mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-03 14:40:50 +01:00
openssl: Import OpenSSL 3.0.15.
This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535]) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html
This commit is contained in:
parent
e60dbfd00b
commit
108164cf95
34
CHANGES.md
34
CHANGES.md
@ -28,6 +28,30 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
|
||||
|
||||
### Changes between 3.0.14 and 3.0.15 [3 Sep 2024]
|
||||
|
||||
* Fixed possible denial of service in X.509 name checks.
|
||||
|
||||
Applications performing certificate name checks (e.g., TLS clients checking
|
||||
server certificates) may attempt to read an invalid memory address when
|
||||
comparing the expected name with an `otherName` subject alternative name of
|
||||
an X.509 certificate. This may result in an exception that terminates the
|
||||
application program.
|
||||
|
||||
([CVE-2024-6119])
|
||||
|
||||
*Viktor Dukhovni*
|
||||
|
||||
* Fixed possible buffer overread in SSL_select_next_proto().
|
||||
|
||||
Calling the OpenSSL API function SSL_select_next_proto with an empty
|
||||
supported client protocols buffer may cause a crash or memory contents
|
||||
to be sent to the peer.
|
||||
|
||||
([CVE-2024-5535])
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
### Changes between 3.0.13 and 3.0.14 [4 Jun 2024]
|
||||
|
||||
* Fixed potential use after free after SSL_free_buffers() is called.
|
||||
@ -70,6 +94,14 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
*Tomáš Mráz*
|
||||
|
||||
* Improved EC/DSA nonce generation routines to avoid bias and timing
|
||||
side channel leaks.
|
||||
|
||||
Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis
|
||||
and Hubert Kario from Red Hat for reporting the issues.
|
||||
|
||||
*Tomáš Mráz and Paul Dale*
|
||||
|
||||
* Fixed an issue where some non-default TLS server configurations can cause
|
||||
unbounded memory growth when processing TLSv1.3 sessions. An attacker may
|
||||
exploit certain server configurations to trigger unbounded memory growth that
|
||||
@ -19890,6 +19922,8 @@ ndif
|
||||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
|
||||
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
|
||||
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
|
||||
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
|
||||
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
|
||||
|
@ -3,7 +3,7 @@ HOW TO CONTRIBUTE TO OpenSSL
|
||||
|
||||
Please visit our [Getting Started] page for other ideas about how to contribute.
|
||||
|
||||
[Getting Started]: <https://www.openssl.org/community/getting-started.html>
|
||||
[Getting Started]: <https://openssl-library.org/community/getting-started>
|
||||
|
||||
Development is done on GitHub in the [openssl/openssl] repository.
|
||||
|
||||
@ -77,8 +77,8 @@ guidelines:
|
||||
Clean builds via GitHub Actions are required. They are started automatically
|
||||
whenever a PR is created or updated by committers.
|
||||
|
||||
[coding style]: https://www.openssl.org/policies/technical/coding-style.html
|
||||
[documentation policy]: https://openssl.org/policies/technical/documentation-policy.html
|
||||
[coding style]: https://openssl-library.org/policies/technical/coding-style/
|
||||
[documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/
|
||||
|
||||
5. When at all possible, code contributions should include tests. These can
|
||||
either be added to an existing test, or completely new. Please see
|
||||
|
@ -1264,6 +1264,25 @@ my %targets = (
|
||||
AR => add("-X32"),
|
||||
RANLIB => add("-X32"),
|
||||
},
|
||||
# To enable openxl compiler for aix
|
||||
# If 17.1 openxl runtime is available, -latomic can be used
|
||||
# instead of -DBROKEN_CLANG_ATOMICS
|
||||
"aix-clang" => {
|
||||
inherit_from => [ "aix-common" ],
|
||||
CC => "ibm-clang",
|
||||
CFLAGS => picker(debug => "-O0 -g",
|
||||
release => "-O"),
|
||||
cflags => combine("-Wno-implicit-function-declaration -mcmodel=large -DBROKEN_CLANG_ATOMICS",
|
||||
threads("-pthread")),
|
||||
ex_libs => add(threads("-pthread")),
|
||||
bn_ops => "BN_LLONG RC4_CHAR",
|
||||
asm_arch => 'ppc32',
|
||||
perlasm_scheme => "aix32",
|
||||
shared_cflag => "-fpic",
|
||||
shared_ldflag => add("-shared"),
|
||||
AR => add("-X32"),
|
||||
RANLIB => add("-X32"),
|
||||
},
|
||||
"aix64-cc" => {
|
||||
inherit_from => [ "aix-common" ],
|
||||
CC => "cc",
|
||||
@ -1282,6 +1301,23 @@ my %targets = (
|
||||
AR => add("-X64"),
|
||||
RANLIB => add("-X64"),
|
||||
},
|
||||
"aix64-clang" => {
|
||||
inherit_from => [ "aix-common" ],
|
||||
CC => "ibm-clang",
|
||||
CFLAGS => picker(debug => "-O0 -g",
|
||||
release => "-O"),
|
||||
cflags => combine("-maix64 -Wno-implicit-function-declaration -mcmodel=large",
|
||||
threads("-pthread")),
|
||||
ex_libs => add(threads("-pthread")),
|
||||
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
|
||||
asm_arch => 'ppc64',
|
||||
perlasm_scheme => "aix64",
|
||||
shared_cflag => "-fpic",
|
||||
shared_ldflag => add("-shared"),
|
||||
shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)",
|
||||
AR => add("-X64"),
|
||||
RANLIB => add("-X64"),
|
||||
},
|
||||
|
||||
# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
|
||||
"BS2000-OSD" => {
|
||||
|
@ -10,7 +10,7 @@ my %targets = (
|
||||
template => 1,
|
||||
inherit_from => [ "darwin-common" ],
|
||||
sys_id => "iOS",
|
||||
disable => [ "shared", "async" ],
|
||||
disable => [ "async" ],
|
||||
},
|
||||
"ios-xcrun" => {
|
||||
inherit_from => [ "ios-common" ],
|
||||
|
10
Configure
10
Configure
@ -178,7 +178,6 @@ my @gcc_devteam_warn = qw(
|
||||
# -Wextended-offsetof -- no, needed in CMS ASN1 code
|
||||
my @clang_devteam_warn = qw(
|
||||
-Wno-unknown-warning-option
|
||||
-Wswitch-default
|
||||
-Wno-parentheses-equality
|
||||
-Wno-language-extension-token
|
||||
-Wno-extended-offsetof
|
||||
@ -1583,7 +1582,7 @@ if (!$disabled{makedepend}) {
|
||||
disable('unavailable', 'makedepend') unless $config{makedep_scheme};
|
||||
}
|
||||
|
||||
if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') {
|
||||
if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS' && !$predefined_C{_AIX}) {
|
||||
# probe for -Wa,--noexecstack option...
|
||||
if ($predefined_C{__clang__}) {
|
||||
# clang has builtin assembler, which doesn't recognize --help,
|
||||
@ -3407,6 +3406,13 @@ sub absolutedir {
|
||||
return rel2abs($dir);
|
||||
}
|
||||
|
||||
# realpath() on Windows seems to check if the directory actually exists,
|
||||
# which isn't what is wanted here. All we want to know is if a directory
|
||||
# spec is absolute, not if it exists.
|
||||
if ($^O eq "MSWin32") {
|
||||
return rel2abs($dir);
|
||||
}
|
||||
|
||||
# We use realpath() on Unix, since no other will properly clean out
|
||||
# a directory spec.
|
||||
use Cwd qw/realpath/;
|
||||
|
6
FAQ.md
6
FAQ.md
@ -1,6 +0,0 @@
|
||||
Frequently Asked Questions (FAQ)
|
||||
================================
|
||||
|
||||
The [Frequently Asked Questions][FAQ] are now maintained on the OpenSSL homepage.
|
||||
|
||||
[FAQ]: https://www.openssl.org/docs/faq.html
|
@ -1164,7 +1164,7 @@ Configure OpenSSL
|
||||
### Automatic Configuration
|
||||
|
||||
In previous version, the `config` script determined the platform type and
|
||||
compiler and then called `Configure`. Starting with this release, they are
|
||||
compiler and then called `Configure`. Starting with version 3.0, they are
|
||||
the same.
|
||||
|
||||
#### Unix / Linux / macOS
|
||||
@ -1618,7 +1618,7 @@ More about our support resources can be found in the [SUPPORT] file.
|
||||
|
||||
### Configuration Errors
|
||||
|
||||
If the `./Configure` or `./Configure` command fails with an error message,
|
||||
If the `./config` or `./Configure` command fails with an error message,
|
||||
read the error message carefully and try to figure out whether you made
|
||||
a mistake (e.g., by providing a wrong option), or whether the script is
|
||||
working incorrectly. If you think you encountered a bug, please
|
||||
|
15
NEWS.md
15
NEWS.md
@ -18,6 +18,19 @@ OpenSSL Releases
|
||||
OpenSSL 3.0
|
||||
-----------
|
||||
|
||||
### Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024]
|
||||
|
||||
OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this
|
||||
release is Moderate.
|
||||
|
||||
This release incorporates the following bug fixes and mitigations:
|
||||
|
||||
* Fixed possible denial of service in X.509 name checks
|
||||
([CVE-2024-6119])
|
||||
|
||||
* Fixed possible buffer overread in SSL_select_next_proto()
|
||||
([CVE-2024-5535])
|
||||
|
||||
### Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [4 Jun 2024]
|
||||
|
||||
* Fixed potential use after free after SSL_free_buffers() is called
|
||||
@ -1482,6 +1495,8 @@ OpenSSL 0.9.x
|
||||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
|
||||
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
|
||||
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
|
||||
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
|
||||
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
|
||||
|
@ -1,7 +1,7 @@
|
||||
MAJOR=3
|
||||
MINOR=0
|
||||
PATCH=14
|
||||
PATCH=15
|
||||
PRE_RELEASE_TAG=
|
||||
BUILD_METADATA=
|
||||
RELEASE_DATE="4 Jun 2024"
|
||||
RELEASE_DATE="3 Sep 2024"
|
||||
SHLIB_VERSION=3
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -132,7 +132,7 @@ const OPTIONS cms_options[] = {
|
||||
{"binary", OPT_BINARY, '-',
|
||||
"Treat input as binary: do not translate to canonical form"},
|
||||
{"crlfeol", OPT_CRLFEOL, '-',
|
||||
"Use CRLF as EOL termination instead of CR only" },
|
||||
"Use CRLF as EOL termination instead of LF only" },
|
||||
{"asciicrlf", OPT_ASCIICRLF, '-',
|
||||
"Perform CRLF canonicalisation when signing"},
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -478,7 +478,7 @@ int dgst_main(int argc, char **argv)
|
||||
static void show_digests(const OBJ_NAME *name, void *arg)
|
||||
{
|
||||
struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
|
||||
const EVP_MD *md = NULL;
|
||||
EVP_MD *md = NULL;
|
||||
|
||||
/* Filter out signed digests (a.k.a signature algorithms) */
|
||||
if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
|
||||
@ -490,8 +490,7 @@ static void show_digests(const OBJ_NAME *name, void *arg)
|
||||
/* Filter out message digests that we cannot use */
|
||||
md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
|
||||
if (md == NULL) {
|
||||
md = EVP_get_digestbyname(name->name);
|
||||
if (md == NULL)
|
||||
if (EVP_get_digestbyname(name->name) == NULL)
|
||||
return;
|
||||
}
|
||||
|
||||
@ -502,6 +501,8 @@ static void show_digests(const OBJ_NAME *name, void *arg)
|
||||
} else {
|
||||
BIO_printf(dec->bio, " ");
|
||||
}
|
||||
|
||||
EVP_MD_free(md);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -616,7 +616,7 @@ int opt_uintmax(const char *value, ossl_uintmax_t *result)
|
||||
opt_number_error(value);
|
||||
return 0;
|
||||
}
|
||||
*result = (ossl_intmax_t)m;
|
||||
*result = (ossl_uintmax_t)m;
|
||||
errno = oerrno;
|
||||
return 1;
|
||||
}
|
||||
|
@ -649,7 +649,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
|
||||
(void)BIO_flush(bio);
|
||||
}
|
||||
|
||||
static STRINT_PAIR tlsext_types[] = {
|
||||
static const STRINT_PAIR tlsext_types[] = {
|
||||
{"server name", TLSEXT_TYPE_server_name},
|
||||
{"max fragment length", TLSEXT_TYPE_max_fragment_length},
|
||||
{"client certificate URL", TLSEXT_TYPE_client_certificate_url},
|
||||
@ -688,6 +688,7 @@ static STRINT_PAIR tlsext_types[] = {
|
||||
{"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
|
||||
{"certificate authorities", TLSEXT_TYPE_certificate_authorities},
|
||||
{"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
|
||||
{"early_data", TLSEXT_TYPE_early_data},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -118,7 +118,7 @@ const OPTIONS smime_options[] = {
|
||||
"Do not load certificates from the default certificates store"},
|
||||
{"nochain", OPT_NOCHAIN, '-',
|
||||
"set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
|
||||
{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
|
||||
{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only"},
|
||||
|
||||
OPT_R_OPTIONS,
|
||||
OPT_V_OPTIONS,
|
||||
|
@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@ -99,11 +99,12 @@ rcon:
|
||||
.long 0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000 ?rev
|
||||
.long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev
|
||||
.long 0,0,0,0 ?asis
|
||||
.long 0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe
|
||||
Lconsts:
|
||||
mflr r0
|
||||
bcl 20,31,\$+4
|
||||
mflr $ptr #vvvvv "distance between . and rcon
|
||||
addi $ptr,$ptr,-0x48
|
||||
addi $ptr,$ptr,-0x58
|
||||
mtlr r0
|
||||
blr
|
||||
.long 0
|
||||
@ -2405,7 +2406,7 @@ ___
|
||||
my $key_=$key2;
|
||||
my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31));
|
||||
$x00=0 if ($flavour =~ /osx/);
|
||||
my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5));
|
||||
my ($in0, $in1, $in2, $in3, $in4, $in5)=map("v$_",(0..5));
|
||||
my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16));
|
||||
my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22));
|
||||
my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys
|
||||
@ -2460,6 +2461,18 @@ _aesp8_xts_encrypt6x:
|
||||
li $x70,0x70
|
||||
mtspr 256,r0
|
||||
|
||||
# Reverse eighty7 to 0x010101..87
|
||||
xxlor 2, 32+$eighty7, 32+$eighty7
|
||||
vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87
|
||||
xxlor 1, 32+$eighty7, 32+$eighty7
|
||||
|
||||
# Load XOR contents. 0xf102132435465768798a9bacbdcedfe
|
||||
mr $x70, r6
|
||||
bl Lconsts
|
||||
lxvw4x 0, $x40, r6 # load XOR contents
|
||||
mr r6, $x70
|
||||
li $x70,0x70
|
||||
|
||||
subi $rounds,$rounds,3 # -4 in total
|
||||
|
||||
lvx $rndkey0,$x00,$key1 # load key schedule
|
||||
@ -2502,69 +2515,77 @@ Load_xts_enc_key:
|
||||
?vperm v31,v31,$twk5,$keyperm
|
||||
lvx v25,$x10,$key_ # pre-load round[2]
|
||||
|
||||
# Switch to use the following codes with 0x010101..87 to generate tweak.
|
||||
# eighty7 = 0x010101..87
|
||||
# vsrab tmp, tweak, seven # next tweak value, right shift 7 bits
|
||||
# vand tmp, tmp, eighty7 # last byte with carry
|
||||
# vaddubm tweak, tweak, tweak # left shift 1 bit (x2)
|
||||
# xxlor vsx, 0, 0
|
||||
# vpermxor tweak, tweak, tmp, vsx
|
||||
|
||||
vperm $in0,$inout,$inptail,$inpperm
|
||||
subi $inp,$inp,31 # undo "caller"
|
||||
vxor $twk0,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out0,$in0,$twk0
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in1, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in1
|
||||
|
||||
lvx_u $in1,$x10,$inp
|
||||
vxor $twk1,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in1,$in1,$in1,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out1,$in1,$twk1
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in2, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in2
|
||||
|
||||
lvx_u $in2,$x20,$inp
|
||||
andi. $taillen,$len,15
|
||||
vxor $twk2,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in2,$in2,$in2,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out2,$in2,$twk2
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in3, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in3
|
||||
|
||||
lvx_u $in3,$x30,$inp
|
||||
sub $len,$len,$taillen
|
||||
vxor $twk3,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in3,$in3,$in3,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out3,$in3,$twk3
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in4, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in4
|
||||
|
||||
lvx_u $in4,$x40,$inp
|
||||
subi $len,$len,0x60
|
||||
vxor $twk4,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in4,$in4,$in4,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out4,$in4,$twk4
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in5, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in5
|
||||
|
||||
lvx_u $in5,$x50,$inp
|
||||
addi $inp,$inp,0x60
|
||||
vxor $twk5,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in5,$in5,$in5,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out5,$in5,$twk5
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in0, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in0
|
||||
|
||||
vxor v31,v31,$rndkey0
|
||||
mtctr $rounds
|
||||
@ -2590,6 +2611,8 @@ Loop_xts_enc6x:
|
||||
lvx v25,$x10,$key_ # round[4]
|
||||
bdnz Loop_xts_enc6x
|
||||
|
||||
xxlor 32+$eighty7, 1, 1 # 0x010101..87
|
||||
|
||||
subic $len,$len,96 # $len-=96
|
||||
vxor $in0,$twk0,v31 # xor with last round key
|
||||
vcipher $out0,$out0,v24
|
||||
@ -2599,7 +2622,6 @@ Loop_xts_enc6x:
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vcipher $out2,$out2,v24
|
||||
vcipher $out3,$out3,v24
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipher $out4,$out4,v24
|
||||
vcipher $out5,$out5,v24
|
||||
|
||||
@ -2607,7 +2629,8 @@ Loop_xts_enc6x:
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vcipher $out0,$out0,v25
|
||||
vcipher $out1,$out1,v25
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in1, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in1
|
||||
vcipher $out2,$out2,v25
|
||||
vcipher $out3,$out3,v25
|
||||
vxor $in1,$twk1,v31
|
||||
@ -2618,13 +2641,13 @@ Loop_xts_enc6x:
|
||||
|
||||
and r0,r0,$len
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipher $out0,$out0,v26
|
||||
vcipher $out1,$out1,v26
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vcipher $out2,$out2,v26
|
||||
vcipher $out3,$out3,v26
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in2, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in2
|
||||
vcipher $out4,$out4,v26
|
||||
vcipher $out5,$out5,v26
|
||||
|
||||
@ -2638,7 +2661,6 @@ Loop_xts_enc6x:
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vcipher $out0,$out0,v27
|
||||
vcipher $out1,$out1,v27
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipher $out2,$out2,v27
|
||||
vcipher $out3,$out3,v27
|
||||
vand $tmp,$tmp,$eighty7
|
||||
@ -2646,7 +2668,8 @@ Loop_xts_enc6x:
|
||||
vcipher $out5,$out5,v27
|
||||
|
||||
addi $key_,$sp,$FRAME+15 # rewind $key_
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in3, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in3
|
||||
vcipher $out0,$out0,v28
|
||||
vcipher $out1,$out1,v28
|
||||
vxor $in3,$twk3,v31
|
||||
@ -2655,7 +2678,6 @@ Loop_xts_enc6x:
|
||||
vcipher $out2,$out2,v28
|
||||
vcipher $out3,$out3,v28
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipher $out4,$out4,v28
|
||||
vcipher $out5,$out5,v28
|
||||
lvx v24,$x00,$key_ # re-pre-load round[1]
|
||||
@ -2663,7 +2685,8 @@ Loop_xts_enc6x:
|
||||
|
||||
vcipher $out0,$out0,v29
|
||||
vcipher $out1,$out1,v29
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in4, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in4
|
||||
vcipher $out2,$out2,v29
|
||||
vcipher $out3,$out3,v29
|
||||
vxor $in4,$twk4,v31
|
||||
@ -2673,14 +2696,14 @@ Loop_xts_enc6x:
|
||||
vcipher $out5,$out5,v29
|
||||
lvx v25,$x10,$key_ # re-pre-load round[2]
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
|
||||
vcipher $out0,$out0,v30
|
||||
vcipher $out1,$out1,v30
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vcipher $out2,$out2,v30
|
||||
vcipher $out3,$out3,v30
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in5, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in5
|
||||
vcipher $out4,$out4,v30
|
||||
vcipher $out5,$out5,v30
|
||||
vxor $in5,$twk5,v31
|
||||
@ -2690,7 +2713,6 @@ Loop_xts_enc6x:
|
||||
vcipherlast $out0,$out0,$in0
|
||||
lvx_u $in0,$x00,$inp # load next input block
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vcipherlast $out1,$out1,$in1
|
||||
lvx_u $in1,$x10,$inp
|
||||
vcipherlast $out2,$out2,$in2
|
||||
@ -2703,7 +2725,10 @@ Loop_xts_enc6x:
|
||||
vcipherlast $out4,$out4,$in4
|
||||
le?vperm $in2,$in2,$in2,$leperm
|
||||
lvx_u $in4,$x40,$inp
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 10, 32+$in0, 32+$in0
|
||||
xxlor 32+$in0, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in0
|
||||
xxlor 32+$in0, 10, 10
|
||||
vcipherlast $tmp,$out5,$in5 # last block might be needed
|
||||
# in stealing mode
|
||||
le?vperm $in3,$in3,$in3,$leperm
|
||||
@ -2736,6 +2761,8 @@ Loop_xts_enc6x:
|
||||
mtctr $rounds
|
||||
beq Loop_xts_enc6x # did $len-=96 borrow?
|
||||
|
||||
xxlor 32+$eighty7, 2, 2 # 0x870101..01
|
||||
|
||||
addic. $len,$len,0x60
|
||||
beq Lxts_enc6x_zero
|
||||
cmpwi $len,0x20
|
||||
@ -3112,6 +3139,18 @@ _aesp8_xts_decrypt6x:
|
||||
li $x70,0x70
|
||||
mtspr 256,r0
|
||||
|
||||
# Reverse eighty7 to 0x010101..87
|
||||
xxlor 2, 32+$eighty7, 32+$eighty7
|
||||
vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87
|
||||
xxlor 1, 32+$eighty7, 32+$eighty7
|
||||
|
||||
# Load XOR contents. 0xf102132435465768798a9bacbdcedfe
|
||||
mr $x70, r6
|
||||
bl Lconsts
|
||||
lxvw4x 0, $x40, r6 # load XOR contents
|
||||
mr r6, $x70
|
||||
li $x70,0x70
|
||||
|
||||
subi $rounds,$rounds,3 # -4 in total
|
||||
|
||||
lvx $rndkey0,$x00,$key1 # load key schedule
|
||||
@ -3159,64 +3198,64 @@ Load_xts_dec_key:
|
||||
vxor $twk0,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out0,$in0,$twk0
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in1, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in1
|
||||
|
||||
lvx_u $in1,$x10,$inp
|
||||
vxor $twk1,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in1,$in1,$in1,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out1,$in1,$twk1
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in2, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in2
|
||||
|
||||
lvx_u $in2,$x20,$inp
|
||||
andi. $taillen,$len,15
|
||||
vxor $twk2,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in2,$in2,$in2,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out2,$in2,$twk2
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in3, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in3
|
||||
|
||||
lvx_u $in3,$x30,$inp
|
||||
sub $len,$len,$taillen
|
||||
vxor $twk3,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in3,$in3,$in3,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out3,$in3,$twk3
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in4, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in4
|
||||
|
||||
lvx_u $in4,$x40,$inp
|
||||
subi $len,$len,0x60
|
||||
vxor $twk4,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in4,$in4,$in4,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out4,$in4,$twk4
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in5, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in5
|
||||
|
||||
lvx_u $in5,$x50,$inp
|
||||
addi $inp,$inp,0x60
|
||||
vxor $twk5,$tweak,$rndkey0
|
||||
vsrab $tmp,$tweak,$seven # next tweak value
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
le?vperm $in5,$in5,$in5,$leperm
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vxor $out5,$in5,$twk5
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in0, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in0
|
||||
|
||||
vxor v31,v31,$rndkey0
|
||||
mtctr $rounds
|
||||
@ -3242,6 +3281,8 @@ Loop_xts_dec6x:
|
||||
lvx v25,$x10,$key_ # round[4]
|
||||
bdnz Loop_xts_dec6x
|
||||
|
||||
xxlor 32+$eighty7, 1, 1
|
||||
|
||||
subic $len,$len,96 # $len-=96
|
||||
vxor $in0,$twk0,v31 # xor with last round key
|
||||
vncipher $out0,$out0,v24
|
||||
@ -3251,7 +3292,6 @@ Loop_xts_dec6x:
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vncipher $out2,$out2,v24
|
||||
vncipher $out3,$out3,v24
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipher $out4,$out4,v24
|
||||
vncipher $out5,$out5,v24
|
||||
|
||||
@ -3259,7 +3299,8 @@ Loop_xts_dec6x:
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vncipher $out0,$out0,v25
|
||||
vncipher $out1,$out1,v25
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in1, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in1
|
||||
vncipher $out2,$out2,v25
|
||||
vncipher $out3,$out3,v25
|
||||
vxor $in1,$twk1,v31
|
||||
@ -3270,13 +3311,13 @@ Loop_xts_dec6x:
|
||||
|
||||
and r0,r0,$len
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipher $out0,$out0,v26
|
||||
vncipher $out1,$out1,v26
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vncipher $out2,$out2,v26
|
||||
vncipher $out3,$out3,v26
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in2, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in2
|
||||
vncipher $out4,$out4,v26
|
||||
vncipher $out5,$out5,v26
|
||||
|
||||
@ -3290,7 +3331,6 @@ Loop_xts_dec6x:
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vncipher $out0,$out0,v27
|
||||
vncipher $out1,$out1,v27
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipher $out2,$out2,v27
|
||||
vncipher $out3,$out3,v27
|
||||
vand $tmp,$tmp,$eighty7
|
||||
@ -3298,7 +3338,8 @@ Loop_xts_dec6x:
|
||||
vncipher $out5,$out5,v27
|
||||
|
||||
addi $key_,$sp,$FRAME+15 # rewind $key_
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in3, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in3
|
||||
vncipher $out0,$out0,v28
|
||||
vncipher $out1,$out1,v28
|
||||
vxor $in3,$twk3,v31
|
||||
@ -3307,7 +3348,6 @@ Loop_xts_dec6x:
|
||||
vncipher $out2,$out2,v28
|
||||
vncipher $out3,$out3,v28
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipher $out4,$out4,v28
|
||||
vncipher $out5,$out5,v28
|
||||
lvx v24,$x00,$key_ # re-pre-load round[1]
|
||||
@ -3315,7 +3355,8 @@ Loop_xts_dec6x:
|
||||
|
||||
vncipher $out0,$out0,v29
|
||||
vncipher $out1,$out1,v29
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in4, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in4
|
||||
vncipher $out2,$out2,v29
|
||||
vncipher $out3,$out3,v29
|
||||
vxor $in4,$twk4,v31
|
||||
@ -3325,14 +3366,14 @@ Loop_xts_dec6x:
|
||||
vncipher $out5,$out5,v29
|
||||
lvx v25,$x10,$key_ # re-pre-load round[2]
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
|
||||
vncipher $out0,$out0,v30
|
||||
vncipher $out1,$out1,v30
|
||||
vand $tmp,$tmp,$eighty7
|
||||
vncipher $out2,$out2,v30
|
||||
vncipher $out3,$out3,v30
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 32+$in5, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in5
|
||||
vncipher $out4,$out4,v30
|
||||
vncipher $out5,$out5,v30
|
||||
vxor $in5,$twk5,v31
|
||||
@ -3342,7 +3383,6 @@ Loop_xts_dec6x:
|
||||
vncipherlast $out0,$out0,$in0
|
||||
lvx_u $in0,$x00,$inp # load next input block
|
||||
vaddubm $tweak,$tweak,$tweak
|
||||
vsldoi $tmp,$tmp,$tmp,15
|
||||
vncipherlast $out1,$out1,$in1
|
||||
lvx_u $in1,$x10,$inp
|
||||
vncipherlast $out2,$out2,$in2
|
||||
@ -3355,7 +3395,10 @@ Loop_xts_dec6x:
|
||||
vncipherlast $out4,$out4,$in4
|
||||
le?vperm $in2,$in2,$in2,$leperm
|
||||
lvx_u $in4,$x40,$inp
|
||||
vxor $tweak,$tweak,$tmp
|
||||
xxlor 10, 32+$in0, 32+$in0
|
||||
xxlor 32+$in0, 0, 0
|
||||
vpermxor $tweak, $tweak, $tmp, $in0
|
||||
xxlor 32+$in0, 10, 10
|
||||
vncipherlast $out5,$out5,$in5
|
||||
le?vperm $in3,$in3,$in3,$leperm
|
||||
lvx_u $in5,$x50,$inp
|
||||
@ -3386,6 +3429,8 @@ Loop_xts_dec6x:
|
||||
mtctr $rounds
|
||||
beq Loop_xts_dec6x # did $len-=96 borrow?
|
||||
|
||||
xxlor 32+$eighty7, 2, 2
|
||||
|
||||
addic. $len,$len,0x60
|
||||
beq Lxts_dec6x_zero
|
||||
cmpwi $len,0x20
|
||||
|
@ -38,7 +38,11 @@ IF[{- !$disabled{asm} -}]
|
||||
$AESASM_parisc20_64=$AESASM_parisc11
|
||||
$AESDEF_parisc20_64=$AESDEF_parisc11
|
||||
|
||||
IF[{- $target{sys_id} ne "MACOSX" -}]
|
||||
$AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s
|
||||
ELSE
|
||||
$AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s
|
||||
ENDIF
|
||||
$AESDEF_ppc32=AES_ASM VPAES_ASM
|
||||
$AESASM_ppc64=$AESASM_ppc32
|
||||
$AESDEF_ppc64=$AESDEF_ppc32
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -148,6 +148,9 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
goto err;
|
||||
}
|
||||
len += i;
|
||||
if ((size_t)i < want)
|
||||
continue;
|
||||
|
||||
}
|
||||
}
|
||||
/* else data already loaded */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -139,9 +139,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
||||
if (*out) {
|
||||
free_out = 0;
|
||||
dest = *out;
|
||||
OPENSSL_free(dest->data);
|
||||
dest->data = NULL;
|
||||
dest->length = 0;
|
||||
ASN1_STRING_set0(dest, NULL, 0);
|
||||
dest->type = str_type;
|
||||
} else {
|
||||
free_out = 1;
|
||||
@ -155,6 +153,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
||||
/* If both the same type just copy across */
|
||||
if (inform == outform) {
|
||||
if (!ASN1_STRING_set(dest, in, len)) {
|
||||
if (free_out) {
|
||||
ASN1_STRING_free(dest);
|
||||
*out = NULL;
|
||||
}
|
||||
ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
@ -185,8 +187,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
||||
break;
|
||||
}
|
||||
if ((p = OPENSSL_malloc(outlen + 1)) == NULL) {
|
||||
if (free_out)
|
||||
if (free_out) {
|
||||
ASN1_STRING_free(dest);
|
||||
*out = NULL;
|
||||
}
|
||||
ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -10,6 +10,7 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "internal/sizes.h"
|
||||
#include "crypto/asn1.h"
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/x509.h>
|
||||
@ -345,8 +346,10 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
|
||||
|
||||
if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
|
||||
const char *tagname;
|
||||
|
||||
tagname = ASN1_tag2str(type);
|
||||
outlen += strlen(tagname);
|
||||
/* We can directly cast here as tagname will never be too large. */
|
||||
outlen += (int)strlen(tagname);
|
||||
if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
|
||||
return -1;
|
||||
outlen++;
|
||||
@ -372,7 +375,7 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
|
||||
|
||||
if (type == -1) {
|
||||
len = do_dump(lflags, io_ch, arg, str);
|
||||
if (len < 0)
|
||||
if (len < 0 || len > INT_MAX - outlen)
|
||||
return -1;
|
||||
outlen += len;
|
||||
return outlen;
|
||||
@ -391,7 +394,7 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
|
||||
}
|
||||
|
||||
len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL);
|
||||
if (len < 0)
|
||||
if (len < 0 || len > INT_MAX - 2 - outlen)
|
||||
return -1;
|
||||
outlen += len;
|
||||
if (quotes)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -203,10 +203,12 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
|
||||
inl = ASN1_item_i2d(data, &buf_in, it);
|
||||
if (inl <= 0) {
|
||||
ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
if (buf_in == NULL) {
|
||||
ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
inll = inl;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -85,8 +85,12 @@ void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed
|
||||
|
||||
case ASN1_ITYPE_NDEF_SEQUENCE:
|
||||
case ASN1_ITYPE_SEQUENCE:
|
||||
if (ossl_asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
|
||||
if (ossl_asn1_do_lock(pval, -1, it) != 0) {
|
||||
/* if error or ref-counter > 0 */
|
||||
OPENSSL_assert(embed == 0);
|
||||
*pval = NULL;
|
||||
return;
|
||||
}
|
||||
if (asn1_cb) {
|
||||
i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
|
||||
if (i == 2)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -222,10 +222,13 @@ static int readbuffer_gets(BIO *b, char *buf, int size)
|
||||
char *p;
|
||||
int i, j;
|
||||
|
||||
if (size == 0)
|
||||
if (buf == NULL || size == 0)
|
||||
return 0;
|
||||
--size; /* the passed in size includes the terminator - so remove it here */
|
||||
ctx = (BIO_F_BUFFER_CTX *)b->ptr;
|
||||
|
||||
if (ctx == NULL || b->next_bio == NULL)
|
||||
return 0;
|
||||
BIO_clear_retry_flags(b);
|
||||
|
||||
/* If data is already buffered then use this first */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -778,14 +778,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
|
||||
|
||||
if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
|
||||
ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
|
||||
ret = 0;
|
||||
goto err;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!CRYPTO_THREAD_write_lock(bio_lookup_lock)) {
|
||||
ret = 0;
|
||||
goto err;
|
||||
}
|
||||
if (!CRYPTO_THREAD_write_lock(bio_lookup_lock))
|
||||
return 0;
|
||||
|
||||
he_fallback_address = INADDR_ANY;
|
||||
if (host == NULL) {
|
||||
he = &he_fallback;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2020
|
||||
* Copyright Siemens AG 2015-2020
|
||||
*
|
||||
@ -619,7 +619,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
|
||||
default:
|
||||
scrt = ctx->srvCert;
|
||||
if (scrt == NULL) {
|
||||
if (ctx->trusted == NULL) {
|
||||
if (ctx->trusted == NULL && ctx->secretValue != NULL) {
|
||||
ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
|
||||
return 0;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -332,7 +332,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
||||
|
||||
v = NULL;
|
||||
/* check for line continuation */
|
||||
if (bufnum >= 1) {
|
||||
if (!again && bufnum >= 1) {
|
||||
/*
|
||||
* If we have bytes and the last char '\\' and second last char
|
||||
* is not '\\'
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -464,6 +464,9 @@ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
|
||||
|
||||
void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
|
||||
{
|
||||
if (settings == NULL)
|
||||
return;
|
||||
|
||||
free(settings->filename);
|
||||
free(settings->appname);
|
||||
free(settings);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -38,6 +38,8 @@ void OPENSSL_config(const char *appname)
|
||||
settings.appname = strdup(appname);
|
||||
settings.flags = DEFAULT_CONF_MFLAGS;
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
|
||||
|
||||
free(settings.appname);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -240,7 +240,7 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file)
|
||||
|
||||
void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx)
|
||||
{
|
||||
if (ossl_lib_ctx_is_default(ctx))
|
||||
if (ctx == NULL || ossl_lib_ctx_is_default(ctx))
|
||||
return;
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
|
@ -130,7 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
|
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
order = EC_GROUP_get0_order(group);
|
||||
|
||||
if ((order = EC_GROUP_get0_order(group)) == NULL) {
|
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Preallocate space */
|
||||
order_bits = BN_num_bits(order);
|
||||
@ -255,7 +259,11 @@ ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
||||
goto err;
|
||||
}
|
||||
|
||||
order = EC_GROUP_get0_order(group);
|
||||
if ((order = EC_GROUP_get0_order(group)) == NULL) {
|
||||
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
i = BN_num_bits(order);
|
||||
/*
|
||||
* Need to truncate digest if it is too long: first truncate whole bytes.
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -215,9 +215,11 @@ ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid,
|
||||
f, l, nid);
|
||||
return NULL;
|
||||
}
|
||||
ERR_set_mark();
|
||||
|
||||
if (!CRYPTO_THREAD_write_lock(global_engine_lock))
|
||||
goto end;
|
||||
return NULL;
|
||||
|
||||
ERR_set_mark();
|
||||
/*
|
||||
* Check again inside the lock otherwise we could race against cleanup
|
||||
* operations. But don't worry about a debug printout
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -2777,7 +2777,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
|
||||
fixup_args_fn *fixup = default_fixup_args;
|
||||
int ret;
|
||||
|
||||
tmpl.action_type = action_type;
|
||||
ctx.action_type = tmpl.action_type = action_type;
|
||||
tmpl.keytype1 = tmpl.keytype2 = keytype;
|
||||
tmpl.optype = optype;
|
||||
tmpl.param_key = params->key;
|
||||
@ -2786,7 +2786,6 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
|
||||
if (translation != NULL) {
|
||||
if (translation->fixup_args != NULL)
|
||||
fixup = translation->fixup_args;
|
||||
ctx.action_type = translation->action_type;
|
||||
ctx.ctrl_cmd = translation->ctrl_num;
|
||||
}
|
||||
ctx.pctx = pctx;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -409,7 +409,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||
|
||||
/* Code below to be removed when legacy support is dropped. */
|
||||
legacy:
|
||||
return ctx->update(ctx, data, count);
|
||||
return ctx->update != NULL ? ctx->update(ctx, data, count) : 0;
|
||||
}
|
||||
|
||||
/* The caller can assume that this removes any secret data from the context */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -78,6 +78,7 @@ const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx,
|
||||
const EVP_CIPHER *cp;
|
||||
OSSL_NAMEMAP *namemap;
|
||||
int id;
|
||||
int do_retry = 1;
|
||||
|
||||
if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL))
|
||||
return NULL;
|
||||
@ -94,9 +95,21 @@ const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx,
|
||||
*/
|
||||
|
||||
namemap = ossl_namemap_stored(libctx);
|
||||
retry:
|
||||
id = ossl_namemap_name2num(namemap, name);
|
||||
if (id == 0)
|
||||
return NULL;
|
||||
if (id == 0) {
|
||||
EVP_CIPHER *fetched_cipher;
|
||||
|
||||
/* Try to fetch it because the name might not be known yet. */
|
||||
if (!do_retry)
|
||||
return NULL;
|
||||
do_retry = 0;
|
||||
ERR_set_mark();
|
||||
fetched_cipher = EVP_CIPHER_fetch(libctx, name, NULL);
|
||||
EVP_CIPHER_free(fetched_cipher);
|
||||
ERR_pop_to_mark();
|
||||
goto retry;
|
||||
}
|
||||
|
||||
if (!ossl_namemap_doall_names(namemap, id, cipher_from_name, &cp))
|
||||
return NULL;
|
||||
@ -124,6 +137,7 @@ const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, const char *name)
|
||||
const EVP_MD *dp;
|
||||
OSSL_NAMEMAP *namemap;
|
||||
int id;
|
||||
int do_retry = 1;
|
||||
|
||||
if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL))
|
||||
return NULL;
|
||||
@ -140,9 +154,21 @@ const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, const char *name)
|
||||
*/
|
||||
|
||||
namemap = ossl_namemap_stored(libctx);
|
||||
retry:
|
||||
id = ossl_namemap_name2num(namemap, name);
|
||||
if (id == 0)
|
||||
return NULL;
|
||||
if (id == 0) {
|
||||
EVP_MD *fetched_md;
|
||||
|
||||
/* Try to fetch it because the name might not be known yet. */
|
||||
if (!do_retry)
|
||||
return NULL;
|
||||
do_retry = 0;
|
||||
ERR_set_mark();
|
||||
fetched_md = EVP_MD_fetch(libctx, name, NULL);
|
||||
EVP_MD_free(fetched_md);
|
||||
ERR_pop_to_mark();
|
||||
goto retry;
|
||||
}
|
||||
|
||||
if (!ossl_namemap_doall_names(namemap, id, digest_from_name, &dp))
|
||||
return NULL;
|
||||
|
@ -1034,6 +1034,7 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
|
||||
int datalen)
|
||||
{
|
||||
OSSL_PARAM os_params[2];
|
||||
const OSSL_PARAM *gettables;
|
||||
unsigned char *info = NULL;
|
||||
size_t info_len = 0;
|
||||
size_t info_alloc = 0;
|
||||
@ -1057,6 +1058,12 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Check for older provider that doesn't support getting this parameter */
|
||||
gettables = EVP_PKEY_CTX_gettable_params(ctx);
|
||||
if (gettables == NULL || OSSL_PARAM_locate_const(gettables, param) == NULL)
|
||||
return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl,
|
||||
data, datalen);
|
||||
|
||||
/* Get the original value length */
|
||||
os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0);
|
||||
os_params[1] = OSSL_PARAM_construct_end();
|
||||
@ -1064,9 +1071,9 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
|
||||
if (!EVP_PKEY_CTX_get_params(ctx, os_params))
|
||||
return 0;
|
||||
|
||||
/* Older provider that doesn't support getting this parameter */
|
||||
/* This should not happen but check to be sure. */
|
||||
if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED)
|
||||
return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen);
|
||||
return 0;
|
||||
|
||||
info_alloc = os_params[0].return_size + datalen;
|
||||
if (info_alloc == 0)
|
||||
|
@ -229,12 +229,14 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
|
||||
int has_sep = (sep != CH_ZERO);
|
||||
size_t len = has_sep ? buflen * 3 : 1 + buflen * 2;
|
||||
|
||||
if (len == 0)
|
||||
++len;
|
||||
if (strlength != NULL)
|
||||
*strlength = len;
|
||||
if (str == NULL)
|
||||
return 1;
|
||||
|
||||
if (str_n < (unsigned long)len) {
|
||||
if (str_n < len) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER);
|
||||
return 0;
|
||||
}
|
||||
@ -246,7 +248,7 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
|
||||
if (has_sep)
|
||||
*q++ = sep;
|
||||
}
|
||||
if (has_sep)
|
||||
if (has_sep && buflen > 0)
|
||||
--q;
|
||||
*q = CH_ZERO;
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -213,16 +213,19 @@ PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags,
|
||||
if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
|
||||
goto err;
|
||||
if (nid_key != -1) {
|
||||
/* This call does not take ownership of p8 */
|
||||
bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0,
|
||||
iter, p8, ctx, propq);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
} else
|
||||
} else {
|
||||
bag = PKCS12_SAFEBAG_create0_p8inf(p8);
|
||||
if (bag != NULL)
|
||||
p8 = NULL; /* bag takes ownership of p8 */
|
||||
}
|
||||
/* This does not need to be in the error path */
|
||||
if (p8 != NULL)
|
||||
PKCS8_PRIV_KEY_INFO_free(p8);
|
||||
|
||||
if (!bag)
|
||||
goto err;
|
||||
|
||||
if (!pkcs12_add_bag(pbags, bag))
|
||||
if (bag == NULL || !pkcs12_add_bag(pbags, bag))
|
||||
goto err;
|
||||
|
||||
return bag;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -1239,36 +1239,29 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
|
||||
void *value)
|
||||
{
|
||||
X509_ATTRIBUTE *attr = NULL;
|
||||
int i, n;
|
||||
|
||||
if (*sk == NULL) {
|
||||
if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
|
||||
return 0;
|
||||
new_attrib:
|
||||
if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL)
|
||||
return 0;
|
||||
if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
|
||||
X509_ATTRIBUTE_free(attr);
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
int i;
|
||||
|
||||
for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
|
||||
attr = sk_X509_ATTRIBUTE_value(*sk, i);
|
||||
if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
|
||||
X509_ATTRIBUTE_free(attr);
|
||||
attr = X509_ATTRIBUTE_create(nid, atrtype, value);
|
||||
if (attr == NULL)
|
||||
return 0;
|
||||
if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
|
||||
X509_ATTRIBUTE_free(attr);
|
||||
return 0;
|
||||
}
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
goto new_attrib;
|
||||
}
|
||||
n = sk_X509_ATTRIBUTE_num(*sk);
|
||||
for (i = 0; i < n; i++) {
|
||||
attr = sk_X509_ATTRIBUTE_value(*sk, i);
|
||||
if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid)
|
||||
goto end;
|
||||
}
|
||||
if (!sk_X509_ATTRIBUTE_push(*sk, NULL))
|
||||
return 0;
|
||||
|
||||
end:
|
||||
attr = X509_ATTRIBUTE_create(nid, atrtype, value);
|
||||
if (attr == NULL) {
|
||||
if (i == n)
|
||||
sk_X509_ATTRIBUTE_pop(*sk);
|
||||
return 0;
|
||||
}
|
||||
X509_ATTRIBUTE_free(sk_X509_ATTRIBUTE_value(*sk, i));
|
||||
(void) sk_X509_ATTRIBUTE_set(*sk, i, attr);
|
||||
return 1;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@ -95,6 +95,8 @@ typedef struct {
|
||||
|
||||
DEFINE_SPARSE_ARRAY_OF(ALGORITHM);
|
||||
|
||||
DEFINE_STACK_OF(ALGORITHM)
|
||||
|
||||
typedef struct ossl_global_properties_st {
|
||||
OSSL_PROPERTY_LIST *list;
|
||||
#ifndef FIPS_MODULE
|
||||
@ -469,33 +471,45 @@ static void alg_do_one(ALGORITHM *alg, IMPLEMENTATION *impl,
|
||||
fn(alg->nid, impl->method.method, fnarg);
|
||||
}
|
||||
|
||||
struct alg_do_each_data_st {
|
||||
void (*fn)(int id, void *method, void *fnarg);
|
||||
void *fnarg;
|
||||
};
|
||||
|
||||
static void alg_do_each(ossl_uintmax_t idx, ALGORITHM *alg, void *arg)
|
||||
static void alg_copy(ossl_uintmax_t idx, ALGORITHM *alg, void *arg)
|
||||
{
|
||||
struct alg_do_each_data_st *data = arg;
|
||||
int i, end = sk_IMPLEMENTATION_num(alg->impls);
|
||||
STACK_OF(ALGORITHM) *newalg = arg;
|
||||
|
||||
for (i = 0; i < end; i++) {
|
||||
IMPLEMENTATION *impl = sk_IMPLEMENTATION_value(alg->impls, i);
|
||||
|
||||
alg_do_one(alg, impl, data->fn, data->fnarg);
|
||||
}
|
||||
(void)sk_ALGORITHM_push(newalg, alg);
|
||||
}
|
||||
|
||||
void ossl_method_store_do_all(OSSL_METHOD_STORE *store,
|
||||
void (*fn)(int id, void *method, void *fnarg),
|
||||
void *fnarg)
|
||||
{
|
||||
struct alg_do_each_data_st data;
|
||||
int i, j;
|
||||
int numalgs, numimps;
|
||||
STACK_OF(ALGORITHM) *tmpalgs;
|
||||
ALGORITHM *alg;
|
||||
|
||||
data.fn = fn;
|
||||
data.fnarg = fnarg;
|
||||
if (store != NULL)
|
||||
ossl_sa_ALGORITHM_doall_arg(store->algs, alg_do_each, &data);
|
||||
if (store != NULL) {
|
||||
|
||||
if (!ossl_property_read_lock(store))
|
||||
return;
|
||||
|
||||
tmpalgs = sk_ALGORITHM_new_reserve(NULL,
|
||||
ossl_sa_ALGORITHM_num(store->algs));
|
||||
if (tmpalgs == NULL) {
|
||||
ossl_property_unlock(store);
|
||||
return;
|
||||
}
|
||||
|
||||
ossl_sa_ALGORITHM_doall_arg(store->algs, alg_copy, tmpalgs);
|
||||
ossl_property_unlock(store);
|
||||
numalgs = sk_ALGORITHM_num(tmpalgs);
|
||||
for (i = 0; i < numalgs; i++) {
|
||||
alg = sk_ALGORITHM_value(tmpalgs, i);
|
||||
numimps = sk_IMPLEMENTATION_num(alg->impls);
|
||||
for (j = 0; j < numimps; j++)
|
||||
alg_do_one(alg, sk_IMPLEMENTATION_value(alg->impls, j), fn, fnarg);
|
||||
}
|
||||
sk_ALGORITHM_free(tmpalgs);
|
||||
}
|
||||
}
|
||||
|
||||
int ossl_method_store_fetch(OSSL_METHOD_STORE *store,
|
||||
@ -651,10 +665,13 @@ static void impl_cache_flush_one_alg(ossl_uintmax_t idx, ALGORITHM *alg,
|
||||
void *v)
|
||||
{
|
||||
IMPL_CACHE_FLUSH *state = (IMPL_CACHE_FLUSH *)v;
|
||||
unsigned long orig_down_load = lh_QUERY_get_down_load(alg->cache);
|
||||
|
||||
state->cache = alg->cache;
|
||||
lh_QUERY_set_down_load(alg->cache, 0);
|
||||
lh_QUERY_doall_IMPL_CACHE_FLUSH(state->cache, &impl_cache_flush_cache,
|
||||
state);
|
||||
lh_QUERY_set_down_load(alg->cache, orig_down_load);
|
||||
}
|
||||
|
||||
static void ossl_method_cache_flush_some(OSSL_METHOD_STORE *store)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -16,6 +16,7 @@
|
||||
# include <sys/stat.h>
|
||||
#endif
|
||||
|
||||
#include "e_os.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
#include <errno.h>
|
||||
@ -208,8 +209,16 @@ int RAND_write_file(const char *file)
|
||||
* should be restrictive from the start
|
||||
*/
|
||||
int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
|
||||
if (fd != -1)
|
||||
|
||||
if (fd != -1) {
|
||||
out = fdopen(fd, "wb");
|
||||
if (out == NULL) {
|
||||
close(fd);
|
||||
ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE,
|
||||
"Filename=%s", file);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -186,7 +186,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
|
||||
mdlen = EVP_MD_get_size(md);
|
||||
|
||||
if (tlen <= 0 || flen <= 0)
|
||||
if (tlen <= 0 || flen <= 0 || mdlen <= 0)
|
||||
return -1;
|
||||
/*
|
||||
* |num| is the length of the modulus; |flen| is the length of the
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -476,8 +476,8 @@ static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
|
||||
v = sk_ASN1_VALUE_value(intname, i);
|
||||
ltmp = ASN1_item_ex_i2d(&v, in,
|
||||
ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
|
||||
if (ltmp < 0)
|
||||
return ltmp;
|
||||
if (ltmp < 0 || len > INT_MAX - ltmp)
|
||||
return -1;
|
||||
len += ltmp;
|
||||
}
|
||||
return len;
|
||||
|
@ -89,7 +89,7 @@ was kind enough, your certificate is a raw DER thing in PEM format.
|
||||
Your key most definitely is if you have followed the examples above.
|
||||
However, some (most?) certificate authorities will encode them with
|
||||
things like PKCS7 or PKCS12, or something else. Depending on your
|
||||
applications, this may be perfectly OK, it all depends on what they
|
||||
applications, this may be perfectly OK. It all depends on what they
|
||||
know how to decode. If not, there are a number of OpenSSL tools to
|
||||
convert between some (most?) formats.
|
||||
|
||||
|
@ -12,9 +12,6 @@ in the file named openssl-1.0.1h.tar.gz.asc.
|
||||
The following is the list of fingerprints for the keys that are
|
||||
currently in use to sign OpenSSL distributions:
|
||||
|
||||
OpenSSL OMC:
|
||||
EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5
|
||||
|
||||
OpenSSL:
|
||||
BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF
|
||||
|
||||
|
@ -97,13 +97,19 @@ Base64 process the data. This means that if encryption is taking place
|
||||
the data is base64 encoded after encryption. If decryption is set then
|
||||
the input data is base64 decoded before being decrypted.
|
||||
|
||||
When the B<-A> option not given,
|
||||
on encoding a newline is inserted after each 64 characters, and
|
||||
on decoding a newline is expected among the first 1024 bytes of input.
|
||||
|
||||
=item B<-base64>
|
||||
|
||||
Same as B<-a>
|
||||
|
||||
=item B<-A>
|
||||
|
||||
If the B<-a> option is set then base64 process the data on one line.
|
||||
If the B<-a> option is set then base64 encoding produces output without any
|
||||
newline character, and base64 decoding does not require any newlines.
|
||||
Therefore it can be helpful to use the B<-A> option when decoding unknown input.
|
||||
|
||||
=item B<-k> I<password>
|
||||
|
||||
@ -434,6 +440,9 @@ Base64 decode a file then decrypt it using a password supplied in a file:
|
||||
=head1 BUGS
|
||||
|
||||
The B<-A> option when used with large files doesn't work properly.
|
||||
On the other hand, when base64 decoding without the B<-A> option,
|
||||
if the first 1024 bytes of input do not include a newline character
|
||||
the first two lines of input are ignored.
|
||||
|
||||
The B<openssl enc> command only supports a fixed number of algorithms with
|
||||
certain parameters. So if, for example, you want to use RC2 with a
|
||||
@ -449,7 +458,7 @@ The B<-ciphers> and B<-engine> options were deprecated in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -46,26 +46,32 @@ the environment of other processes is visible on certain platforms
|
||||
|
||||
=item B<file:>I<pathname>
|
||||
|
||||
The first line of I<pathname> is the password. If the same I<pathname>
|
||||
argument is supplied to B<-passin> and B<-passout> arguments then the first
|
||||
line will be used for the input password and the next line for the output
|
||||
password. I<pathname> need not refer to a regular file: it could for example
|
||||
refer to a device or named pipe.
|
||||
Reads the password from the specified file I<pathname>, which can be a regular
|
||||
file, device, or named pipe. Only the first line, up to the newline character,
|
||||
is read from the stream.
|
||||
|
||||
If the same I<pathname> argument is supplied to both B<-passin> and B<-passout>
|
||||
arguments, the first line will be used for the input password, and the next
|
||||
line will be used for the output password.
|
||||
|
||||
=item B<fd:>I<number>
|
||||
|
||||
Read the password from the file descriptor I<number>. This can be used to
|
||||
send the data via a pipe for example.
|
||||
Reads the password from the file descriptor I<number>. This can be useful for
|
||||
sending data via a pipe, for example. The same line handling as described for
|
||||
B<file:> applies to passwords read from file descriptors.
|
||||
|
||||
B<fd:> is not supported on Windows.
|
||||
|
||||
=item B<stdin>
|
||||
|
||||
Read the password from standard input.
|
||||
Reads the password from standard input. The same line handling as described for
|
||||
B<file:> applies to passwords read from standard input.
|
||||
|
||||
=back
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -616,7 +616,11 @@ For example strings, see L<SSL_CTX_set1_sigalgs(3)>
|
||||
=item B<-curves> I<curvelist>
|
||||
|
||||
Specifies the list of supported curves to be sent by the client. The curve is
|
||||
ultimately selected by the server. For a list of all curves, use:
|
||||
ultimately selected by the server.
|
||||
|
||||
The list of all supported groups includes named EC parameters as well as X25519
|
||||
and X448 or FFDHE groups, and may also include groups implemented in 3rd-party
|
||||
providers. For a list of named EC parameters, use:
|
||||
|
||||
$ openssl ecparam -list_curves
|
||||
|
||||
@ -910,7 +914,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -641,7 +641,10 @@ Signature algorithms to support for client certificate authentication
|
||||
=item B<-named_curve> I<val>
|
||||
|
||||
Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
|
||||
For a list of all possible curves, use:
|
||||
|
||||
The list of all supported groups includes named EC parameters as well as X25519
|
||||
and X448 or FFDHE groups, and may also include groups implemented in 3rd-party
|
||||
providers. For a list of named EC parameters, use:
|
||||
|
||||
$ openssl ecparam -list_curves
|
||||
|
||||
@ -930,7 +933,7 @@ option were deprecated in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -430,7 +430,7 @@ This option may be used multiple times.
|
||||
=item B<-policy> I<arg>
|
||||
|
||||
Enable policy processing and add I<arg> to the user-initial-policy-set (see
|
||||
RFC5280). The policy I<arg> can be an object name an OID in numeric form.
|
||||
RFC5280). The policy I<arg> can be an object name or an OID in numeric form.
|
||||
This argument can appear more than once.
|
||||
|
||||
=item B<-explicit_policy>
|
||||
@ -686,7 +686,7 @@ The checks enabled by B<-x509_strict> have been extended in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -18,6 +18,7 @@ ASN1_INTEGER_new, ASN1_INTEGER_free - ASN1_INTEGER allocation functions
|
||||
ASN1_INTEGER_new() returns an allocated B<ASN1_INTEGER> structure.
|
||||
|
||||
ASN1_INTEGER_free() frees up a single B<ASN1_INTEGER> object.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
B<ASN1_INTEGER> structure representing the ASN.1 INTEGER type
|
||||
|
||||
@ -34,7 +35,7 @@ L<ERR_get_error(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -178,6 +178,9 @@ operation, normally it is detected by a polling function or an interrupt, as the
|
||||
user code set a callback by calling ASYNC_WAIT_CTX_set_callback() previously,
|
||||
then the registered callback will be called.
|
||||
|
||||
ASYNC_WAIT_CTX_free() frees up a single B<ASYNC_WAIT_CTX> object.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
ASYNC_WAIT_CTX_new() returns a pointer to the newly allocated B<ASYNC_WAIT_CTX>
|
||||
@ -216,7 +219,7 @@ were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -38,6 +38,7 @@ with routines that will fill it with information, such as
|
||||
BIO_accept_ex().
|
||||
|
||||
BIO_ADDR_free() frees a B<BIO_ADDR> created with BIO_ADDR_new().
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
BIO_ADDR_clear() clears any data held within the provided B<BIO_ADDR> and sets
|
||||
it back to an uninitialised state.
|
||||
@ -115,7 +116,7 @@ L<BIO_connect(3)>, L<BIO_s_connect(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -78,7 +78,7 @@ BIO_ADDRINFO_next() returns the next B<BIO_ADDRINFO> in the chain
|
||||
from the given one.
|
||||
|
||||
BIO_ADDRINFO_free() frees the chain of B<BIO_ADDRINFO> starting
|
||||
with the given one.
|
||||
with the given one. If the argument is NULL, nothing is done.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
@ -103,7 +103,7 @@ The BIO_lookup_ex() function was added in OpenSSL 1.1.1.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -21,25 +21,23 @@ any data read through it.
|
||||
|
||||
Base64 BIOs do not support BIO_gets() or BIO_puts().
|
||||
|
||||
For writing, output is by default divided to lines of length 64
|
||||
characters and there is always a newline at the end of output.
|
||||
For writing, by default output is divided to lines of length 64
|
||||
characters and there is a newline at the end of output.
|
||||
This behavior can be changed with B<BIO_FLAGS_BASE64_NO_NL> flag.
|
||||
|
||||
For reading, first line should be at most 1024
|
||||
characters long. If it is longer then it is ignored completely.
|
||||
Other input lines can be of any length. There must be a newline
|
||||
at the end of input.
|
||||
|
||||
This behavior can be changed with BIO_FLAGS_BASE64_NO_NL flag.
|
||||
For reading, first line should be at most 1024 bytes long including newline
|
||||
unless the flag B<BIO_FLAGS_BASE64_NO_NL> is set.
|
||||
Further input lines can be of any length (i.e., newlines may appear anywhere
|
||||
in the input) and a newline at the end of input is not needed.
|
||||
|
||||
BIO_flush() on a base64 BIO that is being written through is
|
||||
used to signal that no more data is to be encoded: this is used
|
||||
to flush the final block through the BIO.
|
||||
|
||||
The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags().
|
||||
The flag B<BIO_FLAGS_BASE64_NO_NL> can be set with BIO_set_flags().
|
||||
For writing, it causes all data to be written on one line without
|
||||
newline at the end.
|
||||
For reading, it expects the data to be all on one line (with or
|
||||
without a trailing newline).
|
||||
For reading, it removes all expectations on newlines in the input data.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
@ -85,6 +83,10 @@ data to standard output:
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
On decoding, if the flag B<BIO_FLAGS_BASE64_NO_NL> is not set and
|
||||
the first 1024 bytes of input do not include a newline character
|
||||
the first two lines of input are ignored.
|
||||
|
||||
The ambiguity of EOF in base64 encoded data can cause additional
|
||||
data following the base64 encoded block to be misinterpreted.
|
||||
|
||||
@ -93,7 +95,7 @@ to reliably determine EOF (for example a MIME boundary).
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -76,7 +76,7 @@ additionally have the "descriptor" bit set (B<BIO_TYPE_DESCRIPTOR>). See the
|
||||
L<BIO_find_type(3)> page for more information.
|
||||
|
||||
BIO_meth_free() destroys a B<BIO_METHOD> structure and frees up any memory
|
||||
associated with it.
|
||||
associated with it. If the argument is NULL, nothing is done.
|
||||
|
||||
BIO_meth_get_write_ex() and BIO_meth_set_write_ex() get and set the function
|
||||
used for writing arbitrary length data to the BIO respectively. This function
|
||||
@ -157,7 +157,7 @@ The functions described here were added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -14,9 +14,9 @@ arithmetic operations on BIGNUMs
|
||||
|
||||
int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
||||
|
||||
int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
|
||||
int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
|
||||
|
||||
int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
|
||||
int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
|
||||
|
||||
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
|
||||
BN_CTX *ctx);
|
||||
@ -25,25 +25,25 @@ arithmetic operations on BIGNUMs
|
||||
|
||||
int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
|
||||
int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
|
||||
BN_CTX *ctx);
|
||||
|
||||
int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
|
||||
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
|
||||
BN_CTX *ctx);
|
||||
|
||||
int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
|
||||
int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
|
||||
BN_CTX *ctx);
|
||||
|
||||
int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
|
||||
int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
|
||||
BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
|
||||
|
||||
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
|
||||
int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
|
||||
|
||||
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
||||
int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
|
||||
int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
@ -135,7 +135,7 @@ L<BN_add_word(3)>, L<BN_set_bit(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -167,7 +167,8 @@ programs should prefer the "new" style, whilst the "old" style is provided
|
||||
for backwards compatibility purposes.
|
||||
|
||||
A B<BN_GENCB> structure should be created through a call to BN_GENCB_new(),
|
||||
and freed through a call to BN_GENCB_free().
|
||||
and freed through a call to BN_GENCB_free(). If the argument is NULL,
|
||||
nothing is done.
|
||||
|
||||
For "new" style callbacks a BN_GENCB structure should be initialised with a
|
||||
call to BN_GENCB_set(), where B<gencb> is a B<BN_GENCB *>, B<callback> is of
|
||||
@ -245,7 +246,7 @@ BN_check_prime() was added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -33,8 +33,11 @@ error occurs if B<a> is shorter than B<n> bits.
|
||||
BN_is_bit_set() tests if bit B<n> in B<a> is set.
|
||||
|
||||
BN_mask_bits() truncates B<a> to an B<n> bit number
|
||||
(C<a&=~((~0)E<lt>E<lt>n)>). An error occurs if B<a> already is
|
||||
shorter than B<n> bits.
|
||||
(C<a&=~((~0)E<lt>E<lt>n)>). An error occurs if B<n> is negative. An error is
|
||||
also returned if the internal representation of B<a> is already shorter than
|
||||
B<n> bits. The internal representation depends on the platform's word size, and
|
||||
this error can be safely ignored. Use L<BN_num_bits(3)> to determine the exact
|
||||
number of bits if needed.
|
||||
|
||||
BN_lshift() shifts B<a> left by B<n> bits and places the result in
|
||||
B<r> (C<r=a*2^n>). Note that B<n> must be nonnegative. BN_lshift1() shifts
|
||||
@ -59,7 +62,7 @@ L<BN_num_bytes(3)>, L<BN_add(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -34,6 +34,7 @@ should be allocated on the secure heap; see L<CRYPTO_secure_malloc(3)>.
|
||||
|
||||
BUF_MEM_free() frees up an already existing buffer. The data is zeroed
|
||||
before freeing up in case the buffer contains sensitive data.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
BUF_MEM_grow() changes the size of an already existing buffer to
|
||||
B<len>. Any data already in the buffer is preserved if it increases in
|
||||
@ -65,7 +66,7 @@ The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -69,6 +69,7 @@ CRYPTO_THREAD_unlock() unlocks the previously locked I<lock>.
|
||||
=item *
|
||||
|
||||
CRYPTO_THREAD_lock_free() frees the provided I<lock>.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
=item *
|
||||
|
||||
@ -163,10 +164,13 @@ This example safely initializes and uses a lock.
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (mylock()) {
|
||||
/* Your code here, do not return without releasing the lock! */
|
||||
ret = ... ;
|
||||
if (!mylock()) {
|
||||
/* Do not unlock unless the lock was successfully acquired. */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Your code here, do not return without releasing the lock! */
|
||||
ret = ... ;
|
||||
myunlock();
|
||||
return ret;
|
||||
}
|
||||
@ -183,7 +187,7 @@ L<crypto(7)>, L<openssl-threads(7)>.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -52,7 +52,7 @@ The expected format of the file is:
|
||||
|
||||
Once a CTLOG_STORE is no longer required, it should be passed to
|
||||
CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along
|
||||
with the CTLOG_STORE itself.
|
||||
with the CTLOG_STORE itself. If the argument is NULL, nothing is done.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
@ -78,7 +78,7 @@ added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -50,7 +50,7 @@ property query string are used.
|
||||
Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the
|
||||
caller's responsibility to pass the CTLOG to CTLOG_free() once it is no longer
|
||||
needed. This will delete it and, if created by CTLOG_new(), the EVP_PKEY that
|
||||
was passed to it.
|
||||
was passed to it. If the argument to CTLOG_free() is NULL, nothing is done.
|
||||
|
||||
CTLOG_get0_name() returns the name of the log, as provided when the CTLOG was
|
||||
created. Ownership of the string remains with the CTLOG.
|
||||
@ -80,7 +80,7 @@ were added in OpenSSL 3.0. All other functions were added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -105,7 +105,8 @@ The time should be in milliseconds since the Unix Epoch.
|
||||
Each setter has a matching getter for accessing the current value.
|
||||
|
||||
When no longer required, the B<CT_POLICY_EVAL_CTX> should be passed to
|
||||
CT_POLICY_EVAL_CTX_free() to delete it.
|
||||
CT_POLICY_EVAL_CTX_free() to delete it. If the argument to
|
||||
CT_POLICY_EVAL_CTX_free() is NULL, nothing is done.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
@ -130,7 +131,7 @@ functions were added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -81,7 +81,7 @@ parameter. This might be useful for creating a new B<DH_METHOD> based on an
|
||||
existing one, but with some differences.
|
||||
|
||||
DH_meth_free() destroys a B<DH_METHOD> structure and frees up any memory
|
||||
associated with it.
|
||||
associated with it. If the argument is NULL, nothing is done.
|
||||
|
||||
DH_meth_get0_name() will return a pointer to the name of this DH_METHOD. This
|
||||
is a pointer to the internal name string and so should not be freed by the
|
||||
@ -166,7 +166,7 @@ The functions described here were added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -20,6 +20,7 @@ DSA_SIG_new() allocates an empty B<DSA_SIG> structure.
|
||||
|
||||
DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
|
||||
values are erased before the memory is returned to the system.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
DSA_SIG_get0() returns internal pointers to the B<r> and B<s> values contained
|
||||
in B<sig>.
|
||||
@ -48,7 +49,7 @@ L<ERR_get_error(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -110,7 +110,7 @@ parameter. This might be useful for creating a new B<DSA_METHOD> based on an
|
||||
existing one, but with some differences.
|
||||
|
||||
DSA_meth_free() destroys a B<DSA_METHOD> structure and frees up any memory
|
||||
associated with it.
|
||||
associated with it. If the argument is NULL, nothing is done.
|
||||
|
||||
DSA_meth_get0_name() will return a pointer to the name of this DSA_METHOD. This
|
||||
is a pointer to the internal name string and so should not be freed by the
|
||||
@ -214,7 +214,7 @@ The functions described here were added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -31,6 +31,7 @@ ECDSA_SIG_new() allocates an empty B<ECDSA_SIG> structure.
|
||||
Note: before OpenSSL 1.1.0, the I<r> and I<s> components were initialised.
|
||||
|
||||
ECDSA_SIG_free() frees the B<ECDSA_SIG> structure I<sig>.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
ECDSA_SIG_get0() returns internal pointers the I<r> and I<s> values contained
|
||||
in I<sig> and stores them in I<*pr> and I<*ps>, respectively.
|
||||
@ -136,7 +137,7 @@ L<ECDSA_sign(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2004-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -227,7 +227,8 @@ references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(),
|
||||
ENGINE_get_next(), ENGINE_get_prev(). All structural references should be
|
||||
released by a corresponding to call to the ENGINE_free() function - the
|
||||
ENGINE object itself will only actually be cleaned up and deallocated when
|
||||
the last structural reference is released.
|
||||
the last structural reference is released. If the argument to ENGINE_free()
|
||||
is NULL, nothing is done.
|
||||
|
||||
It should also be noted that many ENGINE API function calls that accept a
|
||||
structural reference will internally obtain another reference - typically
|
||||
@ -665,7 +666,7 @@ and should not be used.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -45,7 +45,7 @@ The returned value must eventually be freed with EVP_ASYM_CIPHER_free().
|
||||
EVP_ASYM_CIPHER_free() decrements the reference count for the B<EVP_ASYM_CIPHER>
|
||||
structure. Typically this structure will have been obtained from an earlier call
|
||||
to EVP_ASYM_CIPHER_fetch(). If the reference count drops to 0 then the
|
||||
structure is freed.
|
||||
structure is freed. If the argument is NULL, nothing is done.
|
||||
|
||||
EVP_ASYM_CIPHER_up_ref() increments the reference count for an
|
||||
B<EVP_ASYM_CIPHER> structure.
|
||||
@ -102,7 +102,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -80,6 +80,7 @@ EVP_CIPHER_meth_new() creates a new B<EVP_CIPHER> structure.
|
||||
EVP_CIPHER_meth_dup() creates a copy of B<cipher>.
|
||||
|
||||
EVP_CIPHER_meth_free() destroys a B<EVP_CIPHER> structure.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
EVP_CIPHER_meth_set_iv_length() sets the length of the IV.
|
||||
This is only needed when the implemented cipher mode requires it.
|
||||
@ -249,7 +250,7 @@ counted in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -157,6 +157,7 @@ Increments the reference count for an B<EVP_MD> structure.
|
||||
|
||||
Decrements the reference count for the fetched B<EVP_MD> structure.
|
||||
If the reference count drops to 0 then the structure is freed.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
=item EVP_MD_CTX_new()
|
||||
|
||||
@ -170,6 +171,7 @@ existing context.
|
||||
=item EVP_MD_CTX_free()
|
||||
|
||||
Cleans up digest context I<ctx> and frees up the space allocated to it.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
=item EVP_MD_CTX_ctrl()
|
||||
|
||||
@ -529,9 +531,13 @@ can be used the manipulate and test these B<EVP_MD_CTX> flags:
|
||||
|
||||
This flag instructs the digest to optimize for one update only, if possible.
|
||||
|
||||
=for comment EVP_MD_CTX_FLAG_CLEANED is internal, don't mention it
|
||||
=item EVP_MD_CTX_FLAG_CLEANED
|
||||
|
||||
=for comment EVP_MD_CTX_FLAG_REUSE is internal, don't mention it
|
||||
This flag is for internal use only and I<must not> be used in user code.
|
||||
|
||||
=item EVP_MD_CTX_FLAG_REUSE
|
||||
|
||||
This flag is for internal use only and I<must not> be used in user code.
|
||||
|
||||
=for comment We currently avoid documenting flags that are only bit holder:
|
||||
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, EVP_MD_CTX_FLAGS_PAD_*
|
||||
|
@ -41,7 +41,7 @@ EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for
|
||||
the encode/decode functions.
|
||||
|
||||
EVP_ENCODE_CTX_free() cleans up an encode/decode context B<ctx> and frees up the
|
||||
space allocated to it.
|
||||
space allocated to it. If the argument is NULL, nothing is done.
|
||||
|
||||
Encoding of binary data is performed in blocks of 48 input bytes (or less for
|
||||
the final block). For each 48 byte input block encoded 64 bytes of base 64 data
|
||||
@ -151,7 +151,7 @@ L<evp(7)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -268,6 +268,7 @@ Increments the reference count for an B<EVP_CIPHER> structure.
|
||||
|
||||
Decrements the reference count for the fetched B<EVP_CIPHER> structure.
|
||||
If the reference count drops to 0 then the structure is freed.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
=item EVP_CIPHER_CTX_new()
|
||||
|
||||
@ -276,9 +277,9 @@ Allocates and returns a cipher context.
|
||||
=item EVP_CIPHER_CTX_free()
|
||||
|
||||
Clears all information from a cipher context and frees any allocated memory
|
||||
associated with it, including I<ctx> itself. This function should be called after
|
||||
all operations using a cipher are complete so sensitive information does not
|
||||
remain in memory.
|
||||
associated with it, including I<ctx> itself. This function should be called
|
||||
after all operations using a cipher are complete so sensitive information does
|
||||
not remain in memory. If the argument is NULL, nothing is done.
|
||||
|
||||
=item EVP_CIPHER_CTX_ctrl()
|
||||
|
||||
@ -360,9 +361,13 @@ exists.
|
||||
|
||||
Encrypts I<inl> bytes from the buffer I<in> and writes the encrypted version to
|
||||
I<out>. The pointers I<out> and I<in> may point to the same location, in which
|
||||
case the encryption will be done in-place. If I<out> and I<in> point to different
|
||||
locations, the two buffers must be disjoint, otherwise the operation might fail
|
||||
or the outcome might be undefined.
|
||||
case the encryption will be done in-place. However, in-place encryption is
|
||||
guaranteed to work only if the encryption context (I<ctx>) has processed data in
|
||||
multiples of the block size. If the context contains an incomplete data block
|
||||
from previous operations, in-place encryption will fail.
|
||||
|
||||
If I<out> and I<in> point to different locations, the two buffers must be
|
||||
disjoint, otherwise the operation might fail or the outcome might be undefined.
|
||||
|
||||
This function can be called multiple times to encrypt successive blocks
|
||||
of data. The amount of data written depends on the block alignment of the
|
||||
@ -1733,7 +1738,7 @@ The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -41,6 +41,7 @@ The returned value must eventually be freed with EVP_KEM_free().
|
||||
EVP_KEM_free() decrements the reference count for the B<EVP_KEM> structure.
|
||||
Typically this structure will have been obtained from an earlier call to
|
||||
EVP_KEM_fetch(). If the reference count drops to 0 then the structure is freed.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
EVP_KEM_up_ref() increments the reference count for an B<EVP_KEM> structure.
|
||||
|
||||
@ -95,7 +96,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -41,7 +41,7 @@ The returned value must eventually be freed with EVP_KEYEXCH_free().
|
||||
EVP_KEYEXCH_free() decrements the reference count for the B<EVP_KEYEXCH>
|
||||
structure. Typically this structure will have been obtained from an earlier call
|
||||
to EVP_KEYEXCH_fetch(). If the reference count drops to 0 then the
|
||||
structure is freed.
|
||||
structure is freed. If the argument is NULL, nothing is done.
|
||||
|
||||
EVP_KEYEXCH_up_ref() increments the reference count for an B<EVP_KEYEXCH>
|
||||
structure.
|
||||
@ -101,7 +101,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -62,6 +62,7 @@ B<EVP_KEYMGMT> I<keymgmt>.
|
||||
|
||||
EVP_KEYMGMT_free() decrements the reference count for the given
|
||||
B<EVP_KEYMGMT> I<keymgmt>, and when the count reaches zero, frees it.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
EVP_KEYMGMT_get0_provider() returns the provider that has this particular
|
||||
implementation.
|
||||
@ -140,7 +141,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -74,6 +74,7 @@ EVP_MD_meth_dup() creates a copy of B<md>.
|
||||
|
||||
EVP_MD_meth_free() decrements the reference count for the B<EVP_MD> structure.
|
||||
If the reference count drops to 0 then the structure is freed.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
EVP_MD_meth_set_input_blocksize() sets the internal input block size
|
||||
for the method B<md> to B<blocksize> bytes.
|
||||
@ -194,7 +195,7 @@ counted in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -393,7 +393,7 @@ This function is not thread safe, it's recommended to only use this
|
||||
when initializing the application.
|
||||
|
||||
EVP_PKEY_asn1_free() frees an existing B<EVP_PKEY_ASN1_METHOD> pointed
|
||||
by B<ameth>.
|
||||
by B<ameth>. If the argument is NULL, nothing is done.
|
||||
|
||||
EVP_PKEY_asn1_add0() adds B<ameth> to the user defined stack of
|
||||
methods unless another B<EVP_PKEY_ASN1_METHOD> with the same NID is
|
||||
@ -439,7 +439,7 @@ parameter is now constified.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -407,7 +407,7 @@ of an B<EVP_PKEY_METHOD> is always called by the EVP framework while doing a
|
||||
digest signing operation by calling L<EVP_DigestSignFinal(3)>.
|
||||
|
||||
EVP_PKEY_meth_free() frees an existing B<EVP_PKEY_METHOD> pointed by
|
||||
B<pmeth>.
|
||||
B<pmeth>. If the argument is NULL, nothing is done.
|
||||
|
||||
EVP_PKEY_meth_copy() copies an B<EVP_PKEY_METHOD> object from B<src>
|
||||
to B<dst>.
|
||||
@ -456,7 +456,7 @@ has changed in OpenSSL 3.0 so its I<src> parameter is now constified.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -284,7 +284,7 @@ associated RAND ctx.
|
||||
Reads or set the number of elapsed seconds before reseeding the
|
||||
associated RAND ctx.
|
||||
|
||||
=item "max_request" (B<OSSL_DRBG_PARAM_RESEED_REQUESTS>) <unsigned integer>
|
||||
=item "max_request" (B<OSSL_RAND_PARAM_MAX_REQUEST>) <unsigned integer>
|
||||
|
||||
Specifies the maximum number of bytes that can be generated in a single
|
||||
call to OSSL_FUNC_rand_generate.
|
||||
@ -406,7 +406,7 @@ This functionality was added to OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -49,7 +49,7 @@ The returned value must eventually be freed with EVP_SIGNATURE_free().
|
||||
EVP_SIGNATURE_free() decrements the reference count for the B<EVP_SIGNATURE>
|
||||
structure. Typically this structure will have been obtained from an earlier call
|
||||
to EVP_SIGNATURE_fetch(). If the reference count drops to 0 then the
|
||||
structure is freed.
|
||||
structure is freed. If the argument is NULL, nothing is done.
|
||||
|
||||
EVP_SIGNATURE_up_ref() increments the reference count for an B<EVP_SIGNATURE>
|
||||
structure.
|
||||
@ -106,7 +106,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -87,7 +87,7 @@ created with HMAC_CTX_new().
|
||||
|
||||
HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
|
||||
releases any associated resources and finally frees the B<HMAC_CTX>
|
||||
itself.
|
||||
itself. If the argument is NULL, nothing is done.
|
||||
|
||||
The following functions may be used if the message is not completely
|
||||
stored in memory:
|
||||
@ -163,7 +163,7 @@ OpenSSL before version 1.0.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,12 +7,12 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/md2.h>
|
||||
|
||||
The following functions have been deprecated since OpenSSL 3.0, and can be
|
||||
hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
|
||||
see L<openssl_user_macros(7)>:
|
||||
|
||||
#include <openssl/md2.h>
|
||||
|
||||
unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md);
|
||||
|
||||
int MD2_Init(MD2_CTX *c);
|
||||
@ -20,25 +20,24 @@ see L<openssl_user_macros(7)>:
|
||||
int MD2_Final(unsigned char *md, MD2_CTX *c);
|
||||
|
||||
|
||||
#include <openssl/md4.h>
|
||||
|
||||
The following functions have been deprecated since OpenSSL 3.0, and can be
|
||||
hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
|
||||
see L<openssl_user_macros(7)>:
|
||||
|
||||
#include <openssl/md4.h>
|
||||
|
||||
unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
|
||||
|
||||
int MD4_Init(MD4_CTX *c);
|
||||
int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
|
||||
int MD4_Final(unsigned char *md, MD4_CTX *c);
|
||||
|
||||
|
||||
#include <openssl/md5.h>
|
||||
|
||||
The following functions have been deprecated since OpenSSL 3.0, and can be
|
||||
hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
|
||||
see L<openssl_user_macros(7)>:
|
||||
|
||||
#include <openssl/md5.h>
|
||||
|
||||
unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
|
||||
|
||||
int MD5_Init(MD5_CTX *c);
|
||||
@ -105,7 +104,7 @@ All of these functions were deprecated in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -35,7 +35,7 @@ I<meth> is set to NULL then the default value of NCONF_default() is used.
|
||||
NCONF_new() is similar to NCONF_new_ex() but sets the I<libctx> to NULL.
|
||||
|
||||
NCONF_free() frees the data associated with I<conf> and then frees the I<conf>
|
||||
object.
|
||||
object. If the argument is NULL, nothing is done.
|
||||
|
||||
NCONF_load() parses the file named I<filename> and adds the values found to
|
||||
I<conf>. If an error occurs I<file> and I<eline> list the file and line that
|
||||
@ -74,7 +74,7 @@ in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -29,6 +29,7 @@ OCSP_request_onereq_get0 - OCSP request functions
|
||||
OCSP_REQUEST_new() allocates and returns an empty B<OCSP_REQUEST> structure.
|
||||
|
||||
OCSP_REQUEST_free() frees up the request structure B<req>.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OCSP_request_add0_id() adds certificate ID B<cid> to B<req>. It returns
|
||||
the B<OCSP_ONEREQ> structure added so an application can add additional
|
||||
@ -108,7 +109,7 @@ L<OCSP_sendreq_new(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -38,6 +38,7 @@ issuer name B<issuerName>, issuer key hash B<issuerKey> and serial number
|
||||
B<serialNumber>.
|
||||
|
||||
OCSP_CERTID_free() frees up B<id>.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OCSP_id_cmp() compares B<OCSP_CERTID> B<a> and B<b>.
|
||||
|
||||
@ -79,7 +80,7 @@ L<OCSP_sendreq_new(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -46,6 +46,7 @@ OCSP_response_create() creates and returns an I<OCSP_RESPONSE> structure for
|
||||
I<status> and optionally including basic response I<bs>.
|
||||
|
||||
OCSP_RESPONSE_free() frees up OCSP response I<resp>.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the
|
||||
subject name in the supplied X509 certificate I<cert> for the OCSP responder.
|
||||
@ -123,7 +124,7 @@ The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -123,7 +123,7 @@ Then a hash table of B<I<TYPE>> objects can be created using this:
|
||||
B<lh_I<TYPE>_free>() frees the B<LHASH_OF>(B<I<TYPE>>) structure
|
||||
I<table>. Allocated hash table entries will not be freed; consider
|
||||
using B<lh_I<TYPE>_doall>() to deallocate any remaining entries in the
|
||||
hash table (see below).
|
||||
hash table (see below). If the argument is NULL, nothing is done.
|
||||
|
||||
B<lh_I<TYPE>_flush>() empties the B<LHASH_OF>(B<I<TYPE>>) structure I<table>. New
|
||||
entries can be added to the flushed table. Allocated hash table entries
|
||||
@ -299,7 +299,7 @@ type checking.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -249,6 +249,7 @@ If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in
|
||||
the configuration file will cause an error return from B<OPENSSL_init_crypto>
|
||||
or indirectly L<OPENSSL_init_ssl(3)>.
|
||||
The object can be released with OPENSSL_INIT_free() when done.
|
||||
If the argument to OPENSSL_INIT_free() is NULL, nothing is done.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
@ -289,7 +290,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -99,7 +99,8 @@ OPENSSL_zalloc() calls memset() to zero the memory before returning.
|
||||
OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used
|
||||
when the buffer at B<addr> holds sensitive information.
|
||||
The old buffer is filled with zero's by calling OPENSSL_cleanse()
|
||||
before ultimately calling OPENSSL_free().
|
||||
before ultimately calling OPENSSL_free(). If the argument to OPENSSL_free() is
|
||||
NULL, nothing is done.
|
||||
|
||||
OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
|
||||
Use OPENSSL_cleanse() with care if the memory is a mapping of a file.
|
||||
@ -198,7 +199,7 @@ clang's memory and leak sanitizer.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -82,13 +82,15 @@ If CRYPTO_secure_malloc_init() is not called, this is equivalent to
|
||||
calling OPENSSL_free().
|
||||
It exists for consistency with OPENSSL_secure_malloc() , and
|
||||
is a macro that expands to CRYPTO_secure_free() and adds the C<__FILE__>
|
||||
and C<__LINE__> parameters..
|
||||
and C<__LINE__> parameters.. If the argument to OPENSSL_secure_free()
|
||||
is NULL, nothing is done.
|
||||
|
||||
OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except
|
||||
that it has an additional C<num> parameter which is used to clear
|
||||
the memory if it was not allocated from the secure heap.
|
||||
If CRYPTO_secure_malloc_init() is not called, this is equivalent to
|
||||
calling OPENSSL_clear_free().
|
||||
calling OPENSSL_clear_free(). If the argument to OPENSSL_secure_clear_free()
|
||||
is NULL, nothing is done.
|
||||
|
||||
OPENSSL_secure_actual_size() tells the actual size allocated to the
|
||||
pointer; implementations may allocate more space than initially
|
||||
@ -133,7 +135,7 @@ a B<size_t> in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -176,6 +176,7 @@ the message timeout is set to 120 seconds,
|
||||
and the proof-of-possession method is set to OSSL_CRMF_POPO_SIGNATURE.
|
||||
|
||||
OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OSSL_CMP_CTX_reinit() prepares the given I<ctx> for a further transaction by
|
||||
clearing the internal CMP transaction (aka session) status, PKIStatusInfo,
|
||||
@ -312,6 +313,11 @@ RFC 4210.
|
||||
|
||||
Allow retrieving a trust anchor from extraCerts and using that
|
||||
to validate the certificate chain of an IP message.
|
||||
This is a quirk option added to support 3GPP TS 33.310.
|
||||
|
||||
Note that using this option is dangerous as the certificate obtained
|
||||
this way has not been authenticated (at least not at CMP level).
|
||||
Taking it over as a trust anchor implements trust-on-first-use (TOFU).
|
||||
|
||||
=back
|
||||
|
||||
@ -796,7 +802,7 @@ OSSL_CMP_CTX_reset_geninfo_ITAVs() was added in OpenSSL 3.0.8.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -104,6 +104,7 @@ associated with the library context I<libctx> and property query string
|
||||
I<propq>, both of which may be NULL to select the defaults.
|
||||
|
||||
OSSL_CMP_SRV_CTX_free() deletes the given I<srv_ctx>.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OSSL_CMP_SRV_CTX_init() sets in the given I<srv_ctx> a custom server context
|
||||
pointer as well as callback functions performing the specific processing of CMP
|
||||
@ -158,7 +159,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -40,11 +40,14 @@ using any trust store set via L<OSSL_CMP_CTX_set0_trustedStore(3)>.
|
||||
|
||||
If the option OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR was set by calling
|
||||
L<OSSL_CMP_CTX_set_option(3)>, for an Initialization Response (IP) message
|
||||
any self-issued certificate from the I<msg> extraCerts field may also be used
|
||||
as trust anchor for the path verification of an acceptable cert if it can be
|
||||
any self-issued certificate from the I<msg> extraCerts field may be used
|
||||
as a trust anchor for the path verification of an 'acceptable' cert if it can be
|
||||
used also to validate the issued certificate returned in the IP message. This is
|
||||
according to TS 33.310 [Network Domain Security (NDS); Authentication Framework
|
||||
(AF)] document specified by the The 3rd Generation Partnership Project (3GPP).
|
||||
Note that using this option is dangerous as the certificate obtained this way
|
||||
has not been authenticated (at least not at CMP level).
|
||||
Taking it over as a trust anchor implements trust-on-first-use (TOFU).
|
||||
|
||||
Any cert that has been found as described above is cached and tried first when
|
||||
validating the signatures of subsequent messages in the same transaction.
|
||||
@ -74,7 +77,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -61,6 +61,7 @@ I<decoder>.
|
||||
|
||||
OSSL_DECODER_free() decrements the reference count for the given
|
||||
I<decoder>, and when the count reaches zero, frees it.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OSSL_DECODER_get0_provider() returns the provider of the given
|
||||
I<decoder>.
|
||||
@ -180,7 +181,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -126,6 +126,7 @@ decoders that have been added to the I<ctx> so far. Parameters that an
|
||||
implementation doesn't recognise should be ignored by it.
|
||||
|
||||
OSSL_DECODER_CTX_free() frees the given context I<ctx>.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OSSL_DECODER_CTX_add_decoder() populates the B<OSSL_DECODER_CTX> I<ctx> with
|
||||
a decoder, to be used to attempt to decode some encoded input.
|
||||
@ -249,7 +250,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -82,7 +82,7 @@ choice of preferred pass phrase callback form. These are called indirectly,
|
||||
through an internal L<OSSL_PASSPHRASE_CALLBACK(3)> function.
|
||||
|
||||
The internal L<OSSL_PASSPHRASE_CALLBACK(3)> function caches the pass phrase, to
|
||||
be re-used in all decodings that are performed in the same decoding run (for
|
||||
be reused in all decodings that are performed in the same decoding run (for
|
||||
example, within one L<OSSL_DECODER_from_bio(3)> call).
|
||||
|
||||
=head2 Input Types
|
||||
@ -135,7 +135,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -61,6 +61,7 @@ I<encoder>.
|
||||
|
||||
OSSL_ENCODER_free() decrements the reference count for the given
|
||||
I<encoder>, and when the count reaches zero, frees it.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OSSL_ENCODER_get0_provider() returns the provider of the given
|
||||
I<encoder>.
|
||||
@ -134,7 +135,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -102,6 +102,7 @@ with an L<OSSL_PARAM(3)> array I<params>. Parameters that the
|
||||
implementation doesn't recognise should be ignored.
|
||||
|
||||
OSSL_ENCODER_CTX_free() frees the given context I<ctx>.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OSSL_ENCODER_CTX_add_encoder() populates the B<OSSL_ENCODER_CTX>
|
||||
I<ctx> with a encoder, to be used to encode an input object.
|
||||
@ -211,7 +212,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -71,6 +71,7 @@ which collects the HTTP request header lines.
|
||||
|
||||
OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I<rctx>.
|
||||
The I<rbio> is not free'd, I<wbio> will be free'd if I<free_wbio> is set.
|
||||
If the argument is NULL, nothing is done.
|
||||
|
||||
OSSL_HTTP_REQ_CTX_set_request_line() adds the 1st HTTP request line to I<rctx>.
|
||||
The HTTP method is determined by I<method_POST>,
|
||||
@ -260,7 +261,7 @@ The functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user