sync with OpenBSD -current
This commit is contained in:
parent
4d1da8f2ce
commit
c8d0379fc6
@ -1151,6 +1151,7 @@
|
||||
./usr/include/openssl/pkcs12.h
|
||||
./usr/include/openssl/pkcs7.h
|
||||
./usr/include/openssl/poly1305.h
|
||||
./usr/include/openssl/posix_time.h
|
||||
./usr/include/openssl/rand.h
|
||||
./usr/include/openssl/rc2.h
|
||||
./usr/include/openssl/rc4.h
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: Makefile,v 1.167 2024/01/27 17:14:33 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.168 2024/02/18 16:28:37 tb Exp $
|
||||
|
||||
LIB= crypto
|
||||
LIBREBUILD=y
|
||||
@ -705,6 +705,7 @@ HDRS=\
|
||||
${LCRYPTO_SRC}/aes/aes.h \
|
||||
${LCRYPTO_SRC}/asn1/asn1.h \
|
||||
${LCRYPTO_SRC}/asn1/asn1t.h \
|
||||
${LCRYPTO_SRC}/asn1/posix_time.h \
|
||||
${LCRYPTO_SRC}/bf/blowfish.h \
|
||||
${LCRYPTO_SRC}/bio/bio.h \
|
||||
${LCRYPTO_SRC}/bn/bn.h \
|
||||
|
@ -2645,3 +2645,7 @@ _libre_i2d_DHparams
|
||||
_libre_DHparams_print_fp
|
||||
_libre_DHparams_print
|
||||
_libre_ERR_load_DH_strings
|
||||
_libre_OPENSSL_gmtime
|
||||
_libre_OPENSSL_timegm
|
||||
_libre_OPENSSL_posix_to_tm
|
||||
_libre_OPENSSL_tm_to_posix
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: a_time_posix.c,v 1.4 2023/11/13 12:46:07 beck Exp $ */
|
||||
/* $OpenBSD: a_time_posix.c,v 1.5 2024/02/18 16:28:38 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2022, Google Inc.
|
||||
* Copyright (c) 2022, Bob Beck <beck@obtuse.com>
|
||||
@ -23,10 +23,14 @@
|
||||
|
||||
#include <inttypes.h>
|
||||
#include <limits.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/posix_time.h>
|
||||
|
||||
#include "crypto_internal.h"
|
||||
|
||||
#define SECS_PER_HOUR (int64_t)(60 * 60)
|
||||
#define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)
|
||||
@ -36,7 +40,7 @@
|
||||
* to 9999?
|
||||
*/
|
||||
static int
|
||||
is_valid_date(int year, int month, int day)
|
||||
is_valid_date(int64_t year, int64_t month, int64_t day)
|
||||
{
|
||||
int days_in_month;
|
||||
if (day < 1 || month < 1 || year < 0 || year > 9999)
|
||||
@ -80,13 +84,16 @@ is_valid_time(int hours, int minutes, int seconds)
|
||||
minutes <= 59 && seconds <= 59;
|
||||
}
|
||||
|
||||
/* 0000-01-01 00:00:00 UTC */
|
||||
#define MIN_POSIX_TIME INT64_C(-62167219200)
|
||||
/* 9999-12-31 23:59:59 UTC */
|
||||
#define MAX_POSIX_TIME INT64_C(253402300799)
|
||||
|
||||
/* Is a int64 time representing a time within our expected range? */
|
||||
static int
|
||||
is_valid_epoch_time(int64_t time)
|
||||
is_valid_posix_time(int64_t time)
|
||||
{
|
||||
/* 0000-01-01 00:00:00 UTC to 9999-12-31 23:59:59 UTC */
|
||||
return (int64_t)-62167219200LL <= time &&
|
||||
time <= (int64_t)253402300799LL;
|
||||
return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -95,8 +102,8 @@ is_valid_epoch_time(int64_t time)
|
||||
* (Public Domain)
|
||||
*/
|
||||
static int
|
||||
posix_time_from_utc(int year, int month, int day, int hours, int minutes,
|
||||
int seconds, int64_t *out_time)
|
||||
posix_time_from_utc(int64_t year, int64_t month, int64_t day, int64_t hours,
|
||||
int64_t minutes, int64_t seconds, int64_t *out_time)
|
||||
{
|
||||
int64_t era, year_of_era, day_of_year, day_of_era, posix_days;
|
||||
|
||||
@ -132,7 +139,7 @@ utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day,
|
||||
int64_t days, leftover_seconds, era, day_of_era, year_of_era,
|
||||
day_of_year, month_of_year;
|
||||
|
||||
if (!is_valid_epoch_time(time))
|
||||
if (!is_valid_posix_time(time))
|
||||
return 0;
|
||||
|
||||
days = time / SECS_PER_DAY;
|
||||
@ -167,40 +174,41 @@ utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day,
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
asn1_time_tm_to_posix(const struct tm *tm, int64_t *out)
|
||||
int
|
||||
OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out)
|
||||
{
|
||||
/* Ensure additions below do not overflow */
|
||||
if (tm->tm_year > 9999)
|
||||
return 0;
|
||||
if (tm->tm_mon > 12)
|
||||
return 0;
|
||||
|
||||
return posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,
|
||||
tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, out);
|
||||
return posix_time_from_utc(tm->tm_year + (int64_t)1900,
|
||||
tm->tm_mon + (int64_t)1, tm->tm_mday, tm->tm_hour, tm->tm_min,
|
||||
tm->tm_sec, out);
|
||||
}
|
||||
LCRYPTO_ALIAS(OPENSSL_tm_to_posix);
|
||||
|
||||
static int
|
||||
asn1_time_posix_to_tm(int64_t time, struct tm *out_tm)
|
||||
int
|
||||
OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm)
|
||||
{
|
||||
memset(out_tm, 0, sizeof(struct tm));
|
||||
if (!utc_from_posix_time(time, &out_tm->tm_year, &out_tm->tm_mon,
|
||||
&out_tm->tm_mday, &out_tm->tm_hour, &out_tm->tm_min,
|
||||
&out_tm->tm_sec))
|
||||
struct tm tmp_tm = {0};
|
||||
|
||||
memset(out_tm, 0, sizeof(*out_tm));
|
||||
|
||||
if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
|
||||
&tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min, &tmp_tm.tm_sec))
|
||||
return 0;
|
||||
|
||||
out_tm->tm_year -= 1900;
|
||||
out_tm->tm_mon -= 1;
|
||||
tmp_tm.tm_year -= 1900;
|
||||
tmp_tm.tm_mon -= 1;
|
||||
|
||||
*out_tm = tmp_tm;
|
||||
|
||||
return 1;
|
||||
}
|
||||
LCRYPTO_ALIAS(OPENSSL_posix_to_tm);
|
||||
|
||||
int
|
||||
asn1_time_tm_to_time_t(const struct tm *tm, time_t *out)
|
||||
{
|
||||
int64_t posix_time;
|
||||
|
||||
if (!asn1_time_tm_to_posix(tm, &posix_time))
|
||||
if (!OPENSSL_tm_to_posix(tm, &posix_time))
|
||||
return 0;
|
||||
|
||||
#ifdef SMALL_TIME_T
|
||||
@ -219,7 +227,7 @@ asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm)
|
||||
{
|
||||
int64_t posix_time = *time;
|
||||
|
||||
return asn1_time_posix_to_tm(posix_time, out_tm);
|
||||
return OPENSSL_posix_to_tm(posix_time, out_tm);
|
||||
}
|
||||
|
||||
int
|
||||
@ -236,28 +244,29 @@ OPENSSL_gmtime(const time_t *time, struct tm *out_tm) {
|
||||
}
|
||||
LCRYPTO_ALIAS(OPENSSL_gmtime);
|
||||
|
||||
/* Public API in OpenSSL. BoringSSL uses int64_t instead of long. */
|
||||
int
|
||||
OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
|
||||
OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec)
|
||||
{
|
||||
int64_t posix_time;
|
||||
|
||||
/* Ensure additions below do not overflow */
|
||||
if (tm->tm_year > 9999)
|
||||
return 0;
|
||||
if (tm->tm_mon > 12)
|
||||
if (!OPENSSL_tm_to_posix(tm, &posix_time))
|
||||
return 0;
|
||||
|
||||
if (!posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1,
|
||||
tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, &posix_time))
|
||||
return 0;
|
||||
CTASSERT(INT_MAX <= INT64_MAX / SECS_PER_DAY);
|
||||
CTASSERT(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY);
|
||||
CTASSERT(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY);
|
||||
|
||||
if (!utc_from_posix_time(posix_time + off_day * SECS_PER_DAY +
|
||||
offset_sec, &tm->tm_year, &tm->tm_mon, &tm->tm_mday, &tm->tm_hour,
|
||||
&tm->tm_min, &tm->tm_sec))
|
||||
return 0;
|
||||
posix_time += offset_day * SECS_PER_DAY;
|
||||
|
||||
tm->tm_year -= 1900;
|
||||
tm->tm_mon -= 1;
|
||||
if (posix_time > 0 && offset_sec > INT64_MAX - posix_time)
|
||||
return 0;
|
||||
if (posix_time < 0 && offset_sec < INT64_MIN - posix_time)
|
||||
return 0;
|
||||
posix_time += offset_sec;
|
||||
|
||||
if (!OPENSSL_posix_to_tm(posix_time, tm))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
@ -268,20 +277,17 @@ OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
|
||||
{
|
||||
int64_t time_to, time_from, timediff, daydiff;
|
||||
|
||||
if (!posix_time_from_utc(to->tm_year + 1900, to->tm_mon + 1,
|
||||
to->tm_mday, to->tm_hour, to->tm_min, to->tm_sec, &time_to))
|
||||
if (!OPENSSL_tm_to_posix(to, &time_to) ||
|
||||
!OPENSSL_tm_to_posix(from, &time_from))
|
||||
return 0;
|
||||
|
||||
if (!posix_time_from_utc(from->tm_year + 1900, from->tm_mon + 1,
|
||||
from->tm_mday, from->tm_hour, from->tm_min,
|
||||
from->tm_sec, &time_from))
|
||||
return 0;
|
||||
/* Times are in range, so these calculations cannot overflow. */
|
||||
CTASSERT(SECS_PER_DAY <= INT_MAX);
|
||||
CTASSERT((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX);
|
||||
|
||||
timediff = time_to - time_from;
|
||||
daydiff = timediff / SECS_PER_DAY;
|
||||
timediff %= SECS_PER_DAY;
|
||||
if (daydiff > INT_MAX || daydiff < INT_MIN)
|
||||
return 0;
|
||||
|
||||
*out_secs = timediff;
|
||||
*out_days = daydiff;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: asn1.h,v 1.82 2023/12/16 12:25:02 tb Exp $ */
|
||||
/* $OpenBSD: asn1.h,v 1.83 2024/02/18 16:28:38 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -915,11 +915,6 @@ int SMIME_text(BIO *in, BIO *out);
|
||||
|
||||
void ERR_load_ASN1_strings(void);
|
||||
|
||||
#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
|
||||
int OPENSSL_timegm(const struct tm *tm, time_t *out);
|
||||
struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm);
|
||||
#endif
|
||||
|
||||
/* Error codes for the ASN1 functions. */
|
||||
|
||||
/* Function codes. */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: asn1_local.h,v 1.7 2024/01/06 20:47:01 tb Exp $ */
|
||||
/* $OpenBSD: asn1_local.h,v 1.8 2024/02/18 16:28:38 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2006.
|
||||
*/
|
||||
@ -160,7 +160,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
|
||||
int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
|
||||
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
|
||||
long length);
|
||||
int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
|
||||
int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec);
|
||||
int OPENSSL_gmtime_diff(int *pday, int *psec, const struct tm *from,
|
||||
const struct tm *to);
|
||||
int asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: p5_pbev2.c,v 1.30 2023/07/07 19:37:52 beck Exp $ */
|
||||
/* $OpenBSD: p5_pbev2.c,v 1.31 2024/02/18 15:44:10 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 1999-2004.
|
||||
*/
|
||||
@ -218,7 +218,7 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
|
||||
arc4random_buf(iv, EVP_CIPHER_iv_length(cipher));
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_CIPHER_CTX_legacy_clear(&ctx);
|
||||
|
||||
/* Dummy cipherinit to just setup the IV, and PRF */
|
||||
if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
|
||||
|
54
lib/libcrypto/asn1/posix_time.h
Normal file
54
lib/libcrypto/asn1/posix_time.h
Normal file
@ -0,0 +1,54 @@
|
||||
/* $OpenBSD: posix_time.h,v 1.1 2024/02/18 16:28:38 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2022, Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||||
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
||||
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
||||
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#ifndef OPENSSL_HEADER_POSIX_TIME_H
|
||||
#define OPENSSL_HEADER_POSIX_TIME_H
|
||||
|
||||
#include <stdint.h>
|
||||
#include <time.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
* OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time|, which must
|
||||
* be in the range of year 0000 to 9999, to a broken out time value in |tm|. It
|
||||
* returns one on success and zero on error.
|
||||
*/
|
||||
int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm);
|
||||
|
||||
/*
|
||||
* OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in
|
||||
* |tm| to a POSIX time value in |out|. One is returned on success, zero is
|
||||
* returned on failure. It is a failure if |tm| contains out of range values.
|
||||
*/
|
||||
int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out);
|
||||
|
||||
/*
|
||||
* OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to
|
||||
* a time_t value in |out|. One is returned on success, zero is returned on
|
||||
* failure. It is a failure if the converted time can not be represented in a
|
||||
* time_t, or if the tm contains out of range values.
|
||||
*/
|
||||
int OPENSSL_timegm(const struct tm *tm, time_t *out);
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} /* extern C */
|
||||
#endif
|
||||
|
||||
#endif /* OPENSSL_HEADER_POSIX_TIME_H */
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: crypto.h,v 1.63 2023/07/28 10:19:20 tb Exp $ */
|
||||
/* $OpenBSD: crypto.h,v 1.64 2024/02/18 16:28:37 tb Exp $ */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
@ -522,6 +522,14 @@ int CRYPTO_memcmp(const void *a, const void *b, size_t len);
|
||||
int OPENSSL_init_crypto(uint64_t opts, const void *settings);
|
||||
void OPENSSL_cleanup(void);
|
||||
|
||||
/*
|
||||
* OpenSSL helpfully put OPENSSL_gmtime() here because all other time related
|
||||
* functions are in asn1.h.
|
||||
*/
|
||||
#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
|
||||
struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm);
|
||||
#endif
|
||||
|
||||
void ERR_load_CRYPTO_strings(void);
|
||||
|
||||
/* Error codes for the CRYPTO functions. */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: bio_enc.c,v 1.29 2023/07/07 19:37:53 beck Exp $ */
|
||||
/* $OpenBSD: bio_enc.c,v 1.30 2024/02/18 15:44:10 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -115,7 +115,7 @@ enc_new(BIO *bi)
|
||||
ctx = malloc(sizeof(BIO_ENC_CTX));
|
||||
if (ctx == NULL)
|
||||
return (0);
|
||||
EVP_CIPHER_CTX_init(&ctx->cipher);
|
||||
EVP_CIPHER_CTX_legacy_clear(&ctx->cipher);
|
||||
|
||||
ctx->buf_len = 0;
|
||||
ctx->buf_off = 0;
|
||||
@ -360,7 +360,7 @@ again:
|
||||
case BIO_CTRL_DUP:
|
||||
dbio = (BIO *)ptr;
|
||||
dctx = (BIO_ENC_CTX *)dbio->ptr;
|
||||
EVP_CIPHER_CTX_init(&dctx->cipher);
|
||||
EVP_CIPHER_CTX_legacy_clear(&dctx->cipher);
|
||||
ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher);
|
||||
if (ret)
|
||||
dbio->init = 1;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: evp.h,v 1.120 2023/10/18 17:26:06 tb Exp $ */
|
||||
/* $OpenBSD: evp.h,v 1.121 2024/02/18 15:47:48 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -472,7 +472,9 @@ int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in,
|
||||
|
||||
EVP_MD_CTX *EVP_MD_CTX_new(void);
|
||||
void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
|
||||
#ifndef LIBRESSL_INTERNAL
|
||||
void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
|
||||
#endif
|
||||
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
|
||||
EVP_MD_CTX *EVP_MD_CTX_create(void);
|
||||
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
|
||||
@ -584,7 +586,9 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
|
||||
int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
|
||||
|
||||
#ifndef LIBRESSL_INTERNAL
|
||||
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
|
||||
#endif
|
||||
int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
|
||||
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
|
||||
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: evp_cipher.c,v 1.17 2024/01/30 17:41:01 tb Exp $ */
|
||||
/* $OpenBSD: evp_cipher.c,v 1.19 2024/02/18 15:53:54 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -615,7 +615,13 @@ EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
|
||||
void
|
||||
EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
|
||||
{
|
||||
memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
}
|
||||
|
||||
void
|
||||
EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: evp_digest.c,v 1.8 2024/01/30 17:41:01 tb Exp $ */
|
||||
/* $OpenBSD: evp_digest.c,v 1.10 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -123,7 +123,7 @@
|
||||
int
|
||||
EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
|
||||
{
|
||||
EVP_MD_CTX_init(ctx);
|
||||
EVP_MD_CTX_legacy_clear(ctx);
|
||||
return EVP_DigestInit_ex(ctx, type, NULL);
|
||||
}
|
||||
|
||||
@ -207,7 +207,7 @@ EVP_Digest(const void *data, size_t count,
|
||||
EVP_MD_CTX ctx;
|
||||
int ret;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
EVP_MD_CTX_legacy_clear(&ctx);
|
||||
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
|
||||
ret = EVP_DigestInit_ex(&ctx, type, NULL) &&
|
||||
EVP_DigestUpdate(&ctx, data, count) &&
|
||||
@ -252,6 +252,12 @@ EVP_MD_CTX_init(EVP_MD_CTX *ctx)
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
}
|
||||
|
||||
void
|
||||
EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
}
|
||||
|
||||
int
|
||||
EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
|
||||
{
|
||||
@ -288,7 +294,7 @@ EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
|
||||
int
|
||||
EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
|
||||
{
|
||||
EVP_MD_CTX_init(out);
|
||||
EVP_MD_CTX_legacy_clear(out);
|
||||
return EVP_MD_CTX_copy_ex(out, in);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: evp_key.c,v 1.33 2024/01/05 10:18:52 tb Exp $ */
|
||||
/* $OpenBSD: evp_key.c,v 1.34 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -156,7 +156,7 @@ EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
|
||||
if (data == NULL)
|
||||
return nkey;
|
||||
|
||||
EVP_MD_CTX_init(&c);
|
||||
EVP_MD_CTX_legacy_clear(&c);
|
||||
for (;;) {
|
||||
if (!EVP_DigestInit_ex(&c, md, NULL))
|
||||
goto err;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: evp_local.h,v 1.14 2024/01/27 23:34:18 tb Exp $ */
|
||||
/* $OpenBSD: evp_local.h,v 1.16 2024/02/18 15:43:21 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2000.
|
||||
*/
|
||||
@ -377,6 +377,9 @@ int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
|
||||
int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
|
||||
int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name);
|
||||
|
||||
void EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx);
|
||||
void EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx);
|
||||
|
||||
__END_HIDDEN_DECLS
|
||||
|
||||
#endif /* !HEADER_EVP_LOCAL_H */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: evp_pbe.c,v 1.41 2024/02/01 17:11:58 tb Exp $ */
|
||||
/* $OpenBSD: evp_pbe.c,v 1.42 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 1999.
|
||||
*/
|
||||
@ -266,7 +266,7 @@ PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
|
||||
else if (passlen == -1)
|
||||
passlen = strlen(pass);
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
EVP_MD_CTX_legacy_clear(&ctx);
|
||||
|
||||
if (!EVP_DigestInit_ex(&ctx, md, NULL))
|
||||
goto err;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: m_sigver.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */
|
||||
/* $OpenBSD: m_sigver.c,v 1.15 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2006.
|
||||
*/
|
||||
@ -171,7 +171,7 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
|
||||
EVP_MD_CTX tmp_ctx;
|
||||
unsigned char md[EVP_MAX_MD_SIZE];
|
||||
unsigned int mdlen = 0;
|
||||
EVP_MD_CTX_init(&tmp_ctx);
|
||||
EVP_MD_CTX_legacy_clear(&tmp_ctx);
|
||||
if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
|
||||
return 0;
|
||||
if (sctx)
|
||||
@ -228,7 +228,7 @@ EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen)
|
||||
vctx = 1;
|
||||
else
|
||||
vctx = 0;
|
||||
EVP_MD_CTX_init(&tmp_ctx);
|
||||
EVP_MD_CTX_legacy_clear(&tmp_ctx);
|
||||
if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
|
||||
return -1;
|
||||
if (vctx) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: p_legacy.c,v 1.2 2023/12/20 13:52:17 tb Exp $ */
|
||||
/* $OpenBSD: p_legacy.c,v 1.3 2024/02/18 15:44:10 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -99,7 +99,7 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
|
||||
int i, size = 0, ret = 0;
|
||||
|
||||
if (type) {
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
EVP_CIPHER_CTX_legacy_clear(ctx);
|
||||
if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
|
||||
return 0;
|
||||
}
|
||||
@ -154,7 +154,7 @@ EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
|
||||
int i, iv_len;
|
||||
|
||||
if (type) {
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
EVP_CIPHER_CTX_legacy_clear(ctx);
|
||||
if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: p_sign.c,v 1.19 2023/07/07 19:37:54 beck Exp $ */
|
||||
/* $OpenBSD: p_sign.c,v 1.20 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -77,7 +77,7 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
|
||||
int ret = 0;
|
||||
|
||||
*siglen = 0;
|
||||
EVP_MD_CTX_init(&tmp_ctx);
|
||||
EVP_MD_CTX_legacy_clear(&tmp_ctx);
|
||||
if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
|
||||
goto err;
|
||||
if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len))
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: p_verify.c,v 1.18 2023/07/07 19:37:54 beck Exp $ */
|
||||
/* $OpenBSD: p_verify.c,v 1.19 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -75,7 +75,7 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
|
||||
EVP_PKEY_CTX *pkctx = NULL;
|
||||
int ret = 0;
|
||||
|
||||
EVP_MD_CTX_init(&tmp_ctx);
|
||||
EVP_MD_CTX_legacy_clear(&tmp_ctx);
|
||||
if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx))
|
||||
goto err;
|
||||
if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len))
|
||||
|
32
lib/libcrypto/hidden/openssl/posix_time.h
Normal file
32
lib/libcrypto/hidden/openssl/posix_time.h
Normal file
@ -0,0 +1,32 @@
|
||||
/* $OpenBSD: posix_time.h,v 1.1 2024/02/18 16:28:38 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2024 Bob Beck <beck@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#ifndef _LIBCRYPTO_POSIX_TIME_H
|
||||
#define _LIBCRYPTO_POSIX_TIME_H
|
||||
|
||||
#ifndef _MSC_VER
|
||||
#include_next <openssl/posix_time.h>
|
||||
#else
|
||||
#include "../include/openssl/posix_time.h"
|
||||
#endif
|
||||
#include "crypto_namespace.h"
|
||||
|
||||
LCRYPTO_USED(OPENSSL_posix_to_tm);
|
||||
LCRYPTO_USED(OPENSSL_tm_to_posix);
|
||||
LCRYPTO_USED(OPENSSL_timegm);
|
||||
|
||||
#endif /* _LIBCRYPTO_POSIX_TIME_H */
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: hmac.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */
|
||||
/* $OpenBSD: hmac.c,v 1.32 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -214,9 +214,9 @@ HMAC_CTX_reset(HMAC_CTX *ctx)
|
||||
void
|
||||
HMAC_CTX_init(HMAC_CTX *ctx)
|
||||
{
|
||||
EVP_MD_CTX_init(&ctx->i_ctx);
|
||||
EVP_MD_CTX_init(&ctx->o_ctx);
|
||||
EVP_MD_CTX_init(&ctx->md_ctx);
|
||||
EVP_MD_CTX_legacy_clear(&ctx->i_ctx);
|
||||
EVP_MD_CTX_legacy_clear(&ctx->o_ctx);
|
||||
EVP_MD_CTX_legacy_clear(&ctx->md_ctx);
|
||||
ctx->md = NULL;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ASN1_TIME_set.3,v 1.21 2023/11/16 14:20:49 tb Exp $
|
||||
.\" $OpenBSD: ASN1_TIME_set.3,v 1.22 2024/02/18 16:30:17 tb Exp $
|
||||
.\" full merge up to: OpenSSL 3d0f1cb9 Jul 11 03:01:24 2017 +0800
|
||||
.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
|
||||
.\"
|
||||
@ -68,7 +68,7 @@
|
||||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: November 16 2023 $
|
||||
.Dd $Mdocdate: February 18 2024 $
|
||||
.Dt ASN1_TIME_SET 3
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -96,7 +96,9 @@
|
||||
.Nm ASN1_TIME_compare ,
|
||||
.Nm ASN1_TIME_to_generalizedtime ,
|
||||
.Nm OPENSSL_gmtime ,
|
||||
.Nm OPENSSL_timegm
|
||||
.Nm OPENSSL_timegm ,
|
||||
.Nm OPENSSL_posix_to_tm ,
|
||||
.Nm OPENSSL_tm_to_posix
|
||||
.Nd ASN.1 Time functions
|
||||
.Sh SYNOPSIS
|
||||
.In openssl/asn1.h
|
||||
@ -219,16 +221,28 @@
|
||||
.Fa "const ASN1_TIME *t"
|
||||
.Fa "ASN1_GENERALIZEDTIME **out"
|
||||
.Fc
|
||||
.In openssl/crypto.h
|
||||
.Ft struct tm *
|
||||
.Fo OPENSSL_gmtime
|
||||
.Fa "const time_t *time"
|
||||
.Fa "struct tm *out_tm"
|
||||
.Fc
|
||||
.In openssl/posix_time.h
|
||||
.Ft int
|
||||
.Fo OPENSSL_timegm
|
||||
.Fa "const struct tm *tm"
|
||||
.Fa "time_t *out_time"
|
||||
.Fc
|
||||
.Ft int
|
||||
.Fo OPENSSL_posix_to_tm
|
||||
.Fa "int64_t time"
|
||||
.Fa "struct tm *out_tm"
|
||||
.Fc
|
||||
.Ft int
|
||||
.Fo OPENSSL_tm_to_posix
|
||||
.Fa "struct tm *t_tm"
|
||||
.Fa "int64_t *out"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
An
|
||||
.Vt ASN1_TIME
|
||||
@ -529,6 +543,21 @@ converts a time structure in UTC time in
|
||||
.Fa tm
|
||||
to a time_t value in
|
||||
.Fa out_time .
|
||||
.Pp
|
||||
.Fn OPENSSL_posix_to_tm
|
||||
converts an
|
||||
.Vt int64_t
|
||||
POSIX time value in
|
||||
.Fa time ,
|
||||
which must be in the range of year 0 to 9999,
|
||||
to a broken out time value in
|
||||
.Fa tm .
|
||||
.Pp
|
||||
.Fn OPENSSL_tm_to_posix
|
||||
converts a time value between the years 0 and 9999 in
|
||||
.Fa tm
|
||||
to a POSIX time value in
|
||||
.Fa out .
|
||||
.Sh RETURN VALUES
|
||||
.Fn ASN1_TIME_set ,
|
||||
.Fn ASN1_UTCTIME_set ,
|
||||
@ -599,6 +628,12 @@ returns
|
||||
on success or NULL for failure.
|
||||
It can fail if the time is not representable in a struct tm,
|
||||
or falls outside the range allowed in RFC 5280 times.
|
||||
.Pp
|
||||
.Fn OPENSSL_posix_to_tm
|
||||
and
|
||||
.Fn OPENSSL_tm_to_posix
|
||||
return 1 for success or 0 on failure.
|
||||
It is a failure if the year is less than 0 or more than 9999.
|
||||
.Sh EXAMPLES
|
||||
Set a time object to one hour after the current time and print it
|
||||
out:
|
||||
@ -690,9 +725,13 @@ first appeared in OpenSSL 1.1.1 and have been available since
|
||||
.Ox 7.2 .
|
||||
.Pp
|
||||
.Fn OPENSSL_gmtime
|
||||
first appeared in OpenSSL 0.9.7.
|
||||
.Fn OPENSSL_timegm ,
|
||||
.Fn OPENSSL_posix_to_tm ,
|
||||
and
|
||||
.Fn OPENSSL_timegm
|
||||
first appeared in BoringSSL and have been available since
|
||||
.Fn OPENSSL_tm_to_posix
|
||||
first appeared in BoringSSL;
|
||||
all these functions have been available since
|
||||
.Ox 7.5 .
|
||||
.Sh CAVEATS
|
||||
Some applications add offset times directly to a
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pem_lib.c,v 1.55 2023/11/29 21:35:57 tb Exp $ */
|
||||
/* $OpenBSD: pem_lib.c,v 1.56 2024/02/18 15:44:10 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -412,7 +412,7 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
|
||||
PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
|
||||
/* k=strlen(buf); */
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_CIPHER_CTX_legacy_clear(&ctx);
|
||||
ret = 1;
|
||||
if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) ||
|
||||
!EVP_EncryptUpdate(&ctx, data, &j, data, i) ||
|
||||
@ -466,7 +466,7 @@ PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
||||
return 0;
|
||||
|
||||
j = (int)len;
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_CIPHER_CTX_legacy_clear(&ctx);
|
||||
o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key,
|
||||
&(cipher->iv[0]));
|
||||
if (o)
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pvkfmt.c,v 1.27 2023/07/07 13:40:44 beck Exp $ */
|
||||
/* $OpenBSD: pvkfmt.c,v 1.28 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2005.
|
||||
*/
|
||||
@ -713,7 +713,7 @@ derive_pvk_key(unsigned char *key, const unsigned char *salt,
|
||||
EVP_MD_CTX mctx;
|
||||
int rv = 1;
|
||||
|
||||
EVP_MD_CTX_init(&mctx);
|
||||
EVP_MD_CTX_legacy_clear(&mctx);
|
||||
if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) ||
|
||||
!EVP_DigestUpdate(&mctx, salt, saltlen) ||
|
||||
!EVP_DigestUpdate(&mctx, pass, passlen) ||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: p12_decr.c,v 1.24 2023/02/16 08:38:17 tb Exp $ */
|
||||
/* $OpenBSD: p12_decr.c,v 1.25 2024/02/18 15:44:10 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 1999.
|
||||
*/
|
||||
@ -77,7 +77,7 @@ PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen,
|
||||
int outlen, i;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
|
||||
EVP_CIPHER_CTX_init(&ctx);
|
||||
EVP_CIPHER_CTX_legacy_clear(&ctx);
|
||||
/* Decrypt data */
|
||||
if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
|
||||
algor->parameter, &ctx, en_de)) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pk7_doit.c,v 1.55 2024/01/25 13:44:08 tb Exp $ */
|
||||
/* $OpenBSD: pk7_doit.c,v 1.56 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -711,7 +711,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_MD_CTX_init(&ctx_tmp);
|
||||
EVP_MD_CTX_legacy_clear(&ctx_tmp);
|
||||
i = OBJ_obj2nid(p7->type);
|
||||
p7->state = PKCS7_S_HEADER;
|
||||
|
||||
@ -879,7 +879,7 @@ PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
|
||||
if (md == NULL)
|
||||
return 0;
|
||||
|
||||
EVP_MD_CTX_init(&mctx);
|
||||
EVP_MD_CTX_legacy_clear(&mctx);
|
||||
if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
|
||||
goto err;
|
||||
|
||||
@ -997,7 +997,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
|
||||
BIO *btmp;
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
EVP_MD_CTX_init(&mdc_tmp);
|
||||
EVP_MD_CTX_legacy_clear(&mdc_tmp);
|
||||
|
||||
if (!PKCS7_type_is_signed(p7) &&
|
||||
!PKCS7_type_is_signedAndEnveloped(p7)) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: rsa_oaep.c,v 1.37 2023/07/08 12:26:45 beck Exp $ */
|
||||
/* $OpenBSD: rsa_oaep.c,v 1.38 2024/02/18 15:45:42 tb Exp $ */
|
||||
/*
|
||||
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
@ -331,7 +331,7 @@ PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
|
||||
int mdlen;
|
||||
int rv = -1;
|
||||
|
||||
EVP_MD_CTX_init(&c);
|
||||
EVP_MD_CTX_legacy_clear(&c);
|
||||
mdlen = EVP_MD_size(dgst);
|
||||
if (mdlen < 0)
|
||||
goto err;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: rsa_pss.c,v 1.17 2023/07/08 12:26:45 beck Exp $ */
|
||||
/* $OpenBSD: rsa_pss.c,v 1.18 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||
* project 2005.
|
||||
*/
|
||||
@ -92,7 +92,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
|
||||
EVP_MD_CTX ctx;
|
||||
unsigned char H_[EVP_MAX_MD_SIZE];
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
EVP_MD_CTX_legacy_clear(&ctx);
|
||||
|
||||
if (mgf1Hash == NULL)
|
||||
mgf1Hash = Hash;
|
||||
@ -200,7 +200,7 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
||||
unsigned char *H, *salt = NULL, *p;
|
||||
EVP_MD_CTX ctx;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
EVP_MD_CTX_legacy_clear(&ctx);
|
||||
|
||||
if (mgf1Hash == NULL)
|
||||
mgf1Hash = Hash;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: x509_cmp.c,v 1.42 2023/02/16 08:38:17 tb Exp $ */
|
||||
/* $OpenBSD: x509_cmp.c,v 1.43 2024/02/18 15:45:42 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -95,7 +95,7 @@ X509_issuer_and_serial_hash(X509 *a)
|
||||
unsigned char md[16];
|
||||
char *f;
|
||||
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
EVP_MD_CTX_legacy_clear(&ctx);
|
||||
f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
|
||||
if (f == NULL)
|
||||
goto err;
|
||||
@ -291,7 +291,7 @@ X509_NAME_hash_old(X509_NAME *x)
|
||||
|
||||
/* Make sure X509_NAME structure contains valid cached encoding */
|
||||
i2d_X509_NAME(x, NULL);
|
||||
EVP_MD_CTX_init(&md_ctx);
|
||||
EVP_MD_CTX_legacy_clear(&md_ctx);
|
||||
if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
|
||||
EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
|
||||
EVP_DigestFinal_ex(&md_ctx, md, NULL))
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: Makefile,v 1.26 2023/12/15 22:24:15 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.27 2024/02/18 16:32:29 tb Exp $
|
||||
|
||||
PROGS = \
|
||||
asn1api \
|
||||
@ -24,5 +24,6 @@ CFLAGS+= -I${.CURDIR}/../../../../lib/libcrypto/bytestring
|
||||
|
||||
LDADD_asn1basic = ${CRYPTO_INT}
|
||||
LDADD_asn1object = ${CRYPTO_INT}
|
||||
LDADD_asn1time = ${CRYPTO_INT}
|
||||
|
||||
.include <bsd.regress.mk>
|
||||
|
@ -1,6 +1,7 @@
|
||||
/* $OpenBSD: asn1time.c,v 1.21 2023/10/05 07:59:41 tb Exp $ */
|
||||
/* $OpenBSD: asn1time.c,v 1.24 2024/02/18 17:13:29 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
|
||||
* Copyright (c) 2024 Google Inc.
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@ -16,11 +17,15 @@
|
||||
*/
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/posix_time.h>
|
||||
|
||||
#include <err.h>
|
||||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "asn1_local.h"
|
||||
|
||||
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
|
||||
|
||||
struct asn1_time_test {
|
||||
@ -567,6 +572,205 @@ asn1_time_compare_test(void)
|
||||
return failed;
|
||||
}
|
||||
|
||||
static int
|
||||
asn1_time_overflow(void)
|
||||
{
|
||||
struct tm overflow_year = {0}, overflow_month = {0};
|
||||
struct tm copy, max_time = {0}, min_time = {0}, zero = {0};
|
||||
int64_t valid_time_range = INT64_C(315569519999);
|
||||
int64_t posix_u64;
|
||||
time_t posix_time;
|
||||
int days, secs;
|
||||
int failed = 1;
|
||||
|
||||
overflow_year.tm_year = INT_MAX - 1899;
|
||||
overflow_year.tm_mday = 1;
|
||||
|
||||
overflow_month.tm_mon = INT_MAX;
|
||||
overflow_month.tm_mday = 1;
|
||||
|
||||
if (OPENSSL_tm_to_posix(&overflow_year, &posix_u64)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_tm_to_posix didn't fail on "
|
||||
"overflow of years\n");
|
||||
goto err;
|
||||
}
|
||||
if (OPENSSL_tm_to_posix(&overflow_month, &posix_u64)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_tm_to_posix didn't fail on "
|
||||
"overflow of months\n");
|
||||
goto err;
|
||||
}
|
||||
if (OPENSSL_timegm(&overflow_year, &posix_time)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_timegm didn't fail on "
|
||||
"overflow of years\n");
|
||||
goto err;
|
||||
}
|
||||
if (OPENSSL_timegm(&overflow_month, &posix_time)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_timegm didn't fail on "
|
||||
"overflow of months\n");
|
||||
goto err;
|
||||
}
|
||||
if (OPENSSL_gmtime_adj(&overflow_year, 0, 0)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj didn't fail on "
|
||||
"overflow of years\n");
|
||||
goto err;
|
||||
}
|
||||
if (OPENSSL_gmtime_adj(&overflow_month, 0, 0)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj didn't fail on "
|
||||
"overflow of months\n");
|
||||
goto err;
|
||||
}
|
||||
if (OPENSSL_gmtime_diff(&days, &secs, &overflow_year, &overflow_year)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_diff didn't fail on "
|
||||
"overflow of years\n");
|
||||
goto err;
|
||||
}
|
||||
if (OPENSSL_gmtime_diff(&days, &secs, &overflow_month, &overflow_month)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_diff didn't fail on "
|
||||
"overflow of months\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Input time is in range but adding one second puts it out of range. */
|
||||
max_time.tm_year = 9999 - 1900;
|
||||
max_time.tm_mon = 12 - 1;
|
||||
max_time.tm_mday = 31;
|
||||
max_time.tm_hour = 23;
|
||||
max_time.tm_min = 59;
|
||||
max_time.tm_sec = 59;
|
||||
|
||||
copy = max_time;
|
||||
if (!OPENSSL_gmtime_adj(©, 0, 0)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't "
|
||||
"succeed for maximum time\n");
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(©, &max_time, sizeof(max_time)) != 0) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't "
|
||||
"leave copy of max_time unmodified\n");
|
||||
goto err;
|
||||
}
|
||||
if (OPENSSL_gmtime_adj(©, 0, 1)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 1 sec didn't "
|
||||
"fail for maximum time\n");
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(&zero, ©, sizeof(copy)) != 0) {
|
||||
fprintf(stderr, "FAIL: failing OPENSSL_gmtime_adj didn't "
|
||||
"zero out max_time\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
min_time.tm_year = 0 - 1900;
|
||||
min_time.tm_mon = 1 - 1;
|
||||
min_time.tm_mday = 1;
|
||||
min_time.tm_hour = 0;
|
||||
min_time.tm_min = 0;
|
||||
min_time.tm_sec = 0;
|
||||
|
||||
copy = min_time;
|
||||
if (!OPENSSL_gmtime_adj(©, 0, 0)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't "
|
||||
"succeed for minimum time\n");
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(©, &min_time, sizeof(min_time)) != 0) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't "
|
||||
"leave copy of min_time unmodified\n");
|
||||
goto err;
|
||||
}
|
||||
if (OPENSSL_gmtime_adj(©, 0, -1)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 1 sec didn't "
|
||||
"fail for minimum time\n");
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(&zero, ©, sizeof(copy)) != 0) {
|
||||
fprintf(stderr, "FAIL: failing OPENSSL_gmtime_adj didn't "
|
||||
"zero out max_time\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
copy = min_time;
|
||||
/* Test that we can offset by the valid minimum and maximum times. */
|
||||
if (!OPENSSL_gmtime_adj(©, 0, valid_time_range)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range "
|
||||
"failed\n");
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(©, &max_time, sizeof(max_time)) != 0) {
|
||||
fprintf(stderr, "FAIL: maximally adjusted copy didn't match "
|
||||
"max_time\n");
|
||||
hexdump((unsigned char *)&max_time, sizeof(max_time));
|
||||
hexdump((unsigned char *)©, sizeof(copy));
|
||||
goto err;
|
||||
}
|
||||
if (!OPENSSL_gmtime_adj(©, 0, -valid_time_range)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range "
|
||||
"failed\n");
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(©, &min_time, sizeof(min_time)) != 0) {
|
||||
fprintf(stderr, "FAIL: maximally adjusted copy didn't match "
|
||||
"min_time\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
* The second offset may even exceed the valid_time_range if it is
|
||||
* cancelled out by offset_day.
|
||||
*/
|
||||
if (!OPENSSL_gmtime_adj(©, -1, valid_time_range + 24 * 3600)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range "
|
||||
"failed\n");
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(©, &max_time, sizeof(max_time)) != 0) {
|
||||
fprintf(stderr, "FAIL: excess maximally adjusted copy didn't "
|
||||
"match max_time\n");
|
||||
goto err;
|
||||
}
|
||||
if (!OPENSSL_gmtime_adj(©, 1, -valid_time_range - 24 * 3600)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range "
|
||||
"failed\n");
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(©, &min_time, sizeof(min_time)) != 0) {
|
||||
fprintf(stderr, "FAIL: excess maximally adjusted copy didn't "
|
||||
"match min_time\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
copy = max_time;
|
||||
if (OPENSSL_gmtime_adj(©, INT_MAX, INT64_MAX)) {
|
||||
fprintf(stderr, "FAIL: maximal adjustments in OPENSSL_gmtime_adj"
|
||||
"didn't fail\n");
|
||||
goto err;
|
||||
}
|
||||
copy = min_time;
|
||||
if (OPENSSL_gmtime_adj(©, INT_MIN, INT64_MIN)) {
|
||||
fprintf(stderr, "FAIL: minimal adjustments in OPENSSL_gmtime_adj"
|
||||
"didn't fail\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Test we can diff between maximum time and minimum time. */
|
||||
if (!OPENSSL_gmtime_diff(&days, &secs, &max_time, &min_time)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_diff between maximum and "
|
||||
"minimum time failed\n");
|
||||
goto err;
|
||||
}
|
||||
if (!OPENSSL_gmtime_diff(&days, &secs, &min_time, &max_time)) {
|
||||
fprintf(stderr, "FAIL: OPENSSL_gmtime_diff between minimum and "
|
||||
"maximum time failed\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
||||
failed = 0;
|
||||
|
||||
err:
|
||||
return failed;
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
@ -614,5 +818,8 @@ main(int argc, char **argv)
|
||||
/* Check for a leak in ASN1_TIME_normalize(). */
|
||||
failed |= ASN1_TIME_normalize(NULL) != 0;
|
||||
|
||||
fprintf(stderr, "Time overflow tests...\n");
|
||||
failed |= asn1_time_overflow();
|
||||
|
||||
return (failed);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user