@ static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) { r = ROTATE(r, 29) & 0xffffffffL; l = ROTATE(l, 29) & 0xffffffffL; - s = ks->ks->deslong; /* I don't know if it is worth the effort of loop unrolling the * inner loop */ if (enc) { - D_ENCRYPT(l, r, 0); /* 1 */ - D_ENCRYPT(r, l, 2); /* 2 */ - D_ENCRYPT(l, r, 4); /* 3 */ - D_ENCRYPT(r, l, 6); /* 4 */ - D_ENCRYPT(l, r, 8); /* 5 */ - D_ENCRYPT(r, l, 10); /* 6 */ - D_ENCRYPT(l, r, 12); /* 7 */ - D_ENCRYPT(r, l, 14); /* 8 */ - D_ENCRYPT(l, r, 16); /* 9 */ - D_ENCRYPT(r, l, 18); /* 10 */ - D_ENCRYPT(l, r, 20); /* 11 */ - D_ENCRYPT(r, l, 22); /* 12 */ - D_ENCRYPT(l, r, 24); /* 13 */ - D_ENCRYPT(r, l, 26); /* 14 */ - D_ENCRYPT(l, r, 28); /* 15 */ - D_ENCRYPT(r, l, 30); /* 16 */ + D_ENCRYPT(ks, l, r, 0); + D_ENCRYPT(ks, r, l, 1); + D_ENCRYPT(ks, l, r, 2); + D_ENCRYPT(ks, r, l, 3); + D_ENCRYPT(ks, l, r, 4); + D_ENCRYPT(ks, r, l, 5); + D_ENCRYPT(ks, l, r, 6); + D_ENCRYPT(ks, r, l, 7); + D_ENCRYPT(ks, l, r, 8); + D_ENCRYPT(ks, r, l, 9); + D_ENCRYPT(ks, l, r, 10); + D_ENCRYPT(ks, r, l, 11); + D_ENCRYPT(ks, l, r, 12); + D_ENCRYPT(ks, r, l, 13); + D_ENCRYPT(ks, l, r, 14); + D_ENCRYPT(ks, r, l, 15); } else { - D_ENCRYPT(l, r, 30); /* 16 */ - D_ENCRYPT(r, l, 28); /* 15 */ - D_ENCRYPT(l, r, 26); /* 14 */ - D_ENCRYPT(r, l, 24); /* 13 */ - D_ENCRYPT(l, r, 22); /* 12 */ - D_ENCRYPT(r, l, 20); /* 11 */ - D_ENCRYPT(l, r, 18); /* 10 */ - D_ENCRYPT(r, l, 16); /* 9 */ - D_ENCRYPT(l, r, 14); /* 8 */ - D_ENCRYPT(r, l, 12); /* 7 */ - D_ENCRYPT(l, r, 10); /* 6 */ - D_ENCRYPT(r, l, 8); /* 5 */ - D_ENCRYPT(l, r, 6); /* 4 */ - D_ENCRYPT(r, l, 4); /* 3 */ - D_ENCRYPT(l, r, 2); /* 2 */ - D_ENCRYPT(r, l, 0); /* 1 */ + D_ENCRYPT(ks, l, r, 15); + D_ENCRYPT(ks, r, l, 14); + D_ENCRYPT(ks, l, r, 13); + D_ENCRYPT(ks, r, l, 12); + D_ENCRYPT(ks, l, r, 11); + D_ENCRYPT(ks, r, l, 10); + D_ENCRYPT(ks, l, r, 9); + D_ENCRYPT(ks, r, l, 8); + D_ENCRYPT(ks, l, r, 7); + D_ENCRYPT(ks, r, l, 6); + D_ENCRYPT(ks, l, r, 5); + D_ENCRYPT(ks, r, l, 4); + D_ENCRYPT(ks, l, r, 3); + D_ENCRYPT(ks, r, l, 2); + D_ENCRYPT(ks, l, r, 1); + D_ENCRYPT(ks, r, l, 0); } /* rotate and clear the top bits on machines with 8byte longs */ @@ -448,7 +444,6 @@ static void DES_encrypt1(uint32_t *data, const DES_key_schedule *ks, int enc) { static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) { uint32_t l, r, t, u; - const uint32_t *s; r = data[0]; l = data[1]; @@ -462,52 +457,51 @@ static void DES_encrypt2(uint32_t *data, const DES_key_schedule *ks, int enc) { r = ROTATE(r, 29) & 0xffffffffL; l = ROTATE(l, 29) & 0xffffffffL; - s = ks->ks->deslong; /* I don't know if it is worth the effort of loop unrolling the * inner loop */ if (enc) { - D_ENCRYPT(l, r, 0); /* 1 */ - D_ENCRYPT(r, l, 2); /* 2 */ - D_ENCRYPT(l, r, 4); /* 3 */ - D_ENCRYPT(r, l, 6); /* 4 */ - D_ENCRYPT(l, r, 8); /* 5 */ - D_ENCRYPT(r, l, 10); /* 6 */ - D_ENCRYPT(l, r, 12); /* 7 */ - D_ENCRYPT(r, l, 14); /* 8 */ - D_ENCRYPT(l, r, 16); /* 9 */ - D_ENCRYPT(r, l, 18); /* 10 */ - D_ENCRYPT(l, r, 20); /* 11 */ - D_ENCRYPT(r, l, 22); /* 12 */ - D_ENCRYPT(l, r, 24); /* 13 */ - D_ENCRYPT(r, l, 26); /* 14 */ - D_ENCRYPT(l, r, 28); /* 15 */ - D_ENCRYPT(r, l, 30); /* 16 */ + D_ENCRYPT(ks, l, r, 0); + D_ENCRYPT(ks, r, l, 1); + D_ENCRYPT(ks, l, r, 2); + D_ENCRYPT(ks, r, l, 3); + D_ENCRYPT(ks, l, r, 4); + D_ENCRYPT(ks, r, l, 5); + D_ENCRYPT(ks, l, r, 6); + D_ENCRYPT(ks, r, l, 7); + D_ENCRYPT(ks, l, r, 8); + D_ENCRYPT(ks, r, l, 9); + D_ENCRYPT(ks, l, r, 10); + D_ENCRYPT(ks, r, l, 11); + D_ENCRYPT(ks, l, r, 12); + D_ENCRYPT(ks, r, l, 13); + D_ENCRYPT(ks, l, r, 14); + D_ENCRYPT(ks, r, l, 15); } else { - D_ENCRYPT(l, r, 30); /* 16 */ - D_ENCRYPT(r, l, 28); /* 15 */ - D_ENCRYPT(l, r, 26); /* 14 */ - D_ENCRYPT(r, l, 24); /* 13 */ - D_ENCRYPT(l, r, 22); /* 12 */ - D_ENCRYPT(r, l, 20); /* 11 */ - D_ENCRYPT(l, r, 18); /* 10 */ - D_ENCRYPT(r, l, 16); /* 9 */ - D_ENCRYPT(l, r, 14); /* 8 */ - D_ENCRYPT(r, l, 12); /* 7 */ - D_ENCRYPT(l, r, 10); /* 6 */ - D_ENCRYPT(r, l, 8); /* 5 */ - D_ENCRYPT(l, r, 6); /* 4 */ - D_ENCRYPT(r, l, 4); /* 3 */ - D_ENCRYPT(l, r, 2); /* 2 */ - D_ENCRYPT(r, l, 0); /* 1 */ + D_ENCRYPT(ks, l, r, 15); + D_ENCRYPT(ks, r, l, 14); + D_ENCRYPT(ks, l, r, 13); + D_ENCRYPT(ks, r, l, 12); + D_ENCRYPT(ks, l, r, 11); + D_ENCRYPT(ks, r, l, 10); + D_ENCRYPT(ks, l, r, 9); + D_ENCRYPT(ks, r, l, 8); + D_ENCRYPT(ks, l, r, 7); + D_ENCRYPT(ks, r, l, 6); + D_ENCRYPT(ks, l, r, 5); + D_ENCRYPT(ks, r, l, 4); + D_ENCRYPT(ks, l, r, 3); + D_ENCRYPT(ks, r, l, 2); + D_ENCRYPT(ks, l, r, 1); + D_ENCRYPT(ks, r, l, 0); } /* rotate and clear the top bits on machines with 8byte longs */ data[0] = ROTATE(l, 3) & 0xffffffffL; data[1] = ROTATE(r, 3) & 0xffffffffL; } -static void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1, - const DES_key_schedule *ks2, - const DES_key_schedule *ks3) { +/* DES_encrypt3 is not static because it's used in decrepit. */ +void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1, + const DES_key_schedule *ks2, const DES_key_schedule *ks3) { uint32_t l, r; l = data[0]; @@ -525,9 +519,9 @@ static void DES_encrypt3(uint32_t *data, const DES_key_schedule *ks1, data[1] = r; } -static void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1, - const DES_key_schedule *ks2, - const DES_key_schedule *ks3) { +/* DES_decrypt3 is not static because it's used in decrepit. */ +void DES_decrypt3(uint32_t *data, const DES_key_schedule *ks1, + const DES_key_schedule *ks2, const DES_key_schedule *ks3) { uint32_t l, r; l = data[0]; @@ -770,3 +764,10 @@ void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, int enc) { DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc); } + + +/* Deprecated functions. */ + +void DES_set_key_unchecked(const DES_cblock *key, DES_key_schedule *schedule) { + DES_set_key(key, schedule); +} diff --git a/src/crypto/des/internal.h b/src/crypto/des/internal.h index d3a5cec..91559ff 100644 --- a/src/crypto/des/internal.h +++ b/src/crypto/des/internal.h @@ -183,13 +183,13 @@ how to use xors :-) I got it to its final state. PERM_OP(l, r, tt, 4, 0x0f0f0f0fL); \ } -#define LOAD_DATA(R, S, u, t, E0, E1) \ - u = R ^ s[S]; \ - t = R ^ s[S + 1] +#define LOAD_DATA(ks, R, S, u, t, E0, E1) \ + u = R ^ ks->subkeys[S][0]; \ + t = R ^ ks->subkeys[S][1] -#define D_ENCRYPT(LL, R, S) \ +#define D_ENCRYPT(ks, LL, R, S) \ { \ - LOAD_DATA(R, S, u, t, E0, E1); \ + LOAD_DATA(ks, R, S, u, t, E0, E1); \ t = ROTATE(t, 4); \ LL ^= \ DES_SPtrans[0][(u >> 2L) & 0x3f] ^ DES_SPtrans[2][(u >> 10L) & 0x3f] ^ \ diff --git a/src/crypto/dh/CMakeLists.txt b/src/crypto/dh/CMakeLists.txt index d0c1da7..1a46512 100644 --- a/src/crypto/dh/CMakeLists.txt +++ b/src/crypto/dh/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( dh diff --git a/src/crypto/dh/dh.c b/src/crypto/dh/dh.c index 96b85f3..d25f358 100644 --- a/src/crypto/dh/dh.c +++ b/src/crypto/dh/dh.c @@ -78,7 +78,7 @@ DH *DH_new(void) { return DH_new_method(NULL); } DH *DH_new_method(const ENGINE *engine) { DH *dh = (DH *)OPENSSL_malloc(sizeof(DH)); if (dh == NULL) { - OPENSSL_PUT_ERROR(DH, DH_new_method, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(DH, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/src/crypto/dh/dh_impl.c b/src/crypto/dh/dh_impl.c index f269412..6cf0abb 100644 --- a/src/crypto/dh/dh_impl.c +++ b/src/crypto/dh/dh_impl.c @@ -117,7 +117,7 @@ static int generate_parameters(DH *ret, int prime_bits, int generator, BN_GENCB } if (generator <= 1) { - OPENSSL_PUT_ERROR(DH, generate_parameters, DH_R_BAD_GENERATOR); + OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR); goto err; } if (generator == DH_GENERATOR_2) { @@ -165,7 +165,7 @@ static int generate_parameters(DH *ret, int prime_bits, int generator, BN_GENCB err: if (!ok) { - OPENSSL_PUT_ERROR(DH, generate_parameters, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); } if (ctx != NULL) { @@ -242,7 +242,7 @@ static int generate_key(DH *dh) { err: if (ok != 1) { - OPENSSL_PUT_ERROR(DH, generate_key, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); } if (dh->pub_key == NULL) { @@ -264,7 +264,7 @@ static int compute_key(DH *dh, unsigned char *out, const BIGNUM *pub_key) { BIGNUM local_priv; if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { - OPENSSL_PUT_ERROR(DH, compute_key, DH_R_MODULUS_TOO_LARGE); + OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE); goto err; } @@ -279,7 +279,7 @@ static int compute_key(DH *dh, unsigned char *out, const BIGNUM *pub_key) { } if (dh->priv_key == NULL) { - OPENSSL_PUT_ERROR(DH, compute_key, DH_R_NO_PRIVATE_VALUE); + OPENSSL_PUT_ERROR(DH, DH_R_NO_PRIVATE_VALUE); goto err; } @@ -290,14 +290,14 @@ static int compute_key(DH *dh, unsigned char *out, const BIGNUM *pub_key) { } if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) { - OPENSSL_PUT_ERROR(DH, compute_key, DH_R_INVALID_PUBKEY); + OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PUBKEY); goto err; } BN_with_flags(&local_priv, dh->priv_key, BN_FLG_CONSTTIME); if (!BN_mod_exp_mont(shared_key, pub_key, &local_priv, dh->p, ctx, mont)) { - OPENSSL_PUT_ERROR(DH, compute_key, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); goto err; } diff --git a/src/crypto/digest/CMakeLists.txt b/src/crypto/digest/CMakeLists.txt index 816d116..856e45a 100644 --- a/src/crypto/digest/CMakeLists.txt +++ b/src/crypto/digest/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( digest diff --git a/src/crypto/digest/digest.c b/src/crypto/digest/digest.c index f09948b..eb71b07 100644 --- a/src/crypto/digest/digest.c +++ b/src/crypto/digest/digest.c @@ -116,8 +116,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { uint8_t *tmp_buf = NULL; if (in == NULL || in->digest == NULL) { - OPENSSL_PUT_ERROR(DIGEST, EVP_MD_CTX_copy_ex, - DIGEST_R_INPUT_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_INPUT_NOT_INITIALIZED); return 0; } @@ -130,15 +129,15 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { } EVP_MD_CTX_cleanup(out); - memcpy(out, in, sizeof(EVP_MD_CTX)); + out->digest = in->digest; if (in->md_data && in->digest->ctx_size) { if (tmp_buf) { out->md_data = tmp_buf; } else { out->md_data = OPENSSL_malloc(in->digest->ctx_size); if (!out->md_data) { - OPENSSL_PUT_ERROR(DIGEST, EVP_MD_CTX_copy_ex, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(DIGEST, ERR_R_MALLOC_FAILURE); return 0; } } @@ -146,6 +145,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { } assert(in->pctx == NULL || in->pctx_ops != NULL); + out->pctx_ops = in->pctx_ops; if (in->pctx && in->pctx_ops) { out->pctx = in->pctx_ops->dup(in->pctx); if (!out->pctx) { @@ -164,30 +164,20 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) { int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *engine) { if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size) { + if (ctx->digest && ctx->digest->ctx_size > 0) { OPENSSL_free(ctx->md_data); } ctx->digest = type; - if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { - ctx->update = type->update; + if (type->ctx_size > 0) { ctx->md_data = OPENSSL_malloc(type->ctx_size); if (ctx->md_data == NULL) { - OPENSSL_PUT_ERROR(DIGEST, EVP_DigestInit_ex, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(DIGEST, ERR_R_MALLOC_FAILURE); return 0; } } } assert(ctx->pctx == NULL || ctx->pctx_ops != NULL); - if (ctx->pctx_ops) { - if (!ctx->pctx_ops->begin_digest(ctx)) { - return 0; - } - } - - if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) { - return 1; - } ctx->digest->init(ctx); return 1; @@ -199,7 +189,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { } int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) { - ctx->update(ctx, data, len); + ctx->digest->update(ctx, data, len); return 1; } @@ -214,7 +204,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out, unsigned int *size) { } int EVP_DigestFinal(EVP_MD_CTX *ctx, uint8_t *md, unsigned int *size) { - EVP_DigestFinal_ex(ctx, md, size); + (void)EVP_DigestFinal_ex(ctx, md, size); EVP_MD_CTX_cleanup(ctx); return 1; } @@ -253,10 +243,6 @@ int EVP_MD_CTX_type(const EVP_MD_CTX *ctx) { return EVP_MD_type(EVP_MD_CTX_md(ctx)); } -void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, uint32_t flags) { - ctx->flags |= flags; -} - int EVP_add_digest(const EVP_MD *digest) { return 1; } diff --git a/src/crypto/digest/digests.c b/src/crypto/digest/digests.c index f5eda36..3307f26 100644 --- a/src/crypto/digest/digests.c +++ b/src/crypto/digest/digests.c @@ -67,7 +67,7 @@ #include "internal.h" #if defined(NDEBUG) -#define CHECK(x) x +#define CHECK(x) (void) (x) #else #define CHECK(x) assert(x) #endif @@ -262,6 +262,7 @@ struct nid_to_digest { }; static const struct nid_to_digest nid_to_digest_mapping[] = { + { NID_md4, EVP_md4, SN_md4, LN_md4 }, { NID_md5, EVP_md5, SN_md5, LN_md5 }, { NID_sha1, EVP_sha1, SN_sha1, LN_sha1 }, { NID_sha224, EVP_sha224, SN_sha224, LN_sha224 }, diff --git a/src/crypto/digest/internal.h b/src/crypto/digest/internal.h index 1572fa8..e3d812a 100644 --- a/src/crypto/digest/internal.h +++ b/src/crypto/digest/internal.h @@ -92,7 +92,7 @@ struct env_md_st { }; /* evp_md_pctx_ops contains function pointers to allow the |pctx| member of - * |EVP_MD_CTX| to be manipulated without breaking laying by calling EVP + * |EVP_MD_CTX| to be manipulated without breaking layering by calling EVP * functions. */ struct evp_md_pctx_ops { /* free is called when an |EVP_MD_CTX| is being freed and the |pctx| also @@ -102,23 +102,8 @@ struct evp_md_pctx_ops { /* dup is called when an |EVP_MD_CTX| is copied and so the |pctx| also needs * to be copied. */ EVP_PKEY_CTX* (*dup) (EVP_PKEY_CTX *pctx); - - /* begin_digest is called when a new digest operation is started. It returns - * one on success and zero otherwise. */ - int (*begin_digest) (EVP_MD_CTX *ctx); }; -/* EVP_MD_CTX_set_flags ORs |flags| into the flags member of |ctx|. */ -OPENSSL_EXPORT void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, uint32_t flags); - -/* EVP_MD_CTX_FLAG_NO_INIT causes the |EVP_MD|'s |init| function not to be - * called, the |update| member not to be copied from the |EVP_MD| in - * |EVP_DigestInit_ex| and for |md_data| not to be initialised. - * - * TODO(davidben): This is an implementation detail of |EVP_PKEY_HMAC| and can - * be removed when it is gone. */ -#define EVP_MD_CTX_FLAG_NO_INIT 1 - #if defined(__cplusplus) } /* extern C */ diff --git a/src/crypto/dsa/CMakeLists.txt b/src/crypto/dsa/CMakeLists.txt index 1bb8b63..e8b7793 100644 --- a/src/crypto/dsa/CMakeLists.txt +++ b/src/crypto/dsa/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( dsa diff --git a/src/crypto/dsa/dsa.c b/src/crypto/dsa/dsa.c index 65444b1..3ff29c4 100644 --- a/src/crypto/dsa/dsa.c +++ b/src/crypto/dsa/dsa.c @@ -82,7 +82,7 @@ DSA *DSA_new(void) { return DSA_new_method(NULL); } DSA *DSA_new_method(const ENGINE *engine) { DSA *dsa = (DSA *)OPENSSL_malloc(sizeof(DSA)); if (dsa == NULL) { - OPENSSL_PUT_ERROR(DSA, DSA_new_method, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(DSA, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/src/crypto/dsa/dsa_asn1.c b/src/crypto/dsa/dsa_asn1.c index 933fba7..b6b3fa4 100644 --- a/src/crypto/dsa/dsa_asn1.c +++ b/src/crypto/dsa/dsa_asn1.c @@ -73,7 +73,7 @@ static int dsa_sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, DSA_SIG *sig; sig = OPENSSL_malloc(sizeof(DSA_SIG)); if (!sig) { - OPENSSL_PUT_ERROR(DSA, dsa_sig_cb, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(DSA, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/src/crypto/dsa/dsa_impl.c b/src/crypto/dsa/dsa_impl.c index 2ab8ba8..b10610d 100644 --- a/src/crypto/dsa/dsa_impl.c +++ b/src/crypto/dsa/dsa_impl.c @@ -83,7 +83,7 @@ static int sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, int ret = 0; if (!dsa->p || !dsa->q || !dsa->g) { - OPENSSL_PUT_ERROR(DSA, sign_setup, DSA_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS); return 0; } @@ -171,7 +171,7 @@ static int sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, err: if (!ret) { - OPENSSL_PUT_ERROR(DSA, sign_setup, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB); if (r != NULL) { BN_clear_free(r); } @@ -269,7 +269,7 @@ redo: err: if (!ret) { - OPENSSL_PUT_ERROR(DSA, sign, reason); + OPENSSL_PUT_ERROR(DSA, reason); BN_free(r); BN_free(s); } @@ -292,19 +292,19 @@ static int verify(int *out_valid, const uint8_t *dgst, size_t digest_len, *out_valid = 0; if (!dsa->p || !dsa->q || !dsa->g) { - OPENSSL_PUT_ERROR(DSA, verify, DSA_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS); return 0; } i = BN_num_bits(dsa->q); /* fips 186-3 allows only different sizes for q */ if (i != 160 && i != 224 && i != 256) { - OPENSSL_PUT_ERROR(DSA, verify, DSA_R_BAD_Q_VALUE); + OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE); return 0; } if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { - OPENSSL_PUT_ERROR(DSA, verify, DSA_R_MODULUS_TOO_LARGE); + OPENSSL_PUT_ERROR(DSA, DSA_R_MODULUS_TOO_LARGE); return 0; } @@ -381,7 +381,7 @@ static int verify(int *out_valid, const uint8_t *dgst, size_t digest_len, err: if (ret != 1) { - OPENSSL_PUT_ERROR(DSA, verify, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB); } BN_CTX_free(ctx); BN_free(&u1); @@ -487,16 +487,14 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, bits = (bits + 63) / 64 * 64; - /* NB: seed_len == 0 is special case: copy generated seed to - * seed_in if it is not NULL. */ - if (seed_len && (seed_len < (size_t)qsize)) { - seed_in = NULL; /* seed buffer too small -- ignore */ - } - if (seed_len > (size_t)qsize) { - seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, - * but our internal buffers are restricted to 160 bits*/ - } if (seed_in != NULL) { + if (seed_len < (size_t)qsize) { + return 0; + } + if (seed_len > (size_t)qsize) { + /* Only consume as much seed as is expected. */ + seed_len = qsize; + } memcpy(seed, seed_in, seed_len); } @@ -527,21 +525,19 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, for (;;) { /* Find q. */ for (;;) { - int seed_is_random; - /* step 1 */ if (!BN_GENCB_call(cb, 0, m++)) { goto err; } - if (!seed_len) { + int use_random_seed = (seed_in == NULL); + if (use_random_seed) { if (!RAND_bytes(seed, qsize)) { goto err; } - seed_is_random = 1; } else { - seed_is_random = 0; - seed_len = 0; /* use random seed if 'seed_in' turns out to be bad*/ + /* If we come back through, use random seed next time. */ + seed_in = NULL; } memcpy(buf, seed, qsize); memcpy(buf2, seed, qsize); @@ -570,7 +566,7 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, } /* step 4 */ - r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, seed_is_random, cb); + r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, cb); if (r > 0) { break; } diff --git a/src/crypto/ec/CMakeLists.txt b/src/crypto/ec/CMakeLists.txt index b5ebefa..38a91f8 100644 --- a/src/crypto/ec/CMakeLists.txt +++ b/src/crypto/ec/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( ec diff --git a/src/crypto/ec/ec.c b/src/crypto/ec/ec.c index f38eba6..3117f16 100644 --- a/src/crypto/ec/ec.c +++ b/src/crypto/ec/ec.c @@ -222,7 +222,11 @@ const struct built_in_curve OPENSSL_built_in_curves[] = { {NID_secp224r1, &P224, 0}, { NID_X9_62_prime256v1, &P256, -#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS) + /* MSAN appears to have a bug that causes this P-256 code to be miscompiled + * in opt mode. While that is being looked at, don't run the uint128_t + * P-256 code under MSAN for now. */ +#if defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS) && \ + !defined(MEMORY_SANITIZER) EC_GFp_nistp256_method, #else 0, @@ -237,18 +241,18 @@ EC_GROUP *ec_group_new(const EC_METHOD *meth) { EC_GROUP *ret; if (meth == NULL) { - OPENSSL_PUT_ERROR(EC, ec_group_new, EC_R_SLOT_FULL); + OPENSSL_PUT_ERROR(EC, EC_R_SLOT_FULL); return NULL; } if (meth->group_init == 0) { - OPENSSL_PUT_ERROR(EC, ec_group_new, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return NULL; } ret = OPENSSL_malloc(sizeof(EC_GROUP)); if (ret == NULL) { - OPENSSL_PUT_ERROR(EC, ec_group_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return NULL; } memset(ret, 0, sizeof(EC_GROUP)); @@ -276,8 +280,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, } if (ret->meth->group_set_curve == 0) { - OPENSSL_PUT_ERROR(EC, EC_GROUP_new_curve_GFp, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (!ret->meth->group_set_curve(ret, p, a, b, ctx)) { @@ -329,7 +332,7 @@ static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) { EC_GROUP *group = NULL; EC_POINT *P = NULL; BN_CTX *ctx = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL; int ok = 0; unsigned param_len; const EC_METHOD *meth; @@ -337,7 +340,7 @@ static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) { const uint8_t *params; if ((ctx = BN_CTX_new()) == NULL) { - OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -348,7 +351,7 @@ static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) { if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) || !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) || !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) { - OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } @@ -356,45 +359,39 @@ static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) { meth = curve->method(); if (((group = ec_group_new(meth)) == NULL) || (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { - OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } } else { if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { - OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } } if ((P = EC_POINT_new(group)) == NULL) { - OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) { - OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) { - OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } - if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) || - !BN_set_word(x, (BN_ULONG)data->cofactor)) { - OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_BN_LIB); + if (!BN_bin2bn(params + 5 * param_len, param_len, &group->order) || + !BN_set_word(&group->cofactor, (BN_ULONG)data->cofactor)) { + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } group->generator = P; P = NULL; - if (!BN_copy(&group->order, order) || - !BN_set_word(&group->cofactor, (BN_ULONG)data->cofactor)) { - OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_BN_LIB); - goto err; - } - ok = 1; err: @@ -407,7 +404,6 @@ err: BN_free(p); BN_free(a); BN_free(b); - BN_free(order); BN_free(x); BN_free(y); return group; @@ -427,7 +423,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) { } if (ret == NULL) { - OPENSSL_PUT_ERROR(EC, EC_GROUP_new_by_curve_name, EC_R_UNKNOWN_GROUP); + OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_GROUP); return NULL; } @@ -455,11 +451,11 @@ void EC_GROUP_free(EC_GROUP *group) { int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) { if (dest->meth->group_copy == 0) { - OPENSSL_PUT_ERROR(EC, EC_GROUP_copy, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (dest->meth != src->meth) { - OPENSSL_PUT_ERROR(EC, EC_GROUP_copy, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } if (dest == src) { @@ -554,8 +550,7 @@ int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *out_p, BIGNUM *out_a, BIGNUM *out_b, BN_CTX *ctx) { if (group->meth->group_get_curve == 0) { - OPENSSL_PUT_ERROR(EC, EC_GROUP_get_curve_GFp, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return group->meth->group_get_curve(group, out_p, out_a, out_b, ctx); @@ -565,8 +560,7 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group) { return group->curve_name; } int EC_GROUP_get_degree(const EC_GROUP *group) { if (group->meth->group_get_degree == 0) { - OPENSSL_PUT_ERROR(EC, EC_GROUP_get_degree, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return group->meth->group_get_degree(group); @@ -602,17 +596,17 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) { EC_POINT *ret; if (group == NULL) { - OPENSSL_PUT_ERROR(EC, EC_POINT_new, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (group->meth->point_init == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_new, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return NULL; } ret = OPENSSL_malloc(sizeof *ret); if (ret == NULL) { - OPENSSL_PUT_ERROR(EC, EC_POINT_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return NULL; } @@ -653,11 +647,11 @@ void EC_POINT_clear_free(EC_POINT *point) { int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) { if (dest->meth->point_copy == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_copy, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (dest->meth != src->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_copy, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } if (dest == src) { @@ -676,7 +670,7 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) { t = EC_POINT_new(group); if (t == NULL) { - OPENSSL_PUT_ERROR(EC, EC_POINT_dup, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return NULL; } r = EC_POINT_copy(t, a); @@ -690,12 +684,11 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) { int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) { if (group->meth->point_set_to_infinity == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_set_to_infinity, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_set_to_infinity, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->point_set_to_infinity(group, point); @@ -703,12 +696,11 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) { int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) { if (group->meth->is_at_infinity == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_is_at_infinity, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_is_at_infinity, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->is_at_infinity(group, point); @@ -717,12 +709,11 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) { int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { if (group->meth->is_on_curve == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_is_on_curve, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_is_on_curve, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->is_on_curve(group, point, ctx); @@ -731,11 +722,11 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { if (group->meth->point_cmp == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_cmp, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; } if ((group->meth != a->meth) || (a->meth != b->meth)) { - OPENSSL_PUT_ERROR(EC, EC_POINT_cmp, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return -1; } return group->meth->point_cmp(group, a, b, ctx); @@ -743,12 +734,11 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) { if (group->meth->make_affine == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_make_affine, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_make_affine, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->make_affine(group, point, ctx); @@ -759,13 +749,12 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], size_t i; if (group->meth->points_make_affine == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINTs_make_affine, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } for (i = 0; i < num; i++) { if (group->meth != points[i]->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINTs_make_affine, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } } @@ -776,13 +765,11 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { if (group->meth->point_get_affine_coordinates == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_get_affine_coordinates_GFp, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_get_affine_coordinates_GFp, - EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); @@ -792,13 +779,11 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) { if (group->meth->point_set_affine_coordinates == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_set_affine_coordinates_GFp, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_set_affine_coordinates_GFp, - EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); @@ -807,12 +792,12 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { if (group->meth->add == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_add, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) { - OPENSSL_PUT_ERROR(EC, EC_POINT_add, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->add(group, r, a, b, ctx); @@ -822,11 +807,11 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) { if (group->meth->dbl == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_dbl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if ((group->meth != r->meth) || (r->meth != a->meth)) { - OPENSSL_PUT_ERROR(EC, EC_POINT_dbl, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->dbl(group, r, a, ctx); @@ -835,11 +820,11 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) { if (group->meth->invert == 0) { - OPENSSL_PUT_ERROR(EC, EC_POINT_invert, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != a->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_invert, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->invert(group, a, ctx); @@ -874,13 +859,11 @@ int ec_point_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *po const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) { if (group->meth->point_set_Jprojective_coordinates_GFp == 0) { - OPENSSL_PUT_ERROR(EC, ec_point_set_Jprojective_coordinates_GFp, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, ec_point_set_Jprojective_coordinates_GFp, - EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, diff --git a/src/crypto/ec/ec_asn1.c b/src/crypto/ec/ec_asn1.c index ff3dca6..31d8944 100644 --- a/src/crypto/ec/ec_asn1.c +++ b/src/crypto/ec/ec_asn1.c @@ -168,7 +168,7 @@ ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, if (ret == NULL) { ret = ECPKPARAMETERS_new(); if (ret == NULL) { - OPENSSL_PUT_ERROR(EC, ec_asn1_group2pkparameters, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return NULL; } } else { @@ -196,7 +196,7 @@ EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) { int nid = NID_undef; if (params == NULL) { - OPENSSL_PUT_ERROR(EC, ec_asn1_pkparameters2group, EC_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(EC, EC_R_MISSING_PARAMETERS); return NULL; } @@ -222,14 +222,13 @@ EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) { } if (nid == NID_undef) { - OPENSSL_PUT_ERROR(EC, ec_asn1_pkparameters2group, EC_R_NON_NAMED_CURVE); + OPENSSL_PUT_ERROR(EC, EC_R_NON_NAMED_CURVE); return NULL; } ret = EC_GROUP_new_by_curve_name(nid); if (ret == NULL) { - OPENSSL_PUT_ERROR(EC, ec_asn1_pkparameters2group, - EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); + OPENSSL_PUT_ERROR(EC, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); return NULL; } @@ -243,14 +242,14 @@ static EC_GROUP *d2i_ECPKParameters(EC_GROUP **groupp, const uint8_t **inp, params = d2i_ECPKPARAMETERS(NULL, inp, len); if (params == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECPKParameters, EC_R_D2I_ECPKPARAMETERS_FAILURE); + OPENSSL_PUT_ERROR(EC, EC_R_D2I_ECPKPARAMETERS_FAILURE); ECPKPARAMETERS_free(params); return NULL; } group = ec_asn1_pkparameters2group(params); if (group == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECPKParameters, EC_R_PKPARAMETERS2GROUP_FAILURE); + OPENSSL_PUT_ERROR(EC, EC_R_PKPARAMETERS2GROUP_FAILURE); ECPKPARAMETERS_free(params); return NULL; } @@ -268,12 +267,12 @@ static int i2d_ECPKParameters(const EC_GROUP *group, uint8_t **outp) { int ret = 0; ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(group, NULL); if (tmp == NULL) { - OPENSSL_PUT_ERROR(EC, i2d_ECPKParameters, EC_R_GROUP2PKPARAMETERS_FAILURE); + OPENSSL_PUT_ERROR(EC, EC_R_GROUP2PKPARAMETERS_FAILURE); return 0; } ret = i2d_ECPKPARAMETERS(tmp, outp); if (ret == 0) { - OPENSSL_PUT_ERROR(EC, i2d_ECPKParameters, EC_R_I2D_ECPKPARAMETERS_FAILURE); + OPENSSL_PUT_ERROR(EC, EC_R_I2D_ECPKPARAMETERS_FAILURE); ECPKPARAMETERS_free(tmp); return 0; } @@ -288,14 +287,14 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **in, long len) { priv_key = d2i_EC_PRIVATEKEY(NULL, in, len); if (priv_key == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); return NULL; } if (a == NULL || *a == NULL) { ret = EC_KEY_new(); if (ret == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } } else { @@ -308,7 +307,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **in, long len) { } if (ret->group == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } @@ -319,18 +318,18 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **in, long len) { BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey), M_ASN1_STRING_length(priv_key->privateKey), ret->priv_key); if (ret->priv_key == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } } else { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, EC_R_MISSING_PRIVATE_KEY); + OPENSSL_PUT_ERROR(EC, EC_R_MISSING_PRIVATE_KEY); goto err; } EC_POINT_free(ret->pub_key); ret->pub_key = EC_POINT_new(ret->group); if (ret->pub_key == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } @@ -342,20 +341,20 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const uint8_t **in, long len) { pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); /* The first byte (the point conversion form) must be present. */ if (pub_oct_len <= 0) { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, EC_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL); goto err; } /* Save the point conversion form. */ ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); if (!EC_POINT_oct2point(ret->group, ret->pub_key, pub_oct, pub_oct_len, NULL)) { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } } else { if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL)) { - OPENSSL_PUT_ERROR(EC, d2i_ECPrivateKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } /* Remember the original private-key-only encoding. */ @@ -387,13 +386,13 @@ int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) { EC_PRIVATEKEY *priv_key = NULL; if (key == NULL || key->group == NULL || key->priv_key == NULL) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); goto err; } priv_key = EC_PRIVATEKEY_new(); if (priv_key == NULL) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -402,17 +401,17 @@ int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) { buf_len = BN_num_bytes(&key->group->order); buffer = OPENSSL_malloc(buf_len); if (buffer == NULL) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } if (!BN_bn2bin_padded(buffer, buf_len, key->priv_key)) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_ASN1_LIB); goto err; } @@ -420,7 +419,7 @@ int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) { if (!(key->enc_flag & EC_PKEY_NO_PARAMETERS)) { if ((priv_key->parameters = ec_asn1_group2pkparameters( key->group, priv_key->parameters)) == NULL) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } } @@ -429,7 +428,7 @@ int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) { if (!(key->enc_flag & EC_PKEY_NO_PUBKEY) && key->pub_key != NULL) { priv_key->publicKey = M_ASN1_BIT_STRING_new(); if (priv_key->publicKey == NULL) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -439,7 +438,7 @@ int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) { if (tmp_len > buf_len) { uint8_t *tmp_buffer = OPENSSL_realloc(buffer, tmp_len); if (!tmp_buffer) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } buffer = tmp_buffer; @@ -448,21 +447,21 @@ int i2d_ECPrivateKey(const EC_KEY *key, uint8_t **outp) { if (!EC_POINT_point2oct(key->group, key->pub_key, key->conv_form, buffer, buf_len, NULL)) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_ASN1_LIB); goto err; } } ret = i2d_EC_PRIVATEKEY(priv_key, outp); if (ret == 0) { - OPENSSL_PUT_ERROR(EC, i2d_ECPrivateKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } ok = 1; @@ -475,7 +474,7 @@ err: int i2d_ECParameters(const EC_KEY *key, uint8_t **outp) { if (key == NULL) { - OPENSSL_PUT_ERROR(EC, i2d_ECParameters, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } return i2d_ECPKParameters(key->group, outp); @@ -485,14 +484,14 @@ EC_KEY *d2i_ECParameters(EC_KEY **key, const uint8_t **inp, long len) { EC_KEY *ret; if (inp == NULL || *inp == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECParameters, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (key == NULL || *key == NULL) { ret = EC_KEY_new(); if (ret == NULL) { - OPENSSL_PUT_ERROR(EC, d2i_ECParameters, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return NULL; } } else { @@ -500,7 +499,7 @@ EC_KEY *d2i_ECParameters(EC_KEY **key, const uint8_t **inp, long len) { } if (!d2i_ECPKParameters(&ret->group, inp, len)) { - OPENSSL_PUT_ERROR(EC, d2i_ECParameters, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); if (key == NULL || *key == NULL) { EC_KEY_free(ret); } @@ -517,17 +516,17 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **keyp, const uint8_t **inp, long len) { EC_KEY *ret = NULL; if (keyp == NULL || *keyp == NULL || (*keyp)->group == NULL) { - OPENSSL_PUT_ERROR(EC, o2i_ECPublicKey, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } ret = *keyp; if (ret->pub_key == NULL && (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { - OPENSSL_PUT_ERROR(EC, o2i_ECPublicKey, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return 0; } if (!EC_POINT_oct2point(ret->group, ret->pub_key, *inp, len, NULL)) { - OPENSSL_PUT_ERROR(EC, o2i_ECPublicKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); return 0; } /* save the point conversion form */ @@ -541,7 +540,7 @@ int i2o_ECPublicKey(const EC_KEY *key, uint8_t **outp) { int new_buffer = 0; if (key == NULL) { - OPENSSL_PUT_ERROR(EC, i2o_ECPublicKey, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -556,14 +555,14 @@ int i2o_ECPublicKey(const EC_KEY *key, uint8_t **outp) { if (*outp == NULL) { *outp = OPENSSL_malloc(buf_len); if (*outp == NULL) { - OPENSSL_PUT_ERROR(EC, i2o_ECPublicKey, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return 0; } new_buffer = 1; } if (!EC_POINT_point2oct(key->group, key->pub_key, key->conv_form, *outp, buf_len, NULL)) { - OPENSSL_PUT_ERROR(EC, i2o_ECPublicKey, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); if (new_buffer) { OPENSSL_free(*outp); *outp = NULL; diff --git a/src/crypto/ec/ec_key.c b/src/crypto/ec/ec_key.c index e5cbfed..0defa98 100644 --- a/src/crypto/ec/ec_key.c +++ b/src/crypto/ec/ec_key.c @@ -87,7 +87,7 @@ EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); } EC_KEY *EC_KEY_new_method(const ENGINE *engine) { EC_KEY *ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY)); if (ret == NULL) { - OPENSSL_PUT_ERROR(EC, EC_KEY_new_method, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return NULL; } @@ -127,7 +127,7 @@ err1: EC_KEY *EC_KEY_new_by_curve_name(int nid) { EC_KEY *ret = EC_KEY_new(); if (ret == NULL) { - OPENSSL_PUT_ERROR(EC, EC_KEY_new_by_curve_name, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return NULL; } ret->group = EC_GROUP_new_by_curve_name(nid); @@ -166,7 +166,7 @@ void EC_KEY_free(EC_KEY *r) { EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) { if (dest == NULL || src == NULL) { - OPENSSL_PUT_ERROR(EC, EC_KEY_copy, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return NULL; } /* Copy the parameters. */ @@ -300,12 +300,12 @@ int EC_KEY_check_key(const EC_KEY *eckey) { EC_POINT *point = NULL; if (!eckey || !eckey->group || !eckey->pub_key) { - OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { - OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_POINT_AT_INFINITY); + OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY); goto err; } @@ -319,7 +319,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) { /* testing whether the pub_key is on the elliptic curve */ if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { - OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_POINT_IS_NOT_ON_CURVE); + OPENSSL_PUT_ERROR(EC, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } /* testing whether pub_key * order is the point at infinity */ @@ -327,15 +327,15 @@ int EC_KEY_check_key(const EC_KEY *eckey) { * to check the private key, below? */ order = &eckey->group->order; if (BN_is_zero(order)) { - OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_INVALID_GROUP_ORDER); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER); goto err; } if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { - OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } if (!EC_POINT_is_at_infinity(eckey->group, point)) { - OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_WRONG_ORDER); + OPENSSL_PUT_ERROR(EC, EC_R_WRONG_ORDER); goto err; } /* in case the priv_key is present : @@ -343,15 +343,15 @@ int EC_KEY_check_key(const EC_KEY *eckey) { */ if (eckey->priv_key) { if (BN_cmp(eckey->priv_key, order) >= 0) { - OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_WRONG_ORDER); + OPENSSL_PUT_ERROR(EC, EC_R_WRONG_ORDER); goto err; } if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) { - OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB); goto err; } if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) { - OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_INVALID_PRIVATE_KEY); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_PRIVATE_KEY); goto err; } } @@ -371,8 +371,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, int ok = 0; if (!key || !key->group || !x || !y) { - OPENSSL_PUT_ERROR(EC, EC_KEY_set_public_key_affine_coordinates, - ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } ctx = BN_CTX_new(); @@ -394,8 +393,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, /* Check if retrieved coordinates match originals: if not values * are out of range. */ if (BN_cmp(x, tx) || BN_cmp(y, ty)) { - OPENSSL_PUT_ERROR(EC, EC_KEY_set_public_key_affine_coordinates, - EC_R_COORDINATES_OUT_OF_RANGE); + OPENSSL_PUT_ERROR(EC, EC_R_COORDINATES_OUT_OF_RANGE); goto err; } @@ -422,7 +420,7 @@ int EC_KEY_generate_key(EC_KEY *eckey) { EC_POINT *pub_key = NULL; if (!eckey || !eckey->group) { - OPENSSL_PUT_ERROR(EC, EC_KEY_generate_key, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } diff --git a/src/crypto/ec/ec_montgomery.c b/src/crypto/ec/ec_montgomery.c index 74dbc6c..b897000 100644 --- a/src/crypto/ec/ec_montgomery.c +++ b/src/crypto/ec/ec_montgomery.c @@ -200,7 +200,7 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, goto err; } if (!BN_MONT_CTX_set(mont, p, ctx)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_mont_group_set_curve, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } one = BN_new(); @@ -232,7 +232,7 @@ err: int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { if (group->mont == NULL) { - OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_mul, EC_R_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EC, EC_R_NOT_INITIALIZED); return 0; } @@ -242,7 +242,7 @@ int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { if (group->mont == NULL) { - OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_sqr, EC_R_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EC, EC_R_NOT_INITIALIZED); return 0; } @@ -252,7 +252,7 @@ int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { if (group->mont == NULL) { - OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_encode, EC_R_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EC, EC_R_NOT_INITIALIZED); return 0; } @@ -262,7 +262,7 @@ int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { if (group->mont == NULL) { - OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_decode, EC_R_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EC, EC_R_NOT_INITIALIZED); return 0; } @@ -272,7 +272,7 @@ int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) { if (group->one == NULL) { - OPENSSL_PUT_ERROR(EC, ec_GFp_mont_field_set_to_one, EC_R_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EC, EC_R_NOT_INITIALIZED); return 0; } diff --git a/src/crypto/ec/oct.c b/src/crypto/ec/oct.c index 816a42f..cb50e17 100644 --- a/src/crypto/ec/oct.c +++ b/src/crypto/ec/oct.c @@ -85,7 +85,7 @@ static size_t ec_GFp_simple_point2oct(const EC_GROUP *group, if ((form != POINT_CONVERSION_COMPRESSED) && (form != POINT_CONVERSION_UNCOMPRESSED)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_point2oct, EC_R_INVALID_FORM); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FORM); goto err; } @@ -93,7 +93,7 @@ static size_t ec_GFp_simple_point2oct(const EC_GROUP *group, /* encodes to a single 0 octet */ if (buf != NULL) { if (len < 1) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_point2oct, EC_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL); return 0; } buf[0] = 0; @@ -110,7 +110,7 @@ static size_t ec_GFp_simple_point2oct(const EC_GROUP *group, /* if 'buf' is NULL, just return required length */ if (buf != NULL) { if (len < ret) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_point2oct, EC_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL); goto err; } @@ -142,21 +142,21 @@ static size_t ec_GFp_simple_point2oct(const EC_GROUP *group, i = 1; if (!BN_bn2bin_padded(buf + i, field_len, x)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_point2oct, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } i += field_len; if (form == POINT_CONVERSION_UNCOMPRESSED) { if (!BN_bn2bin_padded(buf + i, field_len, y)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_point2oct, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } i += field_len; } if (i != ret) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_point2oct, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } } @@ -187,7 +187,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, int ret = 0; if (len == 0) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL); return 0; } form = buf[0]; @@ -195,17 +195,17 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, form = form & ~1U; if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) && (form != POINT_CONVERSION_UNCOMPRESSED)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING); return 0; } if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING); return 0; } if (form == 0) { if (len != 1) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING); return 0; } @@ -217,7 +217,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; if (len != enc_len) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING); return 0; } @@ -231,7 +231,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); - if (y == NULL) { + if (x == NULL || y == NULL) { goto err; } @@ -239,7 +239,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, goto err; } if (BN_ucmp(x, &group->field) >= 0) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING); goto err; } @@ -252,7 +252,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, goto err; } if (BN_ucmp(y, &group->field) >= 0) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING); goto err; } @@ -263,7 +263,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, /* test required by X9.62 */ if (!EC_POINT_is_on_curve(group, point, ctx)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_POINT_IS_NOT_ON_CURVE); + OPENSSL_PUT_ERROR(EC, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } @@ -279,12 +279,11 @@ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, const uint8_t *buf, size_t len, BN_CTX *ctx) { if (group->meth->oct2point == 0 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - OPENSSL_PUT_ERROR(EC, EC_POINT_oct2point, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_oct2point, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { @@ -299,12 +298,11 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, size_t len, BN_CTX *ctx) { if (group->meth->point2oct == 0 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - OPENSSL_PUT_ERROR(EC, EC_POINT_point2oct, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_point2oct, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { @@ -406,9 +404,9 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { ERR_clear_error(); - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates, EC_R_INVALID_COMPRESSED_POINT); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSED_POINT); } else { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); } goto err; } @@ -423,12 +421,10 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, } if (kron == 1) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates, - EC_R_INVALID_COMPRESSION_BIT); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSION_BIT); } else { /* BN_mod_sqrt() should have cought this error (not a square) */ - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates, - EC_R_INVALID_COMPRESSED_POINT); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_COMPRESSED_POINT); } goto err; } @@ -437,8 +433,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, } } if (y_bit != BN_is_odd(y)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_set_compressed_coordinates, - ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } @@ -459,13 +454,11 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, int y_bit, BN_CTX *ctx) { if (group->meth->point_set_compressed_coordinates == 0 && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - OPENSSL_PUT_ERROR(EC, EC_POINT_set_compressed_coordinates_GFp, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (group->meth != point->meth) { - OPENSSL_PUT_ERROR(EC, EC_POINT_set_compressed_coordinates_GFp, - EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { diff --git a/src/crypto/ec/p256-64.c b/src/crypto/ec/p256-64.c index fdb942c..3946b29 100644 --- a/src/crypto/ec/p256-64.c +++ b/src/crypto/ec/p256-64.c @@ -125,7 +125,7 @@ static void flip_endian(u8 *out, const u8 *in, unsigned len) { /* BN_to_felem converts an OpenSSL BIGNUM into an felem. */ static int BN_to_felem(felem out, const BIGNUM *bn) { if (BN_is_negative(bn)) { - OPENSSL_PUT_ERROR(EC, BN_to_felem, EC_R_BIGNUM_OUT_OF_RANGE); + OPENSSL_PUT_ERROR(EC, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -134,7 +134,7 @@ static int BN_to_felem(felem out, const BIGNUM *bn) { memset(b_out, 0, sizeof(b_out)); unsigned num_bytes = BN_num_bytes(bn); if (num_bytes > sizeof(b_out)) { - OPENSSL_PUT_ERROR(EC, BN_to_felem, EC_R_BIGNUM_OUT_OF_RANGE); + OPENSSL_PUT_ERROR(EC, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -1638,8 +1638,7 @@ int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, if (BN_cmp(curve_p, p) || BN_cmp(curve_a, a) || BN_cmp(curve_b, b)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_group_set_curve, - EC_R_WRONG_CURVE_PARAMETERS); + OPENSSL_PUT_ERROR(EC, EC_R_WRONG_CURVE_PARAMETERS); goto err; } ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); @@ -1661,8 +1660,7 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, longfelem tmp; if (EC_POINT_is_at_infinity(group, point)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_point_get_affine_coordinates, - EC_R_POINT_AT_INFINITY); + OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY); return 0; } if (!BN_to_felem(x_in, &point->X) || @@ -1677,8 +1675,7 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, felem_reduce(x_in, tmp); felem_contract(x_out, x_in); if (x != NULL && !smallfelem_to_BN(x, x_out)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_point_get_affine_coordinates, - ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); return 0; } felem_mul(tmp, z1, z2); @@ -1687,8 +1684,7 @@ int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, felem_reduce(y_in, tmp); felem_contract(y_out, y_in); if (y != NULL && !smallfelem_to_BN(y, y_out)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_point_get_affine_coordinates, - ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); return 0; } return 1; @@ -1763,7 +1759,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) || !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { - OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } if (!ec_point_set_Jprojective_coordinates_GFp(group, generator, x, y, z, @@ -1794,7 +1790,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, } if (secrets == NULL || pre_comp == NULL || (mixed && tmp_smallfelems == NULL)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -1818,7 +1814,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, /* this is an unusual input, and we don't guarantee * constant-timeness. */ if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } num_bytes = BN_bn2bin(tmp_scalar, tmp); @@ -1863,7 +1859,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, /* this is an unusual input, and we don't guarantee * constant-timeness. */ if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } num_bytes = BN_bn2bin(tmp_scalar, tmp); @@ -1889,7 +1885,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, if (!smallfelem_to_BN(x, x_in) || !smallfelem_to_BN(y, y_in) || !smallfelem_to_BN(z, z_in)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_nistp256_points_mul, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } ret = ec_point_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); diff --git a/src/crypto/ec/simple.c b/src/crypto/ec/simple.c index 69fd2e4..c62199c 100644 --- a/src/crypto/ec/simple.c +++ b/src/crypto/ec/simple.c @@ -172,7 +172,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, const BIGNUM *p, /* p must be a prime > 3 */ if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_group_set_curve, EC_R_INVALID_FIELD); + OPENSSL_PUT_ERROR(EC, EC_R_INVALID_FIELD); return 0; } @@ -283,8 +283,7 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) { if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_group_check_discriminant, - ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } } @@ -492,8 +491,7 @@ int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, const BIGNUM *y, BN_CTX *ctx) { if (x == NULL || y == NULL) { /* unlike for projective coordinates, we do not tolerate this */ - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_point_set_affine_coordinates, - ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -510,8 +508,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, int ret = 0; if (EC_POINT_is_at_infinity(group, point)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_point_get_affine_coordinates, - EC_R_POINT_AT_INFINITY); + OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY); return 0; } @@ -527,7 +524,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, Z_1 = BN_CTX_get(ctx); Z_2 = BN_CTX_get(ctx); Z_3 = BN_CTX_get(ctx); - if (Z_3 == NULL) { + if (Z == NULL || Z_1 == NULL || Z_2 == NULL || Z_3 == NULL) { goto err; } @@ -560,8 +557,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, } } else { if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_point_get_affine_coordinates, - ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } @@ -1183,7 +1179,7 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, goto err; } if (!point->Z_is_one) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_make_affine, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } @@ -1269,7 +1265,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, * non-zero points[i]->Z by its inverse. */ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) { - OPENSSL_PUT_ERROR(EC, ec_GFp_simple_points_make_affine, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(EC, ERR_R_BN_LIB); goto err; } diff --git a/src/crypto/ec/wnaf.c b/src/crypto/ec/wnaf.c index ae0d73f..7fa0e1b 100644 --- a/src/crypto/ec/wnaf.c +++ b/src/crypto/ec/wnaf.c @@ -100,7 +100,7 @@ static EC_PRE_COMP *ec_pre_comp_new(void) { ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); if (!ret) { - OPENSSL_PUT_ERROR(EC, ec_pre_comp_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); return ret; } ret->blocksize = 8; /* default */ @@ -158,7 +158,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) { if (BN_is_zero(scalar)) { r = OPENSSL_malloc(1); if (!r) { - OPENSSL_PUT_ERROR(EC, compute_wNAF, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } r[0] = 0; @@ -169,7 +169,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) { if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */ { - OPENSSL_PUT_ERROR(EC, compute_wNAF, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } bit = 1 << w; /* at most 128 */ @@ -181,7 +181,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) { } if (scalar->d == NULL || scalar->top == 0) { - OPENSSL_PUT_ERROR(EC, compute_wNAF, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } @@ -192,7 +192,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) { * (*ret_len will be set to the actual length, i.e. at most * BN_num_bits(scalar) + 1) */ if (r == NULL) { - OPENSSL_PUT_ERROR(EC, compute_wNAF, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } window_val = scalar->d[0] & mask; @@ -225,7 +225,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) { } if (digit <= -bit || digit >= bit || !(digit & 1)) { - OPENSSL_PUT_ERROR(EC, compute_wNAF, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } @@ -235,7 +235,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) { * for modified window NAFs, it may also be 2^w */ if (window_val != 0 && window_val != next_bit && window_val != bit) { - OPENSSL_PUT_ERROR(EC, compute_wNAF, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } } @@ -246,13 +246,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) { window_val += bit * BN_is_bit_set(scalar, j + w); if (window_val > next_bit) { - OPENSSL_PUT_ERROR(EC, compute_wNAF, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } } if (j > len + 1) { - OPENSSL_PUT_ERROR(EC, compute_wNAF, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } len = j; @@ -316,7 +316,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, int ret = 0; if (group->meth != r->meth) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -326,7 +326,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, for (i = 0; i < num; i++) { if (group->meth != points[i]->meth) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, EC_R_INCOMPATIBLE_OBJECTS); + OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS); return 0; } } @@ -341,7 +341,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (scalar != NULL) { generator = EC_GROUP_get0_generator(group); if (generator == NULL) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, EC_R_UNDEFINED_GENERATOR); + OPENSSL_PUT_ERROR(EC, EC_R_UNDEFINED_GENERATOR); goto err; } @@ -366,7 +366,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, /* check that pre_comp looks sane */ if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } } else { @@ -391,7 +391,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } if (!wsize || !wNAF_len || !wNAF || !val_sub) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -420,7 +420,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (pre_comp == NULL) { if (num_scalar != 1) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } /* we have already generated a wNAF for 'scalar' */ @@ -429,7 +429,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t tmp_len = 0; if (num_scalar != 0) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } @@ -463,7 +463,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, /* possibly we can do with fewer blocks than estimated */ numblocks = (tmp_len + blocksize - 1) / blocksize; if (numblocks > pre_comp->numblocks) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); + OPENSSL_free(tmp_wNAF); goto err; } totalnum = num + numblocks; @@ -477,7 +478,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (i < totalnum - 1) { wNAF_len[i] = blocksize; if (tmp_len < blocksize) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); + OPENSSL_free(tmp_wNAF); goto err; } tmp_len -= blocksize; @@ -490,7 +492,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, wNAF[i + 1] = NULL; wNAF[i] = OPENSSL_malloc(wNAF_len[i]); if (wNAF[i] == NULL) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); OPENSSL_free(tmp_wNAF); goto err; } @@ -500,7 +502,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } if (*tmp_points == NULL) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); OPENSSL_free(tmp_wNAF); goto err; } @@ -519,7 +521,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, */ val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); if (val == NULL) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } val[num_val] = NULL; /* pivot element */ @@ -537,7 +539,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } } if (!(v == val + num_val)) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } @@ -695,7 +697,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { generator = EC_GROUP_get0_generator(group); if (generator == NULL) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_precompute_mult, EC_R_UNDEFINED_GENERATOR); + OPENSSL_PUT_ERROR(EC, EC_R_UNDEFINED_GENERATOR); return 0; } @@ -721,7 +723,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { goto err; } if (BN_is_zero(order)) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_precompute_mult, EC_R_UNKNOWN_ORDER); + OPENSSL_PUT_ERROR(EC, EC_R_UNKNOWN_ORDER); goto err; } @@ -749,7 +751,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { points = OPENSSL_malloc(sizeof(EC_POINT *) * (num + 1)); if (!points) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_precompute_mult, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -757,13 +759,13 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { var[num] = NULL; /* pivot */ for (i = 0; i < num; i++) { if ((var[i] = EC_POINT_new(group)) == NULL) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_precompute_mult, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } } if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_precompute_mult, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); goto err; } @@ -795,7 +797,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { size_t k; if (blocksize <= 2) { - OPENSSL_PUT_ERROR(EC, ec_wNAF_precompute_mult, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/src/crypto/ecdh/CMakeLists.txt b/src/crypto/ecdh/CMakeLists.txt index 346e72d..8eaeae5 100644 --- a/src/crypto/ecdh/CMakeLists.txt +++ b/src/crypto/ecdh/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( ecdh diff --git a/src/crypto/ecdh/ecdh.c b/src/crypto/ecdh/ecdh.c index a011bab..14856db 100644 --- a/src/crypto/ecdh/ecdh.c +++ b/src/crypto/ecdh/ecdh.c @@ -95,7 +95,7 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, priv = EC_KEY_get0_private_key(priv_key); if (priv == NULL) { - OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ECDH_R_NO_PRIVATE_VALUE); + OPENSSL_PUT_ERROR(ECDH, ECDH_R_NO_PRIVATE_VALUE); goto err; } @@ -103,35 +103,35 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, tmp = EC_POINT_new(group); if (tmp == NULL) { - OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE); goto err; } if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv, ctx)) { - OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ECDH_R_POINT_ARITHMETIC_FAILURE); + OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE); goto err; } if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) { - OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ECDH_R_POINT_ARITHMETIC_FAILURE); + OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE); goto err; } buflen = (EC_GROUP_get_degree(group) + 7) / 8; buf = OPENSSL_malloc(buflen); if (buf == NULL) { - OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDH, ERR_R_MALLOC_FAILURE); goto err; } if (!BN_bn2bin_padded(buf, buflen, x)) { - OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(ECDH, ERR_R_INTERNAL_ERROR); goto err; } if (KDF != 0) { if (KDF(buf, buflen, out, &outlen) == NULL) { - OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ECDH_R_KDF_FAILED); + OPENSSL_PUT_ERROR(ECDH, ECDH_R_KDF_FAILED); goto err; } ret = outlen; diff --git a/src/crypto/ecdsa/CMakeLists.txt b/src/crypto/ecdsa/CMakeLists.txt index f431e59..e7581be 100644 --- a/src/crypto/ecdsa/CMakeLists.txt +++ b/src/crypto/ecdsa/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( ecdsa diff --git a/src/crypto/ecdsa/ecdsa.c b/src/crypto/ecdsa/ecdsa.c index b71799e..8403d60 100644 --- a/src/crypto/ecdsa/ecdsa.c +++ b/src/crypto/ecdsa/ecdsa.c @@ -52,9 +52,11 @@ #include <openssl/ecdsa.h> +#include <assert.h> #include <string.h> #include <openssl/bn.h> +#include <openssl/bytestring.h> #include <openssl/err.h> #include <openssl/mem.h> @@ -81,16 +83,18 @@ int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len, return eckey->ecdsa_meth->verify(digest, digest_len, sig, sig_len, eckey); } - s = ECDSA_SIG_new(); - const uint8_t *sigp = sig; - if (s == NULL || d2i_ECDSA_SIG(&s, &sigp, sig_len) == NULL || - sigp != sig + sig_len) { + /* Decode the ECDSA signature. */ + s = ECDSA_SIG_from_bytes(sig, sig_len); + if (s == NULL) { goto err; } - /* Ensure that the signature uses DER and doesn't have trailing garbage. */ - const int der_len = i2d_ECDSA_SIG(s, &der); - if (der_len < 0 || (size_t) der_len != sig_len || memcmp(sig, der, sig_len)) { + /* Defend against potential laxness in the DER parser. */ + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, s) || + der_len != sig_len || memcmp(sig, der, sig_len) != 0) { + /* This should never happen. crypto/bytestring is strictly DER. */ + OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR); goto err; } @@ -116,14 +120,14 @@ static int digest_to_bn(BIGNUM *out, const uint8_t *digest, size_t digest_len, digest_len = (num_bits + 7) / 8; } if (!BN_bin2bn(digest, digest_len, out)) { - OPENSSL_PUT_ERROR(ECDSA, digest_to_bn, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); return 0; } /* If still too long truncate remaining bits with a shift */ if ((8 * digest_len > num_bits) && !BN_rshift(out, out, 8 - (num_bits & 0x7))) { - OPENSSL_PUT_ERROR(ECDSA, digest_to_bn, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); return 0; } @@ -145,7 +149,7 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, const EC_POINT *pub_key; if (eckey->ecdsa_meth && eckey->ecdsa_meth->verify) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED); return 0; } @@ -153,13 +157,13 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, if ((group = EC_KEY_get0_group(eckey)) == NULL || (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_MISSING_PARAMETERS); return 0; } ctx = BN_CTX_new(); if (!ctx) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); return 0; } BN_CTX_start(ctx); @@ -168,26 +172,26 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, u2 = BN_CTX_get(ctx); m = BN_CTX_get(ctx); X = BN_CTX_get(ctx); - if (!X) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); + if (order == NULL || u1 == NULL || u2 == NULL || m == NULL || X == NULL) { + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } if (!EC_GROUP_get_order(group, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); goto err; } if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ECDSA_R_BAD_SIGNATURE); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); ret = 0; /* signature is invalid */ goto err; } /* calculate tmp1 = inv(S) mod order */ if (!BN_mod_inverse(u2, sig->s, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } if (!digest_to_bn(m, digest, digest_len, order)) { @@ -195,30 +199,30 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, } /* u1 = m * tmp mod order */ if (!BN_mod_mul(u1, m, u2, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } /* u2 = r * w mod q */ if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } point = EC_POINT_new(group); if (point == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); goto err; } if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); goto err; } if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); goto err; } if (!BN_nnmod(u1, X, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_verify, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } /* if the signature is correct u1 is equal to sig->r */ @@ -241,13 +245,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, int ret = 0; if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (ctx_in == NULL) { if ((ctx = BN_CTX_new()) == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); return 0; } } else { @@ -259,16 +263,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, order = BN_new(); X = BN_new(); if (!k || !r || !order || !X) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); goto err; } tmp_point = EC_POINT_new(group); if (tmp_point == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); goto err; } if (!EC_GROUP_get_order(group, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); goto err; } @@ -286,8 +290,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ok = BN_rand_range(k, order); } if (!ok) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, - ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } while (BN_is_zero(k)); @@ -307,23 +310,23 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); goto err; } if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, NULL, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); goto err; } if (!BN_nnmod(r, X, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } } while (BN_is_zero(r)); /* compute the inverse of k */ if (!BN_mod_inverse(k, k, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } /* clear old values if necessary */ @@ -365,7 +368,7 @@ ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len, const BIGNUM *priv_key; if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ECDSA_R_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED); return NULL; } @@ -373,25 +376,25 @@ ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len, priv_key = EC_KEY_get0_private_key(eckey); if (group == NULL || priv_key == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_PASSED_NULL_PARAMETER); return NULL; } ret = ECDSA_SIG_new(); if (!ret) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); return NULL; } s = ret->s; if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); goto err; } if (!EC_GROUP_get_order(group, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_EC_LIB); goto err; } if (!digest_to_bn(m, digest, digest_len, order)) { @@ -400,35 +403,35 @@ ECDSA_SIG *ECDSA_do_sign_ex(const uint8_t *digest, size_t digest_len, for (;;) { if (in_kinv == NULL || in_r == NULL) { if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, digest, digest_len)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_ECDSA_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_ECDSA_LIB); goto err; } ckinv = kinv; } else { ckinv = in_kinv; if (BN_copy(ret->r, in_r) == NULL) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_MALLOC_FAILURE); goto err; } } if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } if (!BN_mod_add_quick(s, tmp, m, order)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } if (!BN_mod_mul(s, s, ckinv, order, ctx)) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } if (BN_is_zero(s)) { /* if kinv and r have been supplied by the caller * don't to generate new kinv and r values */ if (in_kinv != NULL && in_r != NULL) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_do_sign_ex, ECDSA_R_NEED_NEW_SETUP_VALUES); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NEED_NEW_SETUP_VALUES); goto err; } } else { @@ -455,20 +458,36 @@ err: int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, unsigned int *sig_len, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) { + int ret = 0; ECDSA_SIG *s = NULL; if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) { - OPENSSL_PUT_ERROR(ECDSA, ECDSA_sign_ex, ECDSA_R_NOT_IMPLEMENTED); + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED); *sig_len = 0; - return 0; + goto err; } s = ECDSA_do_sign_ex(digest, digest_len, kinv, r, eckey); if (s == NULL) { *sig_len = 0; - return 0; + goto err; } - *sig_len = i2d_ECDSA_SIG(s, &sig); + + CBB cbb; + CBB_zero(&cbb); + size_t len; + if (!CBB_init_fixed(&cbb, sig, ECDSA_size(eckey)) || + !ECDSA_SIG_marshal(&cbb, s) || + !CBB_finish(&cbb, NULL, &len)) { + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); + CBB_cleanup(&cbb); + *sig_len = 0; + goto err; + } + *sig_len = (unsigned)len; + ret = 1; + +err: ECDSA_SIG_free(s); - return 1; + return ret; } diff --git a/src/crypto/ecdsa/ecdsa_asn1.c b/src/crypto/ecdsa/ecdsa_asn1.c index f557ca7..f2d7c36 100644 --- a/src/crypto/ecdsa/ecdsa_asn1.c +++ b/src/crypto/ecdsa/ecdsa_asn1.c @@ -52,45 +52,33 @@ #include <openssl/ecdsa.h> -#include <openssl/asn1.h> -#include <openssl/asn1t.h> +#include <limits.h> +#include <string.h> + +#include <openssl/bn.h> +#include <openssl/bytestring.h> +#include <openssl/err.h> #include <openssl/ec_key.h> #include <openssl/mem.h> #include "../ec/internal.h" -DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG); -DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG); - -ASN1_SEQUENCE(ECDSA_SIG) = { - ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), - ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM), -} ASN1_SEQUENCE_END(ECDSA_SIG); - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG); - size_t ECDSA_size(const EC_KEY *key) { - size_t ret, i, group_order_size; - ASN1_INTEGER bs; - BIGNUM *order = NULL; - unsigned char buf[4]; - const EC_GROUP *group; + if (key == NULL) { + return 0; + } + size_t group_order_size; if (key->ecdsa_meth && key->ecdsa_meth->group_order_size) { group_order_size = key->ecdsa_meth->group_order_size(key); } else { - size_t num_bits; - - if (key == NULL) { - return 0; - } - group = EC_KEY_get0_group(key); + const EC_GROUP *group = EC_KEY_get0_group(key); if (group == NULL) { return 0; } - order = BN_new(); + BIGNUM *order = BN_new(); if (order == NULL) { return 0; } @@ -99,21 +87,11 @@ size_t ECDSA_size(const EC_KEY *key) { return 0; } - num_bits = BN_num_bits(order); - group_order_size = (num_bits + 7) / 8; + group_order_size = BN_num_bytes(order); + BN_clear_free(order); } - bs.length = group_order_size; - bs.data = buf; - bs.type = V_ASN1_INTEGER; - /* If the top bit is set the ASN.1 encoding is 1 larger. */ - buf[0] = 0xff; - - i = i2d_ASN1_INTEGER(&bs, NULL); - i += i; /* r and s */ - ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); - BN_clear_free(order); - return ret; + return ECDSA_SIG_max_len(group_order_size); } ECDSA_SIG *ECDSA_SIG_new(void) { @@ -139,3 +117,134 @@ void ECDSA_SIG_free(ECDSA_SIG *sig) { BN_free(sig->s); OPENSSL_free(sig); } + +ECDSA_SIG *ECDSA_SIG_parse(CBS *cbs) { + ECDSA_SIG *ret = ECDSA_SIG_new(); + if (ret == NULL) { + return NULL; + } + CBS child; + if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) || + !BN_cbs2unsigned(&child, ret->r) || + !BN_cbs2unsigned(&child, ret->s) || + CBS_len(&child) != 0) { + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); + ECDSA_SIG_free(ret); + return NULL; + } + return ret; +} + +ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in, size_t in_len) { + CBS cbs; + CBS_init(&cbs, in, in_len); + ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs); + if (ret == NULL || CBS_len(&cbs) != 0) { + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); + ECDSA_SIG_free(ret); + return NULL; + } + return ret; +} + +int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig) { + CBB child; + if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) || + !BN_bn2cbb(&child, sig->r) || + !BN_bn2cbb(&child, sig->s) || + !CBB_flush(cbb)) { + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); + return 0; + } + return 1; +} + +int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len, + const ECDSA_SIG *sig) { + CBB cbb; + CBB_zero(&cbb); + if (!CBB_init(&cbb, 0) || + !ECDSA_SIG_marshal(&cbb, sig) || + !CBB_finish(&cbb, out_bytes, out_len)) { + OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); + CBB_cleanup(&cbb); + return 0; + } + return 1; +} + +/* der_len_len returns the number of bytes needed to represent a length of |len| + * in DER. */ +static size_t der_len_len(size_t len) { + if (len < 0x80) { + return 1; + } + size_t ret = 1; + while (len > 0) { + ret++; + len >>= 8; + } + return ret; +} + +size_t ECDSA_SIG_max_len(size_t order_len) { + /* Compute the maximum length of an |order_len| byte integer. Defensively + * assume that the leading 0x00 is included. */ + size_t integer_len = 1 /* tag */ + der_len_len(order_len + 1) + 1 + order_len; + if (integer_len < order_len) { + return 0; + } + /* An ECDSA signature is two INTEGERs. */ + size_t value_len = 2 * integer_len; + if (value_len < integer_len) { + return 0; + } + /* Add the header. */ + size_t ret = 1 /* tag */ + der_len_len(value_len) + value_len; + if (ret < value_len) { + return 0; + } + return ret; +} + +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp, long len) { + if (len < 0) { + return NULL; + } + CBS cbs; + CBS_init(&cbs, *inp, (size_t)len); + ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs); + if (ret == NULL) { + return NULL; + } + if (out != NULL) { + ECDSA_SIG_free(*out); + *out = ret; + } + *inp += (size_t)len - CBS_len(&cbs); + return ret; +} + +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp) { + uint8_t *der; + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, sig)) { + return -1; + } + if (der_len > INT_MAX) { + OPENSSL_PUT_ERROR(ECDSA, ERR_R_OVERFLOW); + OPENSSL_free(der); + return -1; + } + if (outp != NULL) { + if (*outp == NULL) { + *outp = der; + der = NULL; + } else { + memcpy(*outp, der, der_len); + *outp += der_len; + } + } + OPENSSL_free(der); + return (int)der_len; +} diff --git a/src/crypto/ecdsa/ecdsa_test.cc b/src/crypto/ecdsa/ecdsa_test.cc index a6bd7a1..b916509 100644 --- a/src/crypto/ecdsa/ecdsa_test.cc +++ b/src/crypto/ecdsa/ecdsa_test.cc @@ -78,18 +78,13 @@ static bool VerifyECDSASig(Api api, const uint8_t *digest, switch (api) { case kEncodedApi: { - int sig_len = i2d_ECDSA_SIG(ecdsa_sig, NULL); - if (sig_len <= 0) { + uint8_t *der; + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, ecdsa_sig)) { return false; } - std::vector<uint8_t> signature(static_cast<size_t>(sig_len)); - uint8_t *sig_ptr = bssl::vector_data(&signature); - sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); - if (sig_len <= 0) { - return false; - } - actual_result = ECDSA_verify(0, digest, digest_len, bssl::vector_data(&signature), - signature.size(), eckey); + ScopedOpenSSLBytes delete_der(der); + actual_result = ECDSA_verify(0, digest, digest_len, der, der_len, eckey); break; } @@ -267,8 +262,8 @@ static bool TestBuiltin(FILE *out) { fprintf(out, "."); fflush(out); // Verify a tampered signature. - const uint8_t *sig_ptr = bssl::vector_data(&signature); - ScopedECDSA_SIG ecdsa_sig(d2i_ECDSA_SIG(NULL, &sig_ptr, signature.size())); + ScopedECDSA_SIG ecdsa_sig(ECDSA_SIG_from_bytes( + bssl::vector_data(&signature), signature.size())); if (!ecdsa_sig || !TestTamperedSig(out, kEncodedApi, digest, 20, ecdsa_sig.get(), eckey.get(), order.get())) { @@ -325,11 +320,45 @@ static bool TestBuiltin(FILE *out) { return true; } +static bool TestECDSA_SIG_max_len(size_t order_len) { + /* Create the largest possible |ECDSA_SIG| of the given constraints. */ + ScopedECDSA_SIG sig(ECDSA_SIG_new()); + if (!sig) { + return false; + } + std::vector<uint8_t> bytes(order_len, 0xff); + if (!BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->r) || + !BN_bin2bn(bssl::vector_data(&bytes), bytes.size(), sig->s)) { + return false; + } + /* Serialize it. */ + uint8_t *der; + size_t der_len; + if (!ECDSA_SIG_to_bytes(&der, &der_len, sig.get())) { + return false; + } + ScopedOpenSSLBytes delete_der(der); + + size_t max_len = ECDSA_SIG_max_len(order_len); + if (max_len != der_len) { + fprintf(stderr, "ECDSA_SIG_max_len(%u) returned %u, wanted %u\n", + static_cast<unsigned>(order_len), static_cast<unsigned>(max_len), + static_cast<unsigned>(der_len)); + return false; + } + return true; +} + int main(void) { CRYPTO_library_init(); ERR_load_crypto_strings(); - if (!TestBuiltin(stdout)) { + if (!TestBuiltin(stdout) || + !TestECDSA_SIG_max_len(224/8) || + !TestECDSA_SIG_max_len(256/8) || + !TestECDSA_SIG_max_len(384/8) || + !TestECDSA_SIG_max_len(512/8) || + !TestECDSA_SIG_max_len(10000)) { printf("\nECDSA test failed\n"); ERR_print_errors_fp(stdout); return 1; diff --git a/src/crypto/engine/CMakeLists.txt b/src/crypto/engine/CMakeLists.txt index e03650e..5667f02 100644 --- a/src/crypto/engine/CMakeLists.txt +++ b/src/crypto/engine/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( engine diff --git a/src/crypto/err/CMakeLists.txt b/src/crypto/err/CMakeLists.txt index 5215eec..8519e51 100644 --- a/src/crypto/err/CMakeLists.txt +++ b/src/crypto/err/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_custom_command( OUTPUT err_data.c @@ -8,10 +8,8 @@ add_custom_command( asn1.errordata bio.errordata bn.errordata - buf.errordata cipher.errordata conf.errordata - crypto.errordata dh.errordata digest.errordata dsa.errordata diff --git a/src/crypto/err/asn1.errordata b/src/crypto/err/asn1.errordata index 44b9c73..55342a0 100644 --- a/src/crypto/err/asn1.errordata +++ b/src/crypto/err/asn1.errordata @@ -1,152 +1,88 @@ -ASN1,function,100,ASN1_BIT_STRING_set_bit -ASN1,function,101,ASN1_ENUMERATED_set -ASN1,function,102,ASN1_ENUMERATED_to_BN -ASN1,function,103,ASN1_GENERALIZEDTIME_adj -ASN1,function,104,ASN1_INTEGER_set -ASN1,function,105,ASN1_INTEGER_to_BN -ASN1,function,106,ASN1_OBJECT_new -ASN1,function,107,ASN1_PCTX_new -ASN1,function,108,ASN1_STRING_TABLE_add -ASN1,function,109,ASN1_STRING_set -ASN1,function,110,ASN1_STRING_type_new -ASN1,function,111,ASN1_TIME_adj -ASN1,function,112,ASN1_UTCTIME_adj -ASN1,function,113,ASN1_d2i_fp -ASN1,function,114,ASN1_dup -ASN1,function,115,ASN1_generate_v3 -ASN1,function,116,ASN1_get_object -ASN1,function,117,ASN1_i2d_bio -ASN1,function,118,ASN1_i2d_fp -ASN1,function,119,ASN1_item_d2i_fp -ASN1,function,120,ASN1_item_dup -ASN1,function,121,ASN1_item_ex_d2i -ASN1,function,122,ASN1_item_i2d_bio -ASN1,function,123,ASN1_item_i2d_fp -ASN1,function,124,ASN1_item_pack -ASN1,function,125,ASN1_item_unpack -ASN1,function,126,ASN1_mbstring_ncopy -ASN1,function,127,ASN1_template_new -ASN1,function,128,BIO_new_NDEF -ASN1,function,129,BN_to_ASN1_ENUMERATED -ASN1,function,130,BN_to_ASN1_INTEGER -ASN1,function,131,a2d_ASN1_OBJECT -ASN1,function,132,a2i_ASN1_ENUMERATED -ASN1,function,133,a2i_ASN1_INTEGER -ASN1,function,134,a2i_ASN1_STRING -ASN1,function,135,append_exp -ASN1,function,136,asn1_cb -ASN1,function,137,asn1_check_tlen -ASN1,function,138,asn1_collate_primitive -ASN1,function,139,asn1_collect -ASN1,function,140,asn1_d2i_ex_primitive -ASN1,function,141,asn1_d2i_read_bio -ASN1,function,142,asn1_do_adb -ASN1,function,143,asn1_ex_c2i -ASN1,function,144,asn1_find_end -ASN1,function,145,asn1_item_ex_combine_new -ASN1,function,146,asn1_str2type -ASN1,function,147,asn1_template_ex_d2i -ASN1,function,148,asn1_template_noexp_d2i -ASN1,function,149,bitstr_cb -ASN1,function,150,c2i_ASN1_BIT_STRING -ASN1,function,151,c2i_ASN1_INTEGER -ASN1,function,152,c2i_ASN1_OBJECT -ASN1,function,153,collect_data -ASN1,function,154,d2i_ASN1_BOOLEAN -ASN1,function,155,d2i_ASN1_OBJECT -ASN1,function,156,d2i_ASN1_UINTEGER -ASN1,function,157,d2i_ASN1_UTCTIME -ASN1,function,158,d2i_ASN1_bytes -ASN1,function,159,d2i_ASN1_type_bytes -ASN1,function,160,i2d_ASN1_TIME -ASN1,function,161,i2d_PrivateKey -ASN1,function,162,long_c2i -ASN1,function,163,parse_tagging -ASN1,reason,100,ASN1_LENGTH_MISMATCH -ASN1,reason,101,AUX_ERROR -ASN1,reason,102,BAD_GET_ASN1_OBJECT_CALL -ASN1,reason,103,BAD_OBJECT_HEADER -ASN1,reason,104,BMPSTRING_IS_WRONG_LENGTH -ASN1,reason,105,BN_LIB -ASN1,reason,106,BOOLEAN_IS_WRONG_LENGTH -ASN1,reason,107,BUFFER_TOO_SMALL -ASN1,reason,108,DECODE_ERROR -ASN1,reason,109,DEPTH_EXCEEDED -ASN1,reason,110,ENCODE_ERROR -ASN1,reason,111,ERROR_GETTING_TIME -ASN1,reason,112,EXPECTING_AN_ASN1_SEQUENCE -ASN1,reason,113,EXPECTING_AN_INTEGER -ASN1,reason,114,EXPECTING_AN_OBJECT -ASN1,reason,115,EXPECTING_A_BOOLEAN -ASN1,reason,116,EXPECTING_A_TIME -ASN1,reason,117,EXPLICIT_LENGTH_MISMATCH -ASN1,reason,118,EXPLICIT_TAG_NOT_CONSTRUCTED -ASN1,reason,119,FIELD_MISSING -ASN1,reason,120,FIRST_NUM_TOO_LARGE -ASN1,reason,121,HEADER_TOO_LONG -ASN1,reason,122,ILLEGAL_BITSTRING_FORMAT -ASN1,reason,123,ILLEGAL_BOOLEAN -ASN1,reason,124,ILLEGAL_CHARACTERS -ASN1,reason,125,ILLEGAL_FORMAT -ASN1,reason,126,ILLEGAL_HEX -ASN1,reason,127,ILLEGAL_IMPLICIT_TAG -ASN1,reason,128,ILLEGAL_INTEGER -ASN1,reason,129,ILLEGAL_NESTED_TAGGING -ASN1,reason,130,ILLEGAL_NULL -ASN1,reason,131,ILLEGAL_NULL_VALUE -ASN1,reason,132,ILLEGAL_OBJECT -ASN1,reason,133,ILLEGAL_OPTIONAL_ANY -ASN1,reason,134,ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE -ASN1,reason,135,ILLEGAL_TAGGED_ANY -ASN1,reason,136,ILLEGAL_TIME_VALUE -ASN1,reason,137,INTEGER_NOT_ASCII_FORMAT -ASN1,reason,138,INTEGER_TOO_LARGE_FOR_LONG -ASN1,reason,139,INVALID_BIT_STRING_BITS_LEFT -ASN1,reason,140,INVALID_BMPSTRING_LENGTH -ASN1,reason,141,INVALID_DIGIT -ASN1,reason,142,INVALID_MODIFIER -ASN1,reason,143,INVALID_NUMBER -ASN1,reason,144,INVALID_OBJECT_ENCODING -ASN1,reason,145,INVALID_SEPARATOR -ASN1,reason,146,INVALID_TIME_FORMAT -ASN1,reason,147,INVALID_UNIVERSALSTRING_LENGTH -ASN1,reason,148,INVALID_UTF8STRING -ASN1,reason,149,LIST_ERROR -ASN1,reason,150,MALLOC_FAILURE -ASN1,reason,151,MISSING_ASN1_EOS -ASN1,reason,152,MISSING_EOC -ASN1,reason,153,MISSING_SECOND_NUMBER -ASN1,reason,154,MISSING_VALUE -ASN1,reason,155,MSTRING_NOT_UNIVERSAL -ASN1,reason,156,MSTRING_WRONG_TAG -ASN1,reason,157,NESTED_ASN1_ERROR -ASN1,reason,158,NESTED_ASN1_STRING -ASN1,reason,159,NON_HEX_CHARACTERS -ASN1,reason,160,NOT_ASCII_FORMAT -ASN1,reason,161,NOT_ENOUGH_DATA -ASN1,reason,162,NO_MATCHING_CHOICE_TYPE -ASN1,reason,163,NULL_IS_WRONG_LENGTH -ASN1,reason,164,OBJECT_NOT_ASCII_FORMAT -ASN1,reason,165,ODD_NUMBER_OF_CHARS -ASN1,reason,166,SECOND_NUMBER_TOO_LARGE -ASN1,reason,167,SEQUENCE_LENGTH_MISMATCH -ASN1,reason,168,SEQUENCE_NOT_CONSTRUCTED -ASN1,reason,169,SEQUENCE_OR_SET_NEEDS_CONFIG -ASN1,reason,170,SHORT_LINE -ASN1,reason,171,STREAMING_NOT_SUPPORTED -ASN1,reason,172,STRING_TOO_LONG -ASN1,reason,173,STRING_TOO_SHORT -ASN1,reason,174,TAG_VALUE_TOO_HIGH -ASN1,reason,175,TIME_NOT_ASCII_FORMAT -ASN1,reason,176,TOO_LONG -ASN1,reason,177,TYPE_NOT_CONSTRUCTED -ASN1,reason,178,TYPE_NOT_PRIMITIVE -ASN1,reason,179,UNEXPECTED_EOC -ASN1,reason,180,UNIVERSALSTRING_IS_WRONG_LENGTH -ASN1,reason,181,UNKNOWN_FORMAT -ASN1,reason,182,UNKNOWN_TAG -ASN1,reason,183,UNSUPPORTED_ANY_DEFINED_BY_TYPE -ASN1,reason,184,UNSUPPORTED_PUBLIC_KEY_TYPE -ASN1,reason,185,UNSUPPORTED_TYPE -ASN1,reason,186,WRONG_TAG -ASN1,reason,187,WRONG_TYPE +ASN1,100,ASN1_LENGTH_MISMATCH +ASN1,101,AUX_ERROR +ASN1,102,BAD_GET_ASN1_OBJECT_CALL +ASN1,103,BAD_OBJECT_HEADER +ASN1,104,BMPSTRING_IS_WRONG_LENGTH +ASN1,105,BN_LIB +ASN1,106,BOOLEAN_IS_WRONG_LENGTH +ASN1,107,BUFFER_TOO_SMALL +ASN1,108,DECODE_ERROR +ASN1,109,DEPTH_EXCEEDED +ASN1,110,ENCODE_ERROR +ASN1,111,ERROR_GETTING_TIME +ASN1,112,EXPECTING_AN_ASN1_SEQUENCE +ASN1,113,EXPECTING_AN_INTEGER +ASN1,114,EXPECTING_AN_OBJECT +ASN1,115,EXPECTING_A_BOOLEAN +ASN1,116,EXPECTING_A_TIME +ASN1,117,EXPLICIT_LENGTH_MISMATCH +ASN1,118,EXPLICIT_TAG_NOT_CONSTRUCTED +ASN1,119,FIELD_MISSING +ASN1,120,FIRST_NUM_TOO_LARGE +ASN1,121,HEADER_TOO_LONG +ASN1,122,ILLEGAL_BITSTRING_FORMAT +ASN1,123,ILLEGAL_BOOLEAN +ASN1,124,ILLEGAL_CHARACTERS +ASN1,125,ILLEGAL_FORMAT +ASN1,126,ILLEGAL_HEX +ASN1,127,ILLEGAL_IMPLICIT_TAG +ASN1,128,ILLEGAL_INTEGER +ASN1,129,ILLEGAL_NESTED_TAGGING +ASN1,130,ILLEGAL_NULL +ASN1,131,ILLEGAL_NULL_VALUE +ASN1,132,ILLEGAL_OBJECT +ASN1,133,ILLEGAL_OPTIONAL_ANY +ASN1,134,ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE +ASN1,135,ILLEGAL_TAGGED_ANY +ASN1,136,ILLEGAL_TIME_VALUE +ASN1,137,INTEGER_NOT_ASCII_FORMAT +ASN1,138,INTEGER_TOO_LARGE_FOR_LONG +ASN1,139,INVALID_BIT_STRING_BITS_LEFT +ASN1,140,INVALID_BMPSTRING_LENGTH +ASN1,141,INVALID_DIGIT +ASN1,142,INVALID_MODIFIER +ASN1,143,INVALID_NUMBER +ASN1,144,INVALID_OBJECT_ENCODING +ASN1,145,INVALID_SEPARATOR +ASN1,146,INVALID_TIME_FORMAT +ASN1,147,INVALID_UNIVERSALSTRING_LENGTH +ASN1,148,INVALID_UTF8STRING +ASN1,149,LIST_ERROR +ASN1,150,MALLOC_FAILURE +ASN1,151,MISSING_ASN1_EOS +ASN1,152,MISSING_EOC +ASN1,153,MISSING_SECOND_NUMBER +ASN1,154,MISSING_VALUE +ASN1,155,MSTRING_NOT_UNIVERSAL +ASN1,156,MSTRING_WRONG_TAG +ASN1,157,NESTED_ASN1_ERROR +ASN1,158,NESTED_ASN1_STRING +ASN1,159,NON_HEX_CHARACTERS +ASN1,160,NOT_ASCII_FORMAT +ASN1,161,NOT_ENOUGH_DATA +ASN1,162,NO_MATCHING_CHOICE_TYPE +ASN1,163,NULL_IS_WRONG_LENGTH +ASN1,164,OBJECT_NOT_ASCII_FORMAT +ASN1,165,ODD_NUMBER_OF_CHARS +ASN1,166,SECOND_NUMBER_TOO_LARGE +ASN1,167,SEQUENCE_LENGTH_MISMATCH +ASN1,168,SEQUENCE_NOT_CONSTRUCTED +ASN1,169,SEQUENCE_OR_SET_NEEDS_CONFIG +ASN1,170,SHORT_LINE +ASN1,171,STREAMING_NOT_SUPPORTED +ASN1,172,STRING_TOO_LONG +ASN1,173,STRING_TOO_SHORT +ASN1,174,TAG_VALUE_TOO_HIGH +ASN1,175,TIME_NOT_ASCII_FORMAT +ASN1,176,TOO_LONG +ASN1,177,TYPE_NOT_CONSTRUCTED +ASN1,178,TYPE_NOT_PRIMITIVE +ASN1,179,UNEXPECTED_EOC +ASN1,180,UNIVERSALSTRING_IS_WRONG_LENGTH +ASN1,181,UNKNOWN_FORMAT +ASN1,182,UNKNOWN_TAG +ASN1,183,UNSUPPORTED_ANY_DEFINED_BY_TYPE +ASN1,184,UNSUPPORTED_PUBLIC_KEY_TYPE +ASN1,185,UNSUPPORTED_TYPE +ASN1,186,WRONG_TAG +ASN1,187,WRONG_TYPE diff --git a/src/crypto/err/bio.errordata b/src/crypto/err/bio.errordata index 9f2af02..94b3c97 100644 --- a/src/crypto/err/bio.errordata +++ b/src/crypto/err/bio.errordata @@ -1,36 +1,17 @@ -BIO,function,100,BIO_callback_ctrl -BIO,function,101,BIO_ctrl -BIO,function,102,BIO_new -BIO,function,103,BIO_new_file -BIO,function,104,BIO_new_mem_buf -BIO,function,118,BIO_printf -BIO,function,105,BIO_zero_copy_get_read_buf -BIO,function,106,BIO_zero_copy_get_read_buf_done -BIO,function,107,BIO_zero_copy_get_write_buf -BIO,function,108,BIO_zero_copy_get_write_buf_done -BIO,function,109,bio_io -BIO,function,110,bio_make_pair -BIO,function,111,bio_write -BIO,function,112,buffer_ctrl -BIO,function,113,conn_ctrl -BIO,function,114,conn_state -BIO,function,115,file_ctrl -BIO,function,116,file_read -BIO,function,117,mem_write -BIO,reason,100,BAD_FOPEN_MODE -BIO,reason,101,BROKEN_PIPE -BIO,reason,102,CONNECT_ERROR -BIO,reason,103,ERROR_SETTING_NBIO -BIO,reason,104,INVALID_ARGUMENT -BIO,reason,105,IN_USE -BIO,reason,106,KEEPALIVE -BIO,reason,107,NBIO_CONNECT_ERROR -BIO,reason,108,NO_HOSTNAME_SPECIFIED -BIO,reason,109,NO_PORT_SPECIFIED -BIO,reason,110,NO_SUCH_FILE -BIO,reason,111,NULL_PARAMETER -BIO,reason,112,SYS_LIB -BIO,reason,113,UNABLE_TO_CREATE_SOCKET -BIO,reason,114,UNINITIALIZED -BIO,reason,115,UNSUPPORTED_METHOD -BIO,reason,116,WRITE_TO_READ_ONLY_BIO +BIO,100,BAD_FOPEN_MODE +BIO,101,BROKEN_PIPE +BIO,102,CONNECT_ERROR +BIO,103,ERROR_SETTING_NBIO +BIO,104,INVALID_ARGUMENT +BIO,105,IN_USE +BIO,106,KEEPALIVE +BIO,107,NBIO_CONNECT_ERROR +BIO,108,NO_HOSTNAME_SPECIFIED +BIO,109,NO_PORT_SPECIFIED +BIO,110,NO_SUCH_FILE +BIO,111,NULL_PARAMETER +BIO,112,SYS_LIB +BIO,113,UNABLE_TO_CREATE_SOCKET +BIO,114,UNINITIALIZED +BIO,115,UNSUPPORTED_METHOD +BIO,116,WRITE_TO_READ_ONLY_BIO diff --git a/src/crypto/err/bn.errordata b/src/crypto/err/bn.errordata index 6fd4968..76b6392 100644 --- a/src/crypto/err/bn.errordata +++ b/src/crypto/err/bn.errordata @@ -1,44 +1,19 @@ -BN,function,100,BN_CTX_get -BN,function,101,BN_CTX_new -BN,function,102,BN_CTX_start -BN,function,103,BN_bn2dec -BN,function,104,BN_bn2hex -BN,function,105,BN_div -BN,function,106,BN_div_recp -BN,function,107,BN_exp -BN,function,108,BN_generate_dsa_nonce -BN,function,109,BN_generate_prime_ex -BN,function,125,BN_lshift -BN,function,110,BN_mod_exp2_mont -BN,function,111,BN_mod_exp_mont -BN,function,112,BN_mod_exp_mont_consttime -BN,function,113,BN_mod_exp_mont_word -BN,function,114,BN_mod_inverse -BN,function,115,BN_mod_inverse_no_branch -BN,function,116,BN_mod_lshift_quick -BN,function,117,BN_mod_sqrt -BN,function,118,BN_new -BN,function,119,BN_rand -BN,function,120,BN_rand_range -BN,function,126,BN_rshift -BN,function,121,BN_sqrt -BN,function,122,BN_usub -BN,function,123,bn_wexpand -BN,function,124,mod_exp_recp -BN,reason,100,ARG2_LT_ARG3 -BN,reason,101,BAD_RECIPROCAL -BN,reason,102,BIGNUM_TOO_LONG -BN,reason,103,BITS_TOO_SMALL -BN,reason,104,CALLED_WITH_EVEN_MODULUS -BN,reason,105,DIV_BY_ZERO -BN,reason,106,EXPAND_ON_STATIC_BIGNUM_DATA -BN,reason,107,INPUT_NOT_REDUCED -BN,reason,108,INVALID_RANGE -BN,reason,109,NEGATIVE_NUMBER -BN,reason,110,NOT_A_SQUARE -BN,reason,111,NOT_INITIALIZED -BN,reason,112,NO_INVERSE -BN,reason,113,PRIVATE_KEY_TOO_LARGE -BN,reason,114,P_IS_NOT_PRIME -BN,reason,115,TOO_MANY_ITERATIONS -BN,reason,116,TOO_MANY_TEMPORARY_VARIABLES +BN,100,ARG2_LT_ARG3 +BN,117,BAD_ENCODING +BN,101,BAD_RECIPROCAL +BN,102,BIGNUM_TOO_LONG +BN,103,BITS_TOO_SMALL +BN,104,CALLED_WITH_EVEN_MODULUS +BN,105,DIV_BY_ZERO +BN,118,ENCODE_ERROR +BN,106,EXPAND_ON_STATIC_BIGNUM_DATA +BN,107,INPUT_NOT_REDUCED +BN,108,INVALID_RANGE +BN,109,NEGATIVE_NUMBER +BN,110,NOT_A_SQUARE +BN,111,NOT_INITIALIZED +BN,112,NO_INVERSE +BN,113,PRIVATE_KEY_TOO_LARGE +BN,114,P_IS_NOT_PRIME +BN,115,TOO_MANY_ITERATIONS +BN,116,TOO_MANY_TEMPORARY_VARIABLES diff --git a/src/crypto/err/buf.errordata b/src/crypto/err/buf.errordata deleted file mode 100644 index 01b6c9a..0000000 --- a/src/crypto/err/buf.errordata +++ /dev/null @@ -1,4 +0,0 @@ -BUF,function,100,BUF_MEM_new -BUF,function,101,BUF_memdup -BUF,function,102,BUF_strndup -BUF,function,103,buf_mem_grow diff --git a/src/crypto/err/cipher.errordata b/src/crypto/err/cipher.errordata index ce8459b..1037505 100644 --- a/src/crypto/err/cipher.errordata +++ b/src/crypto/err/cipher.errordata @@ -1,60 +1,25 @@ -CIPHER,function,100,EVP_AEAD_CTX_init -CIPHER,function,131,EVP_AEAD_CTX_init_with_direction -CIPHER,function,101,EVP_AEAD_CTX_open -CIPHER,function,102,EVP_AEAD_CTX_seal -CIPHER,function,103,EVP_CIPHER_CTX_copy -CIPHER,function,104,EVP_CIPHER_CTX_ctrl -CIPHER,function,105,EVP_CIPHER_CTX_set_key_length -CIPHER,function,106,EVP_CipherInit_ex -CIPHER,function,107,EVP_DecryptFinal_ex -CIPHER,function,108,EVP_EncryptFinal_ex -CIPHER,function,132,aead_aes_ctr_hmac_sha256_init -CIPHER,function,133,aead_aes_ctr_hmac_sha256_open -CIPHER,function,134,aead_aes_ctr_hmac_sha256_seal -CIPHER,function,109,aead_aes_gcm_init -CIPHER,function,110,aead_aes_gcm_open -CIPHER,function,111,aead_aes_gcm_seal -CIPHER,function,112,aead_aes_key_wrap_init -CIPHER,function,113,aead_aes_key_wrap_open -CIPHER,function,114,aead_aes_key_wrap_seal -CIPHER,function,115,aead_chacha20_poly1305_init -CIPHER,function,116,aead_chacha20_poly1305_open -CIPHER,function,117,aead_chacha20_poly1305_seal -CIPHER,function,118,aead_rc4_md5_tls_init -CIPHER,function,119,aead_rc4_md5_tls_open -CIPHER,function,120,aead_rc4_md5_tls_seal -CIPHER,function,121,aead_ssl3_ensure_cipher_init -CIPHER,function,122,aead_ssl3_init -CIPHER,function,123,aead_ssl3_open -CIPHER,function,124,aead_ssl3_seal -CIPHER,function,125,aead_tls_ensure_cipher_init -CIPHER,function,126,aead_tls_init -CIPHER,function,127,aead_tls_open -CIPHER,function,128,aead_tls_seal -CIPHER,function,129,aes_init_key -CIPHER,function,130,aesni_init_key -CIPHER,reason,100,AES_KEY_SETUP_FAILED -CIPHER,reason,101,BAD_DECRYPT -CIPHER,reason,102,BAD_KEY_LENGTH -CIPHER,reason,103,BUFFER_TOO_SMALL -CIPHER,reason,104,CTRL_NOT_IMPLEMENTED -CIPHER,reason,105,CTRL_OPERATION_NOT_IMPLEMENTED -CIPHER,reason,106,DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH -CIPHER,reason,107,INITIALIZATION_ERROR -CIPHER,reason,108,INPUT_NOT_INITIALIZED -CIPHER,reason,109,INVALID_AD_SIZE -CIPHER,reason,110,INVALID_KEY_LENGTH -CIPHER,reason,111,INVALID_NONCE_SIZE -CIPHER,reason,112,INVALID_OPERATION -CIPHER,reason,113,IV_TOO_LARGE -CIPHER,reason,114,NO_CIPHER_SET -CIPHER,reason,124,NO_DIRECTION_SET -CIPHER,reason,115,OUTPUT_ALIASES_INPUT -CIPHER,reason,116,TAG_TOO_LARGE -CIPHER,reason,117,TOO_LARGE -CIPHER,reason,118,UNSUPPORTED_AD_SIZE -CIPHER,reason,119,UNSUPPORTED_INPUT_SIZE -CIPHER,reason,120,UNSUPPORTED_KEY_SIZE -CIPHER,reason,121,UNSUPPORTED_NONCE_SIZE -CIPHER,reason,122,UNSUPPORTED_TAG_SIZE -CIPHER,reason,123,WRONG_FINAL_BLOCK_LENGTH +CIPHER,100,AES_KEY_SETUP_FAILED +CIPHER,101,BAD_DECRYPT +CIPHER,102,BAD_KEY_LENGTH +CIPHER,103,BUFFER_TOO_SMALL +CIPHER,104,CTRL_NOT_IMPLEMENTED +CIPHER,105,CTRL_OPERATION_NOT_IMPLEMENTED +CIPHER,106,DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH +CIPHER,107,INITIALIZATION_ERROR +CIPHER,108,INPUT_NOT_INITIALIZED +CIPHER,109,INVALID_AD_SIZE +CIPHER,110,INVALID_KEY_LENGTH +CIPHER,111,INVALID_NONCE_SIZE +CIPHER,112,INVALID_OPERATION +CIPHER,113,IV_TOO_LARGE +CIPHER,114,NO_CIPHER_SET +CIPHER,124,NO_DIRECTION_SET +CIPHER,115,OUTPUT_ALIASES_INPUT +CIPHER,116,TAG_TOO_LARGE +CIPHER,117,TOO_LARGE +CIPHER,118,UNSUPPORTED_AD_SIZE +CIPHER,119,UNSUPPORTED_INPUT_SIZE +CIPHER,120,UNSUPPORTED_KEY_SIZE +CIPHER,121,UNSUPPORTED_NONCE_SIZE +CIPHER,122,UNSUPPORTED_TAG_SIZE +CIPHER,123,WRONG_FINAL_BLOCK_LENGTH diff --git a/src/crypto/err/conf.errordata b/src/crypto/err/conf.errordata index 0b96a32..651fabe 100644 --- a/src/crypto/err/conf.errordata +++ b/src/crypto/err/conf.errordata @@ -1,10 +1,6 @@ -CONF,function,100,CONF_parse_list -CONF,function,101,NCONF_load -CONF,function,102,def_load_bio -CONF,function,103,str_copy -CONF,reason,100,LIST_CANNOT_BE_NULL -CONF,reason,101,MISSING_CLOSE_SQUARE_BRACKET -CONF,reason,102,MISSING_EQUAL_SIGN -CONF,reason,103,NO_CLOSE_BRACE -CONF,reason,104,UNABLE_TO_CREATE_NEW_SECTION -CONF,reason,105,VARIABLE_HAS_NO_VALUE +CONF,100,LIST_CANNOT_BE_NULL +CONF,101,MISSING_CLOSE_SQUARE_BRACKET +CONF,102,MISSING_EQUAL_SIGN +CONF,103,NO_CLOSE_BRACE +CONF,104,UNABLE_TO_CREATE_NEW_SECTION +CONF,105,VARIABLE_HAS_NO_VALUE diff --git a/src/crypto/err/crypto.errordata b/src/crypto/err/crypto.errordata deleted file mode 100644 index 1e0e9d5..0000000 --- a/src/crypto/err/crypto.errordata +++ /dev/null @@ -1,4 +0,0 @@ -CRYPTO,function,100,CRYPTO_get_ex_new_index -CRYPTO,function,101,CRYPTO_set_ex_data -CRYPTO,function,102,get_class -CRYPTO,function,103,get_func_pointers diff --git a/src/crypto/err/dh.errordata b/src/crypto/err/dh.errordata index 1fd675b..571e218 100644 --- a/src/crypto/err/dh.errordata +++ b/src/crypto/err/dh.errordata @@ -1,8 +1,4 @@ -DH,function,100,DH_new_method -DH,function,101,compute_key -DH,function,102,generate_key -DH,function,103,generate_parameters -DH,reason,100,BAD_GENERATOR -DH,reason,101,INVALID_PUBKEY -DH,reason,102,MODULUS_TOO_LARGE -DH,reason,103,NO_PRIVATE_VALUE +DH,100,BAD_GENERATOR +DH,101,INVALID_PUBKEY +DH,102,MODULUS_TOO_LARGE +DH,103,NO_PRIVATE_VALUE diff --git a/src/crypto/err/digest.errordata b/src/crypto/err/digest.errordata index 95a3622..411e778 100644 --- a/src/crypto/err/digest.errordata +++ b/src/crypto/err/digest.errordata @@ -1,3 +1 @@ -DIGEST,function,100,EVP_DigestInit_ex -DIGEST,function,101,EVP_MD_CTX_copy_ex -DIGEST,reason,100,INPUT_NOT_INITIALIZED +DIGEST,100,INPUT_NOT_INITIALIZED diff --git a/src/crypto/err/dsa.errordata b/src/crypto/err/dsa.errordata index c2dff23..3c5764a 100644 --- a/src/crypto/err/dsa.errordata +++ b/src/crypto/err/dsa.errordata @@ -1,9 +1,4 @@ -DSA,function,100,DSA_new_method -DSA,function,101,dsa_sig_cb -DSA,function,102,sign -DSA,function,103,sign_setup -DSA,function,104,verify -DSA,reason,100,BAD_Q_VALUE -DSA,reason,101,MISSING_PARAMETERS -DSA,reason,102,MODULUS_TOO_LARGE -DSA,reason,103,NEED_NEW_SETUP_VALUES +DSA,100,BAD_Q_VALUE +DSA,101,MISSING_PARAMETERS +DSA,102,MODULUS_TOO_LARGE +DSA,103,NEED_NEW_SETUP_VALUES diff --git a/src/crypto/err/ec.errordata b/src/crypto/err/ec.errordata index 252f7ab..e7b4175 100644 --- a/src/crypto/err/ec.errordata +++ b/src/crypto/err/ec.errordata @@ -1,95 +1,28 @@ -EC,function,159,BN_to_felem -EC,function,100,EC_GROUP_copy -EC,function,101,EC_GROUP_get_curve_GFp -EC,function,102,EC_GROUP_get_degree -EC,function,103,EC_GROUP_new_by_curve_name -EC,function,166,EC_GROUP_new_curve_GFp -EC,function,104,EC_KEY_check_key -EC,function,105,EC_KEY_copy -EC,function,106,EC_KEY_generate_key -EC,function,165,EC_KEY_new_by_curve_name -EC,function,107,EC_KEY_new_method -EC,function,108,EC_KEY_set_public_key_affine_coordinates -EC,function,109,EC_POINT_add -EC,function,110,EC_POINT_cmp -EC,function,111,EC_POINT_copy -EC,function,112,EC_POINT_dbl -EC,function,113,EC_POINT_dup -EC,function,114,EC_POINT_get_affine_coordinates_GFp -EC,function,115,EC_POINT_invert -EC,function,116,EC_POINT_is_at_infinity -EC,function,117,EC_POINT_is_on_curve -EC,function,118,EC_POINT_make_affine -EC,function,119,EC_POINT_new -EC,function,120,EC_POINT_oct2point -EC,function,121,EC_POINT_point2oct -EC,function,122,EC_POINT_set_affine_coordinates_GFp -EC,function,123,EC_POINT_set_compressed_coordinates_GFp -EC,function,124,EC_POINT_set_to_infinity -EC,function,125,EC_POINTs_make_affine -EC,function,126,compute_wNAF -EC,function,127,d2i_ECPKParameters -EC,function,128,d2i_ECParameters -EC,function,129,d2i_ECPrivateKey -EC,function,130,ec_GFp_mont_field_decode -EC,function,131,ec_GFp_mont_field_encode -EC,function,132,ec_GFp_mont_field_mul -EC,function,133,ec_GFp_mont_field_set_to_one -EC,function,134,ec_GFp_mont_field_sqr -EC,function,135,ec_GFp_mont_group_set_curve -EC,function,160,ec_GFp_nistp256_group_set_curve -EC,function,161,ec_GFp_nistp256_point_get_affine_coordinates -EC,function,162,ec_GFp_nistp256_points_mul -EC,function,136,ec_GFp_simple_group_check_discriminant -EC,function,137,ec_GFp_simple_group_set_curve -EC,function,138,ec_GFp_simple_make_affine -EC,function,139,ec_GFp_simple_oct2point -EC,function,140,ec_GFp_simple_point2oct -EC,function,141,ec_GFp_simple_point_get_affine_coordinates -EC,function,142,ec_GFp_simple_point_set_affine_coordinates -EC,function,143,ec_GFp_simple_points_make_affine -EC,function,144,ec_GFp_simple_set_compressed_coordinates -EC,function,145,ec_asn1_group2pkparameters -EC,function,146,ec_asn1_pkparameters2group -EC,function,163,ec_group_copy -EC,function,147,ec_group_new -EC,function,148,ec_group_new_curve_GFp -EC,function,149,ec_group_new_from_data -EC,function,150,ec_point_set_Jprojective_coordinates_GFp -EC,function,151,ec_pre_comp_new -EC,function,152,ec_wNAF_mul -EC,function,153,ec_wNAF_precompute_mult -EC,function,154,i2d_ECPKParameters -EC,function,155,i2d_ECParameters -EC,function,156,i2d_ECPrivateKey -EC,function,157,i2o_ECPublicKey -EC,function,164,nistp256_pre_comp_new -EC,function,158,o2i_ECPublicKey -EC,reason,126,BIGNUM_OUT_OF_RANGE -EC,reason,100,BUFFER_TOO_SMALL -EC,reason,101,COORDINATES_OUT_OF_RANGE -EC,reason,102,D2I_ECPKPARAMETERS_FAILURE -EC,reason,103,EC_GROUP_NEW_BY_NAME_FAILURE -EC,reason,104,GROUP2PKPARAMETERS_FAILURE -EC,reason,105,I2D_ECPKPARAMETERS_FAILURE -EC,reason,106,INCOMPATIBLE_OBJECTS -EC,reason,107,INVALID_COMPRESSED_POINT -EC,reason,108,INVALID_COMPRESSION_BIT -EC,reason,109,INVALID_ENCODING -EC,reason,110,INVALID_FIELD -EC,reason,111,INVALID_FORM -EC,reason,112,INVALID_GROUP_ORDER -EC,reason,113,INVALID_PRIVATE_KEY -EC,reason,114,MISSING_PARAMETERS -EC,reason,115,MISSING_PRIVATE_KEY -EC,reason,116,NON_NAMED_CURVE -EC,reason,117,NOT_INITIALIZED -EC,reason,118,PKPARAMETERS2GROUP_FAILURE -EC,reason,119,POINT_AT_INFINITY -EC,reason,120,POINT_IS_NOT_ON_CURVE -EC,reason,121,SLOT_FULL -EC,reason,122,UNDEFINED_GENERATOR -EC,reason,123,UNKNOWN_GROUP -EC,reason,124,UNKNOWN_ORDER -EC,reason,127,WRONG_CURVE_PARAMETERS -EC,reason,125,WRONG_ORDER +EC,126,BIGNUM_OUT_OF_RANGE +EC,100,BUFFER_TOO_SMALL +EC,101,COORDINATES_OUT_OF_RANGE +EC,102,D2I_ECPKPARAMETERS_FAILURE +EC,103,EC_GROUP_NEW_BY_NAME_FAILURE +EC,104,GROUP2PKPARAMETERS_FAILURE +EC,105,I2D_ECPKPARAMETERS_FAILURE +EC,106,INCOMPATIBLE_OBJECTS +EC,107,INVALID_COMPRESSED_POINT +EC,108,INVALID_COMPRESSION_BIT +EC,109,INVALID_ENCODING +EC,110,INVALID_FIELD +EC,111,INVALID_FORM +EC,112,INVALID_GROUP_ORDER +EC,113,INVALID_PRIVATE_KEY +EC,114,MISSING_PARAMETERS +EC,115,MISSING_PRIVATE_KEY +EC,116,NON_NAMED_CURVE +EC,117,NOT_INITIALIZED +EC,118,PKPARAMETERS2GROUP_FAILURE +EC,119,POINT_AT_INFINITY +EC,120,POINT_IS_NOT_ON_CURVE +EC,121,SLOT_FULL +EC,122,UNDEFINED_GENERATOR +EC,123,UNKNOWN_GROUP +EC,124,UNKNOWN_ORDER +EC,127,WRONG_CURVE_PARAMETERS +EC,125,WRONG_ORDER diff --git a/src/crypto/err/ecdh.errordata b/src/crypto/err/ecdh.errordata index 0f1215e..f714c30 100644 --- a/src/crypto/err/ecdh.errordata +++ b/src/crypto/err/ecdh.errordata @@ -1,4 +1,3 @@ -ECDH,function,100,ECDH_compute_key -ECDH,reason,100,KDF_FAILED -ECDH,reason,101,NO_PRIVATE_VALUE -ECDH,reason,102,POINT_ARITHMETIC_FAILURE +ECDH,100,KDF_FAILED +ECDH,101,NO_PRIVATE_VALUE +ECDH,102,POINT_ARITHMETIC_FAILURE diff --git a/src/crypto/err/ecdsa.errordata b/src/crypto/err/ecdsa.errordata index 97c213e..58ba591 100644 --- a/src/crypto/err/ecdsa.errordata +++ b/src/crypto/err/ecdsa.errordata @@ -1,10 +1,6 @@ -ECDSA,function,100,ECDSA_do_sign_ex -ECDSA,function,101,ECDSA_do_verify -ECDSA,function,102,ECDSA_sign_ex -ECDSA,function,103,digest_to_bn -ECDSA,function,104,ecdsa_sign_setup -ECDSA,reason,100,BAD_SIGNATURE -ECDSA,reason,101,MISSING_PARAMETERS -ECDSA,reason,102,NEED_NEW_SETUP_VALUES -ECDSA,reason,103,NOT_IMPLEMENTED -ECDSA,reason,104,RANDOM_NUMBER_GENERATION_FAILED +ECDSA,100,BAD_SIGNATURE +ECDSA,105,ENCODE_ERROR +ECDSA,101,MISSING_PARAMETERS +ECDSA,102,NEED_NEW_SETUP_VALUES +ECDSA,103,NOT_IMPLEMENTED +ECDSA,104,RANDOM_NUMBER_GENERATION_FAILED diff --git a/src/crypto/err/engine.errordata b/src/crypto/err/engine.errordata index 1185e88..edbd7b9 100644 --- a/src/crypto/err/engine.errordata +++ b/src/crypto/err/engine.errordata @@ -1 +1 @@ -ENGINE,reason,100,OPERATION_NOT_SUPPORTED +ENGINE,100,OPERATION_NOT_SUPPORTED diff --git a/src/crypto/err/err.c b/src/crypto/err/err.c index de1b4a7..24824e8 100644 --- a/src/crypto/err/err.c +++ b/src/crypto/err/err.c @@ -125,10 +125,6 @@ #include "../internal.h" -extern const uint32_t kOpenSSLFunctionValues[]; -extern const size_t kOpenSSLFunctionValuesLen; -extern const char kOpenSSLFunctionStringData[]; - extern const uint32_t kOpenSSLReasonValues[]; extern const size_t kOpenSSLReasonValuesLen; extern const char kOpenSSLReasonStringData[]; @@ -259,42 +255,51 @@ static uint32_t get_error_values(int inc, int top, const char **file, int *line, } uint32_t ERR_get_error(void) { - return get_error_values(1, 0, NULL, NULL, NULL, NULL); + return get_error_values(1 /* inc */, 0 /* bottom */, NULL, NULL, NULL, NULL); } uint32_t ERR_get_error_line(const char **file, int *line) { - return get_error_values(1, 0, file, line, NULL, NULL); + return get_error_values(1 /* inc */, 0 /* bottom */, file, line, NULL, NULL); } uint32_t ERR_get_error_line_data(const char **file, int *line, const char **data, int *flags) { - return get_error_values(1, 0, file, line, data, flags); + return get_error_values(1 /* inc */, 0 /* bottom */, file, line, data, flags); } uint32_t ERR_peek_error(void) { - return get_error_values(0, 0, NULL, NULL, NULL, NULL); + return get_error_values(0 /* peek */, 0 /* bottom */, NULL, NULL, NULL, NULL); } uint32_t ERR_peek_error_line(const char **file, int *line) { - return get_error_values(0, 0, file, line, NULL, NULL); + return get_error_values(0 /* peek */, 0 /* bottom */, file, line, NULL, NULL); } uint32_t ERR_peek_error_line_data(const char **file, int *line, const char **data, int *flags) { - return get_error_values(0, 0, file, line, data, flags); + return get_error_values(0 /* peek */, 0 /* bottom */, file, line, data, + flags); +} + +const char *ERR_peek_function(void) { + ERR_STATE *state = err_get_state(); + if (state == NULL || state->bottom == state->top) { + return NULL; + } + return state->errors[(state->bottom + 1) % ERR_NUM_ERRORS].function; } uint32_t ERR_peek_last_error(void) { - return get_error_values(0, 1, NULL, NULL, NULL, NULL); + return get_error_values(0 /* peek */, 1 /* top */, NULL, NULL, NULL, NULL); } uint32_t ERR_peek_last_error_line(const char **file, int *line) { - return get_error_values(0, 1, file, line, NULL, NULL); + return get_error_values(0 /* peek */, 1 /* top */, file, line, NULL, NULL); } uint32_t ERR_peek_last_error_line_data(const char **file, int *line, const char **data, int *flags) { - return get_error_values(0, 1, file, line, data, flags); + return get_error_values(0 /* peek */, 1 /* top */, file, line, data, flags); } void ERR_clear_error(void) { @@ -341,40 +346,20 @@ void ERR_clear_system_error(void) { errno = 0; } -char *ERR_error_string(uint32_t packed_error, char *ret) { - static char buf[ERR_ERROR_STRING_BUF_LEN]; - - if (ret == NULL) { - /* TODO(fork): remove this. */ - ret = buf; - } - -#if !defined(NDEBUG) - /* This is aimed to help catch callers who don't provide - * |ERR_ERROR_STRING_BUF_LEN| bytes of space. */ - memset(ret, 0, ERR_ERROR_STRING_BUF_LEN); -#endif - - ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN); - - return ret; -} - -void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) { - char lib_buf[64], func_buf[64], reason_buf[64]; - const char *lib_str, *func_str, *reason_str; - unsigned lib, func, reason; +static void err_error_string(uint32_t packed_error, const char *func_str, + char *buf, size_t len) { + char lib_buf[64], reason_buf[64]; + const char *lib_str, *reason_str; + unsigned lib, reason; if (len == 0) { return; } lib = ERR_GET_LIB(packed_error); - func = ERR_GET_FUNC(packed_error); reason = ERR_GET_REASON(packed_error); lib_str = ERR_lib_error_string(packed_error); - func_str = ERR_func_error_string(packed_error); reason_str = ERR_reason_error_string(packed_error); if (lib_str == NULL) { @@ -383,8 +368,7 @@ void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) { } if (func_str == NULL) { - BIO_snprintf(func_buf, sizeof(func_buf), "func(%u)", func); - func_str = func_buf; + func_str = "OPENSSL_internal"; } if (reason_str == NULL) { @@ -426,6 +410,29 @@ void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) { } } +char *ERR_error_string(uint32_t packed_error, char *ret) { + static char buf[ERR_ERROR_STRING_BUF_LEN]; + + if (ret == NULL) { + /* TODO(fork): remove this. */ + ret = buf; + } + +#if !defined(NDEBUG) + /* This is aimed to help catch callers who don't provide + * |ERR_ERROR_STRING_BUF_LEN| bytes of space. */ + memset(ret, 0, ERR_ERROR_STRING_BUF_LEN); +#endif + + ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN); + + return ret; +} + +void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) { + err_error_string(packed_error, NULL, buf, len); +} + // err_string_cmp is a compare function for searching error values with // |bsearch| in |err_string_lookup|. static int err_string_cmp(const void *a, const void *b) { @@ -505,8 +512,8 @@ static const char *const kLibraryNames[ERR_NUM_LIBS] = { "HMAC routines", /* ERR_LIB_HMAC */ "Digest functions", /* ERR_LIB_DIGEST */ "Cipher functions", /* ERR_LIB_CIPHER */ - "User defined functions", /* ERR_LIB_USER */ "HKDF functions", /* ERR_LIB_HKDF */ + "User defined functions", /* ERR_LIB_USER */ }; const char *ERR_lib_error_string(uint32_t packed_error) { @@ -519,36 +526,7 @@ const char *ERR_lib_error_string(uint32_t packed_error) { } const char *ERR_func_error_string(uint32_t packed_error) { - const uint32_t lib = ERR_GET_LIB(packed_error); - const uint32_t func = ERR_GET_FUNC(packed_error); - - if (lib == ERR_LIB_SYS) { - switch (func) { - case SYS_F_fopen: - return "fopen"; - case SYS_F_fclose: - return "fclose"; - case SYS_F_fread: - return "fread"; - case SYS_F_fwrite: - return "fwrite"; - case SYS_F_socket: - return "socket"; - case SYS_F_setsockopt: - return "setsockopt"; - case SYS_F_connect: - return "connect"; - case SYS_F_getaddrinfo: - return "getaddrinfo"; - default: - return NULL; - } - } - - return err_string_lookup(ERR_GET_LIB(packed_error), - ERR_GET_FUNC(packed_error), kOpenSSLFunctionValues, - kOpenSSLFunctionValuesLen, - kOpenSSLFunctionStringData); + return "OPENSSL_internal"; } const char *ERR_reason_error_string(uint32_t packed_error) { @@ -599,12 +577,13 @@ void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx) { const unsigned long thread_hash = (uintptr_t) err_get_state(); for (;;) { + const char *function = ERR_peek_function(); packed_error = ERR_get_error_line_data(&file, &line, &data, &flags); if (packed_error == 0) { break; } - ERR_error_string_n(packed_error, buf, sizeof(buf)); + err_error_string(packed_error, function, buf, sizeof(buf)); BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", thread_hash, buf, file, line, (flags & ERR_FLAG_STRING) ? data : ""); if (callback(buf2, strlen(buf2), ctx) <= 0) { @@ -644,8 +623,8 @@ static void err_set_error_data(char *data, int flags) { error->flags = flags; } -void ERR_put_error(int library, int func, int reason, const char *file, - unsigned line) { +void ERR_put_error(int library, int reason, const char *function, + const char *file, unsigned line) { ERR_STATE *const state = err_get_state(); struct err_error_st *error; @@ -654,7 +633,7 @@ void ERR_put_error(int library, int func, int reason, const char *file, } if (library == ERR_LIB_SYS && reason == 0) { -#if defined(WIN32) +#if defined(OPENSSL_WINDOWS) reason = GetLastError(); #else reason = errno; @@ -668,9 +647,10 @@ void ERR_put_error(int library, int func, int reason, const char *file, error = &state->errors[state->top]; err_clear(error); + error->function = function; error->file = file; error->line = line; - error->packed = ERR_PACK(library, func, reason); + error->packed = ERR_PACK(library, reason); } /* ERR_add_error_data_vdata takes a variable number of const char* pointers, diff --git a/src/crypto/err/err_data_generate.go b/src/crypto/err/err_data_generate.go index a5b4cb5..24e0d66 100644 --- a/src/crypto/err/err_data_generate.go +++ b/src/crypto/err/err_data_generate.go @@ -59,8 +59,8 @@ var libraryNames = []string{ "HMAC", "DIGEST", "CIPHER", - "USER", "HKDF", + "USER", } // stringList is a map from uint32 -> string which can output data for a sorted @@ -69,7 +69,7 @@ type stringList struct { // entries is an array of keys and offsets into |stringData|. The // offsets are in the bottom 15 bits of each uint32 and the key is the // top 17 bits. - entries []uint32 + entries []uint32 // internedStrings contains the same strings as are in |stringData|, // but allows for easy deduplication. It maps a string to its offset in // |stringData|. @@ -146,7 +146,7 @@ func (st *stringList) WriteTo(out stringWriter, name string) { fmt.Fprintf(out, " 0x%x,\n", v) } out.WriteString("};\n\n") - out.WriteString("const size_t " + values + "Len = sizeof(" + values + ") / sizeof(" + values + "[0]);\n\n"); + out.WriteString("const size_t " + values + "Len = sizeof(" + values + ") / sizeof(" + values + "[0]);\n\n") stringData := "kOpenSSL" + name + "StringData" out.WriteString("const char " + stringData + "[] =\n \"") @@ -161,8 +161,8 @@ func (st *stringList) WriteTo(out stringWriter, name string) { } type errorData struct { - functions, reasons *stringList - libraryMap map[string]uint32 + reasons *stringList + libraryMap map[string]uint32 } func (e *errorData) readErrorDataFile(filename string) error { @@ -184,8 +184,8 @@ func (e *errorData) readErrorDataFile(filename string) error { continue } parts := bytes.Split(line, comma) - if len(parts) != 4 { - return fmt.Errorf("bad line %d in %s: found %d values but want 4", lineNo, filename, len(parts)) + if len(parts) != 3 { + return fmt.Errorf("bad line %d in %s: found %d values but want 3", lineNo, filename, len(parts)) } libNum, ok := e.libraryMap[string(parts[0])] if !ok { @@ -194,26 +194,18 @@ func (e *errorData) readErrorDataFile(filename string) error { if libNum >= 64 { return fmt.Errorf("bad line %d in %s: library value too large", lineNo, filename) } - key, err := strconv.ParseUint(string(parts[2]), 10 /* base */, 32 /* bit size */) + key, err := strconv.ParseUint(string(parts[1]), 10 /* base */, 32 /* bit size */) if err != nil { return fmt.Errorf("bad line %d in %s: %s", lineNo, filename, err) } if key >= 2048 { return fmt.Errorf("bad line %d in %s: key too large", lineNo, filename) } - value := string(parts[3]) + value := string(parts[2]) listKey := libNum<<26 | uint32(key)<<15 - switch string(parts[1]) { - case "function": - err = e.functions.Add(listKey, value) - case "reason": - err = e.reasons.Add(listKey, value) - default: - return fmt.Errorf("bad line %d in %s: bad value type", lineNo, filename) - } - + err = e.reasons.Add(listKey, value) if err != nil { return err } @@ -224,7 +216,6 @@ func (e *errorData) readErrorDataFile(filename string) error { func main() { e := &errorData{ - functions: newStringList(), reasons: newStringList(), libraryMap: make(map[string]uint32), } @@ -279,9 +270,8 @@ func main() { for i, name := range libraryNames { fmt.Fprintf(out, "OPENSSL_COMPILE_ASSERT(ERR_LIB_%s == %d, library_values_changed_%d);\n", name, i+1, i+1) } - fmt.Fprintf(out, "OPENSSL_COMPILE_ASSERT(ERR_NUM_LIBS == %d, library_values_changed_num);\n", len(libraryNames) + 1) + fmt.Fprintf(out, "OPENSSL_COMPILE_ASSERT(ERR_NUM_LIBS == %d, library_values_changed_num);\n", len(libraryNames)+1) out.WriteString("\n") - e.functions.WriteTo(out, "Function") e.reasons.WriteTo(out, "Reason") } diff --git a/src/crypto/err/err_test.cc b/src/crypto/err/err_test.cc index 98dfb85..6643c68 100644 --- a/src/crypto/err/err_test.cc +++ b/src/crypto/err/err_test.cc @@ -22,7 +22,7 @@ static bool TestOverflow() { for (unsigned i = 0; i < ERR_NUM_ERRORS*2; i++) { - ERR_put_error(1, 2, i+1, "test", 1); + ERR_put_error(1, i+1, "function", "test", 1); } for (unsigned i = 0; i < ERR_NUM_ERRORS - 1; i++) { @@ -50,7 +50,7 @@ static bool TestPutError() { return false; } - ERR_put_error(1, 2, 3, "test", 4); + ERR_put_error(1, 2, "function", "test", 4); ERR_add_error_data(1, "testing"); int peeked_line, line, peeked_flags, flags; @@ -58,6 +58,7 @@ static bool TestPutError() { uint32_t peeked_packed_error = ERR_peek_error_line_data(&peeked_file, &peeked_line, &peeked_data, &peeked_flags); + const char *function = ERR_peek_function(); uint32_t packed_error = ERR_get_error_line_data(&file, &line, &data, &flags); if (peeked_packed_error != packed_error || @@ -68,12 +69,12 @@ static bool TestPutError() { return false; } - if (strcmp(file, "test") != 0 || + if (strcmp(function, "function") != 0 || + strcmp(file, "test") != 0 || line != 4 || (flags & ERR_FLAG_STRING) == 0 || ERR_GET_LIB(packed_error) != 1 || - ERR_GET_FUNC(packed_error) != 2 || - ERR_GET_REASON(packed_error) != 3 || + ERR_GET_REASON(packed_error) != 2 || strcmp(data, "testing") != 0) { fprintf(stderr, "Bad error data returned.\n"); return false; @@ -88,7 +89,7 @@ static bool TestClearError() { return false; } - ERR_put_error(1, 2, 3, "test", 4); + ERR_put_error(1, 2, "function", "test", 4); ERR_clear_error(); if (ERR_get_error() != 0) { @@ -100,7 +101,7 @@ static bool TestClearError() { } static bool TestPrint() { - ERR_put_error(1, 2, 3, "test", 4); + ERR_put_error(1, 2, "function", "test", 4); ERR_add_error_data(1, "testing"); uint32_t packed_error = ERR_get_error(); @@ -113,11 +114,41 @@ static bool TestPrint() { } static bool TestRelease() { - ERR_put_error(1, 2, 3, "test", 4); + ERR_put_error(1, 2, "function", "test", 4); ERR_remove_thread_state(NULL); return true; } +static bool HasSuffix(const char *str, const char *suffix) { + size_t suffix_len = strlen(suffix); + size_t str_len = strlen(str); + if (str_len < suffix_len) { + return false; + } + return strcmp(str + str_len - suffix_len, suffix) == 0; +} + +static bool TestPutMacro() { + int expected_line = __LINE__ + 1; + OPENSSL_PUT_ERROR(USER, ERR_R_INTERNAL_ERROR); + + int line; + const char *file; + const char *function = ERR_peek_function(); + uint32_t error = ERR_get_error_line(&file, &line); + + if (strcmp(function, "TestPutMacro") != 0 || + !HasSuffix(file, "err_test.cc") || + line != expected_line || + ERR_GET_LIB(error) != ERR_LIB_USER || + ERR_GET_REASON(error) != ERR_R_INTERNAL_ERROR) { + fprintf(stderr, "Bad error data returned.\n"); + return false; + } + + return true; +} + int main() { CRYPTO_library_init(); @@ -125,7 +156,8 @@ int main() { !TestPutError() || !TestClearError() || !TestPrint() || - !TestRelease()) { + !TestRelease() || + !TestPutMacro()) { return 1; } diff --git a/src/crypto/err/evp.errordata b/src/crypto/err/evp.errordata index 14dd27b..8f8dd48 100644 --- a/src/crypto/err/evp.errordata +++ b/src/crypto/err/evp.errordata @@ -1,114 +1,46 @@ -EVP,function,160,EVP_DigestSignAlgorithm -EVP,function,161,EVP_DigestVerifyInitFromAlgorithm -EVP,function,162,EVP_PKEY_CTX_ctrl -EVP,function,163,EVP_PKEY_CTX_dup -EVP,function,159,EVP_PKEY_CTX_get0_rsa_oaep_label -EVP,function,164,EVP_PKEY_copy_parameters -EVP,function,165,EVP_PKEY_decrypt -EVP,function,166,EVP_PKEY_decrypt_init -EVP,function,167,EVP_PKEY_derive -EVP,function,108,EVP_PKEY_derive_init -EVP,function,168,EVP_PKEY_derive_set_peer -EVP,function,110,EVP_PKEY_encrypt -EVP,function,111,EVP_PKEY_encrypt_init -EVP,function,112,EVP_PKEY_get1_DH -EVP,function,169,EVP_PKEY_get1_DSA -EVP,function,114,EVP_PKEY_get1_EC_KEY -EVP,function,115,EVP_PKEY_get1_RSA -EVP,function,116,EVP_PKEY_keygen -EVP,function,170,EVP_PKEY_keygen_init -EVP,function,171,EVP_PKEY_new -EVP,function,172,EVP_PKEY_set_type -EVP,function,120,EVP_PKEY_sign -EVP,function,121,EVP_PKEY_sign_init -EVP,function,122,EVP_PKEY_verify -EVP,function,123,EVP_PKEY_verify_init -EVP,function,173,check_padding_md -EVP,function,125,d2i_AutoPrivateKey -EVP,function,126,d2i_PrivateKey -EVP,function,127,do_EC_KEY_print -EVP,function,174,do_dsa_print -EVP,function,175,do_rsa_print -EVP,function,129,do_sigver_init -EVP,function,176,dsa_param_decode -EVP,function,177,dsa_priv_decode -EVP,function,178,dsa_priv_encode -EVP,function,179,dsa_pub_decode -EVP,function,180,dsa_pub_encode -EVP,function,181,dsa_sig_print -EVP,function,130,eckey_param2type -EVP,function,131,eckey_param_decode -EVP,function,132,eckey_priv_decode -EVP,function,133,eckey_priv_encode -EVP,function,134,eckey_pub_decode -EVP,function,135,eckey_pub_encode -EVP,function,136,eckey_type2param -EVP,function,137,evp_pkey_ctx_new -EVP,function,138,hmac_signctx -EVP,function,139,i2d_PublicKey -EVP,function,182,old_dsa_priv_decode -EVP,function,140,old_ec_priv_decode -EVP,function,141,old_rsa_priv_decode -EVP,function,142,pkey_ec_ctrl -EVP,function,143,pkey_ec_derive -EVP,function,144,pkey_ec_keygen -EVP,function,145,pkey_ec_paramgen -EVP,function,146,pkey_ec_sign -EVP,function,158,pkey_hmac_ctrl -EVP,function,147,pkey_rsa_ctrl -EVP,function,148,pkey_rsa_decrypt -EVP,function,149,pkey_rsa_encrypt -EVP,function,150,pkey_rsa_sign -EVP,function,151,rsa_algor_to_md -EVP,function,152,rsa_digest_verify_init_from_algorithm -EVP,function,153,rsa_mgf1_to_md -EVP,function,154,rsa_priv_decode -EVP,function,155,rsa_priv_encode -EVP,function,156,rsa_pss_to_ctx -EVP,function,157,rsa_pub_decode -EVP,reason,151,BN_DECODE_ERROR -EVP,reason,100,BUFFER_TOO_SMALL -EVP,reason,101,COMMAND_NOT_SUPPORTED -EVP,reason,146,CONTEXT_NOT_INITIALISED -EVP,reason,143,DECODE_ERROR -EVP,reason,104,DIFFERENT_KEY_TYPES -EVP,reason,105,DIFFERENT_PARAMETERS -EVP,reason,147,DIGEST_AND_KEY_TYPE_NOT_SUPPORTED -EVP,reason,107,EXPECTING_AN_EC_KEY_KEY -EVP,reason,141,EXPECTING_AN_RSA_KEY -EVP,reason,109,EXPECTING_A_DH_KEY -EVP,reason,110,EXPECTING_A_DSA_KEY -EVP,reason,111,ILLEGAL_OR_UNSUPPORTED_PADDING_MODE -EVP,reason,112,INVALID_CURVE -EVP,reason,113,INVALID_DIGEST_LENGTH -EVP,reason,114,INVALID_DIGEST_TYPE -EVP,reason,115,INVALID_KEYBITS -EVP,reason,116,INVALID_MGF1_MD -EVP,reason,142,INVALID_OPERATION -EVP,reason,118,INVALID_PADDING_MODE -EVP,reason,119,INVALID_PSS_PARAMETERS -EVP,reason,144,INVALID_PSS_SALTLEN -EVP,reason,121,INVALID_SALT_LENGTH -EVP,reason,122,INVALID_TRAILER -EVP,reason,123,KEYS_NOT_SET -EVP,reason,124,MISSING_PARAMETERS -EVP,reason,125,NO_DEFAULT_DIGEST -EVP,reason,126,NO_KEY_SET -EVP,reason,127,NO_MDC2_SUPPORT -EVP,reason,128,NO_NID_FOR_CURVE -EVP,reason,129,NO_OPERATION_SET -EVP,reason,130,NO_PARAMETERS_SET -EVP,reason,131,OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE -EVP,reason,132,OPERATON_NOT_INITIALIZED -EVP,reason,152,PARAMETER_ENCODING_ERROR -EVP,reason,133,UNKNOWN_DIGEST -EVP,reason,134,UNKNOWN_MASK_DIGEST -EVP,reason,150,UNKNOWN_MESSAGE_DIGEST_ALGORITHM -EVP,reason,145,UNKNOWN_PUBLIC_KEY_TYPE -EVP,reason,149,UNKNOWN_SIGNATURE_ALGORITHM -EVP,reason,138,UNSUPPORTED_ALGORITHM -EVP,reason,139,UNSUPPORTED_MASK_ALGORITHM -EVP,reason,140,UNSUPPORTED_MASK_PARAMETER -EVP,reason,153,UNSUPPORTED_PUBLIC_KEY_TYPE -EVP,reason,154,UNSUPPORTED_SIGNATURE_TYPE -EVP,reason,148,WRONG_PUBLIC_KEY_TYPE +EVP,151,BN_DECODE_ERROR +EVP,100,BUFFER_TOO_SMALL +EVP,101,COMMAND_NOT_SUPPORTED +EVP,146,CONTEXT_NOT_INITIALISED +EVP,143,DECODE_ERROR +EVP,104,DIFFERENT_KEY_TYPES +EVP,105,DIFFERENT_PARAMETERS +EVP,147,DIGEST_AND_KEY_TYPE_NOT_SUPPORTED +EVP,107,EXPECTING_AN_EC_KEY_KEY +EVP,141,EXPECTING_AN_RSA_KEY +EVP,109,EXPECTING_A_DH_KEY +EVP,110,EXPECTING_A_DSA_KEY +EVP,111,ILLEGAL_OR_UNSUPPORTED_PADDING_MODE +EVP,112,INVALID_CURVE +EVP,113,INVALID_DIGEST_LENGTH +EVP,114,INVALID_DIGEST_TYPE +EVP,115,INVALID_KEYBITS +EVP,116,INVALID_MGF1_MD +EVP,142,INVALID_OPERATION +EVP,118,INVALID_PADDING_MODE +EVP,119,INVALID_PSS_PARAMETERS +EVP,144,INVALID_PSS_SALTLEN +EVP,121,INVALID_SALT_LENGTH +EVP,122,INVALID_TRAILER +EVP,123,KEYS_NOT_SET +EVP,124,MISSING_PARAMETERS +EVP,125,NO_DEFAULT_DIGEST +EVP,126,NO_KEY_SET +EVP,127,NO_MDC2_SUPPORT +EVP,128,NO_NID_FOR_CURVE +EVP,129,NO_OPERATION_SET +EVP,130,NO_PARAMETERS_SET +EVP,131,OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE +EVP,132,OPERATON_NOT_INITIALIZED +EVP,152,PARAMETER_ENCODING_ERROR +EVP,133,UNKNOWN_DIGEST +EVP,134,UNKNOWN_MASK_DIGEST +EVP,150,UNKNOWN_MESSAGE_DIGEST_ALGORITHM +EVP,145,UNKNOWN_PUBLIC_KEY_TYPE +EVP,149,UNKNOWN_SIGNATURE_ALGORITHM +EVP,138,UNSUPPORTED_ALGORITHM +EVP,139,UNSUPPORTED_MASK_ALGORITHM +EVP,140,UNSUPPORTED_MASK_PARAMETER +EVP,153,UNSUPPORTED_PUBLIC_KEY_TYPE +EVP,154,UNSUPPORTED_SIGNATURE_TYPE +EVP,148,WRONG_PUBLIC_KEY_TYPE diff --git a/src/crypto/err/hkdf.errordata b/src/crypto/err/hkdf.errordata index 878a802..84866de 100644 --- a/src/crypto/err/hkdf.errordata +++ b/src/crypto/err/hkdf.errordata @@ -1,2 +1 @@ -HKDF,function,100,HKDF -HKDF,reason,100,OUTPUT_TOO_LARGE +HKDF,100,OUTPUT_TOO_LARGE diff --git a/src/crypto/err/obj.errordata b/src/crypto/err/obj.errordata index 74e4629..c54435e 100644 --- a/src/crypto/err/obj.errordata +++ b/src/crypto/err/obj.errordata @@ -1,5 +1 @@ -OBJ,function,100,OBJ_create -OBJ,function,101,OBJ_dup -OBJ,function,102,OBJ_nid2obj -OBJ,function,103,OBJ_txt2obj -OBJ,reason,100,UNKNOWN_NID +OBJ,100,UNKNOWN_NID diff --git a/src/crypto/err/pem.errordata b/src/crypto/err/pem.errordata index 42216a7..2a4b73a 100644 --- a/src/crypto/err/pem.errordata +++ b/src/crypto/err/pem.errordata @@ -1,39 +1,15 @@ -PEM,function,100,PEM_ASN1_read -PEM,function,101,PEM_ASN1_read_bio -PEM,function,102,PEM_ASN1_write -PEM,function,103,PEM_ASN1_write_bio -PEM,function,104,PEM_X509_INFO_read -PEM,function,105,PEM_X509_INFO_read_bio -PEM,function,106,PEM_X509_INFO_write_bio -PEM,function,107,PEM_do_header -PEM,function,108,PEM_get_EVP_CIPHER_INFO -PEM,function,109,PEM_read -PEM,function,110,PEM_read_DHparams -PEM,function,111,PEM_read_PrivateKey -PEM,function,112,PEM_read_bio -PEM,function,113,PEM_read_bio_DHparams -PEM,function,114,PEM_read_bio_Parameters -PEM,function,115,PEM_read_bio_PrivateKey -PEM,function,116,PEM_write -PEM,function,117,PEM_write_PrivateKey -PEM,function,118,PEM_write_bio -PEM,function,119,d2i_PKCS8PrivateKey_bio -PEM,function,120,d2i_PKCS8PrivateKey_fp -PEM,function,121,do_pk8pkey -PEM,function,122,do_pk8pkey_fp -PEM,function,123,load_iv -PEM,reason,100,BAD_BASE64_DECODE -PEM,reason,101,BAD_DECRYPT -PEM,reason,102,BAD_END_LINE -PEM,reason,103,BAD_IV_CHARS -PEM,reason,104,BAD_PASSWORD_READ -PEM,reason,105,CIPHER_IS_NULL -PEM,reason,106,ERROR_CONVERTING_PRIVATE_KEY -PEM,reason,107,NOT_DEK_INFO -PEM,reason,108,NOT_ENCRYPTED -PEM,reason,109,NOT_PROC_TYPE -PEM,reason,110,NO_START_LINE -PEM,reason,111,READ_KEY -PEM,reason,112,SHORT_HEADER -PEM,reason,113,UNSUPPORTED_CIPHER -PEM,reason,114,UNSUPPORTED_ENCRYPTION +PEM,100,BAD_BASE64_DECODE +PEM,101,BAD_DECRYPT +PEM,102,BAD_END_LINE +PEM,103,BAD_IV_CHARS +PEM,104,BAD_PASSWORD_READ +PEM,105,CIPHER_IS_NULL +PEM,106,ERROR_CONVERTING_PRIVATE_KEY +PEM,107,NOT_DEK_INFO +PEM,108,NOT_ENCRYPTED +PEM,109,NOT_PROC_TYPE +PEM,110,NO_START_LINE +PEM,111,READ_KEY +PEM,112,SHORT_HEADER +PEM,113,UNSUPPORTED_CIPHER +PEM,114,UNSUPPORTED_ENCRYPTION diff --git a/src/crypto/err/pkcs8.errordata b/src/crypto/err/pkcs8.errordata index 936f3c5..0eb5083 100644 --- a/src/crypto/err/pkcs8.errordata +++ b/src/crypto/err/pkcs8.errordata @@ -1,43 +1,25 @@ -PKCS8,function,100,EVP_PKCS82PKEY -PKCS8,function,101,EVP_PKEY2PKCS8 -PKCS8,function,102,PKCS12_get_key_and_certs -PKCS8,function,103,PKCS12_handle_content_info -PKCS8,function,104,PKCS12_handle_content_infos -PKCS8,function,105,PKCS5_pbe2_set_iv -PKCS8,function,106,PKCS5_pbe_set -PKCS8,function,107,PKCS5_pbe_set0_algor -PKCS8,function,108,PKCS5_pbkdf2_set -PKCS8,function,109,PKCS8_decrypt -PKCS8,function,110,PKCS8_encrypt -PKCS8,function,111,PKCS8_encrypt_pbe -PKCS8,function,112,pbe_cipher_init -PKCS8,function,113,pbe_crypt -PKCS8,function,114,pkcs12_item_decrypt_d2i -PKCS8,function,115,pkcs12_item_i2d_encrypt -PKCS8,function,116,pkcs12_key_gen_raw -PKCS8,function,117,pkcs12_pbe_keyivgen -PKCS8,reason,100,BAD_PKCS12_DATA -PKCS8,reason,101,BAD_PKCS12_VERSION -PKCS8,reason,102,CIPHER_HAS_NO_OBJECT_IDENTIFIER -PKCS8,reason,103,CRYPT_ERROR -PKCS8,reason,104,DECODE_ERROR -PKCS8,reason,105,ENCODE_ERROR -PKCS8,reason,106,ENCRYPT_ERROR -PKCS8,reason,107,ERROR_SETTING_CIPHER_PARAMS -PKCS8,reason,108,INCORRECT_PASSWORD -PKCS8,reason,109,KEYGEN_FAILURE -PKCS8,reason,110,KEY_GEN_ERROR -PKCS8,reason,111,METHOD_NOT_SUPPORTED -PKCS8,reason,112,MISSING_MAC -PKCS8,reason,113,MULTIPLE_PRIVATE_KEYS_IN_PKCS12 -PKCS8,reason,114,PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED -PKCS8,reason,115,PKCS12_TOO_DEEPLY_NESTED -PKCS8,reason,116,PRIVATE_KEY_DECODE_ERROR -PKCS8,reason,117,PRIVATE_KEY_ENCODE_ERROR -PKCS8,reason,118,TOO_LONG -PKCS8,reason,119,UNKNOWN_ALGORITHM -PKCS8,reason,120,UNKNOWN_CIPHER -PKCS8,reason,121,UNKNOWN_CIPHER_ALGORITHM -PKCS8,reason,122,UNKNOWN_DIGEST -PKCS8,reason,123,UNKNOWN_HASH -PKCS8,reason,124,UNSUPPORTED_PRIVATE_KEY_ALGORITHM +PKCS8,100,BAD_PKCS12_DATA +PKCS8,101,BAD_PKCS12_VERSION +PKCS8,102,CIPHER_HAS_NO_OBJECT_IDENTIFIER +PKCS8,103,CRYPT_ERROR +PKCS8,104,DECODE_ERROR +PKCS8,105,ENCODE_ERROR +PKCS8,106,ENCRYPT_ERROR +PKCS8,107,ERROR_SETTING_CIPHER_PARAMS +PKCS8,108,INCORRECT_PASSWORD +PKCS8,109,KEYGEN_FAILURE +PKCS8,110,KEY_GEN_ERROR +PKCS8,111,METHOD_NOT_SUPPORTED +PKCS8,112,MISSING_MAC +PKCS8,113,MULTIPLE_PRIVATE_KEYS_IN_PKCS12 +PKCS8,114,PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED +PKCS8,115,PKCS12_TOO_DEEPLY_NESTED +PKCS8,116,PRIVATE_KEY_DECODE_ERROR +PKCS8,117,PRIVATE_KEY_ENCODE_ERROR +PKCS8,118,TOO_LONG +PKCS8,119,UNKNOWN_ALGORITHM +PKCS8,120,UNKNOWN_CIPHER +PKCS8,121,UNKNOWN_CIPHER_ALGORITHM +PKCS8,122,UNKNOWN_DIGEST +PKCS8,123,UNKNOWN_HASH +PKCS8,124,UNSUPPORTED_PRIVATE_KEY_ALGORITHM diff --git a/src/crypto/err/rsa.errordata b/src/crypto/err/rsa.errordata index 64b390d..c19f73c 100644 --- a/src/crypto/err/rsa.errordata +++ b/src/crypto/err/rsa.errordata @@ -1,69 +1,46 @@ -RSA,function,100,BN_BLINDING_convert_ex -RSA,function,101,BN_BLINDING_create_param -RSA,function,102,BN_BLINDING_invert_ex -RSA,function,103,BN_BLINDING_new -RSA,function,104,BN_BLINDING_update -RSA,function,105,RSA_check_key -RSA,function,106,RSA_new_method -RSA,function,107,RSA_padding_add_PKCS1_OAEP_mgf1 -RSA,function,108,RSA_padding_add_PKCS1_PSS_mgf1 -RSA,function,109,RSA_padding_add_PKCS1_type_1 -RSA,function,110,RSA_padding_add_PKCS1_type_2 -RSA,function,111,RSA_padding_add_none -RSA,function,112,RSA_padding_check_PKCS1_OAEP_mgf1 -RSA,function,113,RSA_padding_check_PKCS1_type_1 -RSA,function,114,RSA_padding_check_PKCS1_type_2 -RSA,function,115,RSA_padding_check_none -RSA,function,116,RSA_recover_crt_params -RSA,function,117,RSA_sign -RSA,function,118,RSA_verify -RSA,function,119,RSA_verify_PKCS1_PSS_mgf1 -RSA,function,120,decrypt -RSA,function,121,encrypt -RSA,function,122,keygen -RSA,function,123,pkcs1_prefixed_msg -RSA,function,124,private_transform -RSA,function,125,rsa_setup_blinding -RSA,function,126,sign_raw -RSA,function,127,verify_raw -RSA,reason,100,BAD_E_VALUE -RSA,reason,101,BAD_FIXED_HEADER_DECRYPT -RSA,reason,102,BAD_PAD_BYTE_COUNT -RSA,reason,103,BAD_RSA_PARAMETERS -RSA,reason,104,BAD_SIGNATURE -RSA,reason,105,BLOCK_TYPE_IS_NOT_01 -RSA,reason,106,BN_NOT_INITIALIZED -RSA,reason,107,CRT_PARAMS_ALREADY_GIVEN -RSA,reason,108,CRT_VALUES_INCORRECT -RSA,reason,109,DATA_LEN_NOT_EQUAL_TO_MOD_LEN -RSA,reason,110,DATA_TOO_LARGE -RSA,reason,111,DATA_TOO_LARGE_FOR_KEY_SIZE -RSA,reason,112,DATA_TOO_LARGE_FOR_MODULUS -RSA,reason,113,DATA_TOO_SMALL -RSA,reason,114,DATA_TOO_SMALL_FOR_KEY_SIZE -RSA,reason,115,DIGEST_TOO_BIG_FOR_RSA_KEY -RSA,reason,116,D_E_NOT_CONGRUENT_TO_1 -RSA,reason,117,EMPTY_PUBLIC_KEY -RSA,reason,118,FIRST_OCTET_INVALID -RSA,reason,119,INCONSISTENT_SET_OF_CRT_VALUES -RSA,reason,120,INTERNAL_ERROR -RSA,reason,121,INVALID_MESSAGE_LENGTH -RSA,reason,122,KEY_SIZE_TOO_SMALL -RSA,reason,123,LAST_OCTET_INVALID -RSA,reason,124,MODULUS_TOO_LARGE -RSA,reason,125,NO_PUBLIC_EXPONENT -RSA,reason,126,NULL_BEFORE_BLOCK_MISSING -RSA,reason,127,N_NOT_EQUAL_P_Q -RSA,reason,128,OAEP_DECODING_ERROR -RSA,reason,129,ONLY_ONE_OF_P_Q_GIVEN -RSA,reason,130,OUTPUT_BUFFER_TOO_SMALL -RSA,reason,131,PADDING_CHECK_FAILED -RSA,reason,132,PKCS_DECODING_ERROR -RSA,reason,133,SLEN_CHECK_FAILED -RSA,reason,134,SLEN_RECOVERY_FAILED -RSA,reason,135,TOO_LONG -RSA,reason,136,TOO_MANY_ITERATIONS -RSA,reason,137,UNKNOWN_ALGORITHM_TYPE -RSA,reason,138,UNKNOWN_PADDING_TYPE -RSA,reason,139,VALUE_MISSING -RSA,reason,140,WRONG_SIGNATURE_LENGTH +RSA,143,BAD_ENCODING +RSA,100,BAD_E_VALUE +RSA,101,BAD_FIXED_HEADER_DECRYPT +RSA,102,BAD_PAD_BYTE_COUNT +RSA,103,BAD_RSA_PARAMETERS +RSA,104,BAD_SIGNATURE +RSA,145,BAD_VERSION +RSA,105,BLOCK_TYPE_IS_NOT_01 +RSA,106,BN_NOT_INITIALIZED +RSA,142,CANNOT_RECOVER_MULTI_PRIME_KEY +RSA,107,CRT_PARAMS_ALREADY_GIVEN +RSA,108,CRT_VALUES_INCORRECT +RSA,109,DATA_LEN_NOT_EQUAL_TO_MOD_LEN +RSA,110,DATA_TOO_LARGE +RSA,111,DATA_TOO_LARGE_FOR_KEY_SIZE +RSA,112,DATA_TOO_LARGE_FOR_MODULUS +RSA,113,DATA_TOO_SMALL +RSA,114,DATA_TOO_SMALL_FOR_KEY_SIZE +RSA,115,DIGEST_TOO_BIG_FOR_RSA_KEY +RSA,116,D_E_NOT_CONGRUENT_TO_1 +RSA,117,EMPTY_PUBLIC_KEY +RSA,144,ENCODE_ERROR +RSA,118,FIRST_OCTET_INVALID +RSA,119,INCONSISTENT_SET_OF_CRT_VALUES +RSA,120,INTERNAL_ERROR +RSA,121,INVALID_MESSAGE_LENGTH +RSA,122,KEY_SIZE_TOO_SMALL +RSA,123,LAST_OCTET_INVALID +RSA,124,MODULUS_TOO_LARGE +RSA,141,MUST_HAVE_AT_LEAST_TWO_PRIMES +RSA,125,NO_PUBLIC_EXPONENT +RSA,126,NULL_BEFORE_BLOCK_MISSING +RSA,127,N_NOT_EQUAL_P_Q +RSA,128,OAEP_DECODING_ERROR +RSA,129,ONLY_ONE_OF_P_Q_GIVEN +RSA,130,OUTPUT_BUFFER_TOO_SMALL +RSA,131,PADDING_CHECK_FAILED +RSA,132,PKCS_DECODING_ERROR +RSA,133,SLEN_CHECK_FAILED +RSA,134,SLEN_RECOVERY_FAILED +RSA,135,TOO_LONG +RSA,136,TOO_MANY_ITERATIONS +RSA,137,UNKNOWN_ALGORITHM_TYPE +RSA,138,UNKNOWN_PADDING_TYPE +RSA,139,VALUE_MISSING +RSA,140,WRONG_SIGNATURE_LENGTH diff --git a/src/crypto/err/ssl.errordata b/src/crypto/err/ssl.errordata index 9464c3d..0b30b13 100644 --- a/src/crypto/err/ssl.errordata +++ b/src/crypto/err/ssl.errordata @@ -1,387 +1,217 @@ -SSL,function,276,SSL_AEAD_CTX_new -SSL,function,277,SSL_AEAD_CTX_open -SSL,function,278,SSL_AEAD_CTX_seal -SSL,function,100,SSL_CTX_check_private_key -SSL,function,101,SSL_CTX_new -SSL,function,272,SSL_CTX_set1_tls_channel_id -SSL,function,102,SSL_CTX_set_cipher_list -SSL,function,103,SSL_CTX_set_cipher_list_tls11 -SSL,function,104,SSL_CTX_set_session_id_context -SSL,function,268,SSL_CTX_set_tmp_dh -SSL,function,269,SSL_CTX_set_tmp_ecdh -SSL,function,105,SSL_CTX_use_PrivateKey -SSL,function,106,SSL_CTX_use_PrivateKey_ASN1 -SSL,function,107,SSL_CTX_use_PrivateKey_file -SSL,function,108,SSL_CTX_use_RSAPrivateKey -SSL,function,109,SSL_CTX_use_RSAPrivateKey_ASN1 -SSL,function,110,SSL_CTX_use_RSAPrivateKey_file -SSL,function,111,SSL_CTX_use_certificate -SSL,function,112,SSL_CTX_use_certificate_ASN1 -SSL,function,113,SSL_CTX_use_certificate_chain_file -SSL,function,114,SSL_CTX_use_certificate_file -SSL,function,115,SSL_CTX_use_psk_identity_hint -SSL,function,280,SSL_SESSION_from_bytes -SSL,function,116,SSL_SESSION_new -SSL,function,281,SSL_SESSION_parse -SSL,function,150,SSL_SESSION_parse_octet_string -SSL,function,151,SSL_SESSION_parse_string -SSL,function,117,SSL_SESSION_print_fp -SSL,function,118,SSL_SESSION_set1_id_context -SSL,function,119,SSL_SESSION_to_bytes_full -SSL,function,120,SSL_accept -SSL,function,121,SSL_add_dir_cert_subjects_to_stack -SSL,function,122,SSL_add_file_cert_subjects_to_stack -SSL,function,123,SSL_check_private_key -SSL,function,124,SSL_clear -SSL,function,125,SSL_connect -SSL,function,126,SSL_do_handshake -SSL,function,127,SSL_load_client_CA_file -SSL,function,128,SSL_new -SSL,function,129,SSL_peek -SSL,function,130,SSL_read -SSL,function,131,SSL_renegotiate -SSL,function,273,SSL_set1_tls_channel_id -SSL,function,132,SSL_set_cipher_list -SSL,function,133,SSL_set_fd -SSL,function,134,SSL_set_rfd -SSL,function,135,SSL_set_session_id_context -SSL,function,274,SSL_set_tlsext_host_name -SSL,function,270,SSL_set_tmp_dh -SSL,function,271,SSL_set_tmp_ecdh -SSL,function,136,SSL_set_wfd -SSL,function,137,SSL_shutdown -SSL,function,138,SSL_use_PrivateKey -SSL,function,139,SSL_use_PrivateKey_ASN1 -SSL,function,140,SSL_use_PrivateKey_file -SSL,function,141,SSL_use_RSAPrivateKey -SSL,function,142,SSL_use_RSAPrivateKey_ASN1 -SSL,function,143,SSL_use_RSAPrivateKey_file -SSL,function,144,SSL_use_certificate -SSL,function,145,SSL_use_certificate_ASN1 -SSL,function,146,SSL_use_certificate_file -SSL,function,147,SSL_use_psk_identity_hint -SSL,function,148,SSL_write -SSL,function,149,d2i_SSL_SESSION -SSL,function,152,do_ssl3_write -SSL,function,153,dtls1_accept -SSL,function,154,dtls1_buffer_record -SSL,function,155,dtls1_check_timeout_num -SSL,function,156,dtls1_connect -SSL,function,157,dtls1_do_write -SSL,function,263,dtls1_get_buffered_message -SSL,function,158,dtls1_get_hello_verify -SSL,function,159,dtls1_get_message -SSL,function,160,dtls1_get_message_fragment -SSL,function,265,dtls1_hm_fragment_new -SSL,function,161,dtls1_preprocess_fragment -SSL,function,264,dtls1_process_fragment -SSL,function,162,dtls1_process_record -SSL,function,163,dtls1_read_bytes -SSL,function,279,dtls1_seal_record -SSL,function,164,dtls1_send_hello_verify_request -SSL,function,165,dtls1_write_app_data -SSL,function,166,i2d_SSL_SESSION -SSL,function,167,ssl3_accept -SSL,function,169,ssl3_cert_verify_hash -SSL,function,170,ssl3_check_cert_and_algorithm -SSL,function,282,ssl3_check_certificate_for_cipher -SSL,function,171,ssl3_connect -SSL,function,172,ssl3_ctrl -SSL,function,173,ssl3_ctx_ctrl -SSL,function,174,ssl3_digest_cached_records -SSL,function,175,ssl3_do_change_cipher_spec -SSL,function,176,ssl3_expect_change_cipher_spec -SSL,function,177,ssl3_get_cert_status -SSL,function,178,ssl3_get_cert_verify -SSL,function,179,ssl3_get_certificate_request -SSL,function,180,ssl3_get_channel_id -SSL,function,181,ssl3_get_client_certificate -SSL,function,182,ssl3_get_client_hello -SSL,function,183,ssl3_get_client_key_exchange -SSL,function,184,ssl3_get_finished -SSL,function,185,ssl3_get_initial_bytes -SSL,function,186,ssl3_get_message -SSL,function,187,ssl3_get_new_session_ticket -SSL,function,188,ssl3_get_next_proto -SSL,function,189,ssl3_get_record -SSL,function,190,ssl3_get_server_certificate -SSL,function,191,ssl3_get_server_done -SSL,function,192,ssl3_get_server_hello -SSL,function,193,ssl3_get_server_key_exchange -SSL,function,194,ssl3_get_v2_client_hello -SSL,function,195,ssl3_handshake_mac -SSL,function,275,ssl3_output_cert_chain -SSL,function,196,ssl3_prf -SSL,function,197,ssl3_read_bytes -SSL,function,198,ssl3_read_n -SSL,function,267,ssl3_record_sequence_update -SSL,function,266,ssl3_seal_record -SSL,function,199,ssl3_send_cert_verify -SSL,function,200,ssl3_send_certificate_request -SSL,function,201,ssl3_send_channel_id -SSL,function,202,ssl3_send_client_certificate -SSL,function,203,ssl3_send_client_hello -SSL,function,204,ssl3_send_client_key_exchange -SSL,function,205,ssl3_send_server_certificate -SSL,function,206,ssl3_send_server_hello -SSL,function,207,ssl3_send_server_key_exchange -SSL,function,208,ssl3_setup_read_buffer -SSL,function,209,ssl3_setup_write_buffer -SSL,function,210,ssl3_write_bytes -SSL,function,211,ssl3_write_pending -SSL,function,212,ssl_add_cert_chain -SSL,function,213,ssl_add_cert_to_buf -SSL,function,214,ssl_add_clienthello_renegotiate_ext -SSL,function,215,ssl_add_clienthello_tlsext -SSL,function,216,ssl_add_clienthello_use_srtp_ext -SSL,function,217,ssl_add_serverhello_renegotiate_ext -SSL,function,218,ssl_add_serverhello_tlsext -SSL,function,219,ssl_add_serverhello_use_srtp_ext -SSL,function,220,ssl_build_cert_chain -SSL,function,221,ssl_bytes_to_cipher_list -SSL,function,222,ssl_cert_dup -SSL,function,223,ssl_cert_inst -SSL,function,224,ssl_cert_new -SSL,function,225,ssl_check_serverhello_tlsext -SSL,function,226,ssl_check_srvr_ecc_cert_and_alg -SSL,function,227,ssl_cipher_process_rulestr -SSL,function,228,ssl_cipher_strength_sort -SSL,function,229,ssl_create_cipher_list -SSL,function,230,ssl_ctx_log_master_secret -SSL,function,231,ssl_ctx_log_rsa_client_key_exchange -SSL,function,232,ssl_ctx_make_profiles -SSL,function,233,ssl_get_new_session -SSL,function,234,ssl_get_prev_session -SSL,function,235,ssl_get_server_cert_index -SSL,function,236,ssl_get_sign_pkey -SSL,function,237,ssl_init_wbio_buffer -SSL,function,238,ssl_parse_clienthello_renegotiate_ext -SSL,function,239,ssl_parse_clienthello_tlsext -SSL,function,240,ssl_parse_clienthello_use_srtp_ext -SSL,function,241,ssl_parse_serverhello_renegotiate_ext -SSL,function,242,ssl_parse_serverhello_tlsext -SSL,function,243,ssl_parse_serverhello_use_srtp_ext -SSL,function,244,ssl_scan_clienthello_tlsext -SSL,function,245,ssl_scan_serverhello_tlsext -SSL,function,246,ssl_sess_cert_new -SSL,function,247,ssl_set_cert -SSL,function,248,ssl_set_pkey -SSL,function,252,ssl_verify_cert_chain -SSL,function,253,tls12_check_peer_sigalg -SSL,function,254,tls1_aead_ctx_init -SSL,function,255,tls1_cert_verify_mac -SSL,function,256,tls1_change_cipher_state -SSL,function,257,tls1_change_cipher_state_aead -SSL,function,258,tls1_check_duplicate_extensions -SSL,function,259,tls1_enc -SSL,function,260,tls1_export_keying_material -SSL,function,261,tls1_prf -SSL,function,262,tls1_setup_key_block -SSL,reason,100,APP_DATA_IN_HANDSHAKE -SSL,reason,101,ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT -SSL,reason,102,BAD_ALERT -SSL,reason,103,BAD_CHANGE_CIPHER_SPEC -SSL,reason,104,BAD_DATA_RETURNED_BY_CALLBACK -SSL,reason,105,BAD_DH_P_LENGTH -SSL,reason,106,BAD_DIGEST_LENGTH -SSL,reason,107,BAD_ECC_CERT -SSL,reason,108,BAD_ECPOINT -SSL,reason,109,BAD_HANDSHAKE_LENGTH -SSL,reason,110,BAD_HANDSHAKE_RECORD -SSL,reason,111,BAD_HELLO_REQUEST -SSL,reason,112,BAD_LENGTH -SSL,reason,113,BAD_PACKET_LENGTH -SSL,reason,114,BAD_RSA_ENCRYPT -SSL,reason,115,BAD_SIGNATURE -SSL,reason,116,BAD_SRTP_MKI_VALUE -SSL,reason,117,BAD_SRTP_PROTECTION_PROFILE_LIST -SSL,reason,118,BAD_SSL_FILETYPE -SSL,reason,119,BAD_WRITE_RETRY -SSL,reason,120,BIO_NOT_SET -SSL,reason,121,BN_LIB -SSL,reason,272,BUFFER_TOO_SMALL -SSL,reason,122,CANNOT_SERIALIZE_PUBLIC_KEY -SSL,reason,123,CA_DN_LENGTH_MISMATCH -SSL,reason,124,CA_DN_TOO_LONG -SSL,reason,125,CCS_RECEIVED_EARLY -SSL,reason,126,CERTIFICATE_VERIFY_FAILED -SSL,reason,127,CERT_CB_ERROR -SSL,reason,128,CERT_LENGTH_MISMATCH -SSL,reason,129,CHANNEL_ID_NOT_P256 -SSL,reason,130,CHANNEL_ID_SIGNATURE_INVALID -SSL,reason,131,CIPHER_CODE_WRONG_LENGTH -SSL,reason,132,CIPHER_OR_HASH_UNAVAILABLE -SSL,reason,133,CLIENTHELLO_PARSE_FAILED -SSL,reason,134,CLIENTHELLO_TLSEXT -SSL,reason,135,CONNECTION_REJECTED -SSL,reason,136,CONNECTION_TYPE_NOT_SET -SSL,reason,137,COOKIE_MISMATCH -SSL,reason,138,D2I_ECDSA_SIG -SSL,reason,139,DATA_BETWEEN_CCS_AND_FINISHED -SSL,reason,140,DATA_LENGTH_TOO_LONG -SSL,reason,141,DECODE_ERROR -SSL,reason,142,DECRYPTION_FAILED -SSL,reason,143,DECRYPTION_FAILED_OR_BAD_RECORD_MAC -SSL,reason,144,DH_PUBLIC_VALUE_LENGTH_IS_WRONG -SSL,reason,145,DIGEST_CHECK_FAILED -SSL,reason,146,DTLS_MESSAGE_TOO_BIG -SSL,reason,147,ECC_CERT_NOT_FOR_SIGNING -SSL,reason,148,EMPTY_SRTP_PROTECTION_PROFILE_LIST -SSL,reason,276,EMS_STATE_INCONSISTENT -SSL,reason,149,ENCRYPTED_LENGTH_TOO_LONG -SSL,reason,150,ERROR_IN_RECEIVED_CIPHER_LIST -SSL,reason,151,EVP_DIGESTSIGNFINAL_FAILED -SSL,reason,152,EVP_DIGESTSIGNINIT_FAILED -SSL,reason,153,EXCESSIVE_MESSAGE_SIZE -SSL,reason,154,EXTRA_DATA_IN_MESSAGE -SSL,reason,271,FRAGMENT_MISMATCH -SSL,reason,155,GOT_A_FIN_BEFORE_A_CCS -SSL,reason,156,GOT_CHANNEL_ID_BEFORE_A_CCS -SSL,reason,157,GOT_NEXT_PROTO_BEFORE_A_CCS -SSL,reason,158,GOT_NEXT_PROTO_WITHOUT_EXTENSION -SSL,reason,159,HANDSHAKE_FAILURE_ON_CLIENT_HELLO -SSL,reason,160,HANDSHAKE_RECORD_BEFORE_CCS -SSL,reason,161,HTTPS_PROXY_REQUEST -SSL,reason,162,HTTP_REQUEST -SSL,reason,163,INAPPROPRIATE_FALLBACK -SSL,reason,164,INVALID_COMMAND -SSL,reason,165,INVALID_MESSAGE -SSL,reason,166,INVALID_SSL_SESSION -SSL,reason,167,INVALID_TICKET_KEYS_LENGTH -SSL,reason,168,LENGTH_MISMATCH -SSL,reason,169,LIBRARY_HAS_NO_CIPHERS -SSL,reason,170,MISSING_DH_KEY -SSL,reason,171,MISSING_ECDSA_SIGNING_CERT -SSL,reason,172,MISSING_RSA_CERTIFICATE -SSL,reason,173,MISSING_RSA_ENCRYPTING_CERT -SSL,reason,174,MISSING_RSA_SIGNING_CERT -SSL,reason,175,MISSING_TMP_DH_KEY -SSL,reason,176,MISSING_TMP_ECDH_KEY -SSL,reason,177,MIXED_SPECIAL_OPERATOR_WITH_GROUPS -SSL,reason,178,MTU_TOO_SMALL -SSL,reason,179,NESTED_GROUP -SSL,reason,180,NO_CERTIFICATES_RETURNED -SSL,reason,181,NO_CERTIFICATE_ASSIGNED -SSL,reason,182,NO_CERTIFICATE_SET -SSL,reason,183,NO_CIPHERS_AVAILABLE -SSL,reason,184,NO_CIPHERS_PASSED -SSL,reason,185,NO_CIPHERS_SPECIFIED -SSL,reason,186,NO_CIPHER_MATCH -SSL,reason,187,NO_COMPRESSION_SPECIFIED -SSL,reason,188,NO_METHOD_SPECIFIED -SSL,reason,189,NO_P256_SUPPORT -SSL,reason,190,NO_PRIVATE_KEY_ASSIGNED -SSL,reason,191,NO_RENEGOTIATION -SSL,reason,192,NO_REQUIRED_DIGEST -SSL,reason,193,NO_SHARED_CIPHER -SSL,reason,194,NO_SHARED_SIGATURE_ALGORITHMS -SSL,reason,195,NO_SRTP_PROFILES -SSL,reason,196,NULL_SSL_CTX -SSL,reason,197,NULL_SSL_METHOD_PASSED -SSL,reason,198,OLD_SESSION_CIPHER_NOT_RETURNED -SSL,reason,273,OLD_SESSION_VERSION_NOT_RETURNED -SSL,reason,274,OUTPUT_ALIASES_INPUT -SSL,reason,199,PACKET_LENGTH_TOO_LONG -SSL,reason,200,PARSE_TLSEXT -SSL,reason,201,PATH_TOO_LONG -SSL,reason,202,PEER_DID_NOT_RETURN_A_CERTIFICATE -SSL,reason,203,PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE -SSL,reason,204,PROTOCOL_IS_SHUTDOWN -SSL,reason,205,PSK_IDENTITY_NOT_FOUND -SSL,reason,206,PSK_NO_CLIENT_CB -SSL,reason,207,PSK_NO_SERVER_CB -SSL,reason,208,READ_BIO_NOT_SET -SSL,reason,209,READ_TIMEOUT_EXPIRED -SSL,reason,210,RECORD_LENGTH_MISMATCH -SSL,reason,211,RECORD_TOO_LARGE -SSL,reason,212,RENEGOTIATE_EXT_TOO_LONG -SSL,reason,213,RENEGOTIATION_ENCODING_ERR -SSL,reason,214,RENEGOTIATION_MISMATCH -SSL,reason,215,REQUIRED_CIPHER_MISSING -SSL,reason,275,RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION -SSL,reason,277,RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION -SSL,reason,216,SCSV_RECEIVED_WHEN_RENEGOTIATING -SSL,reason,217,SERVERHELLO_TLSEXT -SSL,reason,218,SESSION_ID_CONTEXT_UNINITIALIZED -SSL,reason,219,SESSION_MAY_NOT_BE_CREATED -SSL,reason,220,SIGNATURE_ALGORITHMS_ERROR -SSL,reason,221,SRTP_COULD_NOT_ALLOCATE_PROFILES -SSL,reason,222,SRTP_PROTECTION_PROFILE_LIST_TOO_LONG -SSL,reason,223,SRTP_UNKNOWN_PROTECTION_PROFILE -SSL,reason,224,SSL3_EXT_INVALID_SERVERNAME -SSL,reason,225,SSL3_EXT_INVALID_SERVERNAME_TYPE -SSL,reason,1042,SSLV3_ALERT_BAD_CERTIFICATE -SSL,reason,1020,SSLV3_ALERT_BAD_RECORD_MAC -SSL,reason,1045,SSLV3_ALERT_CERTIFICATE_EXPIRED -SSL,reason,1044,SSLV3_ALERT_CERTIFICATE_REVOKED -SSL,reason,1046,SSLV3_ALERT_CERTIFICATE_UNKNOWN -SSL,reason,1000,SSLV3_ALERT_CLOSE_NOTIFY -SSL,reason,1030,SSLV3_ALERT_DECOMPRESSION_FAILURE -SSL,reason,1040,SSLV3_ALERT_HANDSHAKE_FAILURE -SSL,reason,1047,SSLV3_ALERT_ILLEGAL_PARAMETER -SSL,reason,1041,SSLV3_ALERT_NO_CERTIFICATE -SSL,reason,1010,SSLV3_ALERT_UNEXPECTED_MESSAGE -SSL,reason,1043,SSLV3_ALERT_UNSUPPORTED_CERTIFICATE -SSL,reason,226,SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION -SSL,reason,227,SSL_HANDSHAKE_FAILURE -SSL,reason,228,SSL_SESSION_ID_CALLBACK_FAILED -SSL,reason,229,SSL_SESSION_ID_CONFLICT -SSL,reason,230,SSL_SESSION_ID_CONTEXT_TOO_LONG -SSL,reason,231,SSL_SESSION_ID_HAS_BAD_LENGTH -SSL,reason,1049,TLSV1_ALERT_ACCESS_DENIED -SSL,reason,1050,TLSV1_ALERT_DECODE_ERROR -SSL,reason,1021,TLSV1_ALERT_DECRYPTION_FAILED -SSL,reason,1051,TLSV1_ALERT_DECRYPT_ERROR -SSL,reason,1060,TLSV1_ALERT_EXPORT_RESTRICTION -SSL,reason,1086,TLSV1_ALERT_INAPPROPRIATE_FALLBACK -SSL,reason,1071,TLSV1_ALERT_INSUFFICIENT_SECURITY -SSL,reason,1080,TLSV1_ALERT_INTERNAL_ERROR -SSL,reason,1100,TLSV1_ALERT_NO_RENEGOTIATION -SSL,reason,1070,TLSV1_ALERT_PROTOCOL_VERSION -SSL,reason,1022,TLSV1_ALERT_RECORD_OVERFLOW -SSL,reason,1048,TLSV1_ALERT_UNKNOWN_CA -SSL,reason,1090,TLSV1_ALERT_USER_CANCELLED -SSL,reason,1114,TLSV1_BAD_CERTIFICATE_HASH_VALUE -SSL,reason,1113,TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE -SSL,reason,1111,TLSV1_CERTIFICATE_UNOBTAINABLE -SSL,reason,1112,TLSV1_UNRECOGNIZED_NAME -SSL,reason,1110,TLSV1_UNSUPPORTED_EXTENSION -SSL,reason,232,TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER -SSL,reason,233,TLS_ILLEGAL_EXPORTER_LABEL -SSL,reason,234,TLS_INVALID_ECPOINTFORMAT_LIST -SSL,reason,235,TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST -SSL,reason,236,TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG -SSL,reason,237,TOO_MANY_EMPTY_FRAGMENTS -SSL,reason,238,UNABLE_TO_FIND_ECDH_PARAMETERS -SSL,reason,239,UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS -SSL,reason,240,UNEXPECTED_GROUP_CLOSE -SSL,reason,241,UNEXPECTED_MESSAGE -SSL,reason,242,UNEXPECTED_OPERATOR_IN_GROUP -SSL,reason,243,UNEXPECTED_RECORD -SSL,reason,244,UNINITIALIZED -SSL,reason,245,UNKNOWN_ALERT_TYPE -SSL,reason,246,UNKNOWN_CERTIFICATE_TYPE -SSL,reason,247,UNKNOWN_CIPHER_RETURNED -SSL,reason,248,UNKNOWN_CIPHER_TYPE -SSL,reason,249,UNKNOWN_DIGEST -SSL,reason,250,UNKNOWN_KEY_EXCHANGE_TYPE -SSL,reason,251,UNKNOWN_PROTOCOL -SSL,reason,252,UNKNOWN_SSL_VERSION -SSL,reason,253,UNKNOWN_STATE -SSL,reason,254,UNPROCESSED_HANDSHAKE_DATA -SSL,reason,255,UNSAFE_LEGACY_RENEGOTIATION_DISABLED -SSL,reason,256,UNSUPPORTED_CIPHER -SSL,reason,257,UNSUPPORTED_COMPRESSION_ALGORITHM -SSL,reason,258,UNSUPPORTED_ELLIPTIC_CURVE -SSL,reason,259,UNSUPPORTED_PROTOCOL -SSL,reason,260,UNSUPPORTED_SSL_VERSION -SSL,reason,261,USE_SRTP_NOT_NEGOTIATED -SSL,reason,262,WRONG_CERTIFICATE_TYPE -SSL,reason,263,WRONG_CIPHER_RETURNED -SSL,reason,264,WRONG_CURVE -SSL,reason,265,WRONG_MESSAGE_TYPE -SSL,reason,266,WRONG_SIGNATURE_TYPE -SSL,reason,267,WRONG_SSL_VERSION -SSL,reason,268,WRONG_VERSION_NUMBER -SSL,reason,269,X509_LIB -SSL,reason,270,X509_VERIFICATION_SETUP_PROBLEMS +SSL,100,APP_DATA_IN_HANDSHAKE +SSL,101,ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT +SSL,102,BAD_ALERT +SSL,103,BAD_CHANGE_CIPHER_SPEC +SSL,104,BAD_DATA_RETURNED_BY_CALLBACK +SSL,105,BAD_DH_P_LENGTH +SSL,106,BAD_DIGEST_LENGTH +SSL,107,BAD_ECC_CERT +SSL,108,BAD_ECPOINT +SSL,109,BAD_HANDSHAKE_LENGTH +SSL,110,BAD_HANDSHAKE_RECORD +SSL,111,BAD_HELLO_REQUEST +SSL,112,BAD_LENGTH +SSL,113,BAD_PACKET_LENGTH +SSL,114,BAD_RSA_ENCRYPT +SSL,115,BAD_SIGNATURE +SSL,116,BAD_SRTP_MKI_VALUE +SSL,117,BAD_SRTP_PROTECTION_PROFILE_LIST +SSL,118,BAD_SSL_FILETYPE +SSL,119,BAD_WRITE_RETRY +SSL,120,BIO_NOT_SET +SSL,121,BN_LIB +SSL,272,BUFFER_TOO_SMALL +SSL,122,CANNOT_SERIALIZE_PUBLIC_KEY +SSL,123,CA_DN_LENGTH_MISMATCH +SSL,124,CA_DN_TOO_LONG +SSL,125,CCS_RECEIVED_EARLY +SSL,126,CERTIFICATE_VERIFY_FAILED +SSL,127,CERT_CB_ERROR +SSL,128,CERT_LENGTH_MISMATCH +SSL,129,CHANNEL_ID_NOT_P256 +SSL,130,CHANNEL_ID_SIGNATURE_INVALID +SSL,131,CIPHER_CODE_WRONG_LENGTH +SSL,132,CIPHER_OR_HASH_UNAVAILABLE +SSL,133,CLIENTHELLO_PARSE_FAILED +SSL,134,CLIENTHELLO_TLSEXT +SSL,135,CONNECTION_REJECTED +SSL,136,CONNECTION_TYPE_NOT_SET +SSL,137,COOKIE_MISMATCH +SSL,284,CUSTOM_EXTENSION_CONTENTS_TOO_LARGE +SSL,285,CUSTOM_EXTENSION_ERROR +SSL,138,D2I_ECDSA_SIG +SSL,139,DATA_BETWEEN_CCS_AND_FINISHED +SSL,140,DATA_LENGTH_TOO_LONG +SSL,141,DECODE_ERROR +SSL,142,DECRYPTION_FAILED +SSL,143,DECRYPTION_FAILED_OR_BAD_RECORD_MAC +SSL,144,DH_PUBLIC_VALUE_LENGTH_IS_WRONG +SSL,145,DIGEST_CHECK_FAILED +SSL,146,DTLS_MESSAGE_TOO_BIG +SSL,147,ECC_CERT_NOT_FOR_SIGNING +SSL,148,EMPTY_SRTP_PROTECTION_PROFILE_LIST +SSL,276,EMS_STATE_INCONSISTENT +SSL,149,ENCRYPTED_LENGTH_TOO_LONG +SSL,281,ERROR_ADDING_EXTENSION +SSL,150,ERROR_IN_RECEIVED_CIPHER_LIST +SSL,282,ERROR_PARSING_EXTENSION +SSL,151,EVP_DIGESTSIGNFINAL_FAILED +SSL,152,EVP_DIGESTSIGNINIT_FAILED +SSL,153,EXCESSIVE_MESSAGE_SIZE +SSL,154,EXTRA_DATA_IN_MESSAGE +SSL,271,FRAGMENT_MISMATCH +SSL,155,GOT_A_FIN_BEFORE_A_CCS +SSL,156,GOT_CHANNEL_ID_BEFORE_A_CCS +SSL,157,GOT_NEXT_PROTO_BEFORE_A_CCS +SSL,158,GOT_NEXT_PROTO_WITHOUT_EXTENSION +SSL,159,HANDSHAKE_FAILURE_ON_CLIENT_HELLO +SSL,160,HANDSHAKE_RECORD_BEFORE_CCS +SSL,161,HTTPS_PROXY_REQUEST +SSL,162,HTTP_REQUEST +SSL,163,INAPPROPRIATE_FALLBACK +SSL,164,INVALID_COMMAND +SSL,165,INVALID_MESSAGE +SSL,166,INVALID_SSL_SESSION +SSL,167,INVALID_TICKET_KEYS_LENGTH +SSL,168,LENGTH_MISMATCH +SSL,169,LIBRARY_HAS_NO_CIPHERS +SSL,170,MISSING_DH_KEY +SSL,171,MISSING_ECDSA_SIGNING_CERT +SSL,283,MISSING_EXTENSION +SSL,172,MISSING_RSA_CERTIFICATE +SSL,173,MISSING_RSA_ENCRYPTING_CERT +SSL,174,MISSING_RSA_SIGNING_CERT +SSL,175,MISSING_TMP_DH_KEY +SSL,176,MISSING_TMP_ECDH_KEY +SSL,177,MIXED_SPECIAL_OPERATOR_WITH_GROUPS +SSL,178,MTU_TOO_SMALL +SSL,286,NEGOTIATED_BOTH_NPN_AND_ALPN +SSL,179,NESTED_GROUP +SSL,180,NO_CERTIFICATES_RETURNED +SSL,181,NO_CERTIFICATE_ASSIGNED +SSL,182,NO_CERTIFICATE_SET +SSL,183,NO_CIPHERS_AVAILABLE +SSL,184,NO_CIPHERS_PASSED +SSL,185,NO_CIPHERS_SPECIFIED +SSL,186,NO_CIPHER_MATCH +SSL,187,NO_COMPRESSION_SPECIFIED +SSL,188,NO_METHOD_SPECIFIED +SSL,189,NO_P256_SUPPORT +SSL,190,NO_PRIVATE_KEY_ASSIGNED +SSL,191,NO_RENEGOTIATION +SSL,192,NO_REQUIRED_DIGEST +SSL,193,NO_SHARED_CIPHER +SSL,194,NO_SHARED_SIGATURE_ALGORITHMS +SSL,195,NO_SRTP_PROFILES +SSL,196,NULL_SSL_CTX +SSL,197,NULL_SSL_METHOD_PASSED +SSL,198,OLD_SESSION_CIPHER_NOT_RETURNED +SSL,273,OLD_SESSION_VERSION_NOT_RETURNED +SSL,274,OUTPUT_ALIASES_INPUT +SSL,199,PACKET_LENGTH_TOO_LONG +SSL,200,PARSE_TLSEXT +SSL,201,PATH_TOO_LONG +SSL,202,PEER_DID_NOT_RETURN_A_CERTIFICATE +SSL,203,PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE +SSL,204,PROTOCOL_IS_SHUTDOWN +SSL,205,PSK_IDENTITY_NOT_FOUND +SSL,206,PSK_NO_CLIENT_CB +SSL,207,PSK_NO_SERVER_CB +SSL,208,READ_BIO_NOT_SET +SSL,209,READ_TIMEOUT_EXPIRED +SSL,210,RECORD_LENGTH_MISMATCH +SSL,211,RECORD_TOO_LARGE +SSL,212,RENEGOTIATE_EXT_TOO_LONG +SSL,213,RENEGOTIATION_ENCODING_ERR +SSL,214,RENEGOTIATION_MISMATCH +SSL,215,REQUIRED_CIPHER_MISSING +SSL,275,RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION +SSL,277,RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION +SSL,216,SCSV_RECEIVED_WHEN_RENEGOTIATING +SSL,217,SERVERHELLO_TLSEXT +SSL,218,SESSION_ID_CONTEXT_UNINITIALIZED +SSL,219,SESSION_MAY_NOT_BE_CREATED +SSL,220,SIGNATURE_ALGORITHMS_ERROR +SSL,280,SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER +SSL,221,SRTP_COULD_NOT_ALLOCATE_PROFILES +SSL,222,SRTP_PROTECTION_PROFILE_LIST_TOO_LONG +SSL,223,SRTP_UNKNOWN_PROTECTION_PROFILE +SSL,224,SSL3_EXT_INVALID_SERVERNAME +SSL,225,SSL3_EXT_INVALID_SERVERNAME_TYPE +SSL,1042,SSLV3_ALERT_BAD_CERTIFICATE +SSL,1020,SSLV3_ALERT_BAD_RECORD_MAC +SSL,1045,SSLV3_ALERT_CERTIFICATE_EXPIRED +SSL,1044,SSLV3_ALERT_CERTIFICATE_REVOKED +SSL,1046,SSLV3_ALERT_CERTIFICATE_UNKNOWN +SSL,1000,SSLV3_ALERT_CLOSE_NOTIFY +SSL,1030,SSLV3_ALERT_DECOMPRESSION_FAILURE +SSL,1040,SSLV3_ALERT_HANDSHAKE_FAILURE +SSL,1047,SSLV3_ALERT_ILLEGAL_PARAMETER +SSL,1041,SSLV3_ALERT_NO_CERTIFICATE +SSL,1010,SSLV3_ALERT_UNEXPECTED_MESSAGE +SSL,1043,SSLV3_ALERT_UNSUPPORTED_CERTIFICATE +SSL,226,SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION +SSL,227,SSL_HANDSHAKE_FAILURE +SSL,228,SSL_SESSION_ID_CALLBACK_FAILED +SSL,229,SSL_SESSION_ID_CONFLICT +SSL,230,SSL_SESSION_ID_CONTEXT_TOO_LONG +SSL,231,SSL_SESSION_ID_HAS_BAD_LENGTH +SSL,1049,TLSV1_ALERT_ACCESS_DENIED +SSL,1050,TLSV1_ALERT_DECODE_ERROR +SSL,1021,TLSV1_ALERT_DECRYPTION_FAILED +SSL,1051,TLSV1_ALERT_DECRYPT_ERROR +SSL,1060,TLSV1_ALERT_EXPORT_RESTRICTION +SSL,1086,TLSV1_ALERT_INAPPROPRIATE_FALLBACK +SSL,1071,TLSV1_ALERT_INSUFFICIENT_SECURITY +SSL,1080,TLSV1_ALERT_INTERNAL_ERROR +SSL,1100,TLSV1_ALERT_NO_RENEGOTIATION +SSL,1070,TLSV1_ALERT_PROTOCOL_VERSION +SSL,1022,TLSV1_ALERT_RECORD_OVERFLOW +SSL,1048,TLSV1_ALERT_UNKNOWN_CA +SSL,1090,TLSV1_ALERT_USER_CANCELLED +SSL,1114,TLSV1_BAD_CERTIFICATE_HASH_VALUE +SSL,1113,TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE +SSL,1111,TLSV1_CERTIFICATE_UNOBTAINABLE +SSL,1112,TLSV1_UNRECOGNIZED_NAME +SSL,1110,TLSV1_UNSUPPORTED_EXTENSION +SSL,232,TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER +SSL,233,TLS_ILLEGAL_EXPORTER_LABEL +SSL,234,TLS_INVALID_ECPOINTFORMAT_LIST +SSL,235,TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST +SSL,236,TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG +SSL,237,TOO_MANY_EMPTY_FRAGMENTS +SSL,278,TOO_MANY_WARNING_ALERTS +SSL,238,UNABLE_TO_FIND_ECDH_PARAMETERS +SSL,239,UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS +SSL,279,UNEXPECTED_EXTENSION +SSL,240,UNEXPECTED_GROUP_CLOSE +SSL,241,UNEXPECTED_MESSAGE +SSL,242,UNEXPECTED_OPERATOR_IN_GROUP +SSL,243,UNEXPECTED_RECORD +SSL,244,UNINITIALIZED +SSL,245,UNKNOWN_ALERT_TYPE +SSL,246,UNKNOWN_CERTIFICATE_TYPE +SSL,247,UNKNOWN_CIPHER_RETURNED +SSL,248,UNKNOWN_CIPHER_TYPE +SSL,249,UNKNOWN_DIGEST +SSL,250,UNKNOWN_KEY_EXCHANGE_TYPE +SSL,251,UNKNOWN_PROTOCOL +SSL,252,UNKNOWN_SSL_VERSION +SSL,253,UNKNOWN_STATE +SSL,254,UNPROCESSED_HANDSHAKE_DATA +SSL,255,UNSAFE_LEGACY_RENEGOTIATION_DISABLED +SSL,256,UNSUPPORTED_CIPHER +SSL,257,UNSUPPORTED_COMPRESSION_ALGORITHM +SSL,258,UNSUPPORTED_ELLIPTIC_CURVE +SSL,259,UNSUPPORTED_PROTOCOL +SSL,260,UNSUPPORTED_SSL_VERSION +SSL,261,USE_SRTP_NOT_NEGOTIATED +SSL,262,WRONG_CERTIFICATE_TYPE +SSL,263,WRONG_CIPHER_RETURNED +SSL,264,WRONG_CURVE +SSL,265,WRONG_MESSAGE_TYPE +SSL,266,WRONG_SIGNATURE_TYPE +SSL,267,WRONG_SSL_VERSION +SSL,268,WRONG_VERSION_NUMBER +SSL,269,X509_LIB +SSL,270,X509_VERIFICATION_SETUP_PROBLEMS diff --git a/src/crypto/err/x509.errordata b/src/crypto/err/x509.errordata index 1b50e36..f4828ce 100644 --- a/src/crypto/err/x509.errordata +++ b/src/crypto/err/x509.errordata @@ -1,96 +1,37 @@ -X509,function,100,ASN1_digest -X509,function,101,ASN1_item_sign_ctx -X509,function,102,ASN1_item_verify -X509,function,103,NETSCAPE_SPKI_b64_decode -X509,function,104,NETSCAPE_SPKI_b64_encode -X509,function,158,PKCS7_get_CRLs -X509,function,105,PKCS7_get_certificates -X509,function,106,X509_ATTRIBUTE_create_by_NID -X509,function,107,X509_ATTRIBUTE_create_by_OBJ -X509,function,108,X509_ATTRIBUTE_create_by_txt -X509,function,109,X509_ATTRIBUTE_get0_data -X509,function,110,X509_ATTRIBUTE_set1_data -X509,function,111,X509_CRL_add0_revoked -X509,function,112,X509_CRL_diff -X509,function,113,X509_CRL_print_fp -X509,function,114,X509_EXTENSION_create_by_NID -X509,function,115,X509_EXTENSION_create_by_OBJ -X509,function,116,X509_INFO_new -X509,function,117,X509_NAME_ENTRY_create_by_NID -X509,function,118,X509_NAME_ENTRY_create_by_txt -X509,function,119,X509_NAME_ENTRY_set_object -X509,function,120,X509_NAME_add_entry -X509,function,121,X509_NAME_oneline -X509,function,122,X509_NAME_print -X509,function,123,X509_PKEY_new -X509,function,124,X509_PUBKEY_get -X509,function,125,X509_PUBKEY_set -X509,function,126,X509_REQ_check_private_key -X509,function,127,X509_REQ_to_X509 -X509,function,128,X509_STORE_CTX_get1_issuer -X509,function,129,X509_STORE_CTX_init -X509,function,130,X509_STORE_CTX_new -X509,function,131,X509_STORE_CTX_purpose_inherit -X509,function,132,X509_STORE_add_cert -X509,function,133,X509_STORE_add_crl -X509,function,134,X509_TRUST_add -X509,function,135,X509_TRUST_set -X509,function,136,X509_check_private_key -X509,function,137,X509_get_pubkey_parameters -X509,function,138,X509_load_cert_crl_file -X509,function,139,X509_load_cert_file -X509,function,140,X509_load_crl_file -X509,function,141,X509_print_ex_fp -X509,function,142,X509_to_X509_REQ -X509,function,143,X509_verify_cert -X509,function,144,X509at_add1_attr -X509,function,145,X509v3_add_ext -X509,function,146,add_cert_dir -X509,function,147,by_file_ctrl -X509,function,148,check_policy -X509,function,149,dir_ctrl -X509,function,150,get_cert_by_subject -X509,function,151,i2d_DSA_PUBKEY -X509,function,152,i2d_EC_PUBKEY -X509,function,153,i2d_RSA_PUBKEY -X509,function,157,pkcs7_parse_header -X509,function,154,x509_name_encode -X509,function,155,x509_name_ex_d2i -X509,function,156,x509_name_ex_new -X509,reason,100,AKID_MISMATCH -X509,reason,101,BAD_PKCS7_VERSION -X509,reason,102,BAD_X509_FILETYPE -X509,reason,103,BASE64_DECODE_ERROR -X509,reason,104,CANT_CHECK_DH_KEY -X509,reason,105,CERT_ALREADY_IN_HASH_TABLE -X509,reason,106,CRL_ALREADY_DELTA -X509,reason,107,CRL_VERIFY_FAILURE -X509,reason,108,IDP_MISMATCH -X509,reason,109,INVALID_BIT_STRING_BITS_LEFT -X509,reason,110,INVALID_DIRECTORY -X509,reason,111,INVALID_FIELD_NAME -X509,reason,112,INVALID_TRUST -X509,reason,113,ISSUER_MISMATCH -X509,reason,114,KEY_TYPE_MISMATCH -X509,reason,115,KEY_VALUES_MISMATCH -X509,reason,116,LOADING_CERT_DIR -X509,reason,117,LOADING_DEFAULTS -X509,reason,118,METHOD_NOT_SUPPORTED -X509,reason,119,NEWER_CRL_NOT_NEWER -X509,reason,120,NOT_PKCS7_SIGNED_DATA -X509,reason,121,NO_CERTIFICATES_INCLUDED -X509,reason,122,NO_CERT_SET_FOR_US_TO_VERIFY -X509,reason,136,NO_CRLS_INCLUDED -X509,reason,123,NO_CRL_NUMBER -X509,reason,124,PUBLIC_KEY_DECODE_ERROR -X509,reason,125,PUBLIC_KEY_ENCODE_ERROR -X509,reason,126,SHOULD_RETRY -X509,reason,127,UNABLE_TO_FIND_PARAMETERS_IN_CHAIN -X509,reason,128,UNABLE_TO_GET_CERTS_PUBLIC_KEY -X509,reason,129,UNKNOWN_KEY_TYPE -X509,reason,130,UNKNOWN_NID -X509,reason,131,UNKNOWN_PURPOSE_ID -X509,reason,132,UNKNOWN_TRUST_ID -X509,reason,133,UNSUPPORTED_ALGORITHM -X509,reason,134,WRONG_LOOKUP_TYPE -X509,reason,135,WRONG_TYPE +X509,100,AKID_MISMATCH +X509,101,BAD_PKCS7_VERSION +X509,102,BAD_X509_FILETYPE +X509,103,BASE64_DECODE_ERROR +X509,104,CANT_CHECK_DH_KEY +X509,105,CERT_ALREADY_IN_HASH_TABLE +X509,106,CRL_ALREADY_DELTA +X509,107,CRL_VERIFY_FAILURE +X509,108,IDP_MISMATCH +X509,109,INVALID_BIT_STRING_BITS_LEFT +X509,110,INVALID_DIRECTORY +X509,111,INVALID_FIELD_NAME +X509,112,INVALID_TRUST +X509,113,ISSUER_MISMATCH +X509,114,KEY_TYPE_MISMATCH +X509,115,KEY_VALUES_MISMATCH +X509,116,LOADING_CERT_DIR +X509,117,LOADING_DEFAULTS +X509,118,METHOD_NOT_SUPPORTED +X509,119,NEWER_CRL_NOT_NEWER +X509,120,NOT_PKCS7_SIGNED_DATA +X509,121,NO_CERTIFICATES_INCLUDED +X509,122,NO_CERT_SET_FOR_US_TO_VERIFY +X509,136,NO_CRLS_INCLUDED +X509,123,NO_CRL_NUMBER +X509,124,PUBLIC_KEY_DECODE_ERROR +X509,125,PUBLIC_KEY_ENCODE_ERROR +X509,126,SHOULD_RETRY +X509,127,UNABLE_TO_FIND_PARAMETERS_IN_CHAIN +X509,128,UNABLE_TO_GET_CERTS_PUBLIC_KEY +X509,129,UNKNOWN_KEY_TYPE +X509,130,UNKNOWN_NID +X509,131,UNKNOWN_PURPOSE_ID +X509,132,UNKNOWN_TRUST_ID +X509,133,UNSUPPORTED_ALGORITHM +X509,134,WRONG_LOOKUP_TYPE +X509,135,WRONG_TYPE diff --git a/src/crypto/err/x509v3.errordata b/src/crypto/err/x509v3.errordata index 059e677..e53b780 100644 --- a/src/crypto/err/x509v3.errordata +++ b/src/crypto/err/x509v3.errordata @@ -1,120 +1,63 @@ -X509V3,function,100,SXNET_add_id_INTEGER -X509V3,function,101,SXNET_add_id_asc -X509V3,function,102,SXNET_add_id_ulong -X509V3,function,103,SXNET_get_id_asc -X509V3,function,104,SXNET_get_id_ulong -X509V3,function,105,X509V3_EXT_add -X509V3,function,106,X509V3_EXT_add_alias -X509V3,function,107,X509V3_EXT_free -X509V3,function,108,X509V3_EXT_i2d -X509V3,function,109,X509V3_EXT_nconf -X509V3,function,110,X509V3_add1_i2d -X509V3,function,111,X509V3_add_value -X509V3,function,112,X509V3_get_section -X509V3,function,113,X509V3_get_string -X509V3,function,114,X509V3_get_value_bool -X509V3,function,115,X509V3_parse_list -X509V3,function,116,X509_PURPOSE_add -X509V3,function,117,X509_PURPOSE_set -X509V3,function,118,a2i_GENERAL_NAME -X509V3,function,119,copy_email -X509V3,function,120,copy_issuer -X509V3,function,121,do_dirname -X509V3,function,122,do_ext_i2d -X509V3,function,123,do_ext_nconf -X509V3,function,124,gnames_from_sectname -X509V3,function,125,hex_to_string -X509V3,function,126,i2s_ASN1_ENUMERATED -X509V3,function,127,i2s_ASN1_IA5STRING -X509V3,function,128,i2s_ASN1_INTEGER -X509V3,function,129,i2v_AUTHORITY_INFO_ACCESS -X509V3,function,130,notice_section -X509V3,function,131,nref_nos -X509V3,function,132,policy_section -X509V3,function,133,process_pci_value -X509V3,function,134,r2i_certpol -X509V3,function,135,r2i_pci -X509V3,function,136,s2i_ASN1_IA5STRING -X509V3,function,137,s2i_ASN1_INTEGER -X509V3,function,138,s2i_ASN1_OCTET_STRING -X509V3,function,139,s2i_skey_id -X509V3,function,140,set_dist_point_name -X509V3,function,141,string_to_hex -X509V3,function,142,v2i_ASN1_BIT_STRING -X509V3,function,143,v2i_AUTHORITY_INFO_ACCESS -X509V3,function,144,v2i_AUTHORITY_KEYID -X509V3,function,145,v2i_BASIC_CONSTRAINTS -X509V3,function,146,v2i_EXTENDED_KEY_USAGE -X509V3,function,147,v2i_GENERAL_NAMES -X509V3,function,148,v2i_GENERAL_NAME_ex -X509V3,function,149,v2i_NAME_CONSTRAINTS -X509V3,function,150,v2i_POLICY_CONSTRAINTS -X509V3,function,151,v2i_POLICY_MAPPINGS -X509V3,function,152,v2i_crld -X509V3,function,153,v2i_idp -X509V3,function,154,v2i_issuer_alt -X509V3,function,155,v2i_subject_alt -X509V3,function,156,v3_generic_extension -X509V3,reason,100,BAD_IP_ADDRESS -X509V3,reason,101,BAD_OBJECT -X509V3,reason,102,BN_DEC2BN_ERROR -X509V3,reason,103,BN_TO_ASN1_INTEGER_ERROR -X509V3,reason,104,CANNOT_FIND_FREE_FUNCTION -X509V3,reason,105,DIRNAME_ERROR -X509V3,reason,106,DISTPOINT_ALREADY_SET -X509V3,reason,107,DUPLICATE_ZONE_ID -X509V3,reason,108,ERROR_CONVERTING_ZONE -X509V3,reason,109,ERROR_CREATING_EXTENSION -X509V3,reason,110,ERROR_IN_EXTENSION -X509V3,reason,111,EXPECTED_A_SECTION_NAME -X509V3,reason,112,EXTENSION_EXISTS -X509V3,reason,113,EXTENSION_NAME_ERROR -X509V3,reason,114,EXTENSION_NOT_FOUND -X509V3,reason,115,EXTENSION_SETTING_NOT_SUPPORTED -X509V3,reason,116,EXTENSION_VALUE_ERROR -X509V3,reason,117,ILLEGAL_EMPTY_EXTENSION -X509V3,reason,118,ILLEGAL_HEX_DIGIT -X509V3,reason,119,INCORRECT_POLICY_SYNTAX_TAG -X509V3,reason,120,INVALID_BOOLEAN_STRING -X509V3,reason,121,INVALID_EXTENSION_STRING -X509V3,reason,122,INVALID_MULTIPLE_RDNS -X509V3,reason,123,INVALID_NAME -X509V3,reason,124,INVALID_NULL_ARGUMENT -X509V3,reason,125,INVALID_NULL_NAME -X509V3,reason,126,INVALID_NULL_VALUE -X509V3,reason,127,INVALID_NUMBER -X509V3,reason,128,INVALID_NUMBERS -X509V3,reason,129,INVALID_OBJECT_IDENTIFIER -X509V3,reason,130,INVALID_OPTION -X509V3,reason,131,INVALID_POLICY_IDENTIFIER -X509V3,reason,132,INVALID_PROXY_POLICY_SETTING -X509V3,reason,133,INVALID_PURPOSE -X509V3,reason,134,INVALID_SECTION -X509V3,reason,135,INVALID_SYNTAX -X509V3,reason,136,ISSUER_DECODE_ERROR -X509V3,reason,137,MISSING_VALUE -X509V3,reason,138,NEED_ORGANIZATION_AND_NUMBERS -X509V3,reason,139,NO_CONFIG_DATABASE -X509V3,reason,140,NO_ISSUER_CERTIFICATE -X509V3,reason,141,NO_ISSUER_DETAILS -X509V3,reason,142,NO_POLICY_IDENTIFIER -X509V3,reason,143,NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED -X509V3,reason,144,NO_PUBLIC_KEY -X509V3,reason,145,NO_SUBJECT_DETAILS -X509V3,reason,146,ODD_NUMBER_OF_DIGITS -X509V3,reason,147,OPERATION_NOT_DEFINED -X509V3,reason,148,OTHERNAME_ERROR -X509V3,reason,149,POLICY_LANGUAGE_ALREADY_DEFINED -X509V3,reason,150,POLICY_PATH_LENGTH -X509V3,reason,151,POLICY_PATH_LENGTH_ALREADY_DEFINED -X509V3,reason,152,POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY -X509V3,reason,153,SECTION_NOT_FOUND -X509V3,reason,154,UNABLE_TO_GET_ISSUER_DETAILS -X509V3,reason,155,UNABLE_TO_GET_ISSUER_KEYID -X509V3,reason,156,UNKNOWN_BIT_STRING_ARGUMENT -X509V3,reason,157,UNKNOWN_EXTENSION -X509V3,reason,158,UNKNOWN_EXTENSION_NAME -X509V3,reason,159,UNKNOWN_OPTION -X509V3,reason,160,UNSUPPORTED_OPTION -X509V3,reason,161,UNSUPPORTED_TYPE -X509V3,reason,162,USER_TOO_LONG +X509V3,100,BAD_IP_ADDRESS +X509V3,101,BAD_OBJECT +X509V3,102,BN_DEC2BN_ERROR +X509V3,103,BN_TO_ASN1_INTEGER_ERROR +X509V3,104,CANNOT_FIND_FREE_FUNCTION +X509V3,105,DIRNAME_ERROR +X509V3,106,DISTPOINT_ALREADY_SET +X509V3,107,DUPLICATE_ZONE_ID +X509V3,108,ERROR_CONVERTING_ZONE +X509V3,109,ERROR_CREATING_EXTENSION +X509V3,110,ERROR_IN_EXTENSION +X509V3,111,EXPECTED_A_SECTION_NAME +X509V3,112,EXTENSION_EXISTS +X509V3,113,EXTENSION_NAME_ERROR +X509V3,114,EXTENSION_NOT_FOUND +X509V3,115,EXTENSION_SETTING_NOT_SUPPORTED +X509V3,116,EXTENSION_VALUE_ERROR +X509V3,117,ILLEGAL_EMPTY_EXTENSION +X509V3,118,ILLEGAL_HEX_DIGIT +X509V3,119,INCORRECT_POLICY_SYNTAX_TAG +X509V3,120,INVALID_BOOLEAN_STRING +X509V3,121,INVALID_EXTENSION_STRING +X509V3,122,INVALID_MULTIPLE_RDNS +X509V3,123,INVALID_NAME +X509V3,124,INVALID_NULL_ARGUMENT +X509V3,125,INVALID_NULL_NAME +X509V3,126,INVALID_NULL_VALUE +X509V3,127,INVALID_NUMBER +X509V3,128,INVALID_NUMBERS +X509V3,129,INVALID_OBJECT_IDENTIFIER +X509V3,130,INVALID_OPTION +X509V3,131,INVALID_POLICY_IDENTIFIER +X509V3,132,INVALID_PROXY_POLICY_SETTING +X509V3,133,INVALID_PURPOSE +X509V3,134,INVALID_SECTION +X509V3,135,INVALID_SYNTAX +X509V3,136,ISSUER_DECODE_ERROR +X509V3,137,MISSING_VALUE +X509V3,138,NEED_ORGANIZATION_AND_NUMBERS +X509V3,139,NO_CONFIG_DATABASE +X509V3,140,NO_ISSUER_CERTIFICATE +X509V3,141,NO_ISSUER_DETAILS +X509V3,142,NO_POLICY_IDENTIFIER +X509V3,143,NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED +X509V3,144,NO_PUBLIC_KEY +X509V3,145,NO_SUBJECT_DETAILS +X509V3,146,ODD_NUMBER_OF_DIGITS +X509V3,147,OPERATION_NOT_DEFINED +X509V3,148,OTHERNAME_ERROR +X509V3,149,POLICY_LANGUAGE_ALREADY_DEFINED +X509V3,150,POLICY_PATH_LENGTH +X509V3,151,POLICY_PATH_LENGTH_ALREADY_DEFINED +X509V3,152,POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY +X509V3,153,SECTION_NOT_FOUND +X509V3,154,UNABLE_TO_GET_ISSUER_DETAILS +X509V3,155,UNABLE_TO_GET_ISSUER_KEYID +X509V3,156,UNKNOWN_BIT_STRING_ARGUMENT +X509V3,157,UNKNOWN_EXTENSION +X509V3,158,UNKNOWN_EXTENSION_NAME +X509V3,159,UNKNOWN_OPTION +X509V3,160,UNSUPPORTED_OPTION +X509V3,161,UNSUPPORTED_TYPE +X509V3,162,USER_TOO_LONG diff --git a/src/crypto/evp/CMakeLists.txt b/src/crypto/evp/CMakeLists.txt index 5769fa4..5d2e918 100644 --- a/src/crypto/evp/CMakeLists.txt +++ b/src/crypto/evp/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( evp @@ -6,15 +6,13 @@ add_library( OBJECT algorithm.c - asn1.c digestsign.c evp.c + evp_asn1.c evp_ctx.c p_dsa_asn1.c p_ec.c p_ec_asn1.c - p_hmac.c - p_hmac_asn1.c p_rsa.c p_rsa_asn1.c pbkdf.c diff --git a/src/crypto/evp/algorithm.c b/src/crypto/evp/algorithm.c index ea28dfa..63bc77a 100644 --- a/src/crypto/evp/algorithm.c +++ b/src/crypto/evp/algorithm.c @@ -74,8 +74,7 @@ int EVP_DigestSignAlgorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) { digest = EVP_MD_CTX_md(ctx); pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); if (!digest || !pkey) { - OPENSSL_PUT_ERROR(EVP, EVP_DigestSignAlgorithm, - EVP_R_CONTEXT_NOT_INITIALISED); + OPENSSL_PUT_ERROR(EVP, EVP_R_CONTEXT_NOT_INITIALISED); return 0; } @@ -97,8 +96,7 @@ int EVP_DigestSignAlgorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) { * that. */ if (!OBJ_find_sigid_by_algs(&sign_nid, EVP_MD_type(digest), pkey->ameth->pkey_id)) { - OPENSSL_PUT_ERROR(EVP, EVP_DigestSignAlgorithm, - EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(EVP, EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } @@ -122,24 +120,21 @@ int EVP_DigestVerifyInitFromAlgorithm(EVP_MD_CTX *ctx, /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(algor->algorithm), &digest_nid, &pkey_nid)) { - OPENSSL_PUT_ERROR(EVP, EVP_DigestVerifyInitFromAlgorithm, - EVP_R_UNKNOWN_SIGNATURE_ALGORITHM); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_SIGNATURE_ALGORITHM); return 0; } /* Check public key OID matches public key type */ ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); if (ameth == NULL || ameth->pkey_id != pkey->ameth->pkey_id) { - OPENSSL_PUT_ERROR(EVP, EVP_DigestVerifyInitFromAlgorithm, - EVP_R_WRONG_PUBLIC_KEY_TYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_WRONG_PUBLIC_KEY_TYPE); return 0; } /* NID_undef signals that there are custom parameters to set. */ if (digest_nid == NID_undef) { if (!pkey->ameth || !pkey->ameth->digest_verify_init_from_algorithm) { - OPENSSL_PUT_ERROR(EVP, EVP_DigestVerifyInitFromAlgorithm, - EVP_R_UNKNOWN_SIGNATURE_ALGORITHM); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_SIGNATURE_ALGORITHM); return 0; } @@ -149,8 +144,7 @@ int EVP_DigestVerifyInitFromAlgorithm(EVP_MD_CTX *ctx, /* Otherwise, initialize with the digest from the OID. */ digest = EVP_get_digestbynid(digest_nid); if (digest == NULL) { - OPENSSL_PUT_ERROR(EVP, EVP_DigestVerifyInitFromAlgorithm, - EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); return 0; } diff --git a/src/crypto/evp/digestsign.c b/src/crypto/evp/digestsign.c index c163d40..ccb4de4 100644 --- a/src/crypto/evp/digestsign.c +++ b/src/crypto/evp/digestsign.c @@ -62,17 +62,9 @@ #include "../digest/internal.h" -/* md_begin_digset is a callback from the |EVP_MD_CTX| code that is called when - * a new digest is begun. */ -static int md_begin_digest(EVP_MD_CTX *ctx) { - return EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); -} - static const struct evp_md_pctx_ops md_pctx_ops = { EVP_PKEY_CTX_free, EVP_PKEY_CTX_dup, - md_begin_digest, }; static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, @@ -91,26 +83,16 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } if (type == NULL) { - OPENSSL_PUT_ERROR(EVP, do_sigver_init, EVP_R_NO_DEFAULT_DIGEST); + OPENSSL_PUT_ERROR(EVP, EVP_R_NO_DEFAULT_DIGEST); return 0; } if (is_verify) { - if (ctx->pctx->pmeth->verifyctx_init) { - if (!ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx)) { - return 0; - } - ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; - } else if (!EVP_PKEY_verify_init(ctx->pctx)) { + if (!EVP_PKEY_verify_init(ctx->pctx)) { return 0; } } else { - if (ctx->pctx->pmeth->signctx_init) { - if (!ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx)) { - return 0; - } - ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; - } else if (!EVP_PKEY_sign_init(ctx->pctx)) { + if (!EVP_PKEY_sign_init(ctx->pctx)) { return 0; } } @@ -146,59 +128,37 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) { int EVP_DigestSignFinal(EVP_MD_CTX *ctx, uint8_t *out_sig, size_t *out_sig_len) { - int r = 0; - const int has_signctx = ctx->pctx->pmeth->signctx != NULL; - if (out_sig) { EVP_MD_CTX tmp_ctx; + int ret; uint8_t md[EVP_MAX_MD_SIZE]; unsigned int mdlen; EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) { - return 0; - } - if (has_signctx) { - r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, out_sig, out_sig_len, &tmp_ctx); - } else { - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - if (r) { - r = EVP_PKEY_sign(ctx->pctx, out_sig, out_sig_len, md, mdlen); - } - } + ret = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) && + EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen) && + EVP_PKEY_sign(ctx->pctx, out_sig, out_sig_len, md, mdlen); EVP_MD_CTX_cleanup(&tmp_ctx); - return r; + + return ret; } else { - if (has_signctx) { - return ctx->pctx->pmeth->signctx(ctx->pctx, out_sig, out_sig_len, ctx); - } else { - size_t s = EVP_MD_size(ctx->digest); - return EVP_PKEY_sign(ctx->pctx, out_sig, out_sig_len, NULL, s); - } + size_t s = EVP_MD_size(ctx->digest); + return EVP_PKEY_sign(ctx->pctx, out_sig, out_sig_len, NULL, s); } } int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len) { EVP_MD_CTX tmp_ctx; + int ret; uint8_t md[EVP_MAX_MD_SIZE]; - int r; unsigned int mdlen; EVP_MD_CTX_init(&tmp_ctx); - if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) { - return 0; - } - if (ctx->pctx->pmeth->verifyctx) { - r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, sig, sig_len, &tmp_ctx); - } else { - r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); - if (r) { - r = EVP_PKEY_verify(ctx->pctx, sig, sig_len, md, mdlen); - } - } - + ret = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) && + EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen) && + EVP_PKEY_verify(ctx->pctx, sig, sig_len, md, mdlen); EVP_MD_CTX_cleanup(&tmp_ctx); - return r; + return ret; } diff --git a/src/crypto/evp/evp.c b/src/crypto/evp/evp.c index 0ad5c27..5822379 100644 --- a/src/crypto/evp/evp.c +++ b/src/crypto/evp/evp.c @@ -75,7 +75,6 @@ extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth; extern const EVP_PKEY_ASN1_METHOD ec_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth; EVP_PKEY *EVP_PKEY_new(void) { @@ -83,7 +82,7 @@ EVP_PKEY *EVP_PKEY_new(void) { ret = OPENSSL_malloc(sizeof(EVP_PKEY)); if (ret == NULL) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); return NULL; } @@ -159,12 +158,12 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { if (to->type != from->type) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_copy_parameters, EVP_R_DIFFERENT_KEY_TYPES); + OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES); goto err; } if (EVP_PKEY_missing_parameters(from)) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_copy_parameters, EVP_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS); goto err; } @@ -207,8 +206,6 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pengine, int nid) { case EVP_PKEY_RSA: case EVP_PKEY_RSA2: return &rsa_asn1_meth; - case EVP_PKEY_HMAC: - return &hmac_asn1_meth; case EVP_PKEY_EC: return &ec_asn1_meth; case EVP_PKEY_DSA: @@ -226,32 +223,6 @@ int EVP_PKEY_type(int nid) { return meth->pkey_id; } -EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const uint8_t *mac_key, - size_t mac_key_len) { - EVP_PKEY_CTX *mac_ctx = NULL; - EVP_PKEY *ret = NULL; - - mac_ctx = EVP_PKEY_CTX_new_id(type, e); - if (!mac_ctx) { - return NULL; - } - - if (!EVP_PKEY_keygen_init(mac_ctx) || - !EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, mac_key_len, - (uint8_t *)mac_key) || - !EVP_PKEY_keygen(mac_ctx, &ret)) { - ret = NULL; - goto merr; - } - -merr: - if (mac_ctx) { - EVP_PKEY_CTX_free(mac_ctx); - } - return ret; -} - int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) { if (EVP_PKEY_assign_RSA(pkey, key)) { RSA_up_ref(key); @@ -266,7 +237,7 @@ int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) { RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_RSA) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_get1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); + OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } RSA_up_ref(pkey->pkey.rsa); @@ -287,7 +258,7 @@ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key) { DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_DSA) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_get1_DSA, EVP_R_EXPECTING_A_DSA_KEY); + OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DSA_KEY); return NULL; } DSA_up_ref(pkey->pkey.dsa); @@ -308,7 +279,7 @@ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) { EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_EC) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_get1_EC_KEY, EVP_R_EXPECTING_AN_EC_KEY_KEY); + OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_EC_KEY_KEY); return NULL; } EC_KEY_up_ref(pkey->pkey.ec); @@ -329,7 +300,7 @@ int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key) { DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_DH) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_get1_DH, EVP_R_EXPECTING_A_DH_KEY); + OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DH_KEY); return NULL; } DH_up_ref(pkey->pkey.dh); @@ -349,10 +320,10 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pengine, size_t len) { if (len == 3 && memcmp(name, "RSA", 3) == 0) { return &rsa_asn1_meth; - } else if (len == 4 && memcmp(name, "HMAC", 4) == 0) { - return &hmac_asn1_meth; } if (len == 2 && memcmp(name, "EC", 2) == 0) { return &ec_asn1_meth; + } else if (len == 3 && memcmp(name, "DSA", 3) == 0) { + return &dsa_asn1_meth; } return NULL; } @@ -366,7 +337,7 @@ int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) { ameth = EVP_PKEY_asn1_find(NULL, type); if (ameth == NULL) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_set_type, EVP_R_UNSUPPORTED_ALGORITHM); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); ERR_add_error_dataf("algorithm %d (%s)", type, OBJ_nid2sn(type)); return 0; } @@ -436,10 +407,6 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) { 0, (void *)out_md); } -EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey) { - return EVP_PKEY_up_ref(pkey); -} - void OpenSSL_add_all_algorithms(void) {} void OpenSSL_add_all_ciphers(void) {} diff --git a/src/crypto/evp/asn1.c b/src/crypto/evp/evp_asn1.c index 3df9f52..356c62b 100644 --- a/src/crypto/evp/asn1.c +++ b/src/crypto/evp/evp_asn1.c @@ -71,7 +71,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp, if (out == NULL || *out == NULL) { ret = EVP_PKEY_new(); if (ret == NULL) { - OPENSSL_PUT_ERROR(EVP, d2i_PrivateKey, ERR_R_EVP_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EVP_LIB); return NULL; } } else { @@ -79,7 +79,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp, } if (!EVP_PKEY_set_type(ret, type)) { - OPENSSL_PUT_ERROR(EVP, d2i_PrivateKey, EVP_R_UNKNOWN_PUBLIC_KEY_TYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_PUBLIC_KEY_TYPE); goto err; } @@ -94,7 +94,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out, const uint8_t **inp, ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); } else { - OPENSSL_PUT_ERROR(EVP, d2i_PrivateKey, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_ASN1_LIB); goto err; } } @@ -134,8 +134,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) { sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); if (!p8) { - OPENSSL_PUT_ERROR(EVP, d2i_AutoPrivateKey, - EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return NULL; } ret = EVP_PKCS82PKEY(p8); @@ -161,7 +160,7 @@ int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp) { case EVP_PKEY_EC: return i2o_ECPublicKey(key->pkey.ec, outp); default: - OPENSSL_PUT_ERROR(EVP, i2d_PublicKey, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return -1; } } diff --git a/src/crypto/evp/evp_ctx.c b/src/crypto/evp/evp_ctx.c index 9f42274..a8e71fe 100644 --- a/src/crypto/evp/evp_ctx.c +++ b/src/crypto/evp/evp_ctx.c @@ -67,12 +67,10 @@ extern const EVP_PKEY_METHOD rsa_pkey_meth; -extern const EVP_PKEY_METHOD hmac_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth; static const EVP_PKEY_METHOD *const evp_methods[] = { &rsa_pkey_meth, - &hmac_pkey_meth, &ec_pkey_meth, }; @@ -102,7 +100,7 @@ static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { pmeth = evp_pkey_meth_find(id); if (pmeth == NULL) { - OPENSSL_PUT_ERROR(EVP, evp_pkey_ctx_new, EVP_R_UNSUPPORTED_ALGORITHM); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM); const char *name = OBJ_nid2sn(id); ERR_add_error_dataf("algorithm %d (%s)", id, name); return NULL; @@ -110,7 +108,7 @@ static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); if (!ret) { - OPENSSL_PUT_ERROR(EVP, evp_pkey_ctx_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); return NULL; } memset(ret, 0, sizeof(EVP_PKEY_CTX)); @@ -192,7 +190,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) { err: EVP_PKEY_CTX_free(rctx); - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_dup, ERR_LIB_EVP); + OPENSSL_PUT_ERROR(EVP, ERR_LIB_EVP); return NULL; } @@ -207,7 +205,7 @@ void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) { return ctx->app_data; } int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED); return 0; } if (keytype != -1 && ctx->pmeth->pkey_id != keytype) { @@ -215,12 +213,12 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, } if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_NO_OPERATION_SET); + OPENSSL_PUT_ERROR(EVP, EVP_R_NO_OPERATION_SET); return 0; } if (optype != -1 && !(ctx->operation & optype)) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_INVALID_OPERATION); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_OPERATION); return 0; } @@ -229,8 +227,7 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) { if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_sign_init, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } @@ -250,12 +247,11 @@ int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) { int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *sig_len, const uint8_t *data, size_t data_len) { if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_sign, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } if (ctx->operation != EVP_PKEY_OP_SIGN) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_sign, EVP_R_OPERATON_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED); return 0; } return ctx->pmeth->sign(ctx, sig, sig_len, data, data_len); @@ -263,8 +259,7 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *sig_len, int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) { if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_verify_init, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } ctx->operation = EVP_PKEY_OP_VERIFY; @@ -282,12 +277,11 @@ int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) { int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t sig_len, const uint8_t *data, size_t data_len) { if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_verify, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } if (ctx->operation != EVP_PKEY_OP_VERIFY) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_verify, EVP_R_OPERATON_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED); return 0; } return ctx->pmeth->verify(ctx, sig, sig_len, data, data_len); @@ -295,8 +289,7 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t sig_len, int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) { if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_encrypt_init, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } ctx->operation = EVP_PKEY_OP_ENCRYPT; @@ -313,12 +306,11 @@ int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) { int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, const uint8_t *in, size_t inlen) { if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_encrypt, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_encrypt, EVP_R_OPERATON_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED); return 0; } return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); @@ -326,8 +318,7 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) { if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_decrypt_init, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } ctx->operation = EVP_PKEY_OP_DECRYPT; @@ -344,12 +335,11 @@ int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) { int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, const uint8_t *in, size_t inlen) { if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_decrypt, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } if (ctx->operation != EVP_PKEY_OP_DECRYPT) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_decrypt, EVP_R_OPERATON_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED); return 0; } return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); @@ -357,8 +347,7 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) { if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_init, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } ctx->operation = EVP_PKEY_OP_DERIVE; @@ -377,15 +366,13 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) { if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt) || !ctx->pmeth->ctrl) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } if (ctx->operation != EVP_PKEY_OP_DERIVE && ctx->operation != EVP_PKEY_OP_ENCRYPT && ctx->operation != EVP_PKEY_OP_DECRYPT) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, - EVP_R_OPERATON_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED); return 0; } @@ -400,12 +387,12 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) { } if (!ctx->pkey) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, EVP_R_NO_KEY_SET); + OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET); return 0; } if (ctx->pkey->type != peer->type) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, EVP_R_DIFFERENT_KEY_TYPES); + OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES); return 0; } @@ -416,8 +403,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) { * -2 is OK for us here, as well as 1, so we can check for 0 only. */ if (!EVP_PKEY_missing_parameters(peer) && !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, - EVP_R_DIFFERENT_PARAMETERS); + OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_PARAMETERS); return 0; } @@ -437,12 +423,11 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) { int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *out_key_len) { if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } if (ctx->operation != EVP_PKEY_OP_DERIVE) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive, EVP_R_OPERATON_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED); return 0; } return ctx->pmeth->derive(ctx, key, out_key_len); @@ -450,8 +435,7 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *out_key_len) { int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) { if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen_init, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } ctx->operation = EVP_PKEY_OP_KEYGEN; @@ -467,12 +451,11 @@ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) { int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return 0; } if (ctx->operation != EVP_PKEY_OP_KEYGEN) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen, EVP_R_OPERATON_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATON_NOT_INITIALIZED); return 0; } @@ -483,7 +466,7 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { if (!*ppkey) { *ppkey = EVP_PKEY_new(); if (!*ppkey) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen, ERR_LIB_EVP); + OPENSSL_PUT_ERROR(EVP, ERR_LIB_EVP); return 0; } } diff --git a/src/crypto/evp/evp_extra_test.cc b/src/crypto/evp/evp_extra_test.cc index 674547d..9c955fa 100644 --- a/src/crypto/evp/evp_extra_test.cc +++ b/src/crypto/evp/evp_extra_test.cc @@ -322,8 +322,8 @@ static const uint8_t kExampleBadECKeyDER[] = { }; static ScopedEVP_PKEY LoadExampleRSAKey() { - const uint8_t *derp = kExampleRSAKeyDER; - ScopedRSA rsa(d2i_RSAPrivateKey(nullptr, &derp, sizeof(kExampleRSAKeyDER))); + ScopedRSA rsa(RSA_private_key_from_bytes(kExampleRSAKeyDER, + sizeof(kExampleRSAKeyDER))); if (!rsa) { return nullptr; } diff --git a/src/crypto/evp/evp_test.cc b/src/crypto/evp/evp_test.cc index 239f868..c7ac908 100644 --- a/src/crypto/evp/evp_test.cc +++ b/src/crypto/evp/evp_test.cc @@ -56,10 +56,19 @@ #include <stdlib.h> #include <string.h> +#if defined(_MSC_VER) +#pragma warning(push) +#pragma warning(disable: 4702) +#endif + #include <map> #include <string> #include <vector> +#if defined(_MSC_VER) +#pragma warning(pop) +#endif + #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/digest.h> @@ -72,11 +81,10 @@ #include "../test/stl_compat.h" -// evp_test dispatches between multiple test types. HMAC tests test the legacy -// EVP_PKEY_HMAC API. PrivateKey tests take a key name parameter and single -// block, decode it as a PEM private key, and save it under that key name. -// Decrypt, Sign, and Verify tests take a previously imported key name as -// parameter and test their respective operations. +// evp_test dispatches between multiple test types. PrivateKey tests take a key +// name parameter and single block, decode it as a PEM private key, and save it +// under that key name. Decrypt, Sign, and Verify tests take a previously +// imported key name as parameter and test their respective operations. static const EVP_MD *GetDigest(FileTest *t, const std::string &name) { if (name == "MD5") { @@ -120,54 +128,10 @@ static bool ImportPrivateKey(FileTest *t, KeyMap *key_map) { return true; } -static bool TestHMAC(FileTest *t) { - std::string digest_str; - if (!t->GetAttribute(&digest_str, "HMAC")) { - return false; - } - const EVP_MD *digest = GetDigest(t, digest_str); - if (digest == nullptr) { - return false; - } - - std::vector<uint8_t> key, input, output; - if (!t->GetBytes(&key, "Key") || - !t->GetBytes(&input, "Input") || - !t->GetBytes(&output, "Output")) { - return false; - } - - ScopedEVP_PKEY pkey(EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, nullptr, - bssl::vector_data(&key), - key.size())); - ScopedEVP_MD_CTX mctx; - if (!pkey || - !EVP_DigestSignInit(mctx.get(), nullptr, digest, nullptr, pkey.get()) || - !EVP_DigestSignUpdate(mctx.get(), bssl::vector_data(&input), - input.size())) { - return false; - } - - size_t len; - std::vector<uint8_t> actual; - if (!EVP_DigestSignFinal(mctx.get(), nullptr, &len)) { - return false; - } - actual.resize(len); - if (!EVP_DigestSignFinal(mctx.get(), bssl::vector_data(&actual), &len)) { - return false; - } - actual.resize(len); - return t->ExpectBytesEqual(bssl::vector_data(&output), output.size(), - bssl::vector_data(&actual), actual.size()); -} - static bool TestEVP(FileTest *t, void *arg) { KeyMap *key_map = reinterpret_cast<KeyMap*>(arg); if (t->GetType() == "PrivateKey") { return ImportPrivateKey(t, key_map); - } else if (t->GetType() == "HMAC") { - return TestHMAC(t); } int (*key_op_init)(EVP_PKEY_CTX *ctx); @@ -219,7 +183,7 @@ static bool TestEVP(FileTest *t, void *arg) { bssl::vector_data(&input), input.size())) { // ECDSA sometimes doesn't push an error code. Push one on the error queue // so it's distinguishable from other errors. - ERR_put_error(ERR_LIB_USER, 0, ERR_R_EVP_LIB, __FILE__, __LINE__); + OPENSSL_PUT_ERROR(USER, ERR_R_EVP_LIB); return false; } return true; diff --git a/src/crypto/evp/evp_tests.txt b/src/crypto/evp/evp_tests.txt index cccfa4f..97ddaa0 100644 --- a/src/crypto/evp/evp_tests.txt +++ b/src/crypto/evp/evp_tests.txt @@ -163,12 +163,11 @@ Digest = SHA1 Input = "0123456789ABCDEF1234" Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800 # This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. -Error = public key routines +Error = BAD_SIGNATURE # BER signature Verify = P-256 Digest = SHA1 Input = "0123456789ABCDEF1234" Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 -# This operation fails without an error code, so ERR_R_EVP_LIB is surfaced. -Error = public key routines +Error = BAD_SIGNATURE diff --git a/src/crypto/evp/internal.h b/src/crypto/evp/internal.h index 08a7bfb..60881e3 100644 --- a/src/crypto/evp/internal.h +++ b/src/crypto/evp/internal.h @@ -89,8 +89,7 @@ struct evp_pkey_asn1_method_st { int pkey_base_id; unsigned long pkey_flags; - char *pem_str; - char *info; + const char *pem_str; int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub); int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk); @@ -115,8 +114,8 @@ struct evp_pkey_asn1_method_st { int (*pkey_size)(const EVP_PKEY *pk); int (*pkey_bits)(const EVP_PKEY *pk); - int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen); - int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder); + int (*param_decode)(EVP_PKEY *pkey, const uint8_t **pder, int derlen); + int (*param_encode)(const EVP_PKEY *pkey, uint8_t **pder); int (*param_missing)(const EVP_PKEY *pk); int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); @@ -130,9 +129,9 @@ struct evp_pkey_asn1_method_st { /* Legacy functions for old PEM */ - int (*old_priv_decode)(EVP_PKEY *pkey, const unsigned char **pder, + int (*old_priv_decode)(EVP_PKEY *pkey, const uint8_t **pder, int derlen); - int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder); + int (*old_priv_encode)(const EVP_PKEY *pkey, uint8_t **pder); /* Converting parameters to/from AlgorithmIdentifier (X509_ALGOR). */ int (*digest_verify_init_from_algorithm)(EVP_MD_CTX *ctx, @@ -153,15 +152,12 @@ typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); #define EVP_PKEY_OP_SIGN (1 << 3) #define EVP_PKEY_OP_VERIFY (1 << 4) #define EVP_PKEY_OP_VERIFYRECOVER (1 << 5) -#define EVP_PKEY_OP_SIGNCTX (1 << 6) -#define EVP_PKEY_OP_VERIFYCTX (1 << 7) -#define EVP_PKEY_OP_ENCRYPT (1 << 8) -#define EVP_PKEY_OP_DECRYPT (1 << 9) -#define EVP_PKEY_OP_DERIVE (1 << 10) +#define EVP_PKEY_OP_ENCRYPT (1 << 6) +#define EVP_PKEY_OP_DECRYPT (1 << 7) +#define EVP_PKEY_OP_DERIVE (1 << 8) #define EVP_PKEY_OP_TYPE_SIG \ - (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER | \ - EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER) #define EVP_PKEY_OP_TYPE_CRYPT (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) @@ -181,13 +177,8 @@ typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2); -/* EVP_PKEY_CTRL_DIGESTINIT is an internal value. It's called by - * EVP_DigestInit_ex to signal the |EVP_PKEY| that a digest operation is - * starting. - * - * TODO(davidben): This is only needed to support the deprecated HMAC |EVP_PKEY| - * types. */ -#define EVP_PKEY_CTRL_DIGESTINIT 3 +#define EVP_PKEY_CTRL_MD 1 +#define EVP_PKEY_CTRL_GET_MD 2 /* EVP_PKEY_CTRL_PEER_KEY is called with different values of |p1|: * 0: Is called from |EVP_PKEY_derive_set_peer| and |p2| contains a peer key. @@ -198,21 +189,12 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, * (EC)DH always return one in this case. * 3: Is called with |p2| == NULL to set whether the peer's key was used. * (EC)DH always return one in this case. This was only used for GOST. */ -#define EVP_PKEY_CTRL_PEER_KEY 4 - -/* EVP_PKEY_CTRL_SET_MAC_KEY sets a MAC key. For example, this can be done an - * |EVP_PKEY_CTX| prior to calling |EVP_PKEY_keygen| in order to generate an - * HMAC |EVP_PKEY| with the given key. It returns one on success and zero on - * error. */ -#define EVP_PKEY_CTRL_SET_MAC_KEY 5 +#define EVP_PKEY_CTRL_PEER_KEY 3 /* EVP_PKEY_ALG_CTRL is the base value from which key-type specific ctrl * commands are numbered. */ #define EVP_PKEY_ALG_CTRL 0x1000 -#define EVP_PKEY_CTRL_MD 1 -#define EVP_PKEY_CTRL_GET_MD 2 - #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) #define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 2) #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 3) @@ -260,34 +242,25 @@ struct evp_pkey_method_st { int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); int (*sign_init)(EVP_PKEY_CTX *ctx); - int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); + int (*sign)(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, + const uint8_t *tbs, size_t tbslen); int (*verify_init)(EVP_PKEY_CTX *ctx); - int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); - - int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx); - - int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx); + int (*verify)(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, + const uint8_t *tbs, size_t tbslen); int (*encrypt_init)(EVP_PKEY_CTX *ctx); - int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); + int (*encrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, + const uint8_t *in, size_t inlen); int (*decrypt_init)(EVP_PKEY_CTX *ctx); - int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); + int (*decrypt)(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, + const uint8_t *in, size_t inlen); int (*derive_init)(EVP_PKEY_CTX *ctx); - int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + int (*derive)(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen); int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); - int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value); } /* EVP_PKEY_METHOD */; diff --git a/src/crypto/evp/p_dsa_asn1.c b/src/crypto/evp/p_dsa_asn1.c index 826d4e4..4790cf6 100644 --- a/src/crypto/evp/p_dsa_asn1.c +++ b/src/crypto/evp/p_dsa_asn1.c @@ -91,29 +91,29 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { dsa = d2i_DSAparams(NULL, &pm, pmlen); if (dsa == NULL) { - OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) { dsa = DSA_new(); if (dsa == NULL) { - OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } } else { - OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_PARAMETER_ENCODING_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_PARAMETER_ENCODING_ERROR); goto err; } public_key = d2i_ASN1_INTEGER(NULL, &p, pklen); if (public_key == NULL) { - OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL); if (dsa->pub_key == NULL) { - OPENSSL_PUT_ERROR(EVP, dsa_pub_decode, EVP_R_BN_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_BN_DECODE_ERROR); goto err; } @@ -140,12 +140,12 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { if (dsa->p && dsa->q && dsa->g) { pval = ASN1_STRING_new(); if (!pval) { - OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } pval->length = i2d_DSAparams(dsa, &pval->data); if (pval->length <= 0) { - OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } ptype = V_ASN1_SEQUENCE; @@ -155,7 +155,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { penclen = i2d_DSAPublicKey(dsa, &penc); if (penclen <= 0) { - OPENSSL_PUT_ERROR(EVP, dsa_pub_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } @@ -252,23 +252,23 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { /* We have parameters. Now set private key */ dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL); if (dsa->priv_key == NULL) { - OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_LIB_BN); + OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN); goto dsaerr; } /* Calculate public key. */ dsa->pub_key = BN_new(); if (dsa->pub_key == NULL) { - OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto dsaerr; } ctx = BN_CTX_new(); if (ctx == NULL) { - OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { - OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, ERR_LIB_BN); + OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN); goto dsaerr; } @@ -280,7 +280,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { return 1; decerr: - OPENSSL_PUT_ERROR(EVP, dsa_priv_decode, EVP_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); dsaerr: BN_CTX_free(ctx); @@ -297,19 +297,19 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { int dplen; if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) { - OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, EVP_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS); goto err; } params = ASN1_STRING_new(); if (!params) { - OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); if (params->length <= 0) { - OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } params->type = V_ASN1_SEQUENCE; @@ -318,13 +318,14 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); if (!prkey) { - OPENSSL_PUT_ERROR(EVP, dsa_priv_encode, ERR_LIB_BN); + OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN); goto err; } dplen = i2d_ASN1_INTEGER(prkey, &dp); ASN1_INTEGER_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) { @@ -437,7 +438,7 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) { m = (uint8_t *)OPENSSL_malloc(buf_len + 10); if (m == NULL) { - OPENSSL_PUT_ERROR(EVP, do_dsa_print, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } @@ -466,7 +467,7 @@ static int dsa_param_decode(EVP_PKEY *pkey, const uint8_t **pder, int derlen) { DSA *dsa; dsa = d2i_DSAparams(NULL, pder, derlen); if (dsa == NULL) { - OPENSSL_PUT_ERROR(EVP, dsa_param_decode, ERR_R_DSA_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_DSA_LIB); return 0; } EVP_PKEY_assign_DSA(pkey, dsa); @@ -497,7 +498,7 @@ static int old_dsa_priv_decode(EVP_PKEY *pkey, const uint8_t **pder, DSA *dsa; dsa = d2i_DSAPrivateKey(NULL, pder, derlen); if (dsa == NULL) { - OPENSSL_PUT_ERROR(EVP, old_dsa_priv_decode, ERR_R_DSA_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_DSA_LIB); return 0; } EVP_PKEY_assign_DSA(pkey, dsa); @@ -531,7 +532,7 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, update_buflen(dsa_sig->s, &buf_len); m = OPENSSL_malloc(buf_len + 10); if (m == NULL) { - OPENSSL_PUT_ERROR(EVP, dsa_sig_print, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } @@ -554,7 +555,6 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meth = { 0, "DSA", - "OpenSSL DSA method", dsa_pub_decode, dsa_pub_encode, diff --git a/src/crypto/evp/p_ec.c b/src/crypto/evp/p_ec.c index 73c00d8..77f213d 100644 --- a/src/crypto/evp/p_ec.c +++ b/src/crypto/evp/p_ec.c @@ -125,25 +125,18 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) { static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, size_t tbslen) { - int type; unsigned int sltmp; - EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; if (!sig) { *siglen = ECDSA_size(ec); return 1; } else if (*siglen < (size_t)ECDSA_size(ec)) { - OPENSSL_PUT_ERROR(EVP, pkey_ec_sign, EVP_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); return 0; } - type = NID_sha1; - if (dctx->md) { - type = EVP_MD_type(dctx->md); - } - - if (!ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec)) { + if (!ECDSA_sign(0, tbs, tbslen, sig, &sltmp, ec)) { return 0; } *siglen = (size_t)sltmp; @@ -152,16 +145,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, const uint8_t *tbs, size_t tbslen) { - int type; - EC_PKEY_CTX *dctx = ctx->data; - EC_KEY *ec = ctx->pkey->pkey.ec; - - type = NID_sha1; - if (dctx->md) { - type = EVP_MD_type(dctx->md); - } - - return ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); + return ECDSA_verify(0, tbs, tbslen, sig, siglen, ctx->pkey->pkey.ec); } static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key, @@ -172,7 +156,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key, EC_KEY *eckey; if (!ctx->pkey || !ctx->peerkey) { - OPENSSL_PUT_ERROR(EVP, pkey_ec_derive, EVP_R_KEYS_NOT_SET); + OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); return 0; } @@ -207,7 +191,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: group = EC_GROUP_new_by_curve_name(p1); if (group == NULL) { - OPENSSL_PUT_ERROR(EVP, pkey_ec_ctrl, EVP_R_INVALID_CURVE); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_CURVE); return 0; } EC_GROUP_free(dctx->gen_group); @@ -221,7 +205,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { - OPENSSL_PUT_ERROR(EVP, pkey_ec_ctrl, EVP_R_INVALID_DIGEST_TYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_DIGEST_TYPE); return 0; } dctx->md = p2; @@ -232,12 +216,11 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { return 1; case EVP_PKEY_CTRL_PEER_KEY: - /* Default behaviour is OK */ - case EVP_PKEY_CTRL_DIGESTINIT: + /* Default behaviour is OK */ return 1; default: - OPENSSL_PUT_ERROR(EVP, pkey_ec_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED); return 0; } } @@ -248,7 +231,7 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { int ret = 0; if (dctx->gen_group == NULL) { - OPENSSL_PUT_ERROR(EVP, pkey_ec_paramgen, EVP_R_NO_PARAMETERS_SET); + OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET); return 0; } ec = EC_KEY_new(); @@ -268,7 +251,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { EC_KEY *ec = NULL; EC_PKEY_CTX *dctx = ctx->data; if (ctx->pkey == NULL && dctx->gen_group == NULL) { - OPENSSL_PUT_ERROR(EVP, pkey_ec_keygen, EVP_R_NO_PARAMETERS_SET); + OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET); return 0; } ec = EC_KEY_new(); @@ -290,12 +273,11 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { } const EVP_PKEY_METHOD ec_pkey_meth = { - EVP_PKEY_EC, 0 /* flags */, pkey_ec_init, - pkey_ec_copy, pkey_ec_cleanup, 0 /* paramgen_init */, - pkey_ec_paramgen, 0 /* keygen_init */, pkey_ec_keygen, - 0 /* sign_init */, pkey_ec_sign, 0 /* verify_init */, - pkey_ec_verify, 0 /* signctx_init */, 0 /* signctx */, - 0 /* verifyctx_init */, 0 /* verifyctx */, 0 /* encrypt_init */, - 0 /* encrypt */, 0 /* decrypt_init */, 0 /* decrypt */, - 0 /* derive_init */, pkey_ec_derive, pkey_ec_ctrl, + EVP_PKEY_EC, 0 /* flags */, pkey_ec_init, + pkey_ec_copy, pkey_ec_cleanup, 0 /* paramgen_init */, + pkey_ec_paramgen, 0 /* keygen_init */, pkey_ec_keygen, + 0 /* sign_init */, pkey_ec_sign, 0 /* verify_init */, + pkey_ec_verify, 0 /* encrypt_init */, 0 /* encrypt */, + 0 /* decrypt_init */, 0 /* decrypt */, 0 /* derive_init */, + pkey_ec_derive, pkey_ec_ctrl, }; diff --git a/src/crypto/evp/p_ec_asn1.c b/src/crypto/evp/p_ec_asn1.c index fbbf4e7..9867947 100644 --- a/src/crypto/evp/p_ec_asn1.c +++ b/src/crypto/evp/p_ec_asn1.c @@ -71,13 +71,13 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) { int nid; if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { - OPENSSL_PUT_ERROR(EVP, eckey_param2type, EVP_R_MISSING_PARAMETERS); + OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS); return 0; } nid = EC_GROUP_get_curve_name(group); if (nid == NID_undef) { - OPENSSL_PUT_ERROR(EVP, eckey_param2type, EVP_R_NO_NID_FOR_CURVE); + OPENSSL_PUT_ERROR(EVP, EVP_R_NO_NID_FOR_CURVE); return 0; } @@ -94,7 +94,7 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { int penclen; if (!eckey_param2type(&ptype, &pval, ec_key)) { - OPENSSL_PUT_ERROR(EVP, eckey_pub_encode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); return 0; } penclen = i2o_ECPublicKey(ec_key, NULL); @@ -137,7 +137,7 @@ static EC_KEY *eckey_type2param(int ptype, void *pval) { eckey = d2i_ECParameters(NULL, &pm, pmlen); if (eckey == NULL) { - OPENSSL_PUT_ERROR(EVP, eckey_type2param, EVP_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } } else if (ptype == V_ASN1_OBJECT) { @@ -150,7 +150,7 @@ static EC_KEY *eckey_type2param(int ptype, void *pval) { goto err; } } else { - OPENSSL_PUT_ERROR(EVP, eckey_type2param, EVP_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } @@ -177,13 +177,13 @@ static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { eckey = eckey_type2param(ptype, pval); if (!eckey) { - OPENSSL_PUT_ERROR(EVP, eckey_pub_decode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); return 0; } /* We have parameters now set public key */ if (!o2i_ECPublicKey(&eckey, &p, pklen)) { - OPENSSL_PUT_ERROR(EVP, eckey_pub_decode, EVP_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } @@ -232,7 +232,7 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { /* We have parameters now set private key */ if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { - OPENSSL_PUT_ERROR(EVP, eckey_priv_decode, EVP_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto ecerr; } @@ -246,23 +246,23 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { group = EC_KEY_get0_group(eckey); pub_key = EC_POINT_new(group); if (pub_key == NULL) { - OPENSSL_PUT_ERROR(EVP, eckey_priv_decode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); goto ecliberr; } if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { EC_POINT_free(pub_key); - OPENSSL_PUT_ERROR(EVP, eckey_priv_decode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); goto ecliberr; } priv_key = EC_KEY_get0_private_key(eckey); if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) { EC_POINT_free(pub_key); - OPENSSL_PUT_ERROR(EVP, eckey_priv_decode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); goto ecliberr; } if (EC_KEY_set_public_key(eckey, pub_key) == 0) { EC_POINT_free(pub_key); - OPENSSL_PUT_ERROR(EVP, eckey_priv_decode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); goto ecliberr; } EC_POINT_free(pub_key); @@ -272,7 +272,7 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { return 1; ecliberr: - OPENSSL_PUT_ERROR(EVP, eckey_priv_decode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); ecerr: if (eckey) { EC_KEY_free(eckey); @@ -290,7 +290,7 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { ec_key = pkey->pkey.ec; if (!eckey_param2type(&ptype, &pval, ec_key)) { - OPENSSL_PUT_ERROR(EVP, eckey_priv_encode, EVP_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; } @@ -304,20 +304,20 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { eplen = i2d_ECPrivateKey(ec_key, NULL); if (!eplen) { EC_KEY_set_enc_flags(ec_key, old_flags); - OPENSSL_PUT_ERROR(EVP, eckey_priv_encode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); return 0; } ep = (uint8_t *)OPENSSL_malloc(eplen); if (!ep) { EC_KEY_set_enc_flags(ec_key, old_flags); - OPENSSL_PUT_ERROR(EVP, eckey_priv_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); return 0; } p = ep; if (!i2d_ECPrivateKey(ec_key, &p)) { EC_KEY_set_enc_flags(ec_key, old_flags); OPENSSL_free(ep); - OPENSSL_PUT_ERROR(EVP, eckey_priv_encode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); return 0; } /* restore old encoding flags */ @@ -325,6 +325,7 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, ptype, pval, ep, eplen)) { + OPENSSL_free(ep); return 0; } @@ -478,7 +479,7 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) { err: if (!ret) { - OPENSSL_PUT_ERROR(EVP, do_EC_KEY_print, reason); + OPENSSL_PUT_ERROR(EVP, reason); } OPENSSL_free(pub_key_bytes); BN_free(order); @@ -491,7 +492,7 @@ static int eckey_param_decode(EVP_PKEY *pkey, const uint8_t **pder, int derlen) { EC_KEY *eckey; if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) { - OPENSSL_PUT_ERROR(EVP, eckey_param_decode, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB); return 0; } EVP_PKEY_assign_EC_KEY(pkey, eckey); @@ -526,7 +527,7 @@ static int old_ec_priv_decode(EVP_PKEY *pkey, const uint8_t **pder, int derlen) { EC_KEY *ec; if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) { - OPENSSL_PUT_ERROR(EVP, old_ec_priv_decode, EVP_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; } EVP_PKEY_assign_EC_KEY(pkey, ec); @@ -542,7 +543,6 @@ const EVP_PKEY_ASN1_METHOD ec_asn1_meth = { EVP_PKEY_EC, 0, "EC", - "OpenSSL EC algorithm", eckey_pub_decode, eckey_pub_encode, diff --git a/src/crypto/evp/p_hmac.c b/src/crypto/evp/p_hmac.c deleted file mode 100644 index 7d3254a..0000000 --- a/src/crypto/evp/p_hmac.c +++ /dev/null @@ -1,223 +0,0 @@ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2007. - */ -/* ==================================================================== - * Copyright (c) 2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#include <openssl/evp.h> - -#include <string.h> - -#include <openssl/asn1.h> -#include <openssl/err.h> -#include <openssl/hmac.h> -#include <openssl/mem.h> -#include <openssl/obj.h> - -#include "internal.h" -#include "../digest/internal.h" - - -typedef struct { - const EVP_MD *md; /* MD for HMAC use */ - ASN1_OCTET_STRING ktmp; /* Temp storage for key */ - HMAC_CTX ctx; -} HMAC_PKEY_CTX; - -static int pkey_hmac_init(EVP_PKEY_CTX *ctx) { - HMAC_PKEY_CTX *hctx; - hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); - if (!hctx) { - return 0; - } - memset(hctx, 0, sizeof(HMAC_PKEY_CTX)); - hctx->ktmp.type = V_ASN1_OCTET_STRING; - HMAC_CTX_init(&hctx->ctx); - - ctx->data = hctx; - - return 1; -} - -static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { - HMAC_PKEY_CTX *sctx, *dctx; - if (!pkey_hmac_init(dst)) { - return 0; - } - sctx = src->data; - dctx = dst->data; - dctx->md = sctx->md; - HMAC_CTX_init(&dctx->ctx); - if (!HMAC_CTX_copy_ex(&dctx->ctx, &sctx->ctx)) { - return 0; - } - if (sctx->ktmp.data) { - if (!ASN1_OCTET_STRING_set(&dctx->ktmp, sctx->ktmp.data, - sctx->ktmp.length)) { - return 0; - } - } - return 1; -} - -static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) { - HMAC_PKEY_CTX *hctx = ctx->data; - - if (hctx == NULL) { - return; - } - - HMAC_CTX_cleanup(&hctx->ctx); - if (hctx->ktmp.data) { - if (hctx->ktmp.length) { - OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); - } - OPENSSL_free(hctx->ktmp.data); - hctx->ktmp.data = NULL; - } - OPENSSL_free(hctx); -} - -static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - ASN1_OCTET_STRING *hkey = NULL; - HMAC_PKEY_CTX *hctx = ctx->data; - - if (!hctx->ktmp.data) { - return 0; - } - hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); - if (!hkey) { - return 0; - } - EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); - - return 1; -} - -static void int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - HMAC_PKEY_CTX *hctx = ctx->pctx->data; - HMAC_Update(&hctx->ctx, data, count); -} - -static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { - /* |mctx| gets repurposed as a hook to call |HMAC_Update|. Suppress the - * automatic setting of |mctx->update| and the rest of its initialization. */ - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - mctx->update = int_update; - return 1; -} - -static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx) { - unsigned int hlen; - HMAC_PKEY_CTX *hctx = ctx->data; - size_t md_size = EVP_MD_CTX_size(mctx); - - if (!sig) { - *siglen = md_size; - return 1; - } else if (*siglen < md_size) { - OPENSSL_PUT_ERROR(EVP, hmac_signctx, EVP_R_BUFFER_TOO_SMALL); - return 0; - } - - if (!HMAC_Final(&hctx->ctx, sig, &hlen)) { - return 0; - } - *siglen = (size_t)hlen; - return 1; -} - -static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - HMAC_PKEY_CTX *hctx = ctx->data; - ASN1_OCTET_STRING *key; - - switch (type) { - case EVP_PKEY_CTRL_SET_MAC_KEY: - if ((!p2 && p1 > 0) || (p1 < -1)) { - return 0; - } - if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) { - return 0; - } - break; - - case EVP_PKEY_CTRL_MD: - hctx->md = p2; - break; - - case EVP_PKEY_CTRL_DIGESTINIT: - key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; - if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, - ctx->engine)) { - return 0; - } - break; - - default: - OPENSSL_PUT_ERROR(EVP, pkey_hmac_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); - return 0; - } - return 1; -} - -const EVP_PKEY_METHOD hmac_pkey_meth = { - EVP_PKEY_HMAC, 0 /* flags */, pkey_hmac_init, - pkey_hmac_copy, pkey_hmac_cleanup, 0 /* paramgen_init */, - 0 /* paramgen */, 0 /* keygen_init */, pkey_hmac_keygen, - 0 /* sign_init */, 0 /* sign */, 0 /* verify_init */, - 0 /* verify */, hmac_signctx_init, hmac_signctx, - 0 /* verifyctx_init */, 0 /* verifyctx */, 0 /* encrypt_init */, - 0 /* encrypt */, 0 /* decrypt_init */, 0 /* decrypt */, - 0 /* derive_init */, 0 /* derive */, pkey_hmac_ctrl, - 0, -}; diff --git a/src/crypto/evp/p_hmac_asn1.c b/src/crypto/evp/p_hmac_asn1.c deleted file mode 100644 index 8aa6676..0000000 --- a/src/crypto/evp/p_hmac_asn1.c +++ /dev/null @@ -1,89 +0,0 @@ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2007. - */ -/* ==================================================================== - * Copyright (c) 2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). */ - -#include <openssl/evp.h> - -#include <openssl/asn1.h> -#include <openssl/digest.h> -#include <openssl/mem.h> -#include <openssl/obj.h> - -#include "internal.h" - - -static int hmac_size(const EVP_PKEY *pkey) { return EVP_MAX_MD_SIZE; } - -static void hmac_key_free(EVP_PKEY *pkey) { - ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; - if (os) { - if (os->data) { - OPENSSL_cleanse(os->data, os->length); - } - ASN1_OCTET_STRING_free(os); - } -} - -const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { - EVP_PKEY_HMAC, EVP_PKEY_HMAC, 0 /* flags */, - "HMAC", "OpenSSL HMAC method", 0 /* pub_decode */, - 0 /* pub_encode */, 0 /* pub_cmp */, 0 /* pub_print */, - 0 /*priv_decode */, 0 /* priv_encode */, 0 /* priv_print */, - 0 /* pkey_opaque */, 0 /* pkey_supports_digest */, - hmac_size, 0 /* pkey_bits */, 0 /* param_decode */, - 0 /* param_encode*/, 0 /* param_missing*/, 0 /* param_copy*/, - 0 /* param_cmp*/, 0 /* param_print*/, 0 /* sig_print*/, - hmac_key_free, 0 /* old_priv_decode */, - 0 /* old_priv_encode */ -}; diff --git a/src/crypto/evp/p_rsa.c b/src/crypto/evp/p_rsa.c index 5abc075..cfecbfd 100644 --- a/src/crypto/evp/p_rsa.c +++ b/src/crypto/evp/p_rsa.c @@ -174,7 +174,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, } if (*siglen < key_len) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_sign, EVP_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); return 0; } @@ -182,12 +182,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, unsigned int out_len; if (tbslen != EVP_MD_size(rctx->md)) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_sign, EVP_R_INVALID_DIGEST_LENGTH); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_DIGEST_LENGTH); return 0; } if (EVP_MD_type(rctx->md) == NID_mdc2) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_sign, EVP_R_NO_MDC2_SUPPORT); + OPENSSL_PUT_ERROR(EVP, EVP_R_NO_MDC2_SUPPORT); return 0; } @@ -268,7 +268,7 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, } if (*outlen < key_len) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_encrypt, EVP_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); return 0; } @@ -300,7 +300,7 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, } if (*outlen < key_len) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_decrypt, EVP_R_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); return 0; } @@ -333,7 +333,7 @@ static int check_padding_md(const EVP_MD *md, int padding) { } if (padding == RSA_NO_PADDING) { - OPENSSL_PUT_ERROR(EVP, check_padding_md, EVP_R_INVALID_PADDING_MODE); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PADDING_MODE); return 0; } @@ -361,8 +361,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { 0 == (ctx->operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) || (p1 == RSA_PKCS1_OAEP_PADDING && 0 == (ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, - EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); + OPENSSL_PUT_ERROR(EVP, EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); return 0; } if ((p1 == RSA_PKCS1_PSS_PADDING || p1 == RSA_PKCS1_OAEP_PADDING) && @@ -379,7 +378,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PSS_SALTLEN); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PSS_SALTLEN); return 0; } if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) { @@ -394,7 +393,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: if (p1 < 256) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_KEYBITS); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_KEYBITS); return 0; } rctx->nbits = p1; @@ -411,7 +410,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_RSA_OAEP_MD: case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PADDING_MODE); return 0; } if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) { @@ -436,7 +435,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_MGF1_MD); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_MGF1_MD); return 0; } if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { @@ -452,7 +451,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_RSA_OAEP_LABEL: if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PADDING_MODE); return 0; } OPENSSL_free(rctx->oaep_label); @@ -469,17 +468,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL: if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { - OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PADDING_MODE); return 0; } CBS_init((CBS *)p2, rctx->oaep_label, rctx->oaep_labellen); return 1; - case EVP_PKEY_CTRL_DIGESTINIT: - return 1; - default: - OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED); return 0; } } @@ -509,14 +505,13 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { } const EVP_PKEY_METHOD rsa_pkey_meth = { - EVP_PKEY_RSA, 0 /* flags */, pkey_rsa_init, - pkey_rsa_copy, pkey_rsa_cleanup, 0 /* paramgen_init */, - 0 /* paramgen */, 0 /* keygen_init */, pkey_rsa_keygen, - 0 /* sign_init */, pkey_rsa_sign, 0 /* verify_init */, - pkey_rsa_verify, 0 /* signctx_init */, 0 /* signctx */, - 0 /* verifyctx_init */, 0 /* verifyctx */, 0 /* encrypt_init */, - pkey_rsa_encrypt, 0 /* decrypt_init */, pkey_rsa_decrypt, - 0 /* derive_init */, 0 /* derive */, pkey_rsa_ctrl, + EVP_PKEY_RSA, 0 /* flags */, pkey_rsa_init, + pkey_rsa_copy, pkey_rsa_cleanup, 0 /* paramgen_init */, + 0 /* paramgen */, 0 /* keygen_init */, pkey_rsa_keygen, + 0 /* sign_init */, pkey_rsa_sign, 0 /* verify_init */, + pkey_rsa_verify, 0 /* encrypt_init */, pkey_rsa_encrypt, + 0 /* decrypt_init */, pkey_rsa_decrypt, 0 /* derive_init */, + 0 /* derive */, pkey_rsa_ctrl, }; int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding) { @@ -593,7 +588,7 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, return -1; } if (CBS_len(&label) > INT_MAX) { - OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_get0_rsa_oaep_label, ERR_R_OVERFLOW); + OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW); return -1; } *out_label = CBS_data(&label); diff --git a/src/crypto/evp/p_rsa_asn1.c b/src/crypto/evp/p_rsa_asn1.c index 1e2d3f6..f60625b 100644 --- a/src/crypto/evp/p_rsa_asn1.c +++ b/src/crypto/evp/p_rsa_asn1.c @@ -57,6 +57,7 @@ #include <openssl/asn1.h> #include <openssl/asn1t.h> +#include <openssl/bytestring.h> #include <openssl/digest.h> #include <openssl/err.h> #include <openssl/mem.h> @@ -69,16 +70,14 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { - uint8_t *encoded = NULL; - int len; - len = i2d_RSAPublicKey(pkey->pkey.rsa, &encoded); - - if (len <= 0) { + uint8_t *encoded; + size_t encoded_len; + if (!RSA_public_key_to_bytes(&encoded, &encoded_len, pkey->pkey.rsa)) { return 0; } if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), V_ASN1_NULL, NULL, - encoded, len)) { + encoded, encoded_len)) { OPENSSL_free(encoded); return 0; } @@ -89,16 +88,25 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { const uint8_t *p; int pklen; - RSA *rsa; - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) { return 0; } - rsa = d2i_RSAPublicKey(NULL, &p, pklen); - if (rsa == NULL) { - OPENSSL_PUT_ERROR(EVP, rsa_pub_decode, ERR_R_RSA_LIB); + + /* Estonian IDs issued between September 2014 to September 2015 are + * broken. See https://crbug.com/532048 and https://crbug.com/534766. + * + * TODO(davidben): Switch this to the strict version in March 2016 or when + * Chromium can force client certificates down a different codepath, whichever + * comes first. */ + CBS cbs; + CBS_init(&cbs, p, pklen); + RSA *rsa = RSA_parse_public_key_buggy(&cbs); + if (rsa == NULL || CBS_len(&cbs) != 0) { + OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); + RSA_free(rsa); return 0; } + EVP_PKEY_assign_RSA(pkey, rsa); return 1; } @@ -109,20 +117,17 @@ static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { } static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { - uint8_t *rk = NULL; - int rklen; - - rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); - - if (rklen <= 0) { - OPENSSL_PUT_ERROR(EVP, rsa_priv_encode, ERR_R_MALLOC_FAILURE); + uint8_t *encoded; + size_t encoded_len; + if (!RSA_private_key_to_bytes(&encoded, &encoded_len, pkey->pkey.rsa)) { return 0; } /* TODO(fork): const correctness in next line. */ if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_rsaEncryption), 0, - V_ASN1_NULL, NULL, rk, rklen)) { - OPENSSL_PUT_ERROR(EVP, rsa_priv_encode, ERR_R_MALLOC_FAILURE); + V_ASN1_NULL, NULL, encoded, encoded_len)) { + OPENSSL_free(encoded); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); return 0; } @@ -132,16 +137,14 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { const uint8_t *p; int pklen; - RSA *rsa; - if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) { - OPENSSL_PUT_ERROR(EVP, rsa_priv_decode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); return 0; } - rsa = d2i_RSAPrivateKey(NULL, &p, pklen); + RSA *rsa = RSA_private_key_from_bytes(p, pklen); if (rsa == NULL) { - OPENSSL_PUT_ERROR(EVP, rsa_priv_decode, ERR_R_RSA_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_RSA_LIB); return 0; } @@ -198,11 +201,24 @@ static int do_rsa_print(BIO *out, const RSA *rsa, int off, update_buflen(rsa->dmp1, &buf_len); update_buflen(rsa->dmq1, &buf_len); update_buflen(rsa->iqmp, &buf_len); + + if (rsa->additional_primes != NULL) { + size_t i; + + for (i = 0; i < sk_RSA_additional_prime_num(rsa->additional_primes); + i++) { + const RSA_additional_prime *ap = + sk_RSA_additional_prime_value(rsa->additional_primes, i); + update_buflen(ap->prime, &buf_len); + update_buflen(ap->exp, &buf_len); + update_buflen(ap->coeff, &buf_len); + } + } } m = (uint8_t *)OPENSSL_malloc(buf_len + 10); if (m == NULL) { - OPENSSL_PUT_ERROR(EVP, do_rsa_print, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto err; } @@ -241,6 +257,28 @@ static int do_rsa_print(BIO *out, const RSA *rsa, int off, !ASN1_bn_print(out, "coefficient:", rsa->iqmp, m, off)) { goto err; } + + if (rsa->additional_primes != NULL && + sk_RSA_additional_prime_num(rsa->additional_primes) > 0) { + size_t i; + + if (BIO_printf(out, "otherPrimeInfos:\n") <= 0) { + goto err; + } + for (i = 0; i < sk_RSA_additional_prime_num(rsa->additional_primes); + i++) { + const RSA_additional_prime *ap = + sk_RSA_additional_prime_value(rsa->additional_primes, i); + + if (BIO_printf(out, "otherPrimeInfo (prime %u):\n", + (unsigned)(i + 3)) <= 0 || + !ASN1_bn_print(out, "prime:", ap->prime, m, off) || + !ASN1_bn_print(out, "exponent:", ap->exp, m, off) || + !ASN1_bn_print(out, "coeff:", ap->coeff, m, off)) { + goto err; + } + } + } } ret = 1; @@ -407,18 +445,18 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, return 1; } -static int old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, +static int old_rsa_priv_decode(EVP_PKEY *pkey, const uint8_t **pder, int derlen) { RSA *rsa = d2i_RSAPrivateKey(NULL, pder, derlen); if (rsa == NULL) { - OPENSSL_PUT_ERROR(EVP, old_rsa_priv_decode, ERR_R_RSA_LIB); + OPENSSL_PUT_ERROR(EVP, ERR_R_RSA_LIB); return 0; } EVP_PKEY_assign_RSA(pkey, rsa); return 1; } -static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) { +static int old_rsa_priv_encode(const EVP_PKEY *pkey, uint8_t **pder) { return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); } @@ -474,7 +512,7 @@ static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg) { } md = EVP_get_digestbyobj(alg->algorithm); if (md == NULL) { - OPENSSL_PUT_ERROR(EVP, rsa_algor_to_md, EVP_R_UNKNOWN_DIGEST); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_DIGEST); } return md; } @@ -487,16 +525,16 @@ static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash) { } /* Check mask and lookup mask hash algorithm */ if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) { - OPENSSL_PUT_ERROR(EVP, rsa_mgf1_to_md, EVP_R_UNSUPPORTED_MASK_ALGORITHM); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_MASK_ALGORITHM); return NULL; } if (!maskHash) { - OPENSSL_PUT_ERROR(EVP, rsa_mgf1_to_md, EVP_R_UNSUPPORTED_MASK_PARAMETER); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_MASK_PARAMETER); return NULL; } md = EVP_get_digestbyobj(maskHash->algorithm); if (md == NULL) { - OPENSSL_PUT_ERROR(EVP, rsa_mgf1_to_md, EVP_R_UNKNOWN_MASK_DIGEST); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNKNOWN_MASK_DIGEST); return NULL; } return md; @@ -576,13 +614,13 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) { /* Sanity check: make sure it is PSS */ if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { - OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_UNSUPPORTED_SIGNATURE_TYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_SIGNATURE_TYPE); return 0; } /* Decode PSS parameters */ pss = rsa_pss_decode(sigalg, &maskHash); if (pss == NULL) { - OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_INVALID_PSS_PARAMETERS); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PSS_PARAMETERS); goto err; } @@ -602,7 +640,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) { /* Could perform more salt length sanity checks but the main * RSA routines will trap other invalid values anyway. */ if (saltlen < 0) { - OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_INVALID_SALT_LENGTH); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_SALT_LENGTH); goto err; } } @@ -610,7 +648,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) { /* low-level routines support only trailer field 0xbc (value 1) * and PKCS#1 says we should reject any other value anyway. */ if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { - OPENSSL_PUT_ERROR(EVP, rsa_pss_to_ctx, EVP_R_INVALID_TRAILER); + OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_TRAILER); goto err; } @@ -638,8 +676,7 @@ static int rsa_digest_verify_init_from_algorithm(EVP_MD_CTX *ctx, EVP_PKEY *pkey) { /* Sanity check: make sure it is PSS */ if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { - OPENSSL_PUT_ERROR(EVP, rsa_digest_verify_init_from_algorithm, - EVP_R_UNSUPPORTED_SIGNATURE_TYPE); + OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_SIGNATURE_TYPE); return 0; } return rsa_pss_to_ctx(ctx, sigalg, pkey); @@ -671,7 +708,6 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = { ASN1_PKEY_SIGPARAM_NULL, "RSA", - "OpenSSL RSA method", rsa_pub_decode, rsa_pub_encode, diff --git a/src/crypto/ex_data.c b/src/crypto/ex_data.c index 10fefc8..f562f17 100644 --- a/src/crypto/ex_data.c +++ b/src/crypto/ex_data.c @@ -138,7 +138,7 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index, funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); if (funcs == NULL) { - OPENSSL_PUT_ERROR(CRYPTO, CRYPTO_get_ex_new_index, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } @@ -156,12 +156,13 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index, if (ex_data_class->meth == NULL || !sk_CRYPTO_EX_DATA_FUNCS_push(ex_data_class->meth, funcs)) { - OPENSSL_PUT_ERROR(CRYPTO, CRYPTO_get_ex_new_index, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); OPENSSL_free(funcs); goto err; } - *out_index = sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) - 1; + *out_index = sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) - 1 + + ex_data_class->num_reserved; ret = 1; err: @@ -175,7 +176,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val) { if (ad->sk == NULL) { ad->sk = sk_void_new_null(); if (ad->sk == NULL) { - OPENSSL_PUT_ERROR(CRYPTO, CRYPTO_set_ex_data, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } } @@ -185,7 +186,7 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val) { /* Add NULL values until the stack is long enough. */ for (i = n; i <= index; i++) { if (!sk_void_push(ad->sk, NULL)) { - OPENSSL_PUT_ERROR(CRYPTO, CRYPTO_set_ex_data, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } } @@ -222,7 +223,7 @@ static int get_func_pointers(STACK_OF(CRYPTO_EX_DATA_FUNCS) **out, CRYPTO_STATIC_MUTEX_unlock(&ex_data_class->lock); if (n > 0 && *out == NULL) { - OPENSSL_PUT_ERROR(CRYPTO, get_func_pointers, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); return 0; } @@ -244,8 +245,8 @@ int CRYPTO_new_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj, CRYPTO_EX_DATA_FUNCS *func_pointer = sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i); if (func_pointer->new_func) { - func_pointer->new_func(obj, NULL, ad, i, func_pointer->argl, - func_pointer->argp); + func_pointer->new_func(obj, NULL, ad, i + ex_data_class->num_reserved, + func_pointer->argl, func_pointer->argp); } } @@ -272,12 +273,12 @@ int CRYPTO_dup_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, CRYPTO_EX_DATA *to, for (i = 0; i < sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) { CRYPTO_EX_DATA_FUNCS *func_pointer = sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i); - void *ptr = CRYPTO_get_ex_data(from, i); + void *ptr = CRYPTO_get_ex_data(from, i + ex_data_class->num_reserved); if (func_pointer->dup_func) { - func_pointer->dup_func(to, from, &ptr, i, func_pointer->argl, - func_pointer->argp); + func_pointer->dup_func(to, from, &ptr, i + ex_data_class->num_reserved, + func_pointer->argl, func_pointer->argp); } - CRYPTO_set_ex_data(to, i, ptr); + CRYPTO_set_ex_data(to, i + ex_data_class->num_reserved, ptr); } sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers); @@ -298,9 +299,9 @@ void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj, CRYPTO_EX_DATA_FUNCS *func_pointer = sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i); if (func_pointer->free_func) { - void *ptr = CRYPTO_get_ex_data(ad, i); - func_pointer->free_func(obj, ptr, ad, i, func_pointer->argl, - func_pointer->argp); + void *ptr = CRYPTO_get_ex_data(ad, i + ex_data_class->num_reserved); + func_pointer->free_func(obj, ptr, ad, i + ex_data_class->num_reserved, + func_pointer->argl, func_pointer->argp); } } diff --git a/src/crypto/hkdf/CMakeLists.txt b/src/crypto/hkdf/CMakeLists.txt index 66d680a..53bf558 100644 --- a/src/crypto/hkdf/CMakeLists.txt +++ b/src/crypto/hkdf/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( hkdf diff --git a/src/crypto/hkdf/hkdf.c b/src/crypto/hkdf/hkdf.c index bb7f5a4..f9cdcb0 100644 --- a/src/crypto/hkdf/hkdf.c +++ b/src/crypto/hkdf/hkdf.c @@ -40,7 +40,7 @@ int HKDF(uint8_t *out_key, size_t out_len, /* Expand key material to desired length. */ n = (out_len + digest_len - 1) / digest_len; if (out_len + digest_len < out_len || n > 255) { - OPENSSL_PUT_ERROR(HKDF, HKDF, HKDF_R_OUTPUT_TOO_LARGE); + OPENSSL_PUT_ERROR(HKDF, HKDF_R_OUTPUT_TOO_LARGE); return 0; } @@ -83,7 +83,7 @@ int HKDF(uint8_t *out_key, size_t out_len, out: HMAC_CTX_cleanup(&hmac); if (ret != 1) { - OPENSSL_PUT_ERROR(HKDF, HKDF, ERR_R_HMAC_LIB); + OPENSSL_PUT_ERROR(HKDF, ERR_R_HMAC_LIB); } return ret; } diff --git a/src/crypto/hmac/CMakeLists.txt b/src/crypto/hmac/CMakeLists.txt index 11d267f..392ce01 100644 --- a/src/crypto/hmac/CMakeLists.txt +++ b/src/crypto/hmac/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( hmac diff --git a/src/crypto/hmac/hmac.c b/src/crypto/hmac/hmac.c index 556e7f9..d37a249 100644 --- a/src/crypto/hmac/hmac.c +++ b/src/crypto/hmac/hmac.c @@ -97,7 +97,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx) { EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); - OPENSSL_cleanse(ctx, sizeof(ctx)); + OPENSSL_cleanse(ctx, sizeof(HMAC_CTX)); } int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len, diff --git a/src/crypto/hmac/hmac_tests.txt b/src/crypto/hmac/hmac_tests.txt index 012f593..53f3f8f 100644 --- a/src/crypto/hmac/hmac_tests.txt +++ b/src/crypto/hmac/hmac_tests.txt @@ -1,6 +1,3 @@ -# This test file is shared between evp_test and hmac_test, to test the legacy -# EVP_PKEY_HMAC API. - HMAC = MD5 # Note: The empty key results in passing NULL to HMAC_Init_ex, so this tests # that HMAC_CTX and HMAC treat NULL as the empty key initially. diff --git a/src/crypto/internal.h b/src/crypto/internal.h index 59eddd0..713659d 100644 --- a/src/crypto/internal.h +++ b/src/crypto/internal.h @@ -452,6 +452,7 @@ OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_unlock( typedef enum { OPENSSL_THREAD_LOCAL_ERR = 0, OPENSSL_THREAD_LOCAL_RAND, + OPENSSL_THREAD_LOCAL_URANDOM_BUF, OPENSSL_THREAD_LOCAL_TEST, NUM_OPENSSL_THREAD_LOCALS, } thread_local_data_t; @@ -493,9 +494,14 @@ typedef struct crypto_ex_data_func_st CRYPTO_EX_DATA_FUNCS; typedef struct { struct CRYPTO_STATIC_MUTEX lock; STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; + /* num_reserved is one if the ex_data index zero is reserved for legacy + * |TYPE_get_app_data| functions. */ + uint8_t num_reserved; } CRYPTO_EX_DATA_CLASS; -#define CRYPTO_EX_DATA_CLASS_INIT {CRYPTO_STATIC_MUTEX_INIT, NULL} +#define CRYPTO_EX_DATA_CLASS_INIT {CRYPTO_STATIC_MUTEX_INIT, NULL, 0} +#define CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA \ + {CRYPTO_STATIC_MUTEX_INIT, NULL, 1} /* CRYPTO_get_ex_new_index allocates a new index for |ex_data_class| and writes * it to |*out_index|. Each class of object should provide a wrapper function diff --git a/src/crypto/lhash/CMakeLists.txt b/src/crypto/lhash/CMakeLists.txt index c71b8a1..ce785eb 100644 --- a/src/crypto/lhash/CMakeLists.txt +++ b/src/crypto/lhash/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( lhash diff --git a/src/crypto/lhash/lhash.c b/src/crypto/lhash/lhash.c index c282fa8..257900e 100644 --- a/src/crypto/lhash/lhash.c +++ b/src/crypto/lhash/lhash.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). diff --git a/src/crypto/md4/CMakeLists.txt b/src/crypto/md4/CMakeLists.txt index db7a187..59140a7 100644 --- a/src/crypto/md4/CMakeLists.txt +++ b/src/crypto/md4/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( md4 diff --git a/src/crypto/md5/CMakeLists.txt b/src/crypto/md5/CMakeLists.txt index 6c5e80f..a37c47e 100644 --- a/src/crypto/md5/CMakeLists.txt +++ b/src/crypto/md5/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) if (${ARCH} STREQUAL "x86_64") set( diff --git a/src/crypto/md5/md5.c b/src/crypto/md5/md5.c index 5575efb..6ad8d12 100644 --- a/src/crypto/md5/md5.c +++ b/src/crypto/md5/md5.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). diff --git a/src/crypto/mem.c b/src/crypto/mem.c index ce41440..edd14a8 100644 --- a/src/crypto/mem.c +++ b/src/crypto/mem.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). diff --git a/src/crypto/modes/CMakeLists.txt b/src/crypto/modes/CMakeLists.txt index ffb29b6..6da5207 100644 --- a/src/crypto/modes/CMakeLists.txt +++ b/src/crypto/modes/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) if (${ARCH} STREQUAL "x86_64") set( diff --git a/src/crypto/modes/asm/ghash-armv4.pl b/src/crypto/modes/asm/ghash-armv4.pl index 25a4e27..dc5b99e 100644 --- a/src/crypto/modes/asm/ghash-armv4.pl +++ b/src/crypto/modes/asm/ghash-armv4.pl @@ -45,7 +45,7 @@ # processes one byte in 8.45 cycles, A9 - in 10.2, A15 - in 7.63, # Snapdragon S4 - in 9.33. # -# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software +# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # # http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf @@ -134,7 +134,7 @@ ___ $code=<<___; #if defined(__arm__) -#include "arm_arch.h" +#include <openssl/arm_arch.h> .syntax unified @@ -457,12 +457,12 @@ gcm_ghash_neon: veor $IN,$Xl @ inp^=Xi .Lgmult_neon: ___ - &clmul64x64 ($Xl,$Hlo,"$IN#lo"); # H.lo·Xi.lo + &clmul64x64 ($Xl,$Hlo,"$IN#lo"); # H.lo·Xi.lo $code.=<<___; veor $IN#lo,$IN#lo,$IN#hi @ Karatsuba pre-processing ___ - &clmul64x64 ($Xm,$Hhl,"$IN#lo"); # (H.lo+H.hi)·(Xi.lo+Xi.hi) - &clmul64x64 ($Xh,$Hhi,"$IN#hi"); # H.hi·Xi.hi + &clmul64x64 ($Xm,$Hhl,"$IN#lo"); # (H.lo+H.hi)·(Xi.lo+Xi.hi) + &clmul64x64 ($Xh,$Hhi,"$IN#hi"); # H.hi·Xi.hi $code.=<<___; veor $Xm,$Xm,$Xl @ Karatsuba post-processing veor $Xm,$Xm,$Xh diff --git a/src/crypto/modes/asm/ghash-x86.pl b/src/crypto/modes/asm/ghash-x86.pl index 23a5527..0269169 100644 --- a/src/crypto/modes/asm/ghash-x86.pl +++ b/src/crypto/modes/asm/ghash-x86.pl @@ -358,7 +358,7 @@ $S=12; # shift factor for rem_4bit # effective address calculation and finally merge of value to Z.hi. # Reference to rem_4bit is scheduled so late that I had to >>4 # rem_4bit elements. This resulted in 20-45% procent improvement -# on contemporary µ-archs. +# on contemporary µ-archs. { my $cnt; my $rem_4bit = "eax"; diff --git a/src/crypto/modes/asm/ghash-x86_64.pl b/src/crypto/modes/asm/ghash-x86_64.pl index 6e656ca..5a7ce39 100644 --- a/src/crypto/modes/asm/ghash-x86_64.pl +++ b/src/crypto/modes/asm/ghash-x86_64.pl @@ -576,15 +576,15 @@ $code.=<<___ if (0 || (&reduction_alg9($Xhi,$Xi)&&0)); # experimental alternative. special thing about is that there # no dependency between the two multiplications... mov \$`0xE1<<1`,%eax - mov \$0xA040608020C0E000,%r10 # ((7..0)·0xE0)&0xff + mov \$0xA040608020C0E000,%r10 # ((7..0)·0xE0)&0xff mov \$0x07,%r11d movq %rax,$T1 movq %r10,$T2 movq %r11,$T3 # borrow $T3 pand $Xi,$T3 - pshufb $T3,$T2 # ($Xi&7)·0xE0 + pshufb $T3,$T2 # ($Xi&7)·0xE0 movq %rax,$T3 - pclmulqdq \$0x00,$Xi,$T1 # ·(0xE1<<1) + pclmulqdq \$0x00,$Xi,$T1 # ·(0xE1<<1) pxor $Xi,$T2 pslldq \$15,$T2 paddd $T2,$T2 # <<(64+56+1) @@ -657,7 +657,7 @@ $code.=<<___; je .Lskip4x sub \$0x30,$len - mov \$0xA040608020C0E000,%rax # ((7..0)·0xE0)&0xff + mov \$0xA040608020C0E000,%rax # ((7..0)·0xE0)&0xff movdqu 0x30($Htbl),$Hkey3 movdqu 0x40($Htbl),$Hkey4 diff --git a/src/crypto/modes/asm/ghashv8-armx.pl b/src/crypto/modes/asm/ghashv8-armx.pl index 686951f..3a7b8d8 100644 --- a/src/crypto/modes/asm/ghashv8-armx.pl +++ b/src/crypto/modes/asm/ghashv8-armx.pl @@ -54,7 +54,7 @@ my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3)); my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14)); $code=<<___; -#include "arm_arch.h" +#include <openssl/arm_arch.h> .text ___ @@ -148,10 +148,10 @@ gcm_gmult_v8: #endif vext.8 $IN,$t1,$t1,#8 - vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo + vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) + vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh @@ -239,7 +239,7 @@ $code.=<<___; #endif vext.8 $In,$t1,$t1,#8 veor $IN,$IN,$Xl @ I[i]^=Xi - vpmull.p64 $Xln,$H,$In @ H·Ii+1 + vpmull.p64 $Xln,$H,$In @ H·Ii+1 veor $t1,$t1,$In @ Karatsuba pre-processing vpmull2.p64 $Xhn,$H,$In b .Loop_mod2x_v8 @@ -248,14 +248,14 @@ $code.=<<___; .Loop_mod2x_v8: vext.8 $t2,$IN,$IN,#8 subs $len,$len,#32 @ is there more data? - vpmull.p64 $Xl,$H2,$IN @ H^2.lo·Xi.lo + vpmull.p64 $Xl,$H2,$IN @ H^2.lo·Xi.lo cclr $inc,lo @ is it time to zero $inc? vpmull.p64 $Xmn,$Hhl,$t1 veor $t2,$t2,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H2,$IN @ H^2.hi·Xi.hi + vpmull2.p64 $Xh,$H2,$IN @ H^2.hi·Xi.hi veor $Xl,$Xl,$Xln @ accumulate - vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) + vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) vld1.64 {$t0},[$inp],$inc @ load [rotated] I[i+2] veor $Xh,$Xh,$Xhn @@ -280,7 +280,7 @@ $code.=<<___; vext.8 $In,$t1,$t1,#8 vext.8 $IN,$t0,$t0,#8 veor $Xl,$Xm,$t2 - vpmull.p64 $Xln,$H,$In @ H·Ii+1 + vpmull.p64 $Xln,$H,$In @ H·Ii+1 veor $IN,$IN,$Xh @ accumulate $IN early vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction @@ -304,10 +304,10 @@ $code.=<<___; veor $IN,$IN,$Xl @ inp^=Xi veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi - vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo + vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) + vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing veor $t2,$Xl,$Xh diff --git a/src/crypto/modes/gcm.c b/src/crypto/modes/gcm.c index b1c10b3..593dce8 100644 --- a/src/crypto/modes/gcm.c +++ b/src/crypto/modes/gcm.c @@ -349,12 +349,12 @@ void gcm_ghash_4bit_x86(uint64_t Xi[2], const u128 Htable[16], const uint8_t *in size_t len); #endif #elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64) -#include "../arm_arch.h" +#include <openssl/arm_arch.h> #if __ARM_ARCH__ >= 7 #define GHASH_ASM_ARM #define GCM_FUNCREF_4BIT -static int pmull_capable() { +static int pmull_capable(void) { return (OPENSSL_armcap_P & ARMV8_PMULL) != 0; } @@ -365,7 +365,7 @@ void gcm_ghash_v8(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, #if defined(OPENSSL_ARM) /* 32-bit ARM also has support for doing GCM with NEON instructions. */ -static int neon_capable() { +static int neon_capable(void) { return CRYPTO_is_NEON_capable(); } @@ -375,7 +375,7 @@ void gcm_ghash_neon(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp, size_t len); #else /* AArch64 only has the ARMv8 versions of functions. */ -static int neon_capable() { +static int neon_capable(void) { return 0; } void gcm_init_neon(u128 Htable[16], const uint64_t Xi[2]) { diff --git a/src/crypto/modes/gcm_test.c b/src/crypto/modes/gcm_test.c index a8819ea..89ed792 100644 --- a/src/crypto/modes/gcm_test.c +++ b/src/crypto/modes/gcm_test.c @@ -55,6 +55,7 @@ #include <openssl/modes.h> #include "internal.h" +#include "../test/test_util.h" struct test_case { @@ -298,17 +299,6 @@ err: return 0; } -void hexdump(const char *msg, const void *in, size_t len) { - const uint8_t *data = in; - size_t i; - - fprintf(stderr, "%s: ", msg); - for (i = 0; i < len; i++) { - fprintf(stderr, "%02x", data[i]); - } - fprintf(stderr, "\n"); -} - static int run_test_case(unsigned test_num, const struct test_case *test) { size_t key_len, plaintext_len, additional_data_len, nonce_len, ciphertext_len, tag_len; @@ -367,8 +357,8 @@ static int run_test_case(unsigned test_num, const struct test_case *test) { if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len) || (ciphertext && memcmp(out, ciphertext, plaintext_len) != 0)) { fprintf(stderr, "%u: encrypt failed.\n", test_num); - hexdump("got ", out, plaintext_len); - hexdump("want", ciphertext, plaintext_len); + hexdump(stderr, "got :", out, plaintext_len); + hexdump(stderr, "want:", ciphertext, plaintext_len); goto out; } diff --git a/src/crypto/modes/internal.h b/src/crypto/modes/internal.h index d12405e..caeac40 100644 --- a/src/crypto/modes/internal.h +++ b/src/crypto/modes/internal.h @@ -173,11 +173,6 @@ struct gcm128_context { void *key; }; -struct xts128_context { - void *key1, *key2; - block128_f block1, block2; -}; - struct ccm128_context { union { uint64_t u[2]; diff --git a/src/crypto/obj/CMakeLists.txt b/src/crypto/obj/CMakeLists.txt index a27e504..b8a4ef3 100644 --- a/src/crypto/obj/CMakeLists.txt +++ b/src/crypto/obj/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( obj diff --git a/src/crypto/obj/obj.c b/src/crypto/obj/obj.c index bf16d17..94f739c 100644 --- a/src/crypto/obj/obj.c +++ b/src/crypto/obj/obj.c @@ -108,7 +108,7 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { r = ASN1_OBJECT_new(); if (r == NULL) { - OPENSSL_PUT_ERROR(OBJ, OBJ_dup, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(OBJ, ERR_R_ASN1_LIB); return NULL; } r->ln = r->sn = NULL; @@ -149,7 +149,7 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { return r; err: - OPENSSL_PUT_ERROR(OBJ, OBJ_dup, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(OBJ, ERR_R_MALLOC_FAILURE); OPENSSL_free(ln); OPENSSL_free(sn); OPENSSL_free(data); @@ -337,7 +337,7 @@ const ASN1_OBJECT *OBJ_nid2obj(int nid) { CRYPTO_STATIC_MUTEX_unlock(&global_added_lock); err: - OPENSSL_PUT_ERROR(OBJ, OBJ_nid2obj, OBJ_R_UNKNOWN_NID); + OPENSSL_PUT_ERROR(OBJ, OBJ_R_UNKNOWN_NID); return NULL; } @@ -388,7 +388,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names) { buf = OPENSSL_malloc(total_len); if (buf == NULL) { - OPENSSL_PUT_ERROR(OBJ, OBJ_txt2obj, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(OBJ, ERR_R_MALLOC_FAILURE); return NULL; } @@ -636,7 +636,7 @@ int OBJ_create(const char *oid, const char *short_name, const char *long_name) { buf = OPENSSL_malloc(len); if (buf == NULL) { - OPENSSL_PUT_ERROR(OBJ, OBJ_create, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(OBJ, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/src/crypto/pem/CMakeLists.txt b/src/crypto/pem/CMakeLists.txt index 720ba2f..30dd7c9 100644 --- a/src/crypto/pem/CMakeLists.txt +++ b/src/crypto/pem/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( pem diff --git a/src/crypto/pem/pem_info.c b/src/crypto/pem/pem_info.c index 3f02619..b4ae805 100644 --- a/src/crypto/pem/pem_info.c +++ b/src/crypto/pem/pem_info.c @@ -80,7 +80,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_p if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_X509_INFO_read, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -107,7 +107,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe { if ((ret=sk_X509_INFO_new_null()) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_X509_INFO_read_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); goto err; } } @@ -248,13 +248,13 @@ start: { if (!d2i_PrivateKey(ptype, pp, &p, len)) { - OPENSSL_PUT_ERROR(PEM, PEM_X509_INFO_read_bio, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); goto err; } } else if (d2i(pp,&p,len) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_X509_INFO_read_bio, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); goto err; } } @@ -326,7 +326,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); if (objstr == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_X509_INFO_write_bio, PEM_R_UNSUPPORTED_CIPHER); + OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER); goto err; } } @@ -342,7 +342,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, { if (enc == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_X509_INFO_write_bio, PEM_R_CIPHER_IS_NULL); + OPENSSL_PUT_ERROR(PEM, PEM_R_CIPHER_IS_NULL); goto err; } @@ -360,7 +360,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, EVP_CIPHER_nid(xi->enc_cipher.cipher)); if (objstr == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_X509_INFO_write_bio, PEM_R_UNSUPPORTED_CIPHER); + OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER); goto err; } diff --git a/src/crypto/pem/pem_lib.c b/src/crypto/pem/pem_lib.c index 5201467..5915696 100644 --- a/src/crypto/pem/pem_lib.c +++ b/src/crypto/pem/pem_lib.c @@ -128,7 +128,7 @@ void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_ASN1_read, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -275,7 +275,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_ASN1_write, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -302,14 +302,14 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); if (objstr == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_ASN1_write_bio, PEM_R_UNSUPPORTED_CIPHER); + OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER); goto err; } } if ((dsize=i2d(x,NULL)) < 0) { - OPENSSL_PUT_ERROR(PEM, PEM_ASN1_write_bio, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); dsize=0; goto err; } @@ -318,7 +318,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); if (data == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_ASN1_write_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); goto err; } p=data; @@ -336,7 +336,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, klen=(*callback)(buf,PEM_BUFSIZE,1,u); if (klen <= 0) { - OPENSSL_PUT_ERROR(PEM, PEM_ASN1_write_bio, PEM_R_READ_KEY); + OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY); goto err; } kstr=(unsigned char *)buf; @@ -408,7 +408,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, klen=callback(buf,PEM_BUFSIZE,0,u); if (klen <= 0) { - OPENSSL_PUT_ERROR(PEM, PEM_do_header, PEM_R_BAD_PASSWORD_READ); + OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ); return(0); } @@ -428,7 +428,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, OPENSSL_cleanse((char *)key,sizeof(key)); if (!o) { - OPENSSL_PUT_ERROR(PEM, PEM_do_header, PEM_R_BAD_DECRYPT); + OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_DECRYPT); return(0); } j+=i; @@ -437,11 +437,18 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, } static const EVP_CIPHER* cipher_by_name(const char *name) { - if (strcmp(name, "DES-CBC") == 0) { + /* This is similar to the (deprecated) function |EVP_get_cipherbyname|. */ + if (0 == strcmp(name, SN_rc4)) { + return EVP_rc4(); + } else if (0 == strcmp(name, SN_des_cbc)) { return EVP_des_cbc(); - } else if (strcmp(name, "AES-128-CBC") == 0) { + } else if (0 == strcmp(name, SN_des_ede3_cbc)) { + return EVP_des_ede3_cbc(); + } else if (0 == strcmp(name, SN_aes_128_cbc)) { return EVP_aes_128_cbc(); - } else if (strcmp(name, "AES-256-CBC") == 0) { + } else if (0 == strcmp(name, SN_aes_192_cbc)) { + return EVP_aes_192_cbc(); + } else if (0 == strcmp(name, SN_aes_256_cbc)) { return EVP_aes_256_cbc(); } else { return NULL; @@ -458,19 +465,19 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) if ((header == NULL) || (*header == '\0') || (*header == '\n')) return(1); if (strncmp(header,"Proc-Type: ",11) != 0) - { OPENSSL_PUT_ERROR(PEM, PEM_get_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE); return(0); } + { OPENSSL_PUT_ERROR(PEM, PEM_R_NOT_PROC_TYPE); return(0); } header+=11; if (*header != '4') return(0); header++; if (*header != ',') return(0); header++; if (strncmp(header,"ENCRYPTED",9) != 0) - { OPENSSL_PUT_ERROR(PEM, PEM_get_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED); return(0); } + { OPENSSL_PUT_ERROR(PEM, PEM_R_NOT_ENCRYPTED); return(0); } for (; (*header != '\n') && (*header != '\0'); header++) ; if (*header == '\0') - { OPENSSL_PUT_ERROR(PEM, PEM_get_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER); return(0); } + { OPENSSL_PUT_ERROR(PEM, PEM_R_SHORT_HEADER); return(0); } header++; if (strncmp(header,"DEK-Info: ",10) != 0) - { OPENSSL_PUT_ERROR(PEM, PEM_get_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO); return(0); } + { OPENSSL_PUT_ERROR(PEM, PEM_R_NOT_DEK_INFO); return(0); } header+=10; p=header; @@ -489,7 +496,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) if (enc == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_get_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION); + OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_ENCRYPTION); return(0); } if (!load_iv(header_pp,&(cipher->iv[0]),EVP_CIPHER_iv_length(enc))) @@ -516,7 +523,7 @@ static int load_iv(char **fromp, unsigned char *to, int num) v= *from-'a'+10; else { - OPENSSL_PUT_ERROR(PEM, load_iv, PEM_R_BAD_IV_CHARS); + OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_IV_CHARS); return(0); } from++; @@ -536,7 +543,7 @@ int PEM_write(FILE *fp, const char *name, const char *header, if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_write, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -603,7 +610,7 @@ err: OPENSSL_cleanse(buf, PEM_BUFSIZE*8); OPENSSL_free(buf); } - OPENSSL_PUT_ERROR(PEM, PEM_write_bio, reason); + OPENSSL_PUT_ERROR(PEM, reason); return(0); } @@ -616,7 +623,7 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_read, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -644,7 +651,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, BUF_MEM_free(nameB); BUF_MEM_free(headerB); BUF_MEM_free(dataB); - OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); return(0); } @@ -655,7 +662,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, if (i <= 0) { - OPENSSL_PUT_ERROR(PEM, PEM_read_bio, PEM_R_NO_START_LINE); + OPENSSL_PUT_ERROR(PEM, PEM_R_NO_START_LINE); goto err; } @@ -670,7 +677,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, continue; if (!BUF_MEM_grow(nameB,i+9)) { - OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); goto err; } memcpy(nameB->data,&(buf[11]),i-6); @@ -680,7 +687,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, } hl=0; if (!BUF_MEM_grow(headerB,256)) - { OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE); goto err; } + { OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); goto err; } headerB->data[0]='\0'; for (;;) { @@ -692,7 +699,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, if (buf[0] == '\n') break; if (!BUF_MEM_grow(headerB,hl+i+9)) - { OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE); goto err; } + { OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); goto err; } if (strncmp(buf,"-----END ",9) == 0) { nohead=1; @@ -705,7 +712,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, bl=0; if (!BUF_MEM_grow(dataB,1024)) - { OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE); goto err; } + { OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); goto err; } dataB->data[0]='\0'; if (!nohead) { @@ -723,7 +730,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, if (i > 65) break; if (!BUF_MEM_grow_clean(dataB,i+bl+9)) { - OPENSSL_PUT_ERROR(PEM, PEM_read_bio, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE); goto err; } memcpy(&(dataB->data[bl]),buf,i); @@ -754,7 +761,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, (strncmp(nameB->data,&(buf[9]),i) != 0) || (strncmp(&(buf[9+i]),"-----\n",6) != 0)) { - OPENSSL_PUT_ERROR(PEM, PEM_read_bio, PEM_R_BAD_END_LINE); + OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_END_LINE); goto err; } @@ -764,13 +771,13 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, (unsigned char *)dataB->data,bl); if (i < 0) { - OPENSSL_PUT_ERROR(PEM, PEM_read_bio, PEM_R_BAD_BASE64_DECODE); + OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_BASE64_DECODE); goto err; } i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k); if (i < 0) { - OPENSSL_PUT_ERROR(PEM, PEM_read_bio, PEM_R_BAD_BASE64_DECODE); + OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_BASE64_DECODE); goto err; } bl+=k; diff --git a/src/crypto/pem/pem_oth.c b/src/crypto/pem/pem_oth.c index 20d12b6..3e8f6bd 100644 --- a/src/crypto/pem/pem_oth.c +++ b/src/crypto/pem/pem_oth.c @@ -83,7 +83,7 @@ void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, p = data; ret=d2i(x,&p,len); if (ret == NULL) - OPENSSL_PUT_ERROR(PEM, PEM_ASN1_read_bio, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); OPENSSL_free(data); return ret; } diff --git a/src/crypto/pem/pem_pk8.c b/src/crypto/pem/pem_pk8.c index 035038e..0824477 100644 --- a/src/crypto/pem/pem_pk8.c +++ b/src/crypto/pem/pem_pk8.c @@ -118,7 +118,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER char buf[PEM_BUFSIZE]; int ret; if(!(p8inf = EVP_PKEY2PKCS8(x))) { - OPENSSL_PUT_ERROR(PEM, do_pk8pkey, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); + OPENSSL_PUT_ERROR(PEM, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); return 0; } if(enc || (nid != -1)) { @@ -127,7 +127,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER if (!cb) cb = PEM_def_callback; klen = cb(buf, PEM_BUFSIZE, 1, u); if(klen <= 0) { - OPENSSL_PUT_ERROR(PEM, do_pk8pkey, PEM_R_READ_KEY); + OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY); PKCS8_PRIV_KEY_INFO_free(p8inf); return 0; } @@ -163,7 +163,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo if (!cb) cb = PEM_def_callback; klen=cb(psbuf,PEM_BUFSIZE,0,u); if (klen <= 0) { - OPENSSL_PUT_ERROR(PEM, d2i_PKCS8PrivateKey_bio, PEM_R_BAD_PASSWORD_READ); + OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; } @@ -216,7 +216,7 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CI BIO *bp; int ret; if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { - OPENSSL_PUT_ERROR(PEM, do_pk8pkey_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return(0); } ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); @@ -229,7 +229,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo BIO *bp; EVP_PKEY *ret; if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { - OPENSSL_PUT_ERROR(PEM, d2i_PKCS8PrivateKey_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return NULL; } ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); diff --git a/src/crypto/pem/pem_pkey.c b/src/crypto/pem/pem_pkey.c index fe58558..c462727 100644 --- a/src/crypto/pem/pem_pkey.c +++ b/src/crypto/pem/pem_pkey.c @@ -109,7 +109,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo if (!cb) cb = PEM_def_callback; klen=cb(psbuf,PEM_BUFSIZE,0,u); if (klen <= 0) { - OPENSSL_PUT_ERROR(PEM, PEM_read_bio_PrivateKey, PEM_R_BAD_PASSWORD_READ); + OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; } @@ -132,7 +132,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo } p8err: if (ret == NULL) - OPENSSL_PUT_ERROR(PEM, PEM_read_bio_PrivateKey, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); err: OPENSSL_free(nm); @@ -210,7 +210,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) } err: if (ret == NULL) - OPENSSL_PUT_ERROR(PEM, PEM_read_bio_Parameters, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); OPENSSL_free(nm); OPENSSL_free(data); return(ret); @@ -236,7 +236,7 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_read_PrivateKey, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -254,7 +254,7 @@ int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_write_PrivateKey, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return 0; } ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u); @@ -287,7 +287,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) ret = d2i_DHparams(x, &p, len); if (ret == NULL) - OPENSSL_PUT_ERROR(PEM, PEM_read_bio_DHparams, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); OPENSSL_free(nm); OPENSSL_free(data); return ret; @@ -301,7 +301,7 @@ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(PEM, PEM_read_DHparams, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); diff --git a/src/crypto/perlasm/arm-xlate.pl b/src/crypto/perlasm/arm-xlate.pl index 81ceb31..706fa70 100755 --- a/src/crypto/perlasm/arm-xlate.pl +++ b/src/crypto/perlasm/arm-xlate.pl @@ -116,6 +116,9 @@ sub expand_line { return $line; } +print "#if defined(__arm__)\n" if ($flavour eq "linux32"); +print "#if defined(__aarch64__)\n" if ($flavour eq "linux64"); + while($line=<>) { if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; } @@ -162,4 +165,6 @@ while($line=<>) { print "\n"; } +print "#endif" if ($flavour eq "linux32" || $flavour eq "linux64"); + close STDOUT; diff --git a/src/crypto/pkcs8/CMakeLists.txt b/src/crypto/pkcs8/CMakeLists.txt index 4426f1e..ce5bce1 100644 --- a/src/crypto/pkcs8/CMakeLists.txt +++ b/src/crypto/pkcs8/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( pkcs8 @@ -19,4 +19,11 @@ add_executable( $<TARGET_OBJECTS:test_support> ) +add_executable( + pkcs8_test + + pkcs8_test.cc +) + +target_link_libraries(pkcs8_test crypto) target_link_libraries(pkcs12_test crypto) diff --git a/src/crypto/pkcs8/internal.h b/src/crypto/pkcs8/internal.h index 44ca4f7..7995e78 100644 --- a/src/crypto/pkcs8/internal.h +++ b/src/crypto/pkcs8/internal.h @@ -66,6 +66,15 @@ extern "C" { #define PKCS5_DEFAULT_ITERATIONS 2048 #define PKCS5_SALT_LEN 8 +/* PKCS5_v2_PBE_keyivgen intializes the supplied |ctx| for PBKDF v2, which must + * be specified by |param|. The password is specified by |pass_raw| and + * |pass_raw_len|. |cipher| and |md| are ignored. + * + * It returns one on success and zero on error. */ +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const uint8_t *pass_raw, + size_t pass_raw_len, ASN1_TYPE *param, + const EVP_CIPHER *cipher, const EVP_MD *md, int enc); + #if defined(__cplusplus) } /* extern C */ diff --git a/src/crypto/pkcs8/p5_pbe.c b/src/crypto/pkcs8/p5_pbe.c index f30ae79..653cabf 100644 --- a/src/crypto/pkcs8/p5_pbe.c +++ b/src/crypto/pkcs8/p5_pbe.c @@ -86,21 +86,21 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, pbe = PBEPARAM_new(); if (!pbe) { - OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); goto err; } if(iter <= 0) iter = PKCS5_DEFAULT_ITERATIONS; if (!ASN1_INTEGER_set(pbe->iter, iter)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); goto err; } if (!saltlen) saltlen = PKCS5_SALT_LEN; if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); goto err; } sstr = ASN1_STRING_data(pbe->salt); @@ -111,7 +111,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); goto err; } @@ -138,7 +138,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, ret = X509_ALGOR_new(); if (!ret) { - OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/src/crypto/pkcs8/p5_pbev2.c b/src/crypto/pkcs8/p5_pbev2.c index 9eb9848..f58aae7 100644 --- a/src/crypto/pkcs8/p5_pbev2.c +++ b/src/crypto/pkcs8/p5_pbev2.c @@ -53,6 +53,8 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). */ +#include <assert.h> +#include <limits.h> #include <string.h> #include <openssl/asn1t.h> @@ -124,7 +126,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, alg_nid = EVP_CIPHER_nid(cipher); if(alg_nid == NID_undef) { - OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe2_set_iv, PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); goto err; } obj = OBJ_nid2obj(alg_nid); @@ -152,7 +154,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) goto err; if(param_to_asn1(&ctx, scheme->parameter) < 0) { - OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe2_set_iv, PKCS8_R_ERROR_SETTING_CIPHER_PARAMS); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ERROR_SETTING_CIPHER_PARAMS); EVP_CIPHER_CTX_cleanup(&ctx); goto err; } @@ -202,7 +204,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, return ret; merr: - OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe2_set_iv, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); err: PBE2PARAM_free(pbe2); @@ -295,9 +297,143 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, return keyfunc; merr: - OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbkdf2_set, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); PBKDF2PARAM_free(kdf); X509_ALGOR_free(keyfunc); return NULL; } +static int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, + const uint8_t *pass_raw, + size_t pass_raw_len, const ASN1_TYPE *param, + const ASN1_TYPE *iv, int enc) { + int rv = 0; + PBKDF2PARAM *pbkdf2param = NULL; + + if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { + OPENSSL_PUT_ERROR(PKCS8, CIPHER_R_NO_CIPHER_SET); + goto err; + } + + /* Decode parameters. */ + if (param == NULL || param->type != V_ASN1_SEQUENCE) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); + goto err; + } + + const uint8_t *pbuf = param->value.sequence->data; + int plen = param->value.sequence->length; + pbkdf2param = d2i_PBKDF2PARAM(NULL, &pbuf, plen); + if (pbkdf2param == NULL || pbuf != param->value.sequence->data + plen) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); + goto err; + } + + /* Now check the parameters. */ + uint8_t key[EVP_MAX_KEY_LENGTH]; + const size_t key_len = EVP_CIPHER_CTX_key_length(ctx); + assert(key_len <= sizeof(key)); + + if (pbkdf2param->keylength != NULL && + ASN1_INTEGER_get(pbkdf2param->keylength) != (int) key_len) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNSUPPORTED_KEYLENGTH); + goto err; + } + + if (pbkdf2param->prf != NULL && + OBJ_obj2nid(pbkdf2param->prf->algorithm) != NID_hmacWithSHA1) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNSUPPORTED_PRF); + goto err; + } + + if (pbkdf2param->salt->type != V_ASN1_OCTET_STRING) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNSUPPORTED_SALT_TYPE); + goto err; + } + + if (pbkdf2param->iter->type != V_ASN1_INTEGER) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_ITERATION_COUNT); + goto err; + } + long iterations = ASN1_INTEGER_get(pbkdf2param->iter); + if (iterations < 0 || iterations > UINT_MAX) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_ITERATION_COUNT); + goto err; + } + + if (iv->type != V_ASN1_OCTET_STRING || iv->value.octet_string == NULL) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ERROR_SETTING_CIPHER_PARAMS); + goto err; + } + + const size_t iv_len = EVP_CIPHER_CTX_iv_length(ctx); + if (iv->value.octet_string->length != iv_len) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ERROR_SETTING_CIPHER_PARAMS); + goto err; + } + + if (!PKCS5_PBKDF2_HMAC_SHA1((const char *) pass_raw, pass_raw_len, + pbkdf2param->salt->value.octet_string->data, + pbkdf2param->salt->value.octet_string->length, + iterations, key_len, key)) { + goto err; + } + + rv = EVP_CipherInit_ex(ctx, NULL /* cipher */, NULL /* engine */, key, + iv->value.octet_string->data, enc); + + err: + PBKDF2PARAM_free(pbkdf2param); + return rv; +} + +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const uint8_t *pass_raw, + size_t pass_raw_len, ASN1_TYPE *param, + const EVP_CIPHER *unused, const EVP_MD *unused2, + int enc) { + PBE2PARAM *pbe2param = NULL; + int rv = 0; + + if (param == NULL || + param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); + goto err; + } + + const uint8_t *pbuf = param->value.sequence->data; + int plen = param->value.sequence->length; + pbe2param = d2i_PBE2PARAM(NULL, &pbuf, plen); + if (pbe2param == NULL || pbuf != param->value.sequence->data + plen) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); + goto err; + } + + /* Check that the key derivation function is PBKDF2. */ + if (OBJ_obj2nid(pbe2param->keyfunc->algorithm) != NID_id_pbkdf2) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); + goto err; + } + + /* See if we recognise the encryption algorithm. */ + const EVP_CIPHER *cipher = + EVP_get_cipherbynid(OBJ_obj2nid(pbe2param->encryption->algorithm)); + if (cipher == NULL) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNSUPPORTED_CIPHER); + goto err; + } + + /* Fixup cipher based on AlgorithmIdentifier. */ + if (!EVP_CipherInit_ex(ctx, cipher, NULL /* engine */, NULL /* key */, + NULL /* iv */, enc)) { + goto err; + } + + rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass_raw, pass_raw_len, + pbe2param->keyfunc->parameter, + pbe2param->encryption->parameter, enc); + + err: + PBE2PARAM_free(pbe2param); + return rv; +} diff --git a/src/crypto/pkcs8/pkcs8.c b/src/crypto/pkcs8/pkcs8.c index 843c74d..8067c91 100644 --- a/src/crypto/pkcs8/pkcs8.c +++ b/src/crypto/pkcs8/pkcs8.c @@ -69,6 +69,7 @@ #include <openssl/mem.h> #include <openssl/x509.h> +#include "internal.h" #include "../bytestring/internal.h" #include "../evp/internal.h" @@ -200,7 +201,7 @@ static int pkcs12_key_gen_raw(const uint8_t *pass_raw, size_t pass_raw_len, } err: - OPENSSL_PUT_ERROR(PKCS8, pkcs12_key_gen_raw, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); end: OPENSSL_free(Ai); @@ -227,14 +228,14 @@ static int pkcs12_pbe_keyivgen(EVP_CIPHER_CTX *ctx, const uint8_t *pass_raw, /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || param->value.sequence == NULL) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_pbe_keyivgen, PKCS8_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); return 0; } pbuf = param->value.sequence->data; pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length); if (pbe == NULL) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_pbe_keyivgen, PKCS8_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); return 0; } @@ -247,13 +248,13 @@ static int pkcs12_pbe_keyivgen(EVP_CIPHER_CTX *ctx, const uint8_t *pass_raw, salt_len = pbe->salt->length; if (!pkcs12_key_gen_raw(pass_raw, pass_raw_len, salt, salt_len, PKCS12_KEY_ID, iterations, EVP_CIPHER_key_length(cipher), key, md)) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_pbe_keyivgen, PKCS8_R_KEY_GEN_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_KEY_GEN_ERROR); PBEPARAM_free(pbe); return 0; } if (!pkcs12_key_gen_raw(pass_raw, pass_raw_len, salt, salt_len, PKCS12_IV_ID, iterations, EVP_CIPHER_iv_length(cipher), iv, md)) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_pbe_keyivgen, PKCS8_R_KEY_GEN_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_KEY_GEN_ERROR); PBEPARAM_free(pbe); return 0; } @@ -274,42 +275,93 @@ struct pbe_suite { const EVP_CIPHER* (*cipher_func)(void); const EVP_MD* (*md_func)(void); keygen_func keygen; + int flags; }; +#define PBE_UCS2_CONVERT_PASSWORD 0x1 + static const struct pbe_suite kBuiltinPBE[] = { { - NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc, EVP_sha1, pkcs12_pbe_keyivgen, + NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc, EVP_sha1, + pkcs12_pbe_keyivgen, PBE_UCS2_CONVERT_PASSWORD }, { NID_pbe_WithSHA1And128BitRC4, EVP_rc4, EVP_sha1, pkcs12_pbe_keyivgen, + PBE_UCS2_CONVERT_PASSWORD }, { NID_pbe_WithSHA1And3_Key_TripleDES_CBC, EVP_des_ede3_cbc, EVP_sha1, - pkcs12_pbe_keyivgen, + pkcs12_pbe_keyivgen, PBE_UCS2_CONVERT_PASSWORD + }, + { + NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen, 0 }, }; +static const struct pbe_suite *get_pbe_suite(int pbe_nid) { + unsigned i; + for (i = 0; i < sizeof(kBuiltinPBE) / sizeof(kBuiltinPBE[0]); i++) { + if (kBuiltinPBE[i].pbe_nid == pbe_nid) { + return &kBuiltinPBE[i]; + } + } + + return NULL; +} + +/* pass_to_pass_raw performs a password conversion (possibly a no-op) + * appropriate to the supplied |pbe_nid|. The input |pass| is treated as a + * NUL-terminated string if |pass_len| is -1, otherwise it is treated as a + * buffer of the specified length. If the supplied PBE NID sets the + * |PBE_UCS2_CONVERT_PASSWORD| flag, the supplied |pass| will be converted to + * UCS-2. + * + * It sets |*out_pass_raw| to a new buffer that must be freed by the caller. It + * returns one on success and zero on error. */ +static int pass_to_pass_raw(int pbe_nid, const char *pass, int pass_len, + uint8_t **out_pass_raw, size_t *out_pass_raw_len) { + if (pass == NULL) { + *out_pass_raw = NULL; + *out_pass_raw_len = 0; + return 1; + } + + if (pass_len == -1) { + pass_len = strlen(pass); + } else if (pass_len < 0 || pass_len > 2000000000) { + OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); + return 0; + } + + const struct pbe_suite *suite = get_pbe_suite(pbe_nid); + if (suite != NULL && (suite->flags & PBE_UCS2_CONVERT_PASSWORD)) { + if (!ascii_to_ucs2(pass, pass_len, out_pass_raw, out_pass_raw_len)) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); + return 0; + } + } else { + *out_pass_raw = BUF_memdup(pass, pass_len); + if (*out_pass_raw == NULL) { + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); + return 0; + } + *out_pass_raw_len = (size_t)pass_len; + } + + return 1; +} + static int pbe_cipher_init(ASN1_OBJECT *pbe_obj, const uint8_t *pass_raw, size_t pass_raw_len, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int is_encrypt) { const EVP_CIPHER *cipher; const EVP_MD *md; - unsigned i; - - const struct pbe_suite *suite = NULL; - const int pbe_nid = OBJ_obj2nid(pbe_obj); - - for (i = 0; i < sizeof(kBuiltinPBE) / sizeof(struct pbe_suite); i++) { - if (kBuiltinPBE[i].pbe_nid == pbe_nid) { - suite = &kBuiltinPBE[i]; - break; - } - } + const struct pbe_suite *suite = get_pbe_suite(OBJ_obj2nid(pbe_obj)); if (suite == NULL) { char obj_str[80]; - OPENSSL_PUT_ERROR(PKCS8, pbe_cipher_init, PKCS8_R_UNKNOWN_ALGORITHM); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_ALGORITHM); if (!pbe_obj) { strncpy(obj_str, "NULL", sizeof(obj_str)); } else { @@ -324,7 +376,7 @@ static int pbe_cipher_init(ASN1_OBJECT *pbe_obj, } else { cipher = suite->cipher_func(); if (!cipher) { - OPENSSL_PUT_ERROR(PKCS8, pbe_cipher_init, PKCS8_R_UNKNOWN_CIPHER); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_CIPHER); return 0; } } @@ -334,14 +386,14 @@ static int pbe_cipher_init(ASN1_OBJECT *pbe_obj, } else { md = suite->md_func(); if (!md) { - OPENSSL_PUT_ERROR(PKCS8, pbe_cipher_init, PKCS8_R_UNKNOWN_DIGEST); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_DIGEST); return 0; } } if (!suite->keygen(ctx, pass_raw, pass_raw_len, param, cipher, md, is_encrypt)) { - OPENSSL_PUT_ERROR(PKCS8, pbe_cipher_init, PKCS8_R_KEYGEN_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_KEYGEN_FAILURE); return 0; } @@ -362,32 +414,32 @@ static int pbe_crypt(const X509_ALGOR *algor, if (!pbe_cipher_init(algor->algorithm, pass_raw, pass_raw_len, algor->parameter, &ctx, is_encrypt)) { - OPENSSL_PUT_ERROR(PKCS8, pbe_crypt, PKCS8_R_UNKNOWN_CIPHER_ALGORITHM); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_CIPHER_ALGORITHM); return 0; } block_size = EVP_CIPHER_CTX_block_size(&ctx); if (in_len + block_size < in_len) { - OPENSSL_PUT_ERROR(PKCS8, pbe_crypt, PKCS8_R_TOO_LONG); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); goto err; } buf = OPENSSL_malloc(in_len + block_size); if (buf == NULL) { - OPENSSL_PUT_ERROR(PKCS8, pbe_crypt, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_CipherUpdate(&ctx, buf, &n, in, in_len)) { OPENSSL_free(buf); - OPENSSL_PUT_ERROR(PKCS8, pbe_crypt, ERR_R_EVP_LIB); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_EVP_LIB); goto err; } *out_len = n; if (!EVP_CipherFinal_ex(&ctx, buf + n, &n)) { OPENSSL_free(buf); - OPENSSL_PUT_ERROR(PKCS8, pbe_crypt, ERR_R_EVP_LIB); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_EVP_LIB); goto err; } *out_len += n; @@ -410,14 +462,14 @@ static void *pkcs12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, if (!pbe_crypt(algor, pass_raw, pass_raw_len, oct->data, oct->length, &out, &out_len, 0 /* decrypt */)) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_item_decrypt_d2i, PKCS8_R_CRYPT_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_CRYPT_ERROR); return NULL; } p = out; ret = ASN1_item_d2i(NULL, &p, out_len, it); OPENSSL_cleanse(out, out_len); if (!ret) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_item_decrypt_d2i, PKCS8_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); } OPENSSL_free(out); return ret; @@ -427,19 +479,12 @@ PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *pkcs8, const char *pass, int pass_len) { uint8_t *pass_raw = NULL; size_t pass_raw_len = 0; - PKCS8_PRIV_KEY_INFO *ret; - - if (pass) { - if (pass_len == -1) { - pass_len = strlen(pass); - } - if (!ascii_to_ucs2(pass, pass_len, &pass_raw, &pass_raw_len)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS8_decrypt, PKCS8_R_DECODE_ERROR); - return NULL; - } + if (!pass_to_pass_raw(OBJ_obj2nid(pkcs8->algor->algorithm), pass, pass_len, + &pass_raw, &pass_raw_len)) { + return NULL; } - ret = PKCS8_decrypt_pbe(pkcs8, pass_raw, pass_raw_len); + PKCS8_PRIV_KEY_INFO *ret = PKCS8_decrypt_pbe(pkcs8, pass_raw, pass_raw_len); if (pass_raw) { OPENSSL_cleanse(pass_raw, pass_raw_len); @@ -466,17 +511,17 @@ static ASN1_OCTET_STRING *pkcs12_item_i2d_encrypt(X509_ALGOR *algor, oct = M_ASN1_OCTET_STRING_new(); if (oct == NULL) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_item_i2d_encrypt, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); return NULL; } in_len = ASN1_item_i2d(obj, &in, it); if (!in) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_item_i2d_encrypt, PKCS8_R_ENCODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ENCODE_ERROR); return NULL; } if (!pbe_crypt(algor, pass_raw, pass_raw_len, in, in_len, &oct->data, &crypt_len, 1 /* encrypt */)) { - OPENSSL_PUT_ERROR(PKCS8, pkcs12_item_i2d_encrypt, PKCS8_R_ENCRYPT_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ENCRYPT_ERROR); OPENSSL_free(in); return NULL; } @@ -491,20 +536,12 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int iterations, PKCS8_PRIV_KEY_INFO *p8inf) { uint8_t *pass_raw = NULL; size_t pass_raw_len = 0; - X509_SIG *ret; - - if (pass) { - if (pass_len == -1) { - pass_len = strlen(pass); - } - if (!ascii_to_ucs2(pass, pass_len, &pass_raw, &pass_raw_len)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS8_encrypt, PKCS8_R_DECODE_ERROR); - return NULL; - } + if (!pass_to_pass_raw(pbe_nid, pass, pass_len, &pass_raw, &pass_raw_len)) { + return NULL; } - ret = PKCS8_encrypt_pbe(pbe_nid, pass_raw, pass_raw_len, - salt, salt_len, iterations, p8inf); + X509_SIG *ret = PKCS8_encrypt_pbe(pbe_nid, cipher, pass_raw, pass_raw_len, + salt, salt_len, iterations, p8inf); if (pass_raw) { OPENSSL_cleanse(pass_raw, pass_raw_len); @@ -513,7 +550,7 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, return ret; } -X509_SIG *PKCS8_encrypt_pbe(int pbe_nid, +X509_SIG *PKCS8_encrypt_pbe(int pbe_nid, const EVP_CIPHER *cipher, const uint8_t *pass_raw, size_t pass_raw_len, uint8_t *salt, size_t salt_len, int iterations, PKCS8_PRIV_KEY_INFO *p8inf) { @@ -522,13 +559,17 @@ X509_SIG *PKCS8_encrypt_pbe(int pbe_nid, pkcs8 = X509_SIG_new(); if (pkcs8 == NULL) { - OPENSSL_PUT_ERROR(PKCS8, PKCS8_encrypt_pbe, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); goto err; } - pbe = PKCS5_pbe_set(pbe_nid, iterations, salt, salt_len); + if (pbe_nid == -1) { + pbe = PKCS5_pbe2_set(cipher, iterations, salt, salt_len); + } else { + pbe = PKCS5_pbe_set(pbe_nid, iterations, salt, salt_len); + } if (!pbe) { - OPENSSL_PUT_ERROR(PKCS8, PKCS8_encrypt_pbe, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_ASN1_LIB); goto err; } @@ -538,7 +579,7 @@ X509_SIG *PKCS8_encrypt_pbe(int pbe_nid, pkcs8->digest = pkcs12_item_i2d_encrypt( pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass_raw, pass_raw_len, p8inf); if (!pkcs8->digest) { - OPENSSL_PUT_ERROR(PKCS8, PKCS8_encrypt_pbe, PKCS8_R_ENCRYPT_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ENCRYPT_ERROR); goto err; } @@ -560,13 +601,12 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { pkey = EVP_PKEY_new(); if (pkey == NULL) { - OPENSSL_PUT_ERROR(PKCS8, EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); return NULL; } if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) { - OPENSSL_PUT_ERROR(PKCS8, EVP_PKCS82PKEY, - PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); i2t_ASN1_OBJECT(obj_tmp, 80, algoid); ERR_add_error_data(2, "TYPE=", obj_tmp); goto error; @@ -574,11 +614,11 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { if (pkey->ameth->priv_decode) { if (!pkey->ameth->priv_decode(pkey, p8)) { - OPENSSL_PUT_ERROR(PKCS8, EVP_PKCS82PKEY, PKCS8_R_PRIVATE_KEY_DECODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PRIVATE_KEY_DECODE_ERROR); goto error; } } else { - OPENSSL_PUT_ERROR(PKCS8, EVP_PKCS82PKEY, PKCS8_R_METHOD_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_METHOD_NOT_SUPPORTED); goto error; } @@ -594,7 +634,7 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) { p8 = PKCS8_PRIV_KEY_INFO_new(); if (p8 == NULL) { - OPENSSL_PUT_ERROR(PKCS8, EVP_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); return NULL; } p8->broken = PKCS8_OK; @@ -602,17 +642,15 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) { if (pkey->ameth) { if (pkey->ameth->priv_encode) { if (!pkey->ameth->priv_encode(p8, pkey)) { - OPENSSL_PUT_ERROR(PKCS8, EVP_PKEY2PKCS8, - PKCS8_R_PRIVATE_KEY_ENCODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PRIVATE_KEY_ENCODE_ERROR); goto error; } } else { - OPENSSL_PUT_ERROR(PKCS8, EVP_PKEY2PKCS8, PKCS8_R_METHOD_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_METHOD_NOT_SUPPORTED); goto error; } } else { - OPENSSL_PUT_ERROR(PKCS8, EVP_PKEY2PKCS8, - PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); goto error; } return p8; @@ -646,8 +684,7 @@ static int PKCS12_handle_content_infos(CBS *content_infos, * pkcs7-encryptedData and a pkcs7-data) and depth 1 (the various PKCS#12 * bags). */ if (depth > 3) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_infos, - PKCS8_R_PKCS12_TOO_DEEPLY_NESTED); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PKCS12_TOO_DEEPLY_NESTED); return 0; } @@ -656,6 +693,7 @@ static int PKCS12_handle_content_infos(CBS *content_infos, * conversion cannot see through those wrappings. So each time we step * through one we need to convert to DER again. */ if (!CBS_asn1_ber_to_der(content_infos, &der_bytes, &der_len)) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); return 0; } @@ -666,16 +704,14 @@ static int PKCS12_handle_content_infos(CBS *content_infos, } if (!CBS_get_asn1(&in, &in, CBS_ASN1_SEQUENCE)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_infos, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } while (CBS_len(&in) > 0) { CBS content_info; if (!CBS_get_asn1(&in, &content_info, CBS_ASN1_SEQUENCE)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_infos, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -705,8 +741,7 @@ static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, if (!CBS_get_asn1(content_info, &content_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(content_info, &wrapped_contents, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -734,14 +769,12 @@ static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, !CBS_get_asn1_element(&eci, &ai, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&eci, &encrypted_contents, CBS_ASN1_CONTEXT_SPECIFIC | 0)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } if (OBJ_cbs2nid(&contents_type) != NID_pkcs7_data) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -752,8 +785,7 @@ static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, } if (inp != CBS_data(&ai) + CBS_len(&ai)) { X509_ALGOR_free(algor); - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -773,8 +805,7 @@ static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, if (!CBS_get_asn1(&wrapped_contents, &octet_string_contents, CBS_ASN1_OCTETSTRING)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -787,8 +818,7 @@ static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, X509_SIG *encrypted = NULL; if (*ctx->out_key) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12); goto err; } @@ -796,13 +826,11 @@ static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, * structure as one and so |X509_SIG| is reused to store it. */ encrypted = d2i_X509_SIG(NULL, &inp, CBS_len(&wrapped_contents)); if (encrypted == NULL) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } if (inp != CBS_data(&wrapped_contents) + CBS_len(&wrapped_contents)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); X509_SIG_free(encrypted); goto err; } @@ -828,8 +856,7 @@ static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, !CBS_get_asn1(&cert_bag, &wrapped_cert, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) || !CBS_get_asn1(&wrapped_cert, &cert, CBS_ASN1_OCTETSTRING)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -837,13 +864,11 @@ static int PKCS12_handle_content_info(CBS *content_info, unsigned depth, const uint8_t *inp = CBS_data(&cert); X509 *x509 = d2i_X509(NULL, &inp, CBS_len(&cert)); if (!x509) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } if (inp != CBS_data(&cert) + CBS_len(&cert)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); X509_free(x509); goto err; } @@ -875,6 +900,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, /* The input may be in BER format. */ if (!CBS_asn1_ber_to_der(ber_in, &der_bytes, &der_len)) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); return 0; } if (der_bytes != NULL) { @@ -891,28 +917,27 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) || CBS_len(&in) != 0 || !CBS_get_asn1_uint64(&pfx, &version)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } if (version < 3) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, - PKCS8_R_BAD_PKCS12_VERSION); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_VERSION); goto err; } if (!CBS_get_asn1(&pfx, &authsafe, CBS_ASN1_SEQUENCE)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } if (CBS_len(&pfx) == 0) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_MISSING_MAC); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_MISSING_MAC); goto err; } if (!CBS_get_asn1(&pfx, &mac_data, CBS_ASN1_SEQUENCE)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -921,7 +946,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, if (!CBS_get_asn1(&authsafe, &content_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(&authsafe, &wrapped_authsafes, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -929,13 +954,12 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, * latter indicates that it's signed by a public key, which isn't * supported. */ if (OBJ_cbs2nid(&content_type) != NID_pkcs7_data) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, - PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED); goto err; } if (!CBS_get_asn1(&wrapped_authsafes, &authsafes, CBS_ASN1_OCTETSTRING)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -943,7 +967,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, ctx.out_certs = out_certs; if (!ascii_to_ucs2(password, strlen(password), &ctx.password, &ctx.password_len)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_DECODE_ERROR); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); goto err; } @@ -962,7 +986,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, !CBS_get_asn1(&hash_type_seq, &hash_oid, CBS_ASN1_OBJECT) || !CBS_get_asn1(&mac, &expected_mac, CBS_ASN1_OCTETSTRING) || !CBS_get_asn1(&mac_data, &salt, CBS_ASN1_OCTETSTRING)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -971,8 +995,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, if (CBS_len(&mac_data) > 0) { if (!CBS_get_asn1_uint64(&mac_data, &iterations) || iterations > INT_MAX) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, - PKCS8_R_BAD_PKCS12_DATA); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } } @@ -980,7 +1003,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, hash_nid = OBJ_cbs2nid(&hash_oid); if (hash_nid == NID_undef || (md = EVP_get_digestbynid(hash_nid)) == NULL) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, PKCS8_R_UNKNOWN_HASH); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_UNKNOWN_HASH); goto err; } @@ -996,8 +1019,7 @@ int PKCS12_get_key_and_certs(EVP_PKEY **out_key, STACK_OF(X509) *out_certs, } if (!CBS_mem_equal(&expected_mac, hmac, hmac_len)) { - OPENSSL_PUT_ERROR(PKCS8, PKCS12_get_key_and_certs, - PKCS8_R_INCORRECT_PASSWORD); + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INCORRECT_PASSWORD); goto err; } } @@ -1126,6 +1148,7 @@ int PKCS12_parse(const PKCS12 *p12, const char *password, EVP_PKEY **out_pkey, if (!ca_certs) { ca_certs = sk_X509_new_null(); if (ca_certs == NULL) { + OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE); return 0; } ca_certs_alloced = 1; diff --git a/src/crypto/pkcs8/pkcs8_test.cc b/src/crypto/pkcs8/pkcs8_test.cc new file mode 100644 index 0000000..7a88ddf --- /dev/null +++ b/src/crypto/pkcs8/pkcs8_test.cc @@ -0,0 +1,91 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/pkcs8.h> +#include <openssl/x509.h> + +#include "../test/scoped_types.h" + + +/* kDER is a PKCS#8 encrypted private key. It was generated with: + * + * openssl genrsa 512 > test.key + * openssl pkcs8 -topk8 -in test.key -out test.key.encrypted -v2 des3 -outform der + * hexdump -Cv test.key.encrypted + * + * The password is "testing". + */ +static const uint8_t kDER[] = { + 0x30, 0x82, 0x01, 0x9e, 0x30, 0x40, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, + 0x0d, 0x30, 0x33, 0x30, 0x1b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c, + 0x30, 0x0e, 0x04, 0x08, 0x06, 0xa5, 0x4b, 0x0c, 0x0c, 0x50, 0x8c, 0x19, 0x02, 0x02, 0x08, 0x00, + 0x30, 0x14, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07, 0x04, 0x08, 0x3a, 0xd0, + 0x70, 0x4b, 0x26, 0x50, 0x13, 0x7b, 0x04, 0x82, 0x01, 0x58, 0xa6, 0xee, 0x02, 0xf2, 0xf2, 0x7c, + 0x19, 0x91, 0xe3, 0xce, 0x32, 0x85, 0xc5, 0x01, 0xd9, 0xe3, 0x5e, 0x14, 0xb6, 0xb8, 0x78, 0xad, + 0xda, 0x01, 0xec, 0x9e, 0x42, 0xe8, 0xbf, 0x0b, 0x46, 0x03, 0xbc, 0x92, 0x6f, 0xe4, 0x0f, 0x0f, + 0x48, 0x30, 0x10, 0x10, 0x9b, 0xfb, 0x4b, 0xb9, 0x45, 0xf8, 0xcf, 0xab, 0xa1, 0x18, 0xdd, 0x19, + 0xa4, 0xa4, 0xe1, 0xf0, 0xa1, 0x8d, 0xc2, 0x23, 0xe7, 0x0d, 0x7a, 0x64, 0x21, 0x6b, 0xfa, 0x48, + 0xb9, 0x41, 0xc1, 0x0c, 0x4b, 0xce, 0x6f, 0x1a, 0x91, 0x9b, 0x9f, 0xdd, 0xcf, 0xa9, 0x8d, 0x33, + 0x2c, 0x45, 0x81, 0x5c, 0x5e, 0x67, 0xc6, 0x68, 0x43, 0x62, 0xff, 0x5e, 0x9b, 0x1a, 0x15, 0x3a, + 0x9d, 0x71, 0x3f, 0xbe, 0x32, 0x2f, 0xe5, 0x90, 0x65, 0x65, 0x9c, 0x22, 0xf6, 0x29, 0x2e, 0xcf, + 0x26, 0x16, 0x7b, 0x66, 0x48, 0x55, 0xad, 0x9a, 0x8d, 0x89, 0xf4, 0x48, 0x4f, 0x1f, 0x9d, 0xb8, + 0xfa, 0xe1, 0xf1, 0x3b, 0x39, 0x5c, 0x72, 0xc6, 0xb8, 0x3e, 0x98, 0xe8, 0x77, 0xe8, 0xb6, 0x71, + 0x84, 0xa8, 0x6e, 0xca, 0xaf, 0x62, 0x96, 0x49, 0x8a, 0x21, 0x6f, 0x9e, 0x78, 0x07, 0x97, 0x38, + 0x40, 0x66, 0x42, 0x5a, 0x1b, 0xe0, 0x9b, 0xe9, 0x91, 0x82, 0xe4, 0xea, 0x8f, 0x2a, 0xb2, 0x80, + 0xce, 0xe8, 0x57, 0xd3, 0xac, 0x11, 0x9d, 0xb2, 0x39, 0x0f, 0xe1, 0xce, 0x18, 0x96, 0x38, 0xa1, + 0x19, 0x80, 0x88, 0x81, 0x3d, 0xda, 0xaa, 0x8e, 0x15, 0x27, 0x19, 0x73, 0x0c, 0xf3, 0xaf, 0x45, + 0xe9, 0x1b, 0xad, 0x6c, 0x3d, 0xbf, 0x95, 0xf7, 0xa0, 0x87, 0x0e, 0xde, 0xf1, 0xd8, 0xee, 0xaa, + 0x92, 0x76, 0x8d, 0x32, 0x45, 0xa1, 0xe7, 0xf5, 0x05, 0xd6, 0x2c, 0x67, 0x63, 0x10, 0xfa, 0xde, + 0x80, 0xc7, 0x5b, 0x96, 0x0f, 0x24, 0x50, 0x78, 0x30, 0xe5, 0x89, 0xf3, 0x73, 0xfa, 0x40, 0x11, + 0xd5, 0x26, 0xb8, 0x36, 0x96, 0x98, 0xe6, 0xbd, 0x73, 0x62, 0x56, 0xb9, 0xea, 0x28, 0x16, 0x93, + 0x5b, 0x33, 0xae, 0x83, 0xf9, 0x1f, 0xee, 0xef, 0xc8, 0xbf, 0xc7, 0xb1, 0x47, 0x43, 0xa1, 0xc6, + 0x1a, 0x64, 0x47, 0x02, 0x40, 0x3e, 0xbc, 0x0f, 0x80, 0x71, 0x5c, 0x44, 0x60, 0xbc, 0x78, 0x2e, + 0xd2, 0x77, 0xf8, 0x6e, 0x12, 0x51, 0x89, 0xdb, 0x90, 0x64, 0xcd, 0x76, 0x10, 0x29, 0x73, 0xc2, + 0x2f, 0x94, 0x7b, 0x98, 0xcd, 0xbb, 0x61, 0x16, 0x1d, 0x52, 0x11, 0x73, 0x48, 0xe6, 0x39, 0xfc, + 0xd6, 0x2d, +}; + +static bool test(const uint8_t *der, size_t der_len) { + const uint8_t *data = der; + ScopedX509_SIG sig(d2i_X509_SIG(NULL, &data, der_len)); + if (sig.get() == NULL || data != der + der_len) { + fprintf(stderr, "d2i_X509_SIG failed or did not consume all bytes.\n"); + return false; + } + + static const char kPassword[] = "testing"; + ScopedPKCS8_PRIV_KEY_INFO keypair(PKCS8_decrypt(sig.get(), kPassword, -1)); + if (!keypair) { + fprintf(stderr, "PKCS8_decrypt failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + return true; +} + +int main(int argc, char **argv) { + if (!test(kDER, sizeof(kDER))) { + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/poly1305/CMakeLists.txt b/src/crypto/poly1305/CMakeLists.txt index bb0c1e4..674d9f6 100644 --- a/src/crypto/poly1305/CMakeLists.txt +++ b/src/crypto/poly1305/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) if (${ARCH} STREQUAL "arm") set( @@ -19,3 +19,12 @@ add_library( ${POLY1305_ARCH_SOURCES} ) + +add_executable( + poly1305_test + + poly1305_test.cc + $<TARGET_OBJECTS:test_support> +) + +target_link_libraries(poly1305_test crypto) diff --git a/src/crypto/poly1305/poly1305_test.cc b/src/crypto/poly1305/poly1305_test.cc new file mode 100644 index 0000000..0526075 --- /dev/null +++ b/src/crypto/poly1305/poly1305_test.cc @@ -0,0 +1,81 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <stdio.h> +#include <string.h> + +#include <vector> + +#include <openssl/crypto.h> +#include <openssl/poly1305.h> + +#include "../test/file_test.h" +#include "../test/stl_compat.h" + + +// |CRYPTO_poly1305_finish| requires a 16-byte-aligned output. +#if defined(OPENSSL_WINDOWS) +// MSVC doesn't support C++11 |alignas|. +#define ALIGNED __declspec(align(16)) +#else +#define ALIGNED alignas(16) +#endif + +static bool TestPoly1305(FileTest *t, void *arg) { + std::vector<uint8_t> key, in, mac; + if (!t->GetBytes(&key, "Key") || + !t->GetBytes(&in, "Input") || + !t->GetBytes(&mac, "MAC")) { + return false; + } + if (key.size() != 32 || mac.size() != 16) { + t->PrintLine("Invalid test"); + return false; + } + + // Test single-shot operation. + poly1305_state state; + CRYPTO_poly1305_init(&state, bssl::vector_data(&key)); + CRYPTO_poly1305_update(&state, bssl::vector_data(&in), in.size()); + ALIGNED uint8_t out[16]; + CRYPTO_poly1305_finish(&state, out); + if (!t->ExpectBytesEqual(out, 16, bssl::vector_data(&mac), mac.size())) { + t->PrintLine("Single-shot Poly1305 failed."); + return false; + } + + // Test streaming byte-by-byte. + CRYPTO_poly1305_init(&state, bssl::vector_data(&key)); + for (size_t i = 0; i < in.size(); i++) { + CRYPTO_poly1305_update(&state, &in[i], 1); + } + CRYPTO_poly1305_finish(&state, out); + if (!t->ExpectBytesEqual(out, 16, bssl::vector_data(&mac), mac.size())) { + t->PrintLine("Streaming Poly1305 failed."); + return false; + } + + return true; +} + +int main(int argc, char **argv) { + CRYPTO_library_init(); + + if (argc != 2) { + fprintf(stderr, "%s <test file>\n", argv[0]); + return 1; + } + + return FileTestMain(TestPoly1305, nullptr, argv[1]); +} diff --git a/src/crypto/poly1305/poly1305_test.txt b/src/crypto/poly1305/poly1305_test.txt new file mode 100644 index 0000000..6c5d403 --- /dev/null +++ b/src/crypto/poly1305/poly1305_test.txt @@ -0,0 +1,52 @@ +# RFC 7359, section 2.5.2. + +Key = 85d6be7857556d337f4452fe42d506a80103808afb0db2fd4abff6af4149f51b +Input = "Cryptographic Forum Research Group" +MAC = a8061dc1305136c6c22b8baf0c0127a9 + + +# RFC 7359, section A.3. + +Key = 0000000000000000000000000000000000000000000000000000000000000000 +Input = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +MAC = 00000000000000000000000000000000 + +Key = 0000000000000000000000000000000036e5f6b5c5e06070f0efca96227a863e +Input = 416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f +MAC = 36e5f6b5c5e06070f0efca96227a863e + +Key = 36e5f6b5c5e06070f0efca96227a863e00000000000000000000000000000000 +Input = 416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f +MAC = f3477e7cd95417af89a6b8794c310cf0 + +Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 +Input = 2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e +MAC = 4541669a7eaaee61e708dc7cbcc5eb62 + +Key = 0200000000000000000000000000000000000000000000000000000000000000 +Input = ffffffffffffffffffffffffffffffff +MAC = 03000000000000000000000000000000 + +Key = 02000000000000000000000000000000ffffffffffffffffffffffffffffffff +Input = 02000000000000000000000000000000 +MAC = 03000000000000000000000000000000 + +Key = 0100000000000000000000000000000000000000000000000000000000000000 +Input = fffffffffffffffffffffffffffffffff0ffffffffffffffffffffffffffffff11000000000000000000000000000000 +MAC = 05000000000000000000000000000000 + +Key = 0100000000000000000000000000000000000000000000000000000000000000 +Input = fffffffffffffffffffffffffffffffffbfefefefefefefefefefefefefefefe01010101010101010101010101010101 +MAC = 00000000000000000000000000000000 + +Key = 0200000000000000000000000000000000000000000000000000000000000000 +Input = fdffffffffffffffffffffffffffffff +MAC = faffffffffffffffffffffffffffffff + +Key = 0100000000000000040000000000000000000000000000000000000000000000 +Input = e33594d7505e43b900000000000000003394d7505e4379cd01000000000000000000000000000000000000000000000001000000000000000000000000000000 +MAC = 14000000000000005500000000000000 + +Key = 0100000000000000040000000000000000000000000000000000000000000000 +Input = e33594d7505e43b900000000000000003394d7505e4379cd010000000000000000000000000000000000000000000000 +MAC = 13000000000000000000000000000000 diff --git a/src/crypto/rand/CMakeLists.txt b/src/crypto/rand/CMakeLists.txt index 374d8f1..35d5290 100644 --- a/src/crypto/rand/CMakeLists.txt +++ b/src/crypto/rand/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) if (${ARCH} STREQUAL "x86_64") set( diff --git a/src/crypto/rand/hwrand.c b/src/crypto/rand/hwrand.c index 5f81f09..f0bbccd 100644 --- a/src/crypto/rand/hwrand.c +++ b/src/crypto/rand/hwrand.c @@ -15,23 +15,28 @@ #include <openssl/rand.h> #include <assert.h> -#include <stdlib.h> #include <string.h> #include <openssl/cpu.h> +#include "internal.h" -#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) -int CRYPTO_have_hwrand(void) { - return (OPENSSL_ia32cap_P[1] & (1u << 30)) != 0; -} +#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) /* These functions are defined in asm/rdrand-x86_64.pl */ extern int CRYPTO_rdrand(uint8_t out[8]); extern int CRYPTO_rdrand_multiple8_buf(uint8_t *buf, size_t len); +static int have_rdrand(void) { + return (OPENSSL_ia32cap_P[1] & (1u << 30)) != 0; +} + int CRYPTO_hwrand(uint8_t *buf, size_t len) { + if (!have_rdrand()) { + return 0; + } + const size_t len_multiple8 = len & ~7; if (!CRYPTO_rdrand_multiple8_buf(buf, len_multiple8)) { return 0; @@ -53,12 +58,8 @@ int CRYPTO_hwrand(uint8_t *buf, size_t len) { #else -int CRYPTO_have_hwrand(void) { +int CRYPTO_hwrand(uint8_t *buf, size_t len) { return 0; } -void CRYPTO_hwrand(uint8_t *buf, size_t len) { - abort(); -} - #endif diff --git a/src/crypto/rand/internal.h b/src/crypto/rand/internal.h index 5e6ea11..f35abbb 100644 --- a/src/crypto/rand/internal.h +++ b/src/crypto/rand/internal.h @@ -24,13 +24,9 @@ extern "C" { * system. */ void CRYPTO_sysrand(uint8_t *buf, size_t len); -/* CRYPTO_have_hwrand returns one iff |CRYPTO_hwrand| can be called to generate - * hardware entropy. */ -int CRYPTO_have_hwrand(void); - -/* CRYPTO_hwrand fills |len| bytes at |buf| with entropy from the hardware. - * This function can only be called if |CRYPTO_have_hwrand| returns one. - * It returns one on success or zero on hardware failure. */ +/* CRYPTO_hwrand fills |len| bytes at |buf| with entropy from the hardware. It + * returns one on success or zero on hardware failure or if hardware support is + * unavailable. */ int CRYPTO_hwrand(uint8_t *buf, size_t len); diff --git a/src/crypto/rand/rand.c b/src/crypto/rand/rand.c index a96ac48..e76a120 100644 --- a/src/crypto/rand/rand.c +++ b/src/crypto/rand/rand.c @@ -17,6 +17,7 @@ #include <limits.h> #include <string.h> +#include <openssl/chacha.h> #include <openssl/mem.h> #include "internal.h" @@ -69,17 +70,12 @@ static void rand_thread_state_free(void *state) { OPENSSL_free(state); } -extern void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len, - const uint8_t key[32], const uint8_t nonce[8], - size_t counter); - int RAND_bytes(uint8_t *buf, size_t len) { if (len == 0) { return 1; } - if (!CRYPTO_have_hwrand() || - !CRYPTO_hwrand(buf, len)) { + if (!CRYPTO_hwrand(buf, len)) { /* Without a hardware RNG to save us from address-space duplication, the OS * entropy is used directly. */ CRYPTO_sysrand(buf, len); @@ -162,6 +158,10 @@ int RAND_load_file(const char *path, long num) { void RAND_add(const void *buf, int num, double entropy) {} +int RAND_egd(const char *path) { + return 255; +} + int RAND_poll(void) { return 1; } @@ -169,3 +169,18 @@ int RAND_poll(void) { int RAND_status(void) { return 1; } + +static const struct rand_meth_st kSSLeayMethod = { + RAND_seed, + RAND_bytes, + RAND_cleanup, + RAND_add, + RAND_pseudo_bytes, + RAND_status, +}; + +RAND_METHOD *RAND_SSLeay(void) { + return (RAND_METHOD*) &kSSLeayMethod; +} + +void RAND_set_rand_method(const RAND_METHOD *method) {} diff --git a/src/crypto/rand/urandom.c b/src/crypto/rand/urandom.c index 788a979..1cc5260 100644 --- a/src/crypto/rand/urandom.c +++ b/src/crypto/rand/urandom.c @@ -30,92 +30,126 @@ /* This file implements a PRNG by reading from /dev/urandom, optionally with a - * fork-safe buffer. - * - * If buffering is enabled then it maintains a global, linked list of buffers. - * Threads which need random bytes grab a buffer from the list under a lock and - * copy out the bytes that they need. In the rare case that the buffer is - * empty, it's refilled from /dev/urandom outside of the lock. - * - * Large requests are always serviced from /dev/urandom directly. - * - * Each buffer contains the PID of the process that created it and it's tested - * against the current PID each time. Thus processes that fork will discard all - * the buffers filled by the parent process. There are two problems with this: - * - * 1) glibc maintains a cache of the current PID+PPID and, if this cache isn't - * correctly invalidated, the getpid() will continue to believe that - * it's the old process. Glibc depends on the glibc wrappers for fork, - * vfork and clone being used in order to invalidate the getpid() cache. - * - * 2) If a process forks, dies and then its child forks, it's possible that - * the third process will end up with the same PID as the original process. - * If the second process never used any random values then this will mean - * that the third process has stale, cached values and won't notice. - */ - -/* BUF_SIZE is intended to be a 4K allocation with malloc overhead. struct - * rand_buffer also fits in this space and the remainder is entropy. */ -#define BUF_SIZE (4096 - 16) - -/* rand_buffer contains unused, random bytes. These structures form a linked - * list via the |next| pointer, which is NULL in the final element. */ + * buffer, which is unsafe across |fork|. */ + +#define BUF_SIZE 4096 + +/* rand_buffer contains unused, random bytes, some of which may have been + * consumed already. */ struct rand_buffer { - size_t used; /* used contains the number of bytes of |rand| that have - been consumed. */ - struct rand_buffer *next; - pid_t pid; /* pid contains the pid at the time that the buffer was - created so that data is not duplicated after a fork. */ - pid_t ppid; /* ppid contains the parent pid in order to try and reduce - the possibility of duplicated PID confusing the - detection of a fork. */ - uint8_t rand[]; + size_t used; + uint8_t rand[BUF_SIZE]; }; -/* rand_bytes_per_buf is the number of actual entropy bytes in a buffer. */ -static const size_t rand_bytes_per_buf = BUF_SIZE - sizeof(struct rand_buffer); - -static struct CRYPTO_STATIC_MUTEX global_lock = CRYPTO_STATIC_MUTEX_INIT; +/* requested_lock is used to protect the |*_requested| variables. */ +static struct CRYPTO_STATIC_MUTEX requested_lock = CRYPTO_STATIC_MUTEX_INIT; -/* list_head is the start of a global, linked-list of rand_buffer objects. It's - * protected by |global_lock|. */ -static struct rand_buffer *list_head; +/* urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by + * |requested_lock|. */ +static int urandom_fd_requested = -2; -/* urandom_fd is a file descriptor to /dev/urandom. It's protected by - * |global_lock|. */ +/* urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|. */ static int urandom_fd = -2; +/* urandom_buffering_requested is set by |RAND_enable_fork_unsafe_buffering|. + * It's protected by |requested_lock|. */ +static int urandom_buffering_requested = 0; + /* urandom_buffering controls whether buffering is enabled (1) or not (0). This - * is protected by |global_lock|. */ + * is protected by |once|. */ static int urandom_buffering = 0; -/* urandom_get_fd_locked returns a file descriptor to /dev/urandom. The caller - * of this function must hold |global_lock|. */ -static int urandom_get_fd_locked(void) { - if (urandom_fd != -2) { - return urandom_fd; +static CRYPTO_once_t once = CRYPTO_ONCE_INIT; + +/* init_once initializes the state of this module to values previously + * requested. This is the only function that modifies |urandom_fd| and + * |urandom_buffering|, whose values may be read safely after calling the + * once. */ +static void init_once(void) { + CRYPTO_STATIC_MUTEX_lock_read(&requested_lock); + urandom_buffering = urandom_buffering_requested; + int fd = urandom_fd_requested; + CRYPTO_STATIC_MUTEX_unlock(&requested_lock); + + if (fd == -2) { + do { + fd = open("/dev/urandom", O_RDONLY); + } while (fd == -1 && errno == EINTR); } - urandom_fd = open("/dev/urandom", O_RDONLY); - return urandom_fd; + if (fd < 0) { + abort(); + } + + int flags = fcntl(fd, F_GETFD); + if (flags == -1) { + abort(); + } + flags |= FD_CLOEXEC; + if (fcntl(fd, F_SETFD, flags) == -1) { + abort(); + } + urandom_fd = fd; } -/* RAND_cleanup frees all buffers, closes any cached file descriptor - * and resets the global state. */ -void RAND_cleanup(void) { - struct rand_buffer *cur; +void RAND_cleanup(void) {} - CRYPTO_STATIC_MUTEX_lock_write(&global_lock); - while ((cur = list_head)) { - list_head = cur->next; - OPENSSL_free(cur); +void RAND_set_urandom_fd(int fd) { + fd = dup(fd); + if (fd < 0) { + abort(); } - if (urandom_fd >= 0) { - close(urandom_fd); + + CRYPTO_STATIC_MUTEX_lock_write(&requested_lock); + urandom_fd_requested = fd; + CRYPTO_STATIC_MUTEX_unlock(&requested_lock); + + CRYPTO_once(&once, init_once); + if (urandom_fd != fd) { + abort(); // Already initialized. } - urandom_fd = -2; - list_head = NULL; - CRYPTO_STATIC_MUTEX_unlock(&global_lock); +} + +void RAND_enable_fork_unsafe_buffering(int fd) { + if (fd >= 0) { + fd = dup(fd); + if (fd < 0) { + abort(); + } + } else { + fd = -2; + } + + CRYPTO_STATIC_MUTEX_lock_write(&requested_lock); + urandom_buffering_requested = 1; + urandom_fd_requested = fd; + CRYPTO_STATIC_MUTEX_unlock(&requested_lock); + + CRYPTO_once(&once, init_once); + if (urandom_buffering != 1 || (fd >= 0 && urandom_fd != fd)) { + abort(); // Already initialized. + } +} + +static struct rand_buffer *get_thread_local_buffer(void) { + struct rand_buffer *buf = + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF); + if (buf != NULL) { + return buf; + } + + buf = OPENSSL_malloc(sizeof(struct rand_buffer)); + if (buf == NULL) { + return NULL; + } + buf->used = BUF_SIZE; /* To trigger a |read_full| on first use. */ + if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF, buf, + OPENSSL_free)) { + OPENSSL_free(buf); + return NULL; + } + + return buf; } /* read_full reads exactly |len| bytes from |fd| into |out| and returns 1. In @@ -138,110 +172,48 @@ static char read_full(int fd, uint8_t *out, size_t len) { return 1; } -/* CRYPTO_sysrand puts |num| random bytes into |out|. */ -void CRYPTO_sysrand(uint8_t *out, size_t requested) { - int fd; - struct rand_buffer *buf; - size_t todo; - pid_t pid, ppid; - - if (requested == 0) { - return; - } +/* read_from_buffer reads |requested| random bytes from the buffer into |out|, + * refilling it if necessary to satisfy the request. */ +static void read_from_buffer(struct rand_buffer *buf, + uint8_t *out, size_t requested) { + size_t remaining = BUF_SIZE - buf->used; - CRYPTO_STATIC_MUTEX_lock_write(&global_lock); - fd = urandom_get_fd_locked(); + while (requested > remaining) { + memcpy(out, &buf->rand[buf->used], remaining); + buf->used += remaining; + out += remaining; + requested -= remaining; - if (fd < 0) { - CRYPTO_STATIC_MUTEX_unlock(&global_lock); - abort(); - return; - } - - /* If buffering is not enabled, or if the request is large, then the - * result comes directly from urandom. */ - if (!urandom_buffering || requested > BUF_SIZE / 2) { - CRYPTO_STATIC_MUTEX_unlock(&global_lock); - if (!read_full(fd, out, requested)) { + if (!read_full(urandom_fd, buf->rand, BUF_SIZE)) { abort(); - } - return; - } - - pid = getpid(); - ppid = getppid(); - - for (;;) { - buf = list_head; - if (buf && buf->pid == pid && buf->ppid == ppid && - rand_bytes_per_buf - buf->used >= requested) { - memcpy(out, &buf->rand[buf->used], requested); - buf->used += requested; - CRYPTO_STATIC_MUTEX_unlock(&global_lock); return; } - - /* If we don't immediately have enough entropy with the correct - * PID, remove the buffer from the list in order to gain - * exclusive access and unlock. */ - if (buf) { - list_head = buf->next; - } - CRYPTO_STATIC_MUTEX_unlock(&global_lock); - - if (!buf) { - buf = (struct rand_buffer *)OPENSSL_malloc(BUF_SIZE); - if (!buf) { - abort(); - return; - } - /* The buffer doesn't contain any random bytes yet - * so we mark it as fully used so that it will be - * filled below. */ - buf->used = rand_bytes_per_buf; - buf->next = NULL; - buf->pid = pid; - buf->ppid = ppid; - } - - if (buf->pid == pid && buf->ppid == ppid) { - break; - } - - /* We have forked and so cannot use these bytes as they - * may have been used in another process. */ - OPENSSL_free(buf); - CRYPTO_STATIC_MUTEX_lock_write(&global_lock); + buf->used = 0; + remaining = BUF_SIZE; } - while (requested > 0) { - todo = rand_bytes_per_buf - buf->used; - if (todo > requested) { - todo = requested; - } - memcpy(out, &buf->rand[buf->used], todo); - requested -= todo; - out += todo; - buf->used += todo; + memcpy(out, &buf->rand[buf->used], requested); + buf->used += requested; +} - if (buf->used < rand_bytes_per_buf) { - break; - } +/* CRYPTO_sysrand puts |requested| random bytes into |out|. */ +void CRYPTO_sysrand(uint8_t *out, size_t requested) { + if (requested == 0) { + return; + } - if (!read_full(fd, buf->rand, rand_bytes_per_buf)) { - OPENSSL_free(buf); - abort(); + CRYPTO_once(&once, init_once); + if (urandom_buffering && requested < BUF_SIZE) { + struct rand_buffer *buf = get_thread_local_buffer(); + if (buf != NULL) { + read_from_buffer(buf, out, requested); return; } - - buf->used = 0; } - CRYPTO_STATIC_MUTEX_lock_write(&global_lock); - assert(list_head != buf); - buf->next = list_head; - list_head = buf; - CRYPTO_STATIC_MUTEX_unlock(&global_lock); + if (!read_full(urandom_fd, out, requested)) { + abort(); + } } #endif /* !OPENSSL_WINDOWS */ diff --git a/src/crypto/rc4/CMakeLists.txt b/src/crypto/rc4/CMakeLists.txt index fe2d0c6..a208e96 100644 --- a/src/crypto/rc4/CMakeLists.txt +++ b/src/crypto/rc4/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) if (${ARCH} STREQUAL "x86_64") set( diff --git a/src/crypto/rc4/asm/rc4-x86_64.pl b/src/crypto/rc4/asm/rc4-x86_64.pl index db46242..cef6268 100644 --- a/src/crypto/rc4/asm/rc4-x86_64.pl +++ b/src/crypto/rc4/asm/rc4-x86_64.pl @@ -56,7 +56,7 @@ # achieves respectful 432MBps on 2.8GHz processor now. For reference. # If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than # RC4_INT code-path. While if executed on Opteron, it's only 25% -# slower than the RC4_INT one [meaning that if CPU µ-arch detection +# slower than the RC4_INT one [meaning that if CPU µ-arch detection # is not implemented, then this final RC4_CHAR code-path should be # preferred, as it provides better *all-round* performance]. diff --git a/src/crypto/rsa/CMakeLists.txt b/src/crypto/rsa/CMakeLists.txt index 0ea12c8..bd8ad3b 100644 --- a/src/crypto/rsa/CMakeLists.txt +++ b/src/crypto/rsa/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( rsa @@ -15,7 +15,7 @@ add_library( add_executable( rsa_test - rsa_test.c + rsa_test.cc $<TARGET_OBJECTS:test_support> ) diff --git a/src/crypto/rsa/blinding.c b/src/crypto/rsa/blinding.c index 245142b..c93cee1 100644 --- a/src/crypto/rsa/blinding.c +++ b/src/crypto/rsa/blinding.c @@ -137,7 +137,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { ret = (BN_BLINDING*) OPENSSL_malloc(sizeof(BN_BLINDING)); if (ret == NULL) { - OPENSSL_PUT_ERROR(RSA, BN_BLINDING_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return NULL; } memset(ret, 0, sizeof(BN_BLINDING)); @@ -190,7 +190,7 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) { int ret = 0; if (b->A == NULL || b->Ai == NULL) { - OPENSSL_PUT_ERROR(RSA, BN_BLINDING_update, RSA_R_BN_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(RSA, RSA_R_BN_NOT_INITIALIZED); goto err; } @@ -230,7 +230,7 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) { int ret = 1; if (b->A == NULL || b->Ai == NULL) { - OPENSSL_PUT_ERROR(RSA, BN_BLINDING_convert_ex, RSA_R_BN_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(RSA, RSA_R_BN_NOT_INITIALIZED); return 0; } @@ -266,7 +266,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, ret = BN_mod_mul(n, n, r, b->mod, ctx); } else { if (b->Ai == NULL) { - OPENSSL_PUT_ERROR(RSA, BN_BLINDING_invert_ex, RSA_R_BN_NOT_INITIALIZED); + OPENSSL_PUT_ERROR(RSA, RSA_R_BN_NOT_INITIALIZED); return 0; } ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); @@ -325,13 +325,13 @@ BN_BLINDING *BN_BLINDING_create_param( if (!BN_rand_range(ret->A, ret->mod)) { goto err; } - if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) { + + int no_inverse; + if (BN_mod_inverse_ex(ret->Ai, &no_inverse, ret->A, ret->mod, ctx) == NULL) { /* this should almost never happen for good RSA keys */ - uint32_t error = ERR_peek_last_error(); - if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + if (no_inverse) { if (retry_counter-- == 0) { - OPENSSL_PUT_ERROR(RSA, BN_BLINDING_create_param, - RSA_R_TOO_MANY_ITERATIONS); + OPENSSL_PUT_ERROR(RSA, RSA_R_TOO_MANY_ITERATIONS); goto err; } ERR_clear_error(); @@ -416,14 +416,14 @@ BN_BLINDING *rsa_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { BN_CTX_start(ctx); e = BN_CTX_get(ctx); if (e == NULL) { - OPENSSL_PUT_ERROR(RSA, rsa_setup_blinding, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } if (rsa->e == NULL) { e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); if (e == NULL) { - OPENSSL_PUT_ERROR(RSA, rsa_setup_blinding, RSA_R_NO_PUBLIC_EXPONENT); + OPENSSL_PUT_ERROR(RSA, RSA_R_NO_PUBLIC_EXPONENT); goto err; } } else { @@ -444,7 +444,7 @@ BN_BLINDING *rsa_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, mont_ctx); if (ret == NULL) { - OPENSSL_PUT_ERROR(RSA, rsa_setup_blinding, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(RSA, ERR_R_BN_LIB); goto err; } diff --git a/src/crypto/rsa/internal.h b/src/crypto/rsa/internal.h index d15f2a5..c0044c3 100644 --- a/src/crypto/rsa/internal.h +++ b/src/crypto/rsa/internal.h @@ -59,8 +59,6 @@ #include <openssl/base.h> -#include <openssl/asn1.h> - #if defined(__cplusplus) extern "C" { @@ -109,8 +107,6 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *to, unsigned to_len, const EVP_MD *md, const EVP_MD *mgf1md); int RSA_padding_add_none(uint8_t *to, unsigned to_len, const uint8_t *from, unsigned from_len); -int RSA_padding_check_none(uint8_t *to, unsigned to_len, const uint8_t *from, - unsigned from_len); /* RSA_private_transform calls either the method-specific |private_transform| * function (if given) or the generic one. See the comment for @@ -118,20 +114,26 @@ int RSA_padding_check_none(uint8_t *to, unsigned to_len, const uint8_t *from, int RSA_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, size_t len); -typedef struct rsa_pss_params_st { - X509_ALGOR *hashAlgorithm; - X509_ALGOR *maskGenAlgorithm; - ASN1_INTEGER *saltLength; - ASN1_INTEGER *trailerField; -} RSA_PSS_PARAMS; -DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) +/* RSA_additional_prime contains information about the third, forth etc prime + * in a multi-prime RSA key. */ +typedef struct RSA_additional_prime_st { + BIGNUM *prime; + /* exp is d^{prime-1} mod prime */ + BIGNUM *exp; + /* coeff is such that r×coeff ≡ 1 mod prime. */ + BIGNUM *coeff; + + /* Values below here are not in the ASN.1 serialisation. */ + + /* r is the product of all primes (including p and q) prior to this one. */ + BIGNUM *r; + /* method_mod is managed by the |RSA_METHOD|. */ + BN_MONT_CTX *method_mod; +} RSA_additional_prime; + +void RSA_additional_prime_free(RSA_additional_prime *ap); -typedef struct rsa_oaep_params_st { - X509_ALGOR *hashFunc; - X509_ALGOR *maskGenFunc; - X509_ALGOR *pSourceFunc; -} RSA_OAEP_PARAMS; #if defined(__cplusplus) } /* extern C */ diff --git a/src/crypto/rsa/padding.c b/src/crypto/rsa/padding.c index 0a725f1..5a42e24 100644 --- a/src/crypto/rsa/padding.c +++ b/src/crypto/rsa/padding.c @@ -74,14 +74,12 @@ int RSA_padding_add_PKCS1_type_1(uint8_t *to, unsigned tlen, uint8_t *p; if (tlen < RSA_PKCS1_PADDING_SIZE) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_type_1, - RSA_R_KEY_SIZE_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL); return 0; } if (flen > tlen - RSA_PKCS1_PADDING_SIZE) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_type_1, - RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; } @@ -105,15 +103,13 @@ int RSA_padding_check_PKCS1_type_1(uint8_t *to, unsigned tlen, const uint8_t *p; if (flen < 2) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_type_1, - RSA_R_DATA_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_SMALL); return -1; } p = from; if ((*(p++) != 0) || (*(p++) != 1)) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_type_1, - RSA_R_BLOCK_TYPE_IS_NOT_01); + OPENSSL_PUT_ERROR(RSA, RSA_R_BLOCK_TYPE_IS_NOT_01); return -1; } @@ -126,8 +122,7 @@ int RSA_padding_check_PKCS1_type_1(uint8_t *to, unsigned tlen, p++; break; } else { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_type_1, - RSA_R_BAD_FIXED_HEADER_DECRYPT); + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_FIXED_HEADER_DECRYPT); return -1; } } @@ -135,21 +130,18 @@ int RSA_padding_check_PKCS1_type_1(uint8_t *to, unsigned tlen, } if (i == j) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_type_1, - RSA_R_NULL_BEFORE_BLOCK_MISSING); + OPENSSL_PUT_ERROR(RSA, RSA_R_NULL_BEFORE_BLOCK_MISSING); return -1; } if (i < 8) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_type_1, - RSA_R_BAD_PAD_BYTE_COUNT); + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_PAD_BYTE_COUNT); return -1; } i++; /* Skip over the '\0' */ j -= i; if (j > tlen) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_type_1, - RSA_R_DATA_TOO_LARGE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); return -1; } memcpy(to, p, j); @@ -163,14 +155,12 @@ int RSA_padding_add_PKCS1_type_2(uint8_t *to, unsigned tlen, uint8_t *p; if (tlen < RSA_PKCS1_PADDING_SIZE) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_type_2, - RSA_R_KEY_SIZE_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL); return 0; } if (flen > tlen - RSA_PKCS1_PADDING_SIZE) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_type_2, - RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; } @@ -271,8 +261,7 @@ int RSA_padding_check_PKCS1_type_2(uint8_t *to, unsigned tlen, size_t msg_index, msg_len; if (flen == 0) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_type_2, - RSA_R_EMPTY_PUBLIC_KEY); + OPENSSL_PUT_ERROR(RSA, RSA_R_EMPTY_PUBLIC_KEY); return -1; } @@ -281,8 +270,7 @@ int RSA_padding_check_PKCS1_type_2(uint8_t *to, unsigned tlen, * |RSA_PKCS1_PADDING| make it impossible to completely avoid Bleichenbacher's * attack. */ if (!RSA_message_index_PKCS1_type_2(from, flen, &msg_index)) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_type_2, - RSA_R_PKCS_DECODING_ERROR); + OPENSSL_PUT_ERROR(RSA, RSA_R_PKCS_DECODING_ERROR); return -1; } @@ -290,8 +278,7 @@ int RSA_padding_check_PKCS1_type_2(uint8_t *to, unsigned tlen, if (msg_len > tlen) { /* This shouldn't happen because this function is always called with |tlen| * the key size and |flen| is bounded by the key size. */ - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_type_2, - RSA_R_PKCS_DECODING_ERROR); + OPENSSL_PUT_ERROR(RSA, RSA_R_PKCS_DECODING_ERROR); return -1; } memcpy(to, &from[msg_index], msg_len); @@ -300,14 +287,12 @@ int RSA_padding_check_PKCS1_type_2(uint8_t *to, unsigned tlen, int RSA_padding_add_none(uint8_t *to, unsigned tlen, const uint8_t *from, unsigned flen) { if (flen > tlen) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_none, - RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; } if (flen < tlen) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_none, - RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); return 0; } @@ -315,17 +300,6 @@ int RSA_padding_add_none(uint8_t *to, unsigned tlen, const uint8_t *from, unsign return 1; } -int RSA_padding_check_none(uint8_t *to, unsigned tlen, const uint8_t *from, - unsigned flen) { - if (flen > tlen) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_none, RSA_R_DATA_TOO_LARGE); - return -1; - } - - memcpy(to, from, flen); - return flen; -} - int PKCS1_MGF1(uint8_t *mask, unsigned len, const uint8_t *seed, unsigned seedlen, const EVP_MD *dgst) { unsigned outlen = 0; @@ -388,21 +362,18 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, unsigned tlen, mdlen = EVP_MD_size(md); if (tlen < 2 * mdlen + 2) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_OAEP_mgf1, - RSA_R_KEY_SIZE_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL); return 0; } emlen = tlen - 1; if (flen > emlen - 2 * mdlen - 1) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_OAEP_mgf1, - RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; } if (emlen < 2 * mdlen + 1) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_OAEP_mgf1, - RSA_R_KEY_SIZE_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL); return 0; } @@ -422,8 +393,7 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, unsigned tlen, dbmask = OPENSSL_malloc(emlen - mdlen); if (dbmask == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_OAEP_mgf1, - ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return 0; } @@ -477,8 +447,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *to, unsigned tlen, dblen = flen - mdlen - 1; db = OPENSSL_malloc(dblen); if (db == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_OAEP_mgf1, - ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } @@ -526,8 +495,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *to, unsigned tlen, one_index++; mlen = dblen - one_index; if (tlen < mlen) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_OAEP_mgf1, - RSA_R_DATA_TOO_LARGE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); mlen = -1; } else { memcpy(to, db + one_index, mlen); @@ -539,8 +507,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *to, unsigned tlen, decoding_err: /* to avoid chosen ciphertext attacks, the error message should not reveal * which kind of decoding error happened */ - OPENSSL_PUT_ERROR(RSA, RSA_padding_check_PKCS1_OAEP_mgf1, - RSA_R_OAEP_DECODING_ERROR); + OPENSSL_PUT_ERROR(RSA, RSA_R_OAEP_DECODING_ERROR); err: OPENSSL_free(db); return -1; @@ -576,15 +543,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, } else if (sLen == -2) { sLen = -2; } else if (sLen < -2) { - OPENSSL_PUT_ERROR(RSA, RSA_verify_PKCS1_PSS_mgf1, RSA_R_SLEN_CHECK_FAILED); + OPENSSL_PUT_ERROR(RSA, RSA_R_SLEN_CHECK_FAILED); goto err; } MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; emLen = RSA_size(rsa); if (EM[0] & (0xFF << MSBits)) { - OPENSSL_PUT_ERROR(RSA, RSA_verify_PKCS1_PSS_mgf1, - RSA_R_FIRST_OCTET_INVALID); + OPENSSL_PUT_ERROR(RSA, RSA_R_FIRST_OCTET_INVALID); goto err; } if (MSBits == 0) { @@ -593,18 +559,18 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, } if (emLen < ((int)hLen + sLen + 2)) { /* sLen can be small negative */ - OPENSSL_PUT_ERROR(RSA, RSA_verify_PKCS1_PSS_mgf1, RSA_R_DATA_TOO_LARGE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); goto err; } if (EM[emLen - 1] != 0xbc) { - OPENSSL_PUT_ERROR(RSA, RSA_verify_PKCS1_PSS_mgf1, RSA_R_LAST_OCTET_INVALID); + OPENSSL_PUT_ERROR(RSA, RSA_R_LAST_OCTET_INVALID); goto err; } maskedDBLen = emLen - hLen - 1; H = EM + maskedDBLen; DB = OPENSSL_malloc(maskedDBLen); if (!DB) { - OPENSSL_PUT_ERROR(RSA, RSA_verify_PKCS1_PSS_mgf1, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) { @@ -620,12 +586,11 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, ; } if (DB[i++] != 0x1) { - OPENSSL_PUT_ERROR(RSA, RSA_verify_PKCS1_PSS_mgf1, - RSA_R_SLEN_RECOVERY_FAILED); + OPENSSL_PUT_ERROR(RSA, RSA_R_SLEN_RECOVERY_FAILED); goto err; } if (sLen >= 0 && (maskedDBLen - i) != sLen) { - OPENSSL_PUT_ERROR(RSA, RSA_verify_PKCS1_PSS_mgf1, RSA_R_SLEN_CHECK_FAILED); + OPENSSL_PUT_ERROR(RSA, RSA_R_SLEN_CHECK_FAILED); goto err; } if (!EVP_DigestInit_ex(&ctx, Hash, NULL) || @@ -642,7 +607,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const uint8_t *mHash, goto err; } if (memcmp(H_, H, hLen)) { - OPENSSL_PUT_ERROR(RSA, RSA_verify_PKCS1_PSS_mgf1, RSA_R_BAD_SIGNATURE); + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_SIGNATURE); ret = 0; } else { ret = 1; @@ -681,14 +646,12 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, } else if (sLen == -2) { sLen = -2; } else if (sLen < -2) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_PSS_mgf1, - RSA_R_SLEN_CHECK_FAILED); + OPENSSL_PUT_ERROR(RSA, RSA_R_SLEN_CHECK_FAILED); goto err; } if (BN_is_zero(rsa->n)) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_PSS_mgf1, - RSA_R_EMPTY_PUBLIC_KEY); + OPENSSL_PUT_ERROR(RSA, RSA_R_EMPTY_PUBLIC_KEY); goto err; } @@ -701,21 +664,18 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, } if (sLen == -2) { if (emLen < hLen + 2) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_PSS_mgf1, - RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; } sLen = emLen - hLen - 2; } else if (emLen < hLen + sLen + 2) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_PSS_mgf1, - RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; } if (sLen > 0) { salt = OPENSSL_malloc(sLen); if (!salt) { - OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_PSS_mgf1, - ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } if (!RAND_bytes(salt, sLen)) { diff --git a/src/crypto/rsa/rsa.c b/src/crypto/rsa/rsa.c index 17059b0..2f23165 100644 --- a/src/crypto/rsa/rsa.c +++ b/src/crypto/rsa/rsa.c @@ -79,7 +79,7 @@ RSA *RSA_new(void) { return RSA_new_method(NULL); } RSA *RSA_new_method(const ENGINE *engine) { RSA *rsa = (RSA *)OPENSSL_malloc(sizeof(RSA)); if (rsa == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_new_method, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return NULL; } @@ -114,6 +114,18 @@ RSA *RSA_new_method(const ENGINE *engine) { return rsa; } +void RSA_additional_prime_free(RSA_additional_prime *ap) { + if (ap == NULL) { + return; + } + + BN_clear_free(ap->prime); + BN_clear_free(ap->exp); + BN_clear_free(ap->coeff); + BN_clear_free(ap->r); + OPENSSL_free(ap); +} + void RSA_free(RSA *rsa) { unsigned u; @@ -145,6 +157,10 @@ void RSA_free(RSA *rsa) { } OPENSSL_free(rsa->blindings); OPENSSL_free(rsa->blindings_inuse); + if (rsa->additional_primes != NULL) { + sk_RSA_additional_prime_pop_free(rsa->additional_primes, + RSA_additional_prime_free); + } CRYPTO_MUTEX_cleanup(&rsa->lock); OPENSSL_free(rsa); } @@ -162,6 +178,16 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { return RSA_default_method.keygen(rsa, bits, e_value, cb); } +int RSA_generate_multi_prime_key(RSA *rsa, int bits, int num_primes, + BIGNUM *e_value, BN_GENCB *cb) { + if (rsa->meth->multi_prime_keygen) { + return rsa->meth->multi_prime_keygen(rsa, bits, num_primes, e_value, cb); + } + + return RSA_default_method.multi_prime_keygen(rsa, bits, num_primes, e_value, + cb); +} + int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, const uint8_t *in, size_t in_len, int padding) { if (rsa->meth->encrypt) { @@ -342,20 +368,15 @@ static const struct pkcs1_sig_prefix kPKCS1SigPrefixes[] = { }, }; -/* TODO(fork): mostly new code, needs careful review. */ - -/* pkcs1_prefixed_msg builds a PKCS#1, prefixed version of |msg| for the given - * hash function and sets |out_msg| to point to it. On successful return, - * |*out_msg| may be allocated memory and, if so, |*is_alloced| will be 1. */ -static int pkcs1_prefixed_msg(uint8_t **out_msg, size_t *out_msg_len, - int *is_alloced, int hash_nid, const uint8_t *msg, - size_t msg_len) { +int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len, + int *is_alloced, int hash_nid, const uint8_t *msg, + size_t msg_len) { unsigned i; if (hash_nid == NID_md5_sha1) { /* Special case: SSL signature, just check the length. */ if (msg_len != SSL_SIG_LENGTH) { - OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_INVALID_MESSAGE_LENGTH); + OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_MESSAGE_LENGTH); return 0; } @@ -378,13 +399,13 @@ static int pkcs1_prefixed_msg(uint8_t **out_msg, size_t *out_msg_len, signed_msg_len = prefix_len + msg_len; if (signed_msg_len < prefix_len) { - OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_TOO_LONG); + OPENSSL_PUT_ERROR(RSA, RSA_R_TOO_LONG); return 0; } signed_msg = OPENSSL_malloc(signed_msg_len); if (!signed_msg) { - OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return 0; } @@ -398,7 +419,7 @@ static int pkcs1_prefixed_msg(uint8_t **out_msg, size_t *out_msg_len, return 1; } - OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_UNKNOWN_ALGORITHM_TYPE); + OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE); return 0; } @@ -415,14 +436,14 @@ int RSA_sign(int hash_nid, const uint8_t *in, unsigned in_len, uint8_t *out, return rsa->meth->sign(hash_nid, in, in_len, out, out_len, rsa); } - if (!pkcs1_prefixed_msg(&signed_msg, &signed_msg_len, &signed_msg_is_alloced, - hash_nid, in, in_len)) { + if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len, + &signed_msg_is_alloced, hash_nid, in, in_len)) { return 0; } if (rsa_size < RSA_PKCS1_PADDING_SIZE || signed_msg_len > rsa_size - RSA_PKCS1_PADDING_SIZE) { - OPENSSL_PUT_ERROR(RSA, RSA_sign, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + OPENSSL_PUT_ERROR(RSA, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); goto finish; } @@ -453,18 +474,18 @@ int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len, } if (sig_len != rsa_size) { - OPENSSL_PUT_ERROR(RSA, RSA_verify, RSA_R_WRONG_SIGNATURE_LENGTH); + OPENSSL_PUT_ERROR(RSA, RSA_R_WRONG_SIGNATURE_LENGTH); return 0; } if (hash_nid == NID_md5_sha1 && msg_len != SSL_SIG_LENGTH) { - OPENSSL_PUT_ERROR(RSA, RSA_verify, RSA_R_INVALID_MESSAGE_LENGTH); + OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_MESSAGE_LENGTH); return 0; } buf = OPENSSL_malloc(rsa_size); if (!buf) { - OPENSSL_PUT_ERROR(RSA, RSA_verify, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return 0; } @@ -473,13 +494,13 @@ int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len, goto out; } - if (!pkcs1_prefixed_msg(&signed_msg, &signed_msg_len, &signed_msg_is_alloced, - hash_nid, msg, msg_len)) { + if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len, + &signed_msg_is_alloced, hash_nid, msg, msg_len)) { goto out; } if (len != signed_msg_len || CRYPTO_memcmp(buf, signed_msg, len) != 0) { - OPENSSL_PUT_ERROR(RSA, RSA_verify, RSA_R_BAD_SIGNATURE); + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_SIGNATURE); goto out; } @@ -509,12 +530,12 @@ int RSA_check_key(const RSA *key) { } if ((key->p != NULL) != (key->q != NULL)) { - OPENSSL_PUT_ERROR(RSA, RSA_check_key, RSA_R_ONLY_ONE_OF_P_Q_GIVEN); + OPENSSL_PUT_ERROR(RSA, RSA_R_ONLY_ONE_OF_P_Q_GIVEN); return 0; } if (!key->n || !key->e) { - OPENSSL_PUT_ERROR(RSA, RSA_check_key, RSA_R_VALUE_MISSING); + OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING); return 0; } @@ -526,7 +547,7 @@ int RSA_check_key(const RSA *key) { ctx = BN_CTX_new(); if (ctx == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_check_key, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return 0; } @@ -540,52 +561,74 @@ int RSA_check_key(const RSA *key) { BN_init(&dmq1); BN_init(&iqmp); - if (/* n = pq */ - !BN_mul(&n, key->p, key->q, ctx) || - /* lcm = lcm(p-1, q-1) */ + if (!BN_mul(&n, key->p, key->q, ctx) || + /* lcm = lcm(prime-1, for all primes) */ !BN_sub(&pm1, key->p, BN_value_one()) || !BN_sub(&qm1, key->q, BN_value_one()) || !BN_mul(&lcm, &pm1, &qm1, ctx) || + !BN_gcd(&gcd, &pm1, &qm1, ctx)) { + OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); + goto out; + } + + size_t num_additional_primes = 0; + if (key->additional_primes != NULL) { + num_additional_primes = sk_RSA_additional_prime_num(key->additional_primes); + } + + size_t i; + for (i = 0; i < num_additional_primes; i++) { + const RSA_additional_prime *ap = + sk_RSA_additional_prime_value(key->additional_primes, i); + if (!BN_mul(&n, &n, ap->prime, ctx) || + !BN_sub(&pm1, ap->prime, BN_value_one()) || + !BN_mul(&lcm, &lcm, &pm1, ctx) || + !BN_gcd(&gcd, &gcd, &pm1, ctx)) { + OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); + goto out; + } + } + + if (!BN_div(&lcm, NULL, &lcm, &gcd, ctx) || !BN_gcd(&gcd, &pm1, &qm1, ctx) || - !BN_div(&lcm, NULL, &lcm, &gcd, ctx) || - /* de = d*e mod lcm(p-1, q-1) */ + /* de = d*e mod lcm(prime-1, for all primes). */ !BN_mod_mul(&de, key->d, key->e, &lcm, ctx)) { - OPENSSL_PUT_ERROR(RSA, RSA_check_key, ERR_LIB_BN); + OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); goto out; } if (BN_cmp(&n, key->n) != 0) { - OPENSSL_PUT_ERROR(RSA, RSA_check_key, RSA_R_N_NOT_EQUAL_P_Q); + OPENSSL_PUT_ERROR(RSA, RSA_R_N_NOT_EQUAL_P_Q); goto out; } if (!BN_is_one(&de)) { - OPENSSL_PUT_ERROR(RSA, RSA_check_key, RSA_R_D_E_NOT_CONGRUENT_TO_1); + OPENSSL_PUT_ERROR(RSA, RSA_R_D_E_NOT_CONGRUENT_TO_1); goto out; } has_crt_values = key->dmp1 != NULL; if (has_crt_values != (key->dmq1 != NULL) || has_crt_values != (key->iqmp != NULL)) { - OPENSSL_PUT_ERROR(RSA, RSA_check_key, RSA_R_INCONSISTENT_SET_OF_CRT_VALUES); + OPENSSL_PUT_ERROR(RSA, RSA_R_INCONSISTENT_SET_OF_CRT_VALUES); goto out; } - if (has_crt_values) { + if (has_crt_values && num_additional_primes == 0) { if (/* dmp1 = d mod (p-1) */ !BN_mod(&dmp1, key->d, &pm1, ctx) || /* dmq1 = d mod (q-1) */ !BN_mod(&dmq1, key->d, &qm1, ctx) || /* iqmp = q^-1 mod p */ !BN_mod_inverse(&iqmp, key->q, key->p, ctx)) { - OPENSSL_PUT_ERROR(RSA, RSA_check_key, ERR_LIB_BN); + OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); goto out; } if (BN_cmp(&dmp1, key->dmp1) != 0 || BN_cmp(&dmq1, key->dmq1) != 0 || BN_cmp(&iqmp, key->iqmp) != 0) { - OPENSSL_PUT_ERROR(RSA, RSA_check_key, RSA_R_CRT_VALUES_INCORRECT); + OPENSSL_PUT_ERROR(RSA, RSA_R_CRT_VALUES_INCORRECT); goto out; } } @@ -613,13 +656,17 @@ int RSA_recover_crt_params(RSA *rsa) { int ok = 0; if (rsa->n == NULL || rsa->e == NULL || rsa->d == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, RSA_R_EMPTY_PUBLIC_KEY); + OPENSSL_PUT_ERROR(RSA, RSA_R_EMPTY_PUBLIC_KEY); return 0; } if (rsa->p || rsa->q || rsa->dmp1 || rsa->dmq1 || rsa->iqmp) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, - RSA_R_CRT_PARAMS_ALREADY_GIVEN); + OPENSSL_PUT_ERROR(RSA, RSA_R_CRT_PARAMS_ALREADY_GIVEN); + return 0; + } + + if (rsa->additional_primes != NULL) { + OPENSSL_PUT_ERROR(RSA, RSA_R_CANNOT_RECOVER_MULTI_PRIME_KEY); return 0; } @@ -628,7 +675,7 @@ int RSA_recover_crt_params(RSA *rsa) { ctx = BN_CTX_new(); if (ctx == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return 0; } @@ -641,7 +688,7 @@ int RSA_recover_crt_params(RSA *rsa) { if (totient == NULL || rem == NULL || multiple == NULL || p_plus_q == NULL || p_minus_q == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } @@ -669,12 +716,12 @@ int RSA_recover_crt_params(RSA *rsa) { !BN_div(multiple, NULL, totient, rsa->n, ctx) || !BN_add_word(multiple, 1) || !BN_div(totient, rem, totient, multiple, ctx)) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(RSA, ERR_R_BN_LIB); goto err; } if (!BN_is_zero(rem)) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, RSA_R_BAD_RSA_PARAMETERS); + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS); goto err; } @@ -685,7 +732,7 @@ int RSA_recover_crt_params(RSA *rsa) { rsa->iqmp = BN_new(); if (rsa->p == NULL || rsa->q == NULL || rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } @@ -703,12 +750,12 @@ int RSA_recover_crt_params(RSA *rsa) { !BN_rshift1(rsa->q, rsa->q) || !BN_div(rsa->p, NULL, rsa->n, rsa->q, ctx) || !BN_mul(multiple, rsa->p, rsa->q, ctx)) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(RSA, ERR_R_BN_LIB); goto err; } if (BN_cmp(multiple, rsa->n) != 0) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, RSA_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(RSA, RSA_R_INTERNAL_ERROR); goto err; } @@ -717,7 +764,7 @@ int RSA_recover_crt_params(RSA *rsa) { !BN_sub(rem, rsa->q, BN_value_one()) || !BN_mod(rsa->dmq1, rsa->d, rem, ctx) || !BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx)) { - OPENSSL_PUT_ERROR(RSA, RSA_recover_crt_params, ERR_R_BN_LIB); + OPENSSL_PUT_ERROR(RSA, ERR_R_BN_LIB); goto err; } diff --git a/src/crypto/rsa/rsa_asn1.c b/src/crypto/rsa/rsa_asn1.c index 924cb8a..e3756ba 100644 --- a/src/crypto/rsa/rsa_asn1.c +++ b/src/crypto/rsa/rsa_asn1.c @@ -55,45 +55,384 @@ #include <openssl/rsa.h> +#include <assert.h> +#include <limits.h> +#include <string.h> + #include <openssl/asn1.h> #include <openssl/asn1t.h> +#include <openssl/bn.h> +#include <openssl/bytestring.h> +#include <openssl/err.h> +#include <openssl/mem.h> #include "internal.h" -/* Override the default free and new methods */ -static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) { - if (operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)RSA_new(); - if (*pval) { - return 2; +static int parse_integer_buggy(CBS *cbs, BIGNUM **out, int buggy) { + assert(*out == NULL); + *out = BN_new(); + if (*out == NULL) { + return 0; + } + if (buggy) { + return BN_cbs2unsigned_buggy(cbs, *out); + } + return BN_cbs2unsigned(cbs, *out); +} + +static int parse_integer(CBS *cbs, BIGNUM **out) { + return parse_integer_buggy(cbs, out, 0 /* not buggy */); +} + +static int marshal_integer(CBB *cbb, BIGNUM *bn) { + if (bn == NULL) { + /* An RSA object may be missing some components. */ + OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING); + return 0; + } + return BN_bn2cbb(cbb, bn); +} + +static RSA *parse_public_key(CBS *cbs, int buggy) { + RSA *ret = RSA_new(); + if (ret == NULL) { + return NULL; + } + CBS child; + if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) || + !parse_integer_buggy(&child, &ret->n, buggy) || + !parse_integer(&child, &ret->e) || + CBS_len(&child) != 0) { + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING); + RSA_free(ret); + return NULL; + } + return ret; +} + +RSA *RSA_parse_public_key(CBS *cbs) { + return parse_public_key(cbs, 0 /* not buggy */); +} + +RSA *RSA_parse_public_key_buggy(CBS *cbs) { + /* Estonian IDs issued between September 2014 to September 2015 are + * broken. See https://crbug.com/532048 and https://crbug.com/534766. + * + * TODO(davidben): Remove this code and callers in March 2016. */ + return parse_public_key(cbs, 1 /* buggy */); +} + +RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len) { + CBS cbs; + CBS_init(&cbs, in, in_len); + RSA *ret = RSA_parse_public_key(&cbs); + if (ret == NULL || CBS_len(&cbs) != 0) { + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING); + RSA_free(ret); + return NULL; + } + return ret; +} + +int RSA_marshal_public_key(CBB *cbb, const RSA *rsa) { + CBB child; + if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) || + !marshal_integer(&child, rsa->n) || + !marshal_integer(&child, rsa->e) || + !CBB_flush(cbb)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR); + return 0; + } + return 1; +} + +int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len, + const RSA *rsa) { + CBB cbb; + CBB_zero(&cbb); + if (!CBB_init(&cbb, 0) || + !RSA_marshal_public_key(&cbb, rsa) || + !CBB_finish(&cbb, out_bytes, out_len)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR); + CBB_cleanup(&cbb); + return 0; + } + return 1; +} + +/* kVersionTwoPrime and kVersionMulti are the supported values of the version + * field of an RSAPrivateKey structure (RFC 3447). */ +static const uint64_t kVersionTwoPrime = 0; +static const uint64_t kVersionMulti = 1; + +/* rsa_parse_additional_prime parses a DER-encoded OtherPrimeInfo from |cbs| and + * advances |cbs|. It returns a newly-allocated |RSA_additional_prime| on + * success or NULL on error. The |r| and |method_mod| fields of the result are + * set to NULL. */ +static RSA_additional_prime *rsa_parse_additional_prime(CBS *cbs) { + RSA_additional_prime *ret = OPENSSL_malloc(sizeof(RSA_additional_prime)); + if (ret == NULL) { + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); + return 0; + } + memset(ret, 0, sizeof(RSA_additional_prime)); + + CBS child; + if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) || + !parse_integer(&child, &ret->prime) || + !parse_integer(&child, &ret->exp) || + !parse_integer(&child, &ret->coeff) || + CBS_len(&child) != 0) { + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING); + RSA_additional_prime_free(ret); + return NULL; + } + + return ret; +} + +RSA *RSA_parse_private_key(CBS *cbs) { + BN_CTX *ctx = NULL; + BIGNUM *product_of_primes_so_far = NULL; + RSA *ret = RSA_new(); + if (ret == NULL) { + return NULL; + } + + CBS child; + uint64_t version; + if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) || + !CBS_get_asn1_uint64(&child, &version) || + (version != kVersionTwoPrime && version != kVersionMulti) || + !parse_integer(&child, &ret->n) || + !parse_integer(&child, &ret->e) || + !parse_integer(&child, &ret->d) || + !parse_integer(&child, &ret->p) || + !parse_integer(&child, &ret->q) || + !parse_integer(&child, &ret->dmp1) || + !parse_integer(&child, &ret->dmq1) || + !parse_integer(&child, &ret->iqmp)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_VERSION); + goto err; + } + + /* Multi-prime RSA requires a newer version. */ + if (version == kVersionMulti && + CBS_peek_asn1_tag(&child, CBS_ASN1_SEQUENCE)) { + CBS other_prime_infos; + if (!CBS_get_asn1(&child, &other_prime_infos, CBS_ASN1_SEQUENCE) || + CBS_len(&other_prime_infos) == 0) { + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING); + goto err; + } + ret->additional_primes = sk_RSA_additional_prime_new_null(); + if (ret->additional_primes == NULL) { + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); + goto err; + } + + ctx = BN_CTX_new(); + product_of_primes_so_far = BN_new(); + if (ctx == NULL || + product_of_primes_so_far == NULL || + !BN_mul(product_of_primes_so_far, ret->p, ret->q, ctx)) { + goto err; + } + + while (CBS_len(&other_prime_infos) > 0) { + RSA_additional_prime *ap = rsa_parse_additional_prime(&other_prime_infos); + if (ap == NULL) { + goto err; + } + if (!sk_RSA_additional_prime_push(ret->additional_primes, ap)) { + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); + RSA_additional_prime_free(ap); + goto err; + } + ap->r = BN_dup(product_of_primes_so_far); + if (ap->r == NULL || + !BN_mul(product_of_primes_so_far, product_of_primes_so_far, + ap->prime, ctx)) { + goto err; + } } + } + + if (CBS_len(&child) != 0) { + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING); + goto err; + } + + BN_CTX_free(ctx); + BN_free(product_of_primes_so_far); + return ret; + +err: + BN_CTX_free(ctx); + BN_free(product_of_primes_so_far); + RSA_free(ret); + return NULL; +} + +RSA *RSA_private_key_from_bytes(const uint8_t *in, size_t in_len) { + CBS cbs; + CBS_init(&cbs, in, in_len); + RSA *ret = RSA_parse_private_key(&cbs); + if (ret == NULL || CBS_len(&cbs) != 0) { + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING); + RSA_free(ret); + return NULL; + } + return ret; +} + +int RSA_marshal_private_key(CBB *cbb, const RSA *rsa) { + const int is_multiprime = + sk_RSA_additional_prime_num(rsa->additional_primes) > 0; + + CBB child; + if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1_uint64(&child, + is_multiprime ? kVersionMulti : kVersionTwoPrime) || + !marshal_integer(&child, rsa->n) || + !marshal_integer(&child, rsa->e) || + !marshal_integer(&child, rsa->d) || + !marshal_integer(&child, rsa->p) || + !marshal_integer(&child, rsa->q) || + !marshal_integer(&child, rsa->dmp1) || + !marshal_integer(&child, rsa->dmq1) || + !marshal_integer(&child, rsa->iqmp)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR); + return 0; + } + + if (is_multiprime) { + CBB other_prime_infos; + if (!CBB_add_asn1(&child, &other_prime_infos, CBS_ASN1_SEQUENCE)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR); + return 0; + } + size_t i; + for (i = 0; i < sk_RSA_additional_prime_num(rsa->additional_primes); i++) { + RSA_additional_prime *ap = + sk_RSA_additional_prime_value(rsa->additional_primes, i); + CBB other_prime_info; + if (!CBB_add_asn1(&other_prime_infos, &other_prime_info, + CBS_ASN1_SEQUENCE) || + !marshal_integer(&other_prime_info, ap->prime) || + !marshal_integer(&other_prime_info, ap->exp) || + !marshal_integer(&other_prime_info, ap->coeff)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR); + return 0; + } + } + } + + if (!CBB_flush(cbb)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR); return 0; - } else if (operation == ASN1_OP_FREE_PRE) { - RSA_free((RSA *)*pval); - *pval = NULL; - return 2; } return 1; } -ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { - ASN1_SIMPLE(RSA, version, LONG), - ASN1_SIMPLE(RSA, n, BIGNUM), - ASN1_SIMPLE(RSA, e, BIGNUM), - ASN1_SIMPLE(RSA, d, BIGNUM), - ASN1_SIMPLE(RSA, p, BIGNUM), - ASN1_SIMPLE(RSA, q, BIGNUM), - ASN1_SIMPLE(RSA, dmp1, BIGNUM), - ASN1_SIMPLE(RSA, dmq1, BIGNUM), - ASN1_SIMPLE(RSA, iqmp, BIGNUM), -} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey); +int RSA_private_key_to_bytes(uint8_t **out_bytes, size_t *out_len, + const RSA *rsa) { + CBB cbb; + CBB_zero(&cbb); + if (!CBB_init(&cbb, 0) || + !RSA_marshal_private_key(&cbb, rsa) || + !CBB_finish(&cbb, out_bytes, out_len)) { + OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR); + CBB_cleanup(&cbb); + return 0; + } + return 1; +} -ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { - ASN1_SIMPLE(RSA, n, BIGNUM), - ASN1_SIMPLE(RSA, e, BIGNUM), -} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey); +RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len) { + if (len < 0) { + return NULL; + } + CBS cbs; + CBS_init(&cbs, *inp, (size_t)len); + RSA *ret = RSA_parse_public_key(&cbs); + if (ret == NULL) { + return NULL; + } + if (out != NULL) { + RSA_free(*out); + *out = ret; + } + *inp += (size_t)len - CBS_len(&cbs); + return ret; +} + +int i2d_RSAPublicKey(const RSA *in, uint8_t **outp) { + uint8_t *der; + size_t der_len; + if (!RSA_public_key_to_bytes(&der, &der_len, in)) { + return -1; + } + if (der_len > INT_MAX) { + OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW); + OPENSSL_free(der); + return -1; + } + if (outp != NULL) { + if (*outp == NULL) { + *outp = der; + der = NULL; + } else { + memcpy(*outp, der, der_len); + *outp += der_len; + } + } + OPENSSL_free(der); + return (int)der_len; +} + +RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len) { + if (len < 0) { + return NULL; + } + CBS cbs; + CBS_init(&cbs, *inp, (size_t)len); + RSA *ret = RSA_parse_private_key(&cbs); + if (ret == NULL) { + return NULL; + } + if (out != NULL) { + RSA_free(*out); + *out = ret; + } + *inp += (size_t)len - CBS_len(&cbs); + return ret; +} + +int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp) { + uint8_t *der; + size_t der_len; + if (!RSA_private_key_to_bytes(&der, &der_len, in)) { + return -1; + } + if (der_len > INT_MAX) { + OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW); + OPENSSL_free(der); + return -1; + } + if (outp != NULL) { + if (*outp == NULL) { + *outp = der; + der = NULL; + } else { + memcpy(*outp, der, der_len); + *outp += der_len; + } + } + OPENSSL_free(der); + return (int)der_len; +} ASN1_SEQUENCE(RSA_PSS_PARAMS) = { ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), @@ -104,22 +443,24 @@ ASN1_SEQUENCE(RSA_PSS_PARAMS) = { IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS); -ASN1_SEQUENCE(RSA_OAEP_PARAMS) = { - ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0), - ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1), - ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2), -} ASN1_SEQUENCE_END(RSA_OAEP_PARAMS); - -IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS); - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey); - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey); - RSA *RSAPublicKey_dup(const RSA *rsa) { - return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), (RSA *) rsa); + uint8_t *der; + size_t der_len; + if (!RSA_public_key_to_bytes(&der, &der_len, rsa)) { + return NULL; + } + RSA *ret = RSA_public_key_from_bytes(der, der_len); + OPENSSL_free(der); + return ret; } RSA *RSAPrivateKey_dup(const RSA *rsa) { - return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), (RSA *) rsa); + uint8_t *der; + size_t der_len; + if (!RSA_private_key_to_bytes(&der, &der_len, rsa)) { + return NULL; + } + RSA *ret = RSA_private_key_from_bytes(der, der_len); + OPENSSL_free(der); + return ret; } diff --git a/src/crypto/rsa/rsa_impl.c b/src/crypto/rsa/rsa_impl.c index e14f0f5..eb4a36f 100644 --- a/src/crypto/rsa/rsa_impl.c +++ b/src/crypto/rsa/rsa_impl.c @@ -78,6 +78,15 @@ static int finish(RSA *rsa) { BN_MONT_CTX_free(rsa->_method_mod_p); BN_MONT_CTX_free(rsa->_method_mod_q); + if (rsa->additional_primes != NULL) { + size_t i; + for (i = 0; i < sk_RSA_additional_prime_num(rsa->additional_primes); i++) { + RSA_additional_prime *ap = + sk_RSA_additional_prime_value(rsa->additional_primes, i); + BN_MONT_CTX_free(ap->method_mod); + } + } + return 1; } @@ -94,24 +103,24 @@ static int encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, int i, ret = 0; if (rsa_size > OPENSSL_RSA_MAX_MODULUS_BITS) { - OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_MODULUS_TOO_LARGE); + OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE); return 0; } if (max_out < rsa_size) { - OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_OUTPUT_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } if (BN_ucmp(rsa->n, rsa->e) <= 0) { - OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_BAD_E_VALUE); + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE); return 0; } /* for large moduli, enforce exponent limit */ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS && BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { - OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_BAD_E_VALUE); + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE); return 0; } @@ -125,7 +134,7 @@ static int encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, result = BN_CTX_get(ctx); buf = OPENSSL_malloc(rsa_size); if (!f || !result || !buf) { - OPENSSL_PUT_ERROR(RSA, encrypt, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } @@ -142,7 +151,7 @@ static int encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, i = RSA_padding_add_none(buf, rsa_size, in, in_len); break; default: - OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_UNKNOWN_PADDING_TYPE); + OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE); goto err; } @@ -156,7 +165,7 @@ static int encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, if (BN_ucmp(f, rsa->n) >= 0) { /* usually the padding functions would catch this */ - OPENSSL_PUT_ERROR(RSA, encrypt, RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } @@ -175,7 +184,7 @@ static int encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, /* put in leading 0 bytes if the number is less than the length of the * modulus */ if (!BN_bn2bin_padded(out, rsa_size, result)) { - OPENSSL_PUT_ERROR(RSA, encrypt, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } @@ -309,13 +318,13 @@ static int sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, int i, ret = 0; if (max_out < rsa_size) { - OPENSSL_PUT_ERROR(RSA, sign_raw, RSA_R_OUTPUT_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } buf = OPENSSL_malloc(rsa_size); if (buf == NULL) { - OPENSSL_PUT_ERROR(RSA, sign_raw, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } @@ -327,7 +336,7 @@ static int sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, i = RSA_padding_add_none(buf, rsa_size, in, in_len); break; default: - OPENSSL_PUT_ERROR(RSA, sign_raw, RSA_R_UNKNOWN_PADDING_TYPE); + OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE); goto err; } @@ -359,18 +368,23 @@ static int decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, int ret = 0; if (max_out < rsa_size) { - OPENSSL_PUT_ERROR(RSA, decrypt, RSA_R_OUTPUT_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } - buf = OPENSSL_malloc(rsa_size); - if (buf == NULL) { - OPENSSL_PUT_ERROR(RSA, decrypt, ERR_R_MALLOC_FAILURE); - goto err; + if (padding == RSA_NO_PADDING) { + buf = out; + } else { + /* Allocate a temporary buffer to hold the padded plaintext. */ + buf = OPENSSL_malloc(rsa_size); + if (buf == NULL) { + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); + goto err; + } } if (in_len != rsa_size) { - OPENSSL_PUT_ERROR(RSA, decrypt, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN); goto err; } @@ -388,22 +402,22 @@ static int decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, NULL, 0, NULL, NULL); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(out, rsa_size, buf, rsa_size); + r = rsa_size; break; default: - OPENSSL_PUT_ERROR(RSA, decrypt, RSA_R_UNKNOWN_PADDING_TYPE); + OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE); goto err; } if (r < 0) { - OPENSSL_PUT_ERROR(RSA, decrypt, RSA_R_PADDING_CHECK_FAILED); + OPENSSL_PUT_ERROR(RSA, RSA_R_PADDING_CHECK_FAILED); } else { *out_len = r; ret = 1; } err: - if (buf != NULL) { + if (padding != RSA_NO_PADDING && buf != NULL) { OPENSSL_cleanse(buf, rsa_size); OPENSSL_free(buf); } @@ -421,24 +435,24 @@ static int verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, BN_CTX *ctx = NULL; if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { - OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_MODULUS_TOO_LARGE); + OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE); return 0; } if (BN_ucmp(rsa->n, rsa->e) <= 0) { - OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_BAD_E_VALUE); + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE); return 0; } if (max_out < rsa_size) { - OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_OUTPUT_BUFFER_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } /* for large moduli, enforce exponent limit */ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS && BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { - OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_BAD_E_VALUE); + OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE); return 0; } @@ -450,14 +464,23 @@ static int verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, BN_CTX_start(ctx); f = BN_CTX_get(ctx); result = BN_CTX_get(ctx); - buf = OPENSSL_malloc(rsa_size); - if (!f || !result || !buf) { - OPENSSL_PUT_ERROR(RSA, verify_raw, ERR_R_MALLOC_FAILURE); + if (padding == RSA_NO_PADDING) { + buf = out; + } else { + /* Allocate a temporary buffer to hold the padded plaintext. */ + buf = OPENSSL_malloc(rsa_size); + if (buf == NULL) { + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); + goto err; + } + } + if (!f || !result) { + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } if (in_len != rsa_size) { - OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN); goto err; } @@ -466,7 +489,7 @@ static int verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, } if (BN_ucmp(f, rsa->n) >= 0) { - OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } @@ -483,7 +506,7 @@ static int verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, } if (!BN_bn2bin_padded(buf, rsa_size, result)) { - OPENSSL_PUT_ERROR(RSA, verify_raw, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } @@ -492,15 +515,15 @@ static int verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, r = RSA_padding_check_PKCS1_type_1(out, rsa_size, buf, rsa_size); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(out, rsa_size, buf, rsa_size); + r = rsa_size; break; default: - OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_UNKNOWN_PADDING_TYPE); + OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE); goto err; } if (r < 0) { - OPENSSL_PUT_ERROR(RSA, verify_raw, RSA_R_PADDING_CHECK_FAILED); + OPENSSL_PUT_ERROR(RSA, RSA_R_PADDING_CHECK_FAILED); } else { *out_len = r; ret = 1; @@ -511,7 +534,7 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (buf != NULL) { + if (padding != RSA_NO_PADDING && buf != NULL) { OPENSSL_cleanse(buf, rsa_size); OPENSSL_free(buf); } @@ -535,7 +558,7 @@ static int private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, result = BN_CTX_get(ctx); if (f == NULL || result == NULL) { - OPENSSL_PUT_ERROR(RSA, private_transform, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } @@ -545,14 +568,14 @@ static int private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, if (BN_ucmp(f, rsa->n) >= 0) { /* Usually the padding functions would catch this. */ - OPENSSL_PUT_ERROR(RSA, private_transform, RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { blinding = rsa_blinding_get(rsa, &blinding_index, ctx); if (blinding == NULL) { - OPENSSL_PUT_ERROR(RSA, private_transform, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } if (!BN_BLINDING_convert_ex(f, NULL, blinding, ctx)) { @@ -593,7 +616,7 @@ static int private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, } if (!BN_bn2bin_padded(out, len, result)) { - OPENSSL_PUT_ERROR(RSA, private_transform, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR); goto err; } @@ -616,6 +639,11 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { BIGNUM local_dmp1, local_dmq1, local_c, local_r1; BIGNUM *dmp1, *dmq1, *c, *pr1; int ret = 0; + size_t i, num_additional_primes = 0; + + if (rsa->additional_primes != NULL) { + num_additional_primes = sk_RSA_additional_prime_num(rsa->additional_primes); + } BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); @@ -724,6 +752,42 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { goto err; } + for (i = 0; i < num_additional_primes; i++) { + /* multi-prime RSA. */ + BIGNUM local_exp, local_prime; + BIGNUM *exp = &local_exp, *prime = &local_prime; + RSA_additional_prime *ap = + sk_RSA_additional_prime_value(rsa->additional_primes, i); + + BN_with_flags(exp, ap->exp, BN_FLG_CONSTTIME); + BN_with_flags(prime, ap->prime, BN_FLG_CONSTTIME); + + /* c will already point to a BIGNUM with the correct flags. */ + if (!BN_mod(r1, c, prime, ctx)) { + goto err; + } + + if ((rsa->flags & RSA_FLAG_CACHE_PRIVATE) && + !BN_MONT_CTX_set_locked(&ap->method_mod, &rsa->lock, prime, ctx)) { + goto err; + } + + if (!rsa->meth->bn_mod_exp(m1, r1, exp, prime, ctx, ap->method_mod)) { + goto err; + } + + BN_set_flags(m1, BN_FLG_CONSTTIME); + + if (!BN_sub(m1, m1, r0) || + !BN_mul(m1, m1, ap->coeff, ctx) || + !BN_mod(m1, m1, prime, ctx) || + (BN_is_negative(m1) && !BN_add(m1, m1, prime)) || + !BN_mul(m1, m1, ap->r, ctx) || + !BN_add(r0, r0, m1)) { + goto err; + } + } + if (rsa->e && rsa->n) { if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, rsa->_method_mod_n)) { @@ -766,12 +830,20 @@ err: return ret; } -static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { +static int keygen_multiprime(RSA *rsa, int bits, int num_primes, + BIGNUM *e_value, BN_GENCB *cb) { BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; BIGNUM local_r0, local_d, local_p; BIGNUM *pr0, *d, *p; - int bitsp, bitsq, ok = -1, n = 0; + int prime_bits, ok = -1, n = 0, i, j; BN_CTX *ctx = NULL; + STACK_OF(RSA_additional_prime) *additional_primes = NULL; + + if (num_primes < 2) { + ok = 0; /* we set our own err */ + OPENSSL_PUT_ERROR(RSA, RSA_R_MUST_HAVE_AT_LEAST_TWO_PRIMES); + goto err; + } ctx = BN_CTX_new(); if (ctx == NULL) { @@ -782,12 +854,36 @@ static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { r1 = BN_CTX_get(ctx); r2 = BN_CTX_get(ctx); r3 = BN_CTX_get(ctx); - if (r3 == NULL) { + if (r0 == NULL || r1 == NULL || r2 == NULL || r3 == NULL) { goto err; } - bitsp = (bits + 1) / 2; - bitsq = bits - bitsp; + if (num_primes > 2) { + additional_primes = sk_RSA_additional_prime_new_null(); + if (additional_primes == NULL) { + goto err; + } + } + + for (i = 2; i < num_primes; i++) { + RSA_additional_prime *ap = OPENSSL_malloc(sizeof(RSA_additional_prime)); + if (ap == NULL) { + goto err; + } + memset(ap, 0, sizeof(RSA_additional_prime)); + ap->prime = BN_new(); + ap->exp = BN_new(); + ap->coeff = BN_new(); + ap->r = BN_new(); + if (ap->prime == NULL || + ap->exp == NULL || + ap->coeff == NULL || + ap->r == NULL || + !sk_RSA_additional_prime_push(additional_primes, ap)) { + RSA_additional_prime_free(ap); + goto err; + } + } /* We need the RSA components non-NULL */ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) { @@ -815,11 +911,14 @@ static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { goto err; } - BN_copy(rsa->e, e_value); + if (!BN_copy(rsa->e, e_value)) { + goto err; + } /* generate p and q */ + prime_bits = (bits + (num_primes - 1)) / num_primes; for (;;) { - if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb) || + if (!BN_generate_prime_ex(rsa->p, prime_bits, 0, NULL, NULL, cb) || !BN_sub(r2, rsa->p, BN_value_one()) || !BN_gcd(r1, r2, rsa->e, ctx)) { goto err; @@ -834,19 +933,20 @@ static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { if (!BN_GENCB_call(cb, 3, 0)) { goto err; } + prime_bits = ((bits - prime_bits) + (num_primes - 2)) / (num_primes - 1); for (;;) { /* When generating ridiculously small keys, we can get stuck * continually regenerating the same prime values. Check for * this and bail if it happens 3 times. */ unsigned int degenerate = 0; do { - if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) { + if (!BN_generate_prime_ex(rsa->q, prime_bits, 0, NULL, NULL, cb)) { goto err; } } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); if (degenerate == 3) { ok = 0; /* we set our own err */ - OPENSSL_PUT_ERROR(RSA, keygen, RSA_R_KEY_SIZE_TOO_SMALL); + OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL); goto err; } if (!BN_sub(r2, rsa->q, BN_value_one()) || @@ -860,20 +960,91 @@ static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { goto err; } } - if (!BN_GENCB_call(cb, 3, 1)) { + + if (!BN_GENCB_call(cb, 3, 1) || + !BN_mul(rsa->n, rsa->p, rsa->q, ctx)) { goto err; } + + for (i = 2; i < num_primes; i++) { + RSA_additional_prime *ap = + sk_RSA_additional_prime_value(additional_primes, i - 2); + prime_bits = ((bits - BN_num_bits(rsa->n)) + (num_primes - (i + 1))) / + (num_primes - i); + + for (;;) { + if (!BN_generate_prime_ex(ap->prime, prime_bits, 0, NULL, NULL, cb)) { + goto err; + } + if (BN_cmp(rsa->p, ap->prime) == 0 || + BN_cmp(rsa->q, ap->prime) == 0) { + continue; + } + + for (j = 0; j < i - 2; j++) { + if (BN_cmp(sk_RSA_additional_prime_value(additional_primes, j)->prime, + ap->prime) == 0) { + break; + } + } + if (j != i - 2) { + continue; + } + + if (!BN_sub(r2, ap->prime, BN_value_one()) || + !BN_gcd(r1, r2, rsa->e, ctx)) { + goto err; + } + + if (!BN_is_one(r1)) { + continue; + } + if (i != num_primes - 1) { + break; + } + + /* For the last prime we'll check that it makes n large enough. In the + * two prime case this isn't a problem because we generate primes with + * the top two bits set and so the product is always of the expected + * size. In the multi prime case, this doesn't follow. */ + if (!BN_mul(r1, rsa->n, ap->prime, ctx)) { + goto err; + } + if (BN_num_bits(r1) == bits) { + break; + } + + if (!BN_GENCB_call(cb, 2, n++)) { + goto err; + } + } + + /* ap->r is is the product of all the primes prior to the current one + * (including p and q). */ + if (!BN_copy(ap->r, rsa->n)) { + goto err; + } + if (i == num_primes - 1) { + /* In the case of the last prime, we calculated n as |r1| in the loop + * above. */ + if (!BN_copy(rsa->n, r1)) { + goto err; + } + } else if (!BN_mul(rsa->n, rsa->n, ap->prime, ctx)) { + goto err; + } + + if (!BN_GENCB_call(cb, 3, 1)) { + goto err; + } + } + if (BN_cmp(rsa->p, rsa->q) < 0) { tmp = rsa->p; rsa->p = rsa->q; rsa->q = tmp; } - /* calculate n */ - if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) { - goto err; - } - /* calculate d */ if (!BN_sub(r1, rsa->p, BN_value_one())) { goto err; /* p-1 */ @@ -884,6 +1055,14 @@ static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { if (!BN_mul(r0, r1, r2, ctx)) { goto err; /* (p-1)(q-1) */ } + for (i = 2; i < num_primes; i++) { + RSA_additional_prime *ap = + sk_RSA_additional_prime_value(additional_primes, i - 2); + if (!BN_sub(r3, ap->prime, BN_value_one()) || + !BN_mul(r0, r0, r3, ctx)) { + goto err; + } + } pr0 = &local_r0; BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) { @@ -912,21 +1091,38 @@ static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { goto err; } + for (i = 2; i < num_primes; i++) { + RSA_additional_prime *ap = + sk_RSA_additional_prime_value(additional_primes, i - 2); + if (!BN_sub(ap->exp, ap->prime, BN_value_one()) || + !BN_mod(ap->exp, rsa->d, ap->exp, ctx) || + !BN_mod_inverse(ap->coeff, ap->r, ap->prime, ctx)) { + goto err; + } + } + ok = 1; + rsa->additional_primes = additional_primes; + additional_primes = NULL; err: if (ok == -1) { - OPENSSL_PUT_ERROR(RSA, keygen, ERR_LIB_BN); + OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); ok = 0; } if (ctx != NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); } - + sk_RSA_additional_prime_pop_free(additional_primes, + RSA_additional_prime_free); return ok; } +static int keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { + return keygen_multiprime(rsa, bits, 2 /* num primes */, e_value, cb); +} + const struct rsa_meth_st RSA_default_method = { { 0 /* references */, @@ -955,4 +1151,7 @@ const struct rsa_meth_st RSA_default_method = { RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE, keygen, + keygen_multiprime, + + NULL /* supports_digest */, }; diff --git a/src/crypto/rsa/rsa_test.c b/src/crypto/rsa/rsa_test.c deleted file mode 100644 index 318cf3f..0000000 --- a/src/crypto/rsa/rsa_test.c +++ /dev/null @@ -1,511 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - -#include <openssl/rsa.h> - -#include <stdlib.h> -#include <string.h> - -#include <openssl/bn.h> -#include <openssl/crypto.h> -#include <openssl/err.h> -#include <openssl/obj.h> - - -#define SetKey \ - key->n = BN_bin2bn(n, sizeof(n) - 1, key->n); \ - key->e = BN_bin2bn(e, sizeof(e) - 1, key->e); \ - key->d = BN_bin2bn(d, sizeof(d) - 1, key->d); \ - key->p = BN_bin2bn(p, sizeof(p) - 1, key->p); \ - key->q = BN_bin2bn(q, sizeof(q) - 1, key->q); \ - key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1) - 1, key->dmp1); \ - key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1) - 1, key->dmq1); \ - key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp) - 1, key->iqmp); \ - memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ - return (sizeof(ctext_ex) - 1); - -static int key1(RSA *key, unsigned char *c) { - static unsigned char n[] = - "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" - "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" - "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" - "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" - "\xF5"; - - static unsigned char e[] = "\x11"; - - static unsigned char d[] = - "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" - "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" - "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" - "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; - - static unsigned char p[] = - "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" - "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" - "\x0D"; - - static unsigned char q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" - "\x89"; - - static unsigned char dmp1[] = - "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" - "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; - - static unsigned char dmq1[] = - "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" - "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" - "\x51"; - - static unsigned char iqmp[] = - "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" - "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; - - static unsigned char ctext_ex[] = - "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" - "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" - "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" - "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; - - SetKey; -} - -static int key2(RSA *key, unsigned char *c) { - static unsigned char n[] = - "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" - "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" - "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" - "\x34\x77\xCF"; - - static unsigned char e[] = "\x3"; - - static unsigned char d[] = - "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" - "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" - "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" - "\xE5\xEB"; - - static unsigned char p[] = - "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" - "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; - - static unsigned char q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; - - static unsigned char dmp1[] = - "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" - "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; - - static unsigned char dmq1[] = - "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" - "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; - - static unsigned char iqmp[] = - "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" - "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; - - static unsigned char ctext_ex[] = - "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" - "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" - "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" - "\x62\x51"; - - SetKey; -} - -static int key3(RSA *key, unsigned char *c) { - static unsigned char n[] = - "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" - "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" - "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" - "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" - "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" - "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" - "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" - "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" - "\xCB"; - - static unsigned char e[] = "\x11"; - - static unsigned char d[] = - "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" - "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" - "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" - "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" - "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" - "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" - "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" - "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" - "\xC1"; - - static unsigned char p[] = - "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" - "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" - "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" - "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" - "\x99"; - - static unsigned char q[] = - "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" - "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" - "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" - "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" - "\x03"; - - static unsigned char dmp1[] = - "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" - "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" - "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" - "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; - - static unsigned char dmq1[] = - "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" - "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" - "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" - "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; - - static unsigned char iqmp[] = - "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" - "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" - "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" - "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" - "\xF7"; - - static unsigned char ctext_ex[] = - "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" - "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" - "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" - "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" - "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" - "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" - "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" - "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; - - SetKey; -} - -static int test_bad_key(void) { - RSA *key = RSA_new(); - BIGNUM e; - - BN_init(&e); - BN_set_word(&e, RSA_F4); - - if (!RSA_generate_key_ex(key, 512, &e, NULL)) { - fprintf(stderr, "RSA_generate_key_ex failed.\n"); - ERR_print_errors_fp(stderr); - return 0; - } - - if (!BN_add(key->p, key->p, BN_value_one())) { - fprintf(stderr, "BN error.\n"); - ERR_print_errors_fp(stderr); - return 0; - } - - if (RSA_check_key(key)) { - fprintf(stderr, "RSA_check_key passed with invalid key!\n"); - return 0; - } - - ERR_clear_error(); - BN_free(&e); - RSA_free(key); - return 1; -} - -static int test_only_d_given(void) { - RSA *key = RSA_new(); - uint8_t buf[64]; - unsigned buf_len = sizeof(buf); - const uint8_t kDummyHash[16] = {0}; - int ret = 0; - - if (!BN_hex2bn(&key->n, - "00e77bbf3889d4ef36a9a25d4d69f3f632eb4362214c74517da6d6aeaa9bd" - "09ac42b26621cd88f3a6eb013772fc3bf9f83914b6467231c630202c35b3e" - "5808c659") || - !BN_hex2bn(&key->e, "010001") || - !BN_hex2bn(&key->d, - "0365db9eb6d73b53b015c40cd8db4de7dd7035c68b5ac1bf786d7a4ee2cea" - "316eaeca21a73ac365e58713195f2ae9849348525ca855386b6d028e437a9" - "495a01") || - RSA_size(key) > sizeof(buf)) { - goto err; - } - - if (!RSA_check_key(key)) { - fprintf(stderr, "RSA_check_key failed with only d given.\n"); - ERR_print_errors_fp(stderr); - goto err; - } - - if (!RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, &buf_len, - key)) { - fprintf(stderr, "RSA_sign failed with only d given.\n"); - ERR_print_errors_fp(stderr); - goto err; - } - - if (!RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, buf_len, - key)) { - fprintf(stderr, "RSA_verify failed with only d given.\n"); - ERR_print_errors_fp(stderr); - goto err; - } - - ret = 1; - -err: - RSA_free(key); - return ret; -} - -static int test_recover_crt_params(void) { - RSA *key1, *key2; - BIGNUM *e = BN_new(); - uint8_t buf[128]; - unsigned buf_len = sizeof(buf); - const uint8_t kDummyHash[16] = {0}; - unsigned i; - - BN_set_word(e, RSA_F4); - - ERR_clear_error(); - - for (i = 0; i < 1; i++) { - key1 = RSA_new(); - if (!RSA_generate_key_ex(key1, 512, e, NULL)) { - fprintf(stderr, "RSA_generate_key_ex failed.\n"); - ERR_print_errors_fp(stderr); - return 0; - } - - if (!RSA_check_key(key1)) { - fprintf(stderr, "RSA_check_key failed with original key.\n"); - ERR_print_errors_fp(stderr); - return 0; - } - - key2 = RSA_new(); - key2->n = BN_dup(key1->n); - key2->e = BN_dup(key1->e); - key2->d = BN_dup(key1->d); - RSA_free(key1); - - if (!RSA_recover_crt_params(key2)) { - fprintf(stderr, "RSA_recover_crt_params failed.\n"); - ERR_print_errors_fp(stderr); - return 0; - } - - if (RSA_size(key2) > buf_len) { - return 0; - } - - if (!RSA_check_key(key2)) { - fprintf(stderr, "RSA_check_key failed with recovered key.\n"); - ERR_print_errors_fp(stderr); - return 0; - } - - if (!RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, &buf_len, - key2)) { - fprintf(stderr, "RSA_sign failed with recovered key.\n"); - ERR_print_errors_fp(stderr); - return 0; - } - - if (!RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, buf_len, - key2)) { - fprintf(stderr, "RSA_verify failed with recovered key.\n"); - ERR_print_errors_fp(stderr); - return 0; - } - - RSA_free(key2); - } - - BN_free(e); - return 1; -} - -int main(int argc, char *argv[]) { - int err = 0; - int v; - RSA *key; - unsigned char ptext[256]; - unsigned char ctext[256]; - static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; - unsigned char ctext_ex[256]; - int plen; - int clen = 0; - int num; - int n; - - CRYPTO_library_init(); - - plen = sizeof(ptext_ex) - 1; - - for (v = 0; v < 3; v++) { - key = RSA_new(); - switch (v) { - case 0: - clen = key1(key, ctext_ex); - break; - case 1: - clen = key2(key, ctext_ex); - break; - case 2: - clen = key3(key, ctext_ex); - break; - default: - abort(); - } - - if (!RSA_check_key(key)) { - printf("%d: RSA_check_key failed\n", v); - err = 1; - goto oaep; - } - - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_PADDING); - if (num != clen) { - printf("PKCS#1 v1.5 encryption failed!\n"); - err = 1; - goto oaep; - } - - num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { - printf("PKCS#1 v1.5 decryption failed!\n"); - err = 1; - } else { - printf("PKCS #1 v1.5 encryption/decryption ok\n"); - } - - oaep: - ERR_clear_error(); - num = - RSA_public_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_OAEP_PADDING); - if (num == -1) { - printf("No OAEP support\n"); - goto next; - } - if (num != clen) { - printf("OAEP encryption failed!\n"); - err = 1; - goto next; - } - - num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { - printf("OAEP decryption (encrypted data) failed!\n"); - err = 1; - } else if (memcmp(ctext, ctext_ex, num) == 0) { - printf("OAEP test vector %d passed!\n", v); - } - - /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). - Try decrypting ctext_ex */ - - num = - RSA_private_decrypt(clen, ctext_ex, ptext, key, RSA_PKCS1_OAEP_PADDING); - - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { - printf("OAEP decryption (test vector data) failed!\n"); - err = 1; - } else { - printf("OAEP encryption/decryption ok\n"); - } - - /* Try decrypting corrupted ciphertexts */ - for (n = 0; n < clen; ++n) { - int b; - unsigned char saved = ctext[n]; - for (b = 0; b < 256; ++b) { - if (b == saved) { - continue; - } - ctext[n] = b; - num = - RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); - if (num > 0) { - printf("Corrupt data decrypted!\n"); - err = 1; - } - } - } - - next: - RSA_free(key); - } - - if (err != 0 || - !test_only_d_given() || - !test_recover_crt_params() || - !test_bad_key()) { - err = 1; - } - - if (err == 0) { - printf("PASS\n"); - } - return err; -} diff --git a/src/crypto/rsa/rsa_test.cc b/src/crypto/rsa/rsa_test.cc new file mode 100644 index 0000000..d52b78b --- /dev/null +++ b/src/crypto/rsa/rsa_test.cc @@ -0,0 +1,869 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#include <openssl/rsa.h> + +#include <stdlib.h> +#include <string.h> + +#include <openssl/bn.h> +#include <openssl/bytestring.h> +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/obj.h> + +#include "../test/scoped_types.h" + + +// kPlaintext is a sample plaintext. +static const uint8_t kPlaintext[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; +static const size_t kPlaintextLen = sizeof(kPlaintext) - 1; + +// kKey1 is a DER-encoded RSAPrivateKey. +static const uint8_t kKey1[] = + "\x30\x82\x01\x38\x02\x01\x00\x02\x41\x00\xaa\x36\xab\xce\x88\xac\xfd\xff" + "\x55\x52\x3c\x7f\xc4\x52\x3f\x90\xef\xa0\x0d\xf3\x77\x4a\x25\x9f\x2e\x62" + "\xb4\xc5\xd9\x9c\xb5\xad\xb3\x00\xa0\x28\x5e\x53\x01\x93\x0e\x0c\x70\xfb" + "\x68\x76\x93\x9c\xe6\x16\xce\x62\x4a\x11\xe0\x08\x6d\x34\x1e\xbc\xac\xa0" + "\xa1\xf5\x02\x01\x11\x02\x40\x0a\x03\x37\x48\x62\x64\x87\x69\x5f\x5f\x30" + "\xbc\x38\xb9\x8b\x44\xc2\xcd\x2d\xff\x43\x40\x98\xcd\x20\xd8\xa1\x38\xd0" + "\x90\xbf\x64\x79\x7c\x3f\xa7\xa2\xcd\xcb\x3c\xd1\xe0\xbd\xba\x26\x54\xb4" + "\xf9\xdf\x8e\x8a\xe5\x9d\x73\x3d\x9f\x33\xb3\x01\x62\x4a\xfd\x1d\x51\x02" + "\x21\x00\xd8\x40\xb4\x16\x66\xb4\x2e\x92\xea\x0d\xa3\xb4\x32\x04\xb5\xcf" + "\xce\x33\x52\x52\x4d\x04\x16\xa5\xa4\x41\xe7\x00\xaf\x46\x12\x0d\x02\x21" + "\x00\xc9\x7f\xb1\xf0\x27\xf4\x53\xf6\x34\x12\x33\xea\xaa\xd1\xd9\x35\x3f" + "\x6c\x42\xd0\x88\x66\xb1\xd0\x5a\x0f\x20\x35\x02\x8b\x9d\x89\x02\x20\x59" + "\x0b\x95\x72\xa2\xc2\xa9\xc4\x06\x05\x9d\xc2\xab\x2f\x1d\xaf\xeb\x7e\x8b" + "\x4f\x10\xa7\x54\x9e\x8e\xed\xf5\xb4\xfc\xe0\x9e\x05\x02\x21\x00\x8e\x3c" + "\x05\x21\xfe\x15\xe0\xea\x06\xa3\x6f\xf0\xf1\x0c\x99\x52\xc3\x5b\x7a\x75" + "\x14\xfd\x32\x38\xb8\x0a\xad\x52\x98\x62\x8d\x51\x02\x20\x36\x3f\xf7\x18" + "\x9d\xa8\xe9\x0b\x1d\x34\x1f\x71\xd0\x9b\x76\xa8\xa9\x43\xe1\x1d\x10\xb2" + "\x4d\x24\x9f\x2d\xea\xfe\xf8\x0c\x18\x26"; + +// kOAEPCiphertext1 is a sample encryption of |kPlaintext| with |kKey1| using +// RSA OAEP. +static const uint8_t kOAEPCiphertext1[] = + "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89\x2b\xfb" + "\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52\x33\x89\x5c\x74" + "\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44\xb0\x05\xc3\x9e\xd8\x27" + "\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; + +// kKey2 is a DER-encoded RSAPrivateKey. +static const uint8_t kKey2[] = + "\x30\x81\xfb\x02\x01\x00\x02\x33\x00\xa3\x07\x9a\x90\xdf\x0d\xfd\x72\xac" + "\x09\x0c\xcc\x2a\x78\xb8\x74\x13\x13\x3e\x40\x75\x9c\x98\xfa\xf8\x20\x4f" + "\x35\x8a\x0b\x26\x3c\x67\x70\xe7\x83\xa9\x3b\x69\x71\xb7\x37\x79\xd2\x71" + "\x7b\xe8\x34\x77\xcf\x02\x01\x03\x02\x32\x6c\xaf\xbc\x60\x94\xb3\xfe\x4c" + "\x72\xb0\xb3\x32\xc6\xfb\x25\xa2\xb7\x62\x29\x80\x4e\x68\x65\xfc\xa4\x5a" + "\x74\xdf\x0f\x8f\xb8\x41\x3b\x52\xc0\xd0\xe5\x3d\x9b\x59\x0f\xf1\x9b\xe7" + "\x9f\x49\xdd\x21\xe5\xeb\x02\x1a\x00\xcf\x20\x35\x02\x8b\x9d\x86\x98\x40" + "\xb4\x16\x66\xb4\x2e\x92\xea\x0d\xa3\xb4\x32\x04\xb5\xcf\xce\x91\x02\x1a" + "\x00\xc9\x7f\xb1\xf0\x27\xf4\x53\xf6\x34\x12\x33\xea\xaa\xd1\xd9\x35\x3f" + "\x6c\x42\xd0\x88\x66\xb1\xd0\x5f\x02\x1a\x00\x8a\x15\x78\xac\x5d\x13\xaf" + "\x10\x2b\x22\xb9\x99\xcd\x74\x61\xf1\x5e\x6d\x22\xcc\x03\x23\xdf\xdf\x0b" + "\x02\x1a\x00\x86\x55\x21\x4a\xc5\x4d\x8d\x4e\xcd\x61\x77\xf1\xc7\x36\x90" + "\xce\x2a\x48\x2c\x8b\x05\x99\xcb\xe0\x3f\x02\x1a\x00\x83\xef\xef\xb8\xa9" + "\xa4\x0d\x1d\xb6\xed\x98\xad\x84\xed\x13\x35\xdc\xc1\x08\xf3\x22\xd0\x57" + "\xcf\x8d"; + +// kOAEPCiphertext2 is a sample encryption of |kPlaintext| with |kKey2| using +// RSA OAEP. +static const uint8_t kOAEPCiphertext2[] = + "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a\x8b\x40" + "\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4\x17\x53\x03\x29" + "\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52\x62\x51"; + +// kKey3 is a DER-encoded RSAPrivateKey. +static const uint8_t kKey3[] = + "\x30\x82\x02\x5b\x02\x01\x00\x02\x81\x81\x00\xbb\xf8\x2f\x09\x06\x82\xce" + "\x9c\x23\x38\xac\x2b\x9d\xa8\x71\xf7\x36\x8d\x07\xee\xd4\x10\x43\xa4\x40" + "\xd6\xb6\xf0\x74\x54\xf5\x1f\xb8\xdf\xba\xaf\x03\x5c\x02\xab\x61\xea\x48" + "\xce\xeb\x6f\xcd\x48\x76\xed\x52\x0d\x60\xe1\xec\x46\x19\x71\x9d\x8a\x5b" + "\x8b\x80\x7f\xaf\xb8\xe0\xa3\xdf\xc7\x37\x72\x3e\xe6\xb4\xb7\xd9\x3a\x25" + "\x84\xee\x6a\x64\x9d\x06\x09\x53\x74\x88\x34\xb2\x45\x45\x98\x39\x4e\xe0" + "\xaa\xb1\x2d\x7b\x61\xa5\x1f\x52\x7a\x9a\x41\xf6\xc1\x68\x7f\xe2\x53\x72" + "\x98\xca\x2a\x8f\x59\x46\xf8\xe5\xfd\x09\x1d\xbd\xcb\x02\x01\x11\x02\x81" + "\x81\x00\xa5\xda\xfc\x53\x41\xfa\xf2\x89\xc4\xb9\x88\xdb\x30\xc1\xcd\xf8" + "\x3f\x31\x25\x1e\x06\x68\xb4\x27\x84\x81\x38\x01\x57\x96\x41\xb2\x94\x10" + "\xb3\xc7\x99\x8d\x6b\xc4\x65\x74\x5e\x5c\x39\x26\x69\xd6\x87\x0d\xa2\xc0" + "\x82\xa9\x39\xe3\x7f\xdc\xb8\x2e\xc9\x3e\xda\xc9\x7f\xf3\xad\x59\x50\xac" + "\xcf\xbc\x11\x1c\x76\xf1\xa9\x52\x94\x44\xe5\x6a\xaf\x68\xc5\x6c\x09\x2c" + "\xd3\x8d\xc3\xbe\xf5\xd2\x0a\x93\x99\x26\xed\x4f\x74\xa1\x3e\xdd\xfb\xe1" + "\xa1\xce\xcc\x48\x94\xaf\x94\x28\xc2\xb7\xb8\x88\x3f\xe4\x46\x3a\x4b\xc8" + "\x5b\x1c\xb3\xc1\x02\x41\x00\xee\xcf\xae\x81\xb1\xb9\xb3\xc9\x08\x81\x0b" + "\x10\xa1\xb5\x60\x01\x99\xeb\x9f\x44\xae\xf4\xfd\xa4\x93\xb8\x1a\x9e\x3d" + "\x84\xf6\x32\x12\x4e\xf0\x23\x6e\x5d\x1e\x3b\x7e\x28\xfa\xe7\xaa\x04\x0a" + "\x2d\x5b\x25\x21\x76\x45\x9d\x1f\x39\x75\x41\xba\x2a\x58\xfb\x65\x99\x02" + "\x41\x00\xc9\x7f\xb1\xf0\x27\xf4\x53\xf6\x34\x12\x33\xea\xaa\xd1\xd9\x35" + "\x3f\x6c\x42\xd0\x88\x66\xb1\xd0\x5a\x0f\x20\x35\x02\x8b\x9d\x86\x98\x40" + "\xb4\x16\x66\xb4\x2e\x92\xea\x0d\xa3\xb4\x32\x04\xb5\xcf\xce\x33\x52\x52" + "\x4d\x04\x16\xa5\xa4\x41\xe7\x00\xaf\x46\x15\x03\x02\x40\x54\x49\x4c\xa6" + "\x3e\xba\x03\x37\xe4\xe2\x40\x23\xfc\xd6\x9a\x5a\xeb\x07\xdd\xdc\x01\x83" + "\xa4\xd0\xac\x9b\x54\xb0\x51\xf2\xb1\x3e\xd9\x49\x09\x75\xea\xb7\x74\x14" + "\xff\x59\xc1\xf7\x69\x2e\x9a\x2e\x20\x2b\x38\xfc\x91\x0a\x47\x41\x74\xad" + "\xc9\x3c\x1f\x67\xc9\x81\x02\x40\x47\x1e\x02\x90\xff\x0a\xf0\x75\x03\x51" + "\xb7\xf8\x78\x86\x4c\xa9\x61\xad\xbd\x3a\x8a\x7e\x99\x1c\x5c\x05\x56\xa9" + "\x4c\x31\x46\xa7\xf9\x80\x3f\x8f\x6f\x8a\xe3\x42\xe9\x31\xfd\x8a\xe4\x7a" + "\x22\x0d\x1b\x99\xa4\x95\x84\x98\x07\xfe\x39\xf9\x24\x5a\x98\x36\xda\x3d" + "\x02\x41\x00\xb0\x6c\x4f\xda\xbb\x63\x01\x19\x8d\x26\x5b\xdb\xae\x94\x23" + "\xb3\x80\xf2\x71\xf7\x34\x53\x88\x50\x93\x07\x7f\xcd\x39\xe2\x11\x9f\xc9" + "\x86\x32\x15\x4f\x58\x83\xb1\x67\xa9\x67\xbf\x40\x2b\x4e\x9e\x2e\x0f\x96" + "\x56\xe6\x98\xea\x36\x66\xed\xfb\x25\x79\x80\x39\xf7"; + +// kOAEPCiphertext3 is a sample encryption of |kPlaintext| with |kKey3| using +// RSA OAEP. +static const uint8_t kOAEPCiphertext3[] = + "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7\x90\xc4" + "\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce\xf0\xc4\x36\x6f" + "\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3\xf2\xf1\x92\xdb\xea\xca" + "\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06\x69\xac\x22\xe9\xf3\xa7\x85\x2e" + "\x3c\x15\xd9\x13\xca\xb0\xb8\x86\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49" + "\x54\x61\x03\x46\xf4\xd4\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a" + "\x1f\xc4\x02\x6a\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20" + "\x2f\xb1"; + +static const uint8_t kTwoPrimeKey[] = + "\x30\x82\x04\xa1\x02\x01\x00\x02\x82\x01\x01\x00\x93\x3a\x4f\xc9\x6a\x0a" + "\x6b\x28\x04\xfa\xb7\x05\x56\xdf\xa0\xaa\x4f\xaa\xab\x94\xa0\xa9\x25\xef" + "\xc5\x96\xd2\xd4\x66\x16\x62\x2c\x13\x7b\x91\xd0\x36\x0a\x10\x11\x6d\x7a" + "\x91\xb6\xe4\x74\x57\xc1\x3d\x7a\xbe\x24\x05\x3a\x04\x0b\x73\x91\x53\xb1" + "\x74\x10\xe1\x87\xdc\x91\x28\x9c\x1e\xe5\xf2\xb9\xfc\xa2\x48\x34\xb6\x78" + "\xed\x6d\x95\xfb\xf2\xc0\x4e\x1c\xa4\x15\x00\x3c\x8a\x68\x2b\xd6\xce\xd5" + "\xb3\x9f\x66\x02\xa7\x0d\x08\xa3\x23\x9b\xe5\x36\x96\x13\x22\xf9\x69\xa6" + "\x87\x88\x9b\x85\x3f\x83\x9c\xab\x1a\x1b\x6d\x8d\x16\xf4\x5e\xbd\xee\x4b" + "\x59\x56\xf8\x9d\x58\xcd\xd2\x83\x85\x59\x43\x84\x63\x4f\xe6\x1a\x86\x66" + "\x0d\xb5\xa0\x87\x89\xb6\x13\x82\x43\xda\x34\x92\x3b\x68\xc4\x95\x71\x2f" + "\x15\xc2\xe0\x43\x67\x3c\x08\x00\x36\x10\xc3\xb4\x46\x4c\x4e\x6e\xf5\x44" + "\xa9\x04\x44\x9d\xce\xc7\x05\x79\xee\x11\xcf\xaf\x2c\xd7\x9a\x32\xd3\xa5" + "\x30\xd4\x3a\x78\x43\x37\x74\x22\x90\x24\x04\x11\xd7\x95\x08\x52\xa4\x71" + "\x41\x68\x94\xb0\xa0\xc3\xec\x4e\xd2\xc4\x30\x71\x98\x64\x9c\xe3\x7c\x76" + "\xef\x33\xa3\x2b\xb1\x87\x63\xd2\x5c\x09\xfc\x90\x2d\x92\xf4\x57\x02\x01" + "\x03\x02\x82\x01\x00\x62\x26\xdf\xdb\x9c\x06\xf2\x1a\xad\xfc\x7a\x03\x8f" + "\x3f\xc0\x71\x8a\x71\xc7\xb8\x6b\x1b\x6e\x9f\xd9\x0f\x37\x38\x44\x0e\xec" + "\x1d\x62\x52\x61\x35\x79\x5c\x0a\xb6\x48\xfc\x61\x24\x98\x4d\x8f\xd6\x28" + "\xfc\x7e\xc2\xae\x26\xad\x5c\xf7\xb6\x37\xcb\xa2\xb5\xeb\xaf\xe8\x60\xc5" + "\xbd\x69\xee\xa1\xd1\x53\x16\xda\xcd\xce\xfb\x48\xf3\xb9\x52\xa1\xd5\x89" + "\x68\x6d\x63\x55\x7d\xb1\x9a\xc7\xe4\x89\xe3\xcd\x14\xee\xac\x6f\x5e\x05" + "\xc2\x17\xbd\x43\x79\xb9\x62\x17\x50\xf1\x19\xaf\xb0\x67\xae\x2a\x57\xbd" + "\xc7\x66\xbc\xf3\xb3\x64\xa1\xe3\x16\x74\x9e\xea\x02\x5c\xab\x94\xd8\x97" + "\x02\x42\x0c\x2c\xba\x54\xb9\xaf\xe0\x45\x93\xad\x7f\xb3\x10\x6a\x96\x50" + "\x4b\xaf\xcf\xc8\x27\x62\x2d\x83\xe9\x26\xc6\x94\xc1\xef\x5c\x8e\x06\x42" + "\x53\xe5\x56\xaf\xc2\x99\x01\xaa\x9a\x71\xbc\xe8\x21\x33\x2a\x2d\xa3\x36" + "\xac\x1b\x86\x19\xf8\xcd\x1f\x80\xa4\x26\x98\xb8\x9f\x62\x62\xd5\x1a\x7f" + "\xee\xdb\xdf\x81\xd3\x21\xdb\x33\x92\xee\xff\xe2\x2f\x32\x77\x73\x6a\x58" + "\xab\x21\xf3\xe3\xe1\xbc\x4f\x12\x72\xa6\xb5\xc2\xfb\x27\x9e\xc8\xca\xab" + "\x64\xa0\x87\x07\x9d\xef\xca\x0f\xdb\x02\x81\x81\x00\xe6\xd3\x4d\xc0\xa1" + "\x91\x0e\x62\xfd\xb0\xdd\xc6\x30\xb8\x8c\xcb\x14\xc1\x4b\x69\x30\xdd\xcd" + "\x86\x67\xcb\x37\x14\xc5\x03\xd2\xb4\x69\xab\x3d\xe5\x16\x81\x0f\xe5\x50" + "\xf4\x18\xb1\xec\xbc\x71\xe9\x80\x99\x06\xe4\xa3\xfe\x44\x84\x4a\x2d\x1e" + "\x07\x7f\x22\x70\x6d\x4f\xd4\x93\x0b\x8b\x99\xce\x1e\xab\xcd\x4c\xd2\xd3" + "\x10\x47\x5c\x09\x9f\x6d\x82\xc0\x08\x75\xe3\x3d\x83\xc2\x19\x50\x29\xec" + "\x1f\x84\x29\xcc\xf1\x56\xee\xbd\x54\x5d\xe6\x19\xdf\x0d\x1c\xa4\xbb\x0a" + "\xfe\x84\x44\x29\x1d\xf9\x5c\x80\x96\x5b\x24\xb4\xf7\x02\x1b\x02\x81\x81" + "\x00\xa3\x48\xf1\x9c\x58\xc2\x5f\x38\xfb\xd8\x12\x39\xf1\x8e\x73\xa1\xcf" + "\x78\x12\xe0\xed\x2a\xbb\xef\xac\x23\xb2\xbf\xd6\x0c\xe9\x6e\x1e\xab\xea" + "\x3f\x68\x36\xa7\x1f\xe5\xab\xe0\x86\xa5\x76\x32\x98\xdd\x75\xb5\x2b\xbc" + "\xcb\x8a\x03\x00\x7c\x2e\xca\xf8\xbc\x19\xe4\xe3\xa3\x31\xbd\x1d\x20\x2b" + "\x09\xad\x6f\x4c\xed\x48\xd4\xdf\x87\xf9\xf0\x46\xb9\x86\x4c\x4b\x71\xe7" + "\x48\x78\xdc\xed\xc7\x82\x02\x44\xd3\xa6\xb3\x10\x5f\x62\x81\xfc\xb8\xe4" + "\x0e\xf4\x1a\xdd\xab\x3f\xbc\x63\x79\x5b\x39\x69\x5e\xea\xa9\x15\xfe\x90" + "\xec\xda\x75\x02\x81\x81\x00\x99\xe2\x33\xd5\xc1\x0b\x5e\xec\xa9\x20\x93" + "\xd9\x75\xd0\x5d\xdc\xb8\x80\xdc\xf0\xcb\x3e\x89\x04\x45\x32\x24\xb8\x83" + "\x57\xe1\xcd\x9b\xc7\x7e\x98\xb9\xab\x5f\xee\x35\xf8\x10\x76\x9d\xd2\xf6" + "\x9b\xab\x10\xaf\x43\x17\xfe\xd8\x58\x31\x73\x69\x5a\x54\xc1\xa0\x48\xdf" + "\xe3\x0c\xb2\x5d\x11\x34\x14\x72\x88\xdd\xe1\xe2\x0a\xda\x3d\x5b\xbf\x9e" + "\x57\x2a\xb0\x4e\x97\x7e\x57\xd6\xbb\x8a\xc6\x9d\x6a\x58\x1b\xdd\xf6\x39" + "\xf4\x7e\x38\x3e\x99\x66\x94\xb3\x68\x6d\xd2\x07\x54\x58\x2d\x70\xbe\xa6" + "\x3d\xab\x0e\xe7\x6d\xcd\xfa\x01\x67\x02\x81\x80\x6c\xdb\x4b\xbd\x90\x81" + "\x94\xd0\xa7\xe5\x61\x7b\xf6\x5e\xf7\xc1\x34\xfa\xb7\x40\x9e\x1c\x7d\x4a" + "\x72\xc2\x77\x2a\x8e\xb3\x46\x49\x69\xc7\xf1\x7f\x9a\xcf\x1a\x15\x43\xc7" + "\xeb\x04\x6e\x4e\xcc\x65\xe8\xf9\x23\x72\x7d\xdd\x06\xac\xaa\xfd\x74\x87" + "\x50\x7d\x66\x98\x97\xc2\x21\x28\xbe\x15\x72\x06\x73\x9f\x88\x9e\x30\x8d" + "\xea\x5a\xa6\xa0\x2f\x26\x59\x88\x32\x4b\xef\x85\xa5\xe8\x9e\x85\x01\x56" + "\xd8\x8d\x19\xcc\xb5\x94\xec\x56\xa8\x7b\x42\xb4\xa2\xbc\x93\xc7\x7f\xd2" + "\xec\xfb\x92\x26\x46\x3f\x47\x1b\x63\xff\x0b\x48\x91\xa3\x02\x81\x80\x2c" + "\x4a\xb9\xa4\x46\x7b\xff\x50\x7e\xbf\x60\x47\x3b\x2b\x66\x82\xdc\x0e\x53" + "\x65\x71\xe9\xda\x2a\xb8\x32\x93\x42\xb7\xff\xea\x67\x66\xf1\xbc\x87\x28" + "\x65\x29\x79\xca\xab\x93\x56\xda\x95\xc1\x26\x44\x3d\x27\xc1\x91\xc6\x9b" + "\xd9\xec\x9d\xb7\x49\xe7\x16\xee\x99\x87\x50\x95\x81\xd4\x5c\x5b\x5a\x5d" + "\x0a\x43\xa5\xa7\x8f\x5a\x80\x49\xa0\xb7\x10\x85\xc7\xf4\x42\x34\x86\xb6" + "\x5f\x3f\x88\x9e\xc7\xf5\x59\x29\x39\x68\x48\xf2\xd7\x08\x5b\x92\x8e\x6b" + "\xea\xa5\x63\x5f\xc0\xfb\xe4\xe1\xb2\x7d\xb7\x40\xe9\x55\x06\xbf\x58\x25" + "\x6f"; + +static const uint8_t kTwoPrimeEncryptedMessage[] = { + 0x63, 0x0a, 0x30, 0x45, 0x43, 0x11, 0x45, 0xb7, 0x99, 0x67, 0x90, 0x35, + 0x37, 0x27, 0xff, 0xbc, 0xe0, 0xbf, 0xa6, 0xd1, 0x47, 0x50, 0xbb, 0x6c, + 0x1c, 0xaa, 0x66, 0xf2, 0xff, 0x9d, 0x9a, 0xa6, 0xb4, 0x16, 0x63, 0xb0, + 0xa1, 0x7c, 0x7c, 0x0c, 0xef, 0xb3, 0x66, 0x52, 0x42, 0xd7, 0x5e, 0xf3, + 0xa4, 0x15, 0x33, 0x40, 0x43, 0xe8, 0xb1, 0xfc, 0xe0, 0x42, 0x83, 0x46, + 0x28, 0xce, 0xde, 0x7b, 0x01, 0xeb, 0x28, 0x92, 0x70, 0xdf, 0x8d, 0x54, + 0x9e, 0xed, 0x23, 0xb4, 0x78, 0xc3, 0xca, 0x85, 0x53, 0x48, 0xd6, 0x8a, + 0x87, 0xf7, 0x69, 0xcd, 0x82, 0x8c, 0x4f, 0x5c, 0x05, 0x55, 0xa6, 0x78, + 0x89, 0xab, 0x4c, 0xd8, 0xa9, 0xd6, 0xa5, 0xf4, 0x29, 0x4c, 0x23, 0xc8, + 0xcf, 0xf0, 0x4c, 0x64, 0x6b, 0x4e, 0x02, 0x17, 0x69, 0xd6, 0x47, 0x83, + 0x30, 0x43, 0x02, 0x29, 0xda, 0xda, 0x75, 0x3b, 0xd7, 0xa7, 0x2b, 0x31, + 0xb3, 0xe9, 0x71, 0xa4, 0x41, 0xf7, 0x26, 0x9b, 0xcd, 0x23, 0xfa, 0x45, + 0x3c, 0x9b, 0x7d, 0x28, 0xf7, 0xf9, 0x67, 0x04, 0xba, 0xfc, 0x46, 0x75, + 0x11, 0x3c, 0xd5, 0x27, 0x43, 0x53, 0xb1, 0xb6, 0x9e, 0x18, 0xeb, 0x11, + 0xb4, 0x25, 0x20, 0x30, 0x0b, 0xe0, 0x1c, 0x17, 0x36, 0x22, 0x10, 0x0f, + 0x99, 0xb5, 0x50, 0x14, 0x73, 0x07, 0xf0, 0x2f, 0x5d, 0x4c, 0xe3, 0xf2, + 0x86, 0xc2, 0x05, 0xc8, 0x38, 0xed, 0xeb, 0x2a, 0x4a, 0xab, 0x76, 0xe3, + 0x1a, 0x75, 0x44, 0xf7, 0x6e, 0x94, 0xdc, 0x25, 0x62, 0x7e, 0x31, 0xca, + 0xc2, 0x73, 0x51, 0xb5, 0x03, 0xfb, 0xf9, 0xf6, 0xb5, 0x8d, 0x4e, 0x6c, + 0x21, 0x0e, 0xf9, 0x97, 0x26, 0x57, 0xf3, 0x52, 0x72, 0x07, 0xf8, 0xb4, + 0xcd, 0xb4, 0x39, 0xcf, 0xbf, 0x78, 0xcc, 0xb6, 0x87, 0xf9, 0xb7, 0x8b, + 0x6a, 0xce, 0x9f, 0xc8, +}; + +static const uint8_t kThreePrimeKey[] = + "\x30\x82\x04\xd7\x02\x01\x01\x02\x82\x01\x00\x62\x91\xe9\xea\xb3\x5d\x6c" + "\x29\xae\x21\x83\xbb\xb5\x82\xb1\x9e\xea\xe0\x64\x5b\x1e\x2f\x5e\x2c\x0a" + "\x80\x3d\x29\xd4\xfa\x9a\xe7\x44\xe6\x21\xbd\x98\xc0\x3d\xe0\x53\x59\xae" + "\xd3\x3e\xfe\xc4\xc2\xc4\x5a\x5a\x89\x07\xf4\x4f\xdc\xb0\x6a\xd4\x3e\x99" + "\x7d\x7a\x97\x26\x4e\xe1\x93\xca\x6e\xed\x07\xfc\xb4\xfa\x95\x1e\x73\x7b" + "\x86\x08\x6a\xb9\xd4\x29\xb0\x7e\x59\xb7\x9d\x7b\xeb\x67\x6e\xf0\xbb\x5e" + "\xcf\xb9\xcd\x58\x93\xf0\xe7\x88\x17\x6c\x0d\x76\x1e\xb9\x27\x9a\x4d\x02" + "\x16\xb6\x49\x6d\xa7\x83\x23\x4d\x02\x48\x0c\x0c\x1f\x0e\x85\x21\xe3\x06" + "\x76\x0a\x73\xe6\xc1\x21\xfa\x30\x18\x78\x29\x5c\x31\xd0\x29\xae\x6f\x7d" + "\x87\xd8\x2f\x16\xfa\xbc\x67\x8a\x94\x71\x59\x9b\xec\x22\x40\x55\x9f\xc2" + "\x94\xb5\xbd\x78\x01\xc9\xef\x18\xc8\x6d\x0d\xdc\x53\x42\xb2\x5c\xab\x65" + "\x05\xbd\x35\x08\x85\x1b\xf8\xe9\x47\xbc\xfe\xc5\xae\x47\x29\x63\x44\x8e" + "\x4d\xb7\x47\xab\x0d\xd8\x76\x68\x4f\xc7\x07\x02\xe4\x86\xb0\xcf\xd8\x19" + "\xad\xf4\x85\x76\x8b\x3b\x4e\x40\x8d\x29\x7a\x8a\x07\x36\xf3\x78\xae\x17" + "\xa6\x8f\x53\x58\x65\x4c\x86\x9e\xd7\x8b\xec\x38\x4f\x99\xc7\x02\x01\x03" + "\x02\x82\x01\x00\x41\xb6\x9b\xf1\xcc\xe8\xf2\xc6\x74\x16\x57\xd2\x79\x01" + "\xcb\xbf\x47\x40\x42\xe7\x69\x74\xe9\x72\xb1\xaa\xd3\x71\x38\xa7\x11\xef" + "\x83\x44\x16\x7e\x65\xd5\x7e\x95\x8c\xe6\x74\x8c\xd4\xa9\xd8\x81\xd8\x3c" + "\x3c\x5b\x5a\xa2\xdf\xe8\x75\x9c\x8d\x7f\x10\xfe\x51\xba\x19\x89\xeb\xb7" + "\xdc\x49\xf3\x5a\xa8\x78\xa7\x0e\x14\x4c\xfd\x04\x05\x9c\x7b\xe2\xc5\xa3" + "\x04\xee\xd9\x4c\xfd\x7d\x47\xb0\x0d\x9b\x3d\x70\x91\x81\x2c\xab\x2b\x87" + "\xad\x11\x68\x24\xfc\x2b\xd4\xee\x5e\x28\xeb\x6d\xab\xde\x0f\x77\x15\x58" + "\x76\x39\xc9\x59\x3a\x7f\x19\x9d\xc6\x7e\x86\xe4\xd5\x38\x70\x9e\xae\xb9" + "\xfb\x33\x33\xd1\x0c\x2d\xab\x01\x20\xe1\x8b\x29\x99\xd3\xeb\x87\x05\x72" + "\xaa\x43\x58\x64\x8e\x9e\x31\xdb\x45\x9b\x2b\xac\x58\x80\x5d\x33\xa2\x43" + "\x05\x96\xcc\xca\x2d\x04\x5f\xd6\xb7\x3d\x8b\x8f\x2d\xa3\xa5\xf8\x73\xf5" + "\xd7\xc0\x19\xff\x10\xe6\xee\x3a\x26\x2f\xe1\x64\x3d\x11\xcd\x2d\xe4\x0a" + "\x84\x27\xe3\xcb\x16\x62\x19\xe7\xe3\x0d\x13\xe8\x09\x5a\x53\xd0\x20\x56" + "\x15\xf5\xb3\x67\xac\xa1\xb5\x94\x6b\xab\xdc\x71\xc7\xbf\x0a\xde\x76\xf5" + "\x03\xa0\x30\xd8\x27\x9d\x00\x2b\x02\x57\x00\xf1\x4f\xc2\x86\x13\x06\x17" + "\xf7\x69\x7e\x37\xdf\x67\xc5\x32\xa0\x74\x1c\x32\x69\x0f\x9f\x08\x88\x24" + "\xb1\x51\xbc\xbc\x92\xba\x73\x1f\x9c\x75\xc2\x14\x6d\x4f\xc4\x5a\xcf\xda" + "\x44\x35\x00\x6b\x42\x3b\x9f\x14\xf1\x05\xb3\x51\x22\xb6\xbe\x9c\xe0\xc1" + "\x5c\x48\x61\xdf\x4e\x4c\x72\xb8\x05\x35\x7c\xac\xf1\xbb\xa0\x3b\x2a\xea" + "\xf7\x86\xe9\xd2\xff\x1e\x1d\x02\x56\x00\xca\xb1\x39\xf6\xa2\xc6\x3b\x65" + "\x45\x2f\x39\x00\xcd\x6e\xd6\x55\xf7\x71\x37\x89\xc2\xe7\x7a\xc0\x1a\xa6" + "\x2f\xea\x17\x7c\xaa\x2a\x91\x8f\xd4\xc7\x50\x8b\xab\x8e\x99\x3b\x33\x91" + "\xbc\x02\x10\x58\x4b\x58\x40\x9b\xc4\x8f\x48\x2b\xa7\x44\xfd\x07\x04\xf0" + "\x98\x67\x56\xea\x25\x92\x8b\x2e\x4b\x4a\xa1\xd3\xc2\xa4\xb4\x9b\x59\x70" + "\x32\xa6\xd8\x8b\xd9\x02\x57\x00\xa0\xdf\xd7\x04\x0c\xae\xba\xa4\xf0\xfe" + "\xcf\xea\x45\x2e\x21\xc0\x4d\x68\x21\x9b\x5f\xbf\x5b\x05\x6d\xcb\x8b\xd3" + "\x28\x61\xd1\xa2\x15\x12\xf9\x2c\x0d\x9e\x35\x2d\x91\xdf\xe6\xd8\x23\x55" + "\x9c\xd6\xd2\x6a\x0d\xf6\x03\xcc\xe0\xc1\xcf\x29\xbd\xeb\x2b\x92\xda\xeb" + "\xea\x34\x32\xf7\x25\x58\xce\x53\x1d\xf6\x7d\x15\x7c\xc7\x47\x4f\xaf\x46" + "\x8c\xaa\x14\x13\x02\x56\x00\x87\x20\xd1\x4f\x17\x2e\xd2\x43\x83\x74\xd0" + "\xab\x33\x9f\x39\x8e\xa4\xf6\x25\x06\x81\xef\xa7\x2a\xbc\x6e\xca\x9c\x0f" + "\xa8\x71\x71\xb6\x5f\xe3\x2f\x8b\x07\xc7\xb4\x66\x27\x77\xb6\x7d\x56\xb5" + "\x90\x32\x3a\xd5\xbd\x2d\xb4\xda\xc7\xc4\xd8\xa8\xaf\x58\xa0\x65\x9a\x39" + "\xf1\x6e\x61\xb2\x1e\xdc\xdc\x6b\xe2\x81\xc3\x23\x12\x3b\xa0\x21\xc4\x90" + "\x5d\x3b\x02\x57\x00\xe6\x8a\xaa\xb8\x6d\x2c\x81\x43\xb5\xd6\xa0\x2b\x42" + "\x49\xa9\x0a\x51\xfa\x18\xc8\x32\xea\x54\x18\xf3\x60\xc2\xb5\x4a\x43\x05" + "\x93\x9c\x01\xd9\x28\xed\x73\xfa\x82\xbc\x12\x64\xcb\xc4\x24\xa9\x3e\xae" + "\x7c\x4b\x8f\x94\x57\x7b\x14\x10\x41\xdc\x62\x12\x8c\xb2\x4a\x7c\xf6\x53" + "\xd4\xc6\xe4\xda\xd1\xa2\x00\x0e\x3d\x30\xf7\x05\x4f\x1d\x82\xbc\x52\xd9" + "\xb1\x30\x82\x01\x0a\x30\x82\x01\x06\x02\x56\x00\x84\x12\x4f\xf7\x3b\x65" + "\x53\x34\x6c\x6c\x4d\x77\xdf\xfd\x1f\xb6\x16\xe2\x25\x15\xca\xc9\xc1\x41" + "\x9a\x50\xda\xeb\x88\x4f\x3d\xb3\x01\x00\x44\xc4\xac\xe7\x14\x62\xa6\x56" + "\xde\xc5\xb7\xc3\x1d\x07\xbd\x7d\x64\xc5\x7e\x45\x25\x56\xed\x7a\xd2\x14" + "\xdb\x4e\x27\xd4\x1f\xf8\x94\xa7\xef\x07\xce\xdb\x24\xb7\xdd\x71\x5c\x63" + "\xc9\x33\xfe\xde\x40\x52\xeb\x02\x55\x58\x0c\x35\x4f\x7c\xee\x37\x78\x48" + "\x48\x33\xa5\x3f\xfe\x15\x24\x0f\x41\x6e\x0e\x87\x31\x2b\x81\x11\x8b\x3c" + "\x9d\x05\x8a\x29\x22\x00\xaa\xd8\x83\x1d\xef\x62\xec\x6e\xe4\x94\x83\xcf" + "\xd7\x68\xaf\xd3\xa8\xed\xd8\xfe\xd8\xc3\x8f\x48\xfc\x8c\x0d\xe7\x89\x6f" + "\xe2\xbf\xfb\x0d\xc5\x4a\x05\x34\x92\x18\x7a\x93\xa0\xe8\x42\x86\x22\xa9" + "\xe9\x80\x37\x47\x02\x55\x60\x76\xab\xde\x2b\xf5\xa2\x2c\xaa\x0c\x99\x81" + "\xee\x72\x2c\x7d\x22\x59\x2a\x35\xea\x50\x4e\x47\x6b\x92\x2d\x30\xa1\x01" + "\xa5\x9e\x26\x6e\x27\xca\xf5\xf2\x87\x5d\x31\xaf\xe9\x32\xcd\x10\xfd\x4d" + "\xdb\xf9\x86\x05\x12\x1b\x01\x84\x55\x97\x5f\xe2\x78\x27\xd9\xe4\x26\x7d" + "\xab\x0e\xe0\x1b\x6f\xcb\x4b\x14\xdd\xdc\xdc\x8b\xe8\x9f\xd0\x62\x96\xca" + "\xcf"; + +static const uint8_t kThreePrimeEncryptedMessage[] = { + 0x58, 0xd9, 0xea, 0x8a, 0xf6, 0x3d, 0xb4, 0xd9, 0xf7, 0xbb, 0x02, 0xc5, + 0x58, 0xd2, 0xa9, 0x46, 0x80, 0x70, 0x70, 0x16, 0x07, 0x64, 0x32, 0x4c, + 0x4e, 0x92, 0x61, 0xb7, 0xff, 0x92, 0xdc, 0xfc, 0xf8, 0xf0, 0x2c, 0x84, + 0x56, 0xbc, 0xe5, 0x93, 0x76, 0xe5, 0xa3, 0x72, 0x98, 0xf2, 0xdf, 0xef, + 0x99, 0x53, 0xf6, 0xd8, 0x4b, 0x09, 0xac, 0xa9, 0xa3, 0xdb, 0x63, 0xa1, + 0xb5, 0x09, 0x8e, 0x40, 0x84, 0x8f, 0x4d, 0xd5, 0x1d, 0xac, 0x6c, 0xaa, + 0x6b, 0x15, 0xe7, 0xb1, 0x0c, 0x67, 0xd2, 0xb2, 0x81, 0x58, 0x30, 0x0e, + 0x18, 0x27, 0xa1, 0x9b, 0x96, 0xad, 0xae, 0x76, 0x1a, 0x32, 0xf7, 0x10, + 0x0b, 0x53, 0x85, 0x31, 0xd6, 0x2a, 0xf6, 0x1c, 0x9f, 0xc2, 0xc7, 0xb1, + 0x05, 0x63, 0x0b, 0xa5, 0x07, 0x1f, 0x1c, 0x01, 0xf0, 0xe0, 0x06, 0xea, + 0x20, 0x69, 0x41, 0x19, 0x57, 0x92, 0x17, 0xf7, 0x0c, 0x5c, 0x66, 0x75, + 0x0e, 0xe5, 0xb3, 0xf1, 0x67, 0x3b, 0x27, 0x47, 0xb2, 0x8e, 0x1c, 0xb6, + 0x3f, 0xdd, 0x76, 0x42, 0x31, 0x13, 0x68, 0x96, 0xdf, 0x3b, 0xd4, 0x87, + 0xd9, 0x16, 0x44, 0x71, 0x52, 0x2e, 0x54, 0x3e, 0x09, 0xcd, 0x71, 0xc1, + 0x1e, 0x5e, 0x96, 0x13, 0xc9, 0x1e, 0xa4, 0xe6, 0xe6, 0x97, 0x2c, 0x6b, + 0xf2, 0xa9, 0x5c, 0xc6, 0x60, 0x2a, 0xbc, 0x82, 0xf8, 0xcb, 0xd4, 0xd7, + 0xea, 0x8a, 0xa1, 0x8a, 0xd9, 0xa5, 0x14, 0x8b, 0x9e, 0xf9, 0x25, 0x02, + 0xd2, 0xab, 0x0c, 0x42, 0xca, 0x2d, 0x45, 0xa3, 0x56, 0x5e, 0xa2, 0x2a, + 0xc8, 0x60, 0xa5, 0x87, 0x5d, 0x85, 0x5c, 0xde, 0xc7, 0xa2, 0x47, 0xc3, + 0x99, 0x29, 0x23, 0x79, 0x36, 0x88, 0xad, 0x40, 0x3e, 0x27, 0x7d, 0xf0, + 0xb6, 0xfa, 0x95, 0x20, 0x3c, 0xec, 0xfc, 0x56, 0x3b, 0x20, 0x91, 0xee, + 0x98, 0x10, 0x2c, 0x82, +}; + +static const uint8_t kSixPrimeKey[] = + "\x30\x82\x05\x20\x02\x01\x01\x02\x82\x01\x00\x1c\x04\x39\x44\xb9\xb8\x71" + "\x1c\x1c\xf7\xdc\x11\x1b\x85\x3b\x2b\xe8\xa6\xeb\xeb\xe9\xb6\x86\x97\x73" + "\x5d\x75\x46\xd1\x35\x25\xf8\x30\x9a\xc3\x57\x44\x89\xa6\x44\x59\xe3\x3a" + "\x60\xb5\x33\x84\x72\xa4\x03\xc5\x1a\x20\x98\x70\xbd\xe8\x3b\xc1\x9b\x8a" + "\x3a\x24\x45\xb6\x6a\x73\xb4\xd0\x6c\x18\xc6\xa7\x94\xd3\x24\x70\xf0\x2d" + "\x0c\xa5\xb2\x3b\xc5\x33\x90\x9d\x56\x8d\x33\xf6\x93\x7d\xa7\x95\x88\x05" + "\xdf\xf5\x65\x58\xb9\x5b\xd3\x07\x9c\x16\x8e\x74\xfc\xb8\x76\xaf\x62\x99" + "\x6c\xd4\xc5\xb3\x69\xe5\x64\xdf\x38\x00\x25\x24\xe9\xb1\x4a\x85\xa6\xf4" + "\xb6\x23\x68\x67\x4a\x2c\xbd\x9d\x01\x3b\x04\x8c\x70\x94\x82\x76\x45\x0c" + "\x8b\x95\x8a\x07\x1c\x32\xe7\x09\x97\x3a\xfd\xca\x57\xe9\x57\x0c\xae\x2b" + "\xa3\x25\xd1\xf2\x0d\x34\xa1\xe6\x2f\x7b\x1b\x36\x53\x83\x95\xb9\x26\x6e" + "\x4f\x36\x26\xf8\x47\xae\xdf\xe8\x4d\xf6\xb2\xff\x03\x23\x74\xfa\xa5\x6d" + "\xcb\xcb\x80\x12\xc3\x77\xf0\x19\xb7\xf2\x6b\x19\x5c\xde\x0a\xd7\xee\x8c" + "\x48\x2f\x50\x24\xa5\x2e\xcc\x2a\xed\xc2\x35\xe0\x3d\x29\x31\x17\xd6\x8f" + "\x44\xaa\x5b\x33\xbd\xb4\x88\x87\xd9\x29\x3f\x94\xe7\x75\xe3\x02\x01\x03" + "\x02\x82\x01\x00\x12\xad\x7b\x83\x26\x7a\xf6\x12\xbd\xfa\x92\xb6\x12\x58" + "\xd2\x1d\x45\xc4\x9d\x47\xf1\x24\x59\xba\x4c\xe8\xf8\xd9\xe0\xce\x19\x50" + "\x20\x67\x2c\xe4\xd8\x5b\xc4\x2d\x91\x41\xeb\x05\x4f\xf4\xb4\x20\xc7\xbc" + "\xd6\xe2\x5c\xa0\x27\xcf\xb8\xb3\x3b\x5c\xeb\x5e\x96\xb7\x99\x4b\x8a\xc3" + "\x70\xaf\x7f\xd8\x5f\xeb\xcb\x1a\x79\x44\x68\x97\x84\xd8\x29\x87\x64\xba" + "\x18\x2e\x95\x66\x1a\x7d\xd9\x35\x3a\x5c\x92\x7a\x81\x1b\x6c\xa9\xf8\xfa" + "\x05\x23\x18\x5b\xb2\xf8\x77\x1c\xc5\x1b\x7d\x26\x5f\x48\x69\x1b\xc4\x34" + "\xef\x6e\xa1\x15\xd2\xb2\xac\xb8\xa8\xed\x1e\xee\xdc\xb5\xb9\x5c\x79\x25" + "\x48\xbb\xe5\x9d\xd8\xe5\xe2\x94\xdf\xd5\x32\x22\x84\xbf\xc2\xaa\xa4\x54" + "\xbb\x29\xdb\x13\x4a\x28\x3d\x83\x3a\xff\xa3\xae\x38\x08\xfc\x36\x84\x91" + "\x30\xd1\xfd\x82\x64\xf1\x0f\xae\xba\xd7\x9a\x43\x58\x03\x5e\x5f\x01\xcb" + "\x8b\x90\x8d\x77\x34\x6f\x37\x40\xb6\x6d\x22\x23\x90\xb2\xfd\x32\xb5\x96" + "\x45\xbf\xae\x8c\xc4\x62\x03\x6c\x68\x90\x59\x31\x1a\xcb\xfb\xa4\x0b\x94" + "\x15\x13\xda\x1a\x8d\xa7\x0b\x34\x62\x93\xea\xbe\x6e\x71\xc2\x1d\xc8\x9d" + "\xac\x66\xcc\x31\x87\xff\x99\xab\x02\x2c\x00\xa5\x57\x41\x66\x87\x68\x02" + "\x6a\xdf\x97\xb0\xfe\x6b\x34\xc4\x33\x88\x2b\xce\x82\xaf\x2d\x33\x5a\xad" + "\x75\x2d\xac\xa5\xd6\x3a\x2d\x65\x43\x68\xfb\x44\x9e\xb8\x25\x05\xed\x97" + "\x02\x2c\x00\xd2\x77\x34\x24\xac\x60\x9a\xc4\x68\x34\xe5\x6a\xa3\xdc\xe2" + "\xb0\x58\x5c\x35\x83\x5a\xc7\xa7\xc1\x0b\x7e\x9e\xa5\x85\x32\x47\x93\x22" + "\xee\xb6\x59\xe9\xe3\x61\x94\xd0\x0e\xcb\x02\x2b\x6e\x3a\x2b\x99\xaf\x9a" + "\xac\x47\x3f\xba\x75\xfe\xf2\x23\x2d\x77\xb0\x1d\x34\x57\x1f\x73\x77\x91" + "\xc8\xf8\xc9\x1d\xc3\xe4\x26\xc8\xee\x2c\xf0\xa7\x83\x14\x7a\xc3\x59\x49" + "\x0f\x02\x2c\x00\x8c\x4f\x78\x18\x72\xeb\x11\xd8\x45\x78\x98\xf1\xc2\x93" + "\x41\xca\xe5\x92\xce\x57\x91\xda\x6f\xd6\x07\xa9\xbf\x19\x03\x76\xda\x62" + "\x17\x49\xce\xe6\x9b\xec\xeb\xb8\x8a\xb4\x87\x02\x2c\x00\xa3\xc2\x29\xa6" + "\xa7\xe1\x3c\xe9\xcf\x0f\x50\x51\x1c\xcc\xc8\x5b\x08\x9c\x97\x24\x3a\x86" + "\x23\xa8\x0b\xbb\x54\xa6\xb9\x70\x3d\x1d\xd0\x1b\xa3\xac\xd9\xb2\x03\x80" + "\xd7\x67\xec\x30\x82\x02\x29\x30\x81\x88\x02\x2c\x00\x97\x5d\x3b\xf2\xcc" + "\xba\xd9\x77\x67\xaa\xd2\x22\xa7\xa3\x49\x08\xc7\xb8\x27\xa1\x59\x4b\xa7" + "\xa5\xd2\x74\x05\xe7\x5a\x35\xd7\x25\x79\x18\x20\x8a\x25\xec\x3b\x52\xaf" + "\xcb\xdb\x02\x2b\x64\xe8\xd2\xa1\xdd\xd1\xe6\x4f\x9a\x71\xe1\x6c\x6f\xc2" + "\x30\xb0\x85\x25\x6f\xc0\xe6\x32\x6f\xc3\xe1\xa2\xae\x9a\x3c\x23\xe4\xc3" + "\xa6\x10\x15\xb1\x6e\x9d\x7c\xe1\xca\x87\xe7\x02\x2b\x5e\xef\x25\x29\xed" + "\xf6\x52\x15\xd3\x60\xb6\x88\xcf\x0f\xe2\x24\xa4\x04\x97\x9c\x9d\x58\x13" + "\xbb\x00\x6d\x39\xf6\xad\x21\x7e\x56\x2c\x2e\x06\x06\xc4\x6d\x44\xac\x79" + "\x1f\xe5\x30\x81\x89\x02\x2c\x00\xdb\xf1\x78\xf9\xa4\x94\xea\x39\x8a\x3f" + "\x23\x48\x2a\x23\x8f\xd2\x18\x97\xd2\xdf\x0f\xb8\x2b\x33\xa0\xe8\x8f\xbc" + "\x4e\x42\xfd\x54\xc7\x0f\xde\xba\x6d\xba\x96\xa7\xce\x67\x3d\x02\x2c\x00" + "\x92\xa0\xfb\x51\x18\x63\x46\xd1\x06\xd4\xc2\x30\x1c\x17\xb5\x36\xbb\x0f" + "\xe1\xea\x0a\x7a\xc7\x77\xc0\x9b\x0a\x7d\x89\x81\xfe\x38\x84\xb5\x3f\x26" + "\xf3\xd1\xb9\xc5\x34\x44\xd3\x02\x2b\x4c\xbd\x1d\x44\xc8\x19\x23\xd8\xb3" + "\x96\x66\x4b\x62\xcb\x3e\xe6\x6c\x11\xdf\xb2\x92\xd3\xc8\x34\xb9\xa6\x5a" + "\x2f\x19\xf4\x0b\xb2\xe6\x8e\xa6\xaf\xa3\xae\xa4\xb3\x92\xc4\x79\x30\x81" + "\x85\x02\x2b\x00\x89\xab\x30\xfc\x7b\x37\x94\x11\x9f\x4d\x31\x3b\xac\x09" + "\x57\xe6\x64\xec\xa0\xc8\xf8\x04\x1a\xf9\x2a\xa4\x4b\x36\x18\xbb\x5f\xdc" + "\xcd\xf0\xc8\xcb\x97\xd1\xdf\x13\x12\x3f\x02\x2a\x5b\xc7\x75\xfd\xa7\x7a" + "\x62\xb6\x6a\x33\x76\x27\xc8\x06\x3a\x99\x98\x9d\xc0\x85\xfa\xad\x67\x50" + "\xc7\x18\x32\x24\x10\x7c\xea\x93\x33\xf5\xdb\x32\x65\x36\x94\xb7\x61\x7f" + "\x02\x2a\x16\x6c\x96\xa1\x50\x6f\x3a\x92\xc0\x75\x43\xb5\x6b\x9c\x17\x09" + "\xd3\xf0\x67\x69\x45\x92\xfb\x7b\x50\xa8\x42\x9b\x33\x92\xab\xd5\xe6\x49" + "\xb3\x26\x99\x55\x16\x3a\x39\x63\x30\x81\x87\x02\x2b\x00\xc1\x25\x19\x1d" + "\x6e\x18\xcb\x2d\x64\xe2\xe6\xb6\x1c\xe4\xaa\x9c\xb9\xee\x18\xd4\xf7\x5f" + "\x66\x40\xf0\xe1\x31\x38\xf2\x53\x00\x8b\xcc\xe4\x0d\xb7\x81\xb4\xe6\x1c" + "\x19\xaf\x02\x2b\x00\x80\xc3\x66\x13\x9e\xbb\x32\x1e\x43\x41\xef\x24\x13" + "\x43\x1c\x68\x7b\xf4\x10\x8d\xfa\x3f\x99\x80\xa0\x96\x20\xd0\xa1\x8c\xab" + "\x07\xdd\xed\x5e\x7a\x56\x78\x99\x68\x11\x1f\x02\x2b\x00\xb0\x59\xea\x67" + "\x93\x42\xbf\x07\x54\x38\x41\xcb\x73\xa4\x0e\xc2\xae\x56\x19\x41\xc9\x8a" + "\xb2\x2f\xa8\x0a\xb1\x4e\x12\x39\x2e\xc0\x94\x9a\xc6\xa3\xe4\xaf\x8a\x16" + "\x06\xb8"; + +static const uint8_t kSixPrimeEncryptedMessage[] = { + 0x0a, 0xcb, 0x6c, 0x02, 0x9d, 0x1a, 0x7c, 0xf3, 0x4e, 0xff, 0x16, 0x88, + 0xee, 0x22, 0x1d, 0x8d, 0xd2, 0xfd, 0xde, 0x83, 0xb3, 0xd9, 0x35, 0x2c, + 0x82, 0xe0, 0xff, 0xe6, 0x79, 0x6d, 0x06, 0x21, 0x74, 0xa8, 0x04, 0x0c, + 0xe2, 0xd3, 0x98, 0x3f, 0xbf, 0xd0, 0xe9, 0x88, 0x24, 0xe2, 0x05, 0xa4, + 0x45, 0x51, 0x87, 0x6b, 0x1c, 0xef, 0x5f, 0x2d, 0x61, 0xb6, 0xf1, 0x4c, + 0x1f, 0x3d, 0xbf, 0x4b, 0xf2, 0xda, 0x09, 0x97, 0x81, 0xde, 0x91, 0xb7, + 0x0d, 0xb4, 0xc2, 0xab, 0x41, 0x64, 0x9d, 0xd9, 0x39, 0x46, 0x79, 0x66, + 0x43, 0xf1, 0x34, 0x21, 0x56, 0x2f, 0xc6, 0x68, 0x40, 0x4a, 0x2d, 0x73, + 0x96, 0x50, 0xe1, 0xb0, 0xaf, 0x49, 0x39, 0xb4, 0xf0, 0x3a, 0x78, 0x38, + 0x70, 0xa9, 0x91, 0x5d, 0x5e, 0x07, 0xf4, 0xec, 0xbb, 0xc4, 0xe5, 0x8a, + 0xb8, 0x06, 0xba, 0xdf, 0xc6, 0x48, 0x78, 0x4b, 0xca, 0x2a, 0x8a, 0x92, + 0x64, 0xe3, 0xa6, 0xae, 0x87, 0x97, 0x12, 0x16, 0x46, 0x67, 0x59, 0xdf, + 0xf2, 0xf3, 0x89, 0x6f, 0xe8, 0xa9, 0x13, 0x57, 0x63, 0x4e, 0x07, 0x98, + 0xcc, 0x73, 0xa0, 0x84, 0x9d, 0xe8, 0xb3, 0x50, 0x59, 0xb5, 0x51, 0xb3, + 0x41, 0x7d, 0x55, 0xfe, 0xd9, 0xf0, 0xc6, 0xff, 0x6e, 0x96, 0x4f, 0x22, + 0xb2, 0x0d, 0x6b, 0xc9, 0x83, 0x2d, 0x98, 0x98, 0xb2, 0xd1, 0xb7, 0xe4, + 0x50, 0x83, 0x1a, 0xa9, 0x02, 0x9f, 0xaf, 0x54, 0x74, 0x2a, 0x2c, 0x63, + 0x10, 0x79, 0x45, 0x5c, 0x95, 0x0d, 0xa1, 0x9b, 0x55, 0xf3, 0x1e, 0xb7, + 0x56, 0x59, 0xf1, 0x59, 0x8d, 0xd6, 0x15, 0x89, 0xf6, 0xfe, 0xc0, 0x00, + 0xdd, 0x1f, 0x2b, 0xf0, 0xf7, 0x5d, 0x64, 0x84, 0x76, 0xd3, 0xc2, 0x92, + 0x35, 0xac, 0xb5, 0xf9, 0xf6, 0xa8, 0x05, 0x89, 0x4c, 0x95, 0x41, 0x4e, + 0x34, 0x25, 0x11, 0x14, +}; + +// kEstonianRSAKey is an RSAPublicKey encoded with a negative modulus. See +// https://crbug.com/532048. +static const uint8_t kEstonianRSAKey[] = { + 0x30, 0x82, 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0x96, 0xa6, 0x2e, 0x9c, + 0x4e, 0x6a, 0xc3, 0xcc, 0xcd, 0x8f, 0x70, 0xc3, 0x55, 0xbf, 0x5e, 0x9c, + 0xd4, 0xf3, 0x17, 0xc3, 0x97, 0x70, 0xae, 0xdf, 0x12, 0x5c, 0x15, 0x80, + 0x03, 0xef, 0x2b, 0x18, 0x9d, 0x6a, 0xcb, 0x52, 0x22, 0xc1, 0x81, 0xb8, + 0x7e, 0x61, 0xe8, 0x0f, 0x79, 0x24, 0x0f, 0x82, 0x70, 0x24, 0x4e, 0x29, + 0x20, 0x05, 0x54, 0xeb, 0xd4, 0xa9, 0x65, 0x59, 0xb6, 0x3c, 0x75, 0x95, + 0x2f, 0x4c, 0xf6, 0x9d, 0xd1, 0xaf, 0x5f, 0x14, 0x14, 0xe7, 0x25, 0xea, + 0xa5, 0x47, 0x5d, 0xc6, 0x3e, 0x28, 0x8d, 0xdc, 0x54, 0x87, 0x2a, 0x7c, + 0x10, 0xe9, 0xc6, 0x76, 0x2d, 0xe7, 0x79, 0xd8, 0x0e, 0xbb, 0xa9, 0xac, + 0xb5, 0x18, 0x98, 0xd6, 0x47, 0x6e, 0x06, 0x70, 0xbf, 0x9e, 0x82, 0x25, + 0x95, 0x4e, 0xfd, 0x70, 0xd7, 0x73, 0x45, 0x2e, 0xc1, 0x1f, 0x7a, 0x9a, + 0x9d, 0x60, 0xc0, 0x1f, 0x67, 0x06, 0x2a, 0x4e, 0x87, 0x3f, 0x19, 0x88, + 0x69, 0x64, 0x4d, 0x9f, 0x75, 0xf5, 0xd3, 0x1a, 0x41, 0x3d, 0x35, 0x17, + 0xb6, 0xd1, 0x44, 0x0d, 0x25, 0x8b, 0xe7, 0x94, 0x39, 0xb0, 0x7c, 0xaf, + 0x3e, 0x6a, 0xfa, 0x8d, 0x90, 0x21, 0x0f, 0x8a, 0x43, 0x94, 0x37, 0x7c, + 0x2a, 0x15, 0x4c, 0xa0, 0xfa, 0xa9, 0x2f, 0x21, 0xa6, 0x6f, 0x8e, 0x2f, + 0x89, 0xbc, 0xbb, 0x33, 0xf8, 0x31, 0xfc, 0xdf, 0xcd, 0x68, 0x9a, 0xbc, + 0x75, 0x06, 0x95, 0xf1, 0x3d, 0xef, 0xca, 0x76, 0x27, 0xd2, 0xba, 0x8e, + 0x0e, 0x1c, 0x43, 0xd7, 0x70, 0xb9, 0xc6, 0x15, 0xca, 0xd5, 0x4d, 0x87, + 0xb9, 0xd1, 0xae, 0xde, 0x69, 0x73, 0x00, 0x2a, 0x97, 0x51, 0x4b, 0x30, + 0x01, 0xc2, 0x85, 0xd0, 0x05, 0xcc, 0x2e, 0xe8, 0xc7, 0x42, 0xe7, 0x94, + 0x51, 0xe3, 0xf5, 0x19, 0x35, 0xdc, 0x57, 0x96, 0xe7, 0xd9, 0xb4, 0x49, + 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +static bool TestRSA(const uint8_t *der, size_t der_len, + const uint8_t *oaep_ciphertext, + size_t oaep_ciphertext_len) { + ScopedRSA key(d2i_RSAPrivateKey(nullptr, &der, der_len)); + if (!key) { + return false; + } + + if (!RSA_check_key(key.get())) { + fprintf(stderr, "RSA_check_key failed\n"); + return false; + } + + uint8_t ciphertext[256]; + + int num = RSA_public_encrypt(kPlaintextLen, kPlaintext, ciphertext, key.get(), + RSA_PKCS1_PADDING); + if (num < 0 || (size_t)num != RSA_size(key.get())) { + fprintf(stderr, "PKCS#1 v1.5 encryption failed!\n"); + return false; + } + + uint8_t plaintext[256]; + num = RSA_private_decrypt(num, ciphertext, plaintext, key.get(), + RSA_PKCS1_PADDING); + if (num < 0 || + (size_t)num != kPlaintextLen || memcmp(plaintext, kPlaintext, num) != 0) { + fprintf(stderr, "PKCS#1 v1.5 decryption failed!\n"); + return false; + } + + num = RSA_public_encrypt(kPlaintextLen, kPlaintext, ciphertext, key.get(), + RSA_PKCS1_OAEP_PADDING); + if (num < 0 || (size_t)num != RSA_size(key.get())) { + fprintf(stderr, "OAEP encryption failed!\n"); + return false; + } + + num = RSA_private_decrypt(num, ciphertext, plaintext, key.get(), + RSA_PKCS1_OAEP_PADDING); + if (num < 0 || + (size_t)num != kPlaintextLen || memcmp(plaintext, kPlaintext, num) != 0) { + fprintf(stderr, "OAEP decryption (encrypted data) failed!\n"); + return false; + } + + // |oaep_ciphertext| should decrypt to |kPlaintext|. + num = RSA_private_decrypt(oaep_ciphertext_len, oaep_ciphertext, plaintext, + key.get(), RSA_PKCS1_OAEP_PADDING); + + if (num < 0 || + (size_t)num != kPlaintextLen || memcmp(plaintext, kPlaintext, num) != 0) { + fprintf(stderr, "OAEP decryption (test vector data) failed!\n"); + return false; + } + + // Try decrypting corrupted ciphertexts. + memcpy(ciphertext, oaep_ciphertext, oaep_ciphertext_len); + for (size_t i = 0; i < oaep_ciphertext_len; i++) { + uint8_t saved = ciphertext[i]; + for (unsigned b = 0; b < 256; b++) { + if (b == saved) { + continue; + } + ciphertext[i] = b; + num = RSA_private_decrypt(num, ciphertext, plaintext, key.get(), + RSA_PKCS1_OAEP_PADDING); + if (num > 0) { + fprintf(stderr, "Corrupt data decrypted!\n"); + return false; + } + } + ciphertext[i] = saved; + } + + return true; +} + +static bool TestMultiPrimeKey(int nprimes, const uint8_t *der, size_t der_size, + const uint8_t *enc, size_t enc_size) { + ScopedRSA rsa(d2i_RSAPrivateKey(nullptr, &der, der_size)); + if (!rsa) { + fprintf(stderr, "%d-prime key failed to parse.\n", nprimes); + ERR_print_errors_fp(stderr); + return false; + } + + if (!RSA_check_key(rsa.get())) { + fprintf(stderr, "RSA_check_key failed for %d-prime key.\n", nprimes); + ERR_print_errors_fp(stderr); + return false; + } + + uint8_t out[256]; + size_t out_len; + if (!RSA_decrypt(rsa.get(), &out_len, out, sizeof(out), enc, enc_size, + RSA_PKCS1_PADDING) || + out_len != 11 || + memcmp(out, "hello world", 11) != 0) { + fprintf(stderr, "%d-prime key failed to decrypt.\n", nprimes); + ERR_print_errors_fp(stderr); + return false; + } + + return true; +} + +static bool TestMultiPrimeKeygen() { + static const char kMessage[] = "Hello world."; + static const size_t kBits = 1024; + uint8_t encrypted[kBits / 8], decrypted[kBits / 8]; + size_t encrypted_len, decrypted_len; + + ScopedRSA rsa(RSA_new()); + ScopedBIGNUM e(BN_new()); + if (!rsa || !e || + !BN_set_word(e.get(), RSA_F4) || + !RSA_generate_multi_prime_key(rsa.get(), kBits, 3, e.get(), nullptr) || + !RSA_check_key(rsa.get()) || + !RSA_encrypt(rsa.get(), &encrypted_len, encrypted, sizeof(encrypted), + (const uint8_t *)kMessage, sizeof(kMessage), + RSA_PKCS1_PADDING) || + !RSA_decrypt(rsa.get(), &decrypted_len, decrypted, sizeof(decrypted), + encrypted, encrypted_len, RSA_PKCS1_PADDING) || + decrypted_len != sizeof(kMessage) || + memcmp(decrypted, kMessage, sizeof(kMessage)) != 0) { + ERR_print_errors_fp(stderr); + return false; + } + + return true; +} + +static bool TestBadKey() { + ScopedRSA key(RSA_new()); + ScopedBIGNUM e(BN_new()); + + if (!key || !e || !BN_set_word(e.get(), RSA_F4)) { + return false; + } + + if (!RSA_generate_key_ex(key.get(), 512, e.get(), nullptr)) { + fprintf(stderr, "RSA_generate_key_ex failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + if (!BN_add(key->p, key->p, BN_value_one())) { + fprintf(stderr, "BN error.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + if (RSA_check_key(key.get())) { + fprintf(stderr, "RSA_check_key passed with invalid key!\n"); + return false; + } + + ERR_clear_error(); + return true; +} + +static bool TestOnlyDGiven() { + uint8_t buf[64]; + unsigned buf_len = sizeof(buf); + ScopedRSA key(RSA_new()); + if (!key || + !BN_hex2bn(&key->n, + "00e77bbf3889d4ef36a9a25d4d69f3f632eb4362214c74517da6d6aeaa9bd" + "09ac42b26621cd88f3a6eb013772fc3bf9f83914b6467231c630202c35b3e" + "5808c659") || + !BN_hex2bn(&key->e, "010001") || + !BN_hex2bn(&key->d, + "0365db9eb6d73b53b015c40cd8db4de7dd7035c68b5ac1bf786d7a4ee2cea" + "316eaeca21a73ac365e58713195f2ae9849348525ca855386b6d028e437a9" + "495a01") || + RSA_size(key.get()) > sizeof(buf)) { + return false; + } + + if (!RSA_check_key(key.get())) { + fprintf(stderr, "RSA_check_key failed with only d given.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + const uint8_t kDummyHash[16] = {0}; + + if (!RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, &buf_len, + key.get())) { + fprintf(stderr, "RSA_sign failed with only d given.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + if (!RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, buf_len, + key.get())) { + fprintf(stderr, "RSA_verify failed with only d given.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + return true; +} + +static bool TestRecoverCRTParams() { + ScopedBIGNUM e(BN_new()); + if (!e || !BN_set_word(e.get(), RSA_F4)) { + return false; + } + + ERR_clear_error(); + + for (unsigned i = 0; i < 1; i++) { + ScopedRSA key1(RSA_new()); + if (!key1 || + !RSA_generate_key_ex(key1.get(), 512, e.get(), nullptr)) { + fprintf(stderr, "RSA_generate_key_ex failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + if (!RSA_check_key(key1.get())) { + fprintf(stderr, "RSA_check_key failed with original key.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + ScopedRSA key2(RSA_new()); + if (!key2) { + return false; + } + key2->n = BN_dup(key1->n); + key2->e = BN_dup(key1->e); + key2->d = BN_dup(key1->d); + if (key2->n == nullptr || key2->e == nullptr || key2->d == nullptr) { + return false; + } + + if (!RSA_recover_crt_params(key2.get())) { + fprintf(stderr, "RSA_recover_crt_params failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + uint8_t buf[128]; + unsigned buf_len = sizeof(buf); + if (RSA_size(key2.get()) > buf_len) { + return false; + } + + if (!RSA_check_key(key2.get())) { + fprintf(stderr, "RSA_check_key failed with recovered key.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + const uint8_t kDummyHash[16] = {0}; + if (!RSA_sign(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, &buf_len, + key2.get())) { + fprintf(stderr, "RSA_sign failed with recovered key.\n"); + ERR_print_errors_fp(stderr); + return false; + } + + if (!RSA_verify(NID_sha256, kDummyHash, sizeof(kDummyHash), buf, buf_len, + key2.get())) { + fprintf(stderr, "RSA_verify failed with recovered key.\n"); + ERR_print_errors_fp(stderr); + return false; + } + } + + return true; +} + +static bool TestASN1() { + // Test that private keys may be decoded. + ScopedRSA rsa(RSA_private_key_from_bytes(kKey1, sizeof(kKey1) - 1)); + if (!rsa) { + return false; + } + + // Test that the serialization round-trips. + uint8_t *der; + size_t der_len; + if (!RSA_private_key_to_bytes(&der, &der_len, rsa.get())) { + return false; + } + ScopedOpenSSLBytes delete_der(der); + if (der_len != sizeof(kKey1) - 1 || memcmp(der, kKey1, der_len) != 0) { + return false; + } + + // Test that serializing public keys works. + if (!RSA_public_key_to_bytes(&der, &der_len, rsa.get())) { + return false; + } + delete_der.reset(der); + + // Public keys may be parsed back out. + rsa.reset(RSA_public_key_from_bytes(der, der_len)); + if (!rsa || rsa->p != NULL || rsa->q != NULL) { + return false; + } + + // Serializing the result round-trips. + uint8_t *der2; + size_t der2_len; + if (!RSA_public_key_to_bytes(&der2, &der2_len, rsa.get())) { + return false; + } + ScopedOpenSSLBytes delete_der2(der2); + if (der_len != der2_len || memcmp(der, der2, der_len) != 0) { + return false; + } + + // Public keys cannot be serialized as private keys. + if (RSA_private_key_to_bytes(&der, &der_len, rsa.get())) { + OPENSSL_free(der); + return false; + } + ERR_clear_error(); + + // Public keys with negative moduli are invalid. + rsa.reset(RSA_public_key_from_bytes(kEstonianRSAKey, + sizeof(kEstonianRSAKey))); + if (rsa) { + return false; + } + ERR_clear_error(); + + // But |RSA_parse_public_key_buggy| will accept it. + CBS cbs; + CBS_init(&cbs, kEstonianRSAKey, sizeof(kEstonianRSAKey)); + rsa.reset(RSA_parse_public_key_buggy(&cbs)); + if (!rsa || CBS_len(&cbs) != 0) { + return false; + } + + return true; +} + +int main(int argc, char *argv[]) { + CRYPTO_library_init(); + + if (!TestRSA(kKey1, sizeof(kKey1) - 1, kOAEPCiphertext1, + sizeof(kOAEPCiphertext1) - 1) || + !TestRSA(kKey2, sizeof(kKey2) - 1, kOAEPCiphertext2, + sizeof(kOAEPCiphertext2) - 1) || + !TestRSA(kKey3, sizeof(kKey3) - 1, kOAEPCiphertext3, + sizeof(kOAEPCiphertext3) - 1) || + !TestOnlyDGiven() || + !TestRecoverCRTParams() || + !TestBadKey() || + !TestMultiPrimeKey(2, kTwoPrimeKey, sizeof(kTwoPrimeKey) - 1, + kTwoPrimeEncryptedMessage, + sizeof(kTwoPrimeEncryptedMessage)) || + !TestMultiPrimeKey(3, kThreePrimeKey, sizeof(kThreePrimeKey) - 1, + kThreePrimeEncryptedMessage, + sizeof(kThreePrimeEncryptedMessage)) || + !TestMultiPrimeKey(6, kSixPrimeKey, sizeof(kSixPrimeKey) - 1, + kSixPrimeEncryptedMessage, + sizeof(kSixPrimeEncryptedMessage)) || + !TestMultiPrimeKeygen() || + !TestASN1()) { + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/sha/CMakeLists.txt b/src/crypto/sha/CMakeLists.txt index 5a10c85..ecff09b 100644 --- a/src/crypto/sha/CMakeLists.txt +++ b/src/crypto/sha/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) if (${ARCH} STREQUAL "x86_64") set( diff --git a/src/crypto/sha/asm/sha1-586.pl b/src/crypto/sha/asm/sha1-586.pl index 4895eb3..e0b5d83 100644 --- a/src/crypto/sha/asm/sha1-586.pl +++ b/src/crypto/sha/asm/sha1-586.pl @@ -66,9 +66,9 @@ # switch to AVX alone improves performance by as little as 4% in # comparison to SSSE3 code path. But below result doesn't look like # 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as -# pair of µ-ops, and it's the additional µ-ops, two per round, that +# pair of µ-ops, and it's the additional µ-ops, two per round, that # make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded -# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with +# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with # equivalent 'sh[rl]d' that is responsible for the impressive 5.1 # cycles per processed byte. But 'sh[rl]d' is not something that used # to be fast, nor does it appear to be fast in upcoming Bulldozer diff --git a/src/crypto/sha/asm/sha1-armv4-large.pl b/src/crypto/sha/asm/sha1-armv4-large.pl index a20d336..64e2ed6 100644 --- a/src/crypto/sha/asm/sha1-armv4-large.pl +++ b/src/crypto/sha/asm/sha1-armv4-large.pl @@ -178,7 +178,7 @@ ___ } $code=<<___; -#include "arm_arch.h" +#include <openssl/arm_arch.h> .text .code 32 diff --git a/src/crypto/sha/asm/sha1-armv8.pl b/src/crypto/sha/asm/sha1-armv8.pl index a8c08c2..1c4fe4a 100644 --- a/src/crypto/sha/asm/sha1-armv8.pl +++ b/src/crypto/sha/asm/sha1-armv8.pl @@ -162,7 +162,7 @@ ___ } $code.=<<___; -#include "arm_arch.h" +#include <openssl/arm_arch.h> .text diff --git a/src/crypto/sha/asm/sha256-586.pl b/src/crypto/sha/asm/sha256-586.pl index 6462e45..e907714 100644 --- a/src/crypto/sha/asm/sha256-586.pl +++ b/src/crypto/sha/asm/sha256-586.pl @@ -10,7 +10,7 @@ # SHA256 block transform for x86. September 2007. # # Performance improvement over compiler generated code varies from -# 10% to 40% [see below]. Not very impressive on some µ-archs, but +# 10% to 40% [see below]. Not very impressive on some µ-archs, but # it's 5 times smaller and optimizies amount of writes. # # May 2012. diff --git a/src/crypto/sha/asm/sha256-armv4.pl b/src/crypto/sha/asm/sha256-armv4.pl index df71676..7e07147 100644 --- a/src/crypto/sha/asm/sha256-armv4.pl +++ b/src/crypto/sha/asm/sha256-armv4.pl @@ -168,7 +168,7 @@ ___ $code=<<___; #ifndef __KERNEL__ -# include "arm_arch.h" +# include <openssl/arm_arch.h> #else # define __ARM_ARCH__ __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 diff --git a/src/crypto/sha/asm/sha512-586.pl b/src/crypto/sha/asm/sha512-586.pl index e96ec00..2f6a202 100644 --- a/src/crypto/sha/asm/sha512-586.pl +++ b/src/crypto/sha/asm/sha512-586.pl @@ -37,7 +37,7 @@ # # IALU code-path is optimized for elder Pentiums. On vanilla Pentium # performance improvement over compiler generated code reaches ~60%, -# while on PIII - ~35%. On newer µ-archs improvement varies from 15% +# while on PIII - ~35%. On newer µ-archs improvement varies from 15% # to 50%, but it's less important as they are expected to execute SSE2 # code-path, which is commonly ~2-3x faster [than compiler generated # code]. SSE2 code-path is as fast as original sha512-sse2.pl, even diff --git a/src/crypto/sha/asm/sha512-armv4.pl b/src/crypto/sha/asm/sha512-armv4.pl index 2964a39..cd3662a 100644 --- a/src/crypto/sha/asm/sha512-armv4.pl +++ b/src/crypto/sha/asm/sha512-armv4.pl @@ -191,7 +191,7 @@ ___ } $code=<<___; #ifndef __KERNEL__ -# include "arm_arch.h" +# include <openssl/arm_arch.h> # define VFP_ABI_PUSH vstmdb sp!,{d8-d15} # define VFP_ABI_POP vldmia sp!,{d8-d15} #else diff --git a/src/crypto/sha/asm/sha512-armv8.pl b/src/crypto/sha/asm/sha512-armv8.pl index 43e7293..40eb17a 100644 --- a/src/crypto/sha/asm/sha512-armv8.pl +++ b/src/crypto/sha/asm/sha512-armv8.pl @@ -164,7 +164,7 @@ ___ } $code.=<<___; -#include "arm_arch.h" +#include <openssl/arm_arch.h> .text diff --git a/src/crypto/stack/CMakeLists.txt b/src/crypto/stack/CMakeLists.txt index bdb0599..dcd8ef4 100644 --- a/src/crypto/stack/CMakeLists.txt +++ b/src/crypto/stack/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( stack diff --git a/src/crypto/test/CMakeLists.txt b/src/crypto/test/CMakeLists.txt index 84a6174..8c75314 100644 --- a/src/crypto/test/CMakeLists.txt +++ b/src/crypto/test/CMakeLists.txt @@ -5,4 +5,5 @@ add_library( file_test.cc malloc.cc + test_util.cc ) diff --git a/src/crypto/test/file_test.cc b/src/crypto/test/file_test.cc index 8df6f9a..6723350 100644 --- a/src/crypto/test/file_test.cc +++ b/src/crypto/test/file_test.cc @@ -128,6 +128,7 @@ FileTest::ReadResult FileTest::ReadNext() { const char *delimiter = FindDelimiter(buf); if (delimiter == nullptr) { fprintf(stderr, "Line %u: Could not parse attribute.\n", line_); + return kReadError; } std::string key = StripSpace(buf, delimiter - buf); std::string value = StripSpace(delimiter + 1, diff --git a/src/crypto/test/file_test.h b/src/crypto/test/file_test.h index 7303d8a..24651ab 100644 --- a/src/crypto/test/file_test.h +++ b/src/crypto/test/file_test.h @@ -18,11 +18,19 @@ #include <stdint.h> #include <stdio.h> +#if defined(_MSC_VER) +#pragma warning(push) +#pragma warning(disable: 4702) +#endif + #include <string> #include <map> #include <set> #include <vector> +#if defined(_MSC_VER) +#pragma warning(pop) +#endif // File-based test framework. // diff --git a/src/crypto/test/malloc.cc b/src/crypto/test/malloc.cc index 9ffdf01..898f2a7 100644 --- a/src/crypto/test/malloc.cc +++ b/src/crypto/test/malloc.cc @@ -34,6 +34,8 @@ #if defined(__linux__) && defined(OPENSSL_GLIBC) && !defined(OPENSSL_ARM) && \ !defined(OPENSSL_AARCH64) && !defined(OPENSSL_ASAN) +#include <errno.h> +#include <signal.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> @@ -45,14 +47,14 @@ /* This file defines overrides for the standard allocation functions that allow * a given allocation to be made to fail for testing. If the program is run * with MALLOC_NUMBER_TO_FAIL set to a base-10 number then that allocation will - * return NULL. If MALLOC_ABORT_ON_FAIL is also defined then the allocation - * will abort() rather than return NULL. + * return NULL. If MALLOC_BREAK_ON_FAIL is also defined then the allocation + * will signal SIGTRAP rather than return NULL. * * This code is not thread safe. */ static uint64_t current_malloc_count = 0; static uint64_t malloc_number_to_fail = 0; -static char failure_enabled = 0, abort_on_fail = 0; +static char failure_enabled = 0, break_on_fail = 0; static int in_call = 0; extern "C" { @@ -95,7 +97,7 @@ static int should_fail_allocation() { std::set_new_handler(cpp_new_handler); } } - abort_on_fail = (NULL != getenv("MALLOC_ABORT_ON_FAIL")); + break_on_fail = (NULL != getenv("MALLOC_BREAK_ON_FAIL")); init = 1; } @@ -108,8 +110,8 @@ static int should_fail_allocation() { should_fail = (current_malloc_count == malloc_number_to_fail); current_malloc_count++; - if (should_fail && abort_on_fail) { - abort(); + if (should_fail && break_on_fail) { + raise(SIGTRAP); } return should_fail; } @@ -118,6 +120,7 @@ extern "C" { void *malloc(size_t size) { if (should_fail_allocation()) { + errno = ENOMEM; return NULL; } @@ -126,6 +129,7 @@ void *malloc(size_t size) { void *calloc(size_t num_elems, size_t size) { if (should_fail_allocation()) { + errno = ENOMEM; return NULL; } @@ -134,6 +138,7 @@ void *calloc(size_t num_elems, size_t size) { void *realloc(void *ptr, size_t size) { if (should_fail_allocation()) { + errno = ENOMEM; return NULL; } diff --git a/src/crypto/test/scoped_types.h b/src/crypto/test/scoped_types.h index c5c8cfe..e44c6ed 100644 --- a/src/crypto/test/scoped_types.h +++ b/src/crypto/test/scoped_types.h @@ -18,6 +18,7 @@ #include <stdint.h> #include <stdio.h> +#include <openssl/aead.h> #include <openssl/bio.h> #include <openssl/bn.h> #include <openssl/cmac.h> @@ -112,9 +113,13 @@ using ScopedPKCS12 = ScopedOpenSSLType<PKCS12, PKCS12_free>; using ScopedRSA = ScopedOpenSSLType<RSA, RSA_free>; using ScopedX509 = ScopedOpenSSLType<X509, X509_free>; using ScopedX509_ALGOR = ScopedOpenSSLType<X509_ALGOR, X509_ALGOR_free>; +using ScopedX509_SIG = ScopedOpenSSLType<X509_SIG, X509_SIG_free>; using ScopedX509Stack = ScopedOpenSSLStack<STACK_OF(X509), X509, X509_free>; +using ScopedEVP_AEAD_CTX = ScopedOpenSSLContext<EVP_AEAD_CTX, void, + EVP_AEAD_CTX_zero, + EVP_AEAD_CTX_cleanup>; using ScopedEVP_CIPHER_CTX = ScopedOpenSSLContext<EVP_CIPHER_CTX, int, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX_cleanup>; diff --git a/src/crypto/test/test_util.cc b/src/crypto/test/test_util.cc new file mode 100644 index 0000000..8021aaa --- /dev/null +++ b/src/crypto/test/test_util.cc @@ -0,0 +1,30 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <stdint.h> +#include <stdio.h> + +#include "test_util.h" + + +void hexdump(FILE *fp, const char *msg, const void *in, size_t len) { + const uint8_t *data = reinterpret_cast<const uint8_t*>(in); + size_t i; + + fputs(msg, fp); + for (i = 0; i < len; i++) { + fprintf(fp, "%02x", data[i]); + } + fputs("\n", fp); +} diff --git a/src/crypto/test/test_util.h b/src/crypto/test/test_util.h new file mode 100644 index 0000000..972e206 --- /dev/null +++ b/src/crypto/test/test_util.h @@ -0,0 +1,35 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H +#define OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H + +#include <stddef.h> +#include <stdio.h> + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* hexdump writes |msg| to |fp| followed by the hex encoding of |len| bytes + * from |in|. */ +void hexdump(FILE *fp, const char *msg, const void *in, size_t len); + + +#if defined(__cplusplus) +} +#endif + +#endif /* OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H */ diff --git a/src/crypto/x509/CMakeLists.txt b/src/crypto/x509/CMakeLists.txt index 3bb5704..258c263 100644 --- a/src/crypto/x509/CMakeLists.txt +++ b/src/crypto/x509/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( x509 @@ -15,6 +15,7 @@ add_library( i2d_pr.c pkcs7.c t_crl.c + t_req.c t_x509.c t_x509a.c x509.c diff --git a/src/crypto/x509/a_digest.c b/src/crypto/x509/a_digest.c index 6060bbd..430e2e6 100644 --- a/src/crypto/x509/a_digest.c +++ b/src/crypto/x509/a_digest.c @@ -71,7 +71,7 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, i=i2d(data,NULL); if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) { - OPENSSL_PUT_ERROR(X509, ASN1_digest, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(0); } p=str; diff --git a/src/crypto/x509/a_sign.c b/src/crypto/x509/a_sign.c index f219c23..4e9be8a 100644 --- a/src/crypto/x509/a_sign.c +++ b/src/crypto/x509/a_sign.c @@ -106,7 +106,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, if ((buf_in == NULL) || (buf_out == NULL)) { outl=0; - OPENSSL_PUT_ERROR(X509, ASN1_item_sign_ctx, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } @@ -114,7 +114,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, || !EVP_DigestSignFinal(ctx, buf_out, &outl)) { outl=0; - OPENSSL_PUT_ERROR(X509, ASN1_item_sign_ctx, ERR_R_EVP_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); goto err; } if (signature->data != NULL) OPENSSL_free(signature->data); diff --git a/src/crypto/x509/a_verify.c b/src/crypto/x509/a_verify.c index 72e0a62..572a139 100644 --- a/src/crypto/x509/a_verify.c +++ b/src/crypto/x509/a_verify.c @@ -80,13 +80,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (!pkey) { - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, X509_R_INVALID_BIT_STRING_BITS_LEFT); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_BIT_STRING_BITS_LEFT); return 0; } @@ -101,7 +101,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (buf_in == NULL) { - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } @@ -109,7 +109,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, { OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_EVP_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); goto err; } @@ -119,7 +119,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (EVP_DigestVerifyFinal(&ctx,signature->data, (size_t)signature->length) <= 0) { - OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_EVP_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); goto err; } /* we don't need to zero the 'ctx' because we just checked diff --git a/src/crypto/x509/asn1_gen.c b/src/crypto/x509/asn1_gen.c index d4d1ee6..850a816 100644 --- a/src/crypto/x509/asn1_gen.c +++ b/src/crypto/x509/asn1_gen.c @@ -171,7 +171,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) { if (!cnf) { - OPENSSL_PUT_ERROR(ASN1, ASN1_generate_v3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); return NULL; } ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); @@ -314,7 +314,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) if (utype == -1) { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_TAG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG); ERR_add_error_data(2, "tag=", elem); return -1; } @@ -327,7 +327,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) /* If no value and not end of string, error */ if (!vstart && elem[len]) { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_MISSING_VALUE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE); return -1; } return 0; @@ -340,7 +340,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) /* Check for illegal multiple IMPLICIT tagging */ if (arg->imp_tag != -1) { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_ILLEGAL_NESTED_TAGGING); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING); return -1; } if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) @@ -378,7 +378,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) case ASN1_GEN_FLAG_FORMAT: if (!vstart) { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); return -1; } if (!strncmp(vstart, "ASCII", 5)) @@ -391,7 +391,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) arg->format = ASN1_GEN_FORMAT_BITLIST; else { - OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); return -1; } break; @@ -415,7 +415,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) return 0; if (tag_num < 0) { - OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_NUMBER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); return 0; } *ptag = tag_num; @@ -448,7 +448,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) default: erch[0] = *eptr; erch[1] = 0; - OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_MODIFIER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER); ERR_add_error_data(2, "Char=", erch); return 0; break; @@ -534,13 +534,13 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_cons /* Can only have IMPLICIT if permitted */ if ((arg->imp_tag != -1) && !imp_ok) { - OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_ILLEGAL_IMPLICIT_TAG); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG); return 0; } if (arg->exp_count == ASN1_FLAG_EXP_MAX) { - OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_DEPTH_EXCEEDED); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED); return 0; } @@ -658,7 +658,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (!(atmp = ASN1_TYPE_new())) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return NULL; } @@ -671,7 +671,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_NULL: if (str && *str) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_NULL_VALUE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE); goto bad_form; } break; @@ -679,7 +679,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_BOOLEAN: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT); goto bad_form; } vtmp.name = NULL; @@ -687,7 +687,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) vtmp.value = (char *)str; if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BOOLEAN); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN); goto bad_str; } break; @@ -696,12 +696,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_ENUMERATED: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_INTEGER_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT); goto bad_form; } if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_INTEGER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER); goto bad_str; } break; @@ -709,12 +709,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_OBJECT: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_OBJECT_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT); goto bad_form; } if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_OBJECT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT); goto bad_str; } break; @@ -723,23 +723,23 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_GENERALIZEDTIME: if (format != ASN1_GEN_FORMAT_ASCII) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_TIME_NOT_ASCII_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT); goto bad_form; } if (!(atmp->value.asn1_string = ASN1_STRING_new())) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } atmp->value.asn1_string->type = utype; if (!ASN1_TIME_check(atmp->value.asn1_string)) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_TIME_VALUE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE); goto bad_str; } @@ -761,7 +761,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) format = MBSTRING_UTF8; else { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT); goto bad_form; } @@ -769,7 +769,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, -1, format, ASN1_tag2bit(utype)) <= 0) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } @@ -782,7 +782,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (!(atmp->value.asn1_string = ASN1_STRING_new())) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); goto bad_form; } @@ -791,7 +791,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) if (!(rdata = string_to_hex((char *)str, &rdlen))) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_HEX); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); goto bad_str; } @@ -806,7 +806,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) { if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_LIST_ERROR); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR); goto bad_str; } no_unused = 0; @@ -814,7 +814,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) } else { - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BITSTRING_FORMAT); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT); goto bad_form; } @@ -830,7 +830,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) break; default: - OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_UNSUPPORTED_TYPE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE); goto bad_str; break; } @@ -860,12 +860,12 @@ static int bitstr_cb(const char *elem, int len, void *bitstr) return 0; if (bitnum < 0) { - OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ASN1_R_INVALID_NUMBER); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); return 0; } if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { - OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); return 0; } return 1; diff --git a/src/crypto/x509/by_dir.c b/src/crypto/x509/by_dir.c index 34bb1e4..3393dfa 100644 --- a/src/crypto/x509/by_dir.c +++ b/src/crypto/x509/by_dir.c @@ -139,7 +139,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, X509_FILETYPE_PEM); if (!ret) { - OPENSSL_PUT_ERROR(X509, dir_ctrl, X509_R_LOADING_CERT_DIR); + OPENSSL_PUT_ERROR(X509, X509_R_LOADING_CERT_DIR); } } else @@ -208,7 +208,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) if (dir == NULL || !*dir) { - OPENSSL_PUT_ERROR(X509, add_cert_dir, X509_R_INVALID_DIRECTORY); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_DIRECTORY); return 0; } @@ -237,7 +237,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) ctx->dirs = sk_BY_DIR_ENTRY_new_null(); if (!ctx->dirs) { - OPENSSL_PUT_ERROR(X509, add_cert_dir, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } } @@ -311,13 +311,13 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, } else { - OPENSSL_PUT_ERROR(X509, get_cert_by_subject, X509_R_WRONG_LOOKUP_TYPE); + OPENSSL_PUT_ERROR(X509, X509_R_WRONG_LOOKUP_TYPE); goto finish; } if ((b=BUF_MEM_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, get_cert_by_subject, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); goto finish; } @@ -337,7 +337,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, j=strlen(ent->dir)+1+8+6+1+1; if (!BUF_MEM_grow(b,j)) { - OPENSSL_PUT_ERROR(X509, get_cert_by_subject, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto finish; } if (type == X509_LU_CRL && ent->hashes) diff --git a/src/crypto/x509/by_file.c b/src/crypto/x509/by_file.c index 2fdbce4..f1d6194 100644 --- a/src/crypto/x509/by_file.c +++ b/src/crypto/x509/by_file.c @@ -109,7 +109,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, if (!ok) { - OPENSSL_PUT_ERROR(X509, by_file_ctrl, X509_R_LOADING_DEFAULTS); + OPENSSL_PUT_ERROR(X509, X509_R_LOADING_DEFAULTS); } } else @@ -137,7 +137,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) { - OPENSSL_PUT_ERROR(X509, X509_load_cert_file, ERR_R_SYS_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB); goto err; } @@ -156,7 +156,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) } else { - OPENSSL_PUT_ERROR(X509, X509_load_cert_file, ERR_R_PEM_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB); goto err; } } @@ -173,7 +173,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) x=d2i_X509_bio(in,NULL); if (x == NULL) { - OPENSSL_PUT_ERROR(X509, X509_load_cert_file, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); goto err; } i=X509_STORE_add_cert(ctx->store_ctx,x); @@ -182,7 +182,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) } else { - OPENSSL_PUT_ERROR(X509, X509_load_cert_file, X509_R_BAD_X509_FILETYPE); + OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE); goto err; } err: @@ -203,7 +203,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) { - OPENSSL_PUT_ERROR(X509, X509_load_crl_file, ERR_R_SYS_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB); goto err; } @@ -222,7 +222,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) } else { - OPENSSL_PUT_ERROR(X509, X509_load_crl_file, ERR_R_PEM_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB); goto err; } } @@ -239,7 +239,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) x=d2i_X509_CRL_bio(in,NULL); if (x == NULL) { - OPENSSL_PUT_ERROR(X509, X509_load_crl_file, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); goto err; } i=X509_STORE_add_crl(ctx->store_ctx,x); @@ -248,7 +248,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) } else { - OPENSSL_PUT_ERROR(X509, X509_load_crl_file, X509_R_BAD_X509_FILETYPE); + OPENSSL_PUT_ERROR(X509, X509_R_BAD_X509_FILETYPE); goto err; } err: @@ -268,13 +268,13 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) return X509_load_cert_file(ctx, file, type); in = BIO_new_file(file, "r"); if(!in) { - OPENSSL_PUT_ERROR(X509, X509_load_cert_crl_file, ERR_R_SYS_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_SYS_LIB); return 0; } inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); BIO_free(in); if(!inf) { - OPENSSL_PUT_ERROR(X509, X509_load_cert_crl_file, ERR_R_PEM_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_PEM_LIB); return 0; } for(i = 0; i < sk_X509_INFO_num(inf); i++) { diff --git a/src/crypto/x509/i2d_pr.c b/src/crypto/x509/i2d_pr.c index 443ca53..e7f4269 100644 --- a/src/crypto/x509/i2d_pr.c +++ b/src/crypto/x509/i2d_pr.c @@ -78,7 +78,7 @@ int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp) } /* Although this file is in crypto/x509 for layering reasons, it emits * an error code from ASN1 for OpenSSL compatibility. */ - OPENSSL_PUT_ERROR(ASN1, i2d_PrivateKey, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return -1; } diff --git a/src/crypto/x509/pkcs7.c b/src/crypto/x509/pkcs7.c index 99ee3da..2087f94 100644 --- a/src/crypto/x509/pkcs7.c +++ b/src/crypto/x509/pkcs7.c @@ -57,8 +57,7 @@ static int pkcs7_parse_header(uint8_t **der_bytes, CBS *out, CBS *cbs) { } if (OBJ_cbs2nid(&content_type) != NID_pkcs7_signed) { - OPENSSL_PUT_ERROR(X509, pkcs7_parse_header, - X509_R_NOT_PKCS7_SIGNED_DATA); + OPENSSL_PUT_ERROR(X509, X509_R_NOT_PKCS7_SIGNED_DATA); goto err; } @@ -73,8 +72,7 @@ static int pkcs7_parse_header(uint8_t **der_bytes, CBS *out, CBS *cbs) { } if (version < 1) { - OPENSSL_PUT_ERROR(X509, pkcs7_parse_header, - X509_R_BAD_PKCS7_VERSION); + OPENSSL_PUT_ERROR(X509, X509_R_BAD_PKCS7_VERSION); goto err; } @@ -103,8 +101,7 @@ int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs) { /* See https://tools.ietf.org/html/rfc2315#section-9.1 */ if (!CBS_get_asn1(&signed_data, &certificates, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { - OPENSSL_PUT_ERROR(X509, PKCS7_get_certificates, - X509_R_NO_CERTIFICATES_INCLUDED); + OPENSSL_PUT_ERROR(X509, X509_R_NO_CERTIFICATES_INCLUDED); goto err; } @@ -171,8 +168,7 @@ int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs) { if (!CBS_get_asn1(&signed_data, &crls, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 1)) { - OPENSSL_PUT_ERROR(X509, PKCS7_get_CRLs, - X509_R_NO_CRLS_INCLUDED); + OPENSSL_PUT_ERROR(X509, X509_R_NO_CRLS_INCLUDED); goto err; } diff --git a/src/crypto/x509/t_crl.c b/src/crypto/x509/t_crl.c index 93a7afb..a2d8bc7 100644 --- a/src/crypto/x509/t_crl.c +++ b/src/crypto/x509/t_crl.c @@ -70,7 +70,7 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_CRL_print_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); diff --git a/src/crypto/x509/t_req.c b/src/crypto/x509/t_req.c new file mode 100644 index 0000000..39c836c --- /dev/null +++ b/src/crypto/x509/t_req.c @@ -0,0 +1,246 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#include <stdio.h> + +#include <openssl/bn.h> +#include <openssl/buffer.h> +#include <openssl/err.h> +#include <openssl/objects.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> + + +int X509_REQ_print_fp(FILE *fp, X509_REQ *x) { + BIO *bio = BIO_new(BIO_s_file()); + if (bio == NULL) { + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); + return 0; + } + + BIO_set_fp(bio, fp, BIO_NOCLOSE); + int ret = X509_REQ_print(bio, x); + BIO_free(bio); + return ret; +} + +int X509_REQ_print_ex(BIO *bio, X509_REQ *x, unsigned long nmflags, + unsigned long cflag) { + long l; + EVP_PKEY *pkey; + STACK_OF(X509_ATTRIBUTE) * sk; + char mlch = ' '; + + int nmindent = 0; + + if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { + mlch = '\n'; + nmindent = 12; + } + + if (nmflags == X509_FLAG_COMPAT) { + nmindent = 16; + } + + X509_REQ_INFO *ri = x->req_info; + if (!(cflag & X509_FLAG_NO_HEADER)) { + if (BIO_write(bio, "Certificate Request:\n", 21) <= 0 || + BIO_write(bio, " Data:\n", 10) <= 0) { + goto err; + } + } + if (!(cflag & X509_FLAG_NO_VERSION)) { + l = X509_REQ_get_version(x); + if (BIO_printf(bio, "%8sVersion: %ld (0x%lx)\n", "", l + 1, l) <= 0) { + goto err; + } + } + if (!(cflag & X509_FLAG_NO_SUBJECT)) { + if (BIO_printf(bio, " Subject:%c", mlch) <= 0 || + X509_NAME_print_ex(bio, ri->subject, nmindent, nmflags) < 0 || + BIO_write(bio, "\n", 1) <= 0) { + goto err; + } + } + if (!(cflag & X509_FLAG_NO_PUBKEY)) { + if (BIO_write(bio, " Subject Public Key Info:\n", 33) <= 0 || + BIO_printf(bio, "%12sPublic Key Algorithm: ", "") <= 0 || + i2a_ASN1_OBJECT(bio, ri->pubkey->algor->algorithm) <= 0 || + BIO_puts(bio, "\n") <= 0) { + goto err; + } + + pkey = X509_REQ_get_pubkey(x); + if (pkey == NULL) { + BIO_printf(bio, "%12sUnable to load Public Key\n", ""); + ERR_print_errors(bio); + } else { + EVP_PKEY_print_public(bio, pkey, 16, NULL); + EVP_PKEY_free(pkey); + } + } + + if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { + if (BIO_printf(bio, "%8sAttributes:\n", "") <= 0) { + goto err; + } + + sk = x->req_info->attributes; + if (sk_X509_ATTRIBUTE_num(sk) == 0) { + if (BIO_printf(bio, "%12sa0:00\n", "") <= 0) { + goto err; + } + } else { + size_t i; + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + X509_ATTRIBUTE *a = sk_X509_ATTRIBUTE_value(sk, i); + ASN1_OBJECT *aobj = X509_ATTRIBUTE_get0_object(a); + + if (X509_REQ_extension_nid(OBJ_obj2nid(aobj))) { + continue; + } + + if (BIO_printf(bio, "%12s", "") <= 0) { + goto err; + } + + const int num_attrs = X509_ATTRIBUTE_count(a); + const int obj_str_len = i2a_ASN1_OBJECT(bio, aobj); + if (obj_str_len <= 0) { + if (BIO_puts(bio, "(Unable to print attribute ID.)\n") < 0) { + goto err; + } else { + continue; + } + } + + int j; + for (j = 0; j < num_attrs; j++) { + const ASN1_TYPE *at = X509_ATTRIBUTE_get0_type(a, j); + const int type = at->type; + ASN1_BIT_STRING *bs = at->value.asn1_string; + + int k; + for (k = 25 - obj_str_len; k > 0; k--) { + if (BIO_write(bio, " ", 1) != 1) { + goto err; + } + } + + if (BIO_puts(bio, ":") <= 0) { + goto err; + } + + if (type == V_ASN1_PRINTABLESTRING || + type == V_ASN1_UTF8STRING || + type == V_ASN1_IA5STRING || + type == V_ASN1_T61STRING) { + if (BIO_write(bio, (char *)bs->data, bs->length) != bs->length) { + goto err; + } + BIO_puts(bio, "\n"); + } else { + BIO_puts(bio, "unable to print attribute\n"); + } + } + } + } + } + + if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { + STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(x); + if (exts) { + BIO_printf(bio, "%8sRequested Extensions:\n", ""); + + size_t i; + for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { + X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i); + if (BIO_printf(bio, "%12s", "") <= 0) { + goto err; + } + ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex); + i2a_ASN1_OBJECT(bio, obj); + const int is_critical = X509_EXTENSION_get_critical(ex); + if (BIO_printf(bio, ": %s\n", is_critical ? "critical" : "") <= 0) { + goto err; + } + if (!X509V3_EXT_print(bio, ex, cflag, 16)) { + BIO_printf(bio, "%16s", ""); + ASN1_STRING_print(bio, X509_EXTENSION_get_data(ex)); + } + if (BIO_write(bio, "\n", 1) <= 0) { + goto err; + } + } + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + } + } + + if (!(cflag & X509_FLAG_NO_SIGDUMP) && + !X509_signature_print(bio, x->sig_alg, x->signature)) { + goto err; + } + + return 1; + +err: + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); + return 0; +} + +int X509_REQ_print(BIO *bio, X509_REQ *req) { + return X509_REQ_print_ex(bio, req, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +} diff --git a/src/crypto/x509/t_x509.c b/src/crypto/x509/t_x509.c index 2b9a421..7785ebf 100644 --- a/src/crypto/x509/t_x509.c +++ b/src/crypto/x509/t_x509.c @@ -74,7 +74,7 @@ int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cfla if ((b=BIO_new(BIO_s_file())) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_print_ex_fp, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); @@ -493,7 +493,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) if (0) { err: - OPENSSL_PUT_ERROR(X509, X509_NAME_print, ERR_R_BUF_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB); } OPENSSL_free(b); return(ret); diff --git a/src/crypto/x509/x509_att.c b/src/crypto/x509/x509_att.c index 90e7810..1491484 100644 --- a/src/crypto/x509/x509_att.c +++ b/src/crypto/x509/x509_att.c @@ -124,7 +124,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, if (x == NULL) { - OPENSSL_PUT_ERROR(X509, X509at_add1_attr, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); goto err2; } @@ -144,7 +144,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, *x=sk; return(sk); err: - OPENSSL_PUT_ERROR(X509, X509at_add1_attr, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); err2: if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); @@ -214,7 +214,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, obj=OBJ_nid2obj(nid); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_create_by_NID, X509_R_UNKNOWN_NID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_NID); return(NULL); } return X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len); @@ -229,7 +229,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, { if ((ret=X509_ATTRIBUTE_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_create_by_OBJ, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(NULL); } } @@ -258,7 +258,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, obj=OBJ_txt2obj(atrname, 0); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_create_by_txt, X509_R_INVALID_FIELD_NAME); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_NAME); ERR_add_error_data(2, "name=", atrname); return(NULL); } @@ -286,7 +286,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, OBJ_obj2nid(attr->object)); if(!stmp) { - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_set1_data, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); return 0; } atype = stmp->type; @@ -314,7 +314,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; return 1; err: - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_set1_data, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } @@ -338,7 +338,7 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, ttmp = X509_ATTRIBUTE_get0_type(attr, idx); if(!ttmp) return NULL; if(atrtype != ASN1_TYPE_get(ttmp)){ - OPENSSL_PUT_ERROR(X509, X509_ATTRIBUTE_get0_data, X509_R_WRONG_TYPE); + OPENSSL_PUT_ERROR(X509, X509_R_WRONG_TYPE); return NULL; } return ttmp->value.ptr; diff --git a/src/crypto/x509/x509_cmp.c b/src/crypto/x509/x509_cmp.c index 712e36b..0e35f3e 100644 --- a/src/crypto/x509/x509_cmp.c +++ b/src/crypto/x509/x509_cmp.c @@ -333,13 +333,13 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) case 1: break; case 0: - OPENSSL_PUT_ERROR(X509, X509_check_private_key, X509_R_KEY_VALUES_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH); break; case -1: - OPENSSL_PUT_ERROR(X509, X509_check_private_key, X509_R_KEY_TYPE_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH); break; case -2: - OPENSSL_PUT_ERROR(X509, X509_check_private_key, X509_R_UNKNOWN_KEY_TYPE); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE); } if (xk) EVP_PKEY_free(xk); diff --git a/src/crypto/x509/x509_lu.c b/src/crypto/x509/x509_lu.c index a662305..6d7bc26 100644 --- a/src/crypto/x509/x509_lu.c +++ b/src/crypto/x509/x509_lu.c @@ -345,7 +345,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_STORE_add_cert, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } obj->type=X509_LU_X509; @@ -359,7 +359,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) { X509_OBJECT_free_contents(obj); OPENSSL_free(obj); - OPENSSL_PUT_ERROR(X509, X509_STORE_add_cert, X509_R_CERT_ALREADY_IN_HASH_TABLE); + OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE); ret=0; } else sk_X509_OBJECT_push(ctx->objs, obj); @@ -378,7 +378,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_STORE_add_crl, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } obj->type=X509_LU_CRL; @@ -392,7 +392,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) { X509_OBJECT_free_contents(obj); OPENSSL_free(obj); - OPENSSL_PUT_ERROR(X509, X509_STORE_add_crl, X509_R_CERT_ALREADY_IN_HASH_TABLE); + OPENSSL_PUT_ERROR(X509, X509_R_CERT_ALREADY_IN_HASH_TABLE); ret=0; } else sk_X509_OBJECT_push(ctx->objs, obj); @@ -410,7 +410,7 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a) X509_up_ref(a->data.x509); break; case X509_LU_CRL: - CRYPTO_refcount_inc(&a->data.crl->references); + X509_CRL_up_ref(a->data.crl); break; } } @@ -572,7 +572,7 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) { obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); x = obj->data.crl; - CRYPTO_refcount_inc(&x->references); + X509_CRL_up_ref(x); if (!sk_X509_CRL_push(sk, x)) { CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); @@ -641,7 +641,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) if (ok == X509_LU_RETRY) { X509_OBJECT_free_contents(&obj); - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_get1_issuer, X509_R_SHOULD_RETRY); + OPENSSL_PUT_ERROR(X509, X509_R_SHOULD_RETRY); return -1; } else if (ok != X509_LU_FAIL) diff --git a/src/crypto/x509/x509_obj.c b/src/crypto/x509/x509_obj.c index 914e0de..b6f0816 100644 --- a/src/crypto/x509/x509_obj.c +++ b/src/crypto/x509/x509_obj.c @@ -184,7 +184,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) *p = '\0'; return(p); err: - OPENSSL_PUT_ERROR(X509, X509_NAME_oneline, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); if (b != NULL) BUF_MEM_free(b); return(NULL); } diff --git a/src/crypto/x509/x509_r2x.c b/src/crypto/x509/x509_r2x.c index 3c8e9c0..85979ac 100644 --- a/src/crypto/x509/x509_r2x.c +++ b/src/crypto/x509/x509_r2x.c @@ -72,7 +72,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) if ((ret=X509_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_REQ_to_X509, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/src/crypto/x509/x509_req.c b/src/crypto/x509/x509_req.c index 2732d6e..01c5113 100644 --- a/src/crypto/x509/x509_req.c +++ b/src/crypto/x509/x509_req.c @@ -77,7 +77,7 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) ret=X509_REQ_new(); if (ret == NULL) { - OPENSSL_PUT_ERROR(X509, X509_to_X509_REQ, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } @@ -128,24 +128,24 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) ok=1; break; case 0: - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_KEY_VALUES_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_KEY_VALUES_MISMATCH); break; case -1: - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_KEY_TYPE_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_KEY_TYPE_MISMATCH); break; case -2: if (k->type == EVP_PKEY_EC) { - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, ERR_R_EC_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_EC_LIB); break; } if (k->type == EVP_PKEY_DH) { /* No idea */ - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_CANT_CHECK_DH_KEY); + OPENSSL_PUT_ERROR(X509, X509_R_CANT_CHECK_DH_KEY); break; } - OPENSSL_PUT_ERROR(X509, X509_REQ_check_private_key, X509_R_UNKNOWN_KEY_TYPE); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_KEY_TYPE); } EVP_PKEY_free(xk); diff --git a/src/crypto/x509/x509_trs.c b/src/crypto/x509/x509_trs.c index 9b7cc9c..820e605 100644 --- a/src/crypto/x509/x509_trs.c +++ b/src/crypto/x509/x509_trs.c @@ -156,7 +156,7 @@ int X509_TRUST_get_by_id(int id) int X509_TRUST_set(int *t, int trust) { if(X509_TRUST_get_by_id(trust) == -1) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_set, X509_R_INVALID_TRUST); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_TRUST); return 0; } *t = trust; @@ -179,7 +179,7 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), /* Need a new entry */ if(idx == -1) { if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } trtmp->flags = X509_TRUST_DYNAMIC; @@ -188,7 +188,7 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), /* Duplicate the supplied name. */ name_dup = BUF_strdup(name); if (name_dup == NULL) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); if (idx == -1) OPENSSL_free(trtmp); return 0; @@ -210,12 +210,12 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), /* If its a new entry manage the dynamic table */ if(idx == -1) { if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); trtable_free(trtmp); return 0; } if (!sk_X509_TRUST_push(trtable, trtmp)) { - OPENSSL_PUT_ERROR(X509, X509_TRUST_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); trtable_free(trtmp); return 0; } diff --git a/src/crypto/x509/x509_v3.c b/src/crypto/x509/x509_v3.c index 0fc9a9a..b042985 100644 --- a/src/crypto/x509/x509_v3.c +++ b/src/crypto/x509/x509_v3.c @@ -147,7 +147,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, if (x == NULL) { - OPENSSL_PUT_ERROR(X509, X509v3_add_ext, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); goto err2; } @@ -171,7 +171,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, *x=sk; return(sk); err: - OPENSSL_PUT_ERROR(X509, X509v3_add_ext, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); err2: if (new_ex != NULL) X509_EXTENSION_free(new_ex); if (sk != NULL) sk_X509_EXTENSION_free(sk); @@ -187,7 +187,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, obj=OBJ_nid2obj(nid); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_EXTENSION_create_by_NID, X509_R_UNKNOWN_NID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_NID); return(NULL); } ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data); @@ -203,7 +203,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, { if ((ret=X509_EXTENSION_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_EXTENSION_create_by_OBJ, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(NULL); } } diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c index f53f279..5d856f0 100644 --- a/src/crypto/x509/x509_vfy.c +++ b/src/crypto/x509/x509_vfy.c @@ -72,7 +72,8 @@ #include "../internal.h" -static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; +static CRYPTO_EX_DATA_CLASS g_ex_data_class = + CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA; /* CRL score values */ @@ -201,7 +202,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) STACK_OF(X509) *sktmp=NULL; if (ctx->cert == NULL) { - OPENSSL_PUT_ERROR(X509, X509_verify_cert, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); + OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); return -1; } @@ -214,7 +215,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if ( ((ctx->chain=sk_X509_new_null()) == NULL) || (!sk_X509_push(ctx->chain,ctx->cert))) { - OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto end; } X509_up_ref(ctx->cert); @@ -225,7 +226,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (ctx->untrusted != NULL && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto end; } @@ -251,7 +252,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { ok = ctx->get_issuer(&xtmp, ctx, x); if (ok < 0) - return ok; + goto end; /* If successful for now free up cert so it * will be picked up again later. */ @@ -270,10 +271,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx) { if (!sk_X509_push(ctx->chain,xtmp)) { - OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto end; } - CRYPTO_refcount_inc(&xtmp->references); + X509_up_ref(xtmp); (void)sk_X509_delete_ptr(sktmp,xtmp); ctx->last_untrusted++; x=xtmp; @@ -349,15 +350,16 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = ctx->get_issuer(&xtmp, ctx, x); - if (ok < 0) return ok; + if (ok < 0) goto end; if (ok == 0) break; x = xtmp; if (!sk_X509_push(ctx->chain,x)) { X509_free(xtmp); - OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); - return 0; + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); + ok = 0; + goto end; } num++; } @@ -990,7 +992,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, *pissuer = best_crl_issuer; *pscore = best_score; *preasons = best_reasons; - CRYPTO_refcount_inc(&best_crl->references); + X509_CRL_up_ref(best_crl); if (*pdcrl) { X509_CRL_free(*pdcrl); @@ -1097,7 +1099,7 @@ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, { if (check_crl_time(ctx, delta, 0)) *pscore |= CRL_SCORE_TIME_DELTA; - CRYPTO_refcount_inc(&delta->references); + X509_CRL_up_ref(delta); *dcrl = delta; return; } @@ -1634,7 +1636,7 @@ static int check_policy(X509_STORE_CTX *ctx) ctx->param->policies, ctx->param->flags); if (ret == 0) { - OPENSSL_PUT_ERROR(X509, check_policy, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } /* Invalid or inconsistent extensions */ @@ -1983,44 +1985,44 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, /* CRLs can't be delta already */ if (base->base_crl_number || newer->base_crl_number) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_CRL_ALREADY_DELTA); + OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA); return NULL; } /* Base and new CRL must have a CRL number */ if (!base->crl_number || !newer->crl_number) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_NO_CRL_NUMBER); + OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER); return NULL; } /* Issuer names must match */ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_ISSUER_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH); return NULL; } /* AKID and IDP must match */ if (!crl_extension_match(base, newer, NID_authority_key_identifier)) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_AKID_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH); return NULL; } if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_IDP_MISMATCH); + OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH); return NULL; } /* Newer CRL number must exceed full CRL number */ if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_NEWER_CRL_NOT_NEWER); + OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER); return NULL; } /* CRLs must verify */ if (skey && (X509_CRL_verify(base, skey) <= 0 || X509_CRL_verify(newer, skey) <= 0)) { - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, X509_R_CRL_VERIFY_FAILURE); + OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE); return NULL; } /* Create new CRL */ @@ -2085,7 +2087,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, return crl; memerr: - OPENSSL_PUT_ERROR(X509, X509_CRL_diff, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); if (crl) X509_CRL_free(crl); return NULL; @@ -2210,7 +2212,7 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, idx = X509_PURPOSE_get_by_id(purpose); if (idx == -1) { - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_purpose_inherit, X509_R_UNKNOWN_PURPOSE_ID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID); return 0; } ptmp = X509_PURPOSE_get0(idx); @@ -2219,7 +2221,7 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, idx = X509_PURPOSE_get_by_id(def_purpose); if (idx == -1) { - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_purpose_inherit, X509_R_UNKNOWN_PURPOSE_ID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID); return 0; } ptmp = X509_PURPOSE_get0(idx); @@ -2232,7 +2234,7 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, idx = X509_TRUST_get_by_id(trust); if (idx == -1) { - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_purpose_inherit, X509_R_UNKNOWN_TRUST_ID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID); return 0; } } @@ -2248,7 +2250,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); if (!ctx) { - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return NULL; } memset(ctx, 0, sizeof(X509_STORE_CTX)); @@ -2371,7 +2373,7 @@ err: } memset(ctx, 0, sizeof(X509_STORE_CTX)); - OPENSSL_PUT_ERROR(X509, X509_STORE_CTX_init, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/src/crypto/x509/x509cset.c b/src/crypto/x509/x509cset.c index b526c69..82d61d0 100644 --- a/src/crypto/x509/x509cset.c +++ b/src/crypto/x509/x509cset.c @@ -57,6 +57,8 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "../internal.h" + int X509_CRL_set_version(X509_CRL *x, long version) { @@ -128,6 +130,11 @@ int X509_CRL_sort(X509_CRL *c) return 1; } +void X509_CRL_up_ref(X509_CRL *crl) + { + CRYPTO_refcount_inc(&crl->references); + } + int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) { ASN1_TIME *in; diff --git a/src/crypto/x509/x509name.c b/src/crypto/x509/x509name.c index 042d18b..7bb3aa1 100644 --- a/src/crypto/x509/x509name.c +++ b/src/crypto/x509/x509name.c @@ -254,7 +254,7 @@ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, new_name->set=set; if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc)) { - OPENSSL_PUT_ERROR(X509, X509_NAME_add_entry, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } if (inc) @@ -279,7 +279,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, obj=OBJ_txt2obj(field, 0); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_NAME_ENTRY_create_by_txt, X509_R_INVALID_FIELD_NAME); + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_NAME); ERR_add_error_data(2, "name=", field); return(NULL); } @@ -297,7 +297,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, obj=OBJ_nid2obj(nid); if (obj == NULL) { - OPENSSL_PUT_ERROR(X509, X509_NAME_ENTRY_create_by_NID, X509_R_UNKNOWN_NID); + OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_NID); return(NULL); } nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); @@ -336,7 +336,7 @@ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj) { if ((ne == NULL) || (obj == NULL)) { - OPENSSL_PUT_ERROR(X509, X509_NAME_ENTRY_set_object, ERR_R_PASSED_NULL_PARAMETER); + OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); return(0); } ASN1_OBJECT_free(ne->object); diff --git a/src/crypto/x509/x509spki.c b/src/crypto/x509/x509spki.c index 9bab957..ccf93e0 100644 --- a/src/crypto/x509/x509spki.c +++ b/src/crypto/x509/x509spki.c @@ -84,15 +84,15 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) if (len <= 0) len = strlen(str); if (!EVP_DecodedLength(&spki_len, len)) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_decode, X509_R_BASE64_DECODE_ERROR); + OPENSSL_PUT_ERROR(X509, X509_R_BASE64_DECODE_ERROR); return NULL; } if (!(spki_der = OPENSSL_malloc(spki_len))) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_decode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return NULL; } if (!EVP_DecodeBase64(spki_der, &spki_len, spki_len, (const uint8_t *)str, len)) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_decode, X509_R_BASE64_DECODE_ERROR); + OPENSSL_PUT_ERROR(X509, X509_R_BASE64_DECODE_ERROR); OPENSSL_free(spki_der); return NULL; } @@ -113,18 +113,18 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) der_len = i2d_NETSCAPE_SPKI(spki, NULL); if (!EVP_EncodedLength(&b64_len, der_len)) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_OVERFLOW); + OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW); return NULL; } der_spki = OPENSSL_malloc(der_len); if (der_spki == NULL) { - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return NULL; } b64_str = OPENSSL_malloc(b64_len); if (b64_str == NULL) { OPENSSL_free(der_spki); - OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return NULL; } p = der_spki; diff --git a/src/crypto/x509/x_all.c b/src/crypto/x509/x_all.c index 785fd1e..d7f2d29 100644 --- a/src/crypto/x509/x_all.c +++ b/src/crypto/x509/x_all.c @@ -64,9 +64,6 @@ #include <openssl/x509.h> -extern const ASN1_ITEM RSAPrivateKey_it; -extern const ASN1_ITEM RSAPublicKey_it; - int X509_verify(X509 *a, EVP_PKEY *r) { if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) @@ -144,6 +141,12 @@ int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) x->signature, x->spkac,pkey,md)); } +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *x, EVP_PKEY *pkey) + { + return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, + x->signature, x->spkac, pkey)); + } + #ifndef OPENSSL_NO_FP_API X509 *d2i_X509_fp(FILE *fp, X509 **x509) { @@ -239,17 +242,17 @@ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) #ifndef OPENSSL_NO_FP_API RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); + return ASN1_d2i_fp_of(RSA, RSA_new, d2i_RSAPrivateKey, fp, rsa); } int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); + return ASN1_i2d_fp_of_const(RSA, i2d_RSAPrivateKey, fp, rsa); } RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); + return ASN1_d2i_fp_of(RSA, RSA_new, d2i_RSAPublicKey, fp, rsa); } RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) @@ -261,7 +264,7 @@ RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); + return ASN1_i2d_fp_of_const(RSA, i2d_RSAPublicKey, fp, rsa); } int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) @@ -272,17 +275,17 @@ int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); + return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSAPrivateKey, bp, rsa); } int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); + return ASN1_i2d_bio_of_const(RSA, i2d_RSAPrivateKey, bp, rsa); } RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); + return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSAPublicKey, bp, rsa); } @@ -293,7 +296,7 @@ RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); + return ASN1_i2d_bio_of_const(RSA, i2d_RSAPublicKey, bp, rsa); } int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) diff --git a/src/crypto/x509/x_crl.c b/src/crypto/x509/x_crl.c index 2f41bb1..d516872 100644 --- a/src/crypto/x509/x_crl.c +++ b/src/crypto/x509/x_crl.c @@ -400,7 +400,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) if(!inf->revoked) inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { - OPENSSL_PUT_ERROR(X509, X509_CRL_add0_revoked, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } inf->enc.modified = 1; diff --git a/src/crypto/x509/x_info.c b/src/crypto/x509/x_info.c index f9e9ab8..be579d7 100644 --- a/src/crypto/x509/x_info.c +++ b/src/crypto/x509/x_info.c @@ -69,7 +69,7 @@ X509_INFO *X509_INFO_new(void) ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); if (ret == NULL) { - OPENSSL_PUT_ERROR(X509, X509_INFO_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(NULL); } diff --git a/src/crypto/x509/x_name.c b/src/crypto/x509/x_name.c index 5cfb3ae..762756b 100644 --- a/src/crypto/x509/x_name.c +++ b/src/crypto/x509/x_name.c @@ -150,7 +150,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) return 1; memerr: - OPENSSL_PUT_ERROR(X509, x509_name_ex_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); if (ret) { if (ret->entries) @@ -239,7 +239,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, err: if (nm.x != NULL) X509_NAME_free(nm.x); - OPENSSL_PUT_ERROR(X509, x509_name_ex_d2i, ERR_R_ASN1_LIB); + OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); return 0; } @@ -300,7 +300,7 @@ static int x509_name_encode(X509_NAME *a) memerr: sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, local_sk_X509_NAME_ENTRY_free); - OPENSSL_PUT_ERROR(X509, x509_name_encode, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/src/crypto/x509/x_pkey.c b/src/crypto/x509/x_pkey.c index 5bc6415..f5e98b8 100644 --- a/src/crypto/x509/x_pkey.c +++ b/src/crypto/x509/x_pkey.c @@ -69,7 +69,7 @@ X509_PKEY *X509_PKEY_new(void) X509_PKEY *ret = OPENSSL_malloc(sizeof(X509_PKEY)); if (ret == NULL) { - OPENSSL_PUT_ERROR(X509, X509_PKEY_new, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } memset(ret, 0, sizeof(X509_PKEY)); diff --git a/src/crypto/x509/x_pubkey.c b/src/crypto/x509/x_pubkey.c index c2e0863..a16edca 100644 --- a/src/crypto/x509/x_pubkey.c +++ b/src/crypto/x509/x_pubkey.c @@ -100,19 +100,19 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { if (!pkey->ameth->pub_encode(pk, pkey)) { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_set, X509_R_PUBLIC_KEY_ENCODE_ERROR); + OPENSSL_PUT_ERROR(X509, X509_R_PUBLIC_KEY_ENCODE_ERROR); goto error; } } else { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_set, X509_R_METHOD_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(X509, X509_R_METHOD_NOT_SUPPORTED); goto error; } } else { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_set, X509_R_UNSUPPORTED_ALGORITHM); + OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM); goto error; } @@ -151,13 +151,13 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) if ((ret = EVP_PKEY_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_get, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto error; } if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_get, X509_R_UNSUPPORTED_ALGORITHM); + OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM); goto error; } @@ -165,13 +165,13 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { if (!ret->ameth->pub_decode(ret, key)) { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_get, X509_R_PUBLIC_KEY_DECODE_ERROR); + OPENSSL_PUT_ERROR(X509, X509_R_PUBLIC_KEY_DECODE_ERROR); goto error; } } else { - OPENSSL_PUT_ERROR(X509, X509_PUBKEY_get, X509_R_METHOD_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(X509, X509_R_METHOD_NOT_SUPPORTED); goto error; } @@ -262,7 +262,7 @@ int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp) pktmp = EVP_PKEY_new(); if (!pktmp) { - OPENSSL_PUT_ERROR(X509, i2d_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } EVP_PKEY_set1_RSA(pktmp, (RSA*) a); @@ -301,7 +301,7 @@ int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp) pktmp = EVP_PKEY_new(); if(!pktmp) { - OPENSSL_PUT_ERROR(X509, i2d_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return 0; } EVP_PKEY_set1_DSA(pktmp, (DSA*) a); @@ -338,7 +338,7 @@ int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp) if (!a) return(0); if ((pktmp = EVP_PKEY_new()) == NULL) { - OPENSSL_PUT_ERROR(X509, i2d_EC_PUBKEY, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); return(0); } EVP_PKEY_set1_EC_KEY(pktmp, (EC_KEY*) a); diff --git a/src/crypto/x509/x_x509a.c b/src/crypto/x509/x_x509a.c index e13204b..fb7172b 100644 --- a/src/crypto/x509/x_x509a.c +++ b/src/crypto/x509/x_x509a.c @@ -133,24 +133,44 @@ unsigned char *X509_keyid_get0(X509 *x, int *len) int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) { - X509_CERT_AUX *aux; - ASN1_OBJECT *objtmp; - if(!(objtmp = OBJ_dup(obj))) return 0; - if(!(aux = aux_get(x))) return 0; - if(!aux->trust - && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0; - return sk_ASN1_OBJECT_push(aux->trust, objtmp); + ASN1_OBJECT *objtmp = OBJ_dup(obj); + if (objtmp == NULL) + goto err; + X509_CERT_AUX *aux = aux_get(x); + if (aux->trust == NULL) + { + aux->trust = sk_ASN1_OBJECT_new_null(); + if (aux->trust == NULL) + goto err; + } + if (!sk_ASN1_OBJECT_push(aux->trust, objtmp)) + goto err; + return 1; + +err: + ASN1_OBJECT_free(objtmp); + return 0; } int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) { - X509_CERT_AUX *aux; - ASN1_OBJECT *objtmp; - if(!(objtmp = OBJ_dup(obj))) return 0; - if(!(aux = aux_get(x))) return 0; - if(!aux->reject - && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0; - return sk_ASN1_OBJECT_push(aux->reject, objtmp); + ASN1_OBJECT *objtmp = OBJ_dup(obj); + if (objtmp == NULL) + goto err; + X509_CERT_AUX *aux = aux_get(x); + if (aux->reject == NULL) + { + aux->reject = sk_ASN1_OBJECT_new_null(); + if (aux->reject == NULL) + goto err; + } + if (!sk_ASN1_OBJECT_push(aux->reject, objtmp)) + goto err; + return 1; + +err: + ASN1_OBJECT_free(objtmp); + return 0; } void X509_trust_clear(X509 *x) diff --git a/src/crypto/x509v3/CMakeLists.txt b/src/crypto/x509v3/CMakeLists.txt index c7e6054..5cc1b49 100644 --- a/src/crypto/x509v3/CMakeLists.txt +++ b/src/crypto/x509v3/CMakeLists.txt @@ -1,4 +1,4 @@ -include_directories(. .. ../../include) +include_directories(../../include) add_library( x509v3 @@ -46,7 +46,7 @@ add_library( add_executable( v3name_test - v3nametest.c + v3name_test.c $<TARGET_OBJECTS:test_support> ) @@ -56,7 +56,7 @@ target_link_libraries(v3name_test crypto) add_executable( tab_test - tabtest.c + tab_test.c $<TARGET_OBJECTS:test_support> ) diff --git a/src/crypto/x509v3/tabtest.c b/src/crypto/x509v3/tab_test.c index 6b97e91..6b97e91 100644 --- a/src/crypto/x509v3/tabtest.c +++ b/src/crypto/x509v3/tab_test.c diff --git a/src/crypto/x509v3/v3_akey.c b/src/crypto/x509v3/v3_akey.c index f6e6b69..9578a57 100644 --- a/src/crypto/x509v3/v3_akey.c +++ b/src/crypto/x509v3/v3_akey.c @@ -144,7 +144,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, } else { - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_OPTION); ERR_add_error_data(2, "name=", cnf->name); return NULL; } @@ -154,7 +154,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, { if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_KEYID, X509V3_R_NO_ISSUER_CERTIFICATE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_CERTIFICATE); return NULL; } @@ -167,7 +167,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, ikeyid = X509V3_EXT_d2i(ext); if(keyid==2 && !ikeyid) { - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_KEYID, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); return NULL; } } @@ -178,7 +178,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); if(!isname || !serial) { - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_KEYID, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); goto err; } } @@ -191,7 +191,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, || !(gen = GENERAL_NAME_new()) || !sk_GENERAL_NAME_push(gens, gen)) { - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } gen->type = GEN_DIRNAME; diff --git a/src/crypto/x509v3/v3_alt.c b/src/crypto/x509v3/v3_alt.c index f547316..e639f45 100644 --- a/src/crypto/x509v3/v3_alt.c +++ b/src/crypto/x509v3/v3_alt.c @@ -250,7 +250,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, CONF_VALUE *cnf; size_t i; if(!(gens = sk_GENERAL_NAME_new_null())) { - OPENSSL_PUT_ERROR(X509V3, v2i_issuer_alt, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { @@ -282,21 +282,21 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) size_t j; if(ctx && (ctx->flags == CTX_TEST)) return 1; if(!ctx || !ctx->issuer_cert) { - OPENSSL_PUT_ERROR(X509V3, copy_issuer, X509V3_R_NO_ISSUER_DETAILS); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_DETAILS); goto err; } i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); if(i < 0) return 1; if(!(ext = X509_get_ext(ctx->issuer_cert, i)) || !(ialt = X509V3_EXT_d2i(ext)) ) { - OPENSSL_PUT_ERROR(X509V3, copy_issuer, X509V3_R_ISSUER_DECODE_ERROR); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_ISSUER_DECODE_ERROR); goto err; } for(j = 0; j < sk_GENERAL_NAME_num(ialt); j++) { gen = sk_GENERAL_NAME_value(ialt, j); if(!sk_GENERAL_NAME_push(gens, gen)) { - OPENSSL_PUT_ERROR(X509V3, copy_issuer, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } } @@ -316,7 +316,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, CONF_VALUE *cnf; size_t i; if(!(gens = sk_GENERAL_NAME_new_null())) { - OPENSSL_PUT_ERROR(X509V3, v2i_subject_alt, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { @@ -354,7 +354,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) if(ctx != NULL && ctx->flags == CTX_TEST) return 1; if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { - OPENSSL_PUT_ERROR(X509V3, copy_email, X509V3_R_NO_SUBJECT_DETAILS); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_SUBJECT_DETAILS); goto err; } /* Find the subject name */ @@ -374,14 +374,14 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) i--; } if(!email || !(gen = GENERAL_NAME_new())) { - OPENSSL_PUT_ERROR(X509V3, copy_email, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } gen->d.ia5 = email; email = NULL; gen->type = GEN_EMAIL; if(!sk_GENERAL_NAME_push(gens, gen)) { - OPENSSL_PUT_ERROR(X509V3, copy_email, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } gen = NULL; @@ -405,7 +405,7 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, CONF_VALUE *cnf; size_t i; if(!(gens = sk_GENERAL_NAME_new_null())) { - OPENSSL_PUT_ERROR(X509V3, v2i_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { @@ -434,7 +434,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, if(!value) { - OPENSSL_PUT_ERROR(X509V3, a2i_GENERAL_NAME, X509V3_R_MISSING_VALUE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_MISSING_VALUE); return NULL; } @@ -445,7 +445,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, gen = GENERAL_NAME_new(); if(gen == NULL) { - OPENSSL_PUT_ERROR(X509V3, a2i_GENERAL_NAME, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } } @@ -463,7 +463,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, ASN1_OBJECT *obj; if(!(obj = OBJ_txt2obj(value,0))) { - OPENSSL_PUT_ERROR(X509V3, a2i_GENERAL_NAME, X509V3_R_BAD_OBJECT); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", value); goto err; } @@ -478,7 +478,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, gen->d.ip = a2i_IPADDRESS(value); if(gen->d.ip == NULL) { - OPENSSL_PUT_ERROR(X509V3, a2i_GENERAL_NAME, X509V3_R_BAD_IP_ADDRESS); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_IP_ADDRESS); ERR_add_error_data(2, "value=", value); goto err; } @@ -487,7 +487,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, case GEN_DIRNAME: if (!do_dirname(gen, value, ctx)) { - OPENSSL_PUT_ERROR(X509V3, a2i_GENERAL_NAME, X509V3_R_DIRNAME_ERROR); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_DIRNAME_ERROR); goto err; } break; @@ -495,12 +495,12 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, case GEN_OTHERNAME: if (!do_othername(gen, value, ctx)) { - OPENSSL_PUT_ERROR(X509V3, a2i_GENERAL_NAME, X509V3_R_OTHERNAME_ERROR); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_OTHERNAME_ERROR); goto err; } break; default: - OPENSSL_PUT_ERROR(X509V3, a2i_GENERAL_NAME, X509V3_R_UNSUPPORTED_TYPE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_TYPE); goto err; } @@ -510,7 +510,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, strlen(value))) { - OPENSSL_PUT_ERROR(X509V3, a2i_GENERAL_NAME, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } } @@ -538,7 +538,7 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, if(!value) { - OPENSSL_PUT_ERROR(X509V3, v2i_GENERAL_NAME_ex, X509V3_R_MISSING_VALUE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_MISSING_VALUE); return NULL; } @@ -558,7 +558,7 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, type = GEN_OTHERNAME; else { - OPENSSL_PUT_ERROR(X509V3, v2i_GENERAL_NAME_ex, X509V3_R_UNSUPPORTED_OPTION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION); ERR_add_error_data(2, "name=", name); return NULL; } @@ -604,7 +604,7 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) sk = X509V3_get_section(ctx, value); if (!sk) { - OPENSSL_PUT_ERROR(X509V3, do_dirname, X509V3_R_SECTION_NOT_FOUND); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND); ERR_add_error_data(2, "section=", value); X509_NAME_free(nm); return 0; diff --git a/src/crypto/x509v3/v3_bcons.c b/src/crypto/x509v3/v3_bcons.c index a1381b4..73ef21e 100644 --- a/src/crypto/x509v3/v3_bcons.c +++ b/src/crypto/x509v3/v3_bcons.c @@ -103,7 +103,7 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, CONF_VALUE *val; size_t i; if(!(bcons = BASIC_CONSTRAINTS_new())) { - OPENSSL_PUT_ERROR(X509V3, v2i_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(values); i++) { @@ -113,7 +113,7 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, } else if(!strcmp(val->name, "pathlen")) { if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; } else { - OPENSSL_PUT_ERROR(X509V3, v2i_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NAME); X509V3_conf_err(val); goto err; } diff --git a/src/crypto/x509v3/v3_bitst.c b/src/crypto/x509v3/v3_bitst.c index 15e9859..e1e2087 100644 --- a/src/crypto/x509v3/v3_bitst.c +++ b/src/crypto/x509v3/v3_bitst.c @@ -112,7 +112,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, size_t i; const BIT_STRING_BITNAME *bnam; if(!(bs = M_ASN1_BIT_STRING_new())) { - OPENSSL_PUT_ERROR(X509V3, v2i_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { @@ -121,7 +121,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, if(!strcmp(bnam->sname, val->name) || !strcmp(bnam->lname, val->name) ) { if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { - OPENSSL_PUT_ERROR(X509V3, v2i_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); M_ASN1_BIT_STRING_free(bs); return NULL; } @@ -129,7 +129,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, } } if(!bnam->lname) { - OPENSSL_PUT_ERROR(X509V3, v2i_ASN1_BIT_STRING, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); X509V3_conf_err(val); M_ASN1_BIT_STRING_free(bs); return NULL; diff --git a/src/crypto/x509v3/v3_conf.c b/src/crypto/x509v3/v3_conf.c index cb6569f..fe71566 100644 --- a/src/crypto/x509v3/v3_conf.c +++ b/src/crypto/x509v3/v3_conf.c @@ -92,7 +92,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); if (!ret) { - OPENSSL_PUT_ERROR(X509V3, X509V3_EXT_nconf, X509V3_R_ERROR_IN_EXTENSION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_IN_EXTENSION); ERR_add_error_data(4,"name=", name, ", value=", value); } return ret; @@ -123,12 +123,12 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, void *ext_struc; if (ext_nid == NID_undef) { - OPENSSL_PUT_ERROR(X509V3, do_ext_nconf, X509V3_R_UNKNOWN_EXTENSION_NAME); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; } if (!(method = X509V3_EXT_get_nid(ext_nid))) { - OPENSSL_PUT_ERROR(X509V3, do_ext_nconf, X509V3_R_UNKNOWN_EXTENSION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_EXTENSION); return NULL; } /* Now get internal extension representation based on type */ @@ -138,7 +138,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, else nval = X509V3_parse_list(value); if(sk_CONF_VALUE_num(nval) <= 0) { - OPENSSL_PUT_ERROR(X509V3, do_ext_nconf, X509V3_R_INVALID_EXTENSION_STRING); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_EXTENSION_STRING); ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); return NULL; } @@ -155,14 +155,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, { if(!ctx->db || !ctx->db_meth) { - OPENSSL_PUT_ERROR(X509V3, do_ext_nconf, X509V3_R_NO_CONFIG_DATABASE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_CONFIG_DATABASE); return NULL; } if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; } else { - OPENSSL_PUT_ERROR(X509V3, do_ext_nconf, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); return NULL; } @@ -207,7 +207,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, return ext; merr: - OPENSSL_PUT_ERROR(X509V3, do_ext_i2d, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } @@ -218,7 +218,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) { const X509V3_EXT_METHOD *method; if (!(method = X509V3_EXT_get_nid(ext_nid))) { - OPENSSL_PUT_ERROR(X509V3, X509V3_EXT_i2d, X509V3_R_UNKNOWN_EXTENSION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_EXTENSION); return NULL; } return do_ext_i2d(method, ext_nid, crit, ext_struc); @@ -271,7 +271,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, X509_EXTENSION *extension=NULL; if (!(obj = OBJ_txt2obj(ext, 0))) { - OPENSSL_PUT_ERROR(X509V3, v3_generic_extension, X509V3_R_EXTENSION_NAME_ERROR); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_NAME_ERROR); ERR_add_error_data(2, "name=", ext); goto err; } @@ -283,14 +283,14 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, if (ext_der == NULL) { - OPENSSL_PUT_ERROR(X509V3, v3_generic_extension, X509V3_R_EXTENSION_VALUE_ERROR); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_VALUE_ERROR); ERR_add_error_data(2, "value=", value); goto err; } if (!(oct = M_ASN1_OCTET_STRING_new())) { - OPENSSL_PUT_ERROR(X509V3, v3_generic_extension, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } @@ -389,7 +389,7 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) { if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { - OPENSSL_PUT_ERROR(X509V3, X509V3_get_string, X509V3_R_OPERATION_NOT_DEFINED); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED); return NULL; } if (ctx->db_meth->get_string) @@ -401,7 +401,7 @@ STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) { if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { - OPENSSL_PUT_ERROR(X509V3, X509V3_get_section, X509V3_R_OPERATION_NOT_DEFINED); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED); return NULL; } if (ctx->db_meth->get_section) diff --git a/src/crypto/x509v3/v3_cpols.c b/src/crypto/x509v3/v3_cpols.c index cbe596b..0b58676 100644 --- a/src/crypto/x509v3/v3_cpols.c +++ b/src/crypto/x509v3/v3_cpols.c @@ -146,19 +146,19 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, int ia5org; pols = sk_POLICYINFO_new_null(); if (pols == NULL) { - OPENSSL_PUT_ERROR(X509V3, r2i_certpol, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } vals = X509V3_parse_list(value); if (vals == NULL) { - OPENSSL_PUT_ERROR(X509V3, r2i_certpol, ERR_R_X509V3_LIB); + OPENSSL_PUT_ERROR(X509V3, ERR_R_X509V3_LIB); goto err; } ia5org = 0; for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { cnf = sk_CONF_VALUE_value(vals, i); if(cnf->value || !cnf->name ) { - OPENSSL_PUT_ERROR(X509V3, r2i_certpol, X509V3_R_INVALID_POLICY_IDENTIFIER); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER); X509V3_conf_err(cnf); goto err; } @@ -170,7 +170,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *polsect; polsect = X509V3_get_section(ctx, pstr + 1); if(!polsect) { - OPENSSL_PUT_ERROR(X509V3, r2i_certpol, X509V3_R_INVALID_SECTION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; @@ -180,7 +180,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, if(!pol) goto err; } else { if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { - OPENSSL_PUT_ERROR(X509V3, r2i_certpol, X509V3_R_INVALID_OBJECT_IDENTIFIER); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } @@ -189,7 +189,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, } if (!sk_POLICYINFO_push(pols, pol)){ POLICYINFO_free(pol); - OPENSSL_PUT_ERROR(X509V3, r2i_certpol, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } } @@ -214,7 +214,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, if(!strcmp(cnf->name, "policyIdentifier")) { ASN1_OBJECT *pobj; if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { - OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_INVALID_OBJECT_IDENTIFIER); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } @@ -229,7 +229,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, /* TODO(fork): const correctness */ qual->pqualid = (ASN1_OBJECT*) OBJ_nid2obj(NID_id_qt_cps); if (qual->pqualid == NULL) { - OPENSSL_PUT_ERROR(X509V3, policy_section, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(X509V3, ERR_R_INTERNAL_ERROR); goto err; } qual->d.cpsuri = M_ASN1_IA5STRING_new(); @@ -241,13 +241,13 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, } else if(!name_cmp(cnf->name, "userNotice")) { STACK_OF(CONF_VALUE) *unot; if(*cnf->value != '@') { - OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_EXPECTED_A_SECTION_NAME); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXPECTED_A_SECTION_NAME); X509V3_conf_err(cnf); goto err; } unot = X509V3_get_section(ctx, cnf->value + 1); if(!unot) { - OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_INVALID_SECTION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; @@ -260,21 +260,21 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; } else { - OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_INVALID_OPTION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OPTION); X509V3_conf_err(cnf); goto err; } } if(!pol->policyid) { - OPENSSL_PUT_ERROR(X509V3, policy_section, X509V3_R_NO_POLICY_IDENTIFIER); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_POLICY_IDENTIFIER); goto err; } return pol; merr: - OPENSSL_PUT_ERROR(X509V3, policy_section, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); err: POLICYINFO_free(pol); @@ -296,7 +296,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, qual->pqualid = (ASN1_OBJECT *) OBJ_nid2obj(NID_id_qt_unotice); if (qual->pqualid == NULL) { - OPENSSL_PUT_ERROR(X509V3, notice_section, ERR_R_INTERNAL_ERROR); + OPENSSL_PUT_ERROR(X509V3, ERR_R_INTERNAL_ERROR); goto err; } if(!(not = USERNOTICE_new())) goto merr; @@ -328,7 +328,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, } else nref = not->noticeref; nos = X509V3_parse_list(cnf->value); if(!nos || !sk_CONF_VALUE_num(nos)) { - OPENSSL_PUT_ERROR(X509V3, notice_section, X509V3_R_INVALID_NUMBERS); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NUMBERS); X509V3_conf_err(cnf); goto err; } @@ -337,7 +337,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!ret) goto err; } else { - OPENSSL_PUT_ERROR(X509V3, notice_section, X509V3_R_INVALID_OPTION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OPTION); X509V3_conf_err(cnf); goto err; } @@ -345,14 +345,14 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if(not->noticeref && (!not->noticeref->noticenos || !not->noticeref->organization)) { - OPENSSL_PUT_ERROR(X509V3, notice_section, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); goto err; } return qual; merr: - OPENSSL_PUT_ERROR(X509V3, notice_section, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); err: POLICYQUALINFO_free(qual); @@ -369,7 +369,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { - OPENSSL_PUT_ERROR(X509V3, nref_nos, X509V3_R_INVALID_NUMBER); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NUMBER); goto err; } if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; @@ -377,7 +377,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) return 1; merr: - OPENSSL_PUT_ERROR(X509V3, nref_nos, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); err: sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); diff --git a/src/crypto/x509v3/v3_crld.c b/src/crypto/x509v3/v3_crld.c index e41dd65..3984c31 100644 --- a/src/crypto/x509v3/v3_crld.c +++ b/src/crypto/x509v3/v3_crld.c @@ -103,7 +103,7 @@ static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) gnsect = X509V3_parse_list(sect); if (!gnsect) { - OPENSSL_PUT_ERROR(X509V3, gnames_from_sectname, X509V3_R_SECTION_NOT_FOUND); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND); return NULL; } gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); @@ -136,7 +136,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, dnsect = X509V3_get_section(ctx, cnf->value); if (!dnsect) { - OPENSSL_PUT_ERROR(X509V3, set_dist_point_name, X509V3_R_SECTION_NOT_FOUND); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND); return -1; } ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); @@ -152,7 +152,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, if (sk_X509_NAME_ENTRY_value(rnm, sk_X509_NAME_ENTRY_num(rnm) - 1)->set) { - OPENSSL_PUT_ERROR(X509V3, set_dist_point_name, X509V3_R_INVALID_MULTIPLE_RDNS); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_MULTIPLE_RDNS); goto err; } } @@ -161,7 +161,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, if (*pdp) { - OPENSSL_PUT_ERROR(X509V3, set_dist_point_name, X509V3_R_DISTPOINT_ALREADY_SET); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_DISTPOINT_ALREADY_SET); goto err; } @@ -362,7 +362,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, return crld; merr: - OPENSSL_PUT_ERROR(X509V3, v2i_crld, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); err: GENERAL_NAME_free(gen); GENERAL_NAMES_free(gens); @@ -490,7 +490,7 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, } else { - OPENSSL_PUT_ERROR(X509V3, v2i_idp, X509V3_R_INVALID_NAME); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NAME); X509V3_conf_err(cnf); goto err; } @@ -498,7 +498,7 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, return idp; merr: - OPENSSL_PUT_ERROR(X509V3, v2i_idp, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); err: ISSUING_DIST_POINT_free(idp); return NULL; diff --git a/src/crypto/x509v3/v3_extku.c b/src/crypto/x509v3/v3_extku.c index f4b8af8..d64eb9c 100644 --- a/src/crypto/x509v3/v3_extku.c +++ b/src/crypto/x509v3/v3_extku.c @@ -125,7 +125,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, size_t i; if(!(extku = sk_ASN1_OBJECT_new_null())) { - OPENSSL_PUT_ERROR(X509V3, v2i_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } @@ -135,7 +135,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, else extval = val->name; if(!(objtmp = OBJ_txt2obj(extval, 0))) { sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); - OPENSSL_PUT_ERROR(X509V3, v2i_EXTENDED_KEY_USAGE, X509V3_R_INVALID_OBJECT_IDENTIFIER); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); return NULL; } diff --git a/src/crypto/x509v3/v3_ia5.c b/src/crypto/x509v3/v3_ia5.c index ec57e9b..5a27233 100644 --- a/src/crypto/x509v3/v3_ia5.c +++ b/src/crypto/x509v3/v3_ia5.c @@ -87,7 +87,7 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, char *tmp; if(!ia5 || !ia5->length) return NULL; if(!(tmp = OPENSSL_malloc(ia5->length + 1))) { - OPENSSL_PUT_ERROR(X509V3, i2s_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } memcpy(tmp, ia5->data, ia5->length); @@ -100,7 +100,7 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, { ASN1_IA5STRING *ia5; if(!str) { - OPENSSL_PUT_ERROR(X509V3, s2i_ASN1_IA5STRING, X509V3_R_INVALID_NULL_ARGUMENT); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } if(!(ia5 = M_ASN1_IA5STRING_new())) goto err; @@ -111,7 +111,7 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, } return ia5; err: - OPENSSL_PUT_ERROR(X509V3, s2i_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/src/crypto/x509v3/v3_info.c b/src/crypto/x509v3/v3_info.c index 7558b2d..475c56f 100644 --- a/src/crypto/x509v3/v3_info.c +++ b/src/crypto/x509v3/v3_info.c @@ -124,7 +124,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); if(!ntmp) { - OPENSSL_PUT_ERROR(X509V3, i2v_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } BUF_strlcpy(ntmp, objtmp, nlen); @@ -148,19 +148,19 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho int objlen; char *objtmp, *ptmp; if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); if(!(acc = ACCESS_DESCRIPTION_new()) || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } ptmp = strchr(cnf->name, ';'); if(!ptmp) { - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_INFO_ACCESS, X509V3_R_INVALID_SYNTAX); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SYNTAX); goto err; } objlen = ptmp - cnf->name; @@ -169,14 +169,14 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) goto err; if(!(objtmp = OPENSSL_malloc(objlen + 1))) { - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } strncpy(objtmp, cnf->name, objlen); objtmp[objlen] = 0; acc->method = OBJ_txt2obj(objtmp, 0); if(!acc->method) { - OPENSSL_PUT_ERROR(X509V3, v2i_AUTHORITY_INFO_ACCESS, X509V3_R_BAD_OBJECT); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", objtmp); OPENSSL_free(objtmp); goto err; diff --git a/src/crypto/x509v3/v3_lib.c b/src/crypto/x509v3/v3_lib.c index d4e4e78..f8e5531 100644 --- a/src/crypto/x509v3/v3_lib.c +++ b/src/crypto/x509v3/v3_lib.c @@ -78,12 +78,12 @@ static int ext_stack_cmp(const X509V3_EXT_METHOD **a, const X509V3_EXT_METHOD ** int X509V3_EXT_add(X509V3_EXT_METHOD *ext) { if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_stack_cmp))) { - OPENSSL_PUT_ERROR(X509V3, X509V3_EXT_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); ext_list_free(ext); return 0; } if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { - OPENSSL_PUT_ERROR(X509V3, X509V3_EXT_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); ext_list_free(ext); return 0; } @@ -127,7 +127,7 @@ int X509V3_EXT_free(int nid, void *ext_data) const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid); if (ext_method == NULL) { - OPENSSL_PUT_ERROR(X509V3, X509V3_EXT_free, X509V3_R_CANNOT_FIND_FREE_FUNCTION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_CANNOT_FIND_FREE_FUNCTION); return 0; } @@ -137,7 +137,7 @@ int X509V3_EXT_free(int nid, void *ext_data) ext_method->ext_free(ext_data); else { - OPENSSL_PUT_ERROR(X509V3, X509V3_EXT_free, X509V3_R_CANNOT_FIND_FREE_FUNCTION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_CANNOT_FIND_FREE_FUNCTION); return 0; } @@ -157,11 +157,11 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) X509V3_EXT_METHOD *tmpext; if(!(ext = X509V3_EXT_get_nid(nid_from))) { - OPENSSL_PUT_ERROR(X509V3, X509V3_EXT_add_alias, X509V3_R_EXTENSION_NOT_FOUND); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_EXTENSION_NOT_FOUND); return 0; } if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { - OPENSSL_PUT_ERROR(X509V3, X509V3_EXT_add_alias, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return 0; } *tmpext = *ext; @@ -311,7 +311,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, ext = X509V3_EXT_i2d(nid, crit, value); if(!ext) { - OPENSSL_PUT_ERROR(X509V3, X509V3_add1_i2d, X509V3_R_ERROR_CREATING_EXTENSION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CREATING_EXTENSION); return 0; } @@ -330,6 +330,6 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, err: if(!(flags & X509V3_ADD_SILENT)) - OPENSSL_PUT_ERROR(X509V3, X509V3_add1_i2d, errcode); + OPENSSL_PUT_ERROR(X509V3, errcode); return 0; } diff --git a/src/crypto/x509v3/v3_ncons.c b/src/crypto/x509v3/v3_ncons.c index c42a665..19f5e94 100644 --- a/src/crypto/x509v3/v3_ncons.c +++ b/src/crypto/x509v3/v3_ncons.c @@ -135,7 +135,7 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, } else { - OPENSSL_PUT_ERROR(X509V3, v2i_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SYNTAX); goto err; } tval.value = val->value; @@ -152,7 +152,7 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, return ncons; memerr: - OPENSSL_PUT_ERROR(X509V3, v2i_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); err: if (ncons) NAME_CONSTRAINTS_free(ncons); diff --git a/src/crypto/x509v3/v3_pci.c b/src/crypto/x509v3/v3_pci.c index aa93891..f19a37a 100644 --- a/src/crypto/x509v3/v3_pci.c +++ b/src/crypto/x509v3/v3_pci.c @@ -87,13 +87,13 @@ static int process_pci_value(CONF_VALUE *val, { if (*language) { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } if (!(*language = OBJ_txt2obj(val->value, 0))) { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, X509V3_R_INVALID_OBJECT_IDENTIFIER); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); return 0; } @@ -102,13 +102,13 @@ static int process_pci_value(CONF_VALUE *val, { if (*pathlen) { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } if (!X509V3_get_value_int(val, pathlen)) { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, X509V3_R_POLICY_PATH_LENGTH); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_POLICY_PATH_LENGTH); X509V3_conf_err(val); return 0; } @@ -122,7 +122,7 @@ static int process_pci_value(CONF_VALUE *val, *policy = ASN1_OCTET_STRING_new(); if (!*policy) { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); X509V3_conf_err(val); return 0; } @@ -135,7 +135,7 @@ static int process_pci_value(CONF_VALUE *val, if (!tmp_data2) { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, X509V3_R_ILLEGAL_HEX_DIGIT); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT); X509V3_conf_err(val); goto err; } @@ -156,7 +156,7 @@ static int process_pci_value(CONF_VALUE *val, /* realloc failure implies the original data space is b0rked too! */ (*policy)->data = NULL; (*policy)->length = 0; - OPENSSL_PUT_ERROR(X509V3, process_pci_value, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); X509V3_conf_err(val); goto err; } @@ -169,7 +169,7 @@ static int process_pci_value(CONF_VALUE *val, BIO *b = BIO_new_file(val->value + 5, "r"); if (!b) { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, ERR_R_BIO_LIB); + OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB); X509V3_conf_err(val); goto err; } @@ -194,7 +194,7 @@ static int process_pci_value(CONF_VALUE *val, if (n < 0) { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, ERR_R_BIO_LIB); + OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB); X509V3_conf_err(val); goto err; } @@ -217,20 +217,20 @@ static int process_pci_value(CONF_VALUE *val, /* realloc failure implies the original data space is b0rked too! */ (*policy)->data = NULL; (*policy)->length = 0; - OPENSSL_PUT_ERROR(X509V3, process_pci_value, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); X509V3_conf_err(val); goto err; } } else { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); X509V3_conf_err(val); goto err; } if (!tmp_data) { - OPENSSL_PUT_ERROR(X509V3, process_pci_value, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); X509V3_conf_err(val); goto err; } @@ -262,7 +262,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); if (!cnf->name || (*cnf->name != '@' && !cnf->value)) { - OPENSSL_PUT_ERROR(X509V3, r2i_pci, X509V3_R_INVALID_PROXY_POLICY_SETTING); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_PROXY_POLICY_SETTING); X509V3_conf_err(cnf); goto err; } @@ -274,7 +274,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, sect = X509V3_get_section(ctx, cnf->name + 1); if (!sect) { - OPENSSL_PUT_ERROR(X509V3, r2i_pci, X509V3_R_INVALID_SECTION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; } @@ -302,20 +302,21 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, /* Language is mandatory */ if (!language) { - OPENSSL_PUT_ERROR(X509V3, r2i_pci, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); goto err; } nid = OBJ_obj2nid(language); if ((nid == NID_Independent || nid == NID_id_ppl_inheritAll) && policy) { - OPENSSL_PUT_ERROR(X509V3, r2i_pci, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); + OPENSSL_PUT_ERROR(X509V3, + X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); goto err; } pci = PROXY_CERT_INFO_EXTENSION_new(); if (!pci) { - OPENSSL_PUT_ERROR(X509V3, r2i_pci, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/src/crypto/x509v3/v3_pcons.c b/src/crypto/x509v3/v3_pcons.c index f87c6a0..b752290 100644 --- a/src/crypto/x509v3/v3_pcons.c +++ b/src/crypto/x509v3/v3_pcons.c @@ -112,7 +112,7 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, CONF_VALUE *val; size_t i; if(!(pcons = POLICY_CONSTRAINTS_new())) { - OPENSSL_PUT_ERROR(X509V3, v2i_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } for(i = 0; i < sk_CONF_VALUE_num(values); i++) { @@ -124,13 +124,13 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, if(!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) goto err; } else { - OPENSSL_PUT_ERROR(X509V3, v2i_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NAME); X509V3_conf_err(val); goto err; } } if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { - OPENSSL_PUT_ERROR(X509V3, v2i_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_EMPTY_EXTENSION); goto err; } diff --git a/src/crypto/x509v3/v3_pmaps.c b/src/crypto/x509v3/v3_pmaps.c index fbc169d..5b90977 100644 --- a/src/crypto/x509v3/v3_pmaps.c +++ b/src/crypto/x509v3/v3_pmaps.c @@ -122,7 +122,7 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, size_t i; if(!(pmaps = sk_POLICY_MAPPING_new_null())) { - OPENSSL_PUT_ERROR(X509V3, v2i_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } @@ -130,7 +130,7 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, val = sk_CONF_VALUE_value(nval, i); if(!val->value || !val->name) { sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); - OPENSSL_PUT_ERROR(X509V3, v2i_POLICY_MAPPINGS, X509V3_R_INVALID_OBJECT_IDENTIFIER); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); return NULL; } @@ -138,14 +138,14 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, obj2 = OBJ_txt2obj(val->value, 0); if(!obj1 || !obj2) { sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); - OPENSSL_PUT_ERROR(X509V3, v2i_POLICY_MAPPINGS, X509V3_R_INVALID_OBJECT_IDENTIFIER); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); return NULL; } pmap = POLICY_MAPPING_new(); if (!pmap) { sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); - OPENSSL_PUT_ERROR(X509V3, v2i_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } pmap->issuerDomainPolicy = obj1; diff --git a/src/crypto/x509v3/v3_purp.c b/src/crypto/x509v3/v3_purp.c index 8ae8a06..f53c0f1 100644 --- a/src/crypto/x509v3/v3_purp.c +++ b/src/crypto/x509v3/v3_purp.c @@ -128,7 +128,7 @@ int X509_check_purpose(X509 *x, int id, int ca) int X509_PURPOSE_set(int *p, int purpose) { if(X509_PURPOSE_get_by_id(purpose) == -1) { - OPENSSL_PUT_ERROR(X509V3, X509_PURPOSE_set, X509V3_R_INVALID_PURPOSE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_PURPOSE); return 0; } *p = purpose; @@ -191,7 +191,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, /* Need a new entry */ if(idx == -1) { if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { - OPENSSL_PUT_ERROR(X509V3, X509_PURPOSE_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return 0; } ptmp->flags = X509_PURPOSE_DYNAMIC; @@ -201,7 +201,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, name_dup = BUF_strdup(name); sname_dup = BUF_strdup(sname); if (name_dup == NULL || sname_dup == NULL) { - OPENSSL_PUT_ERROR(X509V3, X509_PURPOSE_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); if (name_dup != NULL) OPENSSL_free(name_dup); if (sname_dup != NULL) @@ -232,12 +232,12 @@ int X509_PURPOSE_add(int id, int trust, int flags, /* If its a new entry manage the dynamic table */ if(idx == -1) { if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { - OPENSSL_PUT_ERROR(X509V3, X509_PURPOSE_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); xptable_free(ptmp); return 0; } if (!sk_X509_PURPOSE_push(xptable, ptmp)) { - OPENSSL_PUT_ERROR(X509V3, X509_PURPOSE_add, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); xptable_free(ptmp); return 0; } diff --git a/src/crypto/x509v3/v3_skey.c b/src/crypto/x509v3/v3_skey.c index 471a1ab..e396f05 100644 --- a/src/crypto/x509v3/v3_skey.c +++ b/src/crypto/x509v3/v3_skey.c @@ -86,7 +86,7 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, long length; if(!(oct = M_ASN1_OCTET_STRING_new())) { - OPENSSL_PUT_ERROR(X509V3, s2i_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } @@ -112,14 +112,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); if(!(oct = M_ASN1_OCTET_STRING_new())) { - OPENSSL_PUT_ERROR(X509V3, s2i_skey_id, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } if(ctx && (ctx->flags == CTX_TEST)) return oct; if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { - OPENSSL_PUT_ERROR(X509V3, s2i_skey_id, X509V3_R_NO_PUBLIC_KEY); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_PUBLIC_KEY); goto err; } @@ -128,7 +128,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, else pk = ctx->subject_cert->cert_info->key->public_key; if(!pk) { - OPENSSL_PUT_ERROR(X509V3, s2i_skey_id, X509V3_R_NO_PUBLIC_KEY); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_PUBLIC_KEY); goto err; } @@ -136,7 +136,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, goto err; if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { - OPENSSL_PUT_ERROR(X509V3, s2i_skey_id, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/src/crypto/x509v3/v3_sxnet.c b/src/crypto/x509v3/v3_sxnet.c index bb5e214..4dd5bfc 100644 --- a/src/crypto/x509v3/v3_sxnet.c +++ b/src/crypto/x509v3/v3_sxnet.c @@ -159,7 +159,7 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, { ASN1_INTEGER *izone = NULL; if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - OPENSSL_PUT_ERROR(X509V3, SXNET_add_id_asc, X509V3_R_ERROR_CONVERTING_ZONE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CONVERTING_ZONE); return 0; } return SXNET_add_id_INTEGER(psx, izone, user, userlen); @@ -172,7 +172,7 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, { ASN1_INTEGER *izone = NULL; if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - OPENSSL_PUT_ERROR(X509V3, SXNET_add_id_ulong, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); M_ASN1_INTEGER_free(izone); return 0; } @@ -191,12 +191,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, SXNET *sx = NULL; SXNETID *id = NULL; if(!psx || !zone || !user) { - OPENSSL_PUT_ERROR(X509V3, SXNET_add_id_INTEGER, X509V3_R_INVALID_NULL_ARGUMENT); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT); return 0; } if(userlen == -1) userlen = strlen(user); if(userlen > 64) { - OPENSSL_PUT_ERROR(X509V3, SXNET_add_id_INTEGER, X509V3_R_USER_TOO_LONG); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_USER_TOO_LONG); return 0; } if(!*psx) { @@ -205,7 +205,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, *psx = sx; } else sx = *psx; if(SXNET_get_id_INTEGER(sx, zone)) { - OPENSSL_PUT_ERROR(X509V3, SXNET_add_id_INTEGER, X509V3_R_DUPLICATE_ZONE_ID); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_DUPLICATE_ZONE_ID); return 0; } @@ -218,7 +218,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, return 1; err: - OPENSSL_PUT_ERROR(X509V3, SXNET_add_id_INTEGER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); SXNETID_free(id); SXNET_free(sx); *psx = NULL; @@ -230,7 +230,7 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) ASN1_INTEGER *izone = NULL; ASN1_OCTET_STRING *oct; if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - OPENSSL_PUT_ERROR(X509V3, SXNET_get_id_asc, X509V3_R_ERROR_CONVERTING_ZONE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_ERROR_CONVERTING_ZONE); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); @@ -243,7 +243,7 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) ASN1_INTEGER *izone = NULL; ASN1_OCTET_STRING *oct; if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - OPENSSL_PUT_ERROR(X509V3, SXNET_get_id_ulong, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); M_ASN1_INTEGER_free(izone); return NULL; } diff --git a/src/crypto/x509v3/v3_utl.c b/src/crypto/x509v3/v3_utl.c index 77fc65c..aa65c79 100644 --- a/src/crypto/x509v3/v3_utl.c +++ b/src/crypto/x509v3/v3_utl.c @@ -70,6 +70,8 @@ #include <openssl/obj.h> #include <openssl/x509v3.h> +#include "../conf/internal.h" + static char *strip_spaces(char *name); static int sk_strcmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b); @@ -91,7 +93,7 @@ int X509V3_add_value(const char *name, const char *value, char *tname = NULL, *tvalue = NULL; if(name && !(tname = BUF_strdup(name))) goto err; if(value && !(tvalue = BUF_strdup(value))) goto err; - if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err; + if(!(vtmp = CONF_VALUE_new())) goto err; if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; vtmp->section = NULL; vtmp->name = tname; @@ -99,7 +101,7 @@ int X509V3_add_value(const char *name, const char *value, if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err; return 1; err: - OPENSSL_PUT_ERROR(X509V3, X509V3_add_value, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); if(vtmp) OPENSSL_free(vtmp); if(tname) OPENSSL_free(tname); if(tvalue) OPENSSL_free(tvalue); @@ -145,7 +147,7 @@ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) if(!a) return NULL; if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || !(strtmp = BN_bn2dec(bntmp)) ) - OPENSSL_PUT_ERROR(X509V3, i2s_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } @@ -157,7 +159,7 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) if(!a) return NULL; if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || !(strtmp = BN_bn2dec(bntmp)) ) - OPENSSL_PUT_ERROR(X509V3, i2s_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } @@ -169,7 +171,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) int isneg, ishex; int ret; if (!value) { - OPENSSL_PUT_ERROR(X509V3, s2i_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_VALUE); return 0; } bn = BN_new(); @@ -188,7 +190,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) if (!ret || value[ret]) { BN_free(bn); - OPENSSL_PUT_ERROR(X509V3, s2i_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_BN_DEC2BN_ERROR); return 0; } @@ -197,7 +199,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) aint = BN_to_ASN1_INTEGER(bn, NULL); BN_free(bn); if (!aint) { - OPENSSL_PUT_ERROR(X509V3, s2i_ASN1_INTEGER, X509V3_R_BN_TO_ASN1_INTEGER_ERROR); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_BN_TO_ASN1_INTEGER_ERROR); return 0; } if (isneg) aint->type |= V_ASN1_NEG; @@ -232,7 +234,7 @@ int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) return 1; } err: - OPENSSL_PUT_ERROR(X509V3, X509V3_get_value_bool, X509V3_R_INVALID_BOOLEAN_STRING); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_BOOLEAN_STRING); X509V3_conf_err(value); return 0; } @@ -264,7 +266,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) linebuf = BUF_strdup(line); if (linebuf == NULL) { - OPENSSL_PUT_ERROR(X509V3, X509V3_parse_list, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); goto err; } state = HDR_NAME; @@ -279,7 +281,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) *p = 0; ntmp = strip_spaces(q); if(!ntmp) { - OPENSSL_PUT_ERROR(X509V3, X509V3_parse_list, X509V3_R_INVALID_NULL_NAME); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_NAME); goto err; } q = p + 1; @@ -291,7 +293,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) printf("%s\n", ntmp); #endif if(!ntmp) { - OPENSSL_PUT_ERROR(X509V3, X509V3_parse_list, X509V3_R_INVALID_NULL_NAME); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_NAME); goto err; } X509V3_add_value(ntmp, NULL, &values); @@ -307,7 +309,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) printf("%s\n", ntmp); #endif if(!vtmp) { - OPENSSL_PUT_ERROR(X509V3, X509V3_parse_list, X509V3_R_INVALID_NULL_VALUE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_VALUE); goto err; } X509V3_add_value(ntmp, vtmp, &values); @@ -324,7 +326,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) printf("%s=%s\n", ntmp, vtmp); #endif if(!vtmp) { - OPENSSL_PUT_ERROR(X509V3, X509V3_parse_list, X509V3_R_INVALID_NULL_VALUE); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_VALUE); goto err; } X509V3_add_value(ntmp, vtmp, &values); @@ -334,7 +336,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) printf("%s\n", ntmp); #endif if(!ntmp) { - OPENSSL_PUT_ERROR(X509V3, X509V3_parse_list, X509V3_R_INVALID_NULL_NAME); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_NAME); goto err; } X509V3_add_value(ntmp, NULL, &values); @@ -379,7 +381,7 @@ char *hex_to_string(const unsigned char *buffer, long len) static const char hexdig[] = "0123456789ABCDEF"; if(!buffer || !len) return NULL; if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { - OPENSSL_PUT_ERROR(X509V3, hex_to_string, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; } q = tmp; @@ -402,7 +404,7 @@ unsigned char *string_to_hex(const char *str, long *len) unsigned char *hexbuf, *q; unsigned char ch, cl, *p; if(!str) { - OPENSSL_PUT_ERROR(X509V3, string_to_hex, X509V3_R_INVALID_NULL_ARGUMENT); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; @@ -411,7 +413,7 @@ unsigned char *string_to_hex(const char *str, long *len) if(ch == ':') continue; cl = *p++; if(!cl) { - OPENSSL_PUT_ERROR(X509V3, string_to_hex, X509V3_R_ODD_NUMBER_OF_DIGITS); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_ODD_NUMBER_OF_DIGITS); OPENSSL_free(hexbuf); return NULL; } @@ -435,12 +437,12 @@ unsigned char *string_to_hex(const char *str, long *len) err: if(hexbuf) OPENSSL_free(hexbuf); - OPENSSL_PUT_ERROR(X509V3, string_to_hex, ERR_R_MALLOC_FAILURE); + OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE); return NULL; badhex: OPENSSL_free(hexbuf); - OPENSSL_PUT_ERROR(X509V3, string_to_hex, X509V3_R_ILLEGAL_HEX_DIGIT); + OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_HEX_DIGIT); return NULL; } diff --git a/src/crypto/x509v3/v3nametest.c b/src/crypto/x509v3/v3name_test.c index a3197e6..a3197e6 100644 --- a/src/crypto/x509v3/v3nametest.c +++ b/src/crypto/x509v3/v3name_test.c |