OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 00:20:08 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

deps: upgrade openssl sources to 1.0.2m

Browse Source 
This replaces all sources of openssl-1.0.2m.tar.gz into
deps/openssl/openssl

PR-URL: https://github.com/nodejs/node/pull/16691
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Shigeki Ohtsu 2017-11-03 00:22:35 +09:00 committed by Myles Borins
parent cb92f93cd5
commit 55e15ec820
No known key found for this signature in database
GPG Key ID: 933B01F40B5CA946
218 changed files with 1848 additions and 38829 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
deps/openssl/openssl/CHANGES vendored
View File

@ -2,6 +2,44 @@
OpenSSL CHANGES
_______________
This is a high-level summary of the most important changes.
For a full list of changes, see the git commit log; for example,
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.0.2l and 1.0.2m [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3736)
[Andy Polyakov]
*) Malformed X.509 IPAddressFamily could cause OOB read
If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3735)
[Rich Salz]
Changes between 1.0.2k and 1.0.2l [25 May 2017]
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target

6
deps/openssl/openssl/INSTALL vendored
View File

@ -190,10 +190,8 @@
the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAG line
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
http://www.openssl.org/support/rt.html.
in Makefile.ssl and run "make clean; make". To report a bug please open an
issue on GitHub, at https://github.com/openssl/openssl/issues.
4. If everything tests ok, install OpenSSL with

2
deps/openssl/openssl/Makefile vendored
View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=1.0.2l
VERSION=1.0.2m
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0

2
deps/openssl/openssl/Makefile.bak vendored
View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=1.0.2l
VERSION=1.0.2m
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0

5
deps/openssl/openssl/NEWS vendored
View File

@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw

2
deps/openssl/openssl/README vendored
View File

@ -1,5 +1,5 @@
OpenSSL 1.0.2l 25 May 2017
OpenSSL 1.0.2m 2 Nov 2017
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

11
deps/openssl/openssl/apps/app_rand.c vendored
View File

@ -124,16 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS
/*
* allocate 2 to dont_warn not to use RAND_screen() via
* -no_rand_screen option in s_client
*/
if (dont_warn != 2) {
BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e, " done\n");
}
RAND_screen();
#endif
if (file == NULL)

13
deps/openssl/openssl/apps/ca.c vendored
View File

@ -1985,10 +1985,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
if (ci->version == NULL)
if ((ci->version = ASN1_INTEGER_new()) == NULL)
goto err;
ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
/*
* Free the current entries if any, there should not be any I believe
@ -2051,6 +2047,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
}
{
STACK_OF(X509_EXTENSION) *exts = ci->extensions;
if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
goto err;
}
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))

33
deps/openssl/openssl/apps/s_client.c vendored
View File

@ -180,13 +180,6 @@ typedef unsigned int u_int;
# include <fcntl.h>
#endif
/* Use Windows API with STD_INPUT_HANDLE when checking for input?
Don't look at OPENSSL_SYS_MSDOS for this, since it is always defined if
OPENSSL_SYS_WINDOWS is defined */
#if defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WINCE) && defined(STD_INPUT_HANDLE)
#define OPENSSL_USE_STD_INPUT_HANDLE
#endif
#undef PROG
#define PROG s_client_main
@ -236,7 +229,6 @@ static BIO *bio_c_msg = NULL;
static int c_quiet = 0;
static int c_ign_eof = 0;
static int c_brief = 0;
static int c_no_rand_screen = 0;
#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
@ -452,10 +444,6 @@ static void sc_usage(void)
" -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err,
" -keymatexportlen len - Export len bytes of keying material (default 20)\n");
#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_err,
" -no_rand_screen - Do not use RAND_screen() to initialize random state\n");
#endif
}
#ifndef OPENSSL_NO_TLSEXT
@ -1148,10 +1136,6 @@ int MAIN(int argc, char **argv)
keymatexportlen = atoi(*(++argv));
if (keymatexportlen == 0)
goto bad;
#ifdef OPENSSL_SYS_WINDOWS
} else if (strcmp(*argv, "-no_rand_screen") == 0) {
c_no_rand_screen = 1;
#endif
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
@ -1268,7 +1252,7 @@ int MAIN(int argc, char **argv)
if (!load_excert(&exc, bio_err))
goto end;
if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
@ -1683,6 +1667,8 @@ int MAIN(int argc, char **argv)
if (strstr(mbuf, "/stream:features>"))
goto shut;
seen = BIO_read(sbio, mbuf, BUFSIZZ);
if (seen <= 0)
goto shut;
mbuf[seen] = 0;
}
BIO_printf(sbio,
@ -1806,7 +1792,10 @@ int MAIN(int argc, char **argv)
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
if (!i && (!_kbhit() || !read_tty))
continue;
# else
if (!i && (!((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle
@ -1814,8 +1803,6 @@ int MAIN(int argc, char **argv)
0)))
|| !read_tty))
continue;
#else
if(!i && (!_kbhit() || !read_tty) ) continue;
# endif
} else
i = select(width, (void *)&readfds, (void *)&writefds,
@ -2017,12 +2004,12 @@ int MAIN(int argc, char **argv)
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
else if (_kbhit())
# else
else if ((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
#else
else if (_kbhit())
# endif
#elif defined (OPENSSL_SYS_NETWARE)
else if (_kbhit())

2
deps/openssl/openssl/apps/s_server.c vendored
View File

@ -3017,7 +3017,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
PEM_write_bio_X509(io, peer);
} else
BIO_puts(io, "no client certificate available\n");
BIO_puts(io, "</BODY></HTML>\r\n\r\n");
BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break;
} else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) {

4
deps/openssl/openssl/apps/speed.c vendored
View File

@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig)
# if !defined(SIGALRM)
# define SIGALRM
# endif
static unsigned int lapse, schlock;
static volatile unsigned int lapse;
static volatile unsigned int schlock;
static void alarm_win32(unsigned int secs)
{
lapse = secs * 1000;
@ -725,6 +726,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no EVP given\n");
goto end;
}
evp_md = NULL;
evp_cipher = EVP_get_cipherbyname(*argv);
if (!evp_cipher) {
evp_md = EVP_get_digestbyname(*argv);

19
deps/openssl/openssl/apps/spkac.c vendored
View File

@ -5,7 +5,7 @@
* 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -185,20 +185,23 @@ int MAIN(int argc, char **argv)
}
e = setup_engine(bio_err, engine, 0);
if (keyfile) {
if (keyfile != NULL) {
pkey = load_key(bio_err,
strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key");
if (!pkey) {
if (pkey == NULL)
goto end;
}
spki = NETSCAPE_SPKI_new();
if (challenge)
if (spki == NULL)
goto end;
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (spkstr == NULL)
goto end;
if (outfile)
out = BIO_new_file(outfile, "w");
@ -253,7 +256,7 @@ int MAIN(int argc, char **argv)
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if (!spki) {
if (spki == NULL) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
goto end;
@ -282,9 +285,9 @@ int MAIN(int argc, char **argv)
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0)
if (i > 0) {
BIO_printf(bio_err, "Signature OK\n");
else {
} else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
goto end;

66
deps/openssl/openssl/apps/srp.c vendored
View File

@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type)
int i;
if (id == NULL)
return -1;
if (type == DB_SRP_INDEX)
if (type == DB_SRP_INDEX) {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX
&& !strcmp(id, pp[DB_srpid]))
return i;
} else
}
} else {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type)
&& !strcmp(id, pp[DB_srpid]))
return i;
}
}
return -1;
}
@ -177,8 +179,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
char **irow;
int i;
if ((irow =
(char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
if (irow == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
return 0;
}
@ -205,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
char *srp_usersalt, const char *g, const char *N,
const char *passin, BIO *bio, int verbose)
{
char password[1024];
char password[1025];
PW_CB_DATA cb_tmp;
char *verifier = NULL;
char *gNid = NULL;
int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passin;
if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio,
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, srp_verifier, srp_usersalt, g, N);
BIO_printf(bio, "Pass %s\n", password);
VVERBOSE BIO_printf(bio, "Pass %s\n", password);
if (!
(gNid =
SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
g))) {
if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
&verifier, N, g))) {
BIO_printf(bio, "Internal error validating SRP verifier\n");
} else {
if (strcmp(verifier, srp_verifier))
gNid = NULL;
OPENSSL_free(verifier);
}
OPENSSL_cleanse(password, len);
}
return gNid;
}
@ -237,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier,
char **srp_usersalt, char *g, char *N,
char *passout, BIO *bio, int verbose)
{
char password[1024];
char password[1025];
PW_CB_DATA cb_tmp;
char *gNid = NULL;
char *salt = NULL;
int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passout;
if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio,
"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, g, N);
if (!
(gNid =
SRP_create_verifier(user, password, &salt, srp_verifier, N,
g))) {
if (!(gNid = SRP_create_verifier(user, password, &salt,
srp_verifier, N, g))) {
BIO_printf(bio, "Internal error creating SRP verifier\n");
} else
} else {
*srp_usersalt = salt;
}
OPENSSL_cleanse(password, len);
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
gNid, salt, *srp_verifier);
@ -314,9 +321,9 @@ int MAIN(int argc, char **argv)
argc--;
argv++;
while (argc >= 1 && badops == 0) {
if (strcmp(*argv, "-verbose") == 0)
if (strcmp(*argv, "-verbose") == 0) {
verbose++;
else if (strcmp(*argv, "-config") == 0) {
} else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1)
goto bad;
configfile = *(++argv);
@ -328,15 +335,15 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
dbfile = *(++argv);
} else if (strcmp(*argv, "-add") == 0)
} else if (strcmp(*argv, "-add") == 0) {
add_user = 1;
else if (strcmp(*argv, "-delete") == 0)
} else if (strcmp(*argv, "-delete") == 0) {
delete_user = 1;
else if (strcmp(*argv, "-modify") == 0)
} else if (strcmp(*argv, "-modify") == 0) {
modify_user = 1;
else if (strcmp(*argv, "-list") == 0)
} else if (strcmp(*argv, "-list") == 0) {
list_user = 1;
else if (strcmp(*argv, "-gn") == 0) {
} else if (strcmp(*argv, "-gn") == 0) {
if (--argc < 1)
goto bad;
gN = *(++argv);
@ -366,8 +373,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
} else
} else {
break;
}
argc--;
argv++;
@ -388,7 +396,7 @@ int MAIN(int argc, char **argv)
"Need at least one user for options -add, -delete, -modify. \n");
badops = 1;
}
if ((passin || passout) && argc != 1) {
if ((passargin || passargout) && argc != 1) {
BIO_printf(bio_err,
"-passin, -passout arguments only valid with one user.\n");
badops = 1;
@ -706,9 +714,9 @@ int MAIN(int argc, char **argv)
doupdatedb = 1;
}
}
if (--argc > 0)
if (--argc > 0) {
user = *(argv++);
else {
} else {
user = NULL;
list_user = 0;
}

1
deps/openssl/openssl/apps/tsget vendored
View File

@ -193,4 +193,3 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
WWW::Curl::Easy::global_cleanup();

17
deps/openssl/openssl/crypto/LPdir_win.c vendored
View File

@ -94,8 +94,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
TCHAR *wdir = NULL;
/* len_0 denotes string length *with* trailing 0 */
size_t index = 0, len_0 = strlen(extdir) + 1;
size_t amount;
wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
/*
* Size check
* The reasoning is that absolutely worst case, each byte in
* extdir will take up one TCHAR each, so the maximum size in
* bytes that we can tolerate is MAX_PATH TCHARs... not counting
* the ending NUL.
*/
if ((len_0 - 1) > MAX_PATH * sizeof(TCHAR)) {
free(*ctx);
*ctx = NULL;
errno = EINVAL;
return 0;
}
amount = len_0 * sizeof(TCHAR);
wdir = (TCHAR *)malloc(amount);
if (wdir == NULL) {
if (extdirbuf != NULL) {
free(extdirbuf);

4
deps/openssl/openssl/crypto/asn1/Makefile vendored
View File

@ -680,7 +680,7 @@ tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
tasn_fre.o: ../../include/openssl/symhacks.h asn1_int.h tasn_fre.c
tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@ -688,7 +688,7 @@ tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
tasn_new.o: ../../include/openssl/symhacks.h asn1_int.h tasn_new.c
tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

6
deps/openssl/openssl/crypto/asn1/a_bitstr.c vendored
View File

@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
#include <limits.h>
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
@ -136,6 +137,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
goto err;
}
if (len > INT_MAX) {
i = ASN1_R_STRING_TOO_LONG;
goto err;
}
if ((a == NULL) || ((*a) == NULL)) {
if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
return (NULL);

25
deps/openssl/openssl/include/openssl/pem2.h → deps/openssl/openssl/crypto/asn1/asn1_int.h vendored
View File

@ -1,5 +1,10 @@
/* asn1t.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -52,19 +57,7 @@
*
*/
/*
* This header only exists to break a circular dependency between pem and err
* Ben 30 Jan 1999.
*/
/* Internal ASN1 template structures and functions: not for application use */
#ifdef __cplusplus
extern "C" {
#endif
#ifndef HEADER_PEM_H
void ERR_load_PEM_strings(void);
#endif
#ifdef __cplusplus
}
#endif
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);

7
deps/openssl/openssl/crypto/asn1/tasn_fre.c vendored
View File

@ -61,9 +61,7 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);
#include "asn1_int.h"
/* Free up an ASN1 structure */
@ -77,8 +75,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_item_combine_free(pval, it, 0);
}
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine)
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
{
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;

5
deps/openssl/openssl/crypto/asn1/tasn_new.c vendored
View File

@ -63,6 +63,7 @@
#include <openssl/err.h>
#include <openssl/asn1t.h>
#include <string.h>
#include "asn1_int.h"
static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);
@ -199,7 +200,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1;
memerr2:
ASN1_item_ex_free(pval, it);
asn1_item_combine_free(pval, it, combine);
memerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG
@ -209,7 +210,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 0;
auxerr2:
ASN1_item_ex_free(pval, it);
asn1_item_combine_free(pval, it, combine);
auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
#ifdef CRYPTO_MDEBUG

18
deps/openssl/openssl/crypto/asn1/x_name.c vendored
View File

@ -523,19 +523,11 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
{
X509_NAME *in;
if (!xn || !name)
return (0);
if (*xn != name) {
in = X509_NAME_dup(name);
if (in != NULL) {
X509_NAME_free(*xn);
*xn = in;
}
}
return (*xn != NULL);
if ((name = X509_NAME_dup(name)) == NULL)
return 0;
X509_NAME_free(*xn);
*xn = name;
return 1;
}
IMPLEMENT_STACK_OF(X509_NAME_ENTRY)

21
deps/openssl/openssl/crypto/asn1/x_pkey.c vendored
View File

@ -106,10 +106,14 @@ X509_PKEY *X509_PKEY_new(void)
X509_PKEY *ret = NULL;
ASN1_CTX c;
M_ASN1_New_Malloc(ret, X509_PKEY);
ret = OPENSSL_malloc(sizeof(X509_PKEY));
if (ret == NULL) {
c.line = __LINE__;
goto err;
}
ret->version = 0;
M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
ret->enc_algor = X509_ALGOR_new();
ret->enc_pkey = M_ASN1_OCTET_STRING_new();
ret->dec_pkey = NULL;
ret->key_length = 0;
ret->key_data = NULL;
@ -117,8 +121,15 @@ X509_PKEY *X509_PKEY_new(void)
ret->cipher.cipher = NULL;
memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
ret->references = 1;
return (ret);
M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
if (ret->enc_algor == NULL || ret->enc_pkey == NULL) {
c.line = __LINE__;
goto err;
}
return ret;
err:
X509_PKEY_free(ret);
ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line);
return NULL;
}
void X509_PKEY_free(X509_PKEY *x)

12
deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl vendored
View File

@ -3090,11 +3090,19 @@ $code.=<<___;
.align 32
.Lsqrx8x_break:
sub 16+8(%rsp),%r8 # consume last carry
xor $zero,$zero
sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
adcx $zero,%r8
mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
adcx $zero,%r9
mov 0*8($aptr),%rdx # a[8], modulo-scheduled
xor %ebp,%ebp # xor $zero,$zero
adc \$0,%r10
mov %r8,0*8($tptr)
adc \$0,%r11
adc \$0,%r12
adc \$0,%r13
adc \$0,%r14
adc \$0,%r15
cmp $carry,$tptr # cf=0, of=0
je .Lsqrx8x_outer_loop

22
deps/openssl/openssl/crypto/bn/bn_exp.c vendored
View File

@ -145,7 +145,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
int i, bits, ret = 0;
BIGNUM *v, *rr;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
@ -245,7 +246,9 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
if (BN_is_odd(m)) {
# ifdef MONT_EXP_WORD
if (a->top == 1 && !a->neg
&& (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
&& (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)
&& (BN_get_flags(a, BN_FLG_CONSTTIME) == 0)
&& (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) {
BN_ULONG A = a->d[0];
ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
} else
@ -277,7 +280,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BIGNUM *val[TABLE_SIZE];
BN_RECP_CTX recp;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
@ -411,7 +416,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
BIGNUM *val[TABLE_SIZE];
BN_MONT_CTX *mont = NULL;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
}
@ -1217,7 +1224,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
@ -1348,7 +1356,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;

3
deps/openssl/openssl/crypto/bn/bn_lib.c vendored
View File

@ -524,6 +524,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
BN_set_flags(a, BN_FLG_CONSTTIME);
a->top = b->top;
a->neg = b->neg;
bn_check_top(a);

3
deps/openssl/openssl/crypto/bn/bn_mont.c vendored
View File

@ -394,6 +394,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
tmod.dmax = 2;
tmod.neg = 0;
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(&tmod, BN_FLG_CONSTTIME);
mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)

40
deps/openssl/openssl/crypto/bn/bn_mul.c vendored
View File

@ -1032,46 +1032,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
rr->top = top;
goto end;
}
# if 0
if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)b;
if (bn_wexpand(tmp_bn, al) == NULL)
goto err;
tmp_bn->d[bl] = 0;
bl++;
i--;
} else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)a;
if (bn_wexpand(tmp_bn, bl) == NULL)
goto err;
tmp_bn->d[al] = 0;
al++;
i++;
}
if (i == 0) {
/* symmetric and > 4 */
/* 16 or larger */
j = BN_num_bits_word((BN_ULONG)al);
j = 1 << (j - 1);
k = j + j;
t = BN_CTX_get(ctx);
if (al == j) { /* exact multiple */
if (bn_wexpand(t, k * 2) == NULL)
goto err;
if (bn_wexpand(rr, k * 2) == NULL)
goto err;
bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
} else {
if (bn_wexpand(t, k * 4) == NULL)
goto err;
if (bn_wexpand(rr, k * 4) == NULL)
goto err;
bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d);
}
rr->top = top;
goto end;
}
# endif
}
#endif /* BN_RECURSION */
if (bn_wexpand(rr, top) == NULL)

8
deps/openssl/openssl/crypto/bn/bn_x931p.c vendored
View File

@ -217,6 +217,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
if (t == NULL)
goto err;
for (i = 0; i < 1000; i++) {
if (!BN_rand(Xq, nbits, 1, 0))
@ -255,10 +257,12 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
int ret = 0;
BN_CTX_start(ctx);
if (!Xp1)
if (Xp1 == NULL)
Xp1 = BN_CTX_get(ctx);
if (!Xp2)
if (Xp2 == NULL)
Xp2 = BN_CTX_get(ctx);
if (Xp1 == NULL || Xp2 == NULL)
goto error;
if (!BN_rand(Xp1, 101, 0, 0))
goto error;

7
deps/openssl/openssl/crypto/cryptlib.c vendored
View File

@ -469,11 +469,18 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr)
}
}
#ifdef OPENSSL_FIPS
extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *));
#endif
int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
{
if (threadid_callback)
return 0;
threadid_callback = func;
#ifdef OPENSSL_FIPS
FIPS_crypto_threadid_set_callback(func);
#endif
return 1;
}

2
deps/openssl/openssl/crypto/dh/Makefile vendored
View File

@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_gen.o: ../cryptlib.h dh_gen.c
dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

2
deps/openssl/openssl/crypto/dh/dh.h vendored
View File

@ -257,11 +257,13 @@ DH *DH_get_1024_160(void);
DH *DH_get_2048_224(void);
DH *DH_get_2048_256(void);
# ifndef OPENSSL_NO_CMS
/* RFC2631 KDF */
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
# endif
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \

4
deps/openssl/openssl/crypto/dh/dh_kdf.c vendored
View File

@ -51,6 +51,9 @@
* ====================================================================
*/
#include <e_os.h>
#ifndef OPENSSL_NO_CMS
#include <string.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
@ -185,3 +188,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
EVP_MD_CTX_cleanup(&mctx);
return rv;
}
#endif

9
deps/openssl/openssl/crypto/dh/dh_pmeth.c vendored
View File

@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
case EVP_PKEY_CTRL_DH_KDF_TYPE:
if (p1 == -2)
return dctx->kdf_type;
#ifdef OPENSSL_NO_CMS
if (p1 != EVP_PKEY_DH_KDF_NONE)
#else
if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
#endif
return -2;
dctx->kdf_type = p1;
return 1;
@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return ret;
*keylen = ret;
return 1;
} else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
}
#ifndef OPENSSL_NO_CMS
else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
unsigned char *Z = NULL;
size_t Zlen = 0;
if (!dctx->kdf_outlen || !dctx->kdf_oid)
@ -479,6 +485,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
}
return ret;
}
#endif
return 1;
}

1
deps/openssl/openssl/crypto/dsa/dsa_ameth.c vendored
View File

@ -258,6 +258,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
goto dsaerr;
}
BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
goto dsaerr;

2
deps/openssl/openssl/crypto/dsa/dsa_gen.c vendored
View File

@ -482,6 +482,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
} else {
p = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
if (q == NULL)
goto err;
}
if (!BN_lshift(test, BN_value_one(), L - 1))

44
deps/openssl/openssl/crypto/dsa/dsa_ossl.c vendored
View File

@ -224,7 +224,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
{
BN_CTX *ctx;
BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
BIGNUM l, m;
int ret = 0;
int q_bits;
if (!dsa->p || !dsa->q || !dsa->g) {
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
@ -233,6 +235,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BN_init(&k);
BN_init(&kq);
BN_init(&l);
BN_init(&m);
if (ctx_in == NULL) {
if ((ctx = BN_CTX_new()) == NULL)
@ -243,6 +247,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
if ((r = BN_new()) == NULL)
goto err;
/* Preallocate space */
q_bits = BN_num_bits(dsa->q);
if (!BN_set_bit(&k, q_bits)
|| !BN_set_bit(&l, q_bits)
|| !BN_set_bit(&m, q_bits))
goto err;
/* Get random k */
do
if (!BN_rand_range(&k, dsa->q))
@ -263,25 +274,24 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
/* Compute r = (g^k mod p) mod q */
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
if (!BN_copy(&kq, &k))
/*
* We do not want timing information to leak the length of k, so we
* compute G^k using an equivalent scalar of fixed bit-length.
*
* We unconditionally perform both of these additions to prevent a
* small timing information leakage. We then choose the sum that is
* one bit longer than the modulus.
*
* TODO: revisit the BN_copy aiming for a memory access agnostic
* conditional copy.
*/
if (!BN_add(&l, &k, dsa->q)
|| !BN_add(&m, &l, dsa->q)
|| !BN_copy(&kq, BN_num_bits(&l) > q_bits ? &l : &m))
goto err;
BN_set_flags(&kq, BN_FLG_CONSTTIME);
/*
* We do not want timing information to leak the length of k, so we
* compute g^k using an equivalent exponent of fixed length. (This
* is a kludge that we need because the BN_mod_exp_mont() does not
* let us specify the desired timing behaviour.)
*/
if (!BN_add(&kq, &kq, dsa->q))
goto err;
if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
if (!BN_add(&kq, &kq, dsa->q))
goto err;
}
K = &kq;
} else {
K = &k;
@ -314,7 +324,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BN_CTX_free(ctx);
BN_clear_free(&k);
BN_clear_free(&kq);
return (ret);
BN_clear_free(&l);
BN_clear_free(&m);
return ret;
}
static int dsa_do_verify(const unsigned char *dgst, int dgst_len,

22
deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl vendored
View File

@ -1178,19 +1178,18 @@ __ecp_nistz256_sqr_montx:
adox $t1, $acc5
.byte 0x67,0x67
mulx %rdx, $t0, $t4
mov $acc0, %rdx
mov .Lpoly+8*3(%rip), %rdx
adox $t0, $acc6
shlx $a_ptr, $acc0, $t0
adox $t4, $acc7
shrx $a_ptr, $acc0, $t4
mov .Lpoly+8*3(%rip), $t1
mov %rdx,$t1
# reduction step 1
add $t0, $acc1
adc $t4, $acc2
mulx $t1, $t0, $acc0
mov $acc1, %rdx
mulx $acc0, $t0, $acc0
adc $t0, $acc3
shlx $a_ptr, $acc1, $t0
adc \$0, $acc0
@ -1200,8 +1199,7 @@ __ecp_nistz256_sqr_montx:
add $t0, $acc2
adc $t4, $acc3
mulx $t1, $t0, $acc1
mov $acc2, %rdx
mulx $acc1, $t0, $acc1
adc $t0, $acc0
shlx $a_ptr, $acc2, $t0
adc \$0, $acc1
@ -1211,8 +1209,7 @@ __ecp_nistz256_sqr_montx:
add $t0, $acc3
adc $t4, $acc0
mulx $t1, $t0, $acc2
mov $acc3, %rdx
mulx $acc2, $t0, $acc2
adc $t0, $acc1
shlx $a_ptr, $acc3, $t0
adc \$0, $acc2
@ -1222,12 +1219,12 @@ __ecp_nistz256_sqr_montx:
add $t0, $acc0
adc $t4, $acc1
mulx $t1, $t0, $acc3
mulx $acc3, $t0, $acc3
adc $t0, $acc2
adc \$0, $acc3
xor $t3, $t3 # cf=0
adc $acc0, $acc4 # accumulate upper half
xor $t3, $t3
add $acc0, $acc4 # accumulate upper half
mov .Lpoly+8*1(%rip), $a_ptr
adc $acc1, $acc5
mov $acc4, $acc0
@ -1236,8 +1233,7 @@ __ecp_nistz256_sqr_montx:
mov $acc5, $acc1
adc \$0, $t3
xor %eax, %eax # cf=0
sbb \$-1, $acc4 # .Lpoly[0]
sub \$-1, $acc4 # .Lpoly[0]
mov $acc6, $acc2
sbb $a_ptr, $acc5 # .Lpoly[1]
sbb \$0, $acc6 # .Lpoly[2]

2
deps/openssl/openssl/crypto/ec/ecp_mont.c vendored
View File

@ -247,6 +247,8 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
BN_CTX_free(new_ctx);
if (mont != NULL)
BN_MONT_CTX_free(mont);
if (one != NULL)
BN_free(one);
return ret;
}

3
deps/openssl/openssl/crypto/ec/ecp_nistp224.c vendored
View File

@ -716,7 +716,7 @@ static limb felem_is_zero(const felem in)
return (zero | two224m96p1 | two225m97p2);
}
static limb felem_is_zero_int(const felem in)
static int felem_is_zero_int(const void *in)
{
return (int)(felem_is_zero(in) & ((limb) 1));
}
@ -1391,7 +1391,6 @@ static void make_points_affine(size_t num, felem points[ /* num */ ][3],
sizeof(felem),
tmp_felems,
(void (*)(void *))felem_one,
(int (*)(const void *))
felem_is_zero_int,
(void (*)(void *, const void *))
felem_assign,

3
deps/openssl/openssl/crypto/ec/ecp_nistp256.c vendored
View File

@ -977,7 +977,7 @@ static limb smallfelem_is_zero(const smallfelem small)
return result;
}
static int smallfelem_is_zero_int(const smallfelem small)
static int smallfelem_is_zero_int(const void *small)
{
return (int)(smallfelem_is_zero(small) & ((limb) 1));
}
@ -1979,7 +1979,6 @@ static void make_points_affine(size_t num, smallfelem points[][3],
sizeof(smallfelem),
tmp_smallfelems,
(void (*)(void *))smallfelem_one,
(int (*)(const void *))
smallfelem_is_zero_int,
(void (*)(void *, const void *))
smallfelem_assign,

3
deps/openssl/openssl/crypto/ec/ecp_nistp521.c vendored
View File

@ -871,7 +871,7 @@ static limb felem_is_zero(const felem in)
return is_zero;
}
static int felem_is_zero_int(const felem in)
static int felem_is_zero_int(const void *in)
{
return (int)(felem_is_zero(in) & ((limb) 1));
}
@ -1787,7 +1787,6 @@ static void make_points_affine(size_t num, felem points[][3],
sizeof(felem),
tmp_felems,
(void (*)(void *))felem_one,
(int (*)(const void *))
felem_is_zero_int,
(void (*)(void *, const void *))
felem_assign,

9
deps/openssl/openssl/crypto/ecdh/ech_lib.c vendored
View File

@ -225,9 +225,16 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
*/
ecdh_data_free(ecdh_data);
ecdh_data = (ECDH_DATA *)data;
} else if (EC_KEY_get_key_method_data(key, ecdh_data_dup,
ecdh_data_free,
ecdh_data_free) != ecdh_data) {
/* Or an out of memory error in EC_KEY_insert_key_method_data. */
ecdh_data_free(ecdh_data);
return NULL;
}
} else
} else {
ecdh_data = (ECDH_DATA *)data;
}
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {

9
deps/openssl/openssl/crypto/ecdsa/ecs_lib.c vendored
View File

@ -203,9 +203,16 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
*/
ecdsa_data_free(ecdsa_data);
ecdsa_data = (ECDSA_DATA *)data;
} else if (EC_KEY_get_key_method_data(key, ecdsa_data_dup,
ecdsa_data_free,
ecdsa_data_free) != ecdsa_data) {
/* Or an out of memory error in EC_KEY_insert_key_method_data. */
ecdsa_data_free(ecdsa_data);
return NULL;
}
} else
} else {
ecdsa_data = (ECDSA_DATA *)data;
}
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {

24
deps/openssl/openssl/crypto/ecdsa/ecs_ossl.c vendored
View File

@ -95,6 +95,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
EC_POINT *tmp_point = NULL;
const EC_GROUP *group;
int ret = 0;
int order_bits;
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
@ -126,6 +127,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
goto err;
}
/* Preallocate space */
order_bits = BN_num_bits(order);
if (!BN_set_bit(k, order_bits)
|| !BN_set_bit(r, order_bits)
|| !BN_set_bit(X, order_bits))
goto err;
do {
/* get random k */
do
@ -139,13 +147,19 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
/*
* We do not want timing information to leak the length of k, so we
* compute G*k using an equivalent scalar of fixed bit-length.
*
* We unconditionally perform both of these additions to prevent a
* small timing information leakage. We then choose the sum that is
* one bit longer than the order. This guarantees the code
* path used in the constant time implementations elsewhere.
*
* TODO: revisit the BN_copy aiming for a memory access agnostic
* conditional copy.
*/
if (!BN_add(k, k, order))
if (!BN_add(r, k, order)
|| !BN_add(X, r, order)
|| !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))
goto err;
if (BN_num_bits(k) <= BN_num_bits(order))
if (!BN_add(k, k, order))
goto err;
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {

19
deps/openssl/openssl/crypto/err/err.c vendored
View File

@ -725,6 +725,8 @@ void ERR_put_error(int lib, int func, int reason, const char *file, int line)
}
#endif
es = ERR_get_state();
if (es == NULL)
return;
es->top = (es->top + 1) % ERR_NUM_ERRORS;
if (es->top == es->bottom)
@ -742,6 +744,8 @@ void ERR_clear_error(void)
ERR_STATE *es;
es = ERR_get_state();
if (es == NULL)
return;
for (i = 0; i < ERR_NUM_ERRORS; i++) {
err_clear(es, i);
@ -806,6 +810,8 @@ static unsigned long get_error_values(int inc, int top, const char **file,
unsigned long ret;
es = ERR_get_state();
if (es == NULL)
return 0;
if (inc && top) {
if (file)
@ -1016,7 +1022,6 @@ void ERR_remove_state(unsigned long pid)
ERR_STATE *ERR_get_state(void)
{
static ERR_STATE fallback;
ERR_STATE *ret, tmp, *tmpp = NULL;
int i;
CRYPTO_THREADID tid;
@ -1030,7 +1035,7 @@ ERR_STATE *ERR_get_state(void)
if (ret == NULL) {
ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
if (ret == NULL)
return (&fallback);
return NULL;
CRYPTO_THREADID_cpy(&ret->tid, &tid);
ret->top = 0;
ret->bottom = 0;
@ -1042,7 +1047,7 @@ ERR_STATE *ERR_get_state(void)
/* To check if insertion failed, do a get. */
if (ERRFN(thread_get_item) (ret) != ret) {
ERR_STATE_free(ret); /* could not insert it */
return (&fallback);
return NULL;
}
/*
* If a race occured in this function and we came second, tmpp is the
@ -1066,10 +1071,10 @@ void ERR_set_error_data(char *data, int flags)
int i;
es = ERR_get_state();
if (es == NULL)
return;
i = es->top;
if (i == 0)
i = ERR_NUM_ERRORS - 1;
err_clear_data(es, i);
es->err_data[i] = data;
@ -1121,6 +1126,8 @@ int ERR_set_mark(void)
ERR_STATE *es;
es = ERR_get_state();
if (es == NULL)
return 0;
if (es->bottom == es->top)
return 0;
@ -1133,6 +1140,8 @@ int ERR_pop_to_mark(void)
ERR_STATE *es;
es = ERR_get_state();
if (es == NULL)
return 0;
while (es->bottom != es->top
&& (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {

13
deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c vendored
View File

@ -579,12 +579,17 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
ret &= constant_time_ge(maxpad, pad);
mask = constant_time_ge(maxpad, pad);
ret &= mask;
/*
* If pad is invalid then we will fail the above test but we must
* continue anyway because we are in constant time code. However,
* we'll use the maxpad value instead of the supplied pad to make
* sure we perform well defined pointer arithmetic.
*/
pad = constant_time_select(mask, pad, maxpad);
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
ret &= (int)mask;
key->aux.tls_aad[plen - 2] = inp_len >> 8;
key->aux.tls_aad[plen - 1] = inp_len;

21
deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c vendored
View File

@ -507,10 +507,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
* to identify it and avoid stitch invocation. So that after we
* establish that current CPU supports AVX, we even see if it's
* either even XOP-capable Bulldozer-based or GenuineIntel one.
* But SHAEXT-capable go ahead...
*/
if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */
((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */
| (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */
if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */
((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */
((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */
| (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */
plen > (sha_off + iv) &&
(blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) {
SHA256_Update(&key->md, in + iv, sha_off);
@ -590,12 +592,17 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
ret &= constant_time_ge(maxpad, pad);
mask = constant_time_ge(maxpad, pad);
ret &= mask;
/*
* If pad is invalid then we will fail the above test but we must
* continue anyway because we are in constant time code. However,
* we'll use the maxpad value instead of the supplied pad to make
* sure we perform well defined pointer arithmetic.
*/
pad = constant_time_select(mask, pad, maxpad);
inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
ret &= (int)mask;
key->aux.tls_aad[plen - 2] = inp_len >> 8;
key->aux.tls_aad[plen - 1] = inp_len;

92
deps/openssl/openssl/crypto/evp/evp.h vendored
View File

@ -1363,6 +1363,98 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
const char *type,
const char *value));
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
int (**pinit) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
int (**pcopy) (EVP_PKEY_CTX *dst,
EVP_PKEY_CTX *src));
void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
void (**pcleanup) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
int (**pparamgen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
int (**pkeygen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
int (**psign_init) (EVP_PKEY_CTX *ctx),
int (**psign) (EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
int (**pverify_init) (EVP_PKEY_CTX *ctx),
int (**pverify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
size_t siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
int (**pverify_recover_init) (EVP_PKEY_CTX
*ctx),
int (**pverify_recover) (EVP_PKEY_CTX
*ctx,
unsigned char
*sig,
size_t *siglen,
const unsigned
char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
int (**psignctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**psignctx) (EVP_PKEY_CTX *ctx,
unsigned char *sig,
size_t *siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**pverifyctx) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
int siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
int (**pencryptfn) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
int (**pdecrypt) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
int (**pderive_init) (EVP_PKEY_CTX *ctx),
int (**pderive) (EVP_PKEY_CTX *ctx,
unsigned char *key,
size_t *keylen));
void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
void *p2),
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
const char *type,
const char *value));
void EVP_add_alg_module(void);
/* BEGIN ERROR CODES */

20
deps/openssl/openssl/crypto/evp/evp_key.c vendored
View File

@ -97,7 +97,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
int verify)
{
int ret;
int ret = -1;
char buff[BUFSIZ];
UI *ui;
@ -105,16 +105,18 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
prompt = prompt_string;
ui = UI_new();
if (ui == NULL)
return -1;
UI_add_input_string(ui, prompt, 0, buf, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len);
if (verify)
UI_add_verify_string(ui, prompt, 0,
buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len,
buf);
return ret;
if (UI_add_input_string(ui, prompt, 0, buf, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0
|| (verify
&& UI_add_verify_string(ui, prompt, 0, buff, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len,
buf) < 0))
goto end;
ret = UI_process(ui);
UI_free(ui);
OPENSSL_cleanse(buff, BUFSIZ);
end:
UI_free(ui);
return ret;
}

167
deps/openssl/openssl/crypto/evp/pmeth_lib.c vendored
View File

@ -589,3 +589,170 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
pmeth->ctrl = ctrl;
pmeth->ctrl_str = ctrl_str;
}
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
int (**pinit) (EVP_PKEY_CTX *ctx))
{
*pinit = pmeth->init;
}
void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
int (**pcopy) (EVP_PKEY_CTX *dst,
EVP_PKEY_CTX *src))
{
*pcopy = pmeth->copy;
}
void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
void (**pcleanup) (EVP_PKEY_CTX *ctx))
{
*pcleanup = pmeth->cleanup;
}
void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
int (**pparamgen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey))
{
if (pparamgen_init)
*pparamgen_init = pmeth->paramgen_init;
if (pparamgen)
*pparamgen = pmeth->paramgen;
}
void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
int (**pkeygen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey))
{
if (pkeygen_init)
*pkeygen_init = pmeth->keygen_init;
if (pkeygen)
*pkeygen = pmeth->keygen;
}
void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
int (**psign_init) (EVP_PKEY_CTX *ctx),
int (**psign) (EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs,
size_t tbslen))
{
if (psign_init)
*psign_init = pmeth->sign_init;
if (psign)
*psign = pmeth->sign;
}
void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
int (**pverify_init) (EVP_PKEY_CTX *ctx),
int (**pverify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
size_t siglen,
const unsigned char *tbs,
size_t tbslen))
{
if (pverify_init)
*pverify_init = pmeth->verify_init;
if (pverify)
*pverify = pmeth->verify;
}
void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
int (**pverify_recover_init) (EVP_PKEY_CTX
*ctx),
int (**pverify_recover) (EVP_PKEY_CTX
*ctx,
unsigned char
*sig,
size_t *siglen,
const unsigned
char *tbs,
size_t tbslen))
{
if (pverify_recover_init)
*pverify_recover_init = pmeth->verify_recover_init;
if (pverify_recover)
*pverify_recover = pmeth->verify_recover;
}
void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
int (**psignctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**psignctx) (EVP_PKEY_CTX *ctx,
unsigned char *sig,
size_t *siglen,
EVP_MD_CTX *mctx))
{
if (psignctx_init)
*psignctx_init = pmeth->signctx_init;
if (psignctx)
*psignctx = pmeth->signctx;
}
void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**pverifyctx) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
int siglen,
EVP_MD_CTX *mctx))
{
if (pverifyctx_init)
*pverifyctx_init = pmeth->verifyctx_init;
if (pverifyctx)
*pverifyctx = pmeth->verifyctx;
}
void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
int (**pencryptfn) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen))
{
if (pencrypt_init)
*pencrypt_init = pmeth->encrypt_init;
if (pencryptfn)
*pencryptfn = pmeth->encrypt;
}
void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
int (**pdecrypt) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen))
{
if (pdecrypt_init)
*pdecrypt_init = pmeth->decrypt_init;
if (pdecrypt)
*pdecrypt = pmeth->decrypt;
}
void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
int (**pderive_init) (EVP_PKEY_CTX *ctx),
int (**pderive) (EVP_PKEY_CTX *ctx,
unsigned char *key,
size_t *keylen))
{
if (pderive_init)
*pderive_init = pmeth->derive_init;
if (pderive)
*pderive = pmeth->derive;
}
void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
void *p2),
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
const char *type,
const char *value))
{
if (pctrl)
*pctrl = pmeth->ctrl;
if (pctrl_str)
*pctrl_str = pmeth->ctrl_str;
}

9
deps/openssl/openssl/crypto/ex_data.c vendored
View File

@ -473,7 +473,14 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
if (j < mx)
mx = j;
if (mx > 0) {
if (!CRYPTO_set_ex_data(to, mx - 1, NULL))
/*
* Make sure the ex_data stack is at least |mx| elements long to avoid
* issues in the for loop that follows; so go get the |mx|'th element
* (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
* to itself. This is normally a no-op; but ensures the stack is the
* proper size
*/
if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
goto skip;
storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
if (!storage)

28
deps/openssl/openssl/crypto/include/internal/bn_conf.h vendored
View File

@ -1,28 +0,0 @@
/* WARNING: do not edit! */
/* Generated by Makefile from crypto/include/internal/bn_conf.h.in */
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_BN_CONF_H
# define HEADER_BN_CONF_H
/*
* The contents of this file are not used in the UEFI build, as
* both 32-bit and 64-bit builds are supported from a single run
* of the Configure script.
*/
/* Should we define BN_DIV2W here? */
/* Only one for the following should be defined */
#define SIXTY_FOUR_BIT_LONG
#undef SIXTY_FOUR_BIT
#undef THIRTY_TWO_BIT
#endif

16
deps/openssl/openssl/crypto/include/internal/dso_conf.h vendored
View File

@ -1,16 +0,0 @@
/* WARNING: do not edit! */
/* Generated by Makefile from crypto/include/internal/dso_conf.h.in */
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_DSO_CONF_H
# define HEADER_DSO_CONF_H
# define DSO_EXTENSION ".so"
#endif

77
deps/openssl/openssl/crypto/lhash/lhash.c vendored
View File

@ -101,6 +101,24 @@
#include <openssl/crypto.h>
#include <openssl/lhash.h>
/*
* A hashing implementation that appears to be based on the linear hashing
* alogrithm:
* https://en.wikipedia.org/wiki/Linear_hashing
*
* Litwin, Witold (1980), "Linear hashing: A new tool for file and table
* addressing", Proc. 6th Conference on Very Large Databases: 212223
* http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf
*
* From the wikipedia article "Linear hashing is used in the BDB Berkeley
* database system, which in turn is used by many software systems such as
* OpenLDAP, using a C implementation derived from the CACM article and first
* published on the Usenet in 1988 by Esmond Pitt."
*
* The CACM paper is available here:
* https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf
*/
const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
#undef MIN_NODES
@ -108,7 +126,7 @@ const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */
#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */
static void expand(_LHASH *lh);
static int expand(_LHASH *lh);
static void contract(_LHASH *lh);
static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
@ -182,8 +200,9 @@ void *lh_insert(_LHASH *lh, void *data)
void *ret;
lh->error = 0;
if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))
expand(lh);
if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)
&& !expand(lh))
return NULL;
rn = getrn(lh, data, &hash);
@ -300,19 +319,37 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
}
static void expand(_LHASH *lh)
static int expand(_LHASH *lh)
{
LHASH_NODE **n, **n1, **n2, *np;
unsigned int p, i, j;
unsigned long hash, nni;
unsigned int p, pmax, nni, j;
unsigned long hash;
nni = lh->num_alloc_nodes;
p = lh->p;
pmax = lh->pmax;
if (p + 1 >= pmax) {
j = nni * 2;
n = OPENSSL_realloc(lh->b, (int)(sizeof(LHASH_NODE *) * j));
if (n == NULL) {
lh->error++;
return 0;
}
lh->b = n;
memset(n + nni, 0, sizeof(*n) * (j - nni));
lh->pmax = nni;
lh->num_alloc_nodes = j;
lh->num_expand_reallocs++;
lh->p = 0;
} else {
lh->p++;
}
lh->num_nodes++;
lh->num_expands++;
p = (int)lh->p++;
n1 = &(lh->b[p]);
n2 = &(lh->b[p + (int)lh->pmax]);
*n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */
nni = lh->num_alloc_nodes;
n2 = &(lh->b[p + pmax]);
*n2 = NULL;
for (np = *n1; np != NULL;) {
#ifndef OPENSSL_NO_HASH_COMP
@ -330,25 +367,7 @@ static void expand(_LHASH *lh)
np = *n1;
}
if ((lh->p) >= lh->pmax) {
j = (int)lh->num_alloc_nodes * 2;
n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
(int)(sizeof(LHASH_NODE *) * j));
if (n == NULL) {
lh->error++;
lh->num_nodes--;
lh->p = 0;
return;
}
/* else */
for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */
n[i] = NULL; /* 02/03/92 eay */
lh->pmax = lh->num_alloc_nodes;
lh->num_alloc_nodes = j;
lh->num_expand_reallocs++;
lh->p = 0;
lh->b = n;
}
return 1;
}
static void contract(_LHASH *lh)

2
deps/openssl/openssl/crypto/ocsp/ocsp_vfy.c vendored
View File

@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
goto end;
}
}
} else if (certs != NULL) {
untrusted = certs;
} else {
untrusted = bs->certs;
}

266
deps/openssl/openssl/crypto/opensslconf.h vendored
View File

@ -1 +1,265 @@
#include "../../config/opensslconf.h"
/* opensslconf.h */
/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
#ifdef __cplusplus
extern "C" {
#endif
/* OpenSSL was configured with the following options: */
#ifndef OPENSSL_DOING_MAKEDEPEND
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
# define OPENSSL_NO_EC_NISTP_64_GCC_128
#endif
#ifndef OPENSSL_NO_GMP
# define OPENSSL_NO_GMP
#endif
#ifndef OPENSSL_NO_JPAKE
# define OPENSSL_NO_JPAKE
#endif
#ifndef OPENSSL_NO_KRB5
# define OPENSSL_NO_KRB5
#endif
#ifndef OPENSSL_NO_LIBUNBOUND
# define OPENSSL_NO_LIBUNBOUND
#endif
#ifndef OPENSSL_NO_MD2
# define OPENSSL_NO_MD2
#endif
#ifndef OPENSSL_NO_RC5
# define OPENSSL_NO_RC5
#endif
#ifndef OPENSSL_NO_RFC3779
# define OPENSSL_NO_RFC3779
#endif
#ifndef OPENSSL_NO_SCTP
# define OPENSSL_NO_SCTP
#endif
#ifndef OPENSSL_NO_SSL_TRACE
# define OPENSSL_NO_SSL_TRACE
#endif
#ifndef OPENSSL_NO_SSL2
# define OPENSSL_NO_SSL2
#endif
#ifndef OPENSSL_NO_STORE
# define OPENSSL_NO_STORE
#endif
#ifndef OPENSSL_NO_UNIT_TEST
# define OPENSSL_NO_UNIT_TEST
#endif
#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
# define OPENSSL_NO_WEAK_SSL_CIPHERS
#endif
#endif /* OPENSSL_DOING_MAKEDEPEND */
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
# define OPENSSL_NO_DYNAMIC_ENGINE
#endif
/* The OPENSSL_NO_* macros are also defined as NO_* if the application
asks for it. This is a transient feature that is provided for those
who haven't had the time to do the appropriate changes in their
applications. */
#ifdef OPENSSL_ALGORITHM_DEFINES
# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
# define NO_EC_NISTP_64_GCC_128
# endif
# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
# define NO_GMP
# endif
# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
# define NO_JPAKE
# endif
# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
# define NO_KRB5
# endif
# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
# define NO_LIBUNBOUND
# endif
# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
# define NO_MD2
# endif
# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
# define NO_RC5
# endif
# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
# define NO_RFC3779
# endif
# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
# define NO_SCTP
# endif
# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
# define NO_SSL_TRACE
# endif
# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
# define NO_SSL2
# endif
# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
# define NO_STORE
# endif
# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
# define NO_UNIT_TEST
# endif
# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
# define NO_WEAK_SSL_CIPHERS
# endif
#endif
/* crypto/opensslconf.h.in */
/* Generate 80386 code? */
#undef I386_ONLY
#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
#define ENGINESDIR "/usr/local/ssl/lib/engines"
#define OPENSSLDIR "/usr/local/ssl"
#endif
#endif
#undef OPENSSL_UNISTD
#define OPENSSL_UNISTD <unistd.h>
#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
#define IDEA_INT unsigned int
#endif
#if defined(HEADER_MD2_H) && !defined(MD2_INT)
#define MD2_INT unsigned int
#endif
#if defined(HEADER_RC2_H) && !defined(RC2_INT)
/* I need to put in a mod for the alpha - eay */
#define RC2_INT unsigned int
#endif
#if defined(HEADER_RC4_H)
#if !defined(RC4_INT)
/* using int types make the structure larger but make the code faster
* on most boxes I have tested - up to %20 faster. */
/*
* I don't know what does "most" mean, but declaring "int" is a must on:
* - Intel P6 because partial register stalls are very expensive;
* - elder Alpha because it lacks byte load/store instructions;
*/
#define RC4_INT unsigned int
#endif
#if !defined(RC4_CHUNK)
/*
* This enables code handling data aligned at natural CPU word
* boundary. See crypto/rc4/rc4_enc.c for further details.
*/
#undef RC4_CHUNK
#endif
#endif
#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
* %20 speed up (longs are 8 bytes, int's are 4). */
#ifndef DES_LONG
#define DES_LONG unsigned long
#endif
#endif
#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
#define CONFIG_HEADER_BN_H
#undef BN_LLONG
/* Should we define BN_DIV2W here? */
/* Only one for the following should be defined */
#undef SIXTY_FOUR_BIT_LONG
#undef SIXTY_FOUR_BIT
#define THIRTY_TWO_BIT
#endif
#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
#define CONFIG_HEADER_RC4_LOCL_H
/* if this is defined data[i] is used instead of *data, this is a %20
* speedup on x86 */
#undef RC4_INDEX
#endif
#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
#define CONFIG_HEADER_BF_LOCL_H
#undef BF_PTR
#endif /* HEADER_BF_LOCL_H */
#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
#define CONFIG_HEADER_DES_LOCL_H
#ifndef DES_DEFAULT_OPTIONS
/* the following is tweaked from a config script, that is why it is a
* protected undef/define */
#ifndef DES_PTR
#undef DES_PTR
#endif
/* This helps C compiler generate the correct code for multiple functional
* units. It reduces register dependancies at the expense of 2 more
* registers */
#ifndef DES_RISC1
#undef DES_RISC1
#endif
#ifndef DES_RISC2
#undef DES_RISC2
#endif
#if defined(DES_RISC1) && defined(DES_RISC2)
#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
* Very mucy CPU dependant */
#ifndef DES_UNROLL
#undef DES_UNROLL
#endif
/* These default values were supplied by
* Peter Gutman <pgut001@cs.auckland.ac.nz>
* They are only used if nothing else has been defined */
#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
/* Special defines which change the way the code is built depending on the
CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
even newer MIPS CPU's, but at the moment one size fits all for
optimization options. Older Sparc's work better with only UNROLL, but
there's no way to tell at compile time what it is you're running on */
#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */
# define DES_PTR
# define DES_RISC1
# define DES_UNROLL
#elif defined( __ultrix ) /* Older MIPS */
# define DES_PTR
# define DES_RISC2
# define DES_UNROLL
#elif defined( __osf1__ ) /* Alpha */
# define DES_PTR
# define DES_RISC2
#elif defined ( _AIX ) /* RS6000 */
/* Unknown */
#elif defined( __hpux ) /* HP-PA */
/* Unknown */
#elif defined( __aux ) /* 68K */
/* Unknown */
#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */
# define DES_UNROLL
#elif defined( __sgi ) /* Newer MIPS */
# define DES_PTR
# define DES_RISC2
# define DES_UNROLL
#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */
# define DES_PTR
# define DES_RISC1
# define DES_UNROLL
#endif /* Systems-specific speed defines */
#endif
#endif /* DES_DEFAULT_OPTIONS */
#endif /* HEADER_DES_LOCL_H */
#ifdef __cplusplus
}
#endif

6
deps/openssl/openssl/crypto/opensslv.h vendored
View File

@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x100020cfL
# define OPENSSL_VERSION_NUMBER 0x100020dfL
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2l-fips 25 May 2017"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-fips 2 Nov 2017"
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2l 25 May 2017"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m 2 Nov 2017"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

3
deps/openssl/openssl/crypto/pem/pem_lib.c vendored
View File

@ -536,7 +536,8 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
((c >= '0') && (c <= '9'))))
break;
#else
if (!(isupper(c) || (c == '-') || isdigit(c)))
if (!(isupper((unsigned char)c) || (c == '-')
|| isdigit((unsigned char)c)))
break;
#endif
header++;

1
deps/openssl/openssl/crypto/pem/pem_pk8.c vendored
View File

@ -178,6 +178,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
if (!p8inf)
return NULL;
ret = EVP_PKCS82PKEY(p8inf);

1
deps/openssl/openssl/crypto/pem/pem_pkey.c vendored
View File

@ -120,6 +120,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);

14
deps/openssl/openssl/crypto/perlasm/x86masm.pl vendored
View File

@ -18,10 +18,10 @@ sub ::generic
if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/) # no []
{ $opcode="mov"; }
elsif ($opcode !~ /mov[dq]$/)
elsif ($opcode !~ /movq/)
{ # fix xmm references
$arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[-1]=~/\bxmm[0-7]\b/i);
$arg[-1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i);
$arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i);
$arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i);
}
&::emit($opcode,@arg);
@ -82,7 +82,7 @@ TITLE $_[0].asm
IF \@Version LT 800
ECHO MASM version 8.00 or later is strongly recommended.
ENDIF
.686
.486
.MODEL FLAT
OPTION DOTNAME
IF \@Version LT 800
@ -160,13 +160,13 @@ sub ::public_label
{ push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); }
sub ::data_byte
{ push(@out,("DB\t").join(',',splice(@_,0,16))."\n") while(@_); }
{ push(@out,("DB\t").join(',',@_)."\n"); }
sub ::data_short
{ push(@out,("DW\t").join(',',splice(@_,0,8))."\n") while(@_); }
{ push(@out,("DW\t").join(',',@_)."\n"); }
sub ::data_word
{ push(@out,("DD\t").join(',',splice(@_,0,4))."\n") while(@_); }
{ push(@out,("DD\t").join(',',@_)."\n"); }
sub ::align
{ push(@out,"ALIGN\t$_[0]\n"); }

21
deps/openssl/openssl/crypto/pkcs12/p12_kiss.c vendored
View File

@ -84,6 +84,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
{
STACK_OF(X509) *ocerts = NULL;
X509 *x = NULL;
if (pkey)
*pkey = NULL;
if (cert)
*cert = NULL;
/* Check for NULL PKCS12 structure */
if (!p12) {
@ -92,11 +98,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
return 0;
}
if (pkey)
*pkey = NULL;
if (cert)
*cert = NULL;
/* Check the mac */
/*
@ -125,7 +126,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
if (!ocerts) {
PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
return 0;
goto err;
}
if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
@ -163,10 +164,14 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
err:
if (pkey && *pkey)
if (pkey) {
EVP_PKEY_free(*pkey);
if (cert && *cert)
*pkey = NULL;
}
if (cert) {
X509_free(*cert);
*cert = NULL;
}
if (x)
X509_free(x);
if (ocerts)

35
deps/openssl/openssl/crypto/rand/rand_win.c vendored
View File

@ -196,6 +196,8 @@ typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
# endif /* 1 */
# endif /* !OPENSSL_SYS_WINCE */
#define NOTTOOLONG(start) ((GetTickCount() - (start)) < MAXDELAY)
int RAND_poll(void)
{
MEMORYSTATUS m;
@ -466,9 +468,7 @@ int RAND_poll(void)
do
RAND_add(&hentry, hentry.dwSize, 5);
while (heap_next(&hentry)
&& (!good
|| (GetTickCount() - starttime) <
MAXDELAY)
&& (!good || NOTTOOLONG(starttime))
&& --entrycnt > 0);
}
}
@ -480,8 +480,7 @@ int RAND_poll(void)
ex_cnt_limit--;
}
} while (heaplist_next(handle, &hlist)
&& (!good
|| (GetTickCount() - starttime) < MAXDELAY)
&& (!good || NOTTOOLONG(starttime))
&& ex_cnt_limit > 0);
}
# else
@ -496,11 +495,11 @@ int RAND_poll(void)
do
RAND_add(&hentry, hentry.dwSize, 5);
while (heap_next(&hentry)
&& (!good || NOTTOOLONG(starttime))
&& --entrycnt > 0);
}
} while (heaplist_next(handle, &hlist)
&& (!good
|| (GetTickCount() - starttime) < MAXDELAY));
&& (!good || NOTTOOLONG(starttime)));
}
# endif
@ -518,8 +517,7 @@ int RAND_poll(void)
do
RAND_add(&p, p.dwSize, 9);
while (process_next(handle, &p)
&& (!good
|| (GetTickCount() - starttime) < MAXDELAY));
&& (!good || NOTTOOLONG(starttime)));
/* thread walking */
/*
@ -533,8 +531,7 @@ int RAND_poll(void)
do
RAND_add(&t, t.dwSize, 6);
while (thread_next(handle, &t)
&& (!good
|| (GetTickCount() - starttime) < MAXDELAY));
&& (!good || NOTTOOLONG(starttime)));
/* module walking */
/*
@ -548,8 +545,7 @@ int RAND_poll(void)
do
RAND_add(&m, m.dwSize, 9);
while (module_next(handle, &m)
&& (!good
|| (GetTickCount() - starttime) < MAXDELAY));
&& (!good || NOTTOOLONG(starttime)));
if (close_snap)
close_snap(handle);
else
@ -708,14 +704,13 @@ static void readscreen(void)
hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
/* Get bitmap properties */
GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm);
size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
bi.biSize = sizeof(BITMAPINFOHEADER);
GetObject(hBitmap, sizeof(bm), (LPSTR)&bm);
size = (unsigned int)4 * bm.bmHeight * bm.bmWidth;
bi.biSize = sizeof(bi);
bi.biWidth = bm.bmWidth;
bi.biHeight = bm.bmHeight;
bi.biPlanes = bm.bmPlanes;
bi.biBitCount = bm.bmBitsPixel;
bi.biPlanes = 1;
bi.biBitCount = 32;
bi.biCompression = BI_RGB;
bi.biSizeImage = 0;
bi.biXPelsPerMeter = 0;
@ -731,7 +726,7 @@ static void readscreen(void)
/* Copy the bits of the current line range into the buffer */
GetDIBits(hScrDC, hBitmap, y, n,
bmbits, (BITMAPINFO *) & bi, DIB_RGB_COLORS);
bmbits, (LPBITMAPINFO)&bi, DIB_RGB_COLORS);
/* Get the hash of the bitmap */
MD(bmbits, size, md);

2
deps/openssl/openssl/crypto/rsa/rsa_ameth.c vendored
View File

@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
return 2;
}
#ifndef OPENSSL_NO_CMS
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
X509_ALGOR **pmaskHash)
{
@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
return pss;
}
#ifndef OPENSSL_NO_CMS
static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
{
EVP_PKEY_CTX *pkctx;

8
deps/openssl/openssl/crypto/rsa/rsa_oaep.c vendored
View File

@ -237,10 +237,14 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
RSA_R_OAEP_DECODING_ERROR);
cleanup:
if (db != NULL)
if (db != NULL) {
OPENSSL_cleanse(db, dblen);
OPENSSL_free(db);
if (em != NULL)
}
if (em != NULL) {
OPENSSL_cleanse(em, num);
OPENSSL_free(em);
}
return mlen;
}

6
deps/openssl/openssl/crypto/rsa/rsa_pk1.c vendored
View File

@ -255,8 +255,6 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
* We can't continue in constant-time because we need to copy the result
* and we cannot fake its length. This unavoidably leaks timing
* information at the API boundary.
* TODO(emilia): this could be addressed at the call site,
* see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
*/
if (!good) {
mlen = -1;
@ -266,8 +264,10 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
memcpy(to, em + msg_index, mlen);
err:
if (em != NULL)
if (em != NULL) {
OPENSSL_cleanse(em, num);
OPENSSL_free(em);
}
if (mlen == -1)
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
RSA_R_PKCS_DECODING_ERROR);

75
deps/openssl/openssl/crypto/rsa/rsa_pmeth.c vendored
View File

@ -180,27 +180,25 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
* FIPS mode.
*/
static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
static int pkey_fips_check_rsa(const RSA *rsa, const EVP_MD **pmd,
const EVP_MD **pmgf1md)
{
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
int rv = -1;
if (!FIPS_mode())
return 0;
if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
rv = 0;
if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
return -1;
if (rctx->md) {
const EVP_MD *fmd;
fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md));
if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
if (*pmd != NULL) {
*pmd = FIPS_get_digestbynid(EVP_MD_type(*pmd));
if (*pmd == NULL || !((*pmd)->flags & EVP_MD_FLAG_FIPS))
return rv;
}
if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) {
const EVP_MD *fmd;
fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md));
if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
if (*pmgf1md != NULL) {
*pmgf1md = FIPS_get_digestbynid(EVP_MD_type(*pmgf1md));
if (*pmgf1md == NULL || !((*pmgf1md)->flags & EVP_MD_FLAG_FIPS))
return rv;
}
return 1;
@ -214,27 +212,27 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
int ret;
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
const EVP_MD *md = rctx->md;
const EVP_MD *mgf1md = rctx->mgf1md;
#ifdef OPENSSL_FIPS
ret = pkey_fips_check_ctx(ctx);
ret = pkey_fips_check_rsa(rsa, &md, &mgf1md);
if (ret < 0) {
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return -1;
}
#endif
if (rctx->md) {
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
if (md != NULL) {
if (tbslen != (size_t)EVP_MD_size(md)) {
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
return -1;
}
#ifdef OPENSSL_FIPS
if (ret > 0) {
unsigned int slen;
ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
rctx->pad_mode,
rctx->saltlen,
rctx->mgf1md, sig, &slen);
ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
rctx->saltlen, mgf1md, sig, &slen);
if (ret > 0)
*siglen = slen;
else
@ -243,12 +241,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
}
#endif
if (EVP_MD_type(rctx->md) == NID_mdc2) {
if (EVP_MD_type(md) == NID_mdc2) {
unsigned int sltmp;
if (rctx->pad_mode != RSA_PKCS1_PADDING)
return -1;
ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
tbs, tbslen, sig, &sltmp, rsa);
ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen, sig, &sltmp,
rsa);
if (ret <= 0)
return ret;
@ -263,23 +261,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
return -1;
}
memcpy(rctx->tbuf, tbs, tbslen);
rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(md));
ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
sig, rsa, RSA_X931_PADDING);
} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
unsigned int sltmp;
ret = RSA_sign(EVP_MD_type(rctx->md),
tbs, tbslen, sig, &sltmp, rsa);
ret = RSA_sign(EVP_MD_type(md), tbs, tbslen, sig, &sltmp, rsa);
if (ret <= 0)
return ret;
ret = sltmp;
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
if (!setup_tbuf(rctx, ctx))
return -1;
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
rctx->tbuf, tbs,
rctx->md, rctx->mgf1md,
rctx->saltlen))
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs,
md, mgf1md, rctx->saltlen))
return -1;
ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
sig, rsa, RSA_NO_PADDING);
@ -348,32 +343,31 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
{
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
const EVP_MD *md = rctx->md;
const EVP_MD *mgf1md = rctx->mgf1md;
size_t rslen;
#ifdef OPENSSL_FIPS
int rv;
rv = pkey_fips_check_ctx(ctx);
int rv = pkey_fips_check_rsa(rsa, &md, &mgf1md);
if (rv < 0) {
RSAerr(RSA_F_PKEY_RSA_VERIFY,
RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return -1;
}
#endif
if (rctx->md) {
if (md != NULL) {
#ifdef OPENSSL_FIPS
if (rv > 0) {
return FIPS_rsa_verify_digest(rsa,
tbs, tbslen,
rctx->md,
rctx->pad_mode,
rctx->saltlen,
rctx->mgf1md, sig, siglen);
return FIPS_rsa_verify_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
rctx->saltlen, mgf1md, sig, siglen);
}
#endif
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
return RSA_verify(EVP_MD_type(md), tbs, tbslen,
sig, siglen, rsa);
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
if (tbslen != (size_t)EVP_MD_size(md)) {
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
return -1;
}
@ -388,8 +382,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
rsa, RSA_NO_PADDING);
if (ret <= 0)
return 0;
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
rctx->md, rctx->mgf1md,
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, md, mgf1md,
rctx->tbuf, rctx->saltlen);
if (ret <= 0)
return 0;

1
deps/openssl/openssl/crypto/ui/ui_lib.c vendored
View File

@ -520,6 +520,7 @@ int UI_process(UI *ui)
}
}
}
err:
if (ui->meth->ui_close_session != NULL
&& ui->meth->ui_close_session(ui) <= 0)

4
deps/openssl/openssl/crypto/whrlpool/wp_dgst.c vendored
View File

@ -166,7 +166,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
goto reconsider;
} else
#endif
if (bits >= 8) {
if (bits > 8) {
b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
b &= 0xff;
if (bitrem)
@ -183,7 +183,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
}
if (bitrem)
c->data[byteoff] = b << (8 - bitrem);
} else { /* remaining less than 8 bits */
} else { /* remaining less than or equal to 8 bits */
b = (inp[0] << inpgap) & 0xff;
if (bitrem)

1
deps/openssl/openssl/crypto/x509/by_dir.c vendored
View File

@ -402,6 +402,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
if (!hent) {
hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
if (hent == NULL) {
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
goto finish;
}

10
deps/openssl/openssl/crypto/x509/by_file.c vendored
View File

@ -92,12 +92,12 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
long argl, char **ret)
{
int ok = 0;
char *file;
const char *file;
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
file = (char *)getenv(X509_get_default_cert_file_env());
file = getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
@ -140,7 +140,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
if (type == X509_FILETYPE_PEM) {
for (;;) {
x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
x = PEM_read_bio_X509_AUX(in, NULL, NULL, "");
if (x == NULL) {
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0)) {
@ -199,7 +199,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
if (type == X509_FILETYPE_PEM) {
for (;;) {
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
x = PEM_read_bio_X509_CRL(in, NULL, NULL, "");
if (x == NULL) {
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0)) {
@ -253,7 +253,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
return 0;
}
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, "");
BIO_free(in);
if (!inf) {
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);

16
deps/openssl/openssl/crypto/x509v3/pcy_tree.c vendored
View File

@ -732,6 +732,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
{
int ret;
int calc_ret;
X509_POLICY_TREE *tree = NULL;
STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
*ptree = NULL;
@ -800,16 +801,19 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
/* Tree is not empty: continue */
ret = tree_calculate_authority_set(tree, &auth_nodes);
calc_ret = tree_calculate_authority_set(tree, &auth_nodes);
if (!calc_ret)
goto error;
ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
if (calc_ret == 2)
sk_X509_POLICY_NODE_free(auth_nodes);
if (!ret)
goto error;
if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
goto error;
if (ret == 2)
sk_X509_POLICY_NODE_free(auth_nodes);
if (tree)
*ptree = tree;

10
deps/openssl/openssl/crypto/x509v3/v3_addr.c vendored
View File

@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
*/
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
{
return ((f != NULL &&
f->addressFamily != NULL && f->addressFamily->data != NULL)
? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
: 0);
if (f == NULL
|| f->addressFamily == NULL
|| f->addressFamily->data == NULL
|| f->addressFamily->length < 2)
return 0;
return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
}
/*

1
deps/openssl/openssl/crypto/x509v3/v3_genn.c vendored
View File

@ -231,6 +231,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
oth = OTHERNAME_new();
if (!oth)
return 0;
ASN1_TYPE_free(oth->value);
oth->type_id = oid;
oth->value = value;
GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);

51
deps/openssl/openssl/crypto/x509v3/v3_ncons.c vendored
View File

@ -107,6 +107,47 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
/*
* We cannot use strncasecmp here because that applies locale specific rules.
* For example in Turkish 'I' is not the uppercase character for 'i'. We need to
* do a simple ASCII case comparison ignoring the locale (that is why we use
* numeric constants below).
*/
static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
{
for (; n > 0; n--, s1++, s2++) {
if (*s1 != *s2) {
unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2;
/* Convert to lower case */
if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */)
c1 += 0x20;
if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */)
c2 += 0x20;
if (c1 == c2)
continue;
if (c1 < c2)
return -1;
/* c1 > c2 */
return 1;
} else if (*s1 == 0) {
/* If we get here we know that *s2 == 0 too */
return 0;
}
}
return 0;
}
static int ia5casecmp(const char *s1, const char *s2)
{
/* No portable definition of SIZE_MAX, so we use (size_t)(-1) instead */
return ia5ncasecmp(s1, s2, (size_t)(-1));
}
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
@ -384,7 +425,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
return X509_V_ERR_PERMITTED_VIOLATION;
}
if (strcasecmp(baseptr, dnsptr))
if (ia5casecmp(baseptr, dnsptr))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
@ -404,7 +445,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
if (!baseat && (*baseptr == '.')) {
if (eml->length > base->length) {
emlptr += eml->length - base->length;
if (!strcasecmp(baseptr, emlptr))
if (ia5casecmp(baseptr, emlptr) == 0)
return X509_V_OK;
}
return X509_V_ERR_PERMITTED_VIOLATION;
@ -425,7 +466,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
}
emlptr = emlat + 1;
/* Just have hostname left to match: case insensitive */
if (strcasecmp(baseptr, emlptr))
if (ia5casecmp(baseptr, emlptr))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
@ -464,14 +505,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
if (*baseptr == '.') {
if (hostlen > base->length) {
p = hostptr + hostlen - base->length;
if (!strncasecmp(p, baseptr, base->length))
if (ia5ncasecmp(p, baseptr, base->length) == 0)
return X509_V_OK;
}
return X509_V_ERR_PERMITTED_VIOLATION;
}
if ((base->length != (int)hostlen)
|| strncasecmp(hostptr, baseptr, hostlen))
|| ia5ncasecmp(hostptr, baseptr, hostlen))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;

19
deps/openssl/openssl/crypto/x86_64cpuid.pl vendored
View File

@ -136,8 +136,19 @@ OPENSSL_ia32_cpuid:
or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs
and \$15,%ah
cmp \$15,%ah # examine Family ID
jne .Lnotintel
jne .LnotP4
or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR
.LnotP4:
cmp \$6,%ah
jne .Lnotintel
and \$0x0fff0ff0,%eax
cmp \$0x00050670,%eax # Knights Landing
je .Lknights
cmp \$0x00080650,%eax # Knights Mill (according to sde)
jne .Lnotintel
.Lknights:
and \$0xfbffffff,%ecx # clear XSAVE flag to mimic Silvermont
.Lnotintel:
bt \$28,%edx # test hyper-threading bit
jnc .Lgeneric
@ -162,6 +173,10 @@ OPENSSL_ia32_cpuid:
mov \$7,%eax
xor %ecx,%ecx
cpuid
bt \$26,%r9d # check XSAVE bit, cleared on Knights
jc .Lnotknights
and \$0xfff7ffff,%ebx # clear ADCX/ADOX flag
.Lnotknights:
mov %ebx,8(%rdi) # save extended feature flags
.Lno_extended_info:
@ -175,7 +190,7 @@ OPENSSL_ia32_cpuid:
.Lclear_avx:
mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11)
and %eax,%r9d # clear AVX, FMA and AMD XOP bits
andl \$0xffffffdf,8(%rdi) # cleax AVX2, ~(1<<5)
andl \$0xffffffdf,8(%rdi) # clear AVX2, ~(1<<5)
.Ldone:
shl \$32,%r9
mov %r10d,%eax

0
deps/openssl/openssl/doc-nits vendored
View File

1
deps/openssl/openssl/doc/apps/asn1parse.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-asn1parse,
asn1parse - ASN.1 parsing tool
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/ca.pod vendored
View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-ca,
ca - sample minimal CA application
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/ciphers.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-ciphers,
ciphers - SSL cipher display and cipher list tool.
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/cms.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-cms,
cms - CMS utility
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/crl.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-crl,
crl - CRL utility
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/crl2pkcs7.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-crl2pkcs7,
crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/dgst.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-dgst,
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/dhparam.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-dhparam,
dhparam - DH parameter manipulation and generation
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/dsa.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-dsa,
dsa - DSA key processing
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/dsaparam.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-dsaparam,
dsaparam - DSA parameter manipulation and generation
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/ec.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-ec,
ec - EC key processing
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/ecparam.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-ecparam,
ecparam - EC parameter manipulation and generation
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/enc.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-enc,
enc - symmetric cipher routines
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/errstr.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-errstr,
errstr - lookup error codes
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/gendsa.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-gendsa,
gendsa - generate a DSA private key from a set of parameters
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/genpkey.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-genpkey,
genpkey - generate a private key
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/genrsa.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-genrsa,
genrsa - generate an RSA private key
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/nseq.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-nseq,
nseq - create or examine a netscape certificate sequence
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/ocsp.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-ocsp,
ocsp - Online Certificate Status Protocol utility
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/passwd.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-passwd,
passwd - compute password hashes
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/pkcs12.pod vendored
View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-pkcs12,
pkcs12 - PKCS#12 file utility
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/pkcs7.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-pkcs7,
pkcs7 - PKCS#7 utility
=head1 SYNOPSIS

1
deps/openssl/openssl/doc/apps/pkcs8.pod vendored
View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-pkcs8,
pkcs8 - PKCS#8 format private key conversion tool
=head1 SYNOPSIS

Some files were not shown because too many files have changed in this diff Show More