Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | update libressl to version 3.1.1 |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
c89ed5342b5a0e9a2e1a784db784a20d |
| User & Date: | chw 2020-05-09 10:42:34.675 |
References
|
2020-05-09
| ||
| 11:19 | add missing files from check-in [c89ed5342b] check-in: 58fde86992 user: chw tags: trunk | |
Context
|
2020-05-09
| ||
| 11:19 | add missing files from check-in [c89ed5342b] check-in: 58fde86992 user: chw tags: trunk | |
| 10:45 | merge with trunk check-in: 2c8a0f5185 user: chw tags: wtf-8-experiment | |
| 10:42 | update libressl to version 3.1.1 check-in: c89ed5342b user: chw tags: trunk | |
|
2020-05-08
| ||
| 16:46 | add tclws upstream changes check-in: 92e99fa84e user: chw tags: trunk | |
Changes
assets/tclws2.6.0/ClientSide.tcl became executable.
| ︙ | ︙ |
Changes to jni/libressl/Android.mk.
| ︙ | ︙ | |||
574 575 576 577 578 579 580 | crypto/des/fcrypt_b.c \ crypto/des/ede_cbcm_enc.c \ crypto/des/cfb64ede.c \ crypto/des/ofb64ede.c \ crypto/des/set_key.c \ crypto/des/cbc_cksm.c \ crypto/sm3/sm3.c \ | | > > > > > > > > > > > > > > > | 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 | crypto/des/fcrypt_b.c \ crypto/des/ede_cbcm_enc.c \ crypto/des/cfb64ede.c \ crypto/des/ofb64ede.c \ crypto/des/set_key.c \ crypto/des/cbc_cksm.c \ crypto/sm3/sm3.c \ crypto/sm4/sm4.c \ crypto/cms/cms_asn1.c \ crypto/cms/cms_att.c \ crypto/cms/cms_cd.c \ crypto/cms/cms_dd.c \ crypto/cms/cms_enc.c \ crypto/cms/cms_env.c \ crypto/cms/cms_err.c \ crypto/cms/cms_ess.c \ crypto/cms/cms_io.c \ crypto/cms/cms_kari.c \ crypto/cms/cms_lcl.h \ crypto/cms/cms_lib.c \ crypto/cms/cms_pwri.c \ crypto/cms/cms_sd.c \ crypto/cms/cms_smime.c LOCAL_C_INCLUDES := $(LOCAL_PATH)/include \ $(LOCAL_PATH)/include/compat \ $(LOCAL_PATH)/crypto \ $(LOCAL_PATH)/crypto/compat \ $(LOCAL_PATH)/crypto/asn1 \ $(LOCAL_PATH)/crypto/bn \ |
| ︙ | ︙ | |||
618 619 620 621 622 623 624 | LOCAL_SRC_FILES := \ ssl/bio_ssl.c \ ssl/bs_ber.c \ ssl/bs_cbb.c \ ssl/bs_cbs.c \ ssl/d1_both.c \ ssl/d1_clnt.c \ | < | 633 634 635 636 637 638 639 640 641 642 643 644 645 646 | LOCAL_SRC_FILES := \ ssl/bio_ssl.c \ ssl/bs_ber.c \ ssl/bs_cbb.c \ ssl/bs_cbs.c \ ssl/d1_both.c \ ssl/d1_clnt.c \ ssl/d1_lib.c \ ssl/d1_pkt.c \ ssl/d1_srtp.c \ ssl/d1_srvr.c \ ssl/pqueue.c \ ssl/s3_cbc.c \ ssl/s3_lib.c \ |
| ︙ | ︙ | |||
648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 | ssl/ssl_srvr.c \ ssl/ssl_stat.c \ ssl/ssl_txt.c \ ssl/ssl_tlsext.c \ ssl/ssl_transcript.c \ ssl/ssl_versions.c \ ssl/ssl_init.c \ ssl/t1_enc.c \ ssl/t1_lib.c \ ssl/tls13_buffer.c \ ssl/tls13_client.c \ ssl/tls13_handshake.c \ ssl/tls13_handshake_msg.c \ ssl/tls13_key_schedule.c \ ssl/tls13_lib.c \ ssl/tls13_record.c \ | > | > > > > | 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 | ssl/ssl_srvr.c \ ssl/ssl_stat.c \ ssl/ssl_txt.c \ ssl/ssl_tlsext.c \ ssl/ssl_transcript.c \ ssl/ssl_versions.c \ ssl/ssl_init.c \ ssl/ssl_kex.c \ ssl/t1_enc.c \ ssl/t1_lib.c \ ssl/tls13_buffer.c \ ssl/tls13_client.c \ ssl/tls13_handshake.c \ ssl/tls13_handshake_msg.c \ ssl/tls13_key_schedule.c \ ssl/tls13_lib.c \ ssl/tls13_record.c \ ssl/tls13_record_layer.c \ ssl/tls13_error.c \ ssl/tls13_key_share.c \ ssl/tls13_legacy.c \ ssl/tls13_server.c LOCAL_C_INCLUDES := $(LOCAL_PATH)/include \ $(LOCAL_PATH)/include/compat \ $(LOCAL_PATH)/ssl \ $(LOCAL_PATH)/crypto/compat LOCAL_CFLAGS := \ |
| ︙ | ︙ |
Changes to jni/libressl/CMakeLists.txt.
1 2 3 4 5 6 7 8 |
cmake_minimum_required (VERSION 3.0)
include(CheckFunctionExists)
include(CheckSymbolExists)
include(CheckLibraryExists)
include(CheckIncludeFiles)
include(CheckTypeSize)
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}" ${CMAKE_MODULE_PATH})
| > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 |
if(MSVC)
cmake_minimum_required (VERSION 3.16.4)
cmake_policy(SET CMP0091 NEW)
else()
cmake_minimum_required (VERSION 3.0)
endif()
include(CheckFunctionExists)
include(CheckSymbolExists)
include(CheckLibraryExists)
include(CheckIncludeFiles)
include(CheckTypeSize)
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}" ${CMAKE_MODULE_PATH})
|
| ︙ | ︙ | |||
31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
option(LIBRESSL_SKIP_INSTALL "Skip installation" ${LIBRESSL_SKIP_INSTALL})
option(LIBRESSL_APPS "Build apps" ON)
option(LIBRESSL_TESTS "Build tests" ON)
option(ENABLE_ASM "Enable assembly" ON)
option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
if(NOT LIBRESSL_SKIP_INSTALL)
set( ENABLE_LIBRESSL_INSTALL ON )
endif(NOT LIBRESSL_SKIP_INSTALL)
set(BUILD_NC true)
| > > > > > | 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
option(LIBRESSL_SKIP_INSTALL "Skip installation" ${LIBRESSL_SKIP_INSTALL})
option(LIBRESSL_APPS "Build apps" ON)
option(LIBRESSL_TESTS "Build tests" ON)
option(ENABLE_ASM "Enable assembly" ON)
option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
option(USE_STATIC_MSVC_RUNTIMES "Use /MT instead of /MD in MSVC" OFF)
if(USE_STATIC_MSVC_RUNTIMES)
set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
endif()
if(NOT LIBRESSL_SKIP_INSTALL)
set( ENABLE_LIBRESSL_INSTALL ON )
endif(NOT LIBRESSL_SKIP_INSTALL)
set(BUILD_NC true)
|
| ︙ | ︙ |
Changes to jni/libressl/ChangeLog.
| ︙ | ︙ | |||
24 25 26 27 28 29 30 31 32 33 34 35 36 37 | The portable bits of the project are largely maintained out-of-tree, and their history is also available from Git. https://github.com/libressl-portable/portable LibreSSL Portable Release Notes: 3.0.2 - Stable release * Use a valid curve when constructing an EC_KEY that looks like X25519. The recent EC group cofactor change results in stricter validation, which causes the EC_GROUP_set_generator() call to fail. Issue reported and fix tested by rsadowski@ | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 | The portable bits of the project are largely maintained out-of-tree, and their history is also available from Git. https://github.com/libressl-portable/portable LibreSSL Portable Release Notes: 3.1.1 - Stable release * Improved cipher suite handling to automatically include TLSv1.3 cipher suites when they are not explicitly referred to in the cipher string. * Improved handling of TLSv1.3 HelloRetryRequests, simplifying state transitions and ensuring that the legacy session identifer retains the same value across the handshake. * Provided TLSv1.3 cipher suite aliases to match the names used in RFC 8446. * Improved TLSv1.3 client key share handling to allow the use of any groups in our configured NID list. * Fixed printing the serialNumber with X509_print_ex() fall back to the colon separated hex bytes in case greater than int value. * Fix to disallow setting the AES-GCM IV length to zero. * Added -groups option to openssl(1) s_server subcommand. * Fix to show TLSv1.3 extension types with openssl(1) -tlsextdebug. * Improved portable builds to support the use of static MSVC runtimes. * Fixed portable builds to avoid exporting a sleep() symbol. 3.1.0 - Development release * Completed initial TLS 1.3 implementation with a completely new state machine and record layer. TLS 1.3 is now enabled by default for the client side, with the server side to be enabled in a future release. Note that the OpenSSL TLS 1.3 API is not yet visible/available. * Many more code cleanups, fixes, and improvements to memory handling and protocol parsing. * Added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1. * Ported Cryptographic Message Syntax (CMS) implementation from OpenSSL 1.1.1 and enabled by default. * Improved compatibility by backporting functionality and documentation from OpenSSL 1.1.1. * Added many new additional crypto test vectors. * Adjusted EVP_chacha20()'s behavior to match OpenSSL's semantics. * Default CA bundle location is now configurable in portable builds. * Added cms subcommand to openssl(1). * Added -addext option to openssl(1) req subcommand. 3.0.2 - Stable release * Use a valid curve when constructing an EC_KEY that looks like X25519. The recent EC group cofactor change results in stricter validation, which causes the EC_GROUP_set_generator() call to fail. Issue reported and fix tested by rsadowski@ |
| ︙ | ︙ |
Changes to jni/libressl/FindLibreSSL.cmake.
| ︙ | ︙ | |||
61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
Hints
^^^^^
Set LIBRESSL_ROOT_DIR to the root directory of an LibreSSL installation.
]=======================================================================]
# Set Hints
set(_LIBRESSL_ROOT_HINTS
${LIBRESSL_ROOT_DIR}
ENV LIBRESSL_ROOT_DIR
)
| > > | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
Hints
^^^^^
Set LIBRESSL_ROOT_DIR to the root directory of an LibreSSL installation.
]=======================================================================]
INCLUDE(FindPackageHandleStandardArgs)
# Set Hints
set(_LIBRESSL_ROOT_HINTS
${LIBRESSL_ROOT_DIR}
ENV LIBRESSL_ROOT_DIR
)
|
| ︙ | ︙ |
Changes to jni/libressl/Makefile.am.
|
| | > > > | 1 2 3 4 5 6 7 8 9 10 11 | SUBDIRS = crypto ssl tls include apps man if ENABLE_TESTS SUBDIRS += tests endif ACLOCAL_AMFLAGS = -I m4 pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc EXTRA_DIST = README.md README.windows VERSION config scripts EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake |
| ︙ | ︙ |
Changes to jni/libressl/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ | |||
84 85 86 87 88 89 90 91 92 93 94 95 96 97 | PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \ $(top_srcdir)/m4/check-libc.m4 \ $(top_srcdir)/m4/check-os-options.m4 \ $(top_srcdir)/m4/disable-compiler-warnings.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ | > | 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 | PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @ENABLE_TESTS_TRUE@am__append_1 = tests subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \ $(top_srcdir)/m4/check-libc.m4 \ $(top_srcdir)/m4/check-os-options.m4 \ $(top_srcdir)/m4/disable-compiler-warnings.m4 \ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ |
| ︙ | ︙ | |||
186 187 188 189 190 191 192 |
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
| | | 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 |
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = crypto ssl tls include apps man tests
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/libcrypto.pc.in \
$(srcdir)/libssl.pc.in $(srcdir)/libtls.pc.in \
$(srcdir)/openssl.pc.in COPYING ChangeLog INSTALL compile \
config.guess config.sub depcomp install-sh ltmain.sh missing \
tap-driver.sh
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
|
| ︙ | ︙ | |||
357 358 359 360 361 362 363 | sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ | | | 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 | sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = crypto ssl tls include apps man $(am__append_1) ACLOCAL_AMFLAGS = -I m4 pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc EXTRA_DIST = README.md README.windows VERSION config scripts \ CMakeLists.txt cmake_export_symbol.cmake \ cmake_uninstall.cmake.in FindLibreSSL.cmake all: all-recursive |
| ︙ | ︙ | |||
628 629 630 631 632 633 634 635 636 637 638 639 640 641 |
tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
$(am__post_remove_distdir)
dist-xz: distdir
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__post_remove_distdir)
dist-tarZ: distdir
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__post_remove_distdir)
| > > > > | 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 |
tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
$(am__post_remove_distdir)
dist-xz: distdir
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__post_remove_distdir)
dist-zstd: distdir
tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
$(am__post_remove_distdir)
dist-tarZ: distdir
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__post_remove_distdir)
|
| ︙ | ︙ | |||
670 671 672 673 674 675 676 677 678 679 680 681 682 683 | xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ | > > | 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 | xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ *.tar.zst*) \ zstd -dc $(distdir).tar.zst | $(am__untar) ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ |
| ︙ | ︙ | |||
850 851 852 853 854 855 856 | .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-am clean clean-cscope clean-generic \ clean-libtool cscope cscopelist-am ctags ctags-am dist \ dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \ | | | | | > | | | < | | | | | 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 | .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-am clean clean-cscope clean-generic \ clean-libtool cscope cscopelist-am ctags ctags-am dist \ dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \ dist-xz dist-zip dist-zstd distcheck distclean \ distclean-generic distclean-libtool distclean-tags \ distcleancheck distdir distuninstallcheck dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-pkgconfigDATA install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs installdirs-am \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-pkgconfigDATA .PRECIOUS: Makefile .PHONY: install_sw install_sw: install # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: |
Changes to jni/libressl/README.md.
1 2 3 |  ## Official portable version of [LibreSSL](https://www.libressl.org) ## | < < | 1 2 3 4 5 6 7 8 9 10 |  ## Official portable version of [LibreSSL](https://www.libressl.org) ## LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the [OpenBSD](https://www.openbsd.org) project. Our goal is to modernize the codebase, improve security, and apply best practice development processes from OpenBSD. ## Compatibility with OpenSSL: ## LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all |
| ︙ | ︙ |
Changes to jni/libressl/VERSION.
|
| | | 1 2 | 3.1.1 |
Changes to jni/libressl/aclocal.m4.
|
| | | | | | | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# generated automatically by aclocal 1.16.2 -*- Autoconf -*-
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
[m4_warning([this file was generated for autoconf 2.69.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
# Copyright (C) 2002-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_AUTOMAKE_VERSION(VERSION)
# ----------------------------
# Automake X.Y traces this macro to ensure aclocal.m4 has been
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.16'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.16.2], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
# _AM_AUTOCONF_VERSION(VERSION)
# -----------------------------
# aclocal traces this macro to find the Autoconf version.
# This is a private macro too. Using m4_define simplifies
# the logic in aclocal, which can simply ignore this definition.
m4_define([_AM_AUTOCONF_VERSION], [])
# AM_SET_CURRENT_AUTOMAKE_VERSION
# -------------------------------
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.16.2])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# Figure out how to run the assembler. -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_PROG_AS
# ----------
AC_DEFUN([AM_PROG_AS],
[# By default we simply use the C compiler to build assembly code.
AC_REQUIRE([AC_PROG_CC])
test "${CCAS+set}" = set || CCAS=$CC
test "${CCASFLAGS+set}" = set || CCASFLAGS=$CFLAGS
AC_ARG_VAR([CCAS], [assembler compiler command (defaults to CC)])
AC_ARG_VAR([CCASFLAGS], [assembler compiler flags (defaults to CFLAGS)])
_AM_IF_OPTION([no-dependencies],, [_AM_DEPENDENCIES([CCAS])])dnl
])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to
|
| ︙ | ︙ | |||
126 127 128 129 130 131 132 | [AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl # Expand $ac_aux_dir to an absolute path. am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- | | | 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 | [AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl # Expand $ac_aux_dir to an absolute path. am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- |
| ︙ | ︙ | |||
157 158 159 160 161 162 163 |
fi
AC_CONFIG_COMMANDS_PRE(
[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
AC_MSG_ERROR([[conditional "$1" was never defined.
Usually this means the macro was only invoked conditionally.]])
fi])])
| | | 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 |
fi
AC_CONFIG_COMMANDS_PRE(
[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
AC_MSG_ERROR([[conditional "$1" was never defined.
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be
|
| ︙ | ︙ | |||
348 349 350 351 352 353 354 | _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl AC_SUBST([am__nodep])dnl _AM_SUBST_NOTMAKE([am__nodep])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- | | | 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 | _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl AC_SUBST([am__nodep])dnl _AM_SUBST_NOTMAKE([am__nodep])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- # Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ |
| ︙ | ︙ | |||
387 388 389 390 391 392 393 |
am_filepart=`AS_BASENAME(["$am_mf"])`
AM_RUN_LOG([cd "$am_dirpart" \
&& sed -e '/# am--include-marker/d' "$am_filepart" \
| $MAKE -f - am--depfiles]) || am_rc=$?
done
if test $am_rc -ne 0; then
AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
| | > > | 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 |
am_filepart=`AS_BASENAME(["$am_mf"])`
AM_RUN_LOG([cd "$am_dirpart" \
&& sed -e '/# am--include-marker/d' "$am_filepart" \
| $MAKE -f - am--depfiles]) || am_rc=$?
done
if test $am_rc -ne 0; then
AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
for automatic dependency tracking. If GNU make was not used, consider
re-running the configure script with MAKE="gmake" (or whatever is
necessary). You can also try re-running configure with the
'--disable-dependency-tracking' option to at least be able to build
the package (albeit without support for automatic dependency tracking).])
fi
AS_UNSET([am_dirpart])
AS_UNSET([am_filepart])
AS_UNSET([am_mf])
AS_UNSET([am_rc])
|
| ︙ | ︙ | |||
414 415 416 417 418 419 420 |
AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
[AC_CONFIG_COMMANDS([depfiles],
[test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
[AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
# Do all the work for Automake. -*- Autoconf -*-
| | | 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 |
AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
[AC_CONFIG_COMMANDS([depfiles],
[test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
[AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This macro actually does too much. Some checks are only needed if
# your package does certain things. But this isn't really a big deal.
|
| ︙ | ︙ | |||
611 612 613 614 615 616 617 |
break ;;
* )
_am_stamp_count=`expr $_am_stamp_count + 1` ;;
esac
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
| | | | | 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 |
break ;;
* )
_am_stamp_count=`expr $_am_stamp_count + 1` ;;
esac
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_PROG_INSTALL_SH
# ------------------
# Define $install_sh.
AC_DEFUN([AM_PROG_INSTALL_SH],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
if test x"${install_sh+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
*)
install_sh="\${SHELL} $am_aux_dir/install-sh"
esac
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# Check whether the underlying file-system supports filenames
# with a leading dot. For instance MS-DOS doesn't.
AC_DEFUN([AM_SET_LEADING_DOT],
[rm -rf .tst 2>/dev/null
mkdir .tst 2>/dev/null
if test -d .tst; then
am__leading_dot=.
else
am__leading_dot=_
fi
rmdir .tst 2>/dev/null
AC_SUBST([am__leading_dot])])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_MAKE_INCLUDE()
# -----------------
|
| ︙ | ︙ | |||
696 697 698 699 700 701 702 |
rm -f confinc.* confmf.*
AC_MSG_RESULT([${_am_result}])
AC_SUBST([am__include])])
AC_SUBST([am__quote])])
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
| | | 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 |
rm -f confinc.* confmf.*
AC_MSG_RESULT([${_am_result}])
AC_SUBST([am__include])])
AC_SUBST([am__quote])])
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_MISSING_PROG(NAME, PROGRAM)
# ------------------------------
|
| ︙ | ︙ | |||
735 736 737 738 739 740 741 | am_missing_run= AC_MSG_WARN(['missing' script is too old or missing]) fi ]) # Helper functions for option handling. -*- Autoconf -*- | | | 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 | am_missing_run= AC_MSG_WARN(['missing' script is too old or missing]) fi ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_MANGLE_OPTION(NAME) # ----------------------- |
| ︙ | ︙ | |||
764 765 766 767 768 769 770 | # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) | | | 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 | # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_PROG_CC_C_O # --------------- |
| ︙ | ︙ | |||
811 812 813 814 815 816 817 | CC="$am_aux_dir/compile $CC" fi AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) | | | | 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 |
CC="$am_aux_dir/compile $CC"
fi
AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 2001-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_RUN_LOG(COMMAND)
# -------------------
# Run COMMAND, save the exit status in ac_status, and log it.
# (This has been adapted from Autoconf's _AC_RUN_LOG macro.)
AC_DEFUN([AM_RUN_LOG],
[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
(exit $ac_status); }])
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_SANITY_CHECK
# ---------------
|
| ︙ | ︙ | |||
911 912 913 914 915 916 917 |
# Hide warnings about reused PIDs.
wait $am_sleep_pid 2>/dev/null
fi
AC_MSG_RESULT([done])])
rm -f conftest.file
])
| | | 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 |
# Hide warnings about reused PIDs.
wait $am_sleep_pid 2>/dev/null
fi
AC_MSG_RESULT([done])])
rm -f conftest.file
])
# Copyright (C) 2009-2020 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_SILENT_RULES([DEFAULT])
# --------------------------
|
| ︙ | ︙ | |||
971 972 973 974 975 976 977 | AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl AC_SUBST([AM_DEFAULT_VERBOSITY])dnl AM_BACKSLASH='\' AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) | | | 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 | AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl AC_SUBST([AM_DEFAULT_VERBOSITY])dnl AM_BACKSLASH='\' AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) # Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- |
| ︙ | ︙ | |||
999 1000 1001 1002 1003 1004 1005 | dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) | | | | 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 | dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) # -------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_PROG_TAR(FORMAT) # -------------------- |
| ︙ | ︙ |
Changes to jni/libressl/apps/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ |
Changes to jni/libressl/apps/nc/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ |
Changes to jni/libressl/apps/nc/nc.1.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: nc.1,v 1.95 2020/02/12 14:46:36 schwarze Exp $ .\" .\" Copyright (c) 1996 David Sacerdote .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: |
| ︙ | ︙ | |||
21 22 23 24 25 26 27 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: February 12 2020 $ .Dt NC 1 .Os .Sh NAME .Nm nc .Nd arbitrary TCP and UDP connections and listens .Sh SYNOPSIS .Nm nc |
| ︙ | ︙ | |||
43 44 45 46 47 48 49 | .Op Fl M Ar ttl .Op Fl m Ar minttl .Op Fl O Ar length .Op Fl o Ar staplefile .Op Fl P Ar proxy_username .Op Fl p Ar source_port .Op Fl R Ar CAfile | | | 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 | .Op Fl M Ar ttl .Op Fl m Ar minttl .Op Fl O Ar length .Op Fl o Ar staplefile .Op Fl P Ar proxy_username .Op Fl p Ar source_port .Op Fl R Ar CAfile .Op Fl s Ar sourceaddr .Op Fl T Ar keyword .Op Fl V Ar rtable .Op Fl W Ar recvlimit .Op Fl w Ar timeout .Op Fl X Ar proxy_protocol .Op Fl x Ar proxy_address Ns Op : Ns Ar port .Op Fl Z Ar peercertfile |
| ︙ | ︙ | |||
188 189 190 191 192 193 194 | Ask the kernel to drop incoming packets whose TTL / hop limit is under .Ar minttl . .It Fl N .Xr shutdown 2 the network socket after EOF on the input. Some servers require this to finish their work. .It Fl n | | | | 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 | Ask the kernel to drop incoming packets whose TTL / hop limit is under .Ar minttl . .It Fl N .Xr shutdown 2 the network socket after EOF on the input. Some servers require this to finish their work. .It Fl n Do not perform domain name resolution. If a name cannot be resolved without DNS, an error will be reported. .It Fl O Ar length Specify the size of the TCP send buffer. .It Fl o Ar staplefile During the TLS handshake, load data to be stapled from .Ar staplefile , which is expected to contain an OCSP response from an OCSP server in DER format. |
| ︙ | ︙ | |||
224 225 226 227 228 229 230 | .Fl c . .It Fl r Choose source and/or destination ports randomly instead of sequentially within a range or in the order that the system assigns them. .It Fl S Enable the RFC 2385 TCP MD5 signature option. | | | | < | 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 | .Fl c . .It Fl r Choose source and/or destination ports randomly instead of sequentially within a range or in the order that the system assigns them. .It Fl S Enable the RFC 2385 TCP MD5 signature option. .It Fl s Ar sourceaddr Set the source address to send packets from, which is useful on machines with multiple interfaces. For .Ux Ns -domain datagram sockets, specifies the local temporary socket file to create and use so that datagrams can be received. Cannot be used together with .Fl l or |
| ︙ | ︙ |
Changes to jni/libressl/apps/nc/netcat.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: netcat.c,v 1.217 2020/02/12 14:46:36 schwarze Exp $ */ /* * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> * Copyright (c) 2015 Bob Beck. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: |
| ︙ | ︙ | |||
125 126 127 128 129 130 131 | void atelnet(int, unsigned char *, unsigned int); int strtoport(char *portstr, int udp); void build_ports(char *); void help(void) __attribute__((noreturn)); int local_listen(const char *, const char *, struct addrinfo); void readwrite(int, struct tls *); void fdpass(int nfd) __attribute__((noreturn)); | | | 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 | void atelnet(int, unsigned char *, unsigned int); int strtoport(char *portstr, int udp); void build_ports(char *); void help(void) __attribute__((noreturn)); int local_listen(const char *, const char *, struct addrinfo); void readwrite(int, struct tls *); void fdpass(int nfd) __attribute__((noreturn)); int remote_connect(const char *, const char *, struct addrinfo, char *); int timeout_tls(int, struct tls *, int (*)(struct tls *)); int timeout_connect(int, const struct sockaddr *, socklen_t); int socks_connect(const char *, const char *, struct addrinfo, const char *, const char *, struct addrinfo, int, const char *); int udptest(int); int unix_bind(char *, int); int unix_connect(char *); |
| ︙ | ︙ | |||
151 152 153 154 155 156 157 158 159 160 161 162 163 164 |
struct tls *tls_setup_server(struct tls *, int, char *);
int
main(int argc, char *argv[])
{
int ch, s = -1, ret, socksv;
char *host, *uport;
struct addrinfo hints;
struct servent *sv;
socklen_t len;
struct sockaddr_storage cliaddr;
char *proxy = NULL, *proxyport = NULL;
const char *errstr;
struct addrinfo proxyhints;
| > | 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 |
struct tls *tls_setup_server(struct tls *, int, char *);
int
main(int argc, char *argv[])
{
int ch, s = -1, ret, socksv;
char *host, *uport;
char ipaddr[NI_MAXHOST];
struct addrinfo hints;
struct servent *sv;
socklen_t len;
struct sockaddr_storage cliaddr;
char *proxy = NULL, *proxyport = NULL;
const char *errstr;
struct addrinfo proxyhints;
|
| ︙ | ︙ | |||
357 358 359 360 361 362 363 | #ifdef SO_RTABLE if (rtableid >= 0) if (setrtable(rtableid) == -1) err(1, "setrtable"); #endif /* Cruft to make sure options are clean, and used properly. */ | | < | < < < | > > > > > > | > | | > > > > | 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 |
#ifdef SO_RTABLE
if (rtableid >= 0)
if (setrtable(rtableid) == -1)
err(1, "setrtable");
#endif
/* Cruft to make sure options are clean, and used properly. */
if (argc == 1 && family == AF_UNIX) {
host = argv[0];
} else if (argc == 1 && lflag) {
uport = argv[0];
} else if (argc == 2) {
host = argv[0];
uport = argv[1];
} else
usage(1);
if (usetls) {
if (Cflag && unveil(Cflag, "r") == -1)
err(1, "unveil");
if (unveil(Rflag, "r") == -1)
err(1, "unveil");
if (Kflag && unveil(Kflag, "r") == -1)
err(1, "unveil");
if (oflag && unveil(oflag, "r") == -1)
err(1, "unveil");
} else if (family == AF_UNIX && uflag && lflag && !kflag) {
/*
* After recvfrom(2) from client, the server connects
* to the client socket. As the client path is determined
* during runtime, we cannot unveil(2).
*/
} else {
if (family == AF_UNIX) {
if (unveil(host, "rwc") == -1)
err(1, "unveil");
if (uflag && !kflag) {
if (sflag) {
if (unveil(sflag, "rwc") == -1)
err(1, "unveil");
} else {
if (unveil("/tmp", "rwc") == -1)
err(1, "unveil");
}
}
} else {
/* no filesystem visibility */
if (unveil("/", "") == -1)
err(1, "unveil");
}
}
|
| ︙ | ︙ | |||
578 579 580 581 582 583 584 585 586 587 588 589 590 591 |
if (s != -1)
close(s);
s = local_listen(host, uport, hints);
}
if (s == -1)
err(1, NULL);
if (uflag && kflag) {
/*
* For UDP and -k, don't connect the socket,
* let it receive datagrams from multiple
* socket pairs.
*/
readwrite(s, NULL);
} else if (uflag && !kflag) {
| > > > > | 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 |
if (s != -1)
close(s);
s = local_listen(host, uport, hints);
}
if (s == -1)
err(1, NULL);
if (uflag && kflag) {
if (family == AF_UNIX) {
if (pledge("stdio unix", NULL) == -1)
err(1, "pledge");
}
/*
* For UDP and -k, don't connect the socket,
* let it receive datagrams from multiple
* socket pairs.
*/
readwrite(s, NULL);
} else if (uflag && !kflag) {
|
| ︙ | ︙ | |||
604 605 606 607 608 609 610 611 612 |
if (rv == -1)
err(1, "recvfrom");
rv = connect(s, (struct sockaddr *)&z, len);
if (rv == -1)
err(1, "connect");
if (vflag)
report_sock("Connection received",
| > > > > | > | 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 |
if (rv == -1)
err(1, "recvfrom");
rv = connect(s, (struct sockaddr *)&z, len);
if (rv == -1)
err(1, "connect");
if (family == AF_UNIX) {
if (pledge("stdio unix", NULL) == -1)
err(1, "pledge");
}
if (vflag)
report_sock("Connection received",
(struct sockaddr *)&z, len,
family == AF_UNIX ? host : NULL);
readwrite(s, NULL);
} else {
struct tls *tls_cctx = NULL;
int connfd;
len = sizeof(cliaddr);
|
| ︙ | ︙ | |||
683 684 685 686 687 688 689 | tls_error(tls_ctx)); } if (xflag) s = socks_connect(host, portlist[i], hints, proxy, proxyport, proxyhints, socksv, Pflag); else | | > | 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 |
tls_error(tls_ctx));
}
if (xflag)
s = socks_connect(host, portlist[i], hints,
proxy, proxyport, proxyhints, socksv,
Pflag);
else
s = remote_connect(host, portlist[i], hints,
ipaddr);
if (s == -1)
continue;
ret = 0;
if (vflag || zflag) {
/* For UDP, make sure we are connected. */
|
| ︙ | ︙ | |||
707 708 709 710 711 712 713 |
sv = NULL;
else {
sv = getservbyport(
ntohs(atoi(portlist[i])),
uflag ? "udp" : "tcp");
}
| > > > > > > > > | | | | | 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 |
sv = NULL;
else {
sv = getservbyport(
ntohs(atoi(portlist[i])),
uflag ? "udp" : "tcp");
}
fprintf(stderr, "Connection to %s", host);
/*
* if we aren't connecting thru a proxy and
* there is something to report, print IP
*/
if (!nflag && !xflag
&& (strcmp(host, ipaddr) != 0))
fprintf(stderr, " (%s)", ipaddr);
fprintf(stderr, " %s port [%s/%s] succeeded!\n",
portlist[i], uflag ? "udp" : "tcp",
sv ? sv->s_name : "*");
}
if (Fflag)
fdpass(s);
else {
if (usetls)
tls_setup_client(tls_ctx, s, host);
|
| ︙ | ︙ | |||
815 816 817 818 819 820 821 |
if (timeout_tls(s, tls_ctx, tls_handshake) == -1) {
if ((errstr = tls_error(tls_ctx)) == NULL)
errstr = strerror(errno);
errx(1, "tls handshake failed (%s)", errstr);
}
if (vflag)
report_tls(tls_ctx, host);
| | | | 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 |
if (timeout_tls(s, tls_ctx, tls_handshake) == -1) {
if ((errstr = tls_error(tls_ctx)) == NULL)
errstr = strerror(errno);
errx(1, "tls handshake failed (%s)", errstr);
}
if (vflag)
report_tls(tls_ctx, host);
if (tls_expecthash && (tls_peer_cert_hash(tls_ctx) == NULL ||
strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0))
errx(1, "peer certificate is not %s", tls_expecthash);
if (Zflag) {
save_peer_cert(tls_ctx, Zflag);
if (Zflag != stderr && (fclose(Zflag) != 0))
err(1, "fclose failed saving peer cert");
}
}
|
| ︙ | ︙ | |||
844 845 846 847 848 849 850 |
} else {
int gotcert = tls_peer_cert_provided(tls_cctx);
if (vflag && gotcert)
report_tls(tls_cctx, host);
if ((TLSopt & TLS_CCERT) && !gotcert)
warnx("No client certificate provided");
| | > | | 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 |
} else {
int gotcert = tls_peer_cert_provided(tls_cctx);
if (vflag && gotcert)
report_tls(tls_cctx, host);
if ((TLSopt & TLS_CCERT) && !gotcert)
warnx("No client certificate provided");
else if (gotcert && tls_expecthash &&
(tls_peer_cert_hash(tls_cctx) == NULL ||
strcmp(tls_expecthash, tls_peer_cert_hash(tls_cctx)) != 0))
warnx("peer certificate is not %s", tls_expecthash);
else if (gotcert && tls_expectname &&
(!tls_peer_cert_contains_name(tls_cctx, tls_expectname)))
warnx("name (%s) not found in client cert",
tls_expectname);
else {
return tls_cctx;
|
| ︙ | ︙ | |||
922 923 924 925 926 927 928 | /* * remote_connect() * Returns a socket connected to a remote host. Properly binds to a local * port or source address if needed. Returns -1 on failure. */ int | | > | | 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 |
/*
* remote_connect()
* Returns a socket connected to a remote host. Properly binds to a local
* port or source address if needed. Returns -1 on failure.
*/
int
remote_connect(const char *host, const char *port, struct addrinfo hints,
char *ipaddr)
{
struct addrinfo *res, *res0;
int s = -1, error, herr, save_errno;
#ifdef SO_BINDANY
int on = 1;
#endif
if ((error = getaddrinfo(host, port, &hints, &res0)))
errx(1, "getaddrinfo for host \"%s\" port %s: %s", host,
port, gai_strerror(error));
|
| ︙ | ︙ | |||
962 963 964 965 966 967 968 969 970 971 | if (bind(s, (struct sockaddr *)ares->ai_addr, ares->ai_addrlen) == -1) err(1, "bind failed"); freeaddrinfo(ares); } set_common_sockopts(s, res->ai_family); if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0) break; | > > > > > > > > > > > > > > | > > > | | > > > > | 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 |
if (bind(s, (struct sockaddr *)ares->ai_addr,
ares->ai_addrlen) == -1)
err(1, "bind failed");
freeaddrinfo(ares);
}
set_common_sockopts(s, res->ai_family);
if (ipaddr != NULL) {
herr = getnameinfo(res->ai_addr, res->ai_addrlen,
ipaddr, NI_MAXHOST, NULL, 0, NI_NUMERICHOST);
switch (herr) {
case 0:
break;
case EAI_SYSTEM:
err(1, "getnameinfo");
default:
errx(1, "getnameinfo: %s", gai_strerror(herr));
}
}
if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0)
break;
if (vflag) {
/* only print IP if there is something to report */
if (nflag || ipaddr == NULL ||
(strncmp(host, ipaddr, NI_MAXHOST) == 0))
warn("connect to %s port %s (%s) failed", host,
port, uflag ? "udp" : "tcp");
else
warn("connect to %s (%s) port %s (%s) failed",
host, ipaddr, port, uflag ? "udp" : "tcp");
}
save_errno = errno;
close(s);
errno = save_errno;
s = -1;
}
|
| ︙ | ︙ | |||
1757 1758 1759 1760 1761 1762 1763 | fprintf(stderr, "%s on %s\n", msg, path); return; } if (nflag) flags |= NI_NUMERICHOST; | | | > > > | | | 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 |
fprintf(stderr, "%s on %s\n", msg, path);
return;
}
if (nflag)
flags |= NI_NUMERICHOST;
herr = getnameinfo(sa, salen, host, sizeof(host), port, sizeof(port),
flags);
switch (herr) {
case 0:
break;
case EAI_SYSTEM:
err(1, "getnameinfo");
default:
errx(1, "getnameinfo: %s", gai_strerror(herr));
}
fprintf(stderr, "%s on %s %s\n", msg, host, port);
}
void
|
| ︙ | ︙ | |||
1799 1800 1801 1802 1803 1804 1805 | \t-O length TCP send buffer length\n\ \t-o staplefile Staple file\n\ \t-P proxyuser\tUsername for proxy authentication\n\ \t-p port\t Specify local port for remote connects\n\ \t-R CAfile CA bundle\n\ \t-r Randomize remote ports\n" #ifdef TCP_MD5SIG | < | < | < | < | | | 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 |
\t-O length TCP send buffer length\n\
\t-o staplefile Staple file\n\
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
\t-R CAfile CA bundle\n\
\t-r Randomize remote ports\n"
#ifdef TCP_MD5SIG
"\t-S Enable the TCP MD5 signature option\n"
#endif
"\t-s sourceaddr Local source address\n\
\t-T keyword TOS value or TLS options\n\
\t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\
\t-u UDP mode\n"
#ifdef SO_RTABLE
"\t-V rtable Specify alternate routing table\n"
#endif
"\t-v Verbose\n\
\t-W recvlimit Terminate after receiving a number of packets\n\
\t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
\t-x addr[:port]\tSpecify proxy address and port\n\
\t-Z Peer certificate file\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
exit(1);
}
void
usage(int ret)
{
fprintf(stderr,
"usage: nc [-46cDdFhklNnrStUuvz] [-C certfile] [-e name] "
"[-H hash] [-I length]\n"
"\t [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n"
"\t [-o staplefile] [-P proxy_username] [-p source_port] "
"[-R CAfile]\n"
"\t [-s sourceaddr] [-T keyword] [-V rtable] [-W recvlimit] "
"[-w timeout]\n"
"\t [-X proxy_protocol] [-x proxy_address[:port]] "
"[-Z peercertfile]\n"
"\t [destination] [port]\n");
if (ret)
exit(1);
}
|
Changes to jni/libressl/apps/nc/socks.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: socks.c,v 1.30 2019/11/04 17:33:28 millert Exp $ */ /* * Copyright (c) 1999 Niklas Hallqvist. All rights reserved. * Copyright (c) 2004, 2005 Damien Miller. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
49 50 51 52 53 54 55 | #define SOCKS_NOAUTH 0 #define SOCKS_NOMETHOD 0xff #define SOCKS_CONNECT 1 #define SOCKS_IPV4 1 #define SOCKS_DOMAIN 3 #define SOCKS_IPV6 4 | | | 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
#define SOCKS_NOAUTH 0
#define SOCKS_NOMETHOD 0xff
#define SOCKS_CONNECT 1
#define SOCKS_IPV4 1
#define SOCKS_DOMAIN 3
#define SOCKS_IPV6 4
int remote_connect(const char *, const char *, struct addrinfo, char *);
int socks_connect(const char *, const char *, struct addrinfo,
const char *, const char *, struct addrinfo, int,
const char *);
static int
decode_addrport(const char *h, const char *p, struct sockaddr *addr,
socklen_t addrlen, int v4only, int numeric)
|
| ︙ | ︙ | |||
197 198 199 200 201 202 203 | errx(1, "unknown port \"%.64s\"", port); serverport = in4->sin_port; again: if (authretry++ > 3) errx(1, "Too many authentication failures"); | | | 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 |
errx(1, "unknown port \"%.64s\"", port);
serverport = in4->sin_port;
again:
if (authretry++ > 3)
errx(1, "Too many authentication failures");
proxyfd = remote_connect(proxyhost, proxyport, proxyhints, NULL);
if (proxyfd < 0)
return (-1);
if (socksv == 5) {
if (decode_addrport(host, port, (struct sockaddr *)&addr,
sizeof(addr), 0, 1) == -1)
|
| ︙ | ︙ |
Changes to jni/libressl/apps/ocspcheck/Makefile.am.
1 2 3 4 5 6 7 8 9 10 | include $(top_srcdir)/Makefile.am.common bin_PROGRAMS = ocspcheck EXTRA_DIST = ocspcheck.8 EXTRA_DIST += CMakeLists.txt ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la ocspcheck_LDADD += $(abs_top_builddir)/ssl/libssl.la ocspcheck_LDADD += $(abs_top_builddir)/tls/libtls.la | > > | 1 2 3 4 5 6 7 8 9 10 11 12 | include $(top_srcdir)/Makefile.am.common bin_PROGRAMS = ocspcheck dist_man_MANS = ocspcheck.8 EXTRA_DIST = ocspcheck.8 EXTRA_DIST += CMakeLists.txt ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la ocspcheck_LDADD += $(abs_top_builddir)/ssl/libssl.la ocspcheck_LDADD += $(abs_top_builddir)/tls/libtls.la |
| ︙ | ︙ |
Changes to jni/libressl/apps/ocspcheck/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ | |||
103 104 105 106 107 108 109 | am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \ $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = | | | 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 | am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \ $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man8dir)" PROGRAMS = $(bin_PROGRAMS) am__ocspcheck_SOURCES_DIST = http.c ocspcheck.c compat/memmem.c am__dirstamp = $(am__leading_dot)dirstamp @HAVE_MEMMEM_FALSE@am__objects_1 = compat/memmem.$(OBJEXT) am_ocspcheck_OBJECTS = http.$(OBJEXT) ocspcheck.$(OBJEXT) \ $(am__objects_1) ocspcheck_OBJECTS = $(am_ocspcheck_OBJECTS) |
| ︙ | ︙ | |||
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 |
SOURCES = $(ocspcheck_SOURCES)
DIST_SOURCES = $(am__ocspcheck_SOURCES_DIST)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 |
SOURCES = $(ocspcheck_SOURCES)
DIST_SOURCES = $(am__ocspcheck_SOURCES_DIST)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
man8dir = $(mandir)/man8
NROFF = nroff
MANS = $(dist_man_MANS)
HEADERS = $(noinst_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
$(top_srcdir)/Makefile.am.common $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = true
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = true
|
| ︙ | ︙ | |||
313 314 315 316 317 318 319 320 321 322 323 324 325 326 | top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CFLAGS = AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ -D__END_HIDDEN_DECLS= EXTRA_DIST = ocspcheck.8 CMakeLists.txt ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la \ $(abs_top_builddir)/ssl/libssl.la \ $(abs_top_builddir)/tls/libtls.la $(PLATFORM_LDADD) \ $(PROG_LDADD) ocspcheck_SOURCES = http.c ocspcheck.c $(am__append_1) noinst_HEADERS = http.h | > | 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 | top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CFLAGS = AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ -D__END_HIDDEN_DECLS= dist_man_MANS = ocspcheck.8 EXTRA_DIST = ocspcheck.8 CMakeLists.txt ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la \ $(abs_top_builddir)/ssl/libssl.la \ $(abs_top_builddir)/tls/libtls.la $(PLATFORM_LDADD) \ $(PROG_LDADD) ocspcheck_SOURCES = http.c ocspcheck.c $(am__append_1) noinst_HEADERS = http.h |
| ︙ | ︙ | |||
462 463 464 465 466 467 468 469 470 471 472 473 474 475 | @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-am TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 |
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.8[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
done; }
uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
|
| ︙ | ︙ | |||
550 551 552 553 554 555 556 | test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am | | | | 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 | test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) $(MANS) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am |
| ︙ | ︙ | |||
611 612 613 614 615 616 617 | html-am: info: info-am info-am: | | | | 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 | html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-binPROGRAMS install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am |
| ︙ | ︙ | |||
659 660 661 662 663 664 665 | pdf-am: ps: ps-am ps-am: | | > > | | | | | | > | 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 | pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-binPROGRAMS uninstall-man uninstall-man: uninstall-man8 .MAKE: install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \ ctags ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-binPROGRAMS \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-man8 \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-binPROGRAMS uninstall-man uninstall-man8 .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: |
Changes to jni/libressl/apps/ocspcheck/compat/memmem.c.
|
| | > | | > > > > | > | < > | < < < < < < | | | | | < < < | | | < > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | < | < | < | < < > | < < > | | < < | < < | > > > | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 |
/* $OpenBSD: memmem.c,v 1.5 2020/04/16 12:39:28 claudio Exp $ */
/*
* Copyright (c) 2005-2020 Rich Felker, et al.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include <string.h>
#include <stdint.h>
static char *
twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1];
for (h+=2, k-=2; k; k--, hw = hw<<8 | *h++)
if (hw == nw) return (char *)h-2;
return hw == nw ? (char *)h-2 : 0;
}
static char *
threebyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8;
uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8;
for (h+=3, k-=3; k; k--, hw = (hw|*h++)<<8)
if (hw == nw) return (char *)h-3;
return hw == nw ? (char *)h-3 : 0;
}
static char *
fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
for (h+=4, k-=4; k; k--, hw = hw<<8 | *h++)
if (hw == nw) return (char *)h-4;
return hw == nw ? (char *)h-4 : 0;
}
#define MAX(a,b) ((a)>(b)?(a):(b))
#define MIN(a,b) ((a)<(b)?(a):(b))
#define BITOP(a,b,op) \
((a)[(size_t)(b)/(8*sizeof *(a))] op (size_t)1<<((size_t)(b)%(8*sizeof *(a))))
/*
* Maxime Crochemore and Dominique Perrin, Two-way string-matching,
* Journal of the ACM, 38(3):651-675, July 1991.
*/
static char *
twoway_memmem(const unsigned char *h, const unsigned char *z,
const unsigned char *n, size_t l)
{
size_t i, ip, jp, k, p, ms, p0, mem, mem0;
size_t byteset[32 / sizeof(size_t)] = { 0 };
size_t shift[256];
/* Computing length of needle and fill shift table */
for (i=0; i<l; i++)
BITOP(byteset, n[i], |=), shift[n[i]] = i+1;
/* Compute maximal suffix */
ip = -1; jp = 0; k = p = 1;
while (jp+k<l) {
if (n[ip+k] == n[jp+k]) {
if (k == p) {
jp += p;
k = 1;
} else k++;
} else if (n[ip+k] > n[jp+k]) {
jp += k;
k = 1;
p = jp - ip;
} else {
ip = jp++;
k = p = 1;
}
}
ms = ip;
p0 = p;
/* And with the opposite comparison */
ip = -1; jp = 0; k = p = 1;
while (jp+k<l) {
if (n[ip+k] == n[jp+k]) {
if (k == p) {
jp += p;
k = 1;
} else k++;
} else if (n[ip+k] < n[jp+k]) {
jp += k;
k = 1;
p = jp - ip;
} else {
ip = jp++;
k = p = 1;
}
}
if (ip+1 > ms+1) ms = ip;
else p = p0;
/* Periodic needle? */
if (memcmp(n, n+p, ms+1)) {
mem0 = 0;
p = MAX(ms, l-ms-1) + 1;
} else mem0 = l-p;
mem = 0;
/* Search loop */
for (;;) {
/* If remainder of haystack is shorter than needle, done */
if (z-h < l) return 0;
/* Check last byte first; advance by shift on mismatch */
if (BITOP(byteset, h[l-1], &)) {
k = l-shift[h[l-1]];
if (k) {
if (k < mem) k = mem;
h += k;
mem = 0;
continue;
}
} else {
h += l;
mem = 0;
continue;
}
/* Compare right half */
for (k=MAX(ms+1,mem); k<l && n[k] == h[k]; k++);
if (k < l) {
h += k-ms;
mem = 0;
continue;
}
/* Compare left half */
for (k=ms+1; k>mem && n[k-1] == h[k-1]; k--);
if (k <= mem) return (char *)h;
h += p;
mem = mem0;
}
}
void *
memmem(const void *h0, size_t k, const void *n0, size_t l)
{
const unsigned char *h = h0, *n = n0;
/* Return immediately on empty needle */
if (!l) return (void *)h;
/* Return immediately when needle is longer than haystack */
if (k<l) return 0;
/* Use faster algorithms for short needles */
h = memchr(h0, *n, k);
if (!h || l==1) return (void *)h;
k -= h - (const unsigned char *)h0;
if (k<l) return 0;
if (l==2) return twobyte_memmem(h, k, n);
if (l==3) return threebyte_memmem(h, k, n);
if (l==4) return fourbyte_memmem(h, k, n);
return twoway_memmem(h, h+k, n, l);
}
|
Changes to jni/libressl/apps/ocspcheck/http.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $Id: http.c,v 1.13 2020/01/11 17:37:19 sthen Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
345 346 347 348 349 350 351 352 353 354 355 356 357 358 |
"Host: %s\r\n"
"\r\n",
http->path, http->host);
} else {
c = asprintf(&req,
"POST %s HTTP/1.0\r\n"
"Host: %s\r\n"
"Content-Length: %zu\r\n"
"\r\n",
http->path, http->host, psz);
}
if (c == -1) {
warn("asprintf");
return NULL;
| > | 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 |
"Host: %s\r\n"
"\r\n",
http->path, http->host);
} else {
c = asprintf(&req,
"POST %s HTTP/1.0\r\n"
"Host: %s\r\n"
"Content-Type: application/ocsp-request\r\n"
"Content-Length: %zu\r\n"
"\r\n",
http->path, http->host, psz);
}
if (c == -1) {
warn("asprintf");
return NULL;
|
| ︙ | ︙ |
Changes to jni/libressl/apps/ocspcheck/ocspcheck.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ocspcheck.c,v 1.26 2020/01/23 03:53:39 tb Exp $ */ /* * Copyright (c) 2017 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. |
| ︙ | ︙ | |||
180 181 182 183 184 185 186 | return -1; if ((rv = timegm(&tm)) == -1) return -1; return rv; } static X509_STORE * | | | > > > > > | | | | | < < < | > | | | | | | > | > > | 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 |
return -1;
if ((rv = timegm(&tm)) == -1)
return -1;
return rv;
}
static X509_STORE *
read_cacerts(const char *file, const char *dir)
{
X509_STORE *store = NULL;
X509_LOOKUP *lookup;
if (file == NULL && dir == NULL) {
warnx("No CA certs to load");
goto end;
}
if ((store = X509_STORE_new()) == NULL) {
warnx("Malloc failed");
goto end;
}
if (file != NULL) {
if ((lookup = X509_STORE_add_lookup(store,
X509_LOOKUP_file())) == NULL) {
warnx("Unable to load CA cert file");
goto end;
}
if (!X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM)) {
warnx("Unable to load CA certs from file %s", file);
goto end;
}
}
if (dir != NULL) {
if ((lookup = X509_STORE_add_lookup(store,
X509_LOOKUP_hash_dir())) == NULL) {
warnx("Unable to load CA cert directory");
goto end;
}
if (!X509_LOOKUP_add_dir(lookup, dir, X509_FILETYPE_PEM)) {
warnx("Unable to load CA certs from directory %s", dir);
goto end;
}
}
return store;
end:
X509_STORE_free(store);
return NULL;
}
|
| ︙ | ︙ | |||
285 286 287 288 289 290 291 | return NULL; issuer = X509_find_by_subject(fullchain, issuer_name); return issuer; } static ocsp_request * | | > | | | | | 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 |
return NULL;
issuer = X509_find_by_subject(fullchain, issuer_name);
return issuer;
}
static ocsp_request *
ocsp_request_new_from_cert(const char *cadir, char *file, int nonce)
{
X509 *cert = NULL;
int count = 0;
OCSP_CERTID *id;
ocsp_request *request;
const EVP_MD *cert_id_md = NULL;
X509 *issuer = NULL;
STACK_OF(OPENSSL_STRING) *urls;
if ((request = calloc(1, sizeof(ocsp_request))) == NULL) {
warn("malloc");
return NULL;
}
if ((request->req = OCSP_REQUEST_new()) == NULL)
return NULL;
request->fullchain = read_fullchain(file, &count);
if (cadir == NULL) {
/* Drop rpath from pledge, we don't need to read anymore */
if (pledge("stdio inet dns", NULL) == -1)
err(1, "pledge");
}
if (request->fullchain == NULL)
return NULL;
if (count <= 1) {
warnx("File %s does not contain a cert chain", file);
return NULL;
}
if ((cert = cert_from_chain(request->fullchain)) == NULL) {
|
| ︙ | ︙ | |||
502 503 504 505 506 507 508 509 |
"[-o staplefile] file\n");
exit(1);
}
int
main(int argc, char **argv)
{
char *host = NULL, *path = "/", *certfile = NULL, *outfile = NULL,
| > | | 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 |
"[-o staplefile] file\n");
exit(1);
}
int
main(int argc, char **argv)
{
const char *cafile = NULL, *cadir = NULL;
char *host = NULL, *path = "/", *certfile = NULL, *outfile = NULL,
*instaple = NULL, *infile = NULL;
struct addr addrs[MAX_SERVERS_DNS] = {{0}};
struct source sources[MAX_SERVERS_DNS];
int i, ch, staplefd = -1, infd = -1, nonce = 1;
ocsp_request *request = NULL;
size_t rescount, httphsz = 0, instaplesz = 0;
struct httphead *httph = NULL;
struct httpget *hget;
|
| ︙ | ︙ | |||
561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 |
infd = STDIN_FILENO;
else
infd = open(infile, O_RDONLY);
if (infd < 0)
err(1, "Unable to open input file %s", infile);
nonce = 0; /* Can't validate a nonce on a saved reply */
}
if (pledge("stdio inet rpath dns", NULL) == -1)
err(1, "pledge");
/*
* Load our certificate and keystore, and build up an
* OCSP request based on the full certificate chain
* we have been given to check.
*/
| > > > > > > > > > > > > > > > > > > | | > | 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 |
infd = STDIN_FILENO;
else
infd = open(infile, O_RDONLY);
if (infd < 0)
err(1, "Unable to open input file %s", infile);
nonce = 0; /* Can't validate a nonce on a saved reply */
}
if (cafile == NULL) {
if (access(X509_get_default_cert_file(), R_OK) == 0)
cafile = X509_get_default_cert_file();
if (access(X509_get_default_cert_dir(), F_OK) == 0)
cadir = X509_get_default_cert_dir();
}
if (cafile != NULL) {
if (unveil(cafile, "r") == -1)
err(1, "unveil");
}
if (cadir != NULL) {
if (unveil(cadir, "r") == -1)
err(1, "unveil");
}
if (unveil(certfile, "r") == -1)
err(1, "unveil");
if (pledge("stdio inet rpath dns", NULL) == -1)
err(1, "pledge");
/*
* Load our certificate and keystore, and build up an
* OCSP request based on the full certificate chain
* we have been given to check.
*/
if ((castore = read_cacerts(cafile, cadir)) == NULL)
exit(1);
if ((request = ocsp_request_new_from_cert(cadir, certfile, nonce))
== NULL)
exit(1);
dspew("Built an %zu byte ocsp request\n", request->size);
if ((host = url2host(request->url, &port, &path)) == NULL)
errx(1, "Invalid OCSP url %s from %s", request->url,
certfile);
|
| ︙ | ︙ | |||
608 609 610 611 612 613 614 | if (hget == NULL) errx(1, "http_get"); /* * Pledge minimally before fiddling with libcrypto init * routines and parsing untrusted input from someone's OCSP * server. */ | > | | > > > > | 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 |
if (hget == NULL)
errx(1, "http_get");
/*
* Pledge minimally before fiddling with libcrypto init
* routines and parsing untrusted input from someone's OCSP
* server.
*/
if (cadir == NULL) {
if (pledge("stdio", NULL) == -1)
err(1, "pledge");
} else {
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
}
dspew("Server at %s returns:\n", host);
for (i = 0; i < httphsz; i++)
dspew(" [%s]=[%s]\n", httph[i].key, httph[i].val);
dspew(" [Body]=[%zu bytes]\n", hget->bodypartsz);
if (hget->bodypartsz <= 0)
errx(1, "No body in reply from %s", host);
|
| ︙ | ︙ | |||
637 638 639 640 641 642 643 |
} else {
size_t nr = 0;
instaplesz = 0;
/*
* Pledge minimally before fiddling with libcrypto init
*/
| > | | > > > > | 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 |
} else {
size_t nr = 0;
instaplesz = 0;
/*
* Pledge minimally before fiddling with libcrypto init
*/
if (cadir == NULL) {
if (pledge("stdio", NULL) == -1)
err(1, "pledge");
} else {
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
}
dspew("Using ocsp response saved in %s:\n", infile);
/* Use the existing OCSP response saved in infd */
instaple = calloc(OCSP_MAX_RESPONSE_SIZE, 1);
if (instaple) {
while ((nr = read(infd, instaple + instaplesz,
|
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/CMakeLists.txt.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | set( OPENSSL_SRC apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c | > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | set( OPENSSL_SRC apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c cms.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c |
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/Makefile.am.
| ︙ | ︙ | |||
10 11 12 13 14 15 16 17 18 19 20 21 22 23 | openssl_SOURCES = apps.c openssl_SOURCES += asn1pars.c openssl_SOURCES += ca.c openssl_SOURCES += ciphers.c openssl_SOURCES += crl.c openssl_SOURCES += crl2p7.c openssl_SOURCES += dgst.c openssl_SOURCES += dh.c openssl_SOURCES += dhparam.c openssl_SOURCES += dsa.c openssl_SOURCES += dsaparam.c openssl_SOURCES += ec.c openssl_SOURCES += ecparam.c | > | 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | openssl_SOURCES = apps.c openssl_SOURCES += asn1pars.c openssl_SOURCES += ca.c openssl_SOURCES += ciphers.c openssl_SOURCES += crl.c openssl_SOURCES += crl2p7.c openssl_SOURCES += cms.c openssl_SOURCES += dgst.c openssl_SOURCES += dh.c openssl_SOURCES += dhparam.c openssl_SOURCES += dsa.c openssl_SOURCES += dsaparam.c openssl_SOURCES += ec.c openssl_SOURCES += ecparam.c |
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ | |||
112 113 114 115 116 117 118 | $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" PROGRAMS = $(bin_PROGRAMS) am__openssl_SOURCES_DIST = apps.c asn1pars.c ca.c ciphers.c crl.c \ | | | | | | | | | | 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 | $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" PROGRAMS = $(bin_PROGRAMS) am__openssl_SOURCES_DIST = apps.c asn1pars.c ca.c ciphers.c crl.c \ crl2p7.c cms.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c \ ecparam.c enc.c errstr.c gendh.c gendsa.c genpkey.c genrsa.c \ nseq.c ocsp.c openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c \ pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c \ rsautl.c s_cb.c s_client.c s_server.c s_socket.c s_time.c \ sess_id.c smime.c speed.c spkac.c ts.c verify.c version.c \ x509.c certhash.c certhash_win.c apps_win.c apps_posix.c \ compat/poll_win.c compat/clock_gettime_osx.c compat/strtonum.c @BUILD_CERTHASH_TRUE@am__objects_1 = certhash.$(OBJEXT) @BUILD_CERTHASH_FALSE@am__objects_2 = certhash_win.$(OBJEXT) @HOST_WIN_TRUE@am__objects_3 = apps_win.$(OBJEXT) @HOST_WIN_FALSE@am__objects_4 = apps_posix.$(OBJEXT) am__dirstamp = $(am__leading_dot)dirstamp @HAVE_POLL_FALSE@@HOST_WIN_TRUE@am__objects_5 = \ @HAVE_POLL_FALSE@@HOST_WIN_TRUE@ compat/poll_win.$(OBJEXT) @HAVE_CLOCK_GETTIME_FALSE@@HOST_DARWIN_TRUE@am__objects_6 = compat/clock_gettime_osx.$(OBJEXT) @HAVE_STRTONUM_FALSE@am__objects_7 = compat/strtonum.$(OBJEXT) am_openssl_OBJECTS = apps.$(OBJEXT) asn1pars.$(OBJEXT) ca.$(OBJEXT) \ ciphers.$(OBJEXT) crl.$(OBJEXT) crl2p7.$(OBJEXT) cms.$(OBJEXT) \ dgst.$(OBJEXT) dh.$(OBJEXT) dhparam.$(OBJEXT) dsa.$(OBJEXT) \ dsaparam.$(OBJEXT) ec.$(OBJEXT) ecparam.$(OBJEXT) \ enc.$(OBJEXT) errstr.$(OBJEXT) gendh.$(OBJEXT) \ gendsa.$(OBJEXT) genpkey.$(OBJEXT) genrsa.$(OBJEXT) \ nseq.$(OBJEXT) ocsp.$(OBJEXT) openssl.$(OBJEXT) \ passwd.$(OBJEXT) pkcs12.$(OBJEXT) pkcs7.$(OBJEXT) \ pkcs8.$(OBJEXT) pkey.$(OBJEXT) pkeyparam.$(OBJEXT) \ |
| ︙ | ︙ | |||
174 175 176 177 178 179 180 | DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__maybe_remake_depfiles = depfiles am__depfiles_remade = ./$(DEPDIR)/apps.Po ./$(DEPDIR)/apps_posix.Po \ ./$(DEPDIR)/apps_win.Po ./$(DEPDIR)/asn1pars.Po \ ./$(DEPDIR)/ca.Po ./$(DEPDIR)/certhash.Po \ ./$(DEPDIR)/certhash_win.Po ./$(DEPDIR)/ciphers.Po \ | | | | | 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 | DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__maybe_remake_depfiles = depfiles am__depfiles_remade = ./$(DEPDIR)/apps.Po ./$(DEPDIR)/apps_posix.Po \ ./$(DEPDIR)/apps_win.Po ./$(DEPDIR)/asn1pars.Po \ ./$(DEPDIR)/ca.Po ./$(DEPDIR)/certhash.Po \ ./$(DEPDIR)/certhash_win.Po ./$(DEPDIR)/ciphers.Po \ ./$(DEPDIR)/cms.Po ./$(DEPDIR)/crl.Po ./$(DEPDIR)/crl2p7.Po \ ./$(DEPDIR)/dgst.Po ./$(DEPDIR)/dh.Po ./$(DEPDIR)/dhparam.Po \ ./$(DEPDIR)/dsa.Po ./$(DEPDIR)/dsaparam.Po ./$(DEPDIR)/ec.Po \ ./$(DEPDIR)/ecparam.Po ./$(DEPDIR)/enc.Po \ ./$(DEPDIR)/errstr.Po ./$(DEPDIR)/gendh.Po \ ./$(DEPDIR)/gendsa.Po ./$(DEPDIR)/genpkey.Po \ ./$(DEPDIR)/genrsa.Po ./$(DEPDIR)/nseq.Po ./$(DEPDIR)/ocsp.Po \ ./$(DEPDIR)/openssl.Po ./$(DEPDIR)/passwd.Po \ ./$(DEPDIR)/pkcs12.Po ./$(DEPDIR)/pkcs7.Po \ ./$(DEPDIR)/pkcs8.Po ./$(DEPDIR)/pkey.Po \ |
| ︙ | ︙ | |||
405 406 407 408 409 410 411 | -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ -D__END_HIDDEN_DECLS= dist_man_MANS = openssl.1 openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la \ $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD) \ $(PROG_LDADD) openssl_SOURCES = apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c \ | | | | | | | | | > | 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 | -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ -D__END_HIDDEN_DECLS= dist_man_MANS = openssl.1 openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la \ $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD) \ $(PROG_LDADD) openssl_SOURCES = apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c \ cms.c dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c \ enc.c errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c \ ocsp.c openssl.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c \ pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \ s_cb.c s_client.c s_server.c s_socket.c s_time.c sess_id.c \ smime.c speed.c spkac.c ts.c verify.c version.c x509.c \ $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_4) $(am__append_5) $(am__append_6) \ $(am__append_7) noinst_HEADERS = apps.h progs.h s_apps.h testdsa.h testrsa.h \ timeouts.h EXTRA_DIST = cert.pem openssl.cnf x509v3.cnf CMakeLists.txt all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj |
| ︙ | ︙ | |||
531 532 533 534 535 536 537 538 539 540 541 542 543 544 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/apps_posix.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/apps_win.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1pars.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ca.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certhash.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certhash_win.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl2p7.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dgst.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dh.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhparam.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsa.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsaparam.Po@am__quote@ # am--include-marker | > | 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/apps_posix.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/apps_win.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1pars.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ca.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certhash.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certhash_win.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphers.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cms.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl2p7.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dgst.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dh.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhparam.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsa.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsaparam.Po@am__quote@ # am--include-marker |
| ︙ | ︙ | |||
794 795 796 797 798 799 800 801 802 803 804 805 806 807 | -rm -f ./$(DEPDIR)/apps_posix.Po -rm -f ./$(DEPDIR)/apps_win.Po -rm -f ./$(DEPDIR)/asn1pars.Po -rm -f ./$(DEPDIR)/ca.Po -rm -f ./$(DEPDIR)/certhash.Po -rm -f ./$(DEPDIR)/certhash_win.Po -rm -f ./$(DEPDIR)/ciphers.Po -rm -f ./$(DEPDIR)/crl.Po -rm -f ./$(DEPDIR)/crl2p7.Po -rm -f ./$(DEPDIR)/dgst.Po -rm -f ./$(DEPDIR)/dh.Po -rm -f ./$(DEPDIR)/dhparam.Po -rm -f ./$(DEPDIR)/dsa.Po -rm -f ./$(DEPDIR)/dsaparam.Po | > | 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 | -rm -f ./$(DEPDIR)/apps_posix.Po -rm -f ./$(DEPDIR)/apps_win.Po -rm -f ./$(DEPDIR)/asn1pars.Po -rm -f ./$(DEPDIR)/ca.Po -rm -f ./$(DEPDIR)/certhash.Po -rm -f ./$(DEPDIR)/certhash_win.Po -rm -f ./$(DEPDIR)/ciphers.Po -rm -f ./$(DEPDIR)/cms.Po -rm -f ./$(DEPDIR)/crl.Po -rm -f ./$(DEPDIR)/crl2p7.Po -rm -f ./$(DEPDIR)/dgst.Po -rm -f ./$(DEPDIR)/dh.Po -rm -f ./$(DEPDIR)/dhparam.Po -rm -f ./$(DEPDIR)/dsa.Po -rm -f ./$(DEPDIR)/dsaparam.Po |
| ︙ | ︙ | |||
894 895 896 897 898 899 900 901 902 903 904 905 906 907 | -rm -f ./$(DEPDIR)/apps_posix.Po -rm -f ./$(DEPDIR)/apps_win.Po -rm -f ./$(DEPDIR)/asn1pars.Po -rm -f ./$(DEPDIR)/ca.Po -rm -f ./$(DEPDIR)/certhash.Po -rm -f ./$(DEPDIR)/certhash_win.Po -rm -f ./$(DEPDIR)/ciphers.Po -rm -f ./$(DEPDIR)/crl.Po -rm -f ./$(DEPDIR)/crl2p7.Po -rm -f ./$(DEPDIR)/dgst.Po -rm -f ./$(DEPDIR)/dh.Po -rm -f ./$(DEPDIR)/dhparam.Po -rm -f ./$(DEPDIR)/dsa.Po -rm -f ./$(DEPDIR)/dsaparam.Po | > | 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 | -rm -f ./$(DEPDIR)/apps_posix.Po -rm -f ./$(DEPDIR)/apps_win.Po -rm -f ./$(DEPDIR)/asn1pars.Po -rm -f ./$(DEPDIR)/ca.Po -rm -f ./$(DEPDIR)/certhash.Po -rm -f ./$(DEPDIR)/certhash_win.Po -rm -f ./$(DEPDIR)/ciphers.Po -rm -f ./$(DEPDIR)/cms.Po -rm -f ./$(DEPDIR)/crl.Po -rm -f ./$(DEPDIR)/crl2p7.Po -rm -f ./$(DEPDIR)/dgst.Po -rm -f ./$(DEPDIR)/dh.Po -rm -f ./$(DEPDIR)/dhparam.Po -rm -f ./$(DEPDIR)/dsa.Po -rm -f ./$(DEPDIR)/dsaparam.Po |
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/cert.pem.
|
| | | 1 2 3 4 5 6 7 8 |
# $OpenBSD: cert.pem,v 1.20 2020/04/10 12:13:17 sthen Exp $
### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
=== /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6047274297262753887 (0x53ec3beefbb2485f)
|
| ︙ | ︙ | |||
64 65 66 67 68 69 70 |
### AC Camerfirma S.A.
=== /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
Certificate:
Data:
Version: 3 (0x2)
| | > | 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
### AC Camerfirma S.A.
=== /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a3:da:42:7e:a4:b1:ae:da
Signature Algorithm: sha1WithRSAEncryption
Validity
Not Before: Aug 1 12:29:50 2008 GMT
Not After : Jul 31 12:29:50 2038 GMT
Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
X509v3 extensions:
X509v3 Basic Constraints: critical
|
| ︙ | ︙ | |||
134 135 136 137 138 139 140 |
OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ
d0jQ
-----END CERTIFICATE-----
=== /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
Certificate:
Data:
Version: 3 (0x2)
| | > | 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 |
OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ
d0jQ
-----END CERTIFICATE-----
=== /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c9:cd:d3:e9:d5:7d:23:ce
Signature Algorithm: sha1WithRSAEncryption
Validity
Not Before: Aug 1 12:31:40 2008 GMT
Not After : Jul 31 12:31:40 2038 GMT
Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
X509v3 extensions:
X509v3 Basic Constraints: critical
|
| ︙ | ︙ | |||
779 780 781 782 783 784 785 | 9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW 1KyLa2tJElMzrdfkviT8tQp21KW8EA== -----END CERTIFICATE----- | < < < | 781 782 783 784 785 786 787 788 789 790 791 792 793 794 |
9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk
M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB
MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw
CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW
1KyLa2tJElMzrdfkviT8tQp21KW8EA==
-----END CERTIFICATE-----
### Atos
=== /CN=Atos TrustedRoot 2011/O=Atos/C=DE
Certificate:
Data:
Version: 3 (0x2)
|
| ︙ | ︙ | |||
978 979 980 981 982 983 984 | dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq 4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= -----END CERTIFICATE----- | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 977 978 979 980 981 982 983 984 985 986 987 988 989 990 |
dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE
kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41
3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD
u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq
4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc=
-----END CERTIFICATE-----
### certSIGN
=== /C=RO/O=certSIGN/OU=certSIGN ROOT CA
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 35210227249154 (0x200605167002)
|
| ︙ | ︙ | |||
1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 |
o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS
/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z
Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE
W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D
hNQ+IIX3Sj0rnP0qCglN6oH4EZw=
-----END CERTIFICATE-----
### COMODO CA Limited
=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 |
o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS
/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z
Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE
W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D
hNQ+IIX3Sj0rnP0qCglN6oH4EZw=
-----END CERTIFICATE-----
### Comodo CA Limited
=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Validity
Not Before: Jan 1 00:00:00 2004 GMT
Not After : Dec 31 23:59:59 2028 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.comodoca.com/AAACertificateServices.crl
Full Name:
URI:http://crl.comodo.net/AAACertificateServices.crl
SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
### COMODO CA Limited
=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
|
| ︙ | ︙ | |||
1386 1387 1388 1389 1390 1391 1392 | jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl 0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB NVOFBkpdn627G190 -----END CERTIFICATE----- | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 |
jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
NVOFBkpdn627G190
-----END CERTIFICATE-----
### Cybertrust, Inc
=== /O=Cybertrust, Inc/CN=Cybertrust Global Root
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
|
| ︙ | ︙ | |||
1601 1602 1603 1604 1605 1606 1607 | 3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 -----END CERTIFICATE----- | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | > | 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 |
3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF
CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na
xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX
KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1
-----END CERTIFICATE-----
### Dhimyotis
=== /C=FR/O=Dhimyotis/CN=Certigna
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fe:dc:e3:01:0f:c9:48:ff
Signature Algorithm: sha1WithRSAEncryption
Validity
Not Before: Jun 29 15:13:05 2007 GMT
Not After : Jun 29 15:13:05 2027 GMT
Subject: C=FR, O=Dhimyotis, CN=Certigna
X509v3 extensions:
X509v3 Basic Constraints: critical
|
| ︙ | ︙ | |||
2161 2162 2163 2164 2165 2166 2167 |
### Disig a.s.
=== /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2
Certificate:
Data:
Version: 3 (0x2)
| | > | 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 |
### Disig a.s.
=== /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
92:b8:88:db:b0:8a:c1:63
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: Jul 19 09:15:30 2012 GMT
Not After : Jul 19 09:15:30 2042 GMT
Subject: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2
X509v3 extensions:
X509v3 Basic Constraints: critical
|
| ︙ | ︙ | |||
2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 |
FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl
yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P
AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD
y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d
NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA==
-----END CERTIFICATE-----
### Entrust, Inc.
=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1246989352 (0x4a538c28)
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 |
FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl
yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P
AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD
y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d
NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA==
-----END CERTIFICATE-----
### eMudhra Inc
=== /C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign ECC Root CA - C3
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:71:b6:82:56:b8:12:7c:9c:a8
Signature Algorithm: ecdsa-with-SHA384
Validity
Not Before: Feb 18 18:30:00 2018 GMT
Not After : Feb 18 18:30:00 2043 GMT
Subject: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:5A:48:D0:80:20:40:F2:A8:E9:00:07:69:19:77:A7:E6:C3:F4:CF
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
SHA1 Fingerprint=B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66
SHA256 Fingerprint=BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3
-----BEGIN CERTIFICATE-----
MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQG
EwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMx
IDAeBgNVBAMTF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAw
MFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln
biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQDExdlbVNpZ24gRUND
IFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd6bci
MK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4Ojavti
sIGJAnB9SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0O
BBYEFPtaSNCAIEDyqOkAB2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB
Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c
3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwUZOR8loMRnLDRWmFLpg9J
0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==
-----END CERTIFICATE-----
=== /C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign Root CA - C1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ae:cf:00:ba:c4:cf:32:f8:43:b2
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: Feb 18 18:30:00 2018 GMT
Not After : Feb 18 18:30:00 2043 GMT
Subject: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:A1:E0:70:1E:2A:03:39:52:5A:42:BE:5C:91:85:7A:18:AA:4D:B5
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
SHA1 Fingerprint=E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01
SHA256 Fingerprint=12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F
-----BEGIN CERTIFICATE-----
MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG
A1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg
SW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw
MFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln
biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9v
dCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+upufGZ
BczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZ
HdPIWoU/Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH
3DspVpNqs8FqOp099cGXOFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvH
GPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4VI5b2P/AgNBbeCsbEBEV5f6f9vtKppa+c
xSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleoomslMuoaJuvimUnzYnu3Yy1
aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+XJGFehiq
TbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87
/kOXSTKZEhVb3xEp/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4
kqNPEjE2NuLe/gDEo2APJ62gsIq1NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrG
YQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9wC68AivTxEDkigcxHpvOJpkT
+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQBmIMMMAVSKeo
WXzhriKi4gp6D/piq1JM4fHfyr6DDUI=
-----END CERTIFICATE-----
### eMudhra Technologies Limited
=== /C=IN/OU=emSign PKI/O=eMudhra Technologies Limited/CN=emSign ECC Root CA - G3
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:f6:07:a9:68:70:0e:da:8b:84
Signature Algorithm: ecdsa-with-SHA384
Validity
Not Before: Feb 18 18:30:00 2018 GMT
Not After : Feb 18 18:30:00 2043 GMT
Subject: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:5D:02:84:13:D4:CC:8A:9B:81:CE:17:1C:2E:29:1E:9C:48:63:42
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
SHA1 Fingerprint=30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1
SHA256 Fingerprint=86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B
-----BEGIN CERTIFICATE-----
MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG
EwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo
bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g
RzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJ
TjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s
b2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMw
djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0
WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xyS
fvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuB
zhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq
hkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB
CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD
+JbNR6iC8hZVdyR+EhCVBCyj
-----END CERTIFICATE-----
=== /C=IN/OU=emSign PKI/O=eMudhra Technologies Limited/CN=emSign Root CA - G1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
31:f5:e4:62:0c:6c:58:ed:d6:d8
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: Feb 18 18:30:00 2018 GMT
Not After : Feb 18 18:30:00 2043 GMT
Subject: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:EF:0D:86:9E:B0:E3:DD:A9:B9:F1:21:17:7F:3E:FC:F0:77:2B:1A
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
SHA1 Fingerprint=8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C
SHA256 Fingerprint=40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67
-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD
VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU
ZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH
MTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgxODMwMDBaMGcxCzAJBgNVBAYTAklO
MRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVkaHJhIFRlY2hub2xv
Z2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQz
f2N4aLTNLnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO
8oG0x5ZOrRkVUkr+PHB1cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aq
d7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHWDV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhM
tTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ6DqS0hdW5TUaQBw+jSzt
Od9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrHhQIDAQAB
o0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQD
AgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31x
PaOfG1vR2vjTnGs2vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjM
wiI/aTvFthUvozXGaCocV685743QNcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6d
GNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q+Mri/Tm3R7nrft8EI6/6nAYH
6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeihU80Bv2noWgby
RQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx
iN66zB+Afko=
-----END CERTIFICATE-----
### Entrust, Inc.
=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1246989352 (0x4a538c28)
|
| ︙ | ︙ | |||
2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 |
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi
A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt
ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH
Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC
R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX
hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
-----END CERTIFICATE-----
=== /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1164660820 (0x456b5054)
Signature Algorithm: sha1WithRSAEncryption
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 |
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi
A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt
ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH
Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC
R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX
hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
-----END CERTIFICATE-----
=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2015 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G4
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: May 27 11:11:16 2015 GMT
Not After : Dec 27 11:41:16 2037 GMT
Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
9F:38:C4:56:23:C3:39:E8:A0:71:6C:E8:54:4C:E4:E8:3A:B1:BF:67
SHA1 Fingerprint=14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01
SHA256 Fingerprint=DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
-----BEGIN CERTIFICATE-----
MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw
gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0
MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1
c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJ
bmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg
Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ
2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3E
T+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j
5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAM
C1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73T
DtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNX
wbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A
2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm
nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8
dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwl
N4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNj
c0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS
5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTS
Gwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGr
hFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/
B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI
AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbw
H5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+
b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk
2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol
IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk
5F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuY
n/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw==
-----END CERTIFICATE-----
=== /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1164660820 (0x456b5054)
Signature Algorithm: sha1WithRSAEncryption
|
| ︙ | ︙ | |||
3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 |
mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3
7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB
oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO
fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi
AmvZWg==
-----END CERTIFICATE-----
### IdenTrust
=== /C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1
Certificate:
Data:
Version: 3 (0x2)
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632 3633 3634 3635 3636 3637 3638 3639 3640 3641 3642 3643 3644 3645 3646 3647 3648 3649 3650 3651 3652 3653 3654 3655 3656 3657 3658 3659 3660 3661 3662 3663 3664 3665 3666 3667 3668 3669 3670 3671 3672 3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683 3684 3685 3686 3687 3688 |
mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3
7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB
oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO
fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi
AmvZWg==
-----END CERTIFICATE-----
=== /C=HK/ST=Hong Kong/L=Hong Kong/O=Hongkong Post/CN=Hongkong Post Root CA 3
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: Jun 3 02:29:46 2017 GMT
Not After : Jun 3 02:29:46 2042 GMT
Subject: C=HK, ST=Hong Kong, L=Hong Kong, O=Hongkong Post, CN=Hongkong Post Root CA 3
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Authority Key Identifier:
keyid:17:9D:CD:1E:8B:D6:39:2B:70:D3:5C:D4:A0:B8:1F:B0:00:FC:C5:61
X509v3 Subject Key Identifier:
17:9D:CD:1E:8B:D6:39:2B:70:D3:5C:D4:A0:B8:1F:B0:00:FC:C5:61
SHA1 Fingerprint=58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02
SHA256 Fingerprint=5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6
-----BEGIN CERTIFICATE-----
MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL
BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ
SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n
a29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5
NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT
CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u
Z2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO
dem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI
VoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV
9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY
2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY
vLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt
bNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb
x39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+
l2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK
TE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj
Hno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e
i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw
DQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG
7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk
MpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr
gZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk
GMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS
3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm
Ozj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+
l6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c
JfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP
L5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa
LJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG
mpv0
-----END CERTIFICATE-----
### IdenTrust
=== /C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1
Certificate:
Data:
Version: 3 (0x2)
|
| ︙ | ︙ | |||
3931 3932 3933 3934 3935 3936 3937 |
### Microsec Ltd.
=== /C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
Certificate:
Data:
Version: 3 (0x2)
| | > | 4050 4051 4052 4053 4054 4055 4056 4057 4058 4059 4060 4061 4062 4063 4064 4065 |
### Microsec Ltd.
=== /C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c2:7e:43:04:4e:47:3f:19
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: Jun 16 11:30:18 2009 GMT
Not After : Dec 30 11:30:18 2029 GMT
Subject: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
X509v3 extensions:
X509v3 Basic Constraints: critical
|
| ︙ | ︙ | |||
4896 4897 4898 4899 4900 4901 4902 | vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc 7uzXLg== -----END CERTIFICATE----- | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 5016 5017 5018 5019 5020 5021 5022 5023 5024 5025 5026 5027 5028 5029 |
vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6
Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa
Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL
eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8
FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc
7uzXLg==
-----END CERTIFICATE-----
=== /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10003001 (0x98a239)
Signature Algorithm: sha256WithRSAEncryption
Validity
|
| ︙ | ︙ | |||
5144 5145 5146 5147 5148 5149 5150 |
### SwissSign AG
=== /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
Certificate:
Data:
Version: 3 (0x2)
| | > | 5208 5209 5210 5211 5212 5213 5214 5215 5216 5217 5218 5219 5220 5221 5222 5223 |
### SwissSign AG
=== /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bb:40:1c:43:f5:5e:4f:b0
Signature Algorithm: sha1WithRSAEncryption
Validity
Not Before: Oct 25 08:30:35 2006 GMT
Not After : Oct 25 08:30:35 2036 GMT
Subject: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
X509v3 extensions:
X509v3 Key Usage: critical
|
| ︙ | ︙ | |||
5767 5768 5769 5770 5771 5772 5773 |
### TrustCor Systems S. de R.L.
=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor ECA-1
Certificate:
Data:
Version: 3 (0x2)
| | > | 5832 5833 5834 5835 5836 5837 5838 5839 5840 5841 5842 5843 5844 5845 5846 5847 |
### TrustCor Systems S. de R.L.
=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor ECA-1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
84:82:2c:5f:1c:62:d0:40
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: Feb 4 12:32:33 2016 GMT
Not After : Dec 31 17:28:07 2029 GMT
Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor ECA-1
X509v3 extensions:
X509v3 Subject Key Identifier:
|
| ︙ | ︙ | |||
5814 5815 5816 5817 5818 5819 5820 |
WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi
tJ/X5g==
-----END CERTIFICATE-----
=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor RootCert CA-1
Certificate:
Data:
Version: 3 (0x2)
| | > | 5880 5881 5882 5883 5884 5885 5886 5887 5888 5889 5890 5891 5892 5893 5894 5895 |
WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi
tJ/X5g==
-----END CERTIFICATE-----
=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor RootCert CA-1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
da:9b:ec:71:f3:03:b0:19
Signature Algorithm: sha256WithRSAEncryption
Validity
Not Before: Feb 4 12:32:16 2016 GMT
Not After : Dec 31 17:23:16 2029 GMT
Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1
X509v3 extensions:
X509v3 Subject Key Identifier:
|
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/openssl.1.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: openssl.1,v 1.121 2020/04/25 19:18:40 schwarze Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" |
| ︙ | ︙ | |||
106 107 108 109 110 111 112 | .\" SUCH DAMAGE. .\" .\" The licence and distribution terms for any publically available version or .\" derivative of this code cannot be changed. i.e. this code cannot simply be .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" | | | 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 | .\" SUCH DAMAGE. .\" .\" The licence and distribution terms for any publically available version or .\" derivative of this code cannot be changed. i.e. this code cannot simply be .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" .Dd $Mdocdate: April 25 2020 $ .Dt OPENSSL 1 .Os .Sh NAME .Nm openssl .Nd OpenSSL command line tool .Sh SYNOPSIS .Nm |
| ︙ | ︙ | |||
196 197 198 199 200 201 202 203 204 205 206 207 208 209 | .Cm no- Ns Ar command is not able to detect pseudo-commands such as .Cm quit , .Cm list- Ns Ar ... Ns Cm -commands , or .Cm no- Ns Ar command itself. .Sh ASN1PARSE .Bl -hang -width "openssl asn1parse" .It Nm openssl asn1parse .Bk -words .Op Fl i .Op Fl dlimit Ar number .Op Fl dump | > | 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 | .Cm no- Ns Ar command is not able to detect pseudo-commands such as .Cm quit , .Cm list- Ns Ar ... Ns Cm -commands , or .Cm no- Ns Ar command itself. .Tg asn1parse .Sh ASN1PARSE .Bl -hang -width "openssl asn1parse" .It Nm openssl asn1parse .Bk -words .Op Fl i .Op Fl dlimit Ar number .Op Fl dump |
| ︙ | ︙ | |||
292 293 294 295 296 297 298 299 300 301 302 303 304 305 | .It Fl strparse Ar offset Parse the content octets of the ASN.1 object starting at .Ar offset . This option can be used multiple times to .Qq drill down into a nested structure. .El .Sh CA .Bl -hang -width "openssl ca" .It Nm openssl ca .Bk -words .Op Fl batch .Op Fl cert Ar file .Op Fl config Ar file | > | 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 | .It Fl strparse Ar offset Parse the content octets of the ASN.1 object starting at .Ar offset . This option can be used multiple times to .Qq drill down into a nested structure. .El .Tg ca .Sh CA .Bl -hang -width "openssl ca" .It Nm openssl ca .Bk -words .Op Fl batch .Op Fl cert Ar file .Op Fl config Ar file |
| ︙ | ︙ | |||
841 842 843 844 845 846 847 848 849 850 851 852 853 854 | several valid certificate entries may have the exact same subject. The default value is .Cm yes . .It Cm x509_extensions The same as .Fl extensions . .El .Sh CIPHERS .Nm openssl ciphers .Op Fl hVv .Op Ar control .Pp The .Nm ciphers | > | 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 | several valid certificate entries may have the exact same subject. The default value is .Cm yes . .It Cm x509_extensions The same as .Fl extensions . .El .Tg ciphers .Sh CIPHERS .Nm openssl ciphers .Op Fl hVv .Op Ar control .Pp The .Nm ciphers |
| ︙ | ︙ | |||
873 874 875 876 877 878 879 880 881 882 883 884 885 886 | cipher name, and a complete description of protocol version, key exchange, authentication, encryption, and mac algorithms. .It Fl v Like .Fl V , but without cipher suite codes. .El .Sh CRL .Bl -hang -width "openssl crl" .It Nm openssl crl .Bk -words .Op Fl CAfile Ar file .Op Fl CApath Ar dir .Op Fl crlnumber | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 | cipher name, and a complete description of protocol version, key exchange, authentication, encryption, and mac algorithms. .It Fl v Like .Fl V , but without cipher suite codes. .El .Tg cms .Sh CMS .Bl -hang -width "openssl cms" .It Nm openssl cms .Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | .Fl camellia192 | camellia256 | des | des3 | .Fl rc2-40 | rc2-64 | rc2-128 .Oc .Op Fl CAfile Ar file .Op Fl CApath Ar directory .Op Fl binary .Op Fl certfile Ar file .Op Fl certsout Ar file .Op Fl cmsout .Op Fl compress .Op Fl content Ar file .Op Fl crlfeol .Op Fl data_create .Op Fl data_out .Op Fl debug_decrypt .Op Fl decrypt .Op Fl digest_create .Op Fl digest_verify .Op Fl econtent_type Ar type .Op Fl encrypt .Op Fl EncryptedData_decrypt .Op Fl EncryptedData_encrypt .Op Fl from Ar addr .Op Fl in Ar file .Op Fl inform Cm der | pem | smime .Op Fl inkey Ar file .Op Fl keyform Cm der | pem .Op Fl keyid .Op Fl keyopt Ar nm:v .Op Fl md Ar digest .Op Fl no_attr_verify .Op Fl no_content_verify .Op Fl no_signer_cert_verify .Op Fl noattr .Op Fl nocerts .Op Fl nodetach .Op Fl nointern .Op Fl nooldmime .Op Fl noout .Op Fl nosigs .Op Fl nosmimecap .Op Fl noverify .Op Fl out Ar file .Op Fl outform Cm der | pem | smime .Op Fl passin Ar src .Op Fl print .Op Fl pwri_password Ar arg .Op Fl rctform Cm der | pem | smime .Op Fl receipt_request_all | receipt_request_first .Op Fl receipt_request_from Ar addr .Op Fl receipt_request_print .Op Fl receipt_request_to Ar addr .Op Fl recip Ar file .Op Fl resign .Op Fl secretkey Ar key .Op Fl secretkeyid Ar id .Op Fl sign .Op Fl sign_receipt .Op Fl signer Ar file .Op Fl stream | indef | noindef .Op Fl subject Ar s .Op Fl text .Op Fl to Ar addr .Op Fl uncompress .Op Fl verify .Op Fl verify_receipt Ar file .Op Fl verify_retcode .Op Ar cert.pem ... .Ek .El .Pp The .Nm cms command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME messages. .Pp The MIME message must be sent without any blank lines between the headers and the output. Some mail programs will automatically add a blank line. Piping the mail directly to sendmail is one way to achieve the correct format. .Pp The supplied message to be signed or encrypted must include the necessary MIME headers or many S/MIME clients won't display it properly (if at all). You can use the .Fl text option to automatically add plain text headers. .Pp A "signed and encrypted" message is one where a signed message is then encrypted. This can be produced by encrypting an already signed message. .Pp There are various operation options that set the type of operation to be performed. The meaning of the other options varies according to the operation type. .Bl -tag -width "XXXX" .It Fl encrypt Encrypt mail for the given recipient certificates. Input file is the message to be encrypted. The output file is the encrypted mail in MIME format. The actual CMS type is EnvelopedData. Note that no revocation check is done for the recipient cert, so if that key has been compromised, others may be able to decrypt the text. .It Fl decrypt Decrypt mail using the supplied certificate and private key. Expects an encrypted mail message in MIME format for the input file. The decrypted mail is written to the output file. .It Fl sign Sign mail using the supplied certificate and private key. Input file is the message to be signed. The signed message in MIME format is written to the output file. .It Fl verify Verify signed mail. Expects a signed mail message on input and outputs the signed data. Both clear text and opaque signing are supported. .It Fl cmsout Take an input message and write out a PEM encoded CMS structure. .It Fl resign Resign a message. Take an existing message and one or more new signers. This operation uses an existing message digest when adding a new signer. This means that attributes must be present in at least one existing signer using the same message digest or this operation will fail. .It Fl data_create Create a CMS Data type. .It Fl data_out Output a content from the input CMS Data type. .It Fl digest_create Create a CMS DigestedData type. .It Fl digest_verify Verify a CMS DigestedData type and output the content. .It Fl compress Create a CMS CompressedData type. Must be compiled with zlib support for this option to work. .It Fl uncompress Uncompress a CMS CompressedData type and output the content. Must be compiled with zlib support for this option to work. .It Fl EncryptedData_encrypt Encrypt a content using supplied symmetric key and algorithm using a CMS EncryptedData type. .It Fl EncryptedData_decrypt Decrypt a CMS EncryptedData type using supplied symmetric key. .It Fl sign_receipt Generate and output a signed receipt for the supplied message. The input message must contain a signed receipt request. Functionality is otherwise similar to the .Fl sign operation. .It Xo .Fl verify_receipt Ar file .Xc Verify a signed receipt in file. The input message must contain the original receipt request. Functionality is otherwise similar to the .Fl verify operation. .El .Pp The remaining options are as follows: .Bl -tag -width "XXXX" .It Xo .Fl aes128 | aes192 | aes256 | camellia128 | .Fl camellia192 | camellia256 | des | des3 | .Fl rc2-40 | rc2-64 | rc2-128 .Xc The encryption algorithm to use. 128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA, DES (56 bits), triple DES (168 bits), or 40-, 64-, or 128-bit RC2, respectively; if not specified, triple DES is used. Only used with .Fl encrypt and .Fl EncryptedData_encrypt commands. .It Fl binary Normally the input message is converted to "canonical" format which is effectively using CR/LF as end of line, as required by the S/MIME specification. When this option is present no translation occurs. This is useful when handling binary data which may not be in MIME format. .It Fl CAfile Ar file A file containing trusted CA certificates, used with .Fl verify and .Fl verify_receipt . .It Fl CApath Ar directory A directory containing trusted CA certificates, used with .Fl verify and .Fl verify_receipt . This directory must be a standard certificate directory: that is a hash of each subject name (using .Nm x509 Fl hash ) should be linked to each certificate. .It Ar cert.pem... One or more certificates of message recipients: used when encrypting a message. .It Fl certfile Ar file Allows additional certificates to be specified. When signing these will be included with the message. When verifying these will be searched for the signer's certificates. The certificates should be in PEM format. .It Fl certsout Ar file A file that any certificates contained in the message are written to. .It Xo .Fl check_ss_sig , .Fl crl_check , .Fl crl_check_all , .Fl extended_crl , .Fl ignore_critical , .Fl issuer_checks , .Fl policy , .Fl policy_check , .Fl purpose , .Fl x509_strict .Xc Set various certificate chain validation options. See the .Nm verify command for details. .It Fl content Ar file A file containing the detached content. This is only useful with the .Fl verify command. This is only usable if the CMS structure is using the detached signature form where the content is not included. This option will override any content if the input format is S/MIME and it uses the multipart/signed MIME content type. .It Fl crlfeol Output a S/MIME message with CR/LF end of line. .It Fl debug_decrypt Set the CMS_DEBUG_DECRYPT flag when decrypting. This option should be used with caution, since this can be used to disable the MMA attack protection and return an error if no recipient can be found. See the .Xr CMS_decrypt 3 manual page for details of the flag. .It Xo .Fl from Ar addr , .Fl subject Ar s , .Fl to Ar addr .Xc The relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signer's certificate's email address matches that specified in the From: address. .It Fl econtent_type Ar type Set the encapsulated content type, used with .Fl sign . If not supplied the Data type is used. The type argument can be any valid OID name in either text or numerical format. .It Fl in Ar file The input message to be encrypted or signed or the message to be decrypted or verified. .It Fl inform Cm der | pem | smime The input format for the CMS structure. The default is .Cm smime , which reads an S/MIME format message. .Cm pem and .Cm der format change this to expect PEM and DER format CMS structures instead. This currently only affects the input format of the CMS structure; if no CMS structure is being input (for example with .Fl encrypt or .Fl sign ) this option has no effect. .It Fl inkey Ar file The private key to use when signing or decrypting. This must match the corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with the .Fl recip or .Fl signer file. When signing this option can be used multiple times to specify successive keys. .It Fl keyform Cm der | pem Input private key format. The default is .Cm pem . .It Fl keyid Use subject key identifier to identify certificates instead of issuer name and serial number. The supplied certificate must include a subject key identifier extension. Supported by .Fl sign and .Fl encrypt operations. .It Fl keyopt Ar nm:v Set customised parameters for the preceding key or certificate for encryption and signing. It can currently be used to set RSA-PSS for signing, RSA-OAEP for encryption or to modify default parameters for ECDH. This option can be used multiple times. .It Fl md Ar digest The digest algorithm to use when signing or resigning. If not present then the default digest algorithm for the signing key will be used (usually SHA1). .It Fl no_attr_verify Do not verify the signer's attribute of a signature. .It Fl no_content_verify Do not verify the content of a signed message. .It Fl no_signer_cert_verify Do not verify the signer's certificate of a signed message. .It Fl noattr Do not include attributes. Normally when a message is signed a set of attributes are included which include the signing time and supported symmetric algorithms. With this option they are not included. .It Fl nocerts Do not include the signer's certificate. This will reduce the size of the signed message but the verifier must have a copy of the signer's certificate available locally (passed using the .Fl certfile option for example). .It Fl nodetach When signing a message use opaque signing. This form is more resistant to translation by mail relays but it cannot be read by mail agents that do not support S/MIME. Without this option cleartext signing with the MIME type multipart/signed is used. .It Fl nointern Only the certificates specified in the .Fl certfile option are used. When verifying a message normally certificates (if any) included in the message are searched for the signing certificate. The supplied certificates can still be used as untrusted CAs however. .It Fl nooldmime Output an old S/MIME content type like "application/x-pkcs7-". .It Fl noout Do not output the parsed CMS structure for the .Fl cmsout operation. This is useful when combined with the .Fl print option or if the syntax of the CMS structure is being checked. .It Fl nosigs Do not try to verify the signatures on the message. .It Fl nosmimecap Exclude the list of supported algorithms from signed attributes; other options such as signing time and content type are still included. .It Fl noverify Do not verify the signer's certificate of a signed message. .It Fl out Ar file The message text that has been decrypted or verified or the output MIME format message that has been signed or verified. .It Fl outform Cm der | pem | smime This specifies the output format for the CMS structure. The default is .Cm smime , which writes an S/MIME format message. .Cm pem and .Cm der format change this to write PEM and DER format CMS structures instead. This currently only affects the output format of the CMS structure; if no CMS structure is being output (for example with .Fl verify or .Fl decrypt ) this option has no effect. .It Fl passin Ar src The private key password source. .It Fl print Print out all fields of the CMS structure for the .Fl cmsout operation. This is mainly useful for testing purposes. .It Fl pwri_password Ar arg Specify PasswordRecipientInfo (PWRI) password to use. Supported by the .Fl encrypt and .Fl decrypt operations. .It Fl rctform Cm der | pem | smime Specify the format for a signed receipt for use with the .Fl receipt_verify operation. The default is .Cm smime . .It Fl receipt_request_all | receipt_request_first Indicate requests should be provided by all recipient or first tier recipients (those mailed directly and not from a mailing list), for the .Fl sign operation to include a signed receipt request. Ignored if .Fl receipt_request_from is included. .It Fl receipt_request_from Ar addr Add an explicit email address where receipts should be supplied. .It Fl receipt_request_print Print out the contents of any signed receipt requests for the .Fl verify operation. .It Fl receipt_request_to Ar addr Add an explicit email address where signed receipts should be sent to. This option must be supplied if a signed receipt is requested. .It Fl recip Ar file When decrypting a message this specifies the recipient's certificate. The certificate must match one of the recipients of the message or an error occurs. When encrypting a message this option may be used multiple times to specify each recipient. This form must be used if customised parameters are required (for example to specify RSA-OAEP). Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this option. .It Fl secretkey Ar key Specify symmetric key to use. The key must be supplied in hex format and be consistent with the algorithm used. Supported by the .Fl EncryptedData_encrypt , .Fl EncryptedData_decrypt , .Fl encrypt and .Fl decrypt operations. When used with .Fl encrypt or .Fl decrypt the supplied key is used to wrap or unwrap the content encryption key using an AES key in the KEKRecipientInfo type. .It Fl secretkeyid Ar id The key identifier for the supplied symmetric key for KEKRecipientInfo type. This option must be present if the .Fl secretkey option is used with .Fl encrypt . With .Fl decrypt operations the id is used to locate the relevant key; if it is not supplied then an attempt is used to decrypt any KEKRecipientInfo structures. .It Fl signer Ar file A signing certificate when signing or resigning a message; this option can be used multiple times if more than one signer is required. If a message is being verified then the signers certificates will be written to this file if the verification was successful. .It Xo .Fl stream | .Fl indef | .Fl noindef .Xc The .Fl stream and .Fl indef options are equivalent and enable streaming I/O for encoding operations. This permits single pass processing of data without the need to hold the entire contents in memory, potentially supporting very large files. Streaming is automatically set for S/MIME signing with detached data if the output format is .Cm smime ; it is currently off by default for all other operations. .Fl noindef disable streaming I/O where it would produce an indefinite length constructed encoding. This option currently has no effect. .It Fl text Add plain text (text/plain) MIME headers to the supplied message if encrypting or signing. If decrypting or verifying it strips off text headers: if the decrypted or verified message is not of MIME type text/plain then an error occurs. .It Fl verify_retcode Set verification error code to exit code to indicate what verification error has occurred. Supported by .Fl verify operation only. Exit code value minus 32 shows verification error code. See .Nm verify command for the list of verification error code. .El .Pp The exit codes for .Nm cms are as follows: .Pp .Bl -tag -width "XXXX" -offset 3n -compact .It 0 The operation was completely successful. .It 1 An error occurred parsing the command options. .It 2 One of the input files could not be read. .It 3 An error occurred creating the CMS file or when reading the MIME message. .It 4 An error occurred decrypting or verifying the message. .It 5 The message was verified correctly but an error occurred writing out the signer's certificates. .It 6 An error occurred writing the output file. .It 32+ A verify error occurred while .Fl verify_retcode is specified. .El .Tg crl .Sh CRL .Bl -hang -width "openssl crl" .It Nm openssl crl .Bk -words .Op Fl CAfile Ar file .Op Fl CApath Ar dir .Op Fl crlnumber |
| ︙ | ︙ | |||
949 950 951 952 953 954 955 956 957 958 959 960 961 962 | .It Fl outform Cm der | pem The output format. .It Fl text Print the CRL in plain text. .It Fl verify Verify the signature on the CRL. .El .Sh CRL2PKCS7 .Bl -hang -width "openssl crl2pkcs7" .It Nm openssl crl2pkcs7 .Bk -words .Op Fl certfile Ar file .Op Fl in Ar file .Op Fl inform Cm der | pem | > | 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 | .It Fl outform Cm der | pem The output format. .It Fl text Print the CRL in plain text. .It Fl verify Verify the signature on the CRL. .El .Tg crl2pkcs7 .Sh CRL2PKCS7 .Bl -hang -width "openssl crl2pkcs7" .It Nm openssl crl2pkcs7 .Bk -words .Op Fl certfile Ar file .Op Fl in Ar file .Op Fl inform Cm der | pem |
| ︙ | ︙ | |||
994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 | .It Fl out Ar file Write the PKCS#7 structure to .Ar file , or standard output if not specified. .It Fl outform Cm der | pem The output format. .El .Sh DGST .Bl -hang -width "openssl dgst" .It Nm openssl dgst .Bk -words .Op Fl cdr .Op Fl binary .Op Fl Ar digest | > | 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 | .It Fl out Ar file Write the PKCS#7 structure to .Ar file , or standard output if not specified. .It Fl outform Cm der | pem The output format. .El .Tg dgst .Sh DGST .Bl -hang -width "openssl dgst" .It Nm openssl dgst .Bk -words .Op Fl cdr .Op Fl binary .Op Fl Ar digest |
| ︙ | ︙ | |||
1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 | .Qq Verification OK or .Qq Verification Failure . .It Ar File or files to digest. If no files are specified then standard input is used. .El .Sh DHPARAM .Bl -hang -width "openssl dhparam" .It Nm openssl dhparam .Bk -words .Op Fl 2 | 5 .Op Fl C .Op Fl check | > | 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 | .Qq Verification OK or .Qq Verification Failure . .It Ar File or files to digest. If no files are specified then standard input is used. .El .Tg dhparam .Sh DHPARAM .Bl -hang -width "openssl dhparam" .It Nm openssl dhparam .Bk -words .Op Fl 2 | 5 .Op Fl C .Op Fl check |
| ︙ | ︙ | |||
1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 | Generate a parameter set of size .Ar numbits . It must be the last option. If not present, a value of 2048 is used. If this value is present, the input file is ignored and parameters are generated instead. .El .Sh DSA .Bl -hang -width "openssl dsa" .It Nm openssl dsa .Bk -words .Oo .Fl aes128 | aes192 | aes256 | .Fl des | des3 | > | 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 | Generate a parameter set of size .Ar numbits . It must be the last option. If not present, a value of 2048 is used. If this value is present, the input file is ignored and parameters are generated instead. .El .Tg dsa .Sh DSA .Bl -hang -width "openssl dsa" .It Nm openssl dsa .Bk -words .Oo .Fl aes128 | aes192 | aes256 | .Fl des | des3 |
| ︙ | ︙ | |||
1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 | .Xc Enable or disable PVK encoding. The default is .Fl pvk-strong . .It Fl text Print the public/private key in plain text. .El .Sh DSAPARAM .Bl -hang -width "openssl dsaparam" .It Nm openssl dsaparam .Bk -words .Op Fl C .Op Fl genkey .Op Fl in Ar file | > | 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 | .Xc Enable or disable PVK encoding. The default is .Fl pvk-strong . .It Fl text Print the public/private key in plain text. .El .Tg dsaparam .Sh DSAPARAM .Bl -hang -width "openssl dsaparam" .It Nm openssl dsaparam .Bk -words .Op Fl C .Op Fl genkey .Op Fl in Ar file |
| ︙ | ︙ | |||
1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 | .It Fl text Print the DSA parameters in plain text. .It Ar numbits Generate a parameter set of size .Ar numbits . If this option is included, the input file is ignored. .El .Sh EC .Bl -hang -width "openssl ec" .It Nm openssl ec .Bk -words .Op Fl conv_form Ar arg .Op Fl des .Op Fl des3 | > | 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 | .It Fl text Print the DSA parameters in plain text. .It Ar numbits Generate a parameter set of size .Ar numbits . If this option is included, the input file is ignored. .El .Tg ec .Sh EC .Bl -hang -width "openssl ec" .It Nm openssl ec .Bk -words .Op Fl conv_form Ar arg .Op Fl des .Op Fl des3 |
| ︙ | ︙ | |||
1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 | Read in a public key, not a private key. .It Fl pubout Output a public key, not a private key. Automatically set if the input is a public key. .It Fl text Print the public/private key in plain text. .El .Sh ECPARAM .Bl -hang -width "openssl ecparam" .It Nm openssl ecparam .Bk -words .Op Fl C .Op Fl check .Op Fl conv_form Ar arg | > | 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 | Read in a public key, not a private key. .It Fl pubout Output a public key, not a private key. Automatically set if the input is a public key. .It Fl text Print the public/private key in plain text. .El .Tg ecparam .Sh ECPARAM .Bl -hang -width "openssl ecparam" .It Nm openssl ecparam .Bk -words .Op Fl C .Op Fl check .Op Fl conv_form Ar arg |
| ︙ | ︙ | |||
1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 | Note: the .Cm implicitlyCA alternative, as specified in RFC 3279, is currently not implemented. .It Fl text Print the EC parameters in plain text. .El .Sh ENC .Bl -hang -width "openssl enc" .It Nm openssl enc .Bk -words .Fl ciphername .Op Fl AadePpv .Op Fl base64 | > | 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 | Note: the .Cm implicitlyCA alternative, as specified in RFC 3279, is currently not implemented. .It Fl text Print the EC parameters in plain text. .El .Tg enc .Sh ENC .Bl -hang -width "openssl enc" .It Nm openssl enc .Bk -words .Fl ciphername .Op Fl AadePpv .Op Fl base64 |
| ︙ | ︙ | |||
1656 1657 1658 1659 1660 1661 1662 | Superseded by the .Fl pass option. .It Fl md Ar digest Use .Ar digest to create a key from a pass phrase. | | < < < | | 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 | Superseded by the .Fl pass option. .It Fl md Ar digest Use .Ar digest to create a key from a pass phrase. Currently, the default value is .Cm sha256 . .It Fl none Use NULL cipher (no encryption or decryption of input). .It Fl nopad Disable standard block padding. .It Fl nosalt Don't use a salt in the key derivation routines. This option should never be used |
| ︙ | ︙ | |||
1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 | When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is randomly generated when encrypting a file and read from the encrypted file when it is decrypted. .It Fl v Print extra details about the processing. .El .Sh ERRSTR .Nm openssl errstr .Op Fl stats .Ar errno ... .Pp The .Nm errstr | > | 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 | When the salt is being used the first eight bytes of the encrypted data are reserved for the salt: it is randomly generated when encrypting a file and read from the encrypted file when it is decrypted. .It Fl v Print extra details about the processing. .El .Tg errstr .Sh ERRSTR .Nm openssl errstr .Op Fl stats .Ar errno ... .Pp The .Nm errstr |
| ︙ | ︙ | |||
1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 | are all ASCII text. .Pp The options are as follows: .Bl -tag -width Ds .It Fl stats Print debugging statistics about various aspects of the hash table. .El .Sh GENDSA .Bl -hang -width "openssl gendsa" .It Nm openssl gendsa .Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | .Fl camellia192 | camellia256 | des | des3 | idea | > | 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 | are all ASCII text. .Pp The options are as follows: .Bl -tag -width Ds .It Fl stats Print debugging statistics about various aspects of the hash table. .El .Tg gendsa .Sh GENDSA .Bl -hang -width "openssl gendsa" .It Nm openssl gendsa .Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | .Fl camellia192 | camellia256 | des | des3 | idea |
| ︙ | ︙ | |||
1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 | or standard output if not specified. .It Fl passout Ar arg The output file password source. .It Ar paramfile Specify the DSA parameter file to use. The parameters in this file determine the size of the private key. .El .Sh GENPKEY .Bl -hang -width "openssl genpkey" .It Nm openssl genpkey .Bk -words .Op Fl algorithm Ar alg .Op Ar cipher .Op Fl genparam | > | 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 | or standard output if not specified. .It Fl passout Ar arg The output file password source. .It Ar paramfile Specify the DSA parameter file to use. The parameters in this file determine the size of the private key. .El .Tg genpkey .Sh GENPKEY .Bl -hang -width "openssl genpkey" .It Nm openssl genpkey .Bk -words .Op Fl algorithm Ar alg .Op Ar cipher .Op Fl genparam |
| ︙ | ︙ | |||
1872 1873 1874 1875 1876 1877 1878 | .Ar p . .It dh_paramgen_generator : Ns Ar value (DH) The value to use for the generator .Ar g . .It ec_paramgen_curve : Ns Ar curve (EC) | | > | 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 | .Ar p . .It dh_paramgen_generator : Ns Ar value (DH) The value to use for the generator .Ar g . .It ec_paramgen_curve : Ns Ar curve (EC) The elliptic curve to use. .El .It Fl text Print the private/public key in plain text. .El .Tg genrsa .Sh GENRSA .Bl -hang -width "openssl genrsa" .It Nm openssl genrsa .Bk -words .Op Fl 3 | f4 .Oo .Fl aes128 | aes192 | aes256 | camellia128 | |
| ︙ | ︙ | |||
1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 | .It Fl passout Ar arg The output file password source. .It Ar numbits The size of the private key to generate in bits. This must be the last option specified. The default is 2048. .El .Sh NSEQ .Nm openssl nseq .Op Fl in Ar file .Op Fl out Ar file .Op Fl toseq .Pp The | > | 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 | .It Fl passout Ar arg The output file password source. .It Ar numbits The size of the private key to generate in bits. This must be the last option specified. The default is 2048. .El .Tg nseq .Sh NSEQ .Nm openssl nseq .Op Fl in Ar file .Op Fl out Ar file .Op Fl toseq .Pp The |
| ︙ | ︙ | |||
1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 | Normally, a Netscape certificate sequence will be input and the output is the certificates contained in it. With the .Fl toseq option the situation is reversed: a Netscape certificate sequence is created from a file of certificates. .El .Sh OCSP .Bl -hang -width "openssl ocsp" .It Nm openssl ocsp .Bk -words .Op Fl CA Ar file .Op Fl CAfile Ar file .Op Fl CApath Ar directory | > | 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 | Normally, a Netscape certificate sequence will be input and the output is the certificates contained in it. With the .Fl toseq option the situation is reversed: a Netscape certificate sequence is created from a file of certificates. .El .Tg ocsp .Sh OCSP .Bl -hang -width "openssl ocsp" .It Nm openssl ocsp .Bk -words .Op Fl CA Ar file .Op Fl CAfile Ar file .Op Fl CApath Ar directory |
| ︙ | ︙ | |||
2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 | which can give details about multiple CAs and has its own separate certificate chain, then its root CA can be trusted for OCSP signing. Alternatively, the responder certificate itself can be explicitly trusted with the .Fl VAfile option. .Sh PASSWD .Bl -hang -width "openssl passwd" .It Nm openssl passwd .Bk -words .Op Fl 1 | apr1 | crypt .Op Fl in Ar file .Op Fl noverify | > | 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 | which can give details about multiple CAs and has its own separate certificate chain, then its root CA can be trusted for OCSP signing. Alternatively, the responder certificate itself can be explicitly trusted with the .Fl VAfile option. .Tg passwd .Sh PASSWD .Bl -hang -width "openssl passwd" .It Nm openssl passwd .Bk -words .Op Fl 1 | apr1 | crypt .Op Fl in Ar file .Op Fl noverify |
| ︙ | ︙ | |||
2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 | .Fl noverify . .It Fl stdin Read passwords from standard input. .It Fl table In the output list, prepend the cleartext password and a TAB character to each password hash. .El .Sh PKCS7 .Bl -hang -width "openssl pkcs7" .It Nm openssl pkcs7 .Bk -words .Op Fl in Ar file .Op Fl inform Cm der | pem .Op Fl noout | > | 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 | .Fl noverify . .It Fl stdin Read passwords from standard input. .It Fl table In the output list, prepend the cleartext password and a TAB character to each password hash. .El .Tg pkcs7 .Sh PKCS7 .Bl -hang -width "openssl pkcs7" .It Nm openssl pkcs7 .Bk -words .Op Fl in Ar file .Op Fl inform Cm der | pem .Op Fl noout |
| ︙ | ︙ | |||
2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 | Print the ASN.1 representation of PKCS#7 structure. .It Fl print_certs Print any certificates or CRLs contained in the file, preceded by their subject and issuer names in a one-line format. .It Fl text Print certificate details in full rather than just subject and issuer names. .El .Sh PKCS8 .Bl -hang -width "openssl pkcs8" .It Nm openssl pkcs8 .Bk -words .Op Fl in Ar file .Op Fl inform Cm der | pem .Op Fl nocrypt | > | 2958 2959 2960 2961 2962 2963 2964 2965 2966 2967 2968 2969 2970 2971 2972 | Print the ASN.1 representation of PKCS#7 structure. .It Fl print_certs Print any certificates or CRLs contained in the file, preceded by their subject and issuer names in a one-line format. .It Fl text Print certificate details in full rather than just subject and issuer names. .El .Tg pkcs8 .Sh PKCS8 .Bl -hang -width "openssl pkcs8" .It Nm openssl pkcs8 .Bk -words .Op Fl in Ar file .Op Fl inform Cm der | pem .Op Fl nocrypt |
| ︙ | ︙ | |||
2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 | this doesn't matter). .Pp .Ar alg is the encryption algorithm to use; valid values include des, des3, and rc2. It is recommended that des3 is used. .El .Sh PKCS12 .Bl -hang -width "openssl pkcs12" .It Nm openssl pkcs12 .Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | .Fl camellia192 | camellia256 | des | des3 | idea | > | 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 | this doesn't matter). .Pp .Ar alg is the encryption algorithm to use; valid values include des, des3, and rc2. It is recommended that des3 is used. .El .Tg pkcs12 .Sh PKCS12 .Bl -hang -width "openssl pkcs12" .It Nm openssl pkcs12 .Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | .Fl camellia192 | camellia256 | des | des3 | idea |
| ︙ | ︙ | |||
2724 2725 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 | is equivalent to .Fl passout . Otherwise, .Fl password is equivalent to .Fl passin . .El .Sh PKEY .Bl -hang -width "openssl pkey" .It Nm openssl pkey .Bk -words .Op Ar cipher .Op Fl in Ar file .Op Fl inform Cm der | pem | > | 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 | is equivalent to .Fl passout . Otherwise, .Fl password is equivalent to .Fl passin . .El .Tg pkey .Sh PKEY .Bl -hang -width "openssl pkey" .It Nm openssl pkey .Bk -words .Op Ar cipher .Op Fl in Ar file .Op Fl inform Cm der | pem |
| ︙ | ︙ | |||
2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 | Automatically set if the input is a public key. .It Fl text Print the public/private key in plain text. .It Fl text_pub Print out only public key components even if a private key is being processed. .El .Sh PKEYPARAM .Cm openssl pkeyparam .Op Fl in Ar file .Op Fl noout .Op Fl out Ar file .Op Fl text .Pp | > | 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337 3338 | Automatically set if the input is a public key. .It Fl text Print the public/private key in plain text. .It Fl text_pub Print out only public key components even if a private key is being processed. .El .Tg pkeyparam .Sh PKEYPARAM .Cm openssl pkeyparam .Op Fl in Ar file .Op Fl noout .Op Fl out Ar file .Op Fl text .Pp |
| ︙ | ︙ | |||
2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823 2824 2825 | Do not output the encoded version of the parameters. .It Fl out Ar file The output file to write to, or standard output if not specified. .It Fl text Print the parameters in plain text. .El .Sh PKEYUTL .Bl -hang -width "openssl pkeyutl" .It Nm openssl pkeyutl .Bk -words .Op Fl asn1parse .Op Fl certin .Op Fl decrypt | > | 3350 3351 3352 3353 3354 3355 3356 3357 3358 3359 3360 3361 3362 3363 3364 | Do not output the encoded version of the parameters. .It Fl out Ar file The output file to write to, or standard output if not specified. .It Fl text Print the parameters in plain text. .El .Tg pkeyutl .Sh PKEYUTL .Bl -hang -width "openssl pkeyutl" .It Nm openssl pkeyutl .Bk -words .Op Fl asn1parse .Op Fl certin .Op Fl decrypt |
| ︙ | ︙ | |||
2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977 | This requires a private key. .It Fl verify Verify the input data against the signature file and indicate if the verification succeeded or failed. .It Fl verifyrecover Verify the input data and output the recovered data. .El .Sh PRIME .Cm openssl prime .Op Fl bits Ar n .Op Fl checks Ar n .Op Fl generate .Op Fl hex .Op Fl safe | > | 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 | This requires a private key. .It Fl verify Verify the input data against the signature file and indicate if the verification succeeded or failed. .It Fl verifyrecover Verify the input data and output the recovered data. .El .Tg prime .Sh PRIME .Cm openssl prime .Op Fl bits Ar n .Op Fl checks Ar n .Op Fl generate .Op Fl hex .Op Fl safe |
| ︙ | ︙ | |||
3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 | prime numbers (i.e. a prime p so that (p-1)/2 is also prime). .It Ar p Test if number .Ar p is prime. .El .Sh RAND .Bl -hang -width "openssl rand" .It Nm openssl rand .Bk -words .Op Fl base64 .Op Fl hex .Op Fl out Ar file | > | 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 | prime numbers (i.e. a prime p so that (p-1)/2 is also prime). .It Ar p Test if number .Ar p is prime. .El .Tg rand .Sh RAND .Bl -hang -width "openssl rand" .It Nm openssl rand .Bk -words .Op Fl base64 .Op Fl hex .Op Fl out Ar file |
| ︙ | ︙ | |||
3035 3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 | Perform base64 encoding on the output. .It Fl hex Specify hexadecimal output. .It Fl out Ar file The output file to write to, or standard output if not specified. .El .Sh REQ .Bl -hang -width "openssl req" .It Nm openssl req .Bk -words .Op Fl asn1-kludge .Op Fl batch .Op Fl config Ar file .Op Fl days Ar n .Op Fl extensions Ar section .Op Fl in Ar file .Op Fl inform Cm der | pem | > > | 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 | Perform base64 encoding on the output. .It Fl hex Specify hexadecimal output. .It Fl out Ar file The output file to write to, or standard output if not specified. .El .Tg req .Sh REQ .Bl -hang -width "openssl req" .It Nm openssl req .Bk -words .Op Fl addext Ar ext .Op Fl asn1-kludge .Op Fl batch .Op Fl config Ar file .Op Fl days Ar n .Op Fl extensions Ar section .Op Fl in Ar file .Op Fl inform Cm der | pem |
| ︙ | ︙ | |||
3088 3089 3090 3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 | command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self-signed certificates, for use as root CAs, for example. .Pp The options are as follows: .Bl -tag -width Ds .It Fl asn1-kludge Produce requests in an invalid format for certain picky CAs. Very few CAs still require the use of this option. .It Fl batch Non-interactive mode. .It Fl config Ar file Specify an alternative configuration file. | > > > > > > > | 3631 3632 3633 3634 3635 3636 3637 3638 3639 3640 3641 3642 3643 3644 3645 3646 3647 3648 3649 3650 3651 | command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self-signed certificates, for use as root CAs, for example. .Pp The options are as follows: .Bl -tag -width Ds .It Fl addext Ar ext Add a specific extension to the certificate (if the .Fl x509 option is present) or certificate request. The argument must have the form of a key=value pair as it would appear in a config file. This option can be given multiple times. .It Fl asn1-kludge Produce requests in an invalid format for certain picky CAs. Very few CAs still require the use of this option. .It Fl batch Non-interactive mode. .It Fl config Ar file Specify an alternative configuration file. |
| ︙ | ︙ | |||
3476 3477 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 | Additional object identifiers can be defined with the .Cm oid_file or .Cm oid_section options in the configuration file. Any additional fields will be treated as though they were a .Cm DirectoryString . .Sh RSA .Bl -hang -width "openssl rsa" .It Nm openssl rsa .Bk -words .Op Fl aes128 | aes192 | aes256 | des | des3 .Op Fl check .Op Fl in Ar file | > | 4026 4027 4028 4029 4030 4031 4032 4033 4034 4035 4036 4037 4038 4039 4040 | Additional object identifiers can be defined with the .Cm oid_file or .Cm oid_section options in the configuration file. Any additional fields will be treated as though they were a .Cm DirectoryString . .Tg rsa .Sh RSA .Bl -hang -width "openssl rsa" .It Nm openssl rsa .Bk -words .Op Fl aes128 | aes192 | aes256 | des | des3 .Op Fl check .Op Fl in Ar file |
| ︙ | ︙ | |||
3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 | format is used instead. .It Fl sgckey Use the modified NET algorithm used with some versions of Microsoft IIS and SGC keys. .It Fl text Print the public/private key components in plain text. .El .Sh RSAUTL .Bl -hang -width "openssl rsautl" .It Nm openssl rsautl .Bk -words .Op Fl asn1parse .Op Fl certin .Op Fl decrypt | > | 4124 4125 4126 4127 4128 4129 4130 4131 4132 4133 4134 4135 4136 4137 4138 | format is used instead. .It Fl sgckey Use the modified NET algorithm used with some versions of Microsoft IIS and SGC keys. .It Fl text Print the public/private key components in plain text. .El .Tg rsautl .Sh RSAUTL .Bl -hang -width "openssl rsautl" .It Nm openssl rsautl .Bk -words .Op Fl asn1parse .Op Fl certin .Op Fl decrypt |
| ︙ | ︙ | |||
3647 3648 3649 3650 3651 3652 3653 3654 3655 3656 3657 3658 3659 3660 3661 3662 3663 3664 3665 3666 3667 3668 3669 3670 3671 3672 3673 | Reverse the order of the input buffer. .It Fl sign Sign the input data and output the signed result. This requires an RSA private key. .It Fl verify Verify the input data and output the recovered data. .El .Sh S_CLIENT .Bl -hang -width "openssl s_client" .It Nm openssl s_client .Bk -words .Op Fl 4 | 6 .Op Fl alpn Ar protocols .Op Fl bugs .Op Fl CAfile Ar file .Op Fl CApath Ar directory .Op Fl cert Ar file .Op Fl certform Cm der | pem .Op Fl check_ss_sig .Op Fl cipher Ar cipherlist .Op Fl connect Ar host Ns Op : Ns Ar port .Op Fl crl_check .Op Fl crl_check_all .Op Fl crlf .Op Fl debug .Op Fl dtls1 .Op Fl extended_crl | > | > > | 4199 4200 4201 4202 4203 4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261 4262 4263 4264 4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276 | Reverse the order of the input buffer. .It Fl sign Sign the input data and output the signed result. This requires an RSA private key. .It Fl verify Verify the input data and output the recovered data. .El .Tg s_client .Sh S_CLIENT .Bl -hang -width "openssl s_client" .It Nm openssl s_client .Bk -words .Op Fl 4 | 6 .Op Fl alpn Ar protocols .Op Fl bugs .Op Fl CAfile Ar file .Op Fl CApath Ar directory .Op Fl cert Ar file .Op Fl certform Cm der | pem .Op Fl check_ss_sig .Op Fl cipher Ar cipherlist .Op Fl connect Ar host Ns Op : Ns Ar port .Op Fl crl_check .Op Fl crl_check_all .Op Fl crlf .Op Fl debug .Op Fl dtls1 .Op Fl extended_crl .Op Fl groups Ar list .Op Fl host Ar host .Op Fl ign_eof .Op Fl ignore_critical .Op Fl issuer_checks .Op Fl key Ar keyfile .Op Fl keyform Cm der | pem .Op Fl keymatexport Ar label .Op Fl keymatexportlen Ar len .Op Fl legacy_server_connect .Op Fl msg .Op Fl mtu Ar mtu .Op Fl nbio .Op Fl nbio_test .Op Fl no_comp .Op Fl no_ign_eof .Op Fl no_legacy_server_connect .Op Fl no_ticket .Op Fl no_tls1 .Op Fl no_tls1_1 .Op Fl no_tls1_2 .Op Fl no_tls1_3 .Op Fl pass Ar arg .Op Fl pause .Op Fl policy_check .Op Fl port Ar port .Op Fl prexit .Op Fl proxy Ar host : Ns Ar port .Op Fl quiet .Op Fl reconnect .Op Fl servername Ar name .Op Fl serverpref .Op Fl sess_in Ar file .Op Fl sess_out Ar file .Op Fl showcerts .Op Fl starttls Ar protocol .Op Fl state .Op Fl status .Op Fl timeout .Op Fl tls1 .Op Fl tls1_1 .Op Fl tls1_2 .Op Fl tls1_3 .Op Fl tlsextdebug .Op Fl use_srtp Ar profiles .Op Fl verify Ar depth .Op Fl verify_return_error .Op Fl x509_strict .Op Fl xmpphost Ar host .Ek |
| ︙ | ︙ | |||
3809 3810 3811 3812 3813 3814 3815 | .It Fl crlf Translate a line feed from the terminal into CR+LF, as required by some servers. .It Fl debug Print extensive debugging information, including a hex dump of all traffic. .It Fl dtls1 Permit only DTLS1.0. | | | > > > | 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 | .It Fl crlf Translate a line feed from the terminal into CR+LF, as required by some servers. .It Fl debug Print extensive debugging information, including a hex dump of all traffic. .It Fl dtls1 Permit only DTLS1.0. .It Fl groups Ar list Set the supported elliptic curve groups to the colon separated .Ar list of group NIDs or names as documented in .Xr SSL_CTX_set1_groups_list 3 . .It Fl host Ar host The .Ar host to connect to. The default is localhost. .It Fl ign_eof Inhibit shutting down the connection when end of file is reached in the input. |
| ︙ | ︙ | |||
3845 3846 3847 3848 3849 3850 3851 | Test non-blocking I/O. .It Fl no_ign_eof Shut down the connection when end of file is reached in the input. Can be used to override the implicit .Fl ign_eof after .Fl quiet . | | | | 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 | Test non-blocking I/O. .It Fl no_ign_eof Shut down the connection when end of file is reached in the input. Can be used to override the implicit .Fl ign_eof after .Fl quiet . .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | no_tls1_3 Disable the use of TLS1.0, 1.1, 1.2 and 1.3 respectively. .It Fl no_ticket Disable RFC 4507 session ticket support. .It Fl pass Ar arg The private key password source. .It Fl pause Pause 1 second between each read and write call. .It Fl port Ar port |
| ︙ | ︙ | |||
3919 3920 3921 3922 3923 3924 3925 | .It Fl state Print the SSL session states. .It Fl status Send a certificate status request to the server (OCSP stapling). The server response (if any) is printed out. .It Fl timeout Enable send/receive timeout on DTLS connections. | | | | 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 | .It Fl state Print the SSL session states. .It Fl status Send a certificate status request to the server (OCSP stapling). The server response (if any) is printed out. .It Fl timeout Enable send/receive timeout on DTLS connections. .It Fl tls1 | tls1_1 | tls1_2 | tls1_3 Permit only TLS1.0, 1.1, 1.2 or 1.3 respectively. .It Fl tlsextdebug Print a hex dump of any TLS extensions received from the server. .It Fl use_srtp Ar profiles Offer SRTP key management with a colon-separated profile list. .It Fl verify Ar depth Turn on server certificate verification, with a maximum length of |
| ︙ | ︙ | |||
3943 3944 3945 3946 3947 3948 3949 3950 3951 3952 3953 3954 3955 3956 | When used with .Fl starttls Ar xmpp , specify the host for the "to" attribute of the stream element. If this option is not specified then the host specified with .Fl connect will be used. .El .Sh S_SERVER .Bl -hang -width "openssl s_server" .It Nm openssl s_server .Bk -words .Op Fl accept Ar port .Op Fl alpn Ar protocols .Op Fl bugs | > | 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 | When used with .Fl starttls Ar xmpp , specify the host for the "to" attribute of the stream element. If this option is not specified then the host specified with .Fl connect will be used. .El .Tg s_server .Sh S_SERVER .Bl -hang -width "openssl s_server" .It Nm openssl s_server .Bk -words .Op Fl accept Ar port .Op Fl alpn Ar protocols .Op Fl bugs |
| ︙ | ︙ | |||
3968 3969 3970 3971 3972 3973 3974 3975 3976 3977 3978 3979 3980 3981 | .Op Fl dcertform Cm der | pem .Op Fl debug .Op Fl dhparam Ar file .Op Fl dkey Ar file .Op Fl dkeyform Cm der | pem .Op Fl dpass Ar arg .Op Fl dtls1 .Op Fl HTTP .Op Fl id_prefix Ar arg .Op Fl key Ar keyfile .Op Fl key2 Ar keyfile .Op Fl keyform Cm der | pem .Op Fl keymatexport Ar label .Op Fl keymatexportlen Ar len | > | 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 | .Op Fl dcertform Cm der | pem .Op Fl debug .Op Fl dhparam Ar file .Op Fl dkey Ar file .Op Fl dkeyform Cm der | pem .Op Fl dpass Ar arg .Op Fl dtls1 .Op Fl groups Ar list .Op Fl HTTP .Op Fl id_prefix Ar arg .Op Fl key Ar keyfile .Op Fl key2 Ar keyfile .Op Fl keyform Cm der | pem .Op Fl keymatexport Ar label .Op Fl keymatexportlen Ar len |
| ︙ | ︙ | |||
4132 4133 4134 4135 4136 4137 4138 4139 4140 4141 4142 4143 4144 4145 | If not specified, an attempt is made to load the parameters from the server certificate file. If this fails, a static set of parameters hard coded into the .Nm s_server program will be used. .It Fl dtls1 Permit only DTLS1.0. .It Fl HTTP Emulate a simple web server. Pages are resolved relative to the current directory. For example if the URL .Pa https://myhost/page.html is requested, the file .Pa ./page.html | > > > > > | 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 | If not specified, an attempt is made to load the parameters from the server certificate file. If this fails, a static set of parameters hard coded into the .Nm s_server program will be used. .It Fl dtls1 Permit only DTLS1.0. .It Fl groups Ar list Set the supported elliptic curve groups to the colon separated .Ar list of group NIDs or names as documented in .Xr SSL_CTX_set1_groups_list 3 . .It Fl HTTP Emulate a simple web server. Pages are resolved relative to the current directory. For example if the URL .Pa https://myhost/page.html is requested, the file .Pa ./page.html |
| ︙ | ︙ | |||
4168 4169 4170 4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 | Export len bytes of keying material (default 20). .It Fl msg Show all protocol messages with hex dump. .It Fl mtu Ar mtu Set the link layer MTU. .It Fl named_curve Ar arg Specify the elliptic curve name to use for ephemeral ECDH keys. .It Fl nbio Turn on non-blocking I/O. .It Fl nbio_test Test non-blocking I/O. .It Fl no_cache Disable session caching. .It Fl no_dhe | > > > | 4733 4734 4735 4736 4737 4738 4739 4740 4741 4742 4743 4744 4745 4746 4747 4748 4749 | Export len bytes of keying material (default 20). .It Fl msg Show all protocol messages with hex dump. .It Fl mtu Ar mtu Set the link layer MTU. .It Fl named_curve Ar arg Specify the elliptic curve name to use for ephemeral ECDH keys. This option is deprecated; use .Fl groups instead. .It Fl nbio Turn on non-blocking I/O. .It Fl nbio_test Test non-blocking I/O. .It Fl no_cache Disable session caching. .It Fl no_dhe |
| ︙ | ︙ | |||
4248 4249 4250 4251 4252 4253 4254 4255 4256 4257 4258 4259 4260 4261 | With .Fl Verify , the client must supply a certificate or an error occurs; with .Fl verify , a certificate is requested but the client does not have to send one. .El .Sh S_TIME .Bl -hang -width "openssl s_time" .It Nm openssl s_time .Bk -words .Op Fl bugs .Op Fl CAfile Ar file .Op Fl CApath Ar directory | > | 4816 4817 4818 4819 4820 4821 4822 4823 4824 4825 4826 4827 4828 4829 4830 | With .Fl Verify , the client must supply a certificate or an error occurs; with .Fl verify , a certificate is requested but the client does not have to send one. .El .Tg s_time .Sh S_TIME .Bl -hang -width "openssl s_time" .It Nm openssl s_time .Bk -words .Op Fl bugs .Op Fl CAfile Ar file .Op Fl CApath Ar directory |
| ︙ | ︙ | |||
4358 4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 | .Sq / gets the index.htm[l] page. If this parameter is not specified, .Nm s_time will only perform the handshake to establish SSL connections but not transfer any payload data. .El .Sh SESS_ID .Bl -hang -width "openssl sess_id" .It Nm openssl sess_id .Bk -words .Op Fl cert .Op Fl context Ar ID .Op Fl in Ar file | > | 4927 4928 4929 4930 4931 4932 4933 4934 4935 4936 4937 4938 4939 4940 4941 | .Sq / gets the index.htm[l] page. If this parameter is not specified, .Nm s_time will only perform the handshake to establish SSL connections but not transfer any payload data. .El .Tg sess_id .Sh SESS_ID .Bl -hang -width "openssl sess_id" .It Nm openssl sess_id .Bk -words .Op Fl cert .Op Fl context Ar ID .Op Fl in Ar file |
| ︙ | ︙ | |||
4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 | the contents of an encrypted session using this information. Therefore appropriate security precautions should be taken if the information is being output by a .Qq real application. This is, however, strongly discouraged and should only be used for debugging purposes. .Sh SMIME .Bl -hang -width "openssl smime" .It Nm openssl smime .Bk -words .Oo .Fl aes128 | aes192 | aes256 | des | .Fl des3 | rc2-40 | rc2-64 | rc2-128 | > | 5020 5021 5022 5023 5024 5025 5026 5027 5028 5029 5030 5031 5032 5033 5034 | the contents of an encrypted session using this information. Therefore appropriate security precautions should be taken if the information is being output by a .Qq real application. This is, however, strongly discouraged and should only be used for debugging purposes. .Tg smime .Sh SMIME .Bl -hang -width "openssl smime" .It Nm openssl smime .Bk -words .Oo .Fl aes128 | aes192 | aes256 | des | .Fl des3 | rc2-40 | rc2-64 | rc2-128 |
| ︙ | ︙ | |||
4746 4747 4748 4749 4750 4751 4752 4753 4754 4755 4756 4757 4758 4759 | .It 3 An error occurred creating the file or when reading the message. .It 4 An error occurred decrypting or verifying the message. .It 5 An error occurred writing certificates. .El .Sh SPEED .Bl -hang -width "openssl speed" .It Nm openssl speed .Bk -words .Op Ar algorithm .Op Fl decrypt .Op Fl elapsed | > | 5317 5318 5319 5320 5321 5322 5323 5324 5325 5326 5327 5328 5329 5330 5331 | .It 3 An error occurred creating the file or when reading the message. .It 4 An error occurred decrypting or verifying the message. .It 5 An error occurred writing certificates. .El .Tg speed .Sh SPEED .Bl -hang -width "openssl speed" .It Nm openssl speed .Bk -words .Op Ar algorithm .Op Fl decrypt .Op Fl elapsed |
| ︙ | ︙ | |||
4783 4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 | .It Fl mr Produce machine readable output. .It Fl multi Ar number Run .Ar number benchmarks in parallel. .El .Sh SPKAC .Bl -hang -width "openssl spkac" .It Nm openssl spkac .Bk -words .Op Fl challenge Ar string .Op Fl in Ar file .Op Fl key Ar keyfile | > | 5355 5356 5357 5358 5359 5360 5361 5362 5363 5364 5365 5366 5367 5368 5369 | .It Fl mr Produce machine readable output. .It Fl multi Ar number Run .Ar number benchmarks in parallel. .El .Tg spkac .Sh SPKAC .Bl -hang -width "openssl spkac" .It Nm openssl spkac .Bk -words .Op Fl challenge Ar string .Op Fl in Ar file .Op Fl key Ar keyfile |
| ︙ | ︙ | |||
4844 4845 4846 4847 4848 4849 4850 4851 4852 4853 4854 4855 4856 4857 | .It Fl spksect Ar section An alternative name for the .Ar section containing the SPKAC. .It Fl verify Verify the digital signature on the supplied SPKAC. .El .Sh TS .Bk -words .Bl -hang -width "openssl ts" .It Nm openssl ts .Fl query .Op Fl md4 | md5 | ripemd160 | sha1 .Op Fl cert | > | 5417 5418 5419 5420 5421 5422 5423 5424 5425 5426 5427 5428 5429 5430 5431 | .It Fl spksect Ar section An alternative name for the .Ar section containing the SPKAC. .It Fl verify Verify the digital signature on the supplied SPKAC. .El .Tg ts .Sh TS .Bk -words .Bl -hang -width "openssl ts" .It Nm openssl ts .Fl query .Op Fl md4 | md5 | ripemd160 | sha1 .Op Fl cert |
| ︙ | ︙ | |||
5206 5207 5208 5209 5210 5211 5212 5213 5214 5215 5216 5217 5218 5219 | .Fl chain option is specified then the certificate identifiers of the chain will also be included in the SigningCertificate signed attribute. If this variable is set to no, only the signing certificate identifier is included. The default is no. .El .Sh VERIFY .Bl -hang -width "openssl verify" .It Nm openssl verify .Bk -words .Op Fl CAfile Ar file .Op Fl CApath Ar directory .Op Fl check_ss_sig | > | 5780 5781 5782 5783 5784 5785 5786 5787 5788 5789 5790 5791 5792 5793 5794 | .Fl chain option is specified then the certificate identifiers of the chain will also be included in the SigningCertificate signed attribute. If this variable is set to no, only the signing certificate identifier is included. The default is no. .El .Tg verify .Sh VERIFY .Bl -hang -width "openssl verify" .It Nm openssl verify .Bk -words .Op Fl CAfile Ar file .Op Fl CApath Ar directory .Op Fl check_ss_sig |
| ︙ | ︙ | |||
5533 5534 5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 5546 | The current candidate issuer certificate was rejected because its .Cm keyUsage extension does not permit certificate signing. .It 50 X509_V_ERR_APPLICATION_VERIFICATION An application specific error. Unused. .El .Sh VERSION .Nm openssl version .Op Fl abdfopv .Pp The .Nm version command is used to print out version information about | > | 6108 6109 6110 6111 6112 6113 6114 6115 6116 6117 6118 6119 6120 6121 6122 | The current candidate issuer certificate was rejected because its .Cm keyUsage extension does not permit certificate signing. .It 50 X509_V_ERR_APPLICATION_VERIFICATION An application specific error. Unused. .El .Tg version .Sh VERSION .Nm openssl version .Op Fl abdfopv .Pp The .Nm version command is used to print out version information about |
| ︙ | ︙ | |||
5564 5565 5566 5567 5568 5569 5570 5571 5572 5573 5574 5575 5576 5577 | .It Fl p Platform setting. .It Fl v The current .Nm openssl version. .El .Sh X509 .Bl -hang -width "openssl x509" .It Nm openssl x509 .Bk -words .Op Fl C .Op Fl addreject Ar arg .Op Fl addtrust Ar arg | > | 6140 6141 6142 6143 6144 6145 6146 6147 6148 6149 6150 6151 6152 6153 6154 | .It Fl p Platform setting. .It Fl v The current .Nm openssl version. .El .Tg x509 .Sh X509 .Bl -hang -width "openssl x509" .It Nm openssl x509 .Bk -words .Op Fl C .Op Fl addreject Ar arg .Op Fl addtrust Ar arg |
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/openssl.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: openssl.c,v 1.30 2019/11/04 15:25:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
150 151 152 153 154 155 156 157 158 159 160 161 162 163 |
FUNCTION functions[] = {
/* General functions. */
{ FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main },
{ FUNC_TYPE_GENERAL, "ca", ca_main },
{ FUNC_TYPE_GENERAL, "certhash", certhash_main },
{ FUNC_TYPE_GENERAL, "ciphers", ciphers_main },
{ FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main },
{ FUNC_TYPE_GENERAL, "crl", crl_main },
{ FUNC_TYPE_GENERAL, "dgst", dgst_main },
{ FUNC_TYPE_GENERAL, "enc", enc_main },
{ FUNC_TYPE_GENERAL, "errstr", errstr_main },
{ FUNC_TYPE_GENERAL, "genpkey", genpkey_main },
{ FUNC_TYPE_GENERAL, "nseq", nseq_main },
| > > > | 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
FUNCTION functions[] = {
/* General functions. */
{ FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main },
{ FUNC_TYPE_GENERAL, "ca", ca_main },
{ FUNC_TYPE_GENERAL, "certhash", certhash_main },
{ FUNC_TYPE_GENERAL, "ciphers", ciphers_main },
#ifndef OPENSSL_NO_CMS
{ FUNC_TYPE_GENERAL, "cms", cms_main },
#endif
{ FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main },
{ FUNC_TYPE_GENERAL, "crl", crl_main },
{ FUNC_TYPE_GENERAL, "dgst", dgst_main },
{ FUNC_TYPE_GENERAL, "enc", enc_main },
{ FUNC_TYPE_GENERAL, "errstr", errstr_main },
{ FUNC_TYPE_GENERAL, "genpkey", genpkey_main },
{ FUNC_TYPE_GENERAL, "nseq", nseq_main },
|
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/progs.h.
|
| | > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | /* $OpenBSD: progs.h,v 1.9 2019/11/04 15:25:54 jsing Exp $ */ /* Public domain */ int asn1parse_main(int argc, char **argv); int ca_main(int argc, char **argv); int certhash_main(int argc, char **argv); int ciphers_main(int argc, char **argv); int cms_main(int argc, char **argv); int crl2pkcs7_main(int argc, char **argv); int crl_main(int argc, char **argv); int dgst_main(int argc, char **argv); int dh_main(int argc, char **argv); int dhparam_main(int argc, char **argv); int dsa_main(int argc, char **argv); int dsaparam_main(int argc, char **argv); |
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/req.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: req.c,v 1.18 2019/11/06 11:16:16 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
58 59 60 61 62 63 64 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED #undef OPENSSL_NO_DEPRECATED #endif | | > | | | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ #ifdef OPENSSL_NO_DEPRECATED #undef OPENSSL_NO_DEPRECATED #endif #include <ctype.h> #include <limits.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <time.h> #include "apps.h" #include <openssl/asn1.h> #include <openssl/bio.h> |
| ︙ | ︙ | |||
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 |
static int add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
int nid, int n_min, int n_max, unsigned long chtype, int mval);
static int genpkey_cb(EVP_PKEY_CTX * ctx);
static int req_check_len(int len, int n_min, int n_max);
static int check_end(const char *str, const char *end);
static EVP_PKEY_CTX *set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
long *pkeylen, char **palgnam);
static CONF *req_conf = NULL;
static int batch = 0;
int
req_main(int argc, char **argv)
{
unsigned long nmflag = 0, reqflag = 0;
int ex = 1, x509 = 0, days = 30;
X509 *x509ss = NULL;
X509_REQ *req = NULL;
EVP_PKEY_CTX *genctx = NULL;
const char *keyalg = NULL;
char *keyalgstr = NULL;
STACK_OF(OPENSSL_STRING) * pkeyopts = NULL, *sigopts = NULL;
EVP_PKEY *pkey = NULL;
int i = 0, badops = 0, newreq = 0, verbose = 0, pkey_type = -1;
long newkey = -1;
BIO *in = NULL, *out = NULL;
int informat, outformat, verify = 0, noout = 0, text = 0, keyform = FORMAT_PEM;
int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
char *infile, *outfile, *prog, *keyfile = NULL, *template = NULL,
*keyout = NULL;
char *extensions = NULL;
char *req_exts = NULL;
const EVP_CIPHER *cipher = NULL;
ASN1_INTEGER *serial = NULL;
int modulus = 0;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
| > > > > > > > | 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
static int add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
int nid, int n_min, int n_max, unsigned long chtype, int mval);
static int genpkey_cb(EVP_PKEY_CTX * ctx);
static int req_check_len(int len, int n_min, int n_max);
static int check_end(const char *str, const char *end);
static EVP_PKEY_CTX *set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
long *pkeylen, char **palgnam);
static unsigned long ext_name_hash(const OPENSSL_STRING *a);
static int ext_name_cmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b);
static void exts_cleanup(OPENSSL_STRING *x);
static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv);
static CONF *req_conf = NULL;
static CONF *addext_conf = NULL;
static int batch = 0;
int
req_main(int argc, char **argv)
{
unsigned long nmflag = 0, reqflag = 0;
int ex = 1, x509 = 0, days = 30;
X509 *x509ss = NULL;
X509_REQ *req = NULL;
EVP_PKEY_CTX *genctx = NULL;
const char *keyalg = NULL;
char *keyalgstr = NULL;
STACK_OF(OPENSSL_STRING) * pkeyopts = NULL, *sigopts = NULL;
LHASH_OF(OPENSSL_STRING) *addexts = NULL;
EVP_PKEY *pkey = NULL;
int i = 0, badops = 0, newreq = 0, verbose = 0, pkey_type = -1;
long newkey = -1;
BIO *in = NULL, *out = NULL;
int informat, outformat, verify = 0, noout = 0, text = 0, keyform = FORMAT_PEM;
int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
char *infile, *outfile, *prog, *keyfile = NULL, *template = NULL,
*keyout = NULL;
BIO *addext_bio = NULL;
char *extensions = NULL;
char *req_exts = NULL;
const EVP_CIPHER *cipher = NULL;
ASN1_INTEGER *serial = NULL;
int modulus = 0;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
|
| ︙ | ︙ | |||
315 316 317 318 319 320 321 322 323 324 325 326 327 328 |
}
} else if (strcmp(*argv, "-set_serial") == 0) {
if (--argc < 1)
goto bad;
serial = s2i_ASN1_INTEGER(NULL, *(++argv));
if (!serial)
goto bad;
} else if (strcmp(*argv, "-extensions") == 0) {
if (--argc < 1)
goto bad;
extensions = *(++argv);
} else if (strcmp(*argv, "-reqexts") == 0) {
if (--argc < 1)
goto bad;
| > > > > > > > > > > > > > > > > > | 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 |
}
} else if (strcmp(*argv, "-set_serial") == 0) {
if (--argc < 1)
goto bad;
serial = s2i_ASN1_INTEGER(NULL, *(++argv));
if (!serial)
goto bad;
} else if (strcmp(*argv, "-addext") == 0) {
if (--argc < 1)
goto bad;
p = *(++argv);
if (addexts == NULL) {
addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new(
(LHASH_HASH_FN_TYPE)ext_name_hash,
(LHASH_COMP_FN_TYPE)ext_name_cmp);
addext_bio = BIO_new(BIO_s_mem());
if (addexts == NULL || addext_bio == NULL)
goto bad;
}
i = duplicated(addexts, p);
if (i == 1)
goto bad;
if (i < 0 || BIO_printf(addext_bio, "%s\n", p) < 0)
goto bad;
} else if (strcmp(*argv, "-extensions") == 0) {
if (--argc < 1)
goto bad;
extensions = *(++argv);
} else if (strcmp(*argv, "-reqexts") == 0) {
if (--argc < 1)
goto bad;
|
| ︙ | ︙ | |||
369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 |
BIO_printf(bio_err, " -batch do not ask anything during request generation\n");
BIO_printf(bio_err, " -x509 output a x509 structure instead of a cert. req.\n");
BIO_printf(bio_err, " -days number of days a certificate generated by -x509 is valid for.\n");
BIO_printf(bio_err, " -set_serial serial number to use for a certificate generated by -x509.\n");
BIO_printf(bio_err, " -newhdr output \"NEW\" in the header lines\n");
BIO_printf(bio_err, " -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
BIO_printf(bio_err, " have been reported as requiring\n");
BIO_printf(bio_err, " -extensions .. specify certificate extension section (override value in config file)\n");
BIO_printf(bio_err, " -reqexts .. specify request extension section (override value in config file)\n");
BIO_printf(bio_err, " -utf8 input characters are UTF8 (default ASCII)\n");
BIO_printf(bio_err, " -nameopt arg - various certificate name options\n");
BIO_printf(bio_err, " -reqopt arg - various request text options\n\n");
goto end;
}
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (template != NULL) {
long errline = -1;
if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n", template);
| > | > | < > > > > > > > > > > > > > > > | 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 |
BIO_printf(bio_err, " -batch do not ask anything during request generation\n");
BIO_printf(bio_err, " -x509 output a x509 structure instead of a cert. req.\n");
BIO_printf(bio_err, " -days number of days a certificate generated by -x509 is valid for.\n");
BIO_printf(bio_err, " -set_serial serial number to use for a certificate generated by -x509.\n");
BIO_printf(bio_err, " -newhdr output \"NEW\" in the header lines\n");
BIO_printf(bio_err, " -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
BIO_printf(bio_err, " have been reported as requiring\n");
BIO_printf(bio_err, " -addext .. additional cert extension key=value pair (may be given more than once)\n");
BIO_printf(bio_err, " -extensions .. specify certificate extension section (override value in config file)\n");
BIO_printf(bio_err, " -reqexts .. specify request extension section (override value in config file)\n");
BIO_printf(bio_err, " -utf8 input characters are UTF8 (default ASCII)\n");
BIO_printf(bio_err, " -nameopt arg - various certificate name options\n");
BIO_printf(bio_err, " -reqopt arg - various request text options\n\n");
goto end;
}
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if (template != NULL) {
long errline = -1;
if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n", template);
if ((req_conf = NCONF_new(NULL)) == NULL)
goto end;
if(!NCONF_load(req_conf, template, &errline)) {
BIO_printf(bio_err, "error on line %ld of %s\n", errline, template);
goto end;
}
} else {
req_conf = config;
if (req_conf == NULL) {
BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file);
if (newreq)
goto end;
} else if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n",
default_config_file);
}
if (addext_bio != NULL) {
long errline = -1;
if (verbose)
BIO_printf(bio_err,
"Using additional configuration from command line\n");
if ((addext_conf = NCONF_new(NULL)) == NULL)
goto end;
if (!NCONF_load_bio(addext_conf, addext_bio, &errline)) {
BIO_printf(bio_err,
"req: Error on line %ld of config input\n",
errline);
goto end;
}
}
if (req_conf != NULL) {
if (!load_config(bio_err, req_conf))
goto end;
p = NCONF_get_string(req_conf, NULL, "oid_file");
if (p == NULL)
ERR_clear_error();
|
| ︙ | ︙ | |||
452 453 454 455 456 457 458 459 460 461 462 463 464 465 |
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, req_conf);
if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n", extensions);
goto end;
}
}
if (!passin) {
passin = NCONF_get_string(req_conf, SECTION, "input_password");
if (!passin)
ERR_clear_error();
}
if (!passout) {
| > > > > > > > > > > > | 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 |
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, req_conf);
if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n", extensions);
goto end;
}
}
if (addext_conf != NULL) {
/* Check syntax of command line extensions */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_nconf(&ctx, addext_conf);
if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) {
BIO_printf(bio_err,
"Error Loading command line extensions\n");
goto end;
}
}
if (!passin) {
passin = NCONF_get_string(req_conf, SECTION, "input_password");
if (!passin)
ERR_clear_error();
}
if (!passout) {
|
| ︙ | ︙ | |||
656 657 658 659 660 661 662 |
if (x509) {
EVP_PKEY *tmppkey;
X509V3_CTX ext_ctx;
if ((x509ss = X509_new()) == NULL)
goto end;
/* Set version to V3 */
| > | | 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 |
if (x509) {
EVP_PKEY *tmppkey;
X509V3_CTX ext_ctx;
if ((x509ss = X509_new()) == NULL)
goto end;
/* Set version to V3 */
if ((extensions != NULL || addext_conf != NULL) &&
!X509_set_version(x509ss, 2))
goto end;
if (serial) {
if (!X509_set_serialNumber(x509ss, serial))
goto end;
} else {
if (!rand_serial(NULL,
X509_get_serialNumber(x509ss)))
|
| ︙ | ︙ | |||
692 693 694 695 696 697 698 699 700 701 702 703 704 705 |
/* Add extensions */
if (extensions && !X509V3_EXT_add_nconf(req_conf,
&ext_ctx, extensions, x509ss)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
extensions);
goto end;
}
i = do_X509_sign(bio_err, x509ss, pkey, digest, sigopts);
if (!i) {
ERR_print_errors(bio_err);
goto end;
}
} else {
| > > > > > > > | 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 |
/* Add extensions */
if (extensions && !X509V3_EXT_add_nconf(req_conf,
&ext_ctx, extensions, x509ss)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
extensions);
goto end;
}
if (addext_conf != NULL &&
!X509V3_EXT_add_nconf(addext_conf, &ext_ctx,
"default", x509ss)) {
BIO_printf(bio_err,
"Error Loading command line extensions\n");
goto end;
}
i = do_X509_sign(bio_err, x509ss, pkey, digest, sigopts);
if (!i) {
ERR_print_errors(bio_err);
goto end;
}
} else {
|
| ︙ | ︙ | |||
713 714 715 716 717 718 719 720 721 722 723 724 725 726 |
/* Add extensions */
if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
&ext_ctx, req_exts, req)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
req_exts);
goto end;
}
i = do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts);
if (!i) {
ERR_print_errors(bio_err);
goto end;
}
}
| > > > > > > > | 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 |
/* Add extensions */
if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
&ext_ctx, req_exts, req)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
req_exts);
goto end;
}
if (addext_conf != NULL &&
!X509V3_EXT_REQ_add_nconf(addext_conf, &ext_ctx,
"default", req)) {
BIO_printf(bio_err,
"Error Loading command line extensions\n");
goto end;
}
i = do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts);
if (!i) {
ERR_print_errors(bio_err);
goto end;
}
}
|
| ︙ | ︙ | |||
860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 |
ex = 0;
end:
if (ex) {
ERR_print_errors(bio_err);
}
if ((req_conf != NULL) && (req_conf != config))
NCONF_free(req_conf);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
if (genctx)
EVP_PKEY_CTX_free(genctx);
if (pkeyopts)
sk_OPENSSL_STRING_free(pkeyopts);
if (sigopts)
sk_OPENSSL_STRING_free(sigopts);
free(keyalgstr);
X509_REQ_free(req);
X509_free(x509ss);
ASN1_INTEGER_free(serial);
if (passargin && passin)
free(passin);
if (passargout && passout)
| > > > > | 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 |
ex = 0;
end:
if (ex) {
ERR_print_errors(bio_err);
}
if ((req_conf != NULL) && (req_conf != config))
NCONF_free(req_conf);
NCONF_free(addext_conf);
BIO_free(addext_bio);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
if (genctx)
EVP_PKEY_CTX_free(genctx);
if (pkeyopts)
sk_OPENSSL_STRING_free(pkeyopts);
if (sigopts)
sk_OPENSSL_STRING_free(sigopts);
lh_OPENSSL_STRING_doall(addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup);
lh_OPENSSL_STRING_free(addexts);
free(keyalgstr);
X509_REQ_free(req);
X509_free(x509ss);
ASN1_INTEGER_free(serial);
if (passargin && passin)
free(passin);
if (passargout && passout)
|
| ︙ | ︙ | |||
1554 1555 1556 1557 1558 1559 1560 | EVP_MD_CTX_init(&mctx); rv = do_sign_init(err, &mctx, pkey, md, sigopts); if (rv > 0) rv = X509_CRL_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); return rv > 0 ? 1 : 0; } | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 |
EVP_MD_CTX_init(&mctx);
rv = do_sign_init(err, &mctx, pkey, md, sigopts);
if (rv > 0)
rv = X509_CRL_sign_ctx(x, &mctx);
EVP_MD_CTX_cleanup(&mctx);
return rv > 0 ? 1 : 0;
}
static unsigned long
ext_name_hash(const OPENSSL_STRING *a)
{
return lh_strhash((const char *)a);
}
static int
ext_name_cmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b)
{
return strcmp((const char *)a, (const char *)b);
}
static void
exts_cleanup(OPENSSL_STRING *x)
{
free((char *)x);
}
/*
* Is the |kv| key already duplicated ? This is remarkably tricky to get right.
* Return 0 if unique, -1 on runtime error; 1 if found or a syntax error.
*/
static int
duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
{
char *p;
size_t off;
/* Check syntax. */
/* Skip leading whitespace, make a copy. */
while (*kv && isspace(*kv))
if (*++kv == '\0')
return 1;
if ((p = strchr(kv, '=')) == NULL)
return 1;
off = p - kv;
if ((kv = strdup(kv)) == NULL)
return -1;
/* Skip trailing space before the equal sign. */
for (p = kv + off; p > kv; --p)
if (!isspace(p[-1]))
break;
if (p == kv) {
free(kv);
return 1;
}
*p = '\0';
/* See if "key" is there by attempting to add it. */
if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv))
!= NULL || lh_OPENSSL_STRING_error(addexts)) {
free(p != NULL ? p : kv);
return -1;
}
return 0;
}
|
Changes to jni/libressl/apps/openssl/s_cb.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: s_cb.c,v 1.14 2020/04/26 02:09:21 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 |
{
BIO *bio = arg;
const char *str_write_p, *str_version, *str_content_type = "",
*str_details1 = "", *str_details2 = "";
str_write_p = write_p ? ">>>" : "<<<";
switch (version) {
case SSL2_VERSION:
str_version = "SSL 2.0";
break;
case SSL3_VERSION:
str_version = "SSL 3.0 ";
break;
case TLS1_VERSION:
str_version = "TLS 1.0 ";
break;
case TLS1_1_VERSION:
str_version = "TLS 1.1 ";
break;
case TLS1_2_VERSION:
str_version = "TLS 1.2 ";
break;
case DTLS1_VERSION:
str_version = "DTLS 1.0 ";
break;
default:
str_version = "???";
}
if (version == SSL2_VERSION) {
str_details1 = "???";
if (len > 0) {
switch (((const unsigned char *) buf)[0]) {
case 0:
str_details1 = ", ERROR:";
str_details2 = " ???";
if (len >= 3) {
unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2];
| > > > > > | 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 |
{
BIO *bio = arg;
const char *str_write_p, *str_version, *str_content_type = "",
*str_details1 = "", *str_details2 = "";
str_write_p = write_p ? ">>>" : "<<<";
/* XXX convert to using ssl_get_version */
switch (version) {
case SSL2_VERSION:
str_version = "SSL 2.0";
break;
case SSL3_VERSION:
str_version = "SSL 3.0 ";
break;
case TLS1_VERSION:
str_version = "TLS 1.0 ";
break;
case TLS1_1_VERSION:
str_version = "TLS 1.1 ";
break;
case TLS1_2_VERSION:
str_version = "TLS 1.2 ";
break;
case TLS1_3_VERSION:
str_version = "TLS 1.3 ";
break;
case DTLS1_VERSION:
str_version = "DTLS 1.0 ";
break;
default:
str_version = "???";
}
if (version == SSL2_VERSION) {
str_details1 = "???";
if (len > 0) {
/* XXX magic numbers */
switch (((const unsigned char *) buf)[0]) {
case 0:
str_details1 = ", ERROR:";
str_details2 = " ???";
if (len >= 3) {
unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2];
|
| ︙ | ︙ | |||
465 466 467 468 469 470 471 | str_details1 = ", CLIENT-CERTIFICATE"; break; } } } if (version == SSL3_VERSION || version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || | | > | 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 |
str_details1 = ", CLIENT-CERTIFICATE";
break;
}
}
}
if (version == SSL3_VERSION || version == TLS1_VERSION ||
version == TLS1_1_VERSION || version == TLS1_2_VERSION ||
version == TLS1_3_VERSION || version == DTLS1_VERSION) {
/* XXX magic numbers are in ssl3.h */
switch (content_type) {
case 20:
str_content_type = "ChangeCipherSpec";
break;
case 21:
str_content_type = "Alert";
break;
|
| ︙ | ︙ | |||
600 601 602 603 604 605 606 607 608 609 610 611 612 613 | break; case 2: str_details1 = ", ServerHello"; break; case 3: str_details1 = ", HelloVerifyRequest"; break; case 11: str_details1 = ", Certificate"; break; case 12: str_details1 = ", ServerKeyExchange"; break; case 13: | > > > > > > > > > | 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 | break; case 2: str_details1 = ", ServerHello"; break; case 3: str_details1 = ", HelloVerifyRequest"; break; case 4: str_details1 = ", NewSessionTicket"; break; case 5: str_details1 = ", EndOfEarlyData"; break; case 8: str_details1 = ", EncryptedExtensions"; break; case 11: str_details1 = ", Certificate"; break; case 12: str_details1 = ", ServerKeyExchange"; break; case 13: |
| ︙ | ︙ | |||
621 622 623 624 625 626 627 628 629 630 631 632 633 634 | break; case 16: str_details1 = ", ClientKeyExchange"; break; case 20: str_details1 = ", Finished"; break; } } } } BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long) len, str_details1, str_details2); | > > > | 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 | break; case 16: str_details1 = ", ClientKeyExchange"; break; case 20: str_details1 = ", Finished"; break; case 24: str_details1 = ", KeyUpdate"; break; } } } } BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long) len, str_details1, str_details2); |
| ︙ | ︙ | |||
720 721 722 723 724 725 726 727 728 729 730 | extname = "use SRTP"; break; case TLSEXT_TYPE_heartbeat: extname = "heartbeat"; break; case TLSEXT_TYPE_session_ticket: extname = "session ticket"; break; | > > > > > > > > > > > > > > > > > > > > > | | > > > > > > > > | > > | > > > > > > | | > > > > > | 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 | extname = "use SRTP"; break; case TLSEXT_TYPE_heartbeat: extname = "heartbeat"; break; case TLSEXT_TYPE_application_layer_protocol_negotiation: extname = "application layer protocol negotiation"; break; case TLSEXT_TYPE_padding: extname = "TLS padding"; break; case TLSEXT_TYPE_session_ticket: extname = "session ticket"; break; #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) case TLSEXT_TYPE_pre_shared_key: extname = "pre shared key"; break; case TLSEXT_TYPE_early_data: extname = "early data"; break; case TLSEXT_TYPE_supported_versions: extname = "supported versions"; break; case TLSEXT_TYPE_cookie: extname = "cookie"; break; case TLSEXT_TYPE_psk_key_exchange_modes: extname = "PSK key exchange modes"; break; case TLSEXT_TYPE_certificate_authorities: extname = "certificate authorities"; break; case TLSEXT_TYPE_oid_filters: extname = "OID filters"; break; case TLSEXT_TYPE_post_handshake_auth: extname = "post handshake auth"; break; case TLSEXT_TYPE_signature_algorithms_cert: extname = "signature algorithms cert"; break; case TLSEXT_TYPE_key_share: extname = "key share"; break; #endif case TLSEXT_TYPE_renegotiate: extname = "renegotiation info"; break; default: extname = "unknown"; break; } |
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/s_client.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: s_client.c,v 1.44 2020/04/26 01:59:27 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
218 219 220 221 222 223 224 225 226 227 228 229 | BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); BIO_printf(bio_err, " -state - print the 'ssl' states\n"); BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err, " -quiet - no s_client output\n"); BIO_printf(bio_err, " -ign_eof - ignore input eof (default when -quiet)\n"); BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n"); BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); | > | | | 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 | BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n"); BIO_printf(bio_err, " -state - print the 'ssl' states\n"); BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err, " -quiet - no s_client output\n"); BIO_printf(bio_err, " -ign_eof - ignore input eof (default when -quiet)\n"); BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n"); BIO_printf(bio_err, " -tls1_3 - just use TLSv1.3\n"); BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n"); BIO_printf(bio_err, " -tls1_1 - just use TLSv1.1\n"); BIO_printf(bio_err, " -tls1 - just use TLSv1\n"); BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n"); BIO_printf(bio_err, " -mtu - set the link layer MTU\n"); BIO_printf(bio_err, " -no_tls1_3/-no_tls1_2/-no_tls1_1/-no_tls1 - turn off that protocol\n"); BIO_printf(bio_err, " -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err, " -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); BIO_printf(bio_err, " command to see what is available\n"); BIO_printf(bio_err, " -starttls prot - use the STARTTLS command before starting TLS\n"); BIO_printf(bio_err, " for those protocols that support it, where\n"); BIO_printf(bio_err, " 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err, " only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); BIO_printf(bio_err, " are supported.\n"); BIO_printf(bio_err, " -xmpphost host - connect to this virtual host on the xmpp server\n"); BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n"); BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n"); BIO_printf(bio_err, " -servername host - Set TLS extension servername in ClientHello\n"); BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err, " -status - request certificate status from server\n"); BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err, " -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); BIO_printf(bio_err, " -groups arg - specify EC groups (colon-separated list)\n"); #ifndef OPENSSL_NO_SRTP BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); #endif BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } |
| ︙ | ︙ | |||
288 289 290 291 292 293 294 |
};
int
s_client_main(int argc, char **argv)
{
unsigned int off = 0, clr = 0;
SSL *con = NULL;
| | | > > > | > | 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 |
};
int
s_client_main(int argc, char **argv)
{
unsigned int off = 0, clr = 0;
SSL *con = NULL;
int s, k, p = 0, pending = 0, state = 0, af = AF_UNSPEC;
char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL, *pbuf = NULL;
int cbuf_len, cbuf_off;
int sbuf_len, sbuf_off;
int pbuf_len, pbuf_off;
char *port = PORT_STR;
int full_log = 1;
char *host = SSL_HOST_NAME;
char *xmpphost = NULL;
char *proxy = NULL, *connect = NULL;
char *cert_file = NULL, *key_file = NULL;
int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
char *passarg = NULL, *pass = NULL;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
char *CApath = NULL, *CAfile = NULL, *cipher = NULL;
int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0;
int crlf = 0;
int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
SSL_CTX *ctx = NULL;
int ret = 1, in_init = 1, i, nbio_test = 0;
int starttls_proto = PROTO_OFF;
int prexit = 0;
int peekaboo = 0;
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
const SSL_METHOD *meth = NULL;
int socket_type = SOCK_STREAM;
BIO *sbio;
int mbuf_len = 0;
struct timeval timeout;
const char *errstr = NULL;
char *servername = NULL;
tlsextctx tlsextcbp = {NULL, 0};
const char *alpn_in = NULL;
const char *groups_in = NULL;
char *sess_in = NULL;
char *sess_out = NULL;
struct sockaddr peer;
int peerlen = sizeof(peer);
int enable_timeouts = 0;
long socket_mtu = 0;
uint16_t min_version = 0, max_version = 0;
if (single_execution) {
if (pledge("stdio cpath wpath rpath inet dns tty", NULL) == -1) {
perror("pledge");
exit(1);
}
}
meth = TLS_client_method();
c_Pause = 0;
c_quiet = 0;
c_ign_eof = 0;
c_debug = 0;
c_msg = 0;
c_showcerts = 0;
if (((cbuf = malloc(BUFSIZZ)) == NULL) ||
((sbuf = malloc(BUFSIZZ)) == NULL) ||
((pbuf = malloc(BUFSIZZ)) == NULL) ||
((mbuf = malloc(BUFSIZZ + 1)) == NULL)) { /* NUL byte */
BIO_printf(bio_err, "out of memory\n");
goto end;
}
verify_depth = 0;
c_nbio = 0;
|
| ︙ | ︙ | |||
411 412 413 414 415 416 417 418 419 420 421 422 423 424 |
if (badarg)
goto bad;
continue;
} else if (strcmp(*argv, "-verify_return_error") == 0)
verify_return_error = 1;
else if (strcmp(*argv, "-prexit") == 0)
prexit = 1;
else if (strcmp(*argv, "-crlf") == 0)
crlf = 1;
else if (strcmp(*argv, "-quiet") == 0) {
c_quiet = 1;
c_ign_eof = 1;
} else if (strcmp(*argv, "-ign_eof") == 0)
c_ign_eof = 1;
| > > | 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 |
if (badarg)
goto bad;
continue;
} else if (strcmp(*argv, "-verify_return_error") == 0)
verify_return_error = 1;
else if (strcmp(*argv, "-prexit") == 0)
prexit = 1;
else if (strcmp(*argv, "-peekaboo") == 0)
peekaboo = 1;
else if (strcmp(*argv, "-crlf") == 0)
crlf = 1;
else if (strcmp(*argv, "-quiet") == 0) {
c_quiet = 1;
c_ign_eof = 1;
} else if (strcmp(*argv, "-ign_eof") == 0)
c_ign_eof = 1;
|
| ︙ | ︙ | |||
436 437 438 439 440 441 442 | c_msg = 1; else if (strcmp(*argv, "-showcerts") == 0) c_showcerts = 1; else if (strcmp(*argv, "-nbio_test") == 0) nbio_test = 1; else if (strcmp(*argv, "-state") == 0) state = 1; | | | > > > > | | > | | > | | | 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 |
c_msg = 1;
else if (strcmp(*argv, "-showcerts") == 0)
c_showcerts = 1;
else if (strcmp(*argv, "-nbio_test") == 0)
nbio_test = 1;
else if (strcmp(*argv, "-state") == 0)
state = 1;
else if (strcmp(*argv, "-tls1_3") == 0) {
min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION;
} else if (strcmp(*argv, "-tls1_2") == 0) {
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
} else if (strcmp(*argv, "-tls1_1") == 0) {
min_version = TLS1_1_VERSION;
max_version = TLS1_1_VERSION;
} else if (strcmp(*argv, "-tls1") == 0) {
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
#ifndef OPENSSL_NO_DTLS1
} else if (strcmp(*argv, "-dtls1") == 0) {
meth = DTLS_client_method();
socket_type = SOCK_DGRAM;
} else if (strcmp(*argv, "-timeout") == 0)
enable_timeouts = 1;
else if (strcmp(*argv, "-mtu") == 0) {
if (--argc < 1)
goto bad;
socket_mtu = strtonum(*(++argv), 0, LONG_MAX, &errstr);
|
| ︙ | ︙ | |||
480 481 482 483 484 485 486 |
if (--argc < 1)
goto bad;
CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1)
goto bad;
CAfile = *(++argv);
| > > | | 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 |
if (--argc < 1)
goto bad;
CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1)
goto bad;
CAfile = *(++argv);
} else if (strcmp(*argv, "-no_tls1_3") == 0)
off |= SSL_OP_NO_TLSv1_3;
else if (strcmp(*argv, "-no_tls1_2") == 0)
off |= SSL_OP_NO_TLSv1_2;
else if (strcmp(*argv, "-no_tls1_1") == 0)
off |= SSL_OP_NO_TLSv1_1;
else if (strcmp(*argv, "-no_tls1") == 0)
off |= SSL_OP_NO_TLSv1;
else if (strcmp(*argv, "-no_ssl3") == 0)
off |= SSL_OP_NO_SSLv3;
|
| ︙ | ︙ | |||
541 542 543 544 545 546 547 | starttls_proto = PROTO_IMAP; else if (strcmp(*argv, "ftp") == 0) starttls_proto = PROTO_FTP; else if (strcmp(*argv, "xmpp") == 0) starttls_proto = PROTO_XMPP; else goto bad; | < | < | < | 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 |
starttls_proto = PROTO_IMAP;
else if (strcmp(*argv, "ftp") == 0)
starttls_proto = PROTO_FTP;
else if (strcmp(*argv, "xmpp") == 0)
starttls_proto = PROTO_XMPP;
else
goto bad;
} else if (strcmp(*argv, "-4") == 0) {
af = AF_INET;
} else if (strcmp(*argv, "-6") == 0) {
af = AF_INET6;
} else if (strcmp(*argv, "-servername") == 0) {
if (--argc < 1)
goto bad;
servername = *(++argv);
}
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
goto bad;
srtp_profiles = *(++argv);
}
|
| ︙ | ︙ | |||
639 640 641 642 643 644 645 646 647 648 649 650 651 652 |
ctx = SSL_CTX_new(meth);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
if (bugs)
SSL_CTX_set_options(ctx, SSL_OP_ALL | off);
| > > > > > | 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 |
ctx = SSL_CTX_new(meth);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
if (!SSL_CTX_set_min_proto_version(ctx, min_version))
goto end;
if (!SSL_CTX_set_max_proto_version(ctx, max_version))
goto end;
#ifndef OPENSSL_NO_SRTP
if (srtp_profiles != NULL)
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif
if (bugs)
SSL_CTX_set_options(ctx, SSL_OP_ALL | off);
|
| ︙ | ︙ | |||
821 822 823 824 825 826 827 828 829 830 831 832 833 834 | read_ssl = 1; write_ssl = 1; cbuf_len = 0; cbuf_off = 0; sbuf_len = 0; sbuf_off = 0; /* This is an ugly hack that does a lot of assumptions */ /* * We do have to handle multi-line responses which may come in a * single packet or not. We therefore have to use BIO_gets() which * does need a buffering BIO. So during the initial chitchat we do * push a buffering BIO into the chain that is removed again later on | > > | 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 | read_ssl = 1; write_ssl = 1; cbuf_len = 0; cbuf_off = 0; sbuf_len = 0; sbuf_off = 0; pbuf_len = 0; pbuf_off = 0; /* This is an ugly hack that does a lot of assumptions */ /* * We do have to handle multi-line responses which may come in a * single packet or not. We therefore have to use BIO_gets() which * does need a buffering BIO. So during the initial chitchat we do * push a buffering BIO into the chain that is removed again later on |
| ︙ | ︙ | |||
1110 1111 1112 1113 1114 1115 1116 |
static int iiii;
if (++iiii == 52) {
SSL_renegotiate(con);
iiii = 0;
}
}
#endif
| > > > > > > > > > > > > | > > > > > > > | > > > > > > > > > > > > > > | 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 |
static int iiii;
if (++iiii == 52) {
SSL_renegotiate(con);
iiii = 0;
}
}
#endif
if (peekaboo) {
k = p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ );
pending = SSL_pending(con);
if (SSL_get_error(con, p) == SSL_ERROR_NONE) {
if (p <= 0)
goto end;
pbuf_off = 0;
pbuf_len = p;
k = SSL_read(con, sbuf, p);
}
} else {
k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
}
switch (SSL_get_error(con, k)) {
case SSL_ERROR_NONE:
if (k <= 0)
goto end;
sbuf_off = 0;
sbuf_len = k;
if (peekaboo) {
if (p != pending) {
ret = -1;
BIO_printf(bio_err,
"peeked %d but pending %d!\n", p, pending);
goto shut;
}
if (k < p) {
ret = -1;
BIO_printf(bio_err,
"read less than peek!\n");
goto shut;
}
if (p > 0 && (memcmp(sbuf, pbuf, p) != 0)) {
ret = -1;
BIO_printf(bio_err,
"peek of %d different from read of %d!\n",
p, k);
goto shut;
}
}
read_ssl = 0;
write_tty = 1;
break;
case SSL_ERROR_WANT_WRITE:
BIO_printf(bio_c_out, "read W BLOCK\n");
write_ssl = 1;
read_tty = 0;
|
| ︙ | ︙ |
Changes to jni/libressl/apps/openssl/s_server.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: s_server.c,v 1.33 2020/04/19 17:05:55 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
284 285 286 287 288 289 290 | BIO_printf(bio_err, " -dcert arg - second certificate file to use (usually for DSA)\n"); BIO_printf(bio_err, " -dcertform x - second certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err, " -dkey arg - second private key file to use (usually for DSA)\n"); BIO_printf(bio_err, " -dkeyform arg - second key format (PEM or DER) PEM default\n"); BIO_printf(bio_err, " -dpass arg - second private key file pass phrase source\n"); BIO_printf(bio_err, " -dhparam arg - DH parameter file to use, in cert file if not specified\n"); BIO_printf(bio_err, " or a default set of parameters is used\n"); | < < < | 284 285 286 287 288 289 290 291 292 293 294 295 296 297 | BIO_printf(bio_err, " -dcert arg - second certificate file to use (usually for DSA)\n"); BIO_printf(bio_err, " -dcertform x - second certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err, " -dkey arg - second private key file to use (usually for DSA)\n"); BIO_printf(bio_err, " -dkeyform arg - second key format (PEM or DER) PEM default\n"); BIO_printf(bio_err, " -dpass arg - second private key file pass phrase source\n"); BIO_printf(bio_err, " -dhparam arg - DH parameter file to use, in cert file if not specified\n"); BIO_printf(bio_err, " or a default set of parameters is used\n"); BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); BIO_printf(bio_err, " -nbio_test - test with the non-blocking test bio\n"); BIO_printf(bio_err, " -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err, " -debug - Print more output\n"); BIO_printf(bio_err, " -msg - Show protocol messages\n"); BIO_printf(bio_err, " -state - Print the SSL states\n"); BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); |
| ︙ | ︙ | |||
329 330 331 332 333 334 335 | BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); BIO_printf(bio_err, " -cert2 arg - certificate file to use for servername\n"); BIO_printf(bio_err, " (default is %s)\n", TEST_CERT2); BIO_printf(bio_err, " -key2 arg - Private Key file to use for servername, in cert file if\n"); BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); | | > | 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 | BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); BIO_printf(bio_err, " -cert2 arg - certificate file to use for servername\n"); BIO_printf(bio_err, " (default is %s)\n", TEST_CERT2); BIO_printf(bio_err, " -key2 arg - Private Key file to use for servername, in cert file if\n"); BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); BIO_printf(bio_err, " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); BIO_printf(bio_err, " -groups arg - specify EC groups (colon-separated list)\n"); #ifndef OPENSSL_NO_SRTP BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); #endif BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err, " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } |
| ︙ | ︙ | |||
577 578 579 580 581 582 583 584 585 586 587 588 589 590 |
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0;
const char *errstr = NULL;
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
const char *alpn_in = NULL;
tlsextalpnctx alpn_ctx = { NULL, 0 };
if (single_execution) {
if (pledge("stdio rpath inet dns tty", NULL) == -1) {
perror("pledge");
exit(1);
}
| > | 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 |
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
int no_cache = 0;
const char *errstr = NULL;
EVP_PKEY *s_key2 = NULL;
X509 *s_cert2 = NULL;
tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
const char *alpn_in = NULL;
const char *groups_in = NULL;
tlsextalpnctx alpn_ctx = { NULL, 0 };
if (single_execution) {
if (pledge("stdio rpath inet dns tty", NULL) == -1) {
perror("pledge");
exit(1);
}
|
| ︙ | ︙ | |||
652 653 654 655 656 657 658 |
if (--argc < 1)
goto bad;
passarg = *(++argv);
} else if (strcmp(*argv, "-dhparam") == 0) {
if (--argc < 1)
goto bad;
dhfile = *(++argv);
| < | < | | 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 |
if (--argc < 1)
goto bad;
passarg = *(++argv);
} else if (strcmp(*argv, "-dhparam") == 0) {
if (--argc < 1)
goto bad;
dhfile = *(++argv);
} else if (strcmp(*argv, "-named_curve") == 0) {
if (--argc < 1)
goto bad;
named_curve = *(++argv);
} else if (strcmp(*argv, "-dcertform") == 0) {
if (--argc < 1)
goto bad;
s_dcert_format = str2fmt(*(++argv));
} else if (strcmp(*argv, "-dcert") == 0) {
if (--argc < 1)
goto bad;
s_dcert_file = *(++argv);
|
| ︙ | ︙ | |||
827 828 829 830 831 832 833 834 835 836 837 838 839 840 |
if (--argc < 1)
goto bad;
++argv;
} else if (strcmp(*argv,"-alpn") == 0) {
if (--argc < 1)
goto bad;
alpn_in = *(++argv);
}
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
goto bad;
srtp_profiles = *(++argv);
}
| > > > > | 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 |
if (--argc < 1)
goto bad;
++argv;
} else if (strcmp(*argv,"-alpn") == 0) {
if (--argc < 1)
goto bad;
alpn_in = *(++argv);
} else if (strcmp(*argv, "-groups") == 0) {
if (--argc < 1)
goto bad;
groups_in = *(++argv);
}
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
goto bad;
srtp_profiles = *(++argv);
}
|
| ︙ | ︙ | |||
1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 |
ERR_print_errors(bio_err);
}
if (vpm)
SSL_CTX_set1_param(ctx2, vpm);
}
if (alpn_ctx.data)
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
#ifndef OPENSSL_NO_DH
if (!no_dhe) {
DH *dh = NULL;
if (dhfile)
dh = load_dh_param(dhfile);
| > > > > > > > > | 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 |
ERR_print_errors(bio_err);
}
if (vpm)
SSL_CTX_set1_param(ctx2, vpm);
}
if (alpn_ctx.data)
SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
if (groups_in != NULL) {
if (SSL_CTX_set1_groups_list(ctx, groups_in) != 1) {
BIO_printf(bio_err, "Failed to set groups '%s'\n",
groups_in);
goto end;
}
}
#ifndef OPENSSL_NO_DH
if (!no_dhe) {
DH *dh = NULL;
if (dhfile)
dh = load_dh_param(dhfile);
|
| ︙ | ︙ | |||
1104 1105 1106 1107 1108 1109 1110 | goto end; } } DH_free(dh); } #endif | | > < | < < | | | | | < | | | | < < | < < < < < < < < | 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 |
goto end;
}
}
DH_free(dh);
}
#endif
if (!no_ecdhe && named_curve != NULL) {
EC_KEY *ecdh = NULL;
int nid;
if ((nid = OBJ_sn2nid(named_curve)) == 0) {
BIO_printf(bio_err, "unknown curve name (%s)\n",
named_curve);
goto end;
}
if ((ecdh = EC_KEY_new_by_curve_name(nid)) == NULL) {
BIO_printf(bio_err, "unable to create curve (%s)\n",
named_curve);
goto end;
}
BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
(void) BIO_flush(bio_s_out);
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
if (ctx2)
SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
EC_KEY_free(ecdh);
}
|
| ︙ | ︙ |
Changes to jni/libressl/compile.
1 2 3 4 5 | #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. scriptversion=2018-03-07.03; # UTC | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 | #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. scriptversion=2018-03-07.03; # UTC # Copyright (C) 1999-2020 Free Software Foundation, Inc. # Written by Tom Tromey <tromey@cygnus.com>. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # |
| ︙ | ︙ | |||
49 50 51 52 53 54 55 |
/ | /[!/]*) # absolute file, and not a UNC file
if test -z "$file_conv"; then
# lazily determine how to convert abs files
case `uname -s` in
MINGW*)
file_conv=mingw
;;
| | | | 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
/ | /[!/]*) # absolute file, and not a UNC file
if test -z "$file_conv"; then
# lazily determine how to convert abs files
case `uname -s` in
MINGW*)
file_conv=mingw
;;
CYGWIN* | MSYS*)
file_conv=cygwin
;;
*)
file_conv=wine
;;
esac
fi
case $file_conv/,$2, in
*,$file_conv,*)
;;
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/* | msys/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
file=`winepath -w "$file" || echo "$file"`
;;
esac
;;
|
| ︙ | ︙ |
Changes to jni/libressl/configure.
1 2 | #! /bin/sh # Guess values for system-dependent variables and create Makefiles. | | | 1 2 3 4 5 6 7 8 9 10 | #! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for libressl 3.1.1. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. |
| ︙ | ︙ | |||
583 584 585 586 587 588 589 | subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libressl' PACKAGE_TARNAME='libressl' | | | | 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 | subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libressl' PACKAGE_TARNAME='libressl' PACKAGE_VERSION='3.1.1' PACKAGE_STRING='libressl 3.1.1' PACKAGE_BUGREPORT='' PACKAGE_URL='' # Factoring default headers for most tests. ac_includes_default="\ #include <stdio.h> #ifdef HAVE_SYS_TYPES_H |
| ︙ | ︙ | |||
644 645 646 647 648 649 650 651 652 653 654 655 656 657 | HOST_ASM_ELF_X86_64_TRUE HOST_ASM_ELF_ARM_FALSE HOST_ASM_ELF_ARM_TRUE OPENSSL_NO_ASM_FALSE OPENSSL_NO_ASM_TRUE HOST_CPU_IS_INTEL_FALSE HOST_CPU_IS_INTEL_TRUE ENABLE_EXTRATESTS_FALSE ENABLE_EXTRATESTS_TRUE OPENSSLDIR_DEFINED_FALSE OPENSSLDIR_DEFINED_TRUE OPENSSLDIR HAVE_B64_NTOP_FALSE HAVE_B64_NTOP_TRUE | > > | 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 | HOST_ASM_ELF_X86_64_TRUE HOST_ASM_ELF_ARM_FALSE HOST_ASM_ELF_ARM_TRUE OPENSSL_NO_ASM_FALSE OPENSSL_NO_ASM_TRUE HOST_CPU_IS_INTEL_FALSE HOST_CPU_IS_INTEL_TRUE ENABLE_TESTS_FALSE ENABLE_TESTS_TRUE ENABLE_EXTRATESTS_FALSE ENABLE_EXTRATESTS_TRUE OPENSSLDIR_DEFINED_FALSE OPENSSLDIR_DEFINED_TRUE OPENSSLDIR HAVE_B64_NTOP_FALSE HAVE_B64_NTOP_TRUE |
| ︙ | ︙ | |||
726 727 728 729 730 731 732 733 734 735 736 737 738 739 | HOST_WIN_TRUE HOST_SOLARIS_FALSE HOST_SOLARIS_TRUE HOST_OPENBSD_FALSE HOST_OPENBSD_TRUE HOST_NETBSD_FALSE HOST_NETBSD_TRUE HOST_LINUX_FALSE HOST_LINUX_TRUE HOST_HPUX_FALSE HOST_HPUX_TRUE HOST_FREEBSD_FALSE HOST_FREEBSD_TRUE HOST_DARWIN_FALSE | > > | 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 | HOST_WIN_TRUE HOST_SOLARIS_FALSE HOST_SOLARIS_TRUE HOST_OPENBSD_FALSE HOST_OPENBSD_TRUE HOST_NETBSD_FALSE HOST_NETBSD_TRUE HOST_MIDIPIX_FALSE HOST_MIDIPIX_TRUE HOST_LINUX_FALSE HOST_LINUX_TRUE HOST_HPUX_FALSE HOST_HPUX_TRUE HOST_FREEBSD_FALSE HOST_FREEBSD_TRUE HOST_DARWIN_FALSE |
| ︙ | ︙ | |||
876 877 878 879 880 881 882 883 884 885 886 887 888 889 |
with_sysroot
enable_libtool_lock
enable_nc
enable_hardening
enable_windows_ssp
with_openssldir
enable_extratests
enable_asm
'
ac_precious_vars='build_alias
host_alias
target_alias
CC
CFLAGS
| > | 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 |
with_sysroot
enable_libtool_lock
enable_nc
enable_hardening
enable_windows_ssp
with_openssldir
enable_extratests
enable_tests
enable_asm
'
ac_precious_vars='build_alias
host_alias
target_alias
CC
CFLAGS
|
| ︙ | ︙ | |||
1429 1430 1431 1432 1433 1434 1435 | # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF | | | 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 | # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures libressl 3.1.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. |
| ︙ | ︙ | |||
1499 1500 1501 1502 1503 1504 1505 | --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in | | | 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 |
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
_ACEOF
fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of libressl 3.1.1:";;
esac
cat <<\_ACEOF
Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
|
| ︙ | ︙ | |||
1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 |
--enable-nc Enable installing TLS-enabled nc(1)
--disable-hardening Disable options to frustrate memory corruption
exploits
--enable-windows-ssp Enable building the stack smashing protection on
Windows. This currently distributing libssp-0.dll.
--enable-extratests Enable extra tests that may be unreliable on some
platforms
--disable-asm Disable assembly
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
| > | 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 |
--enable-nc Enable installing TLS-enabled nc(1)
--disable-hardening Disable options to frustrate memory corruption
exploits
--enable-windows-ssp Enable building the stack smashing protection on
Windows. This currently distributing libssp-0.dll.
--enable-extratests Enable extra tests that may be unreliable on some
platforms
--disable-tests Disable tests [default=enabled]
--disable-asm Disable assembly
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
both]
|
| ︙ | ︙ | |||
1615 1616 1617 1618 1619 1620 1621 |
cd "$ac_pwd" || { ac_status=$?; break; }
done
fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
| | | 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 |
cd "$ac_pwd" || { ac_status=$?; break; }
done
fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
libressl configure 3.1.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
exit
|
| ︙ | ︙ | |||
2163 2164 2165 2166 2167 2168 2169 | as_fn_set_status $ac_retval } # ac_fn_c_compute_int cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. | | | 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 |
as_fn_set_status $ac_retval
} # ac_fn_c_compute_int
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by libressl $as_me 3.1.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
_ACEOF
exec 5>>config.log
{
|
| ︙ | ︙ | |||
2511 2512 2513 2514 2515 2516 2517 | ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu | | | | | 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 |
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
LIBCRYPTO_VERSION=46:1:0
LIBSSL_VERSION=48:1:0
LIBTLS_VERSION=20:1:0
ac_aux_dir=
for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
if test -f "$ac_dir/install-sh"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install-sh -c"
|
| ︙ | ︙ | |||
3104 3105 3106 3107 3108 3109 3110 |
CYGPATH_W=echo
fi
fi
# Define the identity of the package.
PACKAGE='libressl'
| | | 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 |
CYGPATH_W=echo
fi
fi
# Define the identity of the package.
PACKAGE='libressl'
VERSION='3.1.1'
cat >>confdefs.h <<_ACEOF
#define PACKAGE "$PACKAGE"
_ACEOF
|
| ︙ | ︙ | |||
12002 12003 12004 12005 12006 12007 12008 12009 12010 12011 12012 12013 12014 12015 | CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT" ;; *linux*) HOST_OS=linux HOST_ABI=elf CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE" ;; *netbsd*) HOST_OS=netbsd HOST_ABI=elf cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <sys/param.h> | > > > > | 12008 12009 12010 12011 12012 12013 12014 12015 12016 12017 12018 12019 12020 12021 12022 12023 12024 12025 | CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT" ;; *linux*) HOST_OS=linux HOST_ABI=elf CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE" ;; *midipix*) HOST_OS=midipix CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE" ;; *netbsd*) HOST_OS=netbsd HOST_ABI=elf cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <sys/param.h> |
| ︙ | ︙ | |||
12047 12048 12049 12050 12051 12052 12053 | *mingw*) HOST_OS=win HOST_ABI=mingw64 BUILD_NC=no CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO" CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS" CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN" | | | 12057 12058 12059 12060 12061 12062 12063 12064 12065 12066 12067 12068 12069 12070 12071 | *mingw*) HOST_OS=win HOST_ABI=mingw64 BUILD_NC=no CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO" CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS" CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN" CPPFLAGS="$CPPFLAGS" PLATFORM_LDADD='-lws2_32' ;; *solaris*) HOST_OS=solaris HOST_ABI=elf CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP" |
| ︙ | ︙ | |||
12130 12131 12132 12133 12134 12135 12136 12137 12138 12139 12140 12141 12142 12143 | if test x$HOST_OS = xlinux; then HOST_LINUX_TRUE= HOST_LINUX_FALSE='#' else HOST_LINUX_TRUE='#' HOST_LINUX_FALSE= fi if test x$HOST_OS = xnetbsd; then HOST_NETBSD_TRUE= HOST_NETBSD_FALSE='#' else HOST_NETBSD_TRUE='#' HOST_NETBSD_FALSE= | > > > > > > > > | 12140 12141 12142 12143 12144 12145 12146 12147 12148 12149 12150 12151 12152 12153 12154 12155 12156 12157 12158 12159 12160 12161 | if test x$HOST_OS = xlinux; then HOST_LINUX_TRUE= HOST_LINUX_FALSE='#' else HOST_LINUX_TRUE='#' HOST_LINUX_FALSE= fi if test x$HOST_OS = xmidipix; then HOST_MIDIPIX_TRUE= HOST_MIDIPIX_FALSE='#' else HOST_MIDIPIX_TRUE='#' HOST_MIDIPIX_FALSE= fi if test x$HOST_OS = xnetbsd; then HOST_NETBSD_TRUE= HOST_NETBSD_FALSE='#' else HOST_NETBSD_TRUE='#' HOST_NETBSD_FALSE= |
| ︙ | ︙ | |||
13846 13847 13848 13849 13850 13851 13852 13853 13854 13855 13856 13857 13858 13859 |
ENABLE_EXTRATESTS_TRUE=
ENABLE_EXTRATESTS_FALSE='#'
else
ENABLE_EXTRATESTS_TRUE='#'
ENABLE_EXTRATESTS_FALSE=
fi
# Add CPU-specific alignment flags
old_cflags=$CFLAGS
CFLAGS="$CFLAGS -I$srcdir/include"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if BSWAP4 builds without __STRICT_ALIGNMENT" >&5
$as_echo_n "checking if BSWAP4 builds without __STRICT_ALIGNMENT... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
| > > > > > > > > > > > > > > > > > > > | 13864 13865 13866 13867 13868 13869 13870 13871 13872 13873 13874 13875 13876 13877 13878 13879 13880 13881 13882 13883 13884 13885 13886 13887 13888 13889 13890 13891 13892 13893 13894 13895 13896 |
ENABLE_EXTRATESTS_TRUE=
ENABLE_EXTRATESTS_FALSE='#'
else
ENABLE_EXTRATESTS_TRUE='#'
ENABLE_EXTRATESTS_FALSE=
fi
# Check whether --enable-tests was given.
if test "${enable_tests+set}" = set; then :
enableval=$enable_tests;
if ! test "x${enable_tests}" = "xyes"; then
enable_tests="no"
fi
else
enable_tests="yes"
fi
if test "x$enable_tests" = xyes; then
ENABLE_TESTS_TRUE=
ENABLE_TESTS_FALSE='#'
else
ENABLE_TESTS_TRUE='#'
ENABLE_TESTS_FALSE=
fi
# Add CPU-specific alignment flags
old_cflags=$CFLAGS
CFLAGS="$CFLAGS -I$srcdir/include"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if BSWAP4 builds without __STRICT_ALIGNMENT" >&5
$as_echo_n "checking if BSWAP4 builds without __STRICT_ALIGNMENT... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
| ︙ | ︙ | |||
14249 14250 14251 14252 14253 14254 14255 14256 14257 14258 14259 14260 14261 14262 |
as_fn_error $? "conditional \"HOST_HPUX\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HOST_LINUX_TRUE}" && test -z "${HOST_LINUX_FALSE}"; then
as_fn_error $? "conditional \"HOST_LINUX\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HOST_NETBSD_TRUE}" && test -z "${HOST_NETBSD_FALSE}"; then
as_fn_error $? "conditional \"HOST_NETBSD\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HOST_OPENBSD_TRUE}" && test -z "${HOST_OPENBSD_FALSE}"; then
as_fn_error $? "conditional \"HOST_OPENBSD\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
| > > > > | 14286 14287 14288 14289 14290 14291 14292 14293 14294 14295 14296 14297 14298 14299 14300 14301 14302 14303 |
as_fn_error $? "conditional \"HOST_HPUX\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HOST_LINUX_TRUE}" && test -z "${HOST_LINUX_FALSE}"; then
as_fn_error $? "conditional \"HOST_LINUX\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HOST_MIDIPIX_TRUE}" && test -z "${HOST_MIDIPIX_FALSE}"; then
as_fn_error $? "conditional \"HOST_MIDIPIX\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HOST_NETBSD_TRUE}" && test -z "${HOST_NETBSD_FALSE}"; then
as_fn_error $? "conditional \"HOST_NETBSD\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HOST_OPENBSD_TRUE}" && test -z "${HOST_OPENBSD_FALSE}"; then
as_fn_error $? "conditional \"HOST_OPENBSD\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
|
| ︙ | ︙ | |||
14408 14409 14410 14411 14412 14413 14414 14415 14416 14417 14418 14419 14420 14421 |
if test -z "${OPENSSLDIR_DEFINED_TRUE}" && test -z "${OPENSSLDIR_DEFINED_FALSE}"; then
as_fn_error $? "conditional \"OPENSSLDIR_DEFINED\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_EXTRATESTS_TRUE}" && test -z "${ENABLE_EXTRATESTS_FALSE}"; then
as_fn_error $? "conditional \"ENABLE_EXTRATESTS\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HOST_CPU_IS_INTEL_TRUE}" && test -z "${HOST_CPU_IS_INTEL_FALSE}"; then
as_fn_error $? "conditional \"HOST_CPU_IS_INTEL\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${OPENSSL_NO_ASM_TRUE}" && test -z "${OPENSSL_NO_ASM_FALSE}"; then
as_fn_error $? "conditional \"OPENSSL_NO_ASM\" was never defined.
| > > > > | 14449 14450 14451 14452 14453 14454 14455 14456 14457 14458 14459 14460 14461 14462 14463 14464 14465 14466 |
if test -z "${OPENSSLDIR_DEFINED_TRUE}" && test -z "${OPENSSLDIR_DEFINED_FALSE}"; then
as_fn_error $? "conditional \"OPENSSLDIR_DEFINED\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_EXTRATESTS_TRUE}" && test -z "${ENABLE_EXTRATESTS_FALSE}"; then
as_fn_error $? "conditional \"ENABLE_EXTRATESTS\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${ENABLE_TESTS_TRUE}" && test -z "${ENABLE_TESTS_FALSE}"; then
as_fn_error $? "conditional \"ENABLE_TESTS\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${HOST_CPU_IS_INTEL_TRUE}" && test -z "${HOST_CPU_IS_INTEL_FALSE}"; then
as_fn_error $? "conditional \"HOST_CPU_IS_INTEL\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${OPENSSL_NO_ASM_TRUE}" && test -z "${OPENSSL_NO_ASM_FALSE}"; then
as_fn_error $? "conditional \"OPENSSL_NO_ASM\" was never defined.
|
| ︙ | ︙ | |||
14838 14839 14840 14841 14842 14843 14844 | test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" | | | 14883 14884 14885 14886 14887 14888 14889 14890 14891 14892 14893 14894 14895 14896 14897 | test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by libressl $as_me 3.1.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ |
| ︙ | ︙ | |||
14895 14896 14897 14898 14899 14900 14901 | Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ | | | 14940 14941 14942 14943 14944 14945 14946 14947 14948 14949 14950 14951 14952 14953 14954 | Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ libressl config.status 3.1.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." |
| ︙ | ︙ | |||
15819 15820 15821 15822 15823 15824 15825 |
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } || am_rc=$?
done
if test $am_rc -ne 0; then
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "Something went wrong bootstrapping makefile fragments
| | > > | 15864 15865 15866 15867 15868 15869 15870 15871 15872 15873 15874 15875 15876 15877 15878 15879 15880 |
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } || am_rc=$?
done
if test $am_rc -ne 0; then
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "Something went wrong bootstrapping makefile fragments
for automatic dependency tracking. If GNU make was not used, consider
re-running the configure script with MAKE=\"gmake\" (or whatever is
necessary). You can also try re-running configure with the
'--disable-dependency-tracking' option to at least be able to build
the package (albeit without support for automatic dependency tracking).
See \`config.log' for more details" "$LINENO" 5; }
fi
{ am_dirpart=; unset am_dirpart;}
{ am_filepart=; unset am_filepart;}
{ am_mf=; unset am_mf;}
|
| ︙ | ︙ |
Changes to jni/libressl/configure.ac.
| ︙ | ︙ | |||
62 63 64 65 66 67 68 69 70 71 72 73 74 75 | ) AM_CONDITIONAL([OPENSSLDIR_DEFINED], [test x$with_openssldir != x]) AC_ARG_ENABLE([extratests], AS_HELP_STRING([--enable-extratests], [Enable extra tests that may be unreliable on some platforms])) AM_CONDITIONAL([ENABLE_EXTRATESTS], [test "x$enable_extratests" = xyes]) # Add CPU-specific alignment flags old_cflags=$CFLAGS CFLAGS="$CFLAGS -I$srcdir/include" AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT]) AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"], [int a = 0; BSWAP4(a);], AC_MSG_RESULT([yes]) | > > > > > > > > > | 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
)
AM_CONDITIONAL([OPENSSLDIR_DEFINED], [test x$with_openssldir != x])
AC_ARG_ENABLE([extratests],
AS_HELP_STRING([--enable-extratests], [Enable extra tests that may be unreliable on some platforms]))
AM_CONDITIONAL([ENABLE_EXTRATESTS], [test "x$enable_extratests" = xyes])
AC_ARG_ENABLE([tests],
[AS_HELP_STRING([--disable-tests], [Disable tests @<:@default=enabled@:>@])],
[
if ! test "x${enable_tests}" = "xyes"; then
enable_tests="no"
fi],
[enable_tests="yes"])
AM_CONDITIONAL([ENABLE_TESTS], [test "x$enable_tests" = xyes])
# Add CPU-specific alignment flags
old_cflags=$CFLAGS
CFLAGS="$CFLAGS -I$srcdir/include"
AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT])
AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
[int a = 0; BSWAP4(a);],
AC_MSG_RESULT([yes])
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/CMakeLists.txt.
| ︙ | ︙ | |||
380 381 382 383 384 385 386 387 388 389 390 391 392 393 | cast/c_enc.c cast/c_ofb64.c cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c cmac/cmac.c comp/c_rle.c comp/c_zlib.c comp/comp_err.c comp/comp_lib.c conf/conf_api.c conf/conf_def.c conf/conf_err.c | > > > > > > > > > > > > > > > | 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 | cast/c_enc.c cast/c_ofb64.c cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c cmac/cmac.c cms/cms_asn1.c cms/cms_att.c cms/cms_cd.c cms/cms_dd.c cms/cms_enc.c cms/cms_env.c cms/cms_err.c cms/cms_ess.c cms/cms_io.c cms/cms_kari.c cms/cms_lcl.h cms/cms_lib.c cms/cms_pwri.c cms/cms_sd.c cms/cms_smime.c comp/c_rle.c comp/c_zlib.c comp/comp_err.c comp/comp_lib.c conf/conf_api.c conf/conf_def.c conf/conf_err.c |
| ︙ | ︙ | |||
789 790 791 792 793 794 795 |
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_rename)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_connect)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_close)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_read)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_write)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_getsockopt)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_setsockopt)
| < | 804 805 806 807 808 809 810 811 812 813 814 815 816 817 |
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_rename)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_connect)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_close)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_read)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_write)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_getsockopt)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_setsockopt)
endif()
if(NOT HAVE_ASPRINTF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} asprintf)
set(EXTRA_EXPORT ${EXTRA_EXPORT} vasprintf)
endif()
|
| ︙ | ︙ | |||
964 965 966 967 968 969 970 | ecdsa evp modes ../include/compat PUBLIC ../include) | < | | | | | | | | | | < | 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 |
ecdsa
evp
modes
../include/compat
PUBLIC
../include)
export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym)
target_link_libraries(crypto ${PLATFORM_LIBS})
if (WIN32)
set(CRYPTO_POSTFIX -${CRYPTO_MAJOR_VERSION})
endif()
set_target_properties(crypto PROPERTIES
OUTPUT_NAME crypto${CRYPTO_POSTFIX}
ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX})
set_target_properties(crypto PROPERTIES VERSION
${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
if(ENABLE_LIBRESSL_INSTALL)
install(
TARGETS crypto
ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
)
endif(ENABLE_LIBRESSL_INSTALL)
|
Changes to jni/libressl/crypto/Makefile.am.
| ︙ | ︙ | |||
17 18 19 20 21 22 23 | # needed for a CMake target EXTRA_DIST += compat/strcasecmp.c BUILT_SOURCES = crypto_portable.sym CLEANFILES = crypto_portable.sym | | | 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | # needed for a CMake target EXTRA_DIST += compat/strcasecmp.c BUILT_SOURCES = crypto_portable.sym CLEANFILES = crypto_portable.sym crypto_portable.sym: crypto.sym Makefile -echo "generating crypto_portable.sym ..." -cp $(top_srcdir)/crypto/crypto.sym crypto_portable.sym -chmod u+w crypto_portable.sym if !HAVE_ARC4RANDOM_BUF -echo arc4random >> crypto_portable.sym -echo arc4random_buf >> crypto_portable.sym -echo arc4random_uniform >> crypto_portable.sym |
| ︙ | ︙ | |||
90 91 92 93 94 95 96 97 98 99 100 101 102 103 | -echo posix_setsockopt >> crypto_portable.sym -echo getuid >> crypto_portable.sym -grep -v BIO_s_log crypto_portable.sym > crypto_portable.sym.tmp -mv crypto_portable.sym.tmp crypto_portable.sym endif libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym libcrypto_la_LIBADD = libcompat.la if !HAVE_EXPLICIT_BZERO libcrypto_la_LIBADD += libcompatnoopt.la endif libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS) libcrypto_la_CPPFLAGS += -DLIBRESSL_INTERNAL libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK | > | 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | -echo posix_setsockopt >> crypto_portable.sym -echo getuid >> crypto_portable.sym -grep -v BIO_s_log crypto_portable.sym > crypto_portable.sym.tmp -mv crypto_portable.sym.tmp crypto_portable.sym endif libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym libcrypto_la_LIBADD = libcompat.la if !HAVE_EXPLICIT_BZERO libcrypto_la_LIBADD += libcompatnoopt.la endif libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS) libcrypto_la_CPPFLAGS += -DLIBRESSL_INTERNAL libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK |
| ︙ | ︙ | |||
443 444 445 446 447 448 449 450 451 452 453 454 455 456 | libcrypto_la_SOURCES += chacha/chacha.c # cmac libcrypto_la_SOURCES += cmac/cm_ameth.c libcrypto_la_SOURCES += cmac/cm_pmeth.c libcrypto_la_SOURCES += cmac/cmac.c # comp libcrypto_la_SOURCES += comp/c_rle.c libcrypto_la_SOURCES += comp/c_zlib.c libcrypto_la_SOURCES += comp/comp_err.c libcrypto_la_SOURCES += comp/comp_lib.c # conf | > > > > > > > > > > > > > > > > > | 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 | libcrypto_la_SOURCES += chacha/chacha.c # cmac libcrypto_la_SOURCES += cmac/cm_ameth.c libcrypto_la_SOURCES += cmac/cm_pmeth.c libcrypto_la_SOURCES += cmac/cmac.c # cms libcrypto_la_SOURCES += cms/cms_asn1.c libcrypto_la_SOURCES += cms/cms_att.c libcrypto_la_SOURCES += cms/cms_cd.c libcrypto_la_SOURCES += cms/cms_dd.c libcrypto_la_SOURCES += cms/cms_enc.c libcrypto_la_SOURCES += cms/cms_env.c libcrypto_la_SOURCES += cms/cms_err.c libcrypto_la_SOURCES += cms/cms_ess.c libcrypto_la_SOURCES += cms/cms_io.c libcrypto_la_SOURCES += cms/cms_kari.c libcrypto_la_SOURCES += cms/cms_lib.c libcrypto_la_SOURCES += cms/cms_pwri.c libcrypto_la_SOURCES += cms/cms_sd.c libcrypto_la_SOURCES += cms/cms_smime.c noinst_HEADERS += cms/cms_lcl.h # comp libcrypto_la_SOURCES += comp/c_rle.c libcrypto_la_SOURCES += comp/c_zlib.c libcrypto_la_SOURCES += comp/comp_err.c libcrypto_la_SOURCES += comp/comp_lib.c # conf |
| ︙ | ︙ | |||
676 677 678 679 680 681 682 | libcrypto_la_SOURCES += gost/gostr341001.c libcrypto_la_SOURCES += gost/gostr341001_ameth.c libcrypto_la_SOURCES += gost/gostr341001_key.c libcrypto_la_SOURCES += gost/gostr341001_params.c libcrypto_la_SOURCES += gost/gostr341001_pmeth.c libcrypto_la_SOURCES += gost/gostr341194.c libcrypto_la_SOURCES += gost/streebog.c | < | 694 695 696 697 698 699 700 701 702 703 704 705 706 707 | libcrypto_la_SOURCES += gost/gostr341001.c libcrypto_la_SOURCES += gost/gostr341001_ameth.c libcrypto_la_SOURCES += gost/gostr341001_key.c libcrypto_la_SOURCES += gost/gostr341001_params.c libcrypto_la_SOURCES += gost/gostr341001_pmeth.c libcrypto_la_SOURCES += gost/gostr341194.c libcrypto_la_SOURCES += gost/streebog.c noinst_HEADERS += gost/gost_asn1.h noinst_HEADERS += gost/gost_locl.h # hkdf libcrypto_la_SOURCES += hkdf/hkdf.c # hmac |
| ︙ | ︙ |
Changes to jni/libressl/crypto/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ | |||
385 386 387 388 389 390 391 | bn/bn_print.c bn/bn_rand.c bn/bn_recp.c bn/bn_shift.c \ bn/bn_sqr.c bn/bn_sqrt.c bn/bn_word.c bn/bn_x931p.c \ buffer/buf_err.c buffer/buf_str.c buffer/buffer.c \ camellia/cmll_cfb.c camellia/cmll_ctr.c camellia/cmll_ecb.c \ camellia/cmll_misc.c camellia/cmll_ofb.c cast/c_cfb64.c \ cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c cast/c_skey.c \ chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c cmac/cmac.c \ | > > > > | | | | | | | | | | | | | | | | < > | | | | | | | | | | | | | | | | | | | | 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 | bn/bn_print.c bn/bn_rand.c bn/bn_recp.c bn/bn_shift.c \ bn/bn_sqr.c bn/bn_sqrt.c bn/bn_word.c bn/bn_x931p.c \ buffer/buf_err.c buffer/buf_str.c buffer/buffer.c \ camellia/cmll_cfb.c camellia/cmll_ctr.c camellia/cmll_ecb.c \ camellia/cmll_misc.c camellia/cmll_ofb.c cast/c_cfb64.c \ cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c cast/c_skey.c \ chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c cmac/cmac.c \ cms/cms_asn1.c cms/cms_att.c cms/cms_cd.c cms/cms_dd.c \ cms/cms_enc.c cms/cms_env.c cms/cms_err.c cms/cms_ess.c \ cms/cms_io.c cms/cms_kari.c cms/cms_lib.c cms/cms_pwri.c \ cms/cms_sd.c cms/cms_smime.c comp/c_rle.c comp/c_zlib.c \ comp/comp_err.c comp/comp_lib.c conf/conf_api.c \ conf/conf_def.c conf/conf_err.c conf/conf_lib.c \ conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c \ curve25519/curve25519-generic.c curve25519/curve25519.c \ des/cbc_cksm.c des/cbc_enc.c des/cfb64ede.c des/cfb64enc.c \ des/cfb_enc.c des/des_enc.c des/ecb3_enc.c des/ecb_enc.c \ des/ede_cbcm_enc.c des/enc_read.c des/enc_writ.c des/fcrypt.c \ des/fcrypt_b.c des/ofb64ede.c des/ofb64enc.c des/ofb_enc.c \ des/pcbc_enc.c des/qud_cksm.c des/rand_key.c des/set_key.c \ des/str2key.c des/xcbc_enc.c dh/dh_ameth.c dh/dh_asn1.c \ dh/dh_check.c dh/dh_depr.c dh/dh_err.c dh/dh_gen.c dh/dh_key.c \ dh/dh_lib.c dh/dh_pmeth.c dh/dh_prn.c dsa/dsa_ameth.c \ dsa/dsa_asn1.c dsa/dsa_depr.c dsa/dsa_err.c dsa/dsa_gen.c \ dsa/dsa_key.c dsa/dsa_lib.c dsa/dsa_meth.c dsa/dsa_ossl.c \ dsa/dsa_pmeth.c dsa/dsa_prn.c dsa/dsa_sign.c dsa/dsa_vrf.c \ dso/dso_dlfcn.c dso/dso_err.c dso/dso_lib.c dso/dso_null.c \ dso/dso_openssl.c ec/ec2_mult.c ec/ec2_oct.c ec/ec2_smpl.c \ ec/ec_ameth.c ec/ec_asn1.c ec/ec_check.c ec/ec_curve.c \ ec/ec_cvt.c ec/ec_err.c ec/ec_key.c ec/ec_kmeth.c ec/ec_lib.c \ ec/ec_mult.c ec/ec_oct.c ec/ec_pmeth.c ec/ec_print.c \ ec/eck_prn.c ec/ecp_mont.c ec/ecp_nist.c ec/ecp_oct.c \ ec/ecp_smpl.c ecdh/ecdh_kdf.c ecdh/ech_err.c ecdh/ech_key.c \ ecdh/ech_lib.c ecdsa/ecs_asn1.c ecdsa/ecs_err.c \ ecdsa/ecs_lib.c ecdsa/ecs_ossl.c ecdsa/ecs_sign.c \ ecdsa/ecs_vrf.c engine/eng_all.c engine/eng_cnf.c \ engine/eng_ctrl.c engine/eng_dyn.c engine/eng_err.c \ engine/eng_fat.c engine/eng_init.c engine/eng_lib.c \ engine/eng_list.c engine/eng_openssl.c engine/eng_pkey.c \ engine/eng_table.c engine/tb_asnmth.c engine/tb_cipher.c \ engine/tb_dh.c engine/tb_digest.c engine/tb_dsa.c \ engine/tb_ecdh.c engine/tb_ecdsa.c engine/tb_eckey.c \ engine/tb_pkmeth.c engine/tb_rand.c engine/tb_rsa.c \ engine/tb_store.c err/err.c err/err_all.c err/err_prn.c \ evp/bio_b64.c evp/bio_enc.c evp/bio_md.c evp/c_all.c \ evp/digest.c evp/e_aes.c evp/e_aes_cbc_hmac_sha1.c evp/e_bf.c \ evp/e_camellia.c evp/e_cast.c evp/e_chacha.c \ evp/e_chacha20poly1305.c evp/e_des.c evp/e_des3.c \ evp/e_gost2814789.c evp/e_idea.c evp/e_null.c evp/e_old.c \ evp/e_rc2.c evp/e_rc4.c evp/e_rc4_hmac_md5.c evp/e_sm4.c \ evp/e_xcbc_d.c evp/encode.c evp/evp_aead.c evp/evp_enc.c \ evp/evp_err.c evp/evp_key.c evp/evp_lib.c evp/evp_pbe.c \ evp/evp_pkey.c evp/m_dss.c evp/m_dss1.c evp/m_ecdsa.c \ evp/m_gost2814789.c evp/m_gostr341194.c evp/m_md4.c \ |
| ︙ | ︙ | |||
682 683 684 685 686 687 688 689 690 691 692 693 694 695 | camellia/libcrypto_la-cmll_ecb.lo \ camellia/libcrypto_la-cmll_misc.lo \ camellia/libcrypto_la-cmll_ofb.lo cast/libcrypto_la-c_cfb64.lo \ cast/libcrypto_la-c_ecb.lo cast/libcrypto_la-c_enc.lo \ cast/libcrypto_la-c_ofb64.lo cast/libcrypto_la-c_skey.lo \ chacha/libcrypto_la-chacha.lo cmac/libcrypto_la-cm_ameth.lo \ cmac/libcrypto_la-cm_pmeth.lo cmac/libcrypto_la-cmac.lo \ comp/libcrypto_la-c_rle.lo comp/libcrypto_la-c_zlib.lo \ comp/libcrypto_la-comp_err.lo comp/libcrypto_la-comp_lib.lo \ conf/libcrypto_la-conf_api.lo conf/libcrypto_la-conf_def.lo \ conf/libcrypto_la-conf_err.lo conf/libcrypto_la-conf_lib.lo \ conf/libcrypto_la-conf_mall.lo conf/libcrypto_la-conf_mod.lo \ conf/libcrypto_la-conf_sap.lo \ curve25519/libcrypto_la-curve25519-generic.lo \ | > > > > > > > | 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 | camellia/libcrypto_la-cmll_ecb.lo \ camellia/libcrypto_la-cmll_misc.lo \ camellia/libcrypto_la-cmll_ofb.lo cast/libcrypto_la-c_cfb64.lo \ cast/libcrypto_la-c_ecb.lo cast/libcrypto_la-c_enc.lo \ cast/libcrypto_la-c_ofb64.lo cast/libcrypto_la-c_skey.lo \ chacha/libcrypto_la-chacha.lo cmac/libcrypto_la-cm_ameth.lo \ cmac/libcrypto_la-cm_pmeth.lo cmac/libcrypto_la-cmac.lo \ cms/libcrypto_la-cms_asn1.lo cms/libcrypto_la-cms_att.lo \ cms/libcrypto_la-cms_cd.lo cms/libcrypto_la-cms_dd.lo \ cms/libcrypto_la-cms_enc.lo cms/libcrypto_la-cms_env.lo \ cms/libcrypto_la-cms_err.lo cms/libcrypto_la-cms_ess.lo \ cms/libcrypto_la-cms_io.lo cms/libcrypto_la-cms_kari.lo \ cms/libcrypto_la-cms_lib.lo cms/libcrypto_la-cms_pwri.lo \ cms/libcrypto_la-cms_sd.lo cms/libcrypto_la-cms_smime.lo \ comp/libcrypto_la-c_rle.lo comp/libcrypto_la-c_zlib.lo \ comp/libcrypto_la-comp_err.lo comp/libcrypto_la-comp_lib.lo \ conf/libcrypto_la-conf_api.lo conf/libcrypto_la-conf_def.lo \ conf/libcrypto_la-conf_err.lo conf/libcrypto_la-conf_lib.lo \ conf/libcrypto_la-conf_mall.lo conf/libcrypto_la-conf_mod.lo \ conf/libcrypto_la-conf_sap.lo \ curve25519/libcrypto_la-curve25519-generic.lo \ |
| ︙ | ︙ | |||
1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 | cast/$(DEPDIR)/libcrypto_la-c_ofb64.Plo \ cast/$(DEPDIR)/libcrypto_la-c_skey.Plo \ chacha/$(DEPDIR)/libcrypto_la-chacha-merged.Plo \ chacha/$(DEPDIR)/libcrypto_la-chacha.Plo \ cmac/$(DEPDIR)/libcrypto_la-cm_ameth.Plo \ cmac/$(DEPDIR)/libcrypto_la-cm_pmeth.Plo \ cmac/$(DEPDIR)/libcrypto_la-cmac.Plo \ comp/$(DEPDIR)/libcrypto_la-c_rle.Plo \ comp/$(DEPDIR)/libcrypto_la-c_zlib.Plo \ comp/$(DEPDIR)/libcrypto_la-comp_err.Plo \ comp/$(DEPDIR)/libcrypto_la-comp_lib.Plo \ compat/$(DEPDIR)/arc4random.Plo \ compat/$(DEPDIR)/arc4random_uniform.Plo \ compat/$(DEPDIR)/bsd-asprintf.Plo \ | > > > > > > > > > > > > > > | 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 | cast/$(DEPDIR)/libcrypto_la-c_ofb64.Plo \ cast/$(DEPDIR)/libcrypto_la-c_skey.Plo \ chacha/$(DEPDIR)/libcrypto_la-chacha-merged.Plo \ chacha/$(DEPDIR)/libcrypto_la-chacha.Plo \ cmac/$(DEPDIR)/libcrypto_la-cm_ameth.Plo \ cmac/$(DEPDIR)/libcrypto_la-cm_pmeth.Plo \ cmac/$(DEPDIR)/libcrypto_la-cmac.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_asn1.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_att.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_cd.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_dd.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_enc.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_env.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_err.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_ess.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_io.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_kari.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_lib.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_pwri.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_sd.Plo \ cms/$(DEPDIR)/libcrypto_la-cms_smime.Plo \ comp/$(DEPDIR)/libcrypto_la-c_rle.Plo \ comp/$(DEPDIR)/libcrypto_la-c_zlib.Plo \ comp/$(DEPDIR)/libcrypto_la-comp_err.Plo \ comp/$(DEPDIR)/libcrypto_la-comp_lib.Plo \ compat/$(DEPDIR)/arc4random.Plo \ compat/$(DEPDIR)/arc4random_uniform.Plo \ compat/$(DEPDIR)/bsd-asprintf.Plo \ |
| ︙ | ︙ | |||
1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 | # needed for a CMake target EXTRA_DIST = VERSION CMakeLists.txt crypto.sym compat/strcasecmp.c \ $(ASM_ARM_ELF) $(ASM_X86_64_ELF) $(ASM_X86_64_MACOSX) \ $(ASM_X86_64_MASM) $(ASM_X86_64_MINGW64) BUILT_SOURCES = crypto_portable.sym CLEANFILES = crypto_portable.sym libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym libcrypto_la_LIBADD = libcompat.la $(am__append_1) libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS) -DLIBRESSL_INTERNAL \ -DOPENSSL_NO_HW_PADLOCK $(am__append_2) $(am__append_3) \ $(am__append_4) $(am__append_35) $(am__append_37) \ $(am__append_39) $(am__append_41) $(am__append_43) noinst_LTLIBRARIES = libcompat.la $(am__append_5) @HAVE_EXPLICIT_BZERO_FALSE@libcompatnoopt_la_CFLAGS = -O0 | > | 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 | # needed for a CMake target EXTRA_DIST = VERSION CMakeLists.txt crypto.sym compat/strcasecmp.c \ $(ASM_ARM_ELF) $(ASM_X86_64_ELF) $(ASM_X86_64_MACOSX) \ $(ASM_X86_64_MASM) $(ASM_X86_64_MINGW64) BUILT_SOURCES = crypto_portable.sym CLEANFILES = crypto_portable.sym libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym EXTRA_libcrypto_la_DEPENDENCIES = crypto_portable.sym libcrypto_la_LIBADD = libcompat.la $(am__append_1) libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS) -DLIBRESSL_INTERNAL \ -DOPENSSL_NO_HW_PADLOCK $(am__append_2) $(am__append_3) \ $(am__append_4) $(am__append_35) $(am__append_37) \ $(am__append_39) $(am__append_41) $(am__append_43) noinst_LTLIBRARIES = libcompat.la $(am__append_5) @HAVE_EXPLICIT_BZERO_FALSE@libcompatnoopt_la_CFLAGS = -O0 |
| ︙ | ︙ | |||
1812 1813 1814 1815 1816 1817 1818 | compat/arc4random_linux.h compat/arc4random_netbsd.h \ compat/arc4random_osx.h compat/arc4random_solaris.h \ compat/arc4random_win.h compat/chacha_private.h arm_arch.h \ constant_time_locl.h cryptlib.h md32_common.h o_time.h \ x86_arch.h aes/aes_locl.h asn1/asn1_locl.h asn1/charmap.h \ bf/bf_locl.h bf/bf_pi.h bn/bn_lcl.h bn/bn_prime.h \ camellia/camellia.h camellia/cmll_locl.h cast/cast_lcl.h \ | | | | | | | 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 | compat/arc4random_linux.h compat/arc4random_netbsd.h \ compat/arc4random_osx.h compat/arc4random_solaris.h \ compat/arc4random_win.h compat/chacha_private.h arm_arch.h \ constant_time_locl.h cryptlib.h md32_common.h o_time.h \ x86_arch.h aes/aes_locl.h asn1/asn1_locl.h asn1/charmap.h \ bf/bf_locl.h bf/bf_pi.h bn/bn_lcl.h bn/bn_prime.h \ camellia/camellia.h camellia/cmll_locl.h cast/cast_lcl.h \ cast/cast_s.h cms/cms_lcl.h conf/conf_def.h \ curve25519/curve25519_internal.h des/des_locl.h des/spr.h \ dsa/dsa_locl.h ec/ec_lcl.h ecdh/ech_locl.h ecdsa/ecs_locl.h \ engine/eng_int.h evp/evp_locl.h gost/gost_asn1.h \ gost/gost_locl.h idea/idea_lcl.h md4/md4_locl.h md5/md5_locl.h \ modes/modes_lcl.h objects/obj_dat.h objects/obj_xref.h \ rc2/rc2_locl.h rc4/rc4_locl.h ripemd/rmd_locl.h \ ripemd/rmdconst.h rsa/rsa_locl.h sha/sha_locl.h sm3/sm3_locl.h \ ui/ui_locl.h whrlpool/wp_locl.h x509/x509_lcl.h x509/vpm_int.h \ x509v3/ext_dat.h x509v3/pcy_int.h # aes |
| ︙ | ︙ | |||
1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 | # buffer # camellia # cast # cmac # comp # conf # curve25519 | > > | 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 | # buffer # camellia # cast # cmac # cms # comp # conf # curve25519 |
| ︙ | ︙ | |||
1964 1965 1966 1967 1968 1969 1970 | bn/bn_prime.c bn/bn_print.c bn/bn_rand.c bn/bn_recp.c \ bn/bn_shift.c bn/bn_sqr.c bn/bn_sqrt.c bn/bn_word.c \ bn/bn_x931p.c buffer/buf_err.c buffer/buf_str.c \ buffer/buffer.c camellia/cmll_cfb.c camellia/cmll_ctr.c \ camellia/cmll_ecb.c camellia/cmll_misc.c camellia/cmll_ofb.c \ cast/c_cfb64.c cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c \ cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c \ | > > > | | | | | 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 | bn/bn_prime.c bn/bn_print.c bn/bn_rand.c bn/bn_recp.c \ bn/bn_shift.c bn/bn_sqr.c bn/bn_sqrt.c bn/bn_word.c \ bn/bn_x931p.c buffer/buf_err.c buffer/buf_str.c \ buffer/buffer.c camellia/cmll_cfb.c camellia/cmll_ctr.c \ camellia/cmll_ecb.c camellia/cmll_misc.c camellia/cmll_ofb.c \ cast/c_cfb64.c cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c \ cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c \ cmac/cmac.c cms/cms_asn1.c cms/cms_att.c cms/cms_cd.c \ cms/cms_dd.c cms/cms_enc.c cms/cms_env.c cms/cms_err.c \ cms/cms_ess.c cms/cms_io.c cms/cms_kari.c cms/cms_lib.c \ cms/cms_pwri.c cms/cms_sd.c cms/cms_smime.c comp/c_rle.c \ comp/c_zlib.c comp/comp_err.c comp/comp_lib.c conf/conf_api.c \ conf/conf_def.c conf/conf_err.c conf/conf_lib.c \ conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c \ curve25519/curve25519-generic.c curve25519/curve25519.c \ des/cbc_cksm.c des/cbc_enc.c des/cfb64ede.c des/cfb64enc.c \ des/cfb_enc.c des/des_enc.c des/ecb3_enc.c des/ecb_enc.c \ des/ede_cbcm_enc.c des/enc_read.c des/enc_writ.c des/fcrypt.c \ des/fcrypt_b.c des/ofb64ede.c des/ofb64enc.c des/ofb_enc.c \ des/pcbc_enc.c des/qud_cksm.c des/rand_key.c des/set_key.c \ des/str2key.c des/xcbc_enc.c dh/dh_ameth.c dh/dh_asn1.c \ |
| ︙ | ︙ | |||
2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 | @: > cmac/$(DEPDIR)/$(am__dirstamp) cmac/libcrypto_la-cm_ameth.lo: cmac/$(am__dirstamp) \ cmac/$(DEPDIR)/$(am__dirstamp) cmac/libcrypto_la-cm_pmeth.lo: cmac/$(am__dirstamp) \ cmac/$(DEPDIR)/$(am__dirstamp) cmac/libcrypto_la-cmac.lo: cmac/$(am__dirstamp) \ cmac/$(DEPDIR)/$(am__dirstamp) comp/$(am__dirstamp): @$(MKDIR_P) comp @: > comp/$(am__dirstamp) comp/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) comp/$(DEPDIR) @: > comp/$(DEPDIR)/$(am__dirstamp) comp/libcrypto_la-c_rle.lo: comp/$(am__dirstamp) \ | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882 2883 2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 | @: > cmac/$(DEPDIR)/$(am__dirstamp) cmac/libcrypto_la-cm_ameth.lo: cmac/$(am__dirstamp) \ cmac/$(DEPDIR)/$(am__dirstamp) cmac/libcrypto_la-cm_pmeth.lo: cmac/$(am__dirstamp) \ cmac/$(DEPDIR)/$(am__dirstamp) cmac/libcrypto_la-cmac.lo: cmac/$(am__dirstamp) \ cmac/$(DEPDIR)/$(am__dirstamp) cms/$(am__dirstamp): @$(MKDIR_P) cms @: > cms/$(am__dirstamp) cms/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) cms/$(DEPDIR) @: > cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_asn1.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_att.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_cd.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_dd.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_enc.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_env.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_err.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_ess.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_io.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_kari.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_lib.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_pwri.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_sd.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) cms/libcrypto_la-cms_smime.lo: cms/$(am__dirstamp) \ cms/$(DEPDIR)/$(am__dirstamp) comp/$(am__dirstamp): @$(MKDIR_P) comp @: > comp/$(am__dirstamp) comp/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) comp/$(DEPDIR) @: > comp/$(DEPDIR)/$(am__dirstamp) comp/libcrypto_la-c_rle.lo: comp/$(am__dirstamp) \ |
| ︙ | ︙ | |||
3856 3857 3858 3859 3860 3861 3862 3863 3864 3865 3866 3867 3868 3869 | -rm -f camellia/*.lo -rm -f cast/*.$(OBJEXT) -rm -f cast/*.lo -rm -f chacha/*.$(OBJEXT) -rm -f chacha/*.lo -rm -f cmac/*.$(OBJEXT) -rm -f cmac/*.lo -rm -f comp/*.$(OBJEXT) -rm -f comp/*.lo -rm -f compat/*.$(OBJEXT) -rm -f compat/*.lo -rm -f conf/*.$(OBJEXT) -rm -f conf/*.lo -rm -f curve25519/*.$(OBJEXT) | > > | 3921 3922 3923 3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934 3935 3936 | -rm -f camellia/*.lo -rm -f cast/*.$(OBJEXT) -rm -f cast/*.lo -rm -f chacha/*.$(OBJEXT) -rm -f chacha/*.lo -rm -f cmac/*.$(OBJEXT) -rm -f cmac/*.lo -rm -f cms/*.$(OBJEXT) -rm -f cms/*.lo -rm -f comp/*.$(OBJEXT) -rm -f comp/*.lo -rm -f compat/*.$(OBJEXT) -rm -f compat/*.lo -rm -f conf/*.$(OBJEXT) -rm -f conf/*.lo -rm -f curve25519/*.$(OBJEXT) |
| ︙ | ︙ | |||
4161 4162 4163 4164 4165 4166 4167 4168 4169 4170 4171 4172 4173 4174 | @AMDEP_TRUE@@am__include@ @am__quote@cast/$(DEPDIR)/libcrypto_la-c_ofb64.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cast/$(DEPDIR)/libcrypto_la-c_skey.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@chacha/$(DEPDIR)/libcrypto_la-chacha-merged.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@chacha/$(DEPDIR)/libcrypto_la-chacha.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cmac/$(DEPDIR)/libcrypto_la-cm_ameth.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cmac/$(DEPDIR)/libcrypto_la-cm_pmeth.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cmac/$(DEPDIR)/libcrypto_la-cmac.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@comp/$(DEPDIR)/libcrypto_la-c_rle.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@comp/$(DEPDIR)/libcrypto_la-c_zlib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@comp/$(DEPDIR)/libcrypto_la-comp_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@comp/$(DEPDIR)/libcrypto_la-comp_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/arc4random.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/arc4random_uniform.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/bsd-asprintf.Plo@am__quote@ # am--include-marker | > > > > > > > > > > > > > > | 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 4245 4246 4247 4248 4249 4250 4251 4252 4253 4254 4255 | @AMDEP_TRUE@@am__include@ @am__quote@cast/$(DEPDIR)/libcrypto_la-c_ofb64.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cast/$(DEPDIR)/libcrypto_la-c_skey.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@chacha/$(DEPDIR)/libcrypto_la-chacha-merged.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@chacha/$(DEPDIR)/libcrypto_la-chacha.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cmac/$(DEPDIR)/libcrypto_la-cm_ameth.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cmac/$(DEPDIR)/libcrypto_la-cm_pmeth.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cmac/$(DEPDIR)/libcrypto_la-cmac.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_asn1.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_att.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_cd.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_dd.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_enc.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_env.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_ess.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_io.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_kari.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_pwri.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_sd.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cms/$(DEPDIR)/libcrypto_la-cms_smime.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@comp/$(DEPDIR)/libcrypto_la-c_rle.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@comp/$(DEPDIR)/libcrypto_la-c_zlib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@comp/$(DEPDIR)/libcrypto_la-comp_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@comp/$(DEPDIR)/libcrypto_la-comp_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/arc4random.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/arc4random_uniform.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@compat/$(DEPDIR)/bsd-asprintf.Plo@am__quote@ # am--include-marker |
| ︙ | ︙ | |||
6460 6461 6462 6463 6464 6465 6466 6467 6468 6469 6470 6471 6472 6473 | cmac/libcrypto_la-cmac.lo: cmac/cmac.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cmac/libcrypto_la-cmac.lo -MD -MP -MF cmac/$(DEPDIR)/libcrypto_la-cmac.Tpo -c -o cmac/libcrypto_la-cmac.lo `test -f 'cmac/cmac.c' || echo '$(srcdir)/'`cmac/cmac.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cmac/$(DEPDIR)/libcrypto_la-cmac.Tpo cmac/$(DEPDIR)/libcrypto_la-cmac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cmac/cmac.c' object='cmac/libcrypto_la-cmac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cmac/libcrypto_la-cmac.lo `test -f 'cmac/cmac.c' || echo '$(srcdir)/'`cmac/cmac.c comp/libcrypto_la-c_rle.lo: comp/c_rle.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT comp/libcrypto_la-c_rle.lo -MD -MP -MF comp/$(DEPDIR)/libcrypto_la-c_rle.Tpo -c -o comp/libcrypto_la-c_rle.lo `test -f 'comp/c_rle.c' || echo '$(srcdir)/'`comp/c_rle.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) comp/$(DEPDIR)/libcrypto_la-c_rle.Tpo comp/$(DEPDIR)/libcrypto_la-c_rle.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='comp/c_rle.c' object='comp/libcrypto_la-c_rle.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o comp/libcrypto_la-c_rle.lo `test -f 'comp/c_rle.c' || echo '$(srcdir)/'`comp/c_rle.c | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 6541 6542 6543 6544 6545 6546 6547 6548 6549 6550 6551 6552 6553 6554 6555 6556 6557 6558 6559 6560 6561 6562 6563 6564 6565 6566 6567 6568 6569 6570 6571 6572 6573 6574 6575 6576 6577 6578 6579 6580 6581 6582 6583 6584 6585 6586 6587 6588 6589 6590 6591 6592 6593 6594 6595 6596 6597 6598 6599 6600 6601 6602 6603 6604 6605 6606 6607 6608 6609 6610 6611 6612 6613 6614 6615 6616 6617 6618 6619 6620 6621 6622 6623 6624 6625 6626 6627 6628 6629 6630 6631 6632 6633 6634 6635 6636 6637 6638 6639 6640 6641 6642 6643 6644 6645 6646 6647 6648 6649 6650 6651 6652 | cmac/libcrypto_la-cmac.lo: cmac/cmac.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cmac/libcrypto_la-cmac.lo -MD -MP -MF cmac/$(DEPDIR)/libcrypto_la-cmac.Tpo -c -o cmac/libcrypto_la-cmac.lo `test -f 'cmac/cmac.c' || echo '$(srcdir)/'`cmac/cmac.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cmac/$(DEPDIR)/libcrypto_la-cmac.Tpo cmac/$(DEPDIR)/libcrypto_la-cmac.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cmac/cmac.c' object='cmac/libcrypto_la-cmac.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cmac/libcrypto_la-cmac.lo `test -f 'cmac/cmac.c' || echo '$(srcdir)/'`cmac/cmac.c cms/libcrypto_la-cms_asn1.lo: cms/cms_asn1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_asn1.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_asn1.Tpo -c -o cms/libcrypto_la-cms_asn1.lo `test -f 'cms/cms_asn1.c' || echo '$(srcdir)/'`cms/cms_asn1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_asn1.Tpo cms/$(DEPDIR)/libcrypto_la-cms_asn1.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_asn1.c' object='cms/libcrypto_la-cms_asn1.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_asn1.lo `test -f 'cms/cms_asn1.c' || echo '$(srcdir)/'`cms/cms_asn1.c cms/libcrypto_la-cms_att.lo: cms/cms_att.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_att.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_att.Tpo -c -o cms/libcrypto_la-cms_att.lo `test -f 'cms/cms_att.c' || echo '$(srcdir)/'`cms/cms_att.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_att.Tpo cms/$(DEPDIR)/libcrypto_la-cms_att.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_att.c' object='cms/libcrypto_la-cms_att.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_att.lo `test -f 'cms/cms_att.c' || echo '$(srcdir)/'`cms/cms_att.c cms/libcrypto_la-cms_cd.lo: cms/cms_cd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_cd.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_cd.Tpo -c -o cms/libcrypto_la-cms_cd.lo `test -f 'cms/cms_cd.c' || echo '$(srcdir)/'`cms/cms_cd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_cd.Tpo cms/$(DEPDIR)/libcrypto_la-cms_cd.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_cd.c' object='cms/libcrypto_la-cms_cd.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_cd.lo `test -f 'cms/cms_cd.c' || echo '$(srcdir)/'`cms/cms_cd.c cms/libcrypto_la-cms_dd.lo: cms/cms_dd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_dd.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_dd.Tpo -c -o cms/libcrypto_la-cms_dd.lo `test -f 'cms/cms_dd.c' || echo '$(srcdir)/'`cms/cms_dd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_dd.Tpo cms/$(DEPDIR)/libcrypto_la-cms_dd.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_dd.c' object='cms/libcrypto_la-cms_dd.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_dd.lo `test -f 'cms/cms_dd.c' || echo '$(srcdir)/'`cms/cms_dd.c cms/libcrypto_la-cms_enc.lo: cms/cms_enc.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_enc.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_enc.Tpo -c -o cms/libcrypto_la-cms_enc.lo `test -f 'cms/cms_enc.c' || echo '$(srcdir)/'`cms/cms_enc.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_enc.Tpo cms/$(DEPDIR)/libcrypto_la-cms_enc.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_enc.c' object='cms/libcrypto_la-cms_enc.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_enc.lo `test -f 'cms/cms_enc.c' || echo '$(srcdir)/'`cms/cms_enc.c cms/libcrypto_la-cms_env.lo: cms/cms_env.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_env.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_env.Tpo -c -o cms/libcrypto_la-cms_env.lo `test -f 'cms/cms_env.c' || echo '$(srcdir)/'`cms/cms_env.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_env.Tpo cms/$(DEPDIR)/libcrypto_la-cms_env.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_env.c' object='cms/libcrypto_la-cms_env.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_env.lo `test -f 'cms/cms_env.c' || echo '$(srcdir)/'`cms/cms_env.c cms/libcrypto_la-cms_err.lo: cms/cms_err.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_err.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_err.Tpo -c -o cms/libcrypto_la-cms_err.lo `test -f 'cms/cms_err.c' || echo '$(srcdir)/'`cms/cms_err.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_err.Tpo cms/$(DEPDIR)/libcrypto_la-cms_err.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_err.c' object='cms/libcrypto_la-cms_err.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_err.lo `test -f 'cms/cms_err.c' || echo '$(srcdir)/'`cms/cms_err.c cms/libcrypto_la-cms_ess.lo: cms/cms_ess.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_ess.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_ess.Tpo -c -o cms/libcrypto_la-cms_ess.lo `test -f 'cms/cms_ess.c' || echo '$(srcdir)/'`cms/cms_ess.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_ess.Tpo cms/$(DEPDIR)/libcrypto_la-cms_ess.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_ess.c' object='cms/libcrypto_la-cms_ess.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_ess.lo `test -f 'cms/cms_ess.c' || echo '$(srcdir)/'`cms/cms_ess.c cms/libcrypto_la-cms_io.lo: cms/cms_io.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_io.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_io.Tpo -c -o cms/libcrypto_la-cms_io.lo `test -f 'cms/cms_io.c' || echo '$(srcdir)/'`cms/cms_io.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_io.Tpo cms/$(DEPDIR)/libcrypto_la-cms_io.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_io.c' object='cms/libcrypto_la-cms_io.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_io.lo `test -f 'cms/cms_io.c' || echo '$(srcdir)/'`cms/cms_io.c cms/libcrypto_la-cms_kari.lo: cms/cms_kari.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_kari.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_kari.Tpo -c -o cms/libcrypto_la-cms_kari.lo `test -f 'cms/cms_kari.c' || echo '$(srcdir)/'`cms/cms_kari.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_kari.Tpo cms/$(DEPDIR)/libcrypto_la-cms_kari.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_kari.c' object='cms/libcrypto_la-cms_kari.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_kari.lo `test -f 'cms/cms_kari.c' || echo '$(srcdir)/'`cms/cms_kari.c cms/libcrypto_la-cms_lib.lo: cms/cms_lib.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_lib.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_lib.Tpo -c -o cms/libcrypto_la-cms_lib.lo `test -f 'cms/cms_lib.c' || echo '$(srcdir)/'`cms/cms_lib.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_lib.Tpo cms/$(DEPDIR)/libcrypto_la-cms_lib.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_lib.c' object='cms/libcrypto_la-cms_lib.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_lib.lo `test -f 'cms/cms_lib.c' || echo '$(srcdir)/'`cms/cms_lib.c cms/libcrypto_la-cms_pwri.lo: cms/cms_pwri.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_pwri.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_pwri.Tpo -c -o cms/libcrypto_la-cms_pwri.lo `test -f 'cms/cms_pwri.c' || echo '$(srcdir)/'`cms/cms_pwri.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_pwri.Tpo cms/$(DEPDIR)/libcrypto_la-cms_pwri.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_pwri.c' object='cms/libcrypto_la-cms_pwri.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_pwri.lo `test -f 'cms/cms_pwri.c' || echo '$(srcdir)/'`cms/cms_pwri.c cms/libcrypto_la-cms_sd.lo: cms/cms_sd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_sd.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_sd.Tpo -c -o cms/libcrypto_la-cms_sd.lo `test -f 'cms/cms_sd.c' || echo '$(srcdir)/'`cms/cms_sd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_sd.Tpo cms/$(DEPDIR)/libcrypto_la-cms_sd.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_sd.c' object='cms/libcrypto_la-cms_sd.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_sd.lo `test -f 'cms/cms_sd.c' || echo '$(srcdir)/'`cms/cms_sd.c cms/libcrypto_la-cms_smime.lo: cms/cms_smime.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cms/libcrypto_la-cms_smime.lo -MD -MP -MF cms/$(DEPDIR)/libcrypto_la-cms_smime.Tpo -c -o cms/libcrypto_la-cms_smime.lo `test -f 'cms/cms_smime.c' || echo '$(srcdir)/'`cms/cms_smime.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) cms/$(DEPDIR)/libcrypto_la-cms_smime.Tpo cms/$(DEPDIR)/libcrypto_la-cms_smime.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cms/cms_smime.c' object='cms/libcrypto_la-cms_smime.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cms/libcrypto_la-cms_smime.lo `test -f 'cms/cms_smime.c' || echo '$(srcdir)/'`cms/cms_smime.c comp/libcrypto_la-c_rle.lo: comp/c_rle.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT comp/libcrypto_la-c_rle.lo -MD -MP -MF comp/$(DEPDIR)/libcrypto_la-c_rle.Tpo -c -o comp/libcrypto_la-c_rle.lo `test -f 'comp/c_rle.c' || echo '$(srcdir)/'`comp/c_rle.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) comp/$(DEPDIR)/libcrypto_la-c_rle.Tpo comp/$(DEPDIR)/libcrypto_la-c_rle.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='comp/c_rle.c' object='comp/libcrypto_la-c_rle.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o comp/libcrypto_la-c_rle.lo `test -f 'comp/c_rle.c' || echo '$(srcdir)/'`comp/c_rle.c |
| ︙ | ︙ | |||
9156 9157 9158 9159 9160 9161 9162 9163 9164 9165 9166 9167 9168 9169 | -rm -rf bio/.libs bio/_libs -rm -rf bn/.libs bn/_libs -rm -rf buffer/.libs buffer/_libs -rm -rf camellia/.libs camellia/_libs -rm -rf cast/.libs cast/_libs -rm -rf chacha/.libs chacha/_libs -rm -rf cmac/.libs cmac/_libs -rm -rf comp/.libs comp/_libs -rm -rf compat/.libs compat/_libs -rm -rf conf/.libs conf/_libs -rm -rf curve25519/.libs curve25519/_libs -rm -rf des/.libs des/_libs -rm -rf dh/.libs dh/_libs -rm -rf dsa/.libs dsa/_libs | > | 9335 9336 9337 9338 9339 9340 9341 9342 9343 9344 9345 9346 9347 9348 9349 | -rm -rf bio/.libs bio/_libs -rm -rf bn/.libs bn/_libs -rm -rf buffer/.libs buffer/_libs -rm -rf camellia/.libs camellia/_libs -rm -rf cast/.libs cast/_libs -rm -rf chacha/.libs chacha/_libs -rm -rf cmac/.libs cmac/_libs -rm -rf cms/.libs cms/_libs -rm -rf comp/.libs comp/_libs -rm -rf compat/.libs compat/_libs -rm -rf conf/.libs conf/_libs -rm -rf curve25519/.libs curve25519/_libs -rm -rf des/.libs des/_libs -rm -rf dh/.libs dh/_libs -rm -rf dsa/.libs dsa/_libs |
| ︙ | ︙ | |||
9341 9342 9343 9344 9345 9346 9347 9348 9349 9350 9351 9352 9353 9354 | -rm -f camellia/$(am__dirstamp) -rm -f cast/$(DEPDIR)/$(am__dirstamp) -rm -f cast/$(am__dirstamp) -rm -f chacha/$(DEPDIR)/$(am__dirstamp) -rm -f chacha/$(am__dirstamp) -rm -f cmac/$(DEPDIR)/$(am__dirstamp) -rm -f cmac/$(am__dirstamp) -rm -f comp/$(DEPDIR)/$(am__dirstamp) -rm -f comp/$(am__dirstamp) -rm -f compat/$(DEPDIR)/$(am__dirstamp) -rm -f compat/$(am__dirstamp) -rm -f conf/$(DEPDIR)/$(am__dirstamp) -rm -f conf/$(am__dirstamp) -rm -f curve25519/$(DEPDIR)/$(am__dirstamp) | > > | 9521 9522 9523 9524 9525 9526 9527 9528 9529 9530 9531 9532 9533 9534 9535 9536 | -rm -f camellia/$(am__dirstamp) -rm -f cast/$(DEPDIR)/$(am__dirstamp) -rm -f cast/$(am__dirstamp) -rm -f chacha/$(DEPDIR)/$(am__dirstamp) -rm -f chacha/$(am__dirstamp) -rm -f cmac/$(DEPDIR)/$(am__dirstamp) -rm -f cmac/$(am__dirstamp) -rm -f cms/$(DEPDIR)/$(am__dirstamp) -rm -f cms/$(am__dirstamp) -rm -f comp/$(DEPDIR)/$(am__dirstamp) -rm -f comp/$(am__dirstamp) -rm -f compat/$(DEPDIR)/$(am__dirstamp) -rm -f compat/$(am__dirstamp) -rm -f conf/$(DEPDIR)/$(am__dirstamp) -rm -f conf/$(am__dirstamp) -rm -f curve25519/$(DEPDIR)/$(am__dirstamp) |
| ︙ | ︙ | |||
9653 9654 9655 9656 9657 9658 9659 9660 9661 9662 9663 9664 9665 9666 | -rm -f cast/$(DEPDIR)/libcrypto_la-c_ofb64.Plo -rm -f cast/$(DEPDIR)/libcrypto_la-c_skey.Plo -rm -f chacha/$(DEPDIR)/libcrypto_la-chacha-merged.Plo -rm -f chacha/$(DEPDIR)/libcrypto_la-chacha.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cm_ameth.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cm_pmeth.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cmac.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-c_rle.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-c_zlib.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-comp_err.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-comp_lib.Plo -rm -f compat/$(DEPDIR)/arc4random.Plo -rm -f compat/$(DEPDIR)/arc4random_uniform.Plo -rm -f compat/$(DEPDIR)/bsd-asprintf.Plo | > > > > > > > > > > > > > > | 9835 9836 9837 9838 9839 9840 9841 9842 9843 9844 9845 9846 9847 9848 9849 9850 9851 9852 9853 9854 9855 9856 9857 9858 9859 9860 9861 9862 | -rm -f cast/$(DEPDIR)/libcrypto_la-c_ofb64.Plo -rm -f cast/$(DEPDIR)/libcrypto_la-c_skey.Plo -rm -f chacha/$(DEPDIR)/libcrypto_la-chacha-merged.Plo -rm -f chacha/$(DEPDIR)/libcrypto_la-chacha.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cm_ameth.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cm_pmeth.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cmac.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_asn1.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_att.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_cd.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_dd.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_enc.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_env.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_err.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_ess.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_io.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_kari.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_lib.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_pwri.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_sd.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_smime.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-c_rle.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-c_zlib.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-comp_err.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-comp_lib.Plo -rm -f compat/$(DEPDIR)/arc4random.Plo -rm -f compat/$(DEPDIR)/arc4random_uniform.Plo -rm -f compat/$(DEPDIR)/bsd-asprintf.Plo |
| ︙ | ︙ | |||
10365 10366 10367 10368 10369 10370 10371 10372 10373 10374 10375 10376 10377 10378 | -rm -f cast/$(DEPDIR)/libcrypto_la-c_ofb64.Plo -rm -f cast/$(DEPDIR)/libcrypto_la-c_skey.Plo -rm -f chacha/$(DEPDIR)/libcrypto_la-chacha-merged.Plo -rm -f chacha/$(DEPDIR)/libcrypto_la-chacha.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cm_ameth.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cm_pmeth.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cmac.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-c_rle.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-c_zlib.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-comp_err.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-comp_lib.Plo -rm -f compat/$(DEPDIR)/arc4random.Plo -rm -f compat/$(DEPDIR)/arc4random_uniform.Plo -rm -f compat/$(DEPDIR)/bsd-asprintf.Plo | > > > > > > > > > > > > > > | 10561 10562 10563 10564 10565 10566 10567 10568 10569 10570 10571 10572 10573 10574 10575 10576 10577 10578 10579 10580 10581 10582 10583 10584 10585 10586 10587 10588 | -rm -f cast/$(DEPDIR)/libcrypto_la-c_ofb64.Plo -rm -f cast/$(DEPDIR)/libcrypto_la-c_skey.Plo -rm -f chacha/$(DEPDIR)/libcrypto_la-chacha-merged.Plo -rm -f chacha/$(DEPDIR)/libcrypto_la-chacha.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cm_ameth.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cm_pmeth.Plo -rm -f cmac/$(DEPDIR)/libcrypto_la-cmac.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_asn1.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_att.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_cd.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_dd.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_enc.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_env.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_err.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_ess.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_io.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_kari.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_lib.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_pwri.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_sd.Plo -rm -f cms/$(DEPDIR)/libcrypto_la-cms_smime.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-c_rle.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-c_zlib.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-comp_err.Plo -rm -f comp/$(DEPDIR)/libcrypto_la-comp_lib.Plo -rm -f compat/$(DEPDIR)/arc4random.Plo -rm -f compat/$(DEPDIR)/arc4random_uniform.Plo -rm -f compat/$(DEPDIR)/bsd-asprintf.Plo |
| ︙ | ︙ | |||
10855 10856 10857 10858 10859 10860 10861 | maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES .PRECIOUS: Makefile | | | 11065 11066 11067 11068 11069 11070 11071 11072 11073 11074 11075 11076 11077 11078 11079 | maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES .PRECIOUS: Makefile crypto_portable.sym: crypto.sym Makefile -echo "generating crypto_portable.sym ..." -cp $(top_srcdir)/crypto/crypto.sym crypto_portable.sym -chmod u+w crypto_portable.sym @HAVE_ARC4RANDOM_BUF_FALSE@ -echo arc4random >> crypto_portable.sym @HAVE_ARC4RANDOM_BUF_FALSE@ -echo arc4random_buf >> crypto_portable.sym @HAVE_ARC4RANDOM_BUF_FALSE@ -echo arc4random_uniform >> crypto_portable.sym @HAVE_ARC4RANDOM_BUF_FALSE@@HAVE_GETENTROPY_FALSE@ -echo getentropy >> crypto_portable.sym |
| ︙ | ︙ |
Changes to jni/libressl/crypto/VERSION.
|
| | | 1 | 46:1:0 |
Changes to jni/libressl/crypto/asn1/a_type.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: a_type.c,v 1.21 2019/10/24 16:36:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
150 151 152 153 154 155 156 | result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr, (ASN1_STRING *)b->value.ptr); break; } return result; } | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 |
result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
(ASN1_STRING *)b->value.ptr);
break;
}
return result;
}
ASN1_TYPE *
ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t)
{
ASN1_OCTET_STRING *oct;
ASN1_TYPE *rt;
if ((oct = ASN1_item_pack(s, it, NULL)) == NULL)
return NULL;
if (t != NULL && *t != NULL) {
rt = *t;
} else {
if ((rt = ASN1_TYPE_new()) == NULL) {
ASN1_OCTET_STRING_free(oct);
return NULL;
}
if (t != NULL)
*t = rt;
}
ASN1_TYPE_set(rt, V_ASN1_SEQUENCE, oct);
return rt;
}
void *
ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t)
{
if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL)
return NULL;
return ASN1_item_unpack(t->value.sequence, it);
}
|
Changes to jni/libressl/crypto/asn1/ameth_lib.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ameth_lib.c,v 1.21 2019/11/02 16:06:25 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
67 68 69 70 71 72 73 74 75 76 77 78 79 80 | #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif #include "asn1_locl.h" extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth; extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; | > | 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif #include "asn1_locl.h" extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[]; extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth; extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; |
| ︙ | ︙ | |||
100 101 102 103 104 105 106 107 108 109 110 111 112 113 | #endif #ifndef OPENSSL_NO_GOST &gostr01_asn1_meths[0], &gostimit_asn1_meth, #endif &hmac_asn1_meth, &cmac_asn1_meth, #ifndef OPENSSL_NO_GOST &gostr01_asn1_meths[1], &gostr01_asn1_meths[2], #endif }; typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); | > > > | 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 | #endif #ifndef OPENSSL_NO_GOST &gostr01_asn1_meths[0], &gostimit_asn1_meth, #endif &hmac_asn1_meth, &cmac_asn1_meth, #ifndef OPENSSL_NO_RSA &rsa_pss_asn1_meth, #endif #ifndef OPENSSL_NO_GOST &gostr01_asn1_meths[1], &gostr01_asn1_meths[2], #endif }; typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); |
| ︙ | ︙ |
Changes to jni/libressl/crypto/asn1/asn1_locl.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: asn1_locl.h,v 1.12 2019/10/24 16:36:10 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
* Hudson (tjh@cryptsoft.com).
*
*/
__BEGIN_HIDDEN_DECLS
/* Internal ASN1 structures and functions: not for application use */
/* ASN1 print context structure */
struct asn1_pctx_st {
unsigned long flags;
unsigned long nm_flags;
unsigned long cert_flags;
| > > > | 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
* Hudson (tjh@cryptsoft.com).
*
*/
__BEGIN_HIDDEN_DECLS
/* Internal ASN1 structures and functions: not for application use */
ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
/* ASN1 print context structure */
struct asn1_pctx_st {
unsigned long flags;
unsigned long nm_flags;
unsigned long cert_flags;
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/asn1/asn1_par.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: asn1_par.c,v 1.28 2020/01/09 11:27:21 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
119 120 121 122 123 124 125 126 127 128 129 130 131 132 |
{
const unsigned char *p, *ep, *tot, *op, *opp;
long len;
int tag, xclass, ret = 0;
int nl, hl, j, r;
ASN1_OBJECT *o = NULL;
ASN1_OCTET_STRING *os = NULL;
/* ASN1_BMPSTRING *bmp=NULL;*/
int dump_indent;
dump_indent = 6; /* Because we know BIO_dump_indent() */
p = *pp;
tot = p + length;
op = p - 1;
| > > | 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 |
{
const unsigned char *p, *ep, *tot, *op, *opp;
long len;
int tag, xclass, ret = 0;
int nl, hl, j, r;
ASN1_OBJECT *o = NULL;
ASN1_OCTET_STRING *os = NULL;
ASN1_INTEGER *ai = NULL;
ASN1_ENUMERATED *ae = NULL;
/* ASN1_BMPSTRING *bmp=NULL;*/
int dump_indent;
dump_indent = 6; /* Because we know BIO_dump_indent() */
p = *pp;
tot = p + length;
op = p - 1;
|
| ︙ | ︙ | |||
292 293 294 295 296 297 298 |
goto end;
nl = 1;
}
}
ASN1_OCTET_STRING_free(os);
os = NULL;
} else if (tag == V_ASN1_INTEGER) {
| < | | | | | | | > < | | | | | | | > | 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 |
goto end;
nl = 1;
}
}
ASN1_OCTET_STRING_free(os);
os = NULL;
} else if (tag == V_ASN1_INTEGER) {
int i;
opp = op;
ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
if (ai != NULL) {
if (BIO_write(bp, ":", 1) <= 0)
goto end;
if (ai->type == V_ASN1_NEG_INTEGER)
if (BIO_write(bp, "-", 1) <= 0)
goto end;
for (i = 0; i < ai->length; i++) {
if (BIO_printf(bp, "%02X",
ai->data[i]) <= 0)
goto end;
}
if (ai->length == 0) {
if (BIO_write(bp, "00", 2) <= 0)
goto end;
}
} else {
if (BIO_write(bp, "BAD INTEGER", 11) <= 0)
goto end;
}
ASN1_INTEGER_free(ai);
ai = NULL;
} else if (tag == V_ASN1_ENUMERATED) {
int i;
opp = op;
ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
if (ae != NULL) {
if (BIO_write(bp, ":", 1) <= 0)
goto end;
if (ae->type == V_ASN1_NEG_ENUMERATED)
if (BIO_write(bp, "-", 1) <= 0)
goto end;
for (i = 0; i < ae->length; i++) {
if (BIO_printf(bp, "%02X",
ae->data[i]) <= 0)
goto end;
}
if (ae->length == 0) {
if (BIO_write(bp, "00", 2) <= 0)
goto end;
}
} else {
if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0)
goto end;
}
ASN1_ENUMERATED_free(ae);
ae = NULL;
} else if (len > 0 && dump) {
if (!nl) {
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
}
if (BIO_dump_indent(bp, (const char *)p,
((dump == -1 || dump > len) ? len : dump),
|
| ︙ | ︙ | |||
373 374 375 376 377 378 379 380 381 382 383 384 385 386 |
}
ret = 1;
end:
if (o != NULL)
ASN1_OBJECT_free(o);
ASN1_OCTET_STRING_free(os);
*pp = p;
return (ret);
}
const char *
ASN1_tag2str(int tag)
{
| > > | 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 |
}
ret = 1;
end:
if (o != NULL)
ASN1_OBJECT_free(o);
ASN1_OCTET_STRING_free(os);
ASN1_INTEGER_free(ai);
ASN1_ENUMERATED_free(ae);
*pp = p;
return (ret);
}
const char *
ASN1_tag2str(int tag)
{
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/asn1/t_x509.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: t_x509.c,v 1.32 2020/04/10 07:05:24 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
141 142 143 144 145 146 147 |
goto err;
}
if (!(cflag & X509_FLAG_NO_SERIAL)) {
if (BIO_write(bp, " Serial Number:", 22) <= 0)
goto err;
bs = X509_get_serialNumber(x);
| > | > | 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
goto err;
}
if (!(cflag & X509_FLAG_NO_SERIAL)) {
if (BIO_write(bp, " Serial Number:", 22) <= 0)
goto err;
bs = X509_get_serialNumber(x);
l = -1;
if (bs->length <= (int)sizeof(long))
l = ASN1_INTEGER_get(bs);
if (l != -1) {
if (bs->type == V_ASN1_NEG_INTEGER) {
l = -l;
neg = "-";
} else
neg = "";
if (BIO_printf(bp, " %s%lu (%s0x%lx)\n",
neg, l, neg, l) <= 0)
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/asn1/tasn_prn.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tasn_prn.c,v 1.21 2020/03/24 10:46:38 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== * Copyright (c) 2000,2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
212 213 214 215 216 217 218 | parg.out = out; parg.indent = indent; parg.pctx = pctx; asn1_cb = aux->asn1_cb; } else asn1_cb = NULL; | > | | 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 |
parg.out = out;
parg.indent = indent;
parg.pctx = pctx;
asn1_cb = aux->asn1_cb;
} else
asn1_cb = NULL;
if ((it->itype != ASN1_ITYPE_PRIMITIVE ||
it->utype != V_ASN1_BOOLEAN) && *fld == NULL) {
if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
if (!nohdr &&
!asn1_print_fsname(out, indent, fname, sname, pctx))
return 0;
if (BIO_puts(out, "<ABSENT>\n") <= 0)
return 0;
}
|
| ︙ | ︙ | |||
450 451 452 453 454 455 456 |
}
static int
asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, const ASN1_PCTX *pctx)
{
char *s;
int ret = 1;
| | > | 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 |
}
static int
asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, const ASN1_PCTX *pctx)
{
char *s;
int ret = 1;
if ((s = i2s_ASN1_INTEGER(NULL, str)) == NULL)
return 0;
if (BIO_puts(out, s) <= 0)
ret = 0;
free(s);
return ret;
}
static int
|
| ︙ | ︙ | |||
508 509 510 511 512 513 514 | const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; if (pf->prim_print == NULL) return 0; return pf->prim_print(out, fld, it, indent, pctx); } | > | < | > > > > > | 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 |
const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
if (pf->prim_print == NULL)
return 0;
return pf->prim_print(out, fld, it, indent, pctx);
}
if (it->itype == ASN1_ITYPE_MSTRING) {
str = (ASN1_STRING *)*fld;
utype = str->type & ~V_ASN1_NEG;
} else {
utype = it->utype;
if (utype == V_ASN1_BOOLEAN)
str = NULL;
else
str = (ASN1_STRING *)*fld;
}
if (utype == V_ASN1_ANY) {
ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
utype = atype->type;
fld = &atype->value.asn1_value;
str = (ASN1_STRING *)*fld;
if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
pname = NULL;
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/cast/cast_lcl.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: cast_lcl.h,v 1.12 2020/01/26 11:49:21 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
141 142 143 144 145 146 147 |
#undef l2n
#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
/* only invoked with 0 <= n <= 31 */
| | | 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
#undef l2n
#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
/* only invoked with 0 <= n <= 31 */
#define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31)))
#define C_M 0x3fc
#define C_0 22L
#define C_1 14L
#define C_2 6L
#define C_3 2L /* left shift */
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/compat/arc4random.h.
| ︙ | ︙ | |||
11 12 13 14 15 16 17 18 19 20 21 22 23 24 | #elif defined(__hpux) #include "arc4random_hpux.h" #elif defined(__linux__) #include "arc4random_linux.h" #elif defined(__NetBSD__) #include "arc4random_netbsd.h" #elif defined(__APPLE__) #include "arc4random_osx.h" #elif defined(__sun) | > > > | 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | #elif defined(__hpux) #include "arc4random_hpux.h" #elif defined(__linux__) #include "arc4random_linux.h" #elif defined(__midipix__) #include "arc4random_linux.h" #elif defined(__NetBSD__) #include "arc4random_netbsd.h" #elif defined(__APPLE__) #include "arc4random_osx.h" #elif defined(__sun) |
| ︙ | ︙ |
Changes to jni/libressl/crypto/compat/posix_win.c.
| ︙ | ︙ | |||
238 239 240 241 242 243 244 | time += ((uint64_t)file_time.dwHighDateTime) << 32; tp->tv_sec = (long)((time - EPOCH) / 10000000L); tp->tv_usec = (long)(system_time.wMilliseconds * 1000); return 0; } | < < < < < < | 238 239 240 241 242 243 244 245 | time += ((uint64_t)file_time.dwHighDateTime) << 32; tp->tv_sec = (long)((time - EPOCH) / 10000000L); tp->tv_usec = (long)(system_time.wMilliseconds * 1000); return 0; } #endif |
Changes to jni/libressl/crypto/conf/conf_def.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: conf_def.c,v 1.33 2020/02/17 12:51:48 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
65 66 67 68 69 70 71 72 73 74 75 76 77 78 | #include <openssl/conf.h> #include <openssl/conf_api.h> #include <openssl/err.h> #include <openssl/lhash.h> #include <openssl/stack.h> #include "conf_def.h" static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); static void clear_comments(CONF *conf, char *p); static int str_copy(CONF *conf, char *section, char **to, char *from); static char *scan_quote(CONF *conf, char *p); static char *scan_dquote(CONF *conf, char *p); | > > | 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | #include <openssl/conf.h> #include <openssl/conf_api.h> #include <openssl/err.h> #include <openssl/lhash.h> #include <openssl/stack.h> #include "conf_def.h" #define MAX_CONF_VALUE_LENGTH 65536 static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); static void clear_comments(CONF *conf, char *p); static int str_copy(CONF *conf, char *section, char **to, char *from); static char *scan_quote(CONF *conf, char *p); static char *scan_dquote(CONF *conf, char *p); |
| ︙ | ︙ | |||
451 452 453 454 455 456 457 458 459 460 461 462 463 464 |
}
static int
str_copy(CONF *conf, char *section, char **pto, char *from)
{
int q, r,rr = 0, to = 0, len = 0;
char *s, *e, *rp, *p, *rrp, *np, *cp, v;
BUF_MEM *buf;
if ((buf = BUF_MEM_new()) == NULL)
return (0);
len = strlen(from) + 1;
if (!BUF_MEM_grow(buf, len))
| > | 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 |
}
static int
str_copy(CONF *conf, char *section, char **pto, char *from)
{
int q, r,rr = 0, to = 0, len = 0;
char *s, *e, *rp, *p, *rrp, *np, *cp, v;
size_t newsize;
BUF_MEM *buf;
if ((buf = BUF_MEM_new()) == NULL)
return (0);
len = strlen(from) + 1;
if (!BUF_MEM_grow(buf, len))
|
| ︙ | ︙ | |||
559 560 561 562 563 564 565 |
if (rrp != NULL)
*rrp = rr;
*rp = r;
if (p == NULL) {
CONFerror(CONF_R_VARIABLE_HAS_NO_VALUE);
goto err;
}
| > > > > > | < | 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 |
if (rrp != NULL)
*rrp = rr;
*rp = r;
if (p == NULL) {
CONFerror(CONF_R_VARIABLE_HAS_NO_VALUE);
goto err;
}
newsize = strlen(p) + buf->length - (e - from);
if (newsize > MAX_CONF_VALUE_LENGTH) {
CONFerror(CONF_R_VARIABLE_EXPANSION_TOO_LONG);
goto err;
}
if (!BUF_MEM_grow_clean(buf, newsize)) {
CONFerror(CONF_R_MODULE_INITIALIZATION_ERROR);
goto err;
}
while (*p)
buf->data[to++] = *(p++);
/* Since we change the pointer 'from', we also have
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/conf/conf_err.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: conf_err.c,v 1.14 2020/02/17 12:51:48 inoguchi Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * |
| ︙ | ︙ | |||
88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
{ERR_REASON(CONF_R_NO_CONF) , "no conf"},
{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), "no conf or environment variable"},
{ERR_REASON(CONF_R_NO_SECTION) , "no section"},
{ERR_REASON(CONF_R_NO_SUCH_FILE) , "no such file"},
{ERR_REASON(CONF_R_NO_VALUE) , "no value"},
{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), "unable to create new section"},
{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) , "unknown module name"},
{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"},
{0, NULL}
};
#endif
void
| > | 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
{ERR_REASON(CONF_R_NO_CONF) , "no conf"},
{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), "no conf or environment variable"},
{ERR_REASON(CONF_R_NO_SECTION) , "no section"},
{ERR_REASON(CONF_R_NO_SUCH_FILE) , "no such file"},
{ERR_REASON(CONF_R_NO_VALUE) , "no value"},
{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), "unable to create new section"},
{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) , "unknown module name"},
{ERR_REASON(CONF_R_VARIABLE_EXPANSION_TOO_LONG), "variable expansion too long"},
{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"},
{0, NULL}
};
#endif
void
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/constant_time_locl.h.
| ︙ | ︙ | |||
195 196 197 198 199 200 201 202 203 204 205 |
return (unsigned char)(constant_time_select(mask, a, b));
}
static inline int constant_time_select_int(unsigned int mask, int a, int b)
{
return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
}
__END_HIDDEN_DECLS
#endif /* HEADER_CONSTANT_TIME_LOCL_H */
| > > | 195 196 197 198 199 200 201 202 203 204 205 206 207 |
return (unsigned char)(constant_time_select(mask, a, b));
}
static inline int constant_time_select_int(unsigned int mask, int a, int b)
{
return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
}
void err_clear_last_constant_time(int clear);
__END_HIDDEN_DECLS
#endif /* HEADER_CONSTANT_TIME_LOCL_H */
|
Changes to jni/libressl/crypto/crypto.sym.
| ︙ | ︙ | |||
302 303 304 305 306 307 308 309 310 311 312 313 314 315 | BIO_meth_set_gets BIO_meth_set_puts BIO_meth_set_read BIO_meth_set_write BIO_method_name BIO_method_type BIO_new BIO_new_NDEF BIO_new_PKCS7 BIO_new_accept BIO_new_bio_pair BIO_new_connect BIO_new_dgram BIO_new_fd | > | 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 | BIO_meth_set_gets BIO_meth_set_puts BIO_meth_set_read BIO_meth_set_write BIO_method_name BIO_method_type BIO_new BIO_new_CMS BIO_new_NDEF BIO_new_PKCS7 BIO_new_accept BIO_new_bio_pair BIO_new_connect BIO_new_dgram BIO_new_fd |
| ︙ | ︙ | |||
554 555 556 557 558 559 560 561 562 563 564 565 566 567 | CMAC_CTX_free CMAC_CTX_get0_cipher_ctx CMAC_CTX_new CMAC_Final CMAC_Init CMAC_Update CMAC_resume COMP_CTX_free COMP_CTX_new COMP_compress_block COMP_expand_block COMP_rle COMP_zlib COMP_zlib_cleanup | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 | CMAC_CTX_free CMAC_CTX_get0_cipher_ctx CMAC_CTX_new CMAC_Final CMAC_Init CMAC_Update CMAC_resume CMS_ContentInfo_free CMS_ContentInfo_it CMS_ContentInfo_new CMS_ContentInfo_print_ctx CMS_EncryptedData_decrypt CMS_EncryptedData_encrypt CMS_EncryptedData_set1_key CMS_EnvelopedData_create CMS_ReceiptRequest_create0 CMS_ReceiptRequest_free CMS_ReceiptRequest_get0_values CMS_ReceiptRequest_it CMS_ReceiptRequest_new CMS_RecipientEncryptedKey_cert_cmp CMS_RecipientEncryptedKey_get0_id CMS_RecipientInfo_decrypt CMS_RecipientInfo_encrypt CMS_RecipientInfo_get0_pkey_ctx CMS_RecipientInfo_kari_decrypt CMS_RecipientInfo_kari_get0_alg CMS_RecipientInfo_kari_get0_ctx CMS_RecipientInfo_kari_get0_orig_id CMS_RecipientInfo_kari_get0_reks CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipientInfo_kari_set0_pkey CMS_RecipientInfo_kekri_get0_id CMS_RecipientInfo_kekri_id_cmp CMS_RecipientInfo_ktri_cert_cmp CMS_RecipientInfo_ktri_get0_algs CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipientInfo_set0_key CMS_RecipientInfo_set0_password CMS_RecipientInfo_set0_pkey CMS_RecipientInfo_type CMS_SharedInfo_encode CMS_SignedData_init CMS_SignerInfo_cert_cmp CMS_SignerInfo_get0_algs CMS_SignerInfo_get0_md_ctx CMS_SignerInfo_get0_pkey_ctx CMS_SignerInfo_get0_signature CMS_SignerInfo_get0_signer_id CMS_SignerInfo_set1_signer_cert CMS_SignerInfo_sign CMS_SignerInfo_verify CMS_SignerInfo_verify_content CMS_add0_CertificateChoices CMS_add0_RevocationInfoChoice CMS_add0_cert CMS_add0_crl CMS_add0_recipient_key CMS_add0_recipient_password CMS_add1_ReceiptRequest CMS_add1_cert CMS_add1_crl CMS_add1_recipient_cert CMS_add1_signer CMS_add_simple_smimecap CMS_add_smimecap CMS_add_standard_smimecap CMS_compress CMS_data CMS_dataFinal CMS_dataInit CMS_data_create CMS_decrypt CMS_decrypt_set1_key CMS_decrypt_set1_password CMS_decrypt_set1_pkey CMS_digest_create CMS_digest_verify CMS_encrypt CMS_final CMS_get0_RecipientInfos CMS_get0_SignerInfos CMS_get0_content CMS_get0_eContentType CMS_get0_signers CMS_get0_type CMS_get1_ReceiptRequest CMS_get1_certs CMS_get1_crls CMS_is_detached CMS_set1_eContentType CMS_set1_signers_certs CMS_set_detached CMS_sign CMS_sign_receipt CMS_signed_add1_attr CMS_signed_add1_attr_by_NID CMS_signed_add1_attr_by_OBJ CMS_signed_add1_attr_by_txt CMS_signed_delete_attr CMS_signed_get0_data_by_OBJ CMS_signed_get_attr CMS_signed_get_attr_by_NID CMS_signed_get_attr_by_OBJ CMS_signed_get_attr_count CMS_stream CMS_uncompress CMS_unsigned_add1_attr CMS_unsigned_add1_attr_by_NID CMS_unsigned_add1_attr_by_OBJ CMS_unsigned_add1_attr_by_txt CMS_unsigned_delete_attr CMS_unsigned_get0_data_by_OBJ CMS_unsigned_get_attr CMS_unsigned_get_attr_by_NID CMS_unsigned_get_attr_by_OBJ CMS_unsigned_get_attr_count CMS_verify CMS_verify_receipt COMP_CTX_free COMP_CTX_new COMP_compress_block COMP_expand_block COMP_rle COMP_zlib COMP_zlib_cleanup |
| ︙ | ︙ | |||
1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 | ERR_get_state ERR_get_string_table ERR_lib_error_string ERR_load_ASN1_strings ERR_load_BIO_strings ERR_load_BN_strings ERR_load_BUF_strings ERR_load_COMP_strings ERR_load_CONF_strings ERR_load_CRYPTO_strings ERR_load_DH_strings ERR_load_DSA_strings ERR_load_DSO_strings ERR_load_ECDH_strings | > | 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 | ERR_get_state ERR_get_string_table ERR_lib_error_string ERR_load_ASN1_strings ERR_load_BIO_strings ERR_load_BN_strings ERR_load_BUF_strings ERR_load_CMS_strings ERR_load_COMP_strings ERR_load_CONF_strings ERR_load_CRYPTO_strings ERR_load_DH_strings ERR_load_DSA_strings ERR_load_DSO_strings ERR_load_ECDH_strings |
| ︙ | ︙ | |||
1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 | PEM_bytes_read_bio PEM_def_callback PEM_dek_info PEM_do_header PEM_get_EVP_CIPHER_INFO PEM_proc_type PEM_read PEM_read_DHparams PEM_read_DSAPrivateKey PEM_read_DSA_PUBKEY PEM_read_DSAparams PEM_read_ECPKParameters PEM_read_ECPrivateKey PEM_read_EC_PUBKEY | > | 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 | PEM_bytes_read_bio PEM_def_callback PEM_dek_info PEM_do_header PEM_get_EVP_CIPHER_INFO PEM_proc_type PEM_read PEM_read_CMS PEM_read_DHparams PEM_read_DSAPrivateKey PEM_read_DSA_PUBKEY PEM_read_DSAparams PEM_read_ECPKParameters PEM_read_ECPrivateKey PEM_read_EC_PUBKEY |
| ︙ | ︙ | |||
1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 | PEM_read_RSA_PUBKEY PEM_read_X509 PEM_read_X509_AUX PEM_read_X509_CERT_PAIR PEM_read_X509_CRL PEM_read_X509_REQ PEM_read_bio PEM_read_bio_DHparams PEM_read_bio_DSAPrivateKey PEM_read_bio_DSA_PUBKEY PEM_read_bio_DSAparams PEM_read_bio_ECPKParameters PEM_read_bio_ECPrivateKey PEM_read_bio_EC_PUBKEY | > | 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 | PEM_read_RSA_PUBKEY PEM_read_X509 PEM_read_X509_AUX PEM_read_X509_CERT_PAIR PEM_read_X509_CRL PEM_read_X509_REQ PEM_read_bio PEM_read_bio_CMS PEM_read_bio_DHparams PEM_read_bio_DSAPrivateKey PEM_read_bio_DSA_PUBKEY PEM_read_bio_DSAparams PEM_read_bio_ECPKParameters PEM_read_bio_ECPrivateKey PEM_read_bio_EC_PUBKEY |
| ︙ | ︙ | |||
2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 | PEM_read_bio_RSA_PUBKEY PEM_read_bio_X509 PEM_read_bio_X509_AUX PEM_read_bio_X509_CERT_PAIR PEM_read_bio_X509_CRL PEM_read_bio_X509_REQ PEM_write PEM_write_DHparams PEM_write_DSAPrivateKey PEM_write_DSA_PUBKEY PEM_write_DSAparams PEM_write_ECPKParameters PEM_write_ECPrivateKey PEM_write_EC_PUBKEY | > | 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 | PEM_read_bio_RSA_PUBKEY PEM_read_bio_X509 PEM_read_bio_X509_AUX PEM_read_bio_X509_CERT_PAIR PEM_read_bio_X509_CRL PEM_read_bio_X509_REQ PEM_write PEM_write_CMS PEM_write_DHparams PEM_write_DSAPrivateKey PEM_write_DSA_PUBKEY PEM_write_DSAparams PEM_write_ECPKParameters PEM_write_ECPrivateKey PEM_write_EC_PUBKEY |
| ︙ | ︙ | |||
2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 | PEM_write_X509_AUX PEM_write_X509_CERT_PAIR PEM_write_X509_CRL PEM_write_X509_REQ PEM_write_X509_REQ_NEW PEM_write_bio PEM_write_bio_ASN1_stream PEM_write_bio_DHparams PEM_write_bio_DSAPrivateKey PEM_write_bio_DSA_PUBKEY PEM_write_bio_DSAparams PEM_write_bio_ECPKParameters PEM_write_bio_ECPrivateKey PEM_write_bio_EC_PUBKEY | > > | 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 | PEM_write_X509_AUX PEM_write_X509_CERT_PAIR PEM_write_X509_CRL PEM_write_X509_REQ PEM_write_X509_REQ_NEW PEM_write_bio PEM_write_bio_ASN1_stream PEM_write_bio_CMS PEM_write_bio_CMS_stream PEM_write_bio_DHparams PEM_write_bio_DSAPrivateKey PEM_write_bio_DSA_PUBKEY PEM_write_bio_DSAparams PEM_write_bio_ECPKParameters PEM_write_bio_ECPrivateKey PEM_write_bio_EC_PUBKEY |
| ︙ | ︙ | |||
2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 | RIPEMD160_Init RIPEMD160_Transform RIPEMD160_Update RSAPrivateKey_dup RSAPrivateKey_it RSAPublicKey_dup RSAPublicKey_it RSA_PKCS1_SSLeay RSA_PSS_PARAMS_free RSA_PSS_PARAMS_it RSA_PSS_PARAMS_new RSA_X931_hash_id RSA_bits RSA_blinding_off | > > > > | 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 | RIPEMD160_Init RIPEMD160_Transform RIPEMD160_Update RSAPrivateKey_dup RSAPrivateKey_it RSAPublicKey_dup RSAPublicKey_it RSA_OAEP_PARAMS_free RSA_OAEP_PARAMS_it RSA_OAEP_PARAMS_new RSA_PKCS1_OpenSSL RSA_PKCS1_SSLeay RSA_PSS_PARAMS_free RSA_PSS_PARAMS_it RSA_PSS_PARAMS_new RSA_X931_hash_id RSA_bits RSA_blinding_off |
| ︙ | ︙ | |||
2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 | RSA_meth_set_pub_dec RSA_meth_set_pub_enc RSA_meth_set_sign RSA_meth_set_verify RSA_new RSA_new_method RSA_padding_add_PKCS1_OAEP RSA_padding_add_PKCS1_PSS RSA_padding_add_PKCS1_PSS_mgf1 RSA_padding_add_PKCS1_type_1 RSA_padding_add_PKCS1_type_2 RSA_padding_add_X931 RSA_padding_add_none RSA_padding_check_PKCS1_OAEP RSA_padding_check_PKCS1_type_1 RSA_padding_check_PKCS1_type_2 RSA_padding_check_X931 RSA_padding_check_none RSA_print RSA_print_fp RSA_private_decrypt RSA_private_encrypt RSA_public_decrypt RSA_public_encrypt RSA_set0_crt_params | > > > | 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 | RSA_meth_set_pub_dec RSA_meth_set_pub_enc RSA_meth_set_sign RSA_meth_set_verify RSA_new RSA_new_method RSA_padding_add_PKCS1_OAEP RSA_padding_add_PKCS1_OAEP_mgf1 RSA_padding_add_PKCS1_PSS RSA_padding_add_PKCS1_PSS_mgf1 RSA_padding_add_PKCS1_type_1 RSA_padding_add_PKCS1_type_2 RSA_padding_add_X931 RSA_padding_add_none RSA_padding_check_PKCS1_OAEP RSA_padding_check_PKCS1_OAEP_mgf1 RSA_padding_check_PKCS1_type_1 RSA_padding_check_PKCS1_type_2 RSA_padding_check_X931 RSA_padding_check_none RSA_pkey_ctx_ctrl RSA_print RSA_print_fp RSA_private_decrypt RSA_private_encrypt RSA_public_decrypt RSA_public_encrypt RSA_set0_crt_params |
| ︙ | ︙ | |||
2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 | SM3_Init SM3_Update SM4_decrypt SM4_encrypt SM4_set_key SMIME_crlf_copy SMIME_read_ASN1 SMIME_read_PKCS7 SMIME_text SMIME_write_ASN1 SMIME_write_PKCS7 SSLeay SSLeay_version STREEBOG256 STREEBOG256_Final STREEBOG256_Init STREEBOG256_Update | > > | 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 | SM3_Init SM3_Update SM4_decrypt SM4_encrypt SM4_set_key SMIME_crlf_copy SMIME_read_ASN1 SMIME_read_CMS SMIME_read_PKCS7 SMIME_text SMIME_write_ASN1 SMIME_write_CMS SMIME_write_PKCS7 SSLeay SSLeay_version STREEBOG256 STREEBOG256_Final STREEBOG256_Init STREEBOG256_Update |
| ︙ | ︙ | |||
3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 | d2i_ASN1_UTF8STRING d2i_ASN1_VISIBLESTRING d2i_AUTHORITY_INFO_ACCESS d2i_AUTHORITY_KEYID d2i_AutoPrivateKey d2i_BASIC_CONSTRAINTS d2i_CERTIFICATEPOLICIES d2i_CRL_DIST_POINTS d2i_DHparams d2i_DHparams_bio d2i_DHparams_fp d2i_DIRECTORYSTRING d2i_DISPLAYTEXT d2i_DIST_POINT | > > > | 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375 3376 3377 3378 3379 | d2i_ASN1_UTF8STRING d2i_ASN1_VISIBLESTRING d2i_AUTHORITY_INFO_ACCESS d2i_AUTHORITY_KEYID d2i_AutoPrivateKey d2i_BASIC_CONSTRAINTS d2i_CERTIFICATEPOLICIES d2i_CMS_ContentInfo d2i_CMS_ReceiptRequest d2i_CMS_bio d2i_CRL_DIST_POINTS d2i_DHparams d2i_DHparams_bio d2i_DHparams_fp d2i_DIRECTORYSTRING d2i_DISPLAYTEXT d2i_DIST_POINT |
| ︙ | ︙ | |||
3347 3348 3349 3350 3351 3352 3353 3354 3355 3356 3357 3358 3359 3360 | d2i_RSAPrivateKey d2i_RSAPrivateKey_bio d2i_RSAPrivateKey_fp d2i_RSAPublicKey d2i_RSAPublicKey_bio d2i_RSAPublicKey_fp d2i_RSA_NET d2i_RSA_PSS_PARAMS d2i_RSA_PUBKEY d2i_RSA_PUBKEY_bio d2i_RSA_PUBKEY_fp d2i_SXNET d2i_SXNETID d2i_TS_ACCURACY | > | 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490 3491 3492 | d2i_RSAPrivateKey d2i_RSAPrivateKey_bio d2i_RSAPrivateKey_fp d2i_RSAPublicKey d2i_RSAPublicKey_bio d2i_RSAPublicKey_fp d2i_RSA_NET d2i_RSA_OAEP_PARAMS d2i_RSA_PSS_PARAMS d2i_RSA_PUBKEY d2i_RSA_PUBKEY_bio d2i_RSA_PUBKEY_fp d2i_SXNET d2i_SXNETID d2i_TS_ACCURACY |
| ︙ | ︙ | |||
3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454 | i2d_ASN1_UTF8STRING i2d_ASN1_VISIBLESTRING i2d_ASN1_bio_stream i2d_AUTHORITY_INFO_ACCESS i2d_AUTHORITY_KEYID i2d_BASIC_CONSTRAINTS i2d_CERTIFICATEPOLICIES i2d_CRL_DIST_POINTS i2d_DHparams i2d_DHparams_bio i2d_DHparams_fp i2d_DIRECTORYSTRING i2d_DISPLAYTEXT i2d_DIST_POINT | > > > > | 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 | i2d_ASN1_UTF8STRING i2d_ASN1_VISIBLESTRING i2d_ASN1_bio_stream i2d_AUTHORITY_INFO_ACCESS i2d_AUTHORITY_KEYID i2d_BASIC_CONSTRAINTS i2d_CERTIFICATEPOLICIES i2d_CMS_ContentInfo i2d_CMS_ReceiptRequest i2d_CMS_bio i2d_CMS_bio_stream i2d_CRL_DIST_POINTS i2d_DHparams i2d_DHparams_bio i2d_DHparams_fp i2d_DIRECTORYSTRING i2d_DISPLAYTEXT i2d_DIST_POINT |
| ︙ | ︙ | |||
3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 | i2d_RSAPrivateKey i2d_RSAPrivateKey_bio i2d_RSAPrivateKey_fp i2d_RSAPublicKey i2d_RSAPublicKey_bio i2d_RSAPublicKey_fp i2d_RSA_NET i2d_RSA_PSS_PARAMS i2d_RSA_PUBKEY i2d_RSA_PUBKEY_bio i2d_RSA_PUBKEY_fp i2d_SXNET i2d_SXNETID i2d_TS_ACCURACY | > | 3695 3696 3697 3698 3699 3700 3701 3702 3703 3704 3705 3706 3707 3708 3709 | i2d_RSAPrivateKey i2d_RSAPrivateKey_bio i2d_RSAPrivateKey_fp i2d_RSAPublicKey i2d_RSAPublicKey_bio i2d_RSAPublicKey_fp i2d_RSA_NET i2d_RSA_OAEP_PARAMS i2d_RSA_PSS_PARAMS i2d_RSA_PUBKEY i2d_RSA_PUBKEY_bio i2d_RSA_PUBKEY_fp i2d_SXNET i2d_SXNETID i2d_TS_ACCURACY |
| ︙ | ︙ |
Changes to jni/libressl/crypto/dh/dh_ameth.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: dh_ameth.c,v 1.18 2020/01/04 13:57:43 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
221 222 223 224 225 226 227 228 229 230 231 232 233 234 |
ASN1_INTEGER_free(privkey);
return 1;
decerr:
DHerror(EVP_R_DECODE_ERROR);
dherr:
DH_free(dh);
return 0;
}
static int
dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
| > | 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 |
ASN1_INTEGER_free(privkey);
return 1;
decerr:
DHerror(EVP_R_DECODE_ERROR);
dherr:
ASN1_INTEGER_free(privkey);
DH_free(dh);
return 0;
}
static int
dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/dsa/dsa_ameth.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: dsa_ameth.c,v 1.28 2019/11/01 15:15:35 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
58 59 60 61 62 63 64 65 66 67 68 69 70 71 | #include <stdio.h> #include <openssl/opensslconf.h> #include <openssl/asn1.h> #include <openssl/bn.h> #include <openssl/dsa.h> #include <openssl/err.h> #include <openssl/x509.h> #include "asn1_locl.h" #include "bn_lcl.h" | > | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 | #include <stdio.h> #include <openssl/opensslconf.h> #include <openssl/asn1.h> #include <openssl/bn.h> #include <openssl/cms.h> #include <openssl/dsa.h> #include <openssl/err.h> #include <openssl/x509.h> #include "asn1_locl.h" #include "bn_lcl.h" |
| ︙ | ︙ | |||
599 600 601 602 603 604 605 606 607 608 609 610 611 612 | if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) return -1; X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); } return 1; case ASN1_PKEY_CTRL_DEFAULT_MD_NID: *(int *)arg2 = NID_sha1; return 2; default: return -2; | > > > > > > > > > > > > > > > > > > > > > > > | 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 |
if (!OBJ_find_sigid_by_algs(&snid, hnid,
EVP_PKEY_id(pkey)))
return -1;
X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
0);
}
return 1;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_SIGN:
if (arg1 == 0) {
int snid, hnid;
X509_ALGOR *alg1, *alg2;
CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
if (alg1 == NULL || alg1->algorithm == NULL)
return -1;
hnid = OBJ_obj2nid(alg1->algorithm);
if (hnid == NID_undef)
return -1;
if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
return -1;
X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
}
return 1;
case ASN1_PKEY_CTRL_CMS_RI_TYPE:
*(int *)arg2 = CMS_RECIPINFO_NONE;
return 1;
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha1;
return 2;
default:
return -2;
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/err/err.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: err.c,v 1.48 2019/10/17 14:28:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
1180 1181 1182 1183 1184 1185 1186 | } if (es->bottom == es->top) return 0; es->err_flags[es->top]&=~ERR_FLAG_MARK; return 1; } | > > > > > > > > > > > > > > > > > > > > > | 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 |
}
if (es->bottom == es->top)
return 0;
es->err_flags[es->top]&=~ERR_FLAG_MARK;
return 1;
}
void
err_clear_last_constant_time(int clear)
{
ERR_STATE *es;
int top;
es = ERR_get_state();
if (es == NULL)
return;
top = es->top;
es->err_flags[top] &= ~(0 - clear);
es->err_buffer[top] &= ~(0UL - clear);
es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] &
~((uintptr_t)0 - clear));
es->err_line[top] |= 0 - clear;
es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
}
|
Changes to jni/libressl/crypto/evp/e_aes.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: e_aes.c,v 1.41 2020/04/30 18:43:11 tb Exp $ */ /* ==================================================================== * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * |
| ︙ | ︙ | |||
717 718 719 720 721 722 723 724 725 726 727 728 729 730 |
{
EVP_AES_GCM_CTX *gctx = c->cipher_data;
switch (type) {
case EVP_CTRL_INIT:
gctx->key_set = 0;
gctx->iv_set = 0;
gctx->ivlen = c->cipher->iv_len;
gctx->iv = c->iv;
gctx->taglen = -1;
gctx->iv_gen = 0;
gctx->tls_aad_len = -1;
return 1;
| > > > > | 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 |
{
EVP_AES_GCM_CTX *gctx = c->cipher_data;
switch (type) {
case EVP_CTRL_INIT:
gctx->key_set = 0;
gctx->iv_set = 0;
if (c->cipher->iv_len == 0) {
EVPerror(EVP_R_INVALID_IV_LENGTH);
return 0;
}
gctx->ivlen = c->cipher->iv_len;
gctx->iv = c->iv;
gctx->taglen = -1;
gctx->iv_gen = 0;
gctx->tls_aad_len = -1;
return 1;
|
| ︙ | ︙ | |||
1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 |
if (max_out_len < in_len + gcm_ctx->tag_len) {
EVPerror(EVP_R_BUFFER_TOO_SMALL);
return 0;
}
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len))
return 0;
if (gcm_ctx->ctr) {
if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk,
| > > > > > | 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 |
if (max_out_len < in_len + gcm_ctx->tag_len) {
EVPerror(EVP_R_BUFFER_TOO_SMALL);
return 0;
}
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
if (nonce_len == 0) {
EVPerror(EVP_R_INVALID_IV_LENGTH);
return 0;
}
CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len))
return 0;
if (gcm_ctx->ctr) {
if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk,
|
| ︙ | ︙ | |||
1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 |
if (max_out_len < plaintext_len) {
EVPerror(EVP_R_BUFFER_TOO_SMALL);
return 0;
}
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
if (CRYPTO_gcm128_aad(&gcm, ad, ad_len))
return 0;
if (gcm_ctx->ctr) {
if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk,
| > > > > > | 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 |
if (max_out_len < plaintext_len) {
EVPerror(EVP_R_BUFFER_TOO_SMALL);
return 0;
}
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
if (nonce_len == 0) {
EVPerror(EVP_R_INVALID_IV_LENGTH);
return 0;
}
CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
if (CRYPTO_gcm128_aad(&gcm, ad, ad_len))
return 0;
if (gcm_ctx->ctr) {
if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk,
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/evp/e_chacha.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: e_chacha.c,v 1.8 2020/01/26 07:47:26 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
30 31 32 33 34 35 36 |
static int chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static const EVP_CIPHER chacha20_cipher = {
.nid = NID_chacha20,
.block_size = 1,
.key_len = 32,
| > > > > > > > > | | > | > | | | > > > | > | 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
static int chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
static const EVP_CIPHER chacha20_cipher = {
.nid = NID_chacha20,
.block_size = 1,
.key_len = 32,
/*
* The 128 bit EVP IV is split for ChaCha into four 32 bit pieces:
* counter[0] counter[1] iv[0] iv[1]
* OpenSSL exposes these as:
* openssl_iv = counter[0] iv[0] iv[1] iv[2]
* Due to the cipher internal state's symmetry, these are functionally
* equivalent.
*/
.iv_len = 16,
.flags = EVP_CIPH_STREAM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT |
EVP_CIPH_CUSTOM_IV,
.init = chacha_init,
.do_cipher = chacha_cipher,
.ctx_size = sizeof(ChaCha_ctx)
};
const EVP_CIPHER *
EVP_chacha20(void)
{
return (&chacha20_cipher);
}
static int
chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *openssl_iv, int enc)
{
if (key != NULL)
ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key,
EVP_CIPHER_CTX_key_length(ctx) * 8);
if (openssl_iv != NULL) {
const unsigned char *iv = openssl_iv + 8;
const unsigned char *counter = openssl_iv;
ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, iv, counter);
}
return 1;
}
static int
chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
size_t len)
{
ChaCha((ChaCha_ctx *)ctx->cipher_data, out, in, len);
return 1;
}
#endif
|
Changes to jni/libressl/crypto/evp/encode.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: encode.c,v 1.28 2020/03/04 11:53:21 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
58 59 60 61 62 63 64 65 | #include <limits.h> #include <stdio.h> #include <string.h> #include <openssl/evp.h> #define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) | > < | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | #include <limits.h> #include <stdio.h> #include <string.h> #include <openssl/evp.h> static unsigned char conv_ascii2bin(unsigned char a); #define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) /* 64 char lines * pad input with 0 * left over chars are set to = * 1 byte => xx== * 2 bytes => xxx= * 3 bytes => xxxx |
| ︙ | ︙ | |||
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
#define B64_EOLN 0xF0
#define B64_CR 0xF1
#define B64_EOF 0xF2
#define B64_WS 0xE0
#define B64_ERROR 0xFF
#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
static const unsigned char data_ascii2bin[128] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};
EVP_ENCODE_CTX *
EVP_ENCODE_CTX_new(void)
{
return calloc(1, sizeof(EVP_ENCODE_CTX));
}
| > > > > > > > > > | 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
#define B64_EOLN 0xF0
#define B64_CR 0xF1
#define B64_EOF 0xF2
#define B64_WS 0xE0
#define B64_ERROR 0xFF
#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
#define B64_BASE64(a) !B64_NOT_BASE64(a)
static const unsigned char data_ascii2bin[128] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};
static unsigned char
conv_ascii2bin(unsigned char a)
{
if (a & 0x80)
return B64_ERROR;
return data_ascii2bin[a];
}
EVP_ENCODE_CTX *
EVP_ENCODE_CTX_new(void)
{
return calloc(1, sizeof(EVP_ENCODE_CTX));
}
|
| ︙ | ︙ | |||
227 228 229 230 231 232 233 |
*t = '\0';
return (ret);
}
void
EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
{
| < > < < < < | | | > > > | | > | < < < < < < < < | < < < < < | > > > | < < < < < < < < < < < < < | | < | | | < | > > > > > > > | | > > < < < | | < < < < | | > | > | | < | < < < < | > > > > > > | | > | | | | | | | | < < < | < < < | | < < | < < < | < | < < | | > < < | 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 |
*t = '\0';
return (ret);
}
void
EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
{
ctx->num = 0;
ctx->length = 0;
ctx->line_num = 0;
ctx->expect_nl = 0;
}
int
EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
unsigned char *d;
n = ctx->num;
d = ctx->enc_data;
if (n > 0 && d[n - 1] == '=') {
eof++;
if (n > 1 && d[n - 2] == '=')
eof++;
}
/* Legacy behaviour: an empty input chunk signals end of input. */
if (inl == 0) {
rv = 0;
goto end;
}
for (i = 0; i < inl; i++) {
tmp = *(in++);
v = conv_ascii2bin(tmp);
if (v == B64_ERROR) {
rv = -1;
goto end;
}
if (tmp == '=') {
eof++;
} else if (eof > 0 && B64_BASE64(v)) {
/* More data after padding. */
rv = -1;
goto end;
}
if (eof > 2) {
rv = -1;
goto end;
}
if (v == B64_EOF) {
seof = 1;
goto tail;
}
/* Only save valid base64 characters. */
if (B64_BASE64(v)) {
if (n >= 64) {
/*
* We increment n once per loop, and empty the
* buffer as soon as we reach 64 characters, so
* this can only happen if someone's manually
* messed with the ctx. Refuse to write any
* more data.
*/
rv = -1;
goto end;
}
OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
d[n++] = tmp;
}
if (n == 64) {
decoded_len = EVP_DecodeBlock(out, d, n);
n = 0;
if (decoded_len < 0 || eof > decoded_len) {
rv = -1;
goto end;
}
ret += decoded_len - eof;
out += decoded_len - eof;
}
}
/*
* Legacy behaviour: if the current line is a full base64-block (i.e.,
* has 0 mod 4 base64 characters), it is processed immediately. We keep
* this behaviour as applications may not be calling EVP_DecodeFinal
* properly.
*/
tail:
if (n > 0) {
if ((n & 3) == 0) {
decoded_len = EVP_DecodeBlock(out, d, n);
n = 0;
if (decoded_len < 0 || eof > decoded_len) {
rv = -1;
goto end;
}
ret += (decoded_len - eof);
} else if (seof) {
/* EOF in the middle of a base64 block. */
rv = -1;
goto end;
}
}
rv = seof || (n == 0 && eof) ? 0 : 1;
end:
/* Legacy behaviour. This should probably rather be zeroed on error. */
*outl = ret;
ctx->num = n;
return (rv);
}
int
EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
{
int i, ret = 0, a, b, c, d;
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/evp/evp_err.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: evp_err.c,v 1.26 2020/04/27 19:31:02 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * |
| ︙ | ︙ | |||
107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) , "expecting a ecdsa key"},
{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) , "expecting a ec key"},
{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
{ERR_REASON(EVP_R_INITIALIZATION_ERROR) , "initialization error"},
{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) , "input not initialized"},
{ERR_REASON(EVP_R_INVALID_DIGEST) , "invalid digest"},
{ERR_REASON(EVP_R_INVALID_FIPS_MODE) , "invalid fips mode"},
{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) , "invalid key length"},
{ERR_REASON(EVP_R_INVALID_OPERATION) , "invalid operation"},
{ERR_REASON(EVP_R_IV_TOO_LARGE) , "iv too large"},
{ERR_REASON(EVP_R_KEYGEN_FAILURE) , "keygen failure"},
{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
{ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) , "method not supported"},
{ERR_REASON(EVP_R_MISSING_PARAMETERS) , "missing parameters"},
| > | 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) , "expecting a ecdsa key"},
{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) , "expecting a ec key"},
{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
{ERR_REASON(EVP_R_INITIALIZATION_ERROR) , "initialization error"},
{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) , "input not initialized"},
{ERR_REASON(EVP_R_INVALID_DIGEST) , "invalid digest"},
{ERR_REASON(EVP_R_INVALID_FIPS_MODE) , "invalid fips mode"},
{ERR_REASON(EVP_R_INVALID_IV_LENGTH) , "invalid iv length"},
{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) , "invalid key length"},
{ERR_REASON(EVP_R_INVALID_OPERATION) , "invalid operation"},
{ERR_REASON(EVP_R_IV_TOO_LARGE) , "iv too large"},
{ERR_REASON(EVP_R_KEYGEN_FAILURE) , "keygen failure"},
{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
{ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) , "method not supported"},
{ERR_REASON(EVP_R_MISSING_PARAMETERS) , "missing parameters"},
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/evp/evp_locl.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: evp_locl.h,v 1.16 2019/10/29 07:52:17 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
362 363 364 365 366 367 368 369 370 | const unsigned char *ad, size_t ad_len); int (*open)(const struct evp_aead_ctx_st *ctx, unsigned char *out, size_t *out_len, size_t max_out_len, const unsigned char *nonce, size_t nonce_len, const unsigned char *in, size_t in_len, const unsigned char *ad, size_t ad_len); }; __END_HIDDEN_DECLS | > > | 362 363 364 365 366 367 368 369 370 371 372 | const unsigned char *ad, size_t ad_len); int (*open)(const struct evp_aead_ctx_st *ctx, unsigned char *out, size_t *out_len, size_t max_out_len, const unsigned char *nonce, size_t nonce_len, const unsigned char *in, size_t in_len, const unsigned char *ad, size_t ad_len); }; int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name); __END_HIDDEN_DECLS |
Changes to jni/libressl/crypto/evp/p5_crpt.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: p5_crpt.c,v 1.19 2020/01/12 07:11:13 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
return 0;
}
if (!pbe->iter)
iter = 1;
else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
return 0;
}
salt = pbe->salt->data;
saltlen = pbe->salt->length;
if (!pass)
passlen = 0;
| > | 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
return 0;
}
if (!pbe->iter)
iter = 1;
else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) {
EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
PBEPARAM_free(pbe);
return 0;
}
salt = pbe->salt->data;
saltlen = pbe->salt->length;
if (!pass)
passlen = 0;
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/evp/pmeth_lib.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: pmeth_lib.c,v 1.16 2019/11/01 15:08:57 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
74 75 76 77 78 79 80 | #include "evp_locl.h" typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); DECLARE_STACK_OF(EVP_PKEY_METHOD) STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; | | > | 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
#include "evp_locl.h"
typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
DECLARE_STACK_OF(EVP_PKEY_METHOD)
STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
extern const EVP_PKEY_METHOD rsa_pkey_meth, rsa_pss_pkey_meth;
extern const EVP_PKEY_METHOD dh_pkey_meth, dsa_pkey_meth;
extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
extern const EVP_PKEY_METHOD gostimit_pkey_meth, gostr01_pkey_meth;
static const EVP_PKEY_METHOD *standard_methods[] = {
#ifndef OPENSSL_NO_RSA
&rsa_pkey_meth,
#endif
|
| ︙ | ︙ | |||
97 98 99 100 101 102 103 104 105 106 107 108 109 110 | #endif #ifndef OPENSSL_NO_GOST &gostr01_pkey_meth, &gostimit_pkey_meth, #endif &hmac_pkey_meth, &cmac_pkey_meth, }; static int pmeth_cmp_BSEARCH_CMP_FN(const void *, const void *); static int pmeth_cmp(const EVP_PKEY_METHOD * const *, const EVP_PKEY_METHOD * const *); static const EVP_PKEY_METHOD * *OBJ_bsearch_pmeth(const EVP_PKEY_METHOD * *key, const EVP_PKEY_METHOD * const *base, int num); static int | > > > | 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 | #endif #ifndef OPENSSL_NO_GOST &gostr01_pkey_meth, &gostimit_pkey_meth, #endif &hmac_pkey_meth, &cmac_pkey_meth, #ifndef OPENSSL_NO_RSA &rsa_pss_pkey_meth, #endif }; static int pmeth_cmp_BSEARCH_CMP_FN(const void *, const void *); static int pmeth_cmp(const EVP_PKEY_METHOD * const *, const EVP_PKEY_METHOD * const *); static const EVP_PKEY_METHOD * *OBJ_bsearch_pmeth(const EVP_PKEY_METHOD * *key, const EVP_PKEY_METHOD * const *base, int num); static int |
| ︙ | ︙ | |||
434 435 436 437 438 439 440 |
EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value)
{
if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
return -2;
}
if (!strcmp(name, "digest")) {
| < < < | < | > > > > > > > > > > > > | 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 |
EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value)
{
if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
EVPerror(EVP_R_COMMAND_NOT_SUPPORTED);
return -2;
}
if (!strcmp(name, "digest")) {
return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_MD, value);
}
return ctx->pmeth->ctrl_str(ctx, name, value);
}
int
EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name)
{
const EVP_MD *md;
if ((md = EVP_get_digestbyname(md_name)) == NULL) {
EVPerror(EVP_R_INVALID_DIGEST);
return 0;
}
return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)md);
}
int
EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
{
return ctx->operation;
}
|
| ︙ | ︙ |
Deleted jni/libressl/crypto/gost/gost.h.
|
| < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < |
Changes to jni/libressl/crypto/hkdf/hkdf.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: hkdf.c,v 1.4 2019/11/21 20:02:20 tim Exp $ */ /* Copyright (c) 2014, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| ︙ | ︙ | |||
28 29 30 31 32 33 34 |
const uint8_t *secret, size_t secret_len, const uint8_t *salt,
size_t salt_len, const uint8_t *info, size_t info_len)
{
uint8_t prk[EVP_MAX_MD_SIZE];
size_t prk_len;
if (!HKDF_extract(prk, &prk_len, digest, secret, secret_len, salt,
| | | | | | 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
const uint8_t *secret, size_t secret_len, const uint8_t *salt,
size_t salt_len, const uint8_t *info, size_t info_len)
{
uint8_t prk[EVP_MAX_MD_SIZE];
size_t prk_len;
if (!HKDF_extract(prk, &prk_len, digest, secret, secret_len, salt,
salt_len))
return 0;
if (!HKDF_expand(out_key, out_len, digest, prk, prk_len, info,
info_len))
return 0;
return 1;
}
/* https://tools.ietf.org/html/rfc5869#section-2.2 */
int
HKDF_extract(uint8_t *out_key, size_t *out_len,
const EVP_MD *digest, const uint8_t *secret, size_t secret_len,
const uint8_t *salt, size_t salt_len)
{
unsigned int len;
/*
* If salt is not given, HashLength zeros are used. However, HMAC does
* that internally already so we can ignore it.
*/
if (HMAC(digest, salt, salt_len, secret, secret_len, out_key, &len) ==
NULL) {
CRYPTOerror(ERR_R_CRYPTO_LIB);
return 0;
}
*out_len = len;
|
| ︙ | ︙ | |||
87 88 89 90 91 92 93 |
goto out;
for (i = 0; i < n; i++) {
uint8_t ctr = i + 1;
size_t todo;
if (i != 0 && (!HMAC_Init_ex(&hmac, NULL, 0, NULL, NULL) ||
| | > | 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
goto out;
for (i = 0; i < n; i++) {
uint8_t ctr = i + 1;
size_t todo;
if (i != 0 && (!HMAC_Init_ex(&hmac, NULL, 0, NULL, NULL) ||
!HMAC_Update(&hmac, previous, digest_len)))
goto out;
if (!HMAC_Update(&hmac, info, info_len) ||
!HMAC_Update(&hmac, &ctr, 1) ||
!HMAC_Final(&hmac, previous, NULL))
goto out;
todo = digest_len;
if (done + todo > out_len)
todo = out_len - done;
memcpy(out_key + done, previous, todo);
done += todo;
}
ret = 1;
out:
HMAC_CTX_cleanup(&hmac);
explicit_bzero(previous, sizeof(previous));
if (ret != 1)
CRYPTOerror(ERR_R_CRYPTO_LIB);
return ret;
}
|
Changes to jni/libressl/crypto/objects/obj_dat.h.
| ︙ | ︙ | |||
58 59 60 61 62 63 64 | * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ | | | | | | | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#define NUM_NID 993
#define NUM_SN 986
#define NUM_LN 986
#define NUM_OBJ 916
static const unsigned char lvalues[6411]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */
|
| ︙ | ︙ | |||
973 974 975 976 977 978 979 980 981 982 983 984 985 986 |
0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6356] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6362] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6368] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6377] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6383] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6389] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6395] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
{"UNDEF","undefined",NID_undef,0,NULL,0},
{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0},
{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0},
{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
| > | 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 |
0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6356] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6362] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6368] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6377] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6383] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6389] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6395] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6401] OBJ_pSpecified */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
{"UNDEF","undefined",NID_undef,0,NULL,0},
{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0},
{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0},
{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
|
| ︙ | ︙ | |||
2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 |
"dhSinglePass-cofactorDH-sha384kdf-scheme",
NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6389]),0},
{"dhSinglePass-cofactorDH-sha512kdf-scheme",
"dhSinglePass-cofactorDH-sha512kdf-scheme",
NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6395]),0},
{"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0},
{"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0},
};
static const unsigned int sn_objs[NUM_SN]={
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
916, /* "AES-128-CBC-HMAC-SHA1" */
421, /* "AES-128-CFB" */
| > | 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 |
"dhSinglePass-cofactorDH-sha384kdf-scheme",
NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6389]),0},
{"dhSinglePass-cofactorDH-sha512kdf-scheme",
"dhSinglePass-cofactorDH-sha512kdf-scheme",
NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6395]),0},
{"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0},
{"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0},
{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6401]),0},
};
static const unsigned int sn_objs[NUM_SN]={
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
916, /* "AES-128-CBC-HMAC-SHA1" */
421, /* "AES-128-CFB" */
|
| ︙ | ︙ | |||
2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 | 68, /* "PBE-SHA1-RC2-64" */ 144, /* "PBE-SHA1-RC4-128" */ 145, /* "PBE-SHA1-RC4-40" */ 161, /* "PBES2" */ 69, /* "PBKDF2" */ 162, /* "PBMAC1" */ 127, /* "PKIX" */ 98, /* "RC2-40-CBC" */ 166, /* "RC2-64-CBC" */ 37, /* "RC2-CBC" */ 39, /* "RC2-CFB" */ 38, /* "RC2-ECB" */ 40, /* "RC2-OFB" */ 5, /* "RC4" */ | > | 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 | 68, /* "PBE-SHA1-RC2-64" */ 144, /* "PBE-SHA1-RC4-128" */ 145, /* "PBE-SHA1-RC4-40" */ 161, /* "PBES2" */ 69, /* "PBKDF2" */ 162, /* "PBMAC1" */ 127, /* "PKIX" */ 992, /* "PSPECIFIED" */ 98, /* "RC2-40-CBC" */ 166, /* "RC2-64-CBC" */ 37, /* "RC2-CBC" */ 39, /* "RC2-CFB" */ 38, /* "RC2-ECB" */ 40, /* "RC2-OFB" */ 5, /* "RC4" */ |
| ︙ | ︙ | |||
4226 4227 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 | 379, /* "org" */ 17, /* "organizationName" */ 491, /* "organizationalStatus" */ 18, /* "organizationalUnitName" */ 971, /* "oscca" */ 475, /* "otherMailbox" */ 876, /* "owner" */ 489, /* "pagerTelephoneNumber" */ 782, /* "password based MAC" */ 374, /* "path" */ 621, /* "payment gateway capabilities" */ 9, /* "pbeWithMD2AndDES-CBC" */ 168, /* "pbeWithMD2AndRC2-CBC" */ 112, /* "pbeWithMD5AndCast5CBC" */ | > | 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 | 379, /* "org" */ 17, /* "organizationName" */ 491, /* "organizationalStatus" */ 18, /* "organizationalUnitName" */ 971, /* "oscca" */ 475, /* "otherMailbox" */ 876, /* "owner" */ 992, /* "pSpecified" */ 489, /* "pagerTelephoneNumber" */ 782, /* "password based MAC" */ 374, /* "path" */ 621, /* "payment gateway capabilities" */ 9, /* "pbeWithMD2AndDES-CBC" */ 168, /* "pbeWithMD2AndRC2-CBC" */ 112, /* "pbeWithMD5AndCast5CBC" */ |
| ︙ | ︙ | |||
5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 | 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ 396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ 65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ 644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ 919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */ 911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ 912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ 668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ 669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ 670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ 671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ 28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ | > | 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 5199 5200 5201 5202 | 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ 396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ 65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ 644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ 919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */ 911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ 992, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */ 912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ 668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ 669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ 670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ 671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ 28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ |
| ︙ | ︙ |
Changes to jni/libressl/crypto/pkcs7/pk7_lib.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: pk7_lib.c,v 1.21 2020/01/21 10:18:52 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
182 183 184 185 186 187 188 | goto err; break; case NID_pkcs7_signedAndEnveloped: p7->type = obj; if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; | < | 182 183 184 185 186 187 188 189 190 191 192 193 194 195 | goto err; break; case NID_pkcs7_signedAndEnveloped: p7->type = obj; if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) goto err; p7->d.signed_and_enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_enveloped: p7->type = obj; |
| ︙ | ︙ |
Changes to jni/libressl/crypto/rsa/rsa_ameth.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: rsa_ameth.c,v 1.24 2019/11/20 10:46:17 inoguchi Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
58 59 60 61 62 63 64 | #include <stdio.h> #include <openssl/opensslconf.h> #include <openssl/asn1t.h> #include <openssl/bn.h> | | | > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | > > | | > > > > | > > > > | | > > < > > > > | | > > > | > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > < | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 |
#include <stdio.h>
#include <openssl/opensslconf.h>
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/cms.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include "asn1_locl.h"
#include "cryptlib.h"
#include "evp_locl.h"
#include "rsa_locl.h"
#ifndef OPENSSL_NO_CMS
static int rsa_cms_sign(CMS_SignerInfo *si);
static int rsa_cms_verify(CMS_SignerInfo *si);
static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
#endif
static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg);
/* Set any parameters associated with pkey */
static int
rsa_param_encode(const EVP_PKEY *pkey, ASN1_STRING **pstr, int *pstrtype)
{
const RSA *rsa = pkey->pkey.rsa;
*pstr = NULL;
/* If RSA it's just NULL type */
if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) {
*pstrtype = V_ASN1_NULL;
return 1;
}
/* If no PSS parameters we omit parameters entirely */
if (rsa->pss == NULL) {
*pstrtype = V_ASN1_UNDEF;
return 1;
}
/* Encode PSS parameters */
if (ASN1_item_pack(rsa->pss, &RSA_PSS_PARAMS_it, pstr) == NULL)
return 0;
*pstrtype = V_ASN1_SEQUENCE;
return 1;
}
/* Decode any parameters and set them in RSA structure */
static int
rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
{
const ASN1_OBJECT *algoid;
const void *algp;
int algptype;
X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
return 1;
if (algptype == V_ASN1_UNDEF)
return 1;
if (algptype != V_ASN1_SEQUENCE) {
RSAerror(RSA_R_INVALID_PSS_PARAMETERS);
return 0;
}
rsa->pss = rsa_pss_decode(alg);
if (rsa->pss == NULL)
return 0;
return 1;
}
static int
rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
unsigned char *penc = NULL;
int penclen;
ASN1_STRING *str;
int strtype;
if (!rsa_param_encode(pkey, &str, &strtype))
return 0;
penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
if (penclen <= 0)
return 0;
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
strtype, str, penc, penclen))
return 1;
free(penc);
return 0;
}
static int
rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
const unsigned char *p;
int pklen;
X509_ALGOR *alg;
RSA *rsa = NULL;
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey))
return 0;
if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
RSAerror(ERR_R_RSA_LIB);
return 0;
}
if (!rsa_param_decode(rsa, alg)) {
RSA_free(rsa);
return 0;
}
if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) {
RSA_free(rsa);
return 0;
}
return 1;
}
static int
rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 ||
BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
return 0;
return 1;
}
static int
old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
RSA *rsa;
if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) {
RSAerror(ERR_R_RSA_LIB);
return 0;
}
EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
return 1;
}
static int
old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
}
static int
rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
unsigned char *rk = NULL;
int rklen;
ASN1_STRING *str;
int strtype;
if (!rsa_param_encode(pkey, &str, &strtype))
return 0;
rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
if (rklen <= 0) {
RSAerror(ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(str);
return 0;
}
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
strtype, str, rk, rklen)) {
RSAerror(ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(str);
return 0;
}
return 1;
}
static int
rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p;
RSA *rsa;
int pklen;
const X509_ALGOR *alg;
if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8))
return 0;
rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
if (rsa == NULL) {
RSAerror(ERR_R_RSA_LIB);
return 0;
}
if (!rsa_param_decode(rsa, alg)) {
RSA_free(rsa);
return 0;
}
EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
return 1;
}
static int
int_rsa_size(const EVP_PKEY *pkey)
{
return RSA_size(pkey->pkey.rsa);
}
static int
rsa_bits(const EVP_PKEY *pkey)
{
return BN_num_bits(pkey->pkey.rsa->n);
}
static void
int_rsa_free(EVP_PKEY *pkey)
{
RSA_free(pkey->pkey.rsa);
}
static X509_ALGOR *
rsa_mgf1_decode(X509_ALGOR *alg)
{
if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
return NULL;
return ASN1_TYPE_unpack_sequence(&X509_ALGOR_it, alg->parameter);
}
static RSA_PSS_PARAMS *
rsa_pss_decode(const X509_ALGOR *alg)
{
RSA_PSS_PARAMS *pss;
pss = ASN1_TYPE_unpack_sequence(&RSA_PSS_PARAMS_it, alg->parameter);
if (pss == NULL)
return NULL;
if (pss->maskGenAlgorithm != NULL) {
pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
if (pss->maskHash == NULL) {
RSA_PSS_PARAMS_free(pss);
return NULL;
}
}
return pss;
}
static int
rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss, int indent)
{
int rv = 0;
X509_ALGOR *maskHash = NULL;
if (!BIO_indent(bp, indent, 128))
goto err;
if (pss_key) {
if (pss == NULL) {
if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0)
return 0;
return 1;
} else {
if (BIO_puts(bp, "PSS parameter restrictions:") <= 0)
return 0;
}
} else if (pss == NULL) {
if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0)
return 0;
return 1;
}
if (BIO_puts(bp, "\n") <= 0)
goto err;
if (pss_key)
indent += 2;
if (!BIO_indent(bp, indent, 128))
goto err;
if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
goto err;
if (pss->hashAlgorithm) {
if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
goto err;
} else if (BIO_puts(bp, "sha1 (default)") <= 0) {
goto err;
}
if (BIO_puts(bp, "\n") <= 0)
goto err;
if (!BIO_indent(bp, indent, 128))
goto err;
if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
goto err;
if (pss->maskGenAlgorithm) {
if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
goto err;
if (BIO_puts(bp, " with ") <= 0)
goto err;
maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
if (maskHash != NULL) {
if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
goto err;
} else if (BIO_puts(bp, "INVALID") <= 0) {
goto err;
}
} else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) {
goto err;
}
BIO_puts(bp, "\n");
if (!BIO_indent(bp, indent, 128))
goto err;
if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0)
goto err;
if (pss->saltLength) {
if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
goto err;
} else if (BIO_puts(bp, "14 (default)") <= 0) {
goto err;
}
BIO_puts(bp, "\n");
if (!BIO_indent(bp, indent, 128))
goto err;
if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
goto err;
if (pss->trailerField) {
if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
goto err;
} else if (BIO_puts(bp, "BC (default)") <= 0) {
goto err;
}
BIO_puts(bp, "\n");
rv = 1;
err:
X509_ALGOR_free(maskHash);
return rv;
}
static void
update_buflen(const BIGNUM *b, size_t *pbuflen)
{
size_t i;
if (!b)
return;
if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
*pbuflen = i;
}
static int
pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv)
{
const RSA *x = pkey->pkey.rsa;
unsigned char *m = NULL;
char *str;
const char *s;
int ret = 0, mod_len = 0;
size_t buf_len = 0;
update_buflen(x->n, &buf_len);
update_buflen(x->e, &buf_len);
if (priv) {
|
| ︙ | ︙ | |||
222 223 224 225 226 227 228 | if (x->n != NULL) mod_len = BN_num_bits(x->n); if (!BIO_indent(bp, off, 128)) goto err; | > > > | | | > > | | | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | | | < | < | < < | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > | > > > > > > | > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | < < | < | < < < < < < < < < < < < < < < < < < < < < | < < < < < < < < < < < < < < < < < < < < < < < < < < | | | | > > > > > > > > > | | > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > < > < < < | < < | < < < < < < < < < < < < < | < | < < < < < < < < < < < < < < < < < < < < < < < < < < | < < | | > | > | | < < < < < < < < | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 |
if (x->n != NULL)
mod_len = BN_num_bits(x->n);
if (!BIO_indent(bp, off, 128))
goto err;
if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ? "RSA-PSS" : "RSA") <= 0)
goto err;
if (priv && x->d != NULL) {
if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
goto err;
str = "modulus:";
s = "publicExponent:";
} else {
if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
goto err;
str = "Modulus:";
s = "Exponent:";
}
if (!ASN1_bn_print(bp, str, x->n, m, off))
goto err;
if (!ASN1_bn_print(bp, s, x->e, m, off))
goto err;
if (priv) {
if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off))
goto err;
if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
goto err;
if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
goto err;
if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
goto err;
if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
goto err;
if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
goto err;
}
if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off))
goto err;
ret = 1;
err:
free(m);
return ret;
}
static int
rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
{
return pkey_rsa_print(bp, pkey, indent, 0);
}
static int
rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
{
return pkey_rsa_print(bp, pkey, indent, 1);
}
static int
rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
int indent, ASN1_PCTX *pctx)
{
if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) {
int rv;
RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
rv = rsa_pss_param_print(bp, 0, pss, indent);
RSA_PSS_PARAMS_free(pss);
if (!rv)
return 0;
} else if (!sig && BIO_puts(bp, "\n") <= 0) {
return 0;
}
if (sig)
return X509_signature_dump(bp, sig, indent);
return 1;
}
static int
rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
X509_ALGOR *alg = NULL;
const EVP_MD *md;
const EVP_MD *mgf1md;
int min_saltlen;
switch (op) {
case ASN1_PKEY_CTRL_PKCS7_SIGN:
if (arg1 == 0)
PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
break;
case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
if (pkey_is_pss(pkey))
return -2;
if (arg1 == 0)
PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
break;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_SIGN:
if (arg1 == 0)
return rsa_cms_sign(arg2);
else if (arg1 == 1)
return rsa_cms_verify(arg2);
break;
case ASN1_PKEY_CTRL_CMS_ENVELOPE:
if (pkey_is_pss(pkey))
return -2;
if (arg1 == 0)
return rsa_cms_encrypt(arg2);
else if (arg1 == 1)
return rsa_cms_decrypt(arg2);
break;
case ASN1_PKEY_CTRL_CMS_RI_TYPE:
if (pkey_is_pss(pkey))
return -2;
*(int *)arg2 = CMS_RECIPINFO_TRANS;
return 1;
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
if (pkey->pkey.rsa->pss != NULL) {
if (!rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md,
&min_saltlen)) {
RSAerror(ERR_R_INTERNAL_ERROR);
return 0;
}
*(int *)arg2 = EVP_MD_type(md);
/* Return of 2 indicates this MD is mandatory */
return 2;
}
*(int *)arg2 = NID_sha256;
return 1;
default:
return -2;
}
if (alg)
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
V_ASN1_NULL, 0);
return 1;
}
/* Allocate and set algorithm ID from EVP_MD, defaults to SHA1. */
static int
rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md)
{
if (md == NULL || EVP_MD_type(md) == NID_sha1)
return 1;
*palg = X509_ALGOR_new();
if (*palg == NULL)
return 0;
X509_ALGOR_set_md(*palg, md);
return 1;
}
/* Allocate and set MGF1 algorithm ID from EVP_MD. */
static int
rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
{
X509_ALGOR *algtmp = NULL;
ASN1_STRING *stmp = NULL;
*palg = NULL;
if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1)
return 1;
/* need to embed algorithm ID inside another */
if (!rsa_md_to_algor(&algtmp, mgf1md))
goto err;
if (ASN1_item_pack(algtmp, &X509_ALGOR_it, &stmp) == NULL)
goto err;
*palg = X509_ALGOR_new();
if (*palg == NULL)
goto err;
X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
stmp = NULL;
err:
ASN1_STRING_free(stmp);
X509_ALGOR_free(algtmp);
if (*palg)
return 1;
return 0;
}
/* Convert algorithm ID to EVP_MD, defaults to SHA1. */
static const EVP_MD *
rsa_algor_to_md(X509_ALGOR *alg)
{
const EVP_MD *md;
if (!alg)
return EVP_sha1();
md = EVP_get_digestbyobj(alg->algorithm);
if (md == NULL)
RSAerror(RSA_R_UNKNOWN_DIGEST);
return md;
}
/*
* Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter,
* suitable for setting an AlgorithmIdentifier.
*/
static RSA_PSS_PARAMS *
rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
{
const EVP_MD *sigmd, *mgf1md;
EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
int saltlen;
if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
return NULL;
if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
return NULL;
if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
return NULL;
if (saltlen == -1) {
saltlen = EVP_MD_size(sigmd);
} else if (saltlen == -2 || saltlen == -3) {
saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
if ((EVP_PKEY_bits(pk) & 0x7) == 1)
saltlen--;
if (saltlen < 0)
return NULL;
}
return rsa_pss_params_create(sigmd, mgf1md, saltlen);
}
RSA_PSS_PARAMS *
rsa_pss_params_create(const EVP_MD *sigmd, const EVP_MD *mgf1md, int saltlen)
{
RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
if (pss == NULL)
goto err;
if (saltlen != 20) {
pss->saltLength = ASN1_INTEGER_new();
if (pss->saltLength == NULL)
goto err;
if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
goto err;
}
if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
goto err;
if (mgf1md == NULL)
mgf1md = sigmd;
if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
goto err;
if (!rsa_md_to_algor(&pss->maskHash, mgf1md))
goto err;
return pss;
err:
RSA_PSS_PARAMS_free(pss);
return NULL;
}
static ASN1_STRING *
rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx)
{
RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx);
ASN1_STRING *os;
if (pss == NULL)
return NULL;
os = ASN1_item_pack(pss, &RSA_PSS_PARAMS_it, NULL);
RSA_PSS_PARAMS_free(pss);
return os;
}
/*
* From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
* then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
* passed to pkctx instead.
*/
static int
rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
X509_ALGOR *sigalg, EVP_PKEY *pkey)
{
int rv = -1;
int saltlen;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_PSS_PARAMS *pss;
/* Sanity check: make sure it is PSS */
if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
RSAerror(RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
return -1;
}
/* Decode PSS parameters */
pss = rsa_pss_decode(sigalg);
if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) {
RSAerror(RSA_R_INVALID_PSS_PARAMETERS);
goto err;
}
/* We have all parameters now set up context */
if (pkey) {
if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
goto err;
} else {
const EVP_MD *checkmd;
if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0)
goto err;
if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
RSAerror(RSA_R_DIGEST_DOES_NOT_MATCH);
goto err;
}
}
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
goto err;
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
/* Carry on */
rv = 1;
err:
RSA_PSS_PARAMS_free(pss);
return rv;
}
int
rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
const EVP_MD **pmgf1md, int *psaltlen)
{
if (pss == NULL)
return 0;
*pmd = rsa_algor_to_md(pss->hashAlgorithm);
if (*pmd == NULL)
return 0;
*pmgf1md = rsa_algor_to_md(pss->maskHash);
if (*pmgf1md == NULL)
return 0;
if (pss->saltLength) {
*psaltlen = ASN1_INTEGER_get(pss->saltLength);
if (*psaltlen < 0) {
RSAerror(RSA_R_INVALID_SALT_LENGTH);
return 0;
}
} else {
*psaltlen = 20;
}
/*
* low-level routines support only trailer field 0xbc (value 1) and
* PKCS#1 says we should reject any other value anyway.
*/
if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
RSAerror(RSA_R_INVALID_TRAILER);
return 0;
}
return 1;
}
#ifndef OPENSSL_NO_CMS
static int
rsa_cms_verify(CMS_SignerInfo *si)
{
int nid, nid2;
X509_ALGOR *alg;
EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
nid = OBJ_obj2nid(alg->algorithm);
if (nid == EVP_PKEY_RSA_PSS)
return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
/* Only PSS allowed for PSS keys */
if (pkey_ctx_is_pss(pkctx)) {
RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
return 0;
}
if (nid == NID_rsaEncryption)
return 1;
/* Workaround for some implementation that use a signature OID */
if (OBJ_find_sigid_algs(nid, NULL, &nid2)) {
if (nid2 == NID_rsaEncryption)
return 1;
}
return 0;
}
#endif
/*
* Customised RSA item verification routine. This is called when a signature
* is encountered requiring special handling. We currently only handle PSS.
*/
static int
rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey)
{
/* Sanity check: make sure it is PSS */
if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
RSAerror(RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
return -1;
}
if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
/* Carry on */
return 2;
}
return -1;
}
#ifndef OPENSSL_NO_CMS
static int
rsa_cms_sign(CMS_SignerInfo *si)
{
int pad_mode = RSA_PKCS1_PADDING;
X509_ALGOR *alg;
EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
ASN1_STRING *os = NULL;
CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
if (pkctx) {
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
}
if (pad_mode == RSA_PKCS1_PADDING) {
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
return 1;
}
/* We don't support it */
if (pad_mode != RSA_PKCS1_PSS_PADDING)
return 0;
os = rsa_ctx_to_pss_string(pkctx);
if (!os)
return 0;
X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
return 1;
}
#endif
static int
rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
{
EVP_PKEY_CTX *pkctx = ctx->pctx;
int pad_mode;
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
if (pad_mode == RSA_PKCS1_PADDING)
return 2;
if (pad_mode == RSA_PKCS1_PSS_PADDING) {
ASN1_STRING *os1 = NULL;
os1 = rsa_ctx_to_pss_string(pkctx);
if (!os1)
return 0;
/* Duplicate parameters if we have to */
if (alg2) {
ASN1_STRING *os2 = ASN1_STRING_dup(os1);
if (!os2) {
ASN1_STRING_free(os1);
return 0;
}
X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
V_ASN1_SEQUENCE, os2);
}
X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
V_ASN1_SEQUENCE, os1);
return 3;
}
return 2;
}
#ifndef OPENSSL_NO_CMS
static RSA_OAEP_PARAMS *
rsa_oaep_decode(const X509_ALGOR *alg)
{
RSA_OAEP_PARAMS *oaep;
oaep = ASN1_TYPE_unpack_sequence(&RSA_OAEP_PARAMS_it, alg->parameter);
if (oaep == NULL)
return NULL;
if (oaep->maskGenFunc != NULL) {
oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc);
if (oaep->maskHash == NULL) {
RSA_OAEP_PARAMS_free(oaep);
return NULL;
}
}
return oaep;
}
static int
rsa_cms_decrypt(CMS_RecipientInfo *ri)
{
EVP_PKEY_CTX *pkctx;
X509_ALGOR *cmsalg;
int nid;
int rv = -1;
unsigned char *label = NULL;
int labellen = 0;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_OAEP_PARAMS *oaep;
pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (pkctx == NULL)
return 0;
if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
return -1;
nid = OBJ_obj2nid(cmsalg->algorithm);
if (nid == NID_rsaEncryption)
return 1;
if (nid != NID_rsaesOaep) {
RSAerror(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE);
return -1;
}
/* Decode OAEP parameters */
oaep = rsa_oaep_decode(cmsalg);
if (oaep == NULL) {
RSAerror(RSA_R_INVALID_OAEP_PARAMETERS);
goto err;
}
mgf1md = rsa_algor_to_md(oaep->maskHash);
if (mgf1md == NULL)
goto err;
md = rsa_algor_to_md(oaep->hashFunc);
if (md == NULL)
goto err;
if (oaep->pSourceFunc != NULL) {
X509_ALGOR *plab = oaep->pSourceFunc;
if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
RSAerror(RSA_R_UNSUPPORTED_LABEL_SOURCE);
goto err;
}
if (plab->parameter->type != V_ASN1_OCTET_STRING) {
RSAerror(RSA_R_INVALID_LABEL);
goto err;
}
label = plab->parameter->value.octet_string->data;
/* Stop label being freed when OAEP parameters are freed */
/* XXX - this leaks label on error... */
plab->parameter->value.octet_string->data = NULL;
labellen = plab->parameter->value.octet_string->length;
}
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
goto err;
if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
goto err;
rv = 1;
err:
RSA_OAEP_PARAMS_free(oaep);
return rv;
}
static int
rsa_cms_encrypt(CMS_RecipientInfo *ri)
{
const EVP_MD *md, *mgf1md;
RSA_OAEP_PARAMS *oaep = NULL;
ASN1_STRING *os = NULL;
X509_ALGOR *alg;
EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
unsigned char *label;
if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
return 0;
if (pkctx) {
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
}
if (pad_mode == RSA_PKCS1_PADDING) {
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
return 1;
}
/* Not supported */
if (pad_mode != RSA_PKCS1_OAEP_PADDING)
return 0;
if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
goto err;
if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
goto err;
labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
if (labellen < 0)
goto err;
oaep = RSA_OAEP_PARAMS_new();
if (oaep == NULL)
goto err;
if (!rsa_md_to_algor(&oaep->hashFunc, md))
goto err;
if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
goto err;
if (labellen > 0) {
ASN1_OCTET_STRING *los;
oaep->pSourceFunc = X509_ALGOR_new();
if (oaep->pSourceFunc == NULL)
goto err;
los = ASN1_OCTET_STRING_new();
if (los == NULL)
goto err;
if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
ASN1_OCTET_STRING_free(los);
goto err;
}
X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
V_ASN1_OCTET_STRING, los);
}
/* create string with pss parameter encoding. */
if (!ASN1_item_pack(oaep, &RSA_OAEP_PARAMS_it, &os))
goto err;
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
os = NULL;
rv = 1;
err:
RSA_OAEP_PARAMS_free(oaep);
ASN1_STRING_free(os);
return rv;
}
#endif
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
{
.pkey_id = EVP_PKEY_RSA,
.pkey_base_id = EVP_PKEY_RSA,
.pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
|
| ︙ | ︙ | |||
651 652 653 654 655 656 657 |
{
.pkey_id = EVP_PKEY_RSA2,
.pkey_base_id = EVP_PKEY_RSA,
.pkey_flags = ASN1_PKEY_ALIAS
}
};
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 |
{
.pkey_id = EVP_PKEY_RSA2,
.pkey_base_id = EVP_PKEY_RSA,
.pkey_flags = ASN1_PKEY_ALIAS
}
};
const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
.pkey_id = EVP_PKEY_RSA_PSS,
.pkey_base_id = EVP_PKEY_RSA_PSS,
.pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
.pem_str = "RSA-PSS",
.info = "OpenSSL RSA-PSS method",
.pub_decode = rsa_pub_decode,
.pub_encode = rsa_pub_encode,
.pub_cmp = rsa_pub_cmp,
.pub_print = rsa_pub_print,
.priv_decode = rsa_priv_decode,
.priv_encode = rsa_priv_encode,
.priv_print = rsa_priv_print,
.pkey_size = int_rsa_size,
.pkey_bits = rsa_bits,
.sig_print = rsa_sig_print,
.pkey_free = int_rsa_free,
.pkey_ctrl = rsa_pkey_ctrl,
.item_verify = rsa_item_verify,
.item_sign = rsa_item_sign
};
|
Changes to jni/libressl/crypto/rsa/rsa_asn1.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: rsa_asn1.c,v 1.15 2019/10/25 14:40:18 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
#include <stdio.h>
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
/* Override the default free and new methods */
static int
rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
if (operation == ASN1_OP_NEW_PRE) {
*pval = (ASN1_VALUE *)RSA_new();
| > > | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
#include <stdio.h>
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include "rsa_locl.h"
/* Override the default free and new methods */
static int
rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
if (operation == ASN1_OP_NEW_PRE) {
*pval = (ASN1_VALUE *)RSA_new();
|
| ︙ | ︙ | |||
195 196 197 198 199 200 201 202 203 204 205 206 207 208 |
.utype = V_ASN1_SEQUENCE,
.templates = RSAPublicKey_seq_tt,
.tcount = sizeof(RSAPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE),
.funcs = &RSAPublicKey_aux,
.size = sizeof(RSA),
.sname = "RSA",
};
static const ASN1_TEMPLATE RSA_PSS_PARAMS_seq_tt[] = {
{
.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
.tag = 0,
.offset = offsetof(RSA_PSS_PARAMS, hashAlgorithm),
.field_name = "hashAlgorithm",
| > > > > > > > > > > > > > > > > > > > > | 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 |
.utype = V_ASN1_SEQUENCE,
.templates = RSAPublicKey_seq_tt,
.tcount = sizeof(RSAPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE),
.funcs = &RSAPublicKey_aux,
.size = sizeof(RSA),
.sname = "RSA",
};
static int
rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
/* Free up maskHash */
if (operation == ASN1_OP_FREE_PRE) {
RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval;
X509_ALGOR_free(pss->maskHash);
}
return 1;
}
static const ASN1_AUX RSA_PSS_PARAMS_aux = {
.app_data = NULL,
.flags = 0,
.ref_offset = 0,
.ref_lock = 0,
.asn1_cb = rsa_pss_cb,
.enc_offset = 0,
};
static const ASN1_TEMPLATE RSA_PSS_PARAMS_seq_tt[] = {
{
.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
.tag = 0,
.offset = offsetof(RSA_PSS_PARAMS, hashAlgorithm),
.field_name = "hashAlgorithm",
|
| ︙ | ︙ | |||
232 233 234 235 236 237 238 |
};
const ASN1_ITEM RSA_PSS_PARAMS_it = {
.itype = ASN1_ITYPE_SEQUENCE,
.utype = V_ASN1_SEQUENCE,
.templates = RSA_PSS_PARAMS_seq_tt,
.tcount = sizeof(RSA_PSS_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
| | < | 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 |
};
const ASN1_ITEM RSA_PSS_PARAMS_it = {
.itype = ASN1_ITYPE_SEQUENCE,
.utype = V_ASN1_SEQUENCE,
.templates = RSA_PSS_PARAMS_seq_tt,
.tcount = sizeof(RSA_PSS_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
.funcs = &RSA_PSS_PARAMS_aux,
.size = sizeof(RSA_PSS_PARAMS),
.sname = "RSA_PSS_PARAMS",
};
RSA_PSS_PARAMS *
d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len)
{
return (RSA_PSS_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&RSA_PSS_PARAMS_it);
}
|
| ︙ | ︙ | |||
263 264 265 266 267 268 269 270 271 272 273 274 275 276 |
void
RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a)
{
ASN1_item_free((ASN1_VALUE *)a, &RSA_PSS_PARAMS_it);
}
RSA *
d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len)
{
return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&RSAPrivateKey_it);
}
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 |
void
RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a)
{
ASN1_item_free((ASN1_VALUE *)a, &RSA_PSS_PARAMS_it);
}
static int
rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
/* Free up maskHash */
if (operation == ASN1_OP_FREE_PRE) {
RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval;
X509_ALGOR_free(oaep->maskHash);
}
return 1;
}
static const ASN1_AUX RSA_OAEP_PARAMS_aux = {
.app_data = NULL,
.flags = 0,
.ref_offset = 0,
.ref_lock = 0,
.asn1_cb = rsa_oaep_cb,
.enc_offset = 0,
};
static const ASN1_TEMPLATE RSA_OAEP_PARAMS_seq_tt[] = {
{
.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
.tag = 0,
.offset = offsetof(RSA_OAEP_PARAMS, hashFunc),
.field_name = "hashFunc",
.item = &X509_ALGOR_it,
},
{
.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
.tag = 1,
.offset = offsetof(RSA_OAEP_PARAMS, maskGenFunc),
.field_name = "maskGenFunc",
.item = &X509_ALGOR_it,
},
{
.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
.tag = 2,
.offset = offsetof(RSA_OAEP_PARAMS, pSourceFunc),
.field_name = "pSourceFunc",
.item = &X509_ALGOR_it,
},
};
const ASN1_ITEM RSA_OAEP_PARAMS_it = {
.itype = ASN1_ITYPE_SEQUENCE,
.utype = V_ASN1_SEQUENCE,
.templates = RSA_OAEP_PARAMS_seq_tt,
.tcount = sizeof(RSA_OAEP_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
.funcs = &RSA_OAEP_PARAMS_aux,
.size = sizeof(RSA_OAEP_PARAMS),
.sname = "RSA_OAEP_PARAMS",
};
RSA_OAEP_PARAMS *
d2i_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS **a, const unsigned char **in, long len)
{
return (RSA_OAEP_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&RSA_OAEP_PARAMS_it);
}
int
i2d_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS *a, unsigned char **out)
{
return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSA_OAEP_PARAMS_it);
}
RSA_OAEP_PARAMS *
RSA_OAEP_PARAMS_new(void)
{
return (RSA_OAEP_PARAMS *)ASN1_item_new(&RSA_OAEP_PARAMS_it);
}
void
RSA_OAEP_PARAMS_free(RSA_OAEP_PARAMS *a)
{
ASN1_item_free((ASN1_VALUE *)a, &RSA_OAEP_PARAMS_it);
}
RSA *
d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len)
{
return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&RSAPrivateKey_it);
}
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/rsa/rsa_eay.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: rsa_eay.c,v 1.51 2019/11/02 13:52:31 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
.rsa_priv_enc = RSA_eay_private_encrypt, /* signing */
.rsa_priv_dec = RSA_eay_private_decrypt,
.rsa_mod_exp = RSA_eay_mod_exp,
.bn_mod_exp = BN_mod_exp_mont_ct, /* XXX probably we should not use Montgomery if e == 3 */
.init = RSA_eay_init,
.finish = RSA_eay_finish,
};
const RSA_METHOD *
RSA_PKCS1_SSLeay(void)
{
return &rsa_pkcs1_eay_meth;
}
| > > > > > > | 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
.rsa_priv_enc = RSA_eay_private_encrypt, /* signing */
.rsa_priv_dec = RSA_eay_private_decrypt,
.rsa_mod_exp = RSA_eay_mod_exp,
.bn_mod_exp = BN_mod_exp_mont_ct, /* XXX probably we should not use Montgomery if e == 3 */
.init = RSA_eay_init,
.finish = RSA_eay_finish,
};
const RSA_METHOD *
RSA_PKCS1_OpenSSL(void)
{
return &rsa_pkcs1_eay_meth;
}
const RSA_METHOD *
RSA_PKCS1_SSLeay(void)
{
return &rsa_pkcs1_eay_meth;
}
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/rsa/rsa_err.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: rsa_err.c,v 1.20 2019/11/01 15:13:05 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * |
| ︙ | ︙ | |||
86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 |
{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) , "block type is not 02"},
{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), "data greater than mod len"},
{ERR_REASON(RSA_R_DATA_TOO_LARGE) , "data too large"},
{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"},
{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS), "data too large for modulus"},
{ERR_REASON(RSA_R_DATA_TOO_SMALL) , "data too small"},
{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), "data too small for key size"},
{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), "digest too big for rsa key"},
{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) , "first octet invalid"},
{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), "illegal or unsupported padding mode"},
{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) , "invalid digest length"},
{ERR_REASON(RSA_R_INVALID_HEADER) , "invalid header"},
{ERR_REASON(RSA_R_INVALID_KEYBITS) , "invalid keybits"},
{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
{ERR_REASON(RSA_R_INVALID_MGF1_MD) , "invalid mgf1 md"},
{ERR_REASON(RSA_R_INVALID_PADDING) , "invalid padding"},
{ERR_REASON(RSA_R_INVALID_PADDING_MODE) , "invalid padding mode"},
{ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"},
{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN) , "invalid pss saltlen"},
{ERR_REASON(RSA_R_INVALID_SALT_LENGTH) , "invalid salt length"},
{ERR_REASON(RSA_R_INVALID_TRAILER) , "invalid trailer"},
{ERR_REASON(RSA_R_INVALID_X931_DIGEST) , "invalid x931 digest"},
{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) , "iqmp not inverse of q"},
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) , "key size too small"},
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) , "last octet invalid"},
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) , "modulus too large"},
{ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD) , "non fips rsa method"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) , "no public exponent"},
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), "null before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) , "n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) , "oaep decoding error"},
{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), "operation not allowed in fips mode"},
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) , "padding check failed"},
{ERR_REASON(RSA_R_P_NOT_PRIME) , "p not prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) , "q not prime"},
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), "rsa operations not supported"},
{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) , "salt length check failed"},
{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) , "salt length recovery failed"},
{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) , "sslv3 rollback attack"},
{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"},
{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST) , "unknown mask digest"},
{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) , "unknown padding type"},
{ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST) , "unknown pss digest"},
{ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM), "unsupported mask algorithm"},
{ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER), "unsupported mask parameter"},
{ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"},
{ERR_REASON(RSA_R_VALUE_MISSING) , "value missing"},
{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
{0, NULL}
};
| > > > > > > > > > > | 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 |
{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) , "block type is not 02"},
{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), "data greater than mod len"},
{ERR_REASON(RSA_R_DATA_TOO_LARGE) , "data too large"},
{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"},
{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS), "data too large for modulus"},
{ERR_REASON(RSA_R_DATA_TOO_SMALL) , "data too small"},
{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), "data too small for key size"},
{ERR_REASON(RSA_R_DIGEST_DOES_NOT_MATCH) , "digest does not match"},
{ERR_REASON(RSA_R_DIGEST_NOT_ALLOWED) , "digest not allowed"},
{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), "digest too big for rsa key"},
{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) , "first octet invalid"},
{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), "illegal or unsupported padding mode"},
{ERR_REASON(RSA_R_INVALID_DIGEST) , "invalid digest"},
{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) , "invalid digest length"},
{ERR_REASON(RSA_R_INVALID_HEADER) , "invalid header"},
{ERR_REASON(RSA_R_INVALID_LABEL) , "invalid label"},
{ERR_REASON(RSA_R_INVALID_KEYBITS) , "invalid keybits"},
{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
{ERR_REASON(RSA_R_INVALID_MGF1_MD) , "invalid mgf1 md"},
{ERR_REASON(RSA_R_INVALID_OAEP_PARAMETERS), "invalid oaep parameters"},
{ERR_REASON(RSA_R_INVALID_PADDING) , "invalid padding"},
{ERR_REASON(RSA_R_INVALID_PADDING_MODE) , "invalid padding mode"},
{ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"},
{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN) , "invalid pss saltlen"},
{ERR_REASON(RSA_R_INVALID_SALT_LENGTH) , "invalid salt length"},
{ERR_REASON(RSA_R_INVALID_TRAILER) , "invalid trailer"},
{ERR_REASON(RSA_R_INVALID_X931_DIGEST) , "invalid x931 digest"},
{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) , "iqmp not inverse of q"},
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) , "key size too small"},
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) , "last octet invalid"},
{ERR_REASON(RSA_R_MGF1_DIGEST_NOT_ALLOWED), "mgf1 digest not allowed"},
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) , "modulus too large"},
{ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD) , "non fips rsa method"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) , "no public exponent"},
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), "null before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) , "n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) , "oaep decoding error"},
{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), "operation not allowed in fips mode"},
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) , "padding check failed"},
{ERR_REASON(RSA_R_PSS_SALTLEN_TOO_SMALL) , "pss saltlen too small"},
{ERR_REASON(RSA_R_P_NOT_PRIME) , "p not prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) , "q not prime"},
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), "rsa operations not supported"},
{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) , "salt length check failed"},
{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) , "salt length recovery failed"},
{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) , "sslv3 rollback attack"},
{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"},
{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
{ERR_REASON(RSA_R_UNKNOWN_DIGEST) , "unknown digest"},
{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST) , "unknown mask digest"},
{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) , "unknown padding type"},
{ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST) , "unknown pss digest"},
{ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE), "unsupported encryption type"},
{ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"},
{ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM), "unsupported mask algorithm"},
{ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER), "unsupported mask parameter"},
{ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"},
{ERR_REASON(RSA_R_VALUE_MISSING) , "value missing"},
{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
{0, NULL}
};
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/rsa/rsa_lib.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: rsa_lib.c,v 1.40 2020/01/17 10:40:03 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | #include <stdio.h> #include <openssl/opensslconf.h> #include <openssl/bn.h> #include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/lhash.h> #include <openssl/rsa.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif static const RSA_METHOD *default_RSA_meth = NULL; | > > > | 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | #include <stdio.h> #include <openssl/opensslconf.h> #include <openssl/bn.h> #include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/lhash.h> #include <openssl/rsa.h> #include "evp_locl.h" #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif static const RSA_METHOD *default_RSA_meth = NULL; |
| ︙ | ︙ | |||
124 125 126 127 128 129 130 |
}
RSA *
RSA_new_method(ENGINE *engine)
{
RSA *ret;
| | < > | | < | > > | | < < | < < < < < < < < | < < < < < < < < > | > | | > | > | | | | < | < | < | | | 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
}
RSA *
RSA_new_method(ENGINE *engine)
{
RSA *ret;
if ((ret = calloc(1, sizeof(RSA))) == NULL) {
RSAerror(ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->meth = RSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine != NULL) {
if (!ENGINE_init(engine)) {
RSAerror(ERR_R_ENGINE_LIB);
goto err;
}
ret->engine = engine;
} else {
ret->engine = ENGINE_get_default_RSA();
}
if (ret->engine != NULL) {
if ((ret->meth = ENGINE_get_RSA(ret->engine)) == NULL) {
RSAerror(ERR_R_ENGINE_LIB);
goto err;
}
}
#endif
ret->references = 1;
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
goto err;
if (ret->meth->init != NULL && !ret->meth->init(ret)) {
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
goto err;
}
return ret;
err:
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(ret->engine);
#endif
free(ret);
return NULL;
}
void
RSA_free(RSA *r)
{
int i;
|
| ︙ | ︙ | |||
218 219 220 221 222 223 224 225 226 227 228 229 230 231 |
BN_clear_free(r->p);
BN_clear_free(r->q);
BN_clear_free(r->dmp1);
BN_clear_free(r->dmq1);
BN_clear_free(r->iqmp);
BN_BLINDING_free(r->blinding);
BN_BLINDING_free(r->mt_blinding);
free(r);
}
int
RSA_up_ref(RSA *r)
{
int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
| > | 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 |
BN_clear_free(r->p);
BN_clear_free(r->q);
BN_clear_free(r->dmp1);
BN_clear_free(r->dmq1);
BN_clear_free(r->iqmp);
BN_BLINDING_free(r->blinding);
BN_BLINDING_free(r->mt_blinding);
RSA_PSS_PARAMS_free(r->pss);
free(r);
}
int
RSA_up_ref(RSA *r)
{
int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
|
| ︙ | ︙ | |||
361 362 363 364 365 366 367 |
}
void
RSA_set_flags(RSA *r, int flags)
{
r->flags |= flags;
}
| > > > > > > > > > > > > | 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 |
}
void
RSA_set_flags(RSA *r, int flags)
{
r->flags |= flags;
}
int
RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2)
{
/* Return an error if the key type is not RSA or RSA-PSS. */
if (ctx != NULL && ctx->pmeth != NULL &&
ctx->pmeth->pkey_id != EVP_PKEY_RSA &&
ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return -1;
return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2);
}
|
Changes to jni/libressl/crypto/rsa/rsa_locl.h.
|
| | > > > > > > > > > > > < < < < < < < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
/* $OpenBSD: rsa_locl.h,v 1.11 2019/11/02 13:47:41 jsing Exp $ */
__BEGIN_HIDDEN_DECLS
#define RSA_MIN_MODULUS_BITS 512
/* Macros to test if a pkey or ctx is for a PSS key */
#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS)
#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS)
RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, const EVP_MD *mgf1md,
int saltlen);
int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
const EVP_MD **pmgf1md, int *psaltlen);
extern int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, unsigned char *rm, size_t *prm_len,
const unsigned char *sigbuf, size_t siglen, RSA *rsa);
__END_HIDDEN_DECLS
|
Changes to jni/libressl/crypto/rsa/rsa_oaep.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: rsa_oaep.c,v 1.33 2019/10/17 14:31:56 jsing Exp $ */ /* * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * |
| ︙ | ︙ | |||
75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include "rsa_locl.h"
int
RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen, const unsigned char *param, int plen)
{
return RSA_padding_add_PKCS1_OAEP_mgf1(to, tlen, from, flen, param,
| > | 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
#include "constant_time_locl.h"
#include "rsa_locl.h"
int
RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen, const unsigned char *param, int plen)
{
return RSA_padding_add_PKCS1_OAEP_mgf1(to, tlen, from, flen, param,
|
| ︙ | ︙ | |||
165 166 167 168 169 170 171 |
}
int
RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen, int num, const unsigned char *param,
int plen, const EVP_MD *md, const EVP_MD *mgf1md)
{
| | > | < < | < | > > | | | > | < < | < | < < | < < < | > > | < < | | > > > > > > | > > > > > > > > > > > > | | > | < < > | | | > | | | | | | > > > | > | > > > > > | | | | > > > > > > < > > > | | > > > > > > > > > > > > | < > | | > > > < < < | > | > > > > | | | 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 |
}
int
RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen, int num, const unsigned char *param,
int plen, const EVP_MD *md, const EVP_MD *mgf1md)
{
int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
unsigned int good = 0, found_one_byte, mask;
const unsigned char *maskedseed, *maskeddb;
unsigned char seed[EVP_MAX_MD_SIZE], phash[EVP_MAX_MD_SIZE];
unsigned char *db = NULL, *em = NULL;
int mdlen;
if (md == NULL)
md = EVP_sha1();
if (mgf1md == NULL)
mgf1md = md;
if ((mdlen = EVP_MD_size(md)) <= 0)
return -1;
if (tlen <= 0 || flen <= 0)
return -1;
/*
* |num| is the length of the modulus; |flen| is the length of the
* encoded message. Therefore, for any |from| that was obtained by
* decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
* |num| >= 2 * |mdlen| + 2 must hold for the modulus irrespective
* of the ciphertext, see PKCS #1 v2.2, section 7.1.2.
* This does not leak any side-channel information.
*/
if (num < flen || num < 2 * mdlen + 2) {
RSAerror(RSA_R_OAEP_DECODING_ERROR);
return -1;
}
dblen = num - mdlen - 1;
if ((db = malloc(dblen)) == NULL) {
RSAerror(ERR_R_MALLOC_FAILURE);
goto cleanup;
}
if ((em = malloc(num)) == NULL) {
RSAerror(ERR_R_MALLOC_FAILURE);
goto cleanup;
}
/*
* Caller is encouraged to pass zero-padded message created with
* BN_bn2binpad. Trouble is that since we can't read out of |from|'s
* bounds, it's impossible to have an invariant memory access pattern
* in case |from| was not zero-padded in advance.
*/
for (from += flen, em += num, i = 0; i < num; i++) {
mask = ~constant_time_is_zero(flen);
flen -= 1 & mask;
from -= 1 & mask;
*--em = *from & mask;
}
from = em;
/*
* The first byte must be zero, however we must not leak if this is
* true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
* Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
*/
good = constant_time_is_zero(from[0]);
maskedseed = from + 1;
maskeddb = from + 1 + mdlen;
if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
goto cleanup;
for (i = 0; i < mdlen; i++)
seed[i] ^= maskedseed[i];
if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md))
goto cleanup;
for (i = 0; i < dblen; i++)
db[i] ^= maskeddb[i];
if (!EVP_Digest((void *)param, plen, phash, NULL, md, NULL))
goto cleanup;
good &= constant_time_is_zero(timingsafe_memcmp(db, phash, mdlen));
found_one_byte = 0;
for (i = mdlen; i < dblen; i++) {
/*
* Padding consists of a number of 0-bytes, followed by a 1.
*/
unsigned int equals1 = constant_time_eq(db[i], 1);
unsigned int equals0 = constant_time_is_zero(db[i]);
one_index = constant_time_select_int(~found_one_byte & equals1,
i, one_index);
found_one_byte |= equals1;
good &= (found_one_byte | equals0);
}
good &= found_one_byte;
/*
* At this point |good| is zero unless the plaintext was valid,
* so plaintext-awareness ensures timing side-channels are no longer a
* concern.
*/
msg_index = one_index + 1;
mlen = dblen - msg_index;
/*
* For good measure, do this check in constant time as well.
*/
good &= constant_time_ge(tlen, mlen);
/*
* Even though we can't fake result's length, we can pretend copying
* |tlen| bytes where |mlen| bytes would be real. The last |tlen| of
* |dblen| bytes are viewed as a circular buffer starting at |tlen|-|mlen'|,
* where |mlen'| is the "saturated" |mlen| value. Deducing information
* about failure or |mlen| would require an attacker to observe
* memory access patterns with byte granularity *as it occurs*. It
* should be noted that failure is indistinguishable from normal
* operation if |tlen| is fixed by protocol.
*/
tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen);
msg_index = constant_time_select_int(good, msg_index, dblen - tlen);
mlen = dblen - msg_index;
for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) {
unsigned int equals = constant_time_eq(i, mlen);
from -= dblen & equals; /* if (i == mlen) rewind */
mask &= mask ^ equals; /* if (i == mlen) mask = 0 */
to[i] = constant_time_select_8(mask, from[i], to[i]);
}
/*
* To avoid chosen ciphertext attacks, the error message should not
* reveal which kind of decoding error happened.
*/
RSAerror(RSA_R_OAEP_DECODING_ERROR);
err_clear_last_constant_time(1 & good);
cleanup:
explicit_bzero(seed, sizeof(seed));
freezero(db, dblen);
freezero(em, num);
return constant_time_select_int(good, mlen, -1);
}
int
PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
long seedlen, const EVP_MD *dgst)
{
long i, outlen = 0;
|
| ︙ | ︙ |
Changes to jni/libressl/crypto/rsa/rsa_pmeth.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: rsa_pmeth.c,v 1.32 2019/10/31 14:05:30 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
64 65 66 67 68 69 70 | #include <openssl/asn1t.h> #include <openssl/bn.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/rsa.h> #include <openssl/x509.h> | | | > > > > > > > > | < > | > | > | < < > | > > | > | < > > > > > > > > > | | | > > > > > > | > > | 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 |
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "evp_locl.h"
#include "rsa_locl.h"
/* RSA pkey context structure */
typedef struct {
/* Key gen parameters */
int nbits;
BIGNUM *pub_exp;
/* Keygen callback info */
int gentmp[2];
/* RSA padding mode */
int pad_mode;
/* message digest */
const EVP_MD *md;
/* message digest for MGF1 */
const EVP_MD *mgf1md;
/* PSS salt length */
int saltlen;
/* Minimum salt length or -1 if no PSS parameter restriction */
int min_saltlen;
/* Temp buffer */
unsigned char *tbuf;
/* OAEP label */
unsigned char *oaep_label;
size_t oaep_labellen;
} RSA_PKEY_CTX;
/* True if PSS parameters are restricted */
#define rsa_pss_restricted(rctx) (rctx->min_saltlen != -1)
static int
pkey_rsa_init(EVP_PKEY_CTX *ctx)
{
RSA_PKEY_CTX *rctx;
if ((rctx = calloc(1, sizeof(RSA_PKEY_CTX))) == NULL)
return 0;
rctx->nbits = 2048;
if (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS)
rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
else
rctx->pad_mode = RSA_PKCS1_PADDING;
/* Maximum for sign, auto for verify */
rctx->saltlen = RSA_PSS_SALTLEN_AUTO;
rctx->min_saltlen = -1;
ctx->data = rctx;
ctx->keygen_info = rctx->gentmp;
ctx->keygen_info_count = 2;
return 1;
}
static int
pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
RSA_PKEY_CTX *dctx, *sctx;
if (!pkey_rsa_init(dst))
return 0;
sctx = src->data;
dctx = dst->data;
dctx->nbits = sctx->nbits;
if (sctx->pub_exp != NULL) {
BN_free(dctx->pub_exp);
if ((dctx->pub_exp = BN_dup(sctx->pub_exp)) == NULL)
return 0;
}
dctx->pad_mode = sctx->pad_mode;
dctx->md = sctx->md;
dctx->mgf1md = sctx->mgf1md;
if (sctx->oaep_label != NULL) {
free(dctx->oaep_label);
if ((dctx->oaep_label = calloc(1, sctx->oaep_labellen)) == NULL)
return 0;
memcpy(dctx->oaep_label, sctx->oaep_label, sctx->oaep_labellen);
dctx->oaep_labellen = sctx->oaep_labellen;
}
return 1;
}
static int
setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
{
if (ctx->tbuf != NULL)
return 1;
if ((ctx->tbuf = calloc(1, EVP_PKEY_size(pk->pkey))) == NULL) {
RSAerror(ERR_R_MALLOC_FAILURE);
return 0;
}
return 1;
}
static void
pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
{
RSA_PKEY_CTX *rctx = ctx->data;
if (rctx) {
BN_free(rctx->pub_exp);
free(rctx->tbuf);
free(rctx->oaep_label);
free(rctx);
}
}
static int
pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen)
{
int ret;
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
if (rctx->md) {
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
return -1;
}
if (rctx->pad_mode == RSA_X931_PADDING) {
if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) {
RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
return -1;
}
if (!setup_tbuf(rctx, ctx)) {
RSAerror(ERR_R_MALLOC_FAILURE);
return -1;
}
memcpy(rctx->tbuf, tbs, tbslen);
rctx->tbuf[tbslen] =
RSA_X931_hash_id(EVP_MD_type(rctx->md));
ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig,
rsa, RSA_X931_PADDING);
} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
unsigned int sltmp;
|
| ︙ | ︙ | |||
194 195 196 197 198 199 200 | if (!setup_tbuf(rctx, ctx)) return -1; if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs, rctx->md, rctx->mgf1md, rctx->saltlen)) return -1; ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, sig, rsa, RSA_NO_PADDING); | | > | > | 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 |
if (!setup_tbuf(rctx, ctx))
return -1;
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf,
tbs, rctx->md, rctx->mgf1md, rctx->saltlen))
return -1;
ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
sig, rsa, RSA_NO_PADDING);
} else {
return -1;
}
} else {
ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
rctx->pad_mode);
}
if (ret < 0)
return ret;
*siglen = ret;
return 1;
}
static int
|
| ︙ | ︙ | |||
222 223 224 225 226 227 228 | return -1; ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, ctx->pkey->pkey.rsa, RSA_X931_PADDING); if (ret < 1) return 0; ret--; if (rctx->tbuf[ret] != | | | > | > > > > > | > < > > > > > > > > > > > > | | > > > > > > > > > > > > | | > | > > > > > > > > > > > > | > > > > > | 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 |
return -1;
ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
ctx->pkey->pkey.rsa, RSA_X931_PADDING);
if (ret < 1)
return 0;
ret--;
if (rctx->tbuf[ret] !=
RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
RSAerror(RSA_R_ALGORITHM_MISMATCH);
return 0;
}
if (ret != EVP_MD_size(rctx->md)) {
RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
return 0;
}
if (rout)
memcpy(rout, rctx->tbuf, ret);
} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
size_t sltmp;
ret = int_rsa_verify(EVP_MD_type(rctx->md), NULL, 0,
rout, &sltmp, sig, siglen, ctx->pkey->pkey.rsa);
if (ret <= 0)
return 0;
ret = sltmp;
} else {
return -1;
}
} else {
ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
rctx->pad_mode);
}
if (ret < 0)
return ret;
*routlen = ret;
return 1;
}
static int
pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
size_t rslen;
if (rctx->md) {
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
sig, siglen, rsa);
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
return -1;
}
if (rctx->pad_mode == RSA_X931_PADDING) {
if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig,
siglen) <= 0)
return 0;
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
int ret;
if (!setup_tbuf(rctx, ctx))
return -1;
ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
rsa, RSA_NO_PADDING);
if (ret <= 0)
return 0;
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md,
rctx->mgf1md, rctx->tbuf, rctx->saltlen);
if (ret <= 0)
return 0;
return 1;
} else {
return -1;
}
} else {
if (!setup_tbuf(rctx, ctx))
return -1;
rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa,
rctx->pad_mode);
if (rslen == 0)
return 0;
}
if (rslen != tbslen || timingsafe_bcmp(tbs, rctx->tbuf, rslen))
return 0;
return 1;
}
static int
pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
RSA_PKEY_CTX *rctx = ctx->data;
int ret;
if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
int klen = RSA_size(ctx->pkey->pkey.rsa);
if (!setup_tbuf(rctx, ctx))
return -1;
if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
in, inlen, rctx->oaep_label, rctx->oaep_labellen,
rctx->md, rctx->mgf1md))
return -1;
ret = RSA_public_encrypt(klen, rctx->tbuf, out,
ctx->pkey->pkey.rsa, RSA_NO_PADDING);
} else {
ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
rctx->pad_mode);
}
if (ret < 0)
return ret;
*outlen = ret;
return 1;
}
static int
pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
int ret;
RSA_PKEY_CTX *rctx = ctx->data;
if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
if (!setup_tbuf(rctx, ctx))
return -1;
ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
ctx->pkey->pkey.rsa, RSA_NO_PADDING);
if (ret <= 0)
return ret;
ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf,
ret, ret, rctx->oaep_label, rctx->oaep_labellen, rctx->md,
rctx->mgf1md);
} else {
ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
rctx->pad_mode);
}
if (ret < 0)
return ret;
*outlen = ret;
return 1;
}
static int
check_padding_md(const EVP_MD *md, int padding)
{
if (md == NULL)
return 1;
if (padding == RSA_NO_PADDING) {
RSAerror(RSA_R_INVALID_PADDING_MODE);
return 0;
}
if (padding == RSA_X931_PADDING) {
if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) {
RSAerror(RSA_R_INVALID_X931_DIGEST);
return 0;
}
} else {
/* List of all supported RSA digests. */
switch(EVP_MD_type(md)) {
case NID_sha1:
case NID_sha224:
case NID_sha256:
case NID_sha384:
case NID_sha512:
case NID_md5:
case NID_md5_sha1:
case NID_md4:
case NID_ripemd160:
return 1;
default:
RSAerror(RSA_R_INVALID_DIGEST);
return 0;
}
}
return 1;
}
static int
pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
| ︙ | ︙ | |||
366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 |
return 0;
if (p1 == RSA_PKCS1_PSS_PADDING) {
if (!(ctx->operation &
(EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
goto bad_pad;
if (!rctx->md)
rctx->md = EVP_sha1();
}
if (p1 == RSA_PKCS1_OAEP_PADDING) {
if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
goto bad_pad;
if (!rctx->md)
rctx->md = EVP_sha1();
}
rctx->pad_mode = p1;
return 1;
}
| > > | | | | > > > > > > > > > > > > > | | > | > > > > > > > > > > > > > > > > > > > > > | > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > | > > > < < < | 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 |
return 0;
if (p1 == RSA_PKCS1_PSS_PADDING) {
if (!(ctx->operation &
(EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
goto bad_pad;
if (!rctx->md)
rctx->md = EVP_sha1();
} else if (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) {
goto bad_pad;
}
if (p1 == RSA_PKCS1_OAEP_PADDING) {
if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
goto bad_pad;
if (!rctx->md)
rctx->md = EVP_sha1();
}
rctx->pad_mode = p1;
return 1;
}
bad_pad:
RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
return -2;
case EVP_PKEY_CTRL_GET_RSA_PADDING:
*(int *)p2 = rctx->pad_mode;
return 1;
case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
RSAerror(RSA_R_INVALID_PSS_SALTLEN);
return -2;
}
if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) {
*(int *)p2 = rctx->saltlen;
} else {
if (p1 < RSA_PSS_SALTLEN_MAX)
return -2;
if (rsa_pss_restricted(rctx)) {
if (p1 == RSA_PSS_SALTLEN_AUTO &&
ctx->operation == EVP_PKEY_OP_VERIFY) {
RSAerror(RSA_R_INVALID_PSS_SALTLEN);
return -2;
}
if ((p1 == RSA_PSS_SALTLEN_DIGEST &&
rctx->min_saltlen > EVP_MD_size(rctx->md)) ||
(p1 >= 0 && p1 < rctx->min_saltlen)) {
RSAerror(RSA_R_PSS_SALTLEN_TOO_SMALL);
return 0;
}
}
rctx->saltlen = p1;
}
return 1;
case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
if (p1 < RSA_MIN_MODULUS_BITS) {
RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
return -2;
}
rctx->nbits = p1;
return 1;
case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) ||
BN_is_one((BIGNUM *)p2)) {
RSAerror(RSA_R_BAD_E_VALUE);
return -2;
}
BN_free(rctx->pub_exp);
rctx->pub_exp = p2;
return 1;
case EVP_PKEY_CTRL_RSA_OAEP_MD:
case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
RSAerror(RSA_R_INVALID_PADDING_MODE);
return -2;
}
if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD)
*(const EVP_MD **)p2 = rctx->md;
else
rctx->md = p2;
return 1;
case EVP_PKEY_CTRL_MD:
if (!check_padding_md(p2, rctx->pad_mode))
return 0;
if (rsa_pss_restricted(rctx)) {
if (EVP_MD_type(rctx->md) == EVP_MD_type(p2))
return 1;
RSAerror(RSA_R_DIGEST_NOT_ALLOWED);
return 0;
}
rctx->md = p2;
return 1;
case EVP_PKEY_CTRL_GET_MD:
*(const EVP_MD **)p2 = rctx->md;
return 1;
case EVP_PKEY_CTRL_RSA_MGF1_MD:
case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING &&
rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
RSAerror(RSA_R_INVALID_MGF1_MD);
return -2;
}
if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
if (rctx->mgf1md)
*(const EVP_MD **)p2 = rctx->mgf1md;
else
*(const EVP_MD **)p2 = rctx->md;
} else {
if (rsa_pss_restricted(rctx)) {
if (EVP_MD_type(rctx->mgf1md) == EVP_MD_type(p2))
return 1;
RSAerror(RSA_R_MGF1_DIGEST_NOT_ALLOWED);
return 0;
}
rctx->mgf1md = p2;
}
return 1;
case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
RSAerror(RSA_R_INVALID_PADDING_MODE);
return -2;
}
free(rctx->oaep_label);
if (p2 != NULL && p1 > 0) {
rctx->oaep_label = p2;
rctx->oaep_labellen = p1;
} else {
rctx->oaep_label = NULL;
rctx->oaep_labellen = 0;
}
return 1;
case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
RSAerror(RSA_R_INVALID_PADDING_MODE);
return -2;
}
*(unsigned char **)p2 = rctx->oaep_label;
return rctx->oaep_labellen;
case EVP_PKEY_CTRL_DIGESTINIT:
case EVP_PKEY_CTRL_PKCS7_SIGN:
#ifndef OPENSSL_NO_CMS
case EVP_PKEY_CTRL_CMS_SIGN:
#endif
return 1;
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
#ifndef OPENSSL_NO_CMS
case EVP_PKEY_CTRL_CMS_DECRYPT:
case EVP_PKEY_CTRL_CMS_ENCRYPT:
#endif
if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return 1;
/* fall through */
case EVP_PKEY_CTRL_PEER_KEY:
RSAerror(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
default:
return -2;
}
}
static int
pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
{
if (!value) {
RSAerror(RSA_R_VALUE_MISSING);
return 0;
}
if (!strcmp(type, "rsa_padding_mode")) {
int pm;
if (!strcmp(value, "pkcs1"))
|
| ︙ | ︙ | |||
483 484 485 486 487 488 489 |
else {
RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
return -2;
}
return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
}
| | < | > | | | | | < | | | < < < < < < < < < | < > > > > > | > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | > | | < | | > > > > > | | 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 |
else {
RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
return -2;
}
return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
}
if (strcmp(type, "rsa_pss_saltlen") == 0) {
int saltlen;
if (!strcmp(value, "digest"))
saltlen = RSA_PSS_SALTLEN_DIGEST;
else if (!strcmp(value, "max"))
saltlen = RSA_PSS_SALTLEN_MAX;
else if (!strcmp(value, "auto"))
saltlen = RSA_PSS_SALTLEN_AUTO;
else
saltlen = atoi(value);
return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
}
if (strcmp(type, "rsa_keygen_bits") == 0) {
int nbits = atoi(value);
return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
}
if (strcmp(type, "rsa_keygen_pubexp") == 0) {
BIGNUM *pubexp = NULL;
int ret;
if (!BN_asc2bn(&pubexp, value))
return 0;
ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
if (ret <= 0)
BN_free(pubexp);
return ret;
}
if (strcmp(type, "rsa_mgf1_md") == 0)
return EVP_PKEY_CTX_md(ctx,
EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_RSA_MGF1_MD, value);
if (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) {
if (strcmp(type, "rsa_pss_keygen_mgf1_md") == 0)
return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_MGF1_MD, value);
if (strcmp(type, "rsa_pss_keygen_md") == 0)
return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_MD, value);
if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {
int saltlen = atoi(value);
return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen);
}
}
if (strcmp(type, "rsa_oaep_md") == 0)
return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_RSA_OAEP_MD, value);
if (strcmp(type, "rsa_oaep_label") == 0) {
unsigned char *lab;
long lablen;
int ret;
if ((lab = string_to_hex(value, &lablen)) == NULL)
return 0;
ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
if (ret <= 0)
free(lab);
return ret;
}
return -2;
}
/* Set PSS parameters when generating a key, if necessary. */
static int
rsa_set_pss_param(RSA *rsa, EVP_PKEY_CTX *ctx)
{
RSA_PKEY_CTX *rctx = ctx->data;
if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return 1;
/* If all parameters are default values then do not set PSS. */
if (rctx->md == NULL && rctx->mgf1md == NULL &&
rctx->saltlen == RSA_PSS_SALTLEN_AUTO)
return 1;
rsa->pss = rsa_pss_params_create(rctx->md, rctx->mgf1md,
rctx->saltlen == RSA_PSS_SALTLEN_AUTO ? 0 : rctx->saltlen);
if (rsa->pss == NULL)
return 0;
return 1;
}
static int
pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
RSA *rsa = NULL;
RSA_PKEY_CTX *rctx = ctx->data;
BN_GENCB *pcb, cb;
int ret;
if (rctx->pub_exp == NULL) {
if ((rctx->pub_exp = BN_new()) == NULL)
return 0;
if (!BN_set_word(rctx->pub_exp, RSA_F4))
return 0;
}
if ((rsa = RSA_new()) == NULL)
return 0;
if (ctx->pkey_gencb != NULL) {
pcb = &cb;
evp_pkey_set_cb_translate(pcb, ctx);
} else {
pcb = NULL;
}
ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
if (ret > 0 && !rsa_set_pss_param(rsa, ctx)) {
RSA_free(rsa);
return 0;
}
if (ret > 0)
EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa);
else
RSA_free(rsa);
return ret;
}
const EVP_PKEY_METHOD rsa_pkey_meth = {
.pkey_id = EVP_PKEY_RSA,
|
| ︙ | ︙ | |||
582 583 584 585 586 587 588 | .encrypt = pkey_rsa_encrypt, .decrypt = pkey_rsa_decrypt, .ctrl = pkey_rsa_ctrl, .ctrl_str = pkey_rsa_ctrl_str }; | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 |
.encrypt = pkey_rsa_encrypt,
.decrypt = pkey_rsa_decrypt,
.ctrl = pkey_rsa_ctrl,
.ctrl_str = pkey_rsa_ctrl_str
};
/*
* Called for PSS sign or verify initialisation: checks PSS parameter
* sanity and sets any restrictions on key usage.
*/
static int
pkey_pss_init(EVP_PKEY_CTX *ctx)
{
RSA *rsa;
RSA_PKEY_CTX *rctx = ctx->data;
const EVP_MD *md;
const EVP_MD *mgf1md;
int min_saltlen, max_saltlen;
/* Should never happen */
if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return 0;
rsa = ctx->pkey->pkey.rsa;
/* If no restrictions just return */
if (rsa->pss == NULL)
return 1;
/* Get and check parameters */
if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen))
return 0;
/* See if minimum salt length exceeds maximum possible */
max_saltlen = RSA_size(rsa) - EVP_MD_size(md);
if ((RSA_bits(rsa) & 0x7) == 1)
max_saltlen--;
if (min_saltlen > max_saltlen) {
RSAerror(RSA_R_INVALID_SALT_LENGTH);
return 0;
}
rctx->min_saltlen = min_saltlen;
/*
* Set PSS restrictions as defaults: we can then block any attempt to
* use invalid values in pkey_rsa_ctrl
*/
rctx->md = md;
rctx->mgf1md = mgf1md;
rctx->saltlen = min_saltlen;
return 1;
}
const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
.pkey_id = EVP_PKEY_RSA_PSS,
.flags = EVP_PKEY_FLAG_AUTOARGLEN,
.init = pkey_rsa_init,
.copy = pkey_rsa_copy,
.cleanup = pkey_rsa_cleanup,
.keygen = pkey_rsa_keygen,
.sign_init = pkey_pss_init,
.sign = pkey_rsa_sign,
.verify_init = pkey_pss_init,
.verify = pkey_rsa_verify,
.ctrl = pkey_rsa_ctrl,
.ctrl_str = pkey_rsa_ctrl_str
};
|
Changes to jni/libressl/depcomp.
1 2 3 4 5 | #! /bin/sh # depcomp - compile a program generating dependencies as side-effects scriptversion=2018-03-07.03; # UTC | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 | #! /bin/sh # depcomp - compile a program generating dependencies as side-effects scriptversion=2018-03-07.03; # UTC # Copyright (C) 1999-2020 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, |
| ︙ | ︙ |
Changes to jni/libressl/include/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ |
Changes to jni/libressl/include/compat/unistd.h.
| ︙ | ︙ | |||
33 34 35 36 37 38 39 | #define SEEK_SET 0 #define SEEK_CUR 1 #define SEEK_END 2 #define access _access | > > | > > > > > | 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
#define SEEK_SET 0
#define SEEK_CUR 1
#define SEEK_END 2
#define access _access
#ifdef _MSC_VER
#include <windows.h>
static inline unsigned int sleep(unsigned int seconds)
{
Sleep(seconds * 1000);
return seconds;
}
#endif
int ftruncate(int fd, off_t length);
uid_t getuid(void);
ssize_t pread(int d, void *buf, size_t nbytes, off_t offset);
ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset);
#endif
|
| ︙ | ︙ |
Changes to jni/libressl/include/openssl/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ |
Changes to jni/libressl/include/openssl/conf.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: conf.h,v 1.15 2020/02/17 12:51:48 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
237 238 239 240 241 242 243 244 245 246 247 248 249 | #define CONF_R_NO_CONF 105 #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 #define CONF_R_NO_SECTION 107 #define CONF_R_NO_SUCH_FILE 114 #define CONF_R_NO_VALUE 108 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 #define CONF_R_UNKNOWN_MODULE_NAME 113 #define CONF_R_VARIABLE_HAS_NO_VALUE 104 #ifdef __cplusplus } #endif #endif | > | 237 238 239 240 241 242 243 244 245 246 247 248 249 250 | #define CONF_R_NO_CONF 105 #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 #define CONF_R_NO_SECTION 107 #define CONF_R_NO_SUCH_FILE 114 #define CONF_R_NO_VALUE 108 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 #define CONF_R_UNKNOWN_MODULE_NAME 113 #define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 #define CONF_R_VARIABLE_HAS_NO_VALUE 104 #ifdef __cplusplus } #endif #endif |
Changes to jni/libressl/include/openssl/dtls1.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: dtls1.h,v 1.23 2020/03/12 17:01:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * |
| ︙ | ︙ | |||
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
struct timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
struct dtls1_state_internal_st *internal;
} DTLS1_STATE;
typedef struct dtls1_record_data_st {
unsigned char *packet;
unsigned int packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
} DTLS1_RECORD_DATA;
#endif
/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
#define DTLS1_TMO_READ_COUNT 2
#define DTLS1_TMO_WRITE_COUNT 2
#define DTLS1_TMO_ALERT_COUNT 12
#ifdef __cplusplus
}
#endif
#endif
| > > > > | 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 |
struct timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
struct dtls1_state_internal_st *internal;
} DTLS1_STATE;
#ifndef LIBRESSL_INTERNAL
typedef struct dtls1_record_data_st {
unsigned char *packet;
unsigned int packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
} DTLS1_RECORD_DATA;
#endif
#endif
/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
#define DTLS1_TMO_READ_COUNT 2
#define DTLS1_TMO_WRITE_COUNT 2
#define DTLS1_TMO_ALERT_COUNT 12
#ifdef __cplusplus
}
#endif
#endif
|
Changes to jni/libressl/include/openssl/evp.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: evp.h,v 1.79 2020/04/27 19:31:02 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
95 96 97 98 99 100 101 102 103 104 105 106 107 108 | #define EVP_PKS_RSA 0x0100 #define EVP_PKS_DSA 0x0200 #define EVP_PKS_EC 0x0400 #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ #define EVP_PKEY_NONE NID_undef #define EVP_PKEY_RSA NID_rsaEncryption #define EVP_PKEY_RSA2 NID_rsa #define EVP_PKEY_DSA NID_dsa #define EVP_PKEY_DSA1 NID_dsa_2 #define EVP_PKEY_DSA2 NID_dsaWithSHA #define EVP_PKEY_DSA3 NID_dsaWithSHA1 #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement | > | 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | #define EVP_PKS_RSA 0x0100 #define EVP_PKS_DSA 0x0200 #define EVP_PKS_EC 0x0400 #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ #define EVP_PKEY_NONE NID_undef #define EVP_PKEY_RSA NID_rsaEncryption #define EVP_PKEY_RSA_PSS NID_rsassaPss #define EVP_PKEY_RSA2 NID_rsa #define EVP_PKEY_DSA NID_dsa #define EVP_PKEY_DSA1 NID_dsa_2 #define EVP_PKEY_DSA2 NID_dsaWithSHA #define EVP_PKEY_DSA3 NID_dsaWithSHA1 #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement |
| ︙ | ︙ | |||
1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 | #define EVP_R_EXPECTING_A_ECDSA_KEY 141 #define EVP_R_EXPECTING_A_EC_KEY 142 #define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 #define EVP_R_INVALID_DIGEST 152 #define EVP_R_INVALID_FIPS_MODE 168 #define EVP_R_INVALID_KEY_LENGTH 130 #define EVP_R_INVALID_OPERATION 148 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 #define EVP_R_MESSAGE_DIGEST_IS_NULL 159 #define EVP_R_METHOD_NOT_SUPPORTED 144 #define EVP_R_MISSING_PARAMETERS 103 | > | 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 | #define EVP_R_EXPECTING_A_ECDSA_KEY 141 #define EVP_R_EXPECTING_A_EC_KEY 142 #define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 #define EVP_R_INVALID_DIGEST 152 #define EVP_R_INVALID_FIPS_MODE 168 #define EVP_R_INVALID_IV_LENGTH 194 #define EVP_R_INVALID_KEY_LENGTH 130 #define EVP_R_INVALID_OPERATION 148 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 #define EVP_R_MESSAGE_DIGEST_IS_NULL 159 #define EVP_R_METHOD_NOT_SUPPORTED 144 #define EVP_R_MISSING_PARAMETERS 103 |
| ︙ | ︙ |
Changes to jni/libressl/include/openssl/obj_mac.h.
| ︙ | ︙ | |||
586 587 588 589 590 591 592 593 594 595 596 597 598 599 | #define OBJ_rsaesOaep OBJ_pkcs1,7L #define SN_mgf1 "MGF1" #define LN_mgf1 "mgf1" #define NID_mgf1 911 #define OBJ_mgf1 OBJ_pkcs1,8L #define SN_rsassaPss "RSASSA-PSS" #define LN_rsassaPss "rsassaPss" #define NID_rsassaPss 912 #define OBJ_rsassaPss OBJ_pkcs1,10L #define SN_sha256WithRSAEncryption "RSA-SHA256" #define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" | > > > > > | 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 | #define OBJ_rsaesOaep OBJ_pkcs1,7L #define SN_mgf1 "MGF1" #define LN_mgf1 "mgf1" #define NID_mgf1 911 #define OBJ_mgf1 OBJ_pkcs1,8L #define SN_pSpecified "PSPECIFIED" #define LN_pSpecified "pSpecified" #define NID_pSpecified 992 #define OBJ_pSpecified OBJ_pkcs1,9L #define SN_rsassaPss "RSASSA-PSS" #define LN_rsassaPss "rsassaPss" #define NID_rsassaPss 912 #define OBJ_rsassaPss OBJ_pkcs1,10L #define SN_sha256WithRSAEncryption "RSA-SHA256" #define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" |
| ︙ | ︙ |
Changes to jni/libressl/include/openssl/opensslfeatures.h.
| ︙ | ︙ | |||
30 31 32 33 34 35 36 | /* #define OPENSSL_NO_AUTOLOAD_CONFIG */ /* #define OPENSSL_NO_BF */ /* #define OPENSSL_NO_BLAKE2 */ /* #define OPENSSL_NO_CAMELLIA */ /* #define OPENSSL_NO_CAST */ /* #define OPENSSL_NO_CHACHA */ /* #define OPENSSL_NO_CMAC */ | | | 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | /* #define OPENSSL_NO_AUTOLOAD_CONFIG */ /* #define OPENSSL_NO_BF */ /* #define OPENSSL_NO_BLAKE2 */ /* #define OPENSSL_NO_CAMELLIA */ /* #define OPENSSL_NO_CAST */ /* #define OPENSSL_NO_CHACHA */ /* #define OPENSSL_NO_CMAC */ /* #define OPENSSL_NO_CMS */ #define OPENSSL_NO_COMP /* XXX */ /* #define OPENSSL_NO_CRYPTO_MDEBUG */ /* #define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE */ /* #define OPENSSL_NO_CT */ /* #define OPENSSL_NO_DECC_INIT */ /* #define OPENSSL_NO_DES */ /* #define OPENSSL_NO_DGRAM */ |
| ︙ | ︙ |
Changes to jni/libressl/include/openssl/opensslv.h.
|
| | | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | /* $OpenBSD: opensslv.h,v 1.57 2020/05/06 15:45:22 tb Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ #define LIBRESSL_VERSION_NUMBER 0x3010100fL /* ^ Patch starts here */ #define LIBRESSL_VERSION_TEXT "LibreSSL 3.1.1" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L #define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT #define SHLIB_VERSION_HISTORY "" |
| ︙ | ︙ |
Changes to jni/libressl/include/openssl/rsa.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: rsa.h,v 1.51 2019/11/04 12:30:56 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
#ifdef __cplusplus
extern "C" {
#endif
/* Declared already in ossl_typ.h */
/* typedef struct rsa_st RSA; */
/* typedef struct rsa_meth_st RSA_METHOD; */
struct rsa_meth_st {
const char *name;
int (*rsa_pub_enc)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int (*rsa_pub_dec)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
| > > > > > > > > > > > > > > > > > > > | 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
#ifdef __cplusplus
extern "C" {
#endif
/* Declared already in ossl_typ.h */
/* typedef struct rsa_st RSA; */
/* typedef struct rsa_meth_st RSA_METHOD; */
typedef struct rsa_pss_params_st {
X509_ALGOR *hashAlgorithm;
X509_ALGOR *maskGenAlgorithm;
ASN1_INTEGER *saltLength;
ASN1_INTEGER *trailerField;
/* Hash algorithm decoded from maskGenAlgorithm. */
X509_ALGOR *maskHash;
} RSA_PSS_PARAMS;
typedef struct rsa_oaep_params_st {
X509_ALGOR *hashFunc;
X509_ALGOR *maskGenFunc;
X509_ALGOR *pSourceFunc;
/* Hash algorithm decoded from maskGenFunc. */
X509_ALGOR *maskHash;
} RSA_OAEP_PARAMS;
struct rsa_meth_st {
const char *name;
int (*rsa_pub_enc)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int (*rsa_pub_dec)(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
|
| ︙ | ︙ | |||
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 |
struct rsa_st {
/* The first parameter is used to pickup errors where
* this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
long version;
const RSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
BIGNUM *p;
BIGNUM *q;
BIGNUM *dmp1;
BIGNUM *dmq1;
BIGNUM *iqmp;
/* be careful using this if the RSA structure is shared */
CRYPTO_EX_DATA ex_data;
int references;
int flags;
/* Used to cache montgomery values */
BN_MONT_CTX *_method_mod_n;
| > > > > > | 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
struct rsa_st {
/* The first parameter is used to pickup errors where
* this is passed instead of aEVP_PKEY, it is set to 0 */
int pad;
long version;
const RSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
BIGNUM *p;
BIGNUM *q;
BIGNUM *dmp1;
BIGNUM *dmq1;
BIGNUM *iqmp;
/* Parameter restrictions for PSS only keys. */
RSA_PSS_PARAMS *pss;
/* be careful using this if the RSA structure is shared */
CRYPTO_EX_DATA ex_data;
int references;
int flags;
/* Used to cache montgomery values */
BN_MONT_CTX *_method_mod_n;
|
| ︙ | ︙ | |||
189 190 191 192 193 194 195 196 197 | #define RSA_FLAG_SIGN_VER 0x0040 /* * The built-in RSA implementation uses blinding by default, but other engines * might not need it. */ #define RSA_FLAG_NO_BLINDING 0x0080 #define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ | > > > > > > > | < < | < | | > > > | < | | < | | | | | > > > > | | > > > > | > > > > | | > > > > > > > > > > > > | | | | | > > > > > > | 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 | #define RSA_FLAG_SIGN_VER 0x0040 /* * The built-in RSA implementation uses blinding by default, but other engines * might not need it. */ #define RSA_FLAG_NO_BLINDING 0x0080 /* Salt length matches digest */ #define RSA_PSS_SALTLEN_DIGEST -1 /* Verify only: auto detect salt length */ #define RSA_PSS_SALTLEN_AUTO -2 /* Set salt length to maximum possible */ #define RSA_PSS_SALTLEN_MAX -3 #define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) #define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) #define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) #define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) #define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) #define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) #define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) #define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) #define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) #define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) #define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) #define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) #define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) #define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) #define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, 0, (void *)(md)) #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) #define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) #define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) #define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) #define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) #define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) #define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) #define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) #define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 #define RSA_PKCS1_OAEP_PADDING 4 #define RSA_X931_PADDING 5 /* EVP_PKEY_ only */ #define RSA_PKCS1_PSS_PADDING 6 |
| ︙ | ︙ | |||
285 286 287 288 289 290 291 | int RSA_flags(const RSA *r); void RSA_set_default_method(const RSA_METHOD *meth); const RSA_METHOD *RSA_get_default_method(void); const RSA_METHOD *RSA_get_method(const RSA *rsa); int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); | | > > < < < < < < < > > > > > > | 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 | int RSA_flags(const RSA *r); void RSA_set_default_method(const RSA_METHOD *meth); const RSA_METHOD *RSA_get_default_method(void); const RSA_METHOD *RSA_get_method(const RSA *rsa); int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); const RSA_METHOD *RSA_PKCS1_OpenSSL(void); const RSA_METHOD *RSA_PKCS1_SSLeay(void); const RSA_METHOD *RSA_null_method(void); int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); RSA *d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len); int i2d_RSAPublicKey(const RSA *a, unsigned char **out); extern const ASN1_ITEM RSAPublicKey_it; RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len); int i2d_RSAPrivateKey(const RSA *a, unsigned char **out); extern const ASN1_ITEM RSAPrivateKey_it; RSA_PSS_PARAMS *RSA_PSS_PARAMS_new(void); void RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a); RSA_PSS_PARAMS *d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len); int i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS *a, unsigned char **out); extern const ASN1_ITEM RSA_PSS_PARAMS_it; RSA_OAEP_PARAMS *RSA_OAEP_PARAMS_new(void); void RSA_OAEP_PARAMS_free(RSA_OAEP_PARAMS *a); RSA_OAEP_PARAMS *d2i_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS **a, const unsigned char **in, long len); int i2d_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS *a, unsigned char **out); extern const ASN1_ITEM RSA_OAEP_PARAMS_it; int RSA_print_fp(FILE *fp, const RSA *r, int offset); #ifndef OPENSSL_NO_BIO int RSA_print(BIO *bp, const RSA *r, int offset); #endif |
| ︙ | ︙ | |||
364 365 366 367 368 369 370 371 372 373 374 375 376 377 |
const unsigned char *seed, long seedlen, const EVP_MD *dgst);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl,
const unsigned char *p, int pl);
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len,
const unsigned char *p, int pl);
int RSA_padding_add_none(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_none(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len);
int RSA_padding_add_X931(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_X931(unsigned char *to, int tlen,
| > > > > > > | 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 |
const unsigned char *seed, long seedlen, const EVP_MD *dgst);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl,
const unsigned char *p, int pl);
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len,
const unsigned char *p, int pl);
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen, const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md);
int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen, int num, const unsigned char *param,
int plen, const EVP_MD *md, const EVP_MD *mgf1md);
int RSA_padding_add_none(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_none(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len);
int RSA_padding_add_X931(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_X931(unsigned char *to, int tlen,
|
| ︙ | ︙ | |||
564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 | #define RSA_R_BLOCK_TYPE_IS_NOT_02 107 #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 #define RSA_R_DATA_TOO_LARGE 109 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 #define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 #define RSA_R_DATA_TOO_SMALL 111 #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 #define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 #define RSA_R_FIRST_OCTET_INVALID 133 #define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 #define RSA_R_INVALID_DIGEST_LENGTH 143 #define RSA_R_INVALID_HEADER 137 #define RSA_R_INVALID_KEYBITS 145 #define RSA_R_INVALID_MESSAGE_LENGTH 131 #define RSA_R_INVALID_MGF1_MD 156 #define RSA_R_INVALID_PADDING 138 #define RSA_R_INVALID_PADDING_MODE 141 #define RSA_R_INVALID_PSS_PARAMETERS 149 #define RSA_R_INVALID_PSS_SALTLEN 146 #define RSA_R_INVALID_SALT_LENGTH 150 #define RSA_R_INVALID_TRAILER 139 #define RSA_R_INVALID_X931_DIGEST 142 #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 #define RSA_R_KEY_SIZE_TOO_SMALL 120 #define RSA_R_LAST_OCTET_INVALID 134 #define RSA_R_MODULUS_TOO_LARGE 105 #define RSA_R_NON_FIPS_RSA_METHOD 157 #define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 #define RSA_R_SLEN_CHECK_FAILED 136 #define RSA_R_SLEN_RECOVERY_FAILED 135 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 #define RSA_R_UNKNOWN_MASK_DIGEST 151 #define RSA_R_UNKNOWN_PADDING_TYPE 118 #define RSA_R_UNKNOWN_PSS_DIGEST 152 #define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 #define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 #define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 #define RSA_R_VALUE_MISSING 147 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 #ifdef __cplusplus } #endif #endif | > > > > > > > > > > | 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 | #define RSA_R_BLOCK_TYPE_IS_NOT_02 107 #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 #define RSA_R_DATA_TOO_LARGE 109 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 #define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 #define RSA_R_DATA_TOO_SMALL 111 #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 #define RSA_R_DIGEST_DOES_NOT_MATCH 158 #define RSA_R_DIGEST_NOT_ALLOWED 145 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 #define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 #define RSA_R_FIRST_OCTET_INVALID 133 #define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 #define RSA_R_INVALID_DIGEST 157 #define RSA_R_INVALID_DIGEST_LENGTH 143 #define RSA_R_INVALID_HEADER 137 #define RSA_R_INVALID_KEYBITS 145 #define RSA_R_INVALID_LABEL 160 #define RSA_R_INVALID_MESSAGE_LENGTH 131 #define RSA_R_INVALID_MGF1_MD 156 #define RSA_R_INVALID_OAEP_PARAMETERS 161 #define RSA_R_INVALID_PADDING 138 #define RSA_R_INVALID_PADDING_MODE 141 #define RSA_R_INVALID_PSS_PARAMETERS 149 #define RSA_R_INVALID_PSS_SALTLEN 146 #define RSA_R_INVALID_SALT_LENGTH 150 #define RSA_R_INVALID_TRAILER 139 #define RSA_R_INVALID_X931_DIGEST 142 #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 #define RSA_R_KEY_SIZE_TOO_SMALL 120 #define RSA_R_LAST_OCTET_INVALID 134 #define RSA_R_MODULUS_TOO_LARGE 105 #define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 #define RSA_R_NON_FIPS_RSA_METHOD 157 #define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_PSS_SALTLEN_TOO_SMALL 164 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 #define RSA_R_SLEN_CHECK_FAILED 136 #define RSA_R_SLEN_RECOVERY_FAILED 135 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 #define RSA_R_UNKNOWN_DIGEST 166 #define RSA_R_UNKNOWN_MASK_DIGEST 151 #define RSA_R_UNKNOWN_PADDING_TYPE 118 #define RSA_R_UNKNOWN_PSS_DIGEST 152 #define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 #define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 #define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 #define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 #define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 #define RSA_R_VALUE_MISSING 147 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 #ifdef __cplusplus } #endif #endif |
Changes to jni/libressl/include/openssl/ssl.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl.h,v 1.171 2020/03/16 15:25:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
399 400 401 402 403 404 405 |
/* Used to hold functions for SSLv3/TLSv1 functions */
struct ssl_method_internal_st;
struct ssl_method_st {
int (*ssl_dispatch_alert)(SSL *s);
int (*num_ciphers)(void);
| | | 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 |
/* Used to hold functions for SSLv3/TLSv1 functions */
struct ssl_method_internal_st;
struct ssl_method_st {
int (*ssl_dispatch_alert)(SSL *s);
int (*num_ciphers)(void);
const SSL_CIPHER *(*get_cipher)(unsigned int ncipher);
const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
const struct ssl_method_internal_st *internal;
};
/* Lets make this into an ASN.1 type structure as follows
|
| ︙ | ︙ | |||
762 763 764 765 766 767 768 |
unsigned char **out, unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg), void *arg);
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen, const unsigned char *client,
unsigned int client_len);
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
| | | 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 |
unsigned char **out, unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg), void *arg);
int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen, const unsigned char *client,
unsigned int client_len);
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
unsigned int *len);
#define OPENSSL_NPN_UNSUPPORTED 0
#define OPENSSL_NPN_NEGOTIATED 1
#define OPENSSL_NPN_NO_OVERLAP 2
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned int protos_len);
|
| ︙ | ︙ | |||
1215 1216 1217 1218 1219 1220 1221 | #define SSL_CTX_set1_curves SSL_CTX_set1_groups #define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list #define SSL_set1_curves SSL_set1_groups #define SSL_set1_curves_list SSL_set1_groups_list #endif | | | | | > > | | 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 | #define SSL_CTX_set1_curves SSL_CTX_set1_groups #define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list #define SSL_set1_curves SSL_set1_groups #define SSL_set1_curves_list SSL_set1_groups_list #endif #define SSL_CTX_add_extra_chain_cert(ctx, x509) \ SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)x509) #define SSL_CTX_get_extra_chain_certs(ctx, px509) \ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, px509) #define SSL_CTX_get_extra_chain_certs_only(ctx, px509) \ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 1, px509) #define SSL_CTX_clear_extra_chain_certs(ctx) \ SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, NULL) #define SSL_get_server_tmp_key(s, pk) \ SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) #ifndef LIBRESSL_INTERNAL /* * Also provide those functions as macros for compatibility with |
| ︙ | ︙ | |||
2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 | #define SSL_R_WRONG_SIGNATURE_SIZE 265 #define SSL_R_WRONG_SIGNATURE_TYPE 370 #define SSL_R_WRONG_SSL_VERSION 266 #define SSL_R_WRONG_VERSION_NUMBER 267 #define SSL_R_X509_LIB 268 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 #define SSL_R_PEER_BEHAVING_BADLY 666 /* * OpenSSL compatible OPENSSL_INIT options */ /* * These are provided for compatibiliy, but have no effect | > | 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 | #define SSL_R_WRONG_SIGNATURE_SIZE 265 #define SSL_R_WRONG_SIGNATURE_TYPE 370 #define SSL_R_WRONG_SSL_VERSION 266 #define SSL_R_WRONG_VERSION_NUMBER 267 #define SSL_R_X509_LIB 268 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 #define SSL_R_PEER_BEHAVING_BADLY 666 #define SSL_R_UNKNOWN 999 /* * OpenSSL compatible OPENSSL_INIT options */ /* * These are provided for compatibiliy, but have no effect |
| ︙ | ︙ |
Changes to jni/libressl/include/openssl/ssl3.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl3.h,v 1.50 2020/03/12 17:01:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 |
#define SSL3_AD_CERTIFICATE_UNKNOWN 46
#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
#define TLS1_HB_REQUEST 1
#define TLS1_HB_RESPONSE 2
#ifndef OPENSSL_NO_SSL_INTERN
typedef struct ssl3_record_st {
/*r */ int type; /* type of record */
/*rw*/ unsigned int length; /* How many bytes available */
/*r */ unsigned int off; /* read/write offset into 'buf' */
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
} SSL3_RECORD;
typedef struct ssl3_buffer_st {
unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
* see ssl3_setup_buffers() */
size_t len; /* buffer size */
int offset; /* where to 'copy from' */
int left; /* how many bytes left */
} SSL3_BUFFER;
#endif
#define SSL3_CT_RSA_SIGN 1
#define SSL3_CT_DSS_SIGN 2
#define SSL3_CT_RSA_FIXED_DH 3
#define SSL3_CT_DSS_FIXED_DH 4
#define SSL3_CT_RSA_EPHEMERAL_DH 5
| > > | 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 |
#define SSL3_AD_CERTIFICATE_UNKNOWN 46
#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
#define TLS1_HB_REQUEST 1
#define TLS1_HB_RESPONSE 2
#ifndef OPENSSL_NO_SSL_INTERN
#ifndef LIBRESSL_INTERNAL
typedef struct ssl3_record_st {
/*r */ int type; /* type of record */
/*rw*/ unsigned int length; /* How many bytes available */
/*r */ unsigned int off; /* read/write offset into 'buf' */
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
} SSL3_RECORD;
typedef struct ssl3_buffer_st {
unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
* see ssl3_setup_buffers() */
size_t len; /* buffer size */
int offset; /* where to 'copy from' */
int left; /* how many bytes left */
} SSL3_BUFFER;
#endif
#endif
#define SSL3_CT_RSA_SIGN 1
#define SSL3_CT_DSS_SIGN 2
#define SSL3_CT_RSA_FIXED_DH 3
#define SSL3_CT_DSS_FIXED_DH 4
#define SSL3_CT_RSA_EPHEMERAL_DH 5
|
| ︙ | ︙ |
Changes to jni/libressl/include/openssl/tls1.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls1.h,v 1.40 2020/01/02 06:23:16 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
276 277 278 279 280 281 282 283 284 285 286 287 288 289 | #define TLSEXT_TYPE_certificate_authorities 47 #define TLSEXT_TYPE_oid_filters 48 #define TLSEXT_TYPE_post_handshake_auth 49 #define TLSEXT_TYPE_signature_algorithms_cert 50 #define TLSEXT_TYPE_key_share 51 #endif /* Temporary extension type */ #define TLSEXT_TYPE_renegotiate 0xff01 /* NameType value from RFC 3546. */ #define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC 3546 */ #define TLSEXT_STATUSTYPE_ocsp 1 | > > > > > > > > > | 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 | #define TLSEXT_TYPE_certificate_authorities 47 #define TLSEXT_TYPE_oid_filters 48 #define TLSEXT_TYPE_post_handshake_auth 49 #define TLSEXT_TYPE_signature_algorithms_cert 50 #define TLSEXT_TYPE_key_share 51 #endif /* * TLS 1.3 extension names from OpenSSL, where they decided to use a different * name from that given in RFC 8446. */ #if defined(LIBRESSL_HAS_TLS1_3) #define TLSEXT_TYPE_psk TLSEXT_TYPE_pre_shared_key #define TLSEXT_TYPE_psk_kex_modes TLSEXT_TYPE_psk_key_exchange_modes #endif /* Temporary extension type */ #define TLSEXT_TYPE_renegotiate 0xff01 /* NameType value from RFC 3546. */ #define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC 3546 */ #define TLSEXT_STATUSTYPE_ocsp 1 |
| ︙ | ︙ |
Changes to jni/libressl/include/tls.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
30 31 32 33 34 35 36 | #endif #include <sys/types.h> #include <stddef.h> #include <stdint.h> | | > > | > | | 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | #endif #include <sys/types.h> #include <stddef.h> #include <stdint.h> #define TLS_API 20200120 #define TLS_PROTOCOL_TLSv1_0 (1 << 1) #define TLS_PROTOCOL_TLSv1_1 (1 << 2) #define TLS_PROTOCOL_TLSv1_2 (1 << 3) #define TLS_PROTOCOL_TLSv1_3 (1 << 4) #define TLS_PROTOCOL_TLSv1 \ (TLS_PROTOCOL_TLSv1_0|TLS_PROTOCOL_TLSv1_1|\ TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3) #define TLS_PROTOCOLS_ALL TLS_PROTOCOL_TLSv1 #define TLS_PROTOCOLS_DEFAULT (TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3) #define TLS_WANT_POLLIN -2 #define TLS_WANT_POLLOUT -3 /* RFC 6960 Section 2.3 */ #define TLS_OCSP_RESPONSE_SUCCESSFUL 0 #define TLS_OCSP_RESPONSE_MALFORMED 1 |
| ︙ | ︙ | |||
193 194 195 196 197 198 199 200 201 202 203 204 205 206 | const char *tls_peer_cert_subject(struct tls *_ctx); time_t tls_peer_cert_notbefore(struct tls *_ctx); time_t tls_peer_cert_notafter(struct tls *_ctx); const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len); const char *tls_conn_alpn_selected(struct tls *_ctx); const char *tls_conn_cipher(struct tls *_ctx); const char *tls_conn_servername(struct tls *_ctx); int tls_conn_session_resumed(struct tls *_ctx); const char *tls_conn_version(struct tls *_ctx); uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password); void tls_unload_file(uint8_t *_buf, size_t len); | > | 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 | const char *tls_peer_cert_subject(struct tls *_ctx); time_t tls_peer_cert_notbefore(struct tls *_ctx); time_t tls_peer_cert_notafter(struct tls *_ctx); const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len); const char *tls_conn_alpn_selected(struct tls *_ctx); const char *tls_conn_cipher(struct tls *_ctx); int tls_conn_cipher_strength(struct tls *_ctx); const char *tls_conn_servername(struct tls *_ctx); int tls_conn_session_resumed(struct tls *_ctx); const char *tls_conn_version(struct tls *_ctx); uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password); void tls_unload_file(uint8_t *_buf, size_t len); |
| ︙ | ︙ |
Changes to jni/libressl/install-sh.
| ︙ | ︙ | |||
447 448 449 450 451 452 453 |
dsttmp=${dstdirslash}_inst.$$_
rmtmp=${dstdirslash}_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
| > > > > > > > > > > > | | 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 |
dsttmp=${dstdirslash}_inst.$$_
rmtmp=${dstdirslash}_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask &&
{ test -z "$stripcmd" || {
# Create $dsttmp read-write so that cp doesn't create it read-only,
# which would cause strip to fail.
if test -z "$doit"; then
: >"$dsttmp" # No need to fork-exec 'touch'.
else
$doit touch "$dsttmp"
fi
}
} &&
$doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $cpprog $src $dsttmp" command.
#
|
| ︙ | ︙ |
Changes to jni/libressl/m4/check-os-options.m4.
| ︙ | ︙ | |||
76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
;;
*linux*)
HOST_OS=linux
HOST_ABI=elf
CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
;;
*netbsd*)
HOST_OS=netbsd
HOST_ABI=elf
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/param.h>
#if __NetBSD_Version__ < 700000001
undefined
| > > > > | 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
;;
*linux*)
HOST_OS=linux
HOST_ABI=elf
CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
;;
*midipix*)
HOST_OS=midipix
CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
;;
*netbsd*)
HOST_OS=netbsd
HOST_ABI=elf
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/param.h>
#if __NetBSD_Version__ < 700000001
undefined
|
| ︙ | ︙ | |||
126 127 128 129 130 131 132 133 134 135 136 137 | AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix]) AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin]) AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin]) AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd]) AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux]) AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux]) AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd]) AM_CONDITIONAL([HOST_OPENBSD], [test x$HOST_OS = xopenbsd]) AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris]) AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin]) ]) | > | 130 131 132 133 134 135 136 137 138 139 140 141 142 | AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix]) AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin]) AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin]) AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd]) AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux]) AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux]) AM_CONDITIONAL([HOST_MIDIPIX], [test x$HOST_OS = xmidipix]) AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd]) AM_CONDITIONAL([HOST_OPENBSD], [test x$HOST_OS = xopenbsd]) AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris]) AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin]) ]) |
Changes to jni/libressl/man/BIO_new.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: BIO_new.3,v 1.19 2019/11/02 15:27:10 schwarze Exp $ .\" full merge up to: .\" OpenSSL man3/BIO_new.pod fb46be03 Feb 26 11:51:31 2016 +0000 .\" OpenSSL man7/bio.pod 631c37be Dec 12 16:56:50 2017 +0100 .\" partial merge up to: .\" OpenSSL man3/BIO_new.pod e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. |
| ︙ | ︙ | |||
48 49 50 51 52 53 54 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt BIO_NEW 3 .Os .Sh NAME .Nm BIO_new , .Nm BIO_up_ref , .Nm BIO_set , .Nm BIO_free , |
| ︙ | ︙ | |||
234 235 236 237 238 239 240 241 242 243 244 245 246 247 | .Xr BIO_f_cipher 3 , .Xr BIO_f_md 3 , .Xr BIO_f_null 3 , .Xr BIO_f_ssl 3 , .Xr BIO_find_type 3 , .Xr BIO_get_ex_new_index 3 , .Xr BIO_meth_new 3 , .Xr BIO_printf 3 , .Xr BIO_push 3 , .Xr BIO_read 3 , .Xr BIO_s_accept 3 , .Xr BIO_s_bio 3 , .Xr BIO_s_connect 3 , .Xr BIO_s_fd 3 , | > | 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 | .Xr BIO_f_cipher 3 , .Xr BIO_f_md 3 , .Xr BIO_f_null 3 , .Xr BIO_f_ssl 3 , .Xr BIO_find_type 3 , .Xr BIO_get_ex_new_index 3 , .Xr BIO_meth_new 3 , .Xr BIO_new_CMS 3 , .Xr BIO_printf 3 , .Xr BIO_push 3 , .Xr BIO_read 3 , .Xr BIO_s_accept 3 , .Xr BIO_s_bio 3 , .Xr BIO_s_connect 3 , .Xr BIO_s_fd 3 , |
| ︙ | ︙ |
Changes to jni/libressl/man/BIO_new_CMS.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: BIO_new_CMS.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL df75c2bfc Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt BIO_NEW_CMS 3 .Os .Sh NAME .Nm BIO_new_CMS .Nd CMS streaming filter BIO .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
131 132 133 134 135 136 137 | .Xr CMS_ContentInfo_new 3 , .Xr CMS_encrypt 3 , .Xr CMS_sign 3 .Sh HISTORY .Fn BIO_new_CMS first appeared in OpenSSL 1.0.0 and has been available since | | | 131 132 133 134 135 136 137 138 139 140 141 | .Xr CMS_ContentInfo_new 3 , .Xr CMS_encrypt 3 , .Xr CMS_sign 3 .Sh HISTORY .Fn BIO_new_CMS first appeared in OpenSSL 1.0.0 and has been available since .Ox 6.7 . .Sh BUGS There is currently no corresponding inverse BIO which can decode a CMS structure on the fly. |
Changes to jni/libressl/man/CMS_ContentInfo_new.3.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | .\" $OpenBSD: CMS_ContentInfo_new.3,v 1.3 2019/11/02 15:39:46 schwarze Exp $ .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org> .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_CONTENTINFO_NEW 3 .Os .Sh NAME .Nm CMS_ContentInfo_new , .Nm CMS_ContentInfo_free , .Nm CMS_ContentInfo_print_ctx , .Nm CMS_ReceiptRequest_new , |
| ︙ | ︙ | |||
127 128 129 130 131 132 133 | .Fn CMS_ReceiptRequest_new , and .Fn CMS_ReceiptRequest_free first appeared in OpenSSL 0.9.8h and .Fn CMS_ContentInfo_print_ctx in OpenSSL 1.0.0. This functions have been available since | | | 127 128 129 130 131 132 133 134 | .Fn CMS_ReceiptRequest_new , and .Fn CMS_ReceiptRequest_free first appeared in OpenSSL 0.9.8h and .Fn CMS_ContentInfo_print_ctx in OpenSSL 1.0.0. This functions have been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_add0_cert.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_add0_cert.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org> .\" |
| ︙ | ︙ | |||
61 62 63 64 65 66 67 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_ADD0_CERT 3 .Os .Sh NAME .Nm CMS_add0_cert , .Nm CMS_add1_cert , .Nm CMS_get1_certs , .Nm CMS_add0_crl , |
| ︙ | ︙ | |||
207 208 209 210 211 212 213 | .Fn CMS_add0_crl , and .Fn CMS_get1_crls first appeared in OpenSSL 0.9.8h and .Fn CMS_add1_crl in OpenSSL 1.0.0. These functions have been available since | | | 207 208 209 210 211 212 213 214 | .Fn CMS_add0_crl , and .Fn CMS_get1_crls first appeared in OpenSSL 0.9.8h and .Fn CMS_add1_crl in OpenSSL 1.0.0. These functions have been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_add1_recipient_cert.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_add1_recipient_cert.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org> .\" |
| ︙ | ︙ | |||
61 62 63 64 65 66 67 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_ADD1_RECIPIENT_CERT 3 .Os .Sh NAME .Nm CMS_add1_recipient_cert , .Nm CMS_add0_recipient_key .Nd add recipients to a CMS EnvelopedData structure .Sh SYNOPSIS |
| ︙ | ︙ | |||
193 194 195 196 197 198 199 | .El .Sh HISTORY .Fn CMS_add1_recipient_cert and .Fn CMS_add0_recipient_key first appeared in OpenSSL 0.9.8h and have been available since | | | 193 194 195 196 197 198 199 200 | .El .Sh HISTORY .Fn CMS_add1_recipient_cert and .Fn CMS_add0_recipient_key first appeared in OpenSSL 0.9.8h and have been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_add1_signer.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_add1_signer.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org> .\" |
| ︙ | ︙ | |||
61 62 63 64 65 66 67 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_ADD1_SIGNER 3 .Os .Sh NAME .Nm CMS_add1_signer , .Nm CMS_SignerInfo_sign .Nd add a signer to a CMS SignedData structure .Sh SYNOPSIS |
| ︙ | ︙ | |||
239 240 241 242 243 244 245 | .El .Sh HISTORY .Fn CMS_add1_signer and .Fn CMS_SignerInfo_sign first appeared in OpenSSL 0.9.8h and have been available since | | | 239 240 241 242 243 244 245 246 | .El .Sh HISTORY .Fn CMS_add1_signer and .Fn CMS_SignerInfo_sign first appeared in OpenSSL 0.9.8h and have been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_compress.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_compress.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org> .\" |
| ︙ | ︙ | |||
61 62 63 64 65 66 67 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_COMPRESS 3 .Os .Sh NAME .Nm CMS_compress .Nd create a CMS CompressedData structure .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
159 160 161 162 163 164 165 | .Xr CMS_uncompress 3 .Sh STANDARDS RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) .Sh HISTORY .Fn CMS_compress first appeared in OpenSSL 0.9.8h and has been available since | | | 159 160 161 162 163 164 165 166 167 168 169 170 | .Xr CMS_uncompress 3 .Sh STANDARDS RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) .Sh HISTORY .Fn CMS_compress first appeared in OpenSSL 0.9.8h and has been available since .Ox 6.7 . .Pp The .Dv CMS_STREAM flag first appeared in OpenSSL 1.0.0. |
Changes to jni/libressl/man/CMS_decrypt.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_decrypt.3,v 1.8 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org> .\" |
| ︙ | ︙ | |||
61 62 63 64 65 66 67 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_DECRYPT 3 .Os .Sh NAME .Nm CMS_decrypt , .Nm CMS_decrypt_set1_pkey , .Nm CMS_decrypt_set1_key .Nd decrypt content from a CMS EnvelopedData structure |
| ︙ | ︙ | |||
213 214 215 216 217 218 219 | .Sh HISTORY .Fn CMS_decrypt , .Fn CMS_decrypt_set1_pkey , and .Fn CMS_decrypt_set1_key first appeared in OpenSSL 0.9.8h and have been available since | | | 213 214 215 216 217 218 219 220 221 222 223 224 225 226 | .Sh HISTORY .Fn CMS_decrypt , .Fn CMS_decrypt_set1_pkey , and .Fn CMS_decrypt_set1_key first appeared in OpenSSL 0.9.8h and have been available since .Ox 6.7 . .Sh BUGS The lack of single pass processing and the need to hold all data in memory as mentioned in .Xr CMS_verify 3 also applies to .Fn CMS_decrypt . |
Changes to jni/libressl/man/CMS_encrypt.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_encrypt.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_ENCRYPT 3 .Os .Sh NAME .Nm CMS_encrypt .Nd create a CMS EnvelopedData structure .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
180 181 182 183 184 185 186 | .It section 6.2.1: KeyTransRecipientInfo Type .El .Sh HISTORY .Fn CMS_encrypt first appeared in OpenSSL 0.9.8h and has been available since | | | 180 181 182 183 184 185 186 187 188 189 190 191 | .It section 6.2.1: KeyTransRecipientInfo Type .El .Sh HISTORY .Fn CMS_encrypt first appeared in OpenSSL 0.9.8h and has been available since .Ox 6.7 . .Pp The .Dv CMS_STREAM flag first appeared in OpenSSL 1.0.0. |
Changes to jni/libressl/man/CMS_final.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_final.3,v 1.6 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL 25ccb589 Jul 1 02:02:06 2019 +0800 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_FINAL 3 .Os .Sh NAME .Nm CMS_final .Nd finalise a CMS_ContentInfo structure .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
94 95 96 97 98 99 100 | .Xr CMS_encrypt 3 , .Xr CMS_sign 3 , .Xr ERR_get_error 3 .Sh HISTORY .Fn CMS_final first appeared in OpenSSL 0.9.8h and has been available since | | | 94 95 96 97 98 99 100 101 | .Xr CMS_encrypt 3 , .Xr CMS_sign 3 , .Xr ERR_get_error 3 .Sh HISTORY .Fn CMS_final first appeared in OpenSSL 0.9.8h and has been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_get0_RecipientInfos.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008, 2013 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_GET0_RECIPIENTINFOS 3 .Os .Sh NAME .Nm CMS_get0_RecipientInfos , .Nm CMS_RecipientInfo_type , .Nm CMS_RecipientInfo_ktri_get0_signer_id , .Nm CMS_RecipientInfo_ktri_cert_cmp , |
| ︙ | ︙ | |||
321 322 323 324 325 326 327 | .El .Sh HISTORY These functions first appeared in OpenSSL 0.9.8h, except that .Fn CMS_RecipientInfo_encrypt first appeared in OpenSSL 1.0.2. They have been available since | | | 321 322 323 324 325 326 327 328 | .El .Sh HISTORY These functions first appeared in OpenSSL 0.9.8h, except that .Fn CMS_RecipientInfo_encrypt first appeared in OpenSSL 1.0.2. They have been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_get0_SignerInfos.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_get0_SignerInfos.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008, 2013 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_GET0_SIGNERINFOS 3 .Os .Sh NAME .Nm CMS_get0_SignerInfos , .Nm CMS_SignerInfo_get0_signer_id , .Nm CMS_SignerInfo_get0_signature , .Nm CMS_SignerInfo_cert_cmp , |
| ︙ | ︙ | |||
185 186 187 188 189 190 191 | .Fn CMS_SignerInfo_cert_cmp , and .Fn CMS_SignerInfo_set1_signer_cert first appeared in OpenSSL 0.9.8h and .Fn CMS_SignerInfo_get0_signature in OpenSSL 1.0.2. These functions have been available since | | | 185 186 187 188 189 190 191 192 | .Fn CMS_SignerInfo_cert_cmp , and .Fn CMS_SignerInfo_set1_signer_cert first appeared in OpenSSL 0.9.8h and .Fn CMS_SignerInfo_get0_signature in OpenSSL 1.0.2. These functions have been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_get0_type.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_get0_type.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org> .\" |
| ︙ | ︙ | |||
61 62 63 64 65 66 67 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_GET0_TYPE 3 .Os .Sh NAME .Nm CMS_get0_type , .Nm CMS_set1_eContentType , .Nm CMS_get0_eContentType , .Nm CMS_get0_content |
| ︙ | ︙ | |||
191 192 193 194 195 196 197 | .Sh STANDARDS RFC 5652: Cryptographic Message Syntax .Pp RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) .Sh HISTORY These functions first appeared in OpenSSL 0.9.8h and have been available since | | | 191 192 193 194 195 196 197 198 | .Sh STANDARDS RFC 5652: Cryptographic Message Syntax .Pp RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) .Sh HISTORY These functions first appeared in OpenSSL 0.9.8h and have been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_get1_ReceiptRequest.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_get1_ReceiptRequest.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_GET1_RECEIPTREQUEST 3 .Os .Sh NAME .Nm CMS_ReceiptRequest_create0 , .Nm CMS_add1_ReceiptRequest , .Nm CMS_get1_ReceiptRequest , .Nm CMS_ReceiptRequest_get0_values |
| ︙ | ︙ | |||
191 192 193 194 195 196 197 | .Fn CMS_ReceiptRequest_create0 , .Fn CMS_add1_ReceiptRequest , .Fn CMS_get1_ReceiptRequest , and .Fn CMS_ReceiptRequest_get0_values first appeared in OpenSSL 0.9.8h and have been available since | | | 191 192 193 194 195 196 197 198 | .Fn CMS_ReceiptRequest_create0 , .Fn CMS_add1_ReceiptRequest , .Fn CMS_get1_ReceiptRequest , and .Fn CMS_ReceiptRequest_get0_values first appeared in OpenSSL 0.9.8h and have been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_sign.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_sign.3,v 1.8 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_SIGN 3 .Os .Sh NAME .Nm CMS_sign .Nd create a CMS SignedData structure .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
234 235 236 237 238 239 240 | RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version\ 4.0 Message Specification, section 2.5.2: SMIMECapabilities Attribute .Sh HISTORY .Fn CMS_sign first appeared in OpenSSL 0.9.8h and has been available since | | | 234 235 236 237 238 239 240 241 242 243 | RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version\ 4.0 Message Specification, section 2.5.2: SMIMECapabilities Attribute .Sh HISTORY .Fn CMS_sign first appeared in OpenSSL 0.9.8h and has been available since .Ox 6.7 . .Sh BUGS Some attributes such as counter signatures are not supported. |
Changes to jni/libressl/man/CMS_sign_receipt.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_sign_receipt.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_SIGN_RECEIPT 3 .Os .Sh NAME .Nm CMS_sign_receipt .Nd create a CMS signed receipt .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
112 113 114 115 116 117 118 | .Xr CMS_verify_receipt 3 .Sh STANDARDS RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax .Sh HISTORY .Fn CMS_sign_receipt first appeared in OpenSSL 0.9.8h and has been available since | | | 112 113 114 115 116 117 118 119 | .Xr CMS_verify_receipt 3 .Sh STANDARDS RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax .Sh HISTORY .Fn CMS_sign_receipt first appeared in OpenSSL 0.9.8h and has been available since .Ox 6.7 . |
Changes to jni/libressl/man/CMS_uncompress.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_uncompress.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_UNCOMPRESS 3 .Os .Sh NAME .Nm CMS_uncompress .Nd uncompress a CMS CompressedData structure .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
102 103 104 105 106 107 108 | .Xr CMS_ContentInfo_new 3 .Sh STANDARDS RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) .Sh HISTORY .Fn CMS_uncompress first appeared in OpenSSL 0.9.8h and has been available since | | | 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | .Xr CMS_ContentInfo_new 3 .Sh STANDARDS RFC 3274: Compressed Data Content Type for Cryptographic Message Syntax (CMS) .Sh HISTORY .Fn CMS_uncompress first appeared in OpenSSL 0.9.8h and has been available since .Ox 6.7 . .Sh BUGS The lack of single pass processing and the need to hold all data in memory as mentioned in .Xr CMS_verify 3 also applies to .Fn CMS_uncompress . |
Changes to jni/libressl/man/CMS_verify.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_verify.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_VERIFY 3 .Os .Sh NAME .Nm CMS_verify , .Nm CMS_get0_signers .Nd verify a CMS SignedData structure .Sh SYNOPSIS |
| ︙ | ︙ | |||
208 209 210 211 212 213 214 | .Xr CMS_verify_receipt 3 .Sh STANDARDS RFC 5652: Cryptographic Message Syntax (CMS), section 5.1: SignedData Type .Sh HISTORY These functions first appeared in OpenSSL 0.9.8h and have been available since | | | 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 | .Xr CMS_verify_receipt 3 .Sh STANDARDS RFC 5652: Cryptographic Message Syntax (CMS), section 5.1: SignedData Type .Sh HISTORY These functions first appeared in OpenSSL 0.9.8h and have been available since .Ox 6.7 . .Sh BUGS The trusted certificate store is not searched for the signing certificate. This is primarily due to the inadequacies of the current .Vt X509_STORE functionality. .Pp The lack of single pass processing means that the signed content must all be held in memory if it is not detached. |
Changes to jni/libressl/man/CMS_verify_receipt.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: CMS_verify_receipt.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CMS_VERIFY_RECEIPT 3 .Os .Sh NAME .Nm CMS_verify_receipt .Nd verify a CMS signed receipt .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
103 104 105 106 107 108 109 | .Xr CMS_verify 3 .Sh STANDARDS RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax .Sh HISTORY .Fn CMS_verify_receipt first appeared in OpenSSL 0.9.8h and has been available since | | | 103 104 105 106 107 108 109 110 | .Xr CMS_verify 3 .Sh STANDARDS RFC 2634: Enhanced Security Services for S/MIME, section 2.8: Receipt Syntax .Sh HISTORY .Fn CMS_verify_receipt first appeared in OpenSSL 0.9.8h and has been available since .Ox 6.7 . |
Changes to jni/libressl/man/ERR_print_errors.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: ERR_print_errors.3,v 1.8 2020/03/28 22:40:58 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller <ulf@openssl.org>, .\" with additions by Rich Salz <rsalz@openssl.org>. .\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
45 46 47 48 49 50 51 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 28 2020 $ .Dt ERR_PRINT_ERRORS 3 .Os .Sh NAME .Nm ERR_print_errors , .Nm ERR_print_errors_fp , .Nm ERR_print_errors_cb .Nd print OpenSSL error messages |
| ︙ | ︙ | |||
99 100 101 102 103 104 105 | The error code is an 8-digit hexadecimal number. The library name, the function name, and the reason string are ASCII text, as is the optional text message if one was set for the respective error code. .Pp If there is no text string registered for the given error code, the error string will contain the numeric code. | < < < < < | 99 100 101 102 103 104 105 106 107 108 109 110 111 112 | The error code is an 8-digit hexadecimal number. The library name, the function name, and the reason string are ASCII text, as is the optional text message if one was set for the respective error code. .Pp If there is no text string registered for the given error code, the error string will contain the numeric code. .Sh SEE ALSO .Xr ERR 3 , .Xr ERR_error_string 3 , .Xr ERR_get_error 3 , .Xr ERR_load_crypto_strings 3 , .Xr SSL_load_error_strings 3 .Sh HISTORY |
| ︙ | ︙ |
Changes to jni/libressl/man/ERR_remove_state.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: ERR_remove_state.3,v 1.7 2020/03/28 22:40:58 schwarze Exp $ .\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 .\" .\" This file was written by Ulf Moeller <ulf@openssl.org> and .\" Matt Caswell <matt@openssl.org>. .\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
45 46 47 48 49 50 51 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 28 2020 $ .Dt ERR_REMOVE_STATE 3 .Os .Sh NAME .Nm ERR_remove_thread_state , .Nm ERR_remove_state .Nd free a thread's OpenSSL error queue .Sh SYNOPSIS |
| ︙ | ︙ | |||
88 89 90 91 92 93 94 | .Fn ERR_remove_thread_state . Since threads in OpenSSL are no longer identified by unsigned long values, any argument to this function is ignored. Calling .Fn ERR_remove_state is equivalent to .Fn ERR_remove_thread_state NULL . | < < < < < | 88 89 90 91 92 93 94 95 96 97 98 99 100 101 | .Fn ERR_remove_thread_state . Since threads in OpenSSL are no longer identified by unsigned long values, any argument to this function is ignored. Calling .Fn ERR_remove_state is equivalent to .Fn ERR_remove_thread_state NULL . .Sh SEE ALSO .Xr ERR 3 .Sh HISTORY .Fn ERR_remove_state first appeared in SSLeay 0.6.1 and has been available since .Ox 2.4 . .Pp |
| ︙ | ︙ |
Changes to jni/libressl/man/EVP_EncryptInit.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: EVP_EncryptInit.3,v 1.39 2020/01/26 08:00:31 jmc Exp $ .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 .\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod .\" 7c6d372a Nov 20 13:20:01 2018 +0000 .\" selective merge up to: OpenSSL 16cfc2c9 Mar 8 22:30:28 2018 +0100 .\" EVP_chacha20.pod 8fa4d95e Oct 21 11:59:09 2017 +0900 .\" .\" This file is a derived work. |
| ︙ | ︙ | |||
67 68 69 70 71 72 73 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: January 26 2020 $ .Dt EVP_ENCRYPTINIT 3 .Os .Sh NAME .Nm EVP_CIPHER_CTX_new , .Nm EVP_CIPHER_CTX_reset , .Nm EVP_CIPHER_CTX_cleanup , .Nm EVP_CIPHER_CTX_init , |
| ︙ | ︙ | |||
1025 1026 1027 1028 1029 1030 1031 | This is a variable key length cipher. .Fn EVP_cast5_cfb is an alias for .Fn EVP_cast5_cfb64 , implemented as a macro. .It Fn EVP_chacha20 The ChaCha20 stream cipher. | | > > | 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 | This is a variable key length cipher. .Fn EVP_cast5_cfb is an alias for .Fn EVP_cast5_cfb64 , implemented as a macro. .It Fn EVP_chacha20 The ChaCha20 stream cipher. The key length is 256 bits. The first 32 bits of the 128-bit IV are used as a counter, and the remaining 96 bits as a nonce. .El .Pp See also .Xr EVP_aes_128_cbc 3 , .Xr EVP_camellia_128_cbc 3 , .Xr EVP_des_cbc 3 , .Xr EVP_rc4 3 , |
| ︙ | ︙ |
Changes to jni/libressl/man/EVP_PKEY_CTX_ctrl.3.
|
| | | > | > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 | .\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.22 2019/11/01 13:53:25 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" Parts were split out into RSA_pkey_ctx_ctrl(3). .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org> .\" and Antoine Salon <asalon@vmware.com>. .\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project. .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" |
| ︙ | ︙ | |||
46 47 48 49 50 51 52 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | > > > > | > | | | | | | | | > | | | | 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 1 2019 $ .Dt EVP_PKEY_CTX_CTRL 3 .Os .Sh NAME .Nm EVP_PKEY_CTX_ctrl , .Nm EVP_PKEY_CTX_ctrl_str , .Nm EVP_PKEY_CTX_set_signature_md , .Nm EVP_PKEY_CTX_get_signature_md , .Nm EVP_PKEY_CTX_set_dsa_paramgen_bits , .Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len , .Nm EVP_PKEY_CTX_set_dh_paramgen_generator , .Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid , .Nm EVP_PKEY_CTX_set_ec_param_enc , .Nm EVP_PKEY_CTX_set_ecdh_cofactor_mode , .Nm EVP_PKEY_CTX_get_ecdh_cofactor_mode , .Nm EVP_PKEY_CTX_set_ecdh_kdf_type , .Nm EVP_PKEY_CTX_get_ecdh_kdf_type , .Nm EVP_PKEY_CTX_set_ecdh_kdf_md , .Nm EVP_PKEY_CTX_get_ecdh_kdf_md , .Nm EVP_PKEY_CTX_set_ecdh_kdf_outlen , .Nm EVP_PKEY_CTX_get_ecdh_kdf_outlen , .Nm EVP_PKEY_CTX_set0_ecdh_kdf_ukm , .Nm EVP_PKEY_CTX_get0_ecdh_kdf_ukm , .Nm EVP_PKEY_CTX_set1_id , .Nm EVP_PKEY_CTX_get1_id , .Nm EVP_PKEY_CTX_get1_id_len .Nd algorithm specific control operations .Sh SYNOPSIS .In openssl/evp.h .Ft int .Fo EVP_PKEY_CTX_ctrl .Fa "EVP_PKEY_CTX *ctx" .Fa "int keytype" |
| ︙ | ︙ | |||
94 95 96 97 98 99 100 | .Fa "const EVP_MD *md" .Fc .Ft int .Fo EVP_PKEY_CTX_get_signature_md .Fa "EVP_PKEY_CTX *ctx" .Fa "const EVP_MD **pmd" .Fc | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | .Fa "const EVP_MD *md" .Fc .Ft int .Fo EVP_PKEY_CTX_get_signature_md .Fa "EVP_PKEY_CTX *ctx" .Fa "const EVP_MD **pmd" .Fc .In openssl/dsa.h .Ft int .Fo EVP_PKEY_CTX_set_dsa_paramgen_bits .Fa "EVP_PKEY_CTX *ctx" .Fa "int nbits" .Fc .In openssl/dh.h |
| ︙ | ︙ | |||
158 159 160 161 162 163 164 165 166 167 168 169 170 171 | .Fc .In openssl/ec.h .Ft int .Fo EVP_PKEY_CTX_set_ec_paramgen_curve_nid .Fa "EVP_PKEY_CTX *ctx" .Fa "int nid" .Fc .Sh DESCRIPTION The function .Fn EVP_PKEY_CTX_ctrl sends a control operation to the context .Fa ctx . The key type used must match .Fa keytype | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 | .Fc .In openssl/ec.h .Ft int .Fo EVP_PKEY_CTX_set_ec_paramgen_curve_nid .Fa "EVP_PKEY_CTX *ctx" .Fa "int nid" .Fc .Fa int .Fo EVP_PKEY_CTX_set_ec_param_enc .Fa "EVP_PKEY_CTX *ctx" .Fa "int param_enc" .Fc .Ft int .Fo EVP_PKEY_CTX_set_ecdh_cofactor_mode .Fa "EVP_PKEY_CTX *ctx" .Fa "int cofactor_mode" .Fc .Ft int .Fo EVP_PKEY_CTX_get_ecdh_cofactor_mode .Fa "EVP_PKEY_CTX *ctx" .Fc .Ft int .Fo EVP_PKEY_CTX_set_ecdh_kdf_type .Fa "EVP_PKEY_CTX *ctx" .Fa "int kdf" .Fc .Ft int .Fo EVP_PKEY_CTX_get_ecdh_kdf_type .Fa "EVP_PKEY_CTX *ctx" .Fc .Ft int .Fo EVP_PKEY_CTX_set_ecdh_kdf_md .Fa "EVP_PKEY_CTX *ctx" .Fa "const EVP_MD *md" .Fc .Ft int .Fo EVP_PKEY_CTX_get_ecdh_kdf_md .Fa "EVP_PKEY_CTX *ctx" .Fa "const EVP_MD **pmd" .Fc .Ft int .Fo EVP_PKEY_CTX_set_ecdh_kdf_outlen .Fa "EVP_PKEY_CTX *ctx" .Fa "int len" .Fc .Ft int .Fo EVP_PKEY_CTX_get_ecdh_kdf_outlen .Fa "EVP_PKEY_CTX *ctx" .Fa "int *plen" .Fc .Ft int .Fo EVP_PKEY_CTX_set0_ecdh_kdf_ukm .Fa "EVP_PKEY_CTX *ctx" .Fa "unsigned char *ukm" .Fa "int len" .Fc .Ft int .Fo EVP_PKEY_CTX_get0_ecdh_kdf_ukm .Fa "EVP_PKEY_CTX *ctx" .Fa "unsigned char **pukm" .Fc .Ft int .Fo EVP_PKEY_CTX_set1_id .Fa "EVP_PKEY_CTX *ctx" .Fa "void *id" .Fa "size_t id_len" .Fc .Ft int .Fo EVP_PKEY_CTX_get1_id .Fa "EVP_PKEY_CTX *ctx" .Fa "void *id" .Fc .Ft int .Fo EVP_PKEY_CTX_get1_id_len .Fa "EVP_PKEY_CTX *ctx" .Fa "size_t *pid_len" .Fc .Sh DESCRIPTION The function .Fn EVP_PKEY_CTX_ctrl sends a control operation to the context .Fa ctx . The key type used must match .Fa keytype |
| ︙ | ︙ | |||
179 180 181 182 183 184 185 | .Fa p1 and .Fa p2 . .Pp Applications will not normally call .Fn EVP_PKEY_CTX_ctrl directly but will instead call one of the algorithm specific macros | | > | 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 | .Fa p1 and .Fa p2 . .Pp Applications will not normally call .Fn EVP_PKEY_CTX_ctrl directly but will instead call one of the algorithm specific macros described below and in .Xr RSA_pkey_ctx_ctrl 3 . .Pp The function .Fn EVP_PKEY_CTX_ctrl_str allows an application to send an algorithm specific control operation to a context .Fa ctx in string form. |
| ︙ | ︙ | |||
208 209 210 211 212 213 214 | .Pp The .Fn EVP_PKEY_CTX_set_signature_md and .Fn EVP_PKEY_CTX_get_signature_md macros set and get the message digest type used in a signature. They can be used with the RSA, DSA, and ECDSA algorithms. | < < < < < < < | < < < < < < < < < < < < | | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | < < < < < < | 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 | .Pp The .Fn EVP_PKEY_CTX_set_signature_md and .Fn EVP_PKEY_CTX_get_signature_md macros set and get the message digest type used in a signature. They can be used with the RSA, DSA, and ECDSA algorithms. If the key is of the type .Dv EVP_PKEY_RSA_PSS and has usage restrictions, an error occurs if an attempt is made to set the digest to anything other than the restricted value. .Ss DSA parameters The macro .Fn EVP_PKEY_CTX_set_dsa_paramgen_bits sets the number of bits used for DSA parameter generation to .Fa nbits . If not specified, 1024 is used. .Ss DH parameters |
| ︙ | ︙ | |||
327 328 329 330 331 332 333 | macro sets DH generator to .Fa gen for DH parameter generation. If not specified, 2 is used. .Ss EC parameters The .Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > | > > > > > > > > | | | > > > > > > > > > > > > | > > > > > > > > | 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 | macro sets DH generator to .Fa gen for DH parameter generation. If not specified, 2 is used. .Ss EC parameters The .Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid macro sets the EC curve for EC parameter generation to .Fa nid . For EC parameter generation, this macro must be called or an error occurs because there is no default curve. .Pp The .Fn EVP_PKEY_CTX_set_ec_param_enc macro sets the EC parameter encoding to .Fa param_enc when generating EC parameters or an EC key. The encoding can be set to 0 for explicit parameters or to .Dv OPENSSL_EC_NAMED_CURVE to use named curve form. .Ss ECDH parameters The .Fn EVP_PKEY_CTX_set_ecdh_cofactor_mode macro sets the cofactor mode to .Fa cofactor_mode for ECDH key derivation. Possible values are 1 to enable cofactor key derivation, 0 to disable it, or -1 to clear the stored cofactor mode and fall back to the private key cofactor mode. .Pp The .Fn EVP_PKEY_CTX_get_ecdh_cofactor_mode macro returns the cofactor mode for .Fa ctx used for ECDH key derivation. Possible return values are 1 when cofactor key derivation is enabled or 0 otherwise. .Ss ECDH key derivation function parameters The .Fn EVP_PKEY_CTX_set_ecdh_kdf_type macro sets the key derivation function type to .Fa kdf for ECDH key derivation. Possible values are .Dv EVP_PKEY_ECDH_KDF_NONE or .Dv EVP_PKEY_ECDH_KDF_X9_63 which uses the key derivation specified in X9.63. When using key derivation, the .Fa kdf_md and .Fa kdf_outlen parameters must also be specified. .Pp The .Fn EVP_PKEY_CTX_get_ecdh_kdf_type macro returns the key derivation function type for .Fa ctx used for ECDH key derivation. Possible return values are .Dv EVP_PKEY_ECDH_KDF_NONE or .Dv EVP_PKEY_ECDH_KDF_X9_63 . .Pp The .Fn EVP_PKEY_CTX_set_ecdh_kdf_md macro sets the key derivation function message digest to .Fa md for ECDH key derivation. Note that X9.63 specifies that this digest should be SHA1, but OpenSSL tolerates other digests. .Pp The .Fn EVP_PKEY_CTX_get_ecdh_kdf_md macro gets the key derivation function message digest for .Fa ctx used for ECDH key derivation. .Pp The .Fn EVP_PKEY_CTX_set_ecdh_kdf_outlen macro sets the key derivation function output length to .Fa len for ECDH key derivation. .Pp The .Fn EVP_PKEY_CTX_get_ecdh_kdf_outlen macro gets the key derivation function output length for .Fa ctx used for ECDH key derivation. .Pp The .Fn EVP_PKEY_CTX_set0_ecdh_kdf_ukm macro sets the user key material to .Fa ukm for ECDH key derivation. This parameter is optional and corresponds to the shared info in X9.63 terms. The library takes ownership of the user key material, so the caller should not free the original memory pointed to by .Fa ukm . .Pp The .Fn EVP_PKEY_CTX_get0_ecdh_kdf_ukm macro gets the user key material for .Fa ctx . The return value is the user key material length. The resulting pointer is owned by the library and should not be freed by the caller. .Ss Other parameters The .Fn EVP_PKEY_CTX_set1_id , .Fn EVP_PKEY_CTX_get1_id , and .Fn EVP_PKEY_CTX_get1_id_len macros manipulate a special identifier field used for some specific signature algorithms such as SM2. The .Fn EVP_PKEY_set1_id macro sets the ID to a copy of .Fa id with the length .Fa id_len . The caller can safely free the original memory pointed to by .Fa id . The .Fn EVP_PKEY_CTX_get1_id_len macro returns the length of the ID set via a previous call to .Fn EVP_PKEY_set1_id . That length is typically used to allocate memory for a subsequent call to .Fn EVP_PKEY_CTX_get1_id , which copies the previously set ID into .Pf * Fa id . The caller is responsible for allocating sufficient memory for .Fa id before calling .Fn EVP_PKEY_CTX_get1_id . .Sh RETURN VALUES .Fn EVP_PKEY_CTX_ctrl and its macros return a positive value for success and 0 or a negative value for failure. In particular, a return value of -2 indicates the operation is not supported by the public key algorithm. .Sh SEE ALSO .Xr DH_new 3 , .Xr EVP_DigestInit 3 , .Xr EVP_PKEY_CTX_new 3 , .Xr EVP_PKEY_decrypt 3 , .Xr EVP_PKEY_derive 3 , .Xr EVP_PKEY_encrypt 3 , .Xr EVP_PKEY_get_default_digest_nid 3 , .Xr EVP_PKEY_keygen 3 , .Xr EVP_PKEY_meth_set_ctrl 3 , .Xr EVP_PKEY_sign 3 , .Xr EVP_PKEY_verify 3 , .Xr EVP_PKEY_verify_recover 3 , .Xr RSA_pkey_ctx_ctrl 3 .Sh HISTORY The functions .Fn EVP_PKEY_CTX_ctrl , .Fn EVP_PKEY_CTX_ctrl_str , .Fn EVP_PKEY_CTX_set_signature_md , .Fn EVP_PKEY_CTX_set_dsa_paramgen_bits , .Fn EVP_PKEY_CTX_set_dh_paramgen_prime_len , .Fn EVP_PKEY_CTX_set_dh_paramgen_generator , and .Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . .Pp The functions .Fn EVP_PKEY_CTX_get_signature_md , .Fn EVP_PKEY_CTX_set_ec_param_enc , .Fn EVP_PKEY_CTX_set_ecdh_cofactor_mode , .Fn EVP_PKEY_CTX_get_ecdh_cofactor_mode , .Fn EVP_PKEY_CTX_set_ecdh_kdf_type , .Fn EVP_PKEY_CTX_get_ecdh_kdf_type , .Fn EVP_PKEY_CTX_set_ecdh_kdf_md , .Fn EVP_PKEY_CTX_get_ecdh_kdf_md , .Fn EVP_PKEY_CTX_set_ecdh_kdf_outlen , .Fn EVP_PKEY_CTX_get_ecdh_kdf_outlen , .Fn EVP_PKEY_CTX_set0_ecdh_kdf_ukm , and .Fn EVP_PKEY_CTX_get0_ecdh_kdf_ukm first appeared in OpenSSL 1.0.2 and have been available since .Ox 6.6 . .Pp The functions .Fn EVP_PKEY_CTX_set1_id , .Fn EVP_PKEY_CTX_get1_id , and .Fn EVP_PKEY_CTX_get1_id_len first appeared in OpenSSL 1.1.1 and have been available since .Ox 6.6 . |
Changes to jni/libressl/man/EVP_PKEY_CTX_new.3.
|
| | | > > > > > > > > > > > > > > > > > | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | .\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.10 2019/11/01 19:51:09 schwarze Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org> .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" The original file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2006, 2009, 2015 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" .\" 1. Redistributions of source code must retain the above copyright |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 1 2019 $ .Dt EVP_PKEY_CTX_NEW 3 .Os .Sh NAME .Nm EVP_PKEY_CTX_new , .Nm EVP_PKEY_CTX_new_id , .Nm EVP_PKEY_CTX_dup , .Nm EVP_PKEY_CTX_free |
| ︙ | ︙ | |||
79 80 81 82 83 84 85 | .Fc .Sh DESCRIPTION The .Fn EVP_PKEY_CTX_new function allocates a public key algorithm context using the algorithm specified in .Fa pkey | | > | > > > > | > | < | > > > > > > > > > > > > > > > > > > > | 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 | .Fc .Sh DESCRIPTION The .Fn EVP_PKEY_CTX_new function allocates a public key algorithm context using the algorithm specified in .Fa pkey and using .Fa e unless it is .Dv NULL . If .Fa pkey is associated with an engine, that engine is used and .Fa e is ignored. .Pp The .Fn EVP_PKEY_CTX_new_id function allocates a public key algorithm context using the algorithm specified by .Fa id and using .Fa e unless it is .Dv NULL . It is normally used when no .Vt EVP_PKEY structure is associated with the operations, for example during parameter generation of key generation for some algorithms. The following .Fa id constants are supported: .Dv EVP_PKEY_CMAC , .Dv EVP_PKEY_DH , .Dv EVP_PKEY_DSA , .Dv EVP_PKEY_EC , .Dv EVP_PKEY_GOSTIMIT , .Dv EVP_PKEY_GOSTR01 , .Dv EVP_PKEY_HMAC , .Dv EVP_PKEY_RSA , and .Dv EVP_PKEY_RSA_PSS . Application programs can define additional .Fa id values using .Xr EVP_PKEY_meth_new 3 . .Pp .Fn EVP_PKEY_CTX_dup duplicates the context .Fa ctx . .Pp .Fn EVP_PKEY_CTX_free frees up the context |
| ︙ | ︙ | |||
131 132 133 134 135 136 137 138 139 140 141 142 143 144 | .Xr EVP_PKEY_encrypt 3 , .Xr EVP_PKEY_keygen 3 , .Xr EVP_PKEY_meth_set_init 3 , .Xr EVP_PKEY_new 3 , .Xr EVP_PKEY_sign 3 , .Xr EVP_PKEY_verify 3 , .Xr EVP_PKEY_verify_recover 3 , .Xr X25519 3 .Sh HISTORY These functions first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . .Sh CAVEATS The | > | 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 | .Xr EVP_PKEY_encrypt 3 , .Xr EVP_PKEY_keygen 3 , .Xr EVP_PKEY_meth_set_init 3 , .Xr EVP_PKEY_new 3 , .Xr EVP_PKEY_sign 3 , .Xr EVP_PKEY_verify 3 , .Xr EVP_PKEY_verify_recover 3 , .Xr RSA_pkey_ctx_ctrl 3 , .Xr X25519 3 .Sh HISTORY These functions first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . .Sh CAVEATS The |
| ︙ | ︙ |
Changes to jni/libressl/man/HMAC.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: HMAC.3,v 1.16 2019/12/14 09:04:51 tb Exp $ .\" full merge up to: OpenSSL crypto/hmac a528d4f0 Oct 27 13:40:11 2015 -0400 .\" selective merge up to: OpenSSL man3/HMAC b3696a55 Sep 2 09:35:50 2017 -0400 .\" .\" This file was written by Ulf Moeller <ulf@openssl.org>, .\" Richard Levitte <levitte@openssl.org>, and .\" Matt Caswell <matt@openssl.org>. .\" Copyright (c) 2000-2002, 2006, 2008, 2009, 2013, 2015, 2016 |
| ︙ | ︙ | |||
48 49 50 51 52 53 54 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: December 14 2019 $ .Dt HMAC 3 .Os .Sh NAME .Nm HMAC , .Nm HMAC_CTX_new , .Nm HMAC_CTX_reset , .Nm HMAC_CTX_free , |
| ︙ | ︙ | |||
76 77 78 79 80 81 82 | .In openssl/hmac.h .Ft unsigned char * .Fo HMAC .Fa "const EVP_MD *evp_md" .Fa "const void *key" .Fa "int key_len" .Fa "const unsigned char *d" | | | 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 | .In openssl/hmac.h .Ft unsigned char * .Fo HMAC .Fa "const EVP_MD *evp_md" .Fa "const void *key" .Fa "int key_len" .Fa "const unsigned char *d" .Fa "size_t n" .Fa "unsigned char *md" .Fa "unsigned int *md_len" .Fc .Ft HMAC_CTX * .Fn HMAC_CTX_new void .Ft int .Fo HMAC_CTX_reset |
| ︙ | ︙ | |||
121 122 123 124 125 126 127 | .Fa "int key_len" .Fa "const EVP_MD *md" .Fc .Ft int .Fo HMAC_Update .Fa "HMAC_CTX *ctx" .Fa "const unsigned char *data" | | | 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 | .Fa "int key_len" .Fa "const EVP_MD *md" .Fc .Ft int .Fo HMAC_Update .Fa "HMAC_CTX *ctx" .Fa "const unsigned char *data" .Fa "size_t len" .Fc .Ft int .Fo HMAC_Final .Fa "HMAC_CTX *ctx" .Fa "unsigned char *md" .Fa "unsigned int *len" .Fc |
| ︙ | ︙ |
Changes to jni/libressl/man/Makefile.am.
| ︙ | ︙ | |||
348 349 350 351 352 353 354 355 356 357 358 359 360 361 | dist_man3_MANS += RSA_check_key.3 dist_man3_MANS += RSA_generate_key.3 dist_man3_MANS += RSA_get0_key.3 dist_man3_MANS += RSA_get_ex_new_index.3 dist_man3_MANS += RSA_meth_new.3 dist_man3_MANS += RSA_new.3 dist_man3_MANS += RSA_padding_add_PKCS1_type_1.3 dist_man3_MANS += RSA_print.3 dist_man3_MANS += RSA_private_encrypt.3 dist_man3_MANS += RSA_public_encrypt.3 dist_man3_MANS += RSA_set_method.3 dist_man3_MANS += RSA_sign.3 dist_man3_MANS += RSA_sign_ASN1_OCTET_STRING.3 dist_man3_MANS += RSA_size.3 | > | 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 | dist_man3_MANS += RSA_check_key.3 dist_man3_MANS += RSA_generate_key.3 dist_man3_MANS += RSA_get0_key.3 dist_man3_MANS += RSA_get_ex_new_index.3 dist_man3_MANS += RSA_meth_new.3 dist_man3_MANS += RSA_new.3 dist_man3_MANS += RSA_padding_add_PKCS1_type_1.3 dist_man3_MANS += RSA_pkey_ctx_ctrl.3 dist_man3_MANS += RSA_print.3 dist_man3_MANS += RSA_private_encrypt.3 dist_man3_MANS += RSA_public_encrypt.3 dist_man3_MANS += RSA_set_method.3 dist_man3_MANS += RSA_sign.3 dist_man3_MANS += RSA_sign_ASN1_OCTET_STRING.3 dist_man3_MANS += RSA_size.3 |
| ︙ | ︙ | |||
1389 1390 1391 1392 1393 1394 1395 | ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" | | | | > > > > > > | | | | | | | 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 | ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id_len.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_cofactor_mode.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_md.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_outlen.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_type.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_signature_md.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_id.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_param_enc.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_cofactor_mode.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_md.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_outlen.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_type.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3" ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" |
| ︙ | ︙ | |||
1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 | ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" | > > > | 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 | ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_CMS.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_CMS.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_CMS.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" |
| ︙ | ︙ | |||
1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 | ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" | > | 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 | ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_CMS.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" |
| ︙ | ︙ | |||
1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 | ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" | > > > > > > > > > > > > > > > | 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 | ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_mgf1_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_oaep_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_padding.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_pss_saltlen.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_bits.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_mgf1_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_oaep_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" |
| ︙ | ︙ | |||
1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 | ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" | > | 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 | ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs_only.3" ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" |
| ︙ | ︙ | |||
2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 | ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" | > | 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 | ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_flags.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" |
| ︙ | ︙ | |||
2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 | ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" | > | 2977 2978 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 | ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher_strength.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" |
| ︙ | ︙ | |||
3923 3924 3925 3926 3927 3928 3929 | -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" | | > > | | > > > > | | | | | | | 3952 3953 3954 3955 3956 3957 3958 3959 3960 3961 3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 3974 3975 3976 3977 3978 3979 3980 3981 3982 3983 3984 | -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id_len.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_cofactor_mode.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_outlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_signature_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_param_enc.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_cofactor_mode.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_outlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" |
| ︙ | ︙ | |||
4265 4266 4267 4268 4269 4270 4271 4272 4273 4274 4275 4276 4277 4278 4279 4280 4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 | -rm -f "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" | > > > | 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 4351 4352 4353 4354 4355 | -rm -f "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_CMS.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_CMS.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_CMS.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" |
| ︙ | ︙ | |||
4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 | -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" | > | 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 | -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_CMS.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" |
| ︙ | ︙ | |||
4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 | -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" | > > > > > > > > > > > > > > > | 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 | -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_mgf1_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_oaep_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_padding.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_pss_saltlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_bits.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_mgf1_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_oaep_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" |
| ︙ | ︙ | |||
4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 | -rm -f "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" | > | 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 4591 4592 4593 4594 | -rm -f "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs_only.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" |
| ︙ | ︙ | |||
4946 4947 4948 4949 4950 4951 4952 4953 4954 4955 4956 4957 4958 4959 | -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" | > | 5001 5002 5003 5004 5005 5006 5007 5008 5009 5010 5011 5012 5013 5014 5015 | -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" |
| ︙ | ︙ | |||
5483 5484 5485 5486 5487 5488 5489 5490 5491 5492 5493 5494 5495 5496 | -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" | > | 5539 5540 5541 5542 5543 5544 5545 5546 5547 5548 5549 5550 5551 5552 5553 | -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher_strength.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" |
| ︙ | ︙ |
Changes to jni/libressl/man/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ | |||
404 405 406 407 408 409 410 | PKCS7_sign_add_signer.3 PKCS7_verify.3 \ PKCS8_PRIV_KEY_INFO_new.3 PKEY_USAGE_PERIOD_new.3 \ POLICYINFO_new.3 PROXY_POLICY_new.3 RAND_add.3 RAND_bytes.3 \ RAND_load_file.3 RAND_set_rand_method.3 RC4.3 RIPEMD160.3 \ RSA_PSS_PARAMS_new.3 RSA_blinding_on.3 RSA_check_key.3 \ RSA_generate_key.3 RSA_get0_key.3 RSA_get_ex_new_index.3 \ RSA_meth_new.3 RSA_new.3 RSA_padding_add_PKCS1_type_1.3 \ | | > | | | | | | < | | 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 | PKCS7_sign_add_signer.3 PKCS7_verify.3 \ PKCS8_PRIV_KEY_INFO_new.3 PKEY_USAGE_PERIOD_new.3 \ POLICYINFO_new.3 PROXY_POLICY_new.3 RAND_add.3 RAND_bytes.3 \ RAND_load_file.3 RAND_set_rand_method.3 RC4.3 RIPEMD160.3 \ RSA_PSS_PARAMS_new.3 RSA_blinding_on.3 RSA_check_key.3 \ RSA_generate_key.3 RSA_get0_key.3 RSA_get_ex_new_index.3 \ RSA_meth_new.3 RSA_new.3 RSA_padding_add_PKCS1_type_1.3 \ RSA_pkey_ctx_ctrl.3 RSA_print.3 RSA_private_encrypt.3 \ RSA_public_encrypt.3 RSA_set_method.3 RSA_sign.3 \ RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SHA1.3 \ SMIME_read_CMS.3 SMIME_read_PKCS7.3 SMIME_write_CMS.3 \ SMIME_write_PKCS7.3 STACK_OF.3 SXNET_new.3 TS_REQ_new.3 \ UI_UTIL_read_pw.3 UI_create_method.3 UI_get_string_type.3 \ UI_new.3 X25519.3 X509V3_get_d2i.3 X509_ALGOR_dup.3 \ X509_ATTRIBUTE_new.3 X509_CINF_new.3 X509_CRL_get0_by_serial.3 \ X509_CRL_new.3 X509_EXTENSION_set_object.3 X509_INFO_new.3 \ X509_LOOKUP_hash_dir.3 X509_NAME_ENTRY_get_object.3 \ X509_NAME_add_entry_by_txt.3 X509_NAME_get_index_by_NID.3 \ X509_NAME_new.3 X509_NAME_print_ex.3 X509_OBJECT_get0_X509.3 \ X509_PUBKEY_new.3 X509_REQ_new.3 X509_REVOKED_new.3 \ X509_SIG_new.3 X509_STORE_CTX_get_error.3 \ X509_STORE_CTX_get_ex_new_index.3 X509_STORE_CTX_new.3 \ X509_STORE_CTX_set_verify_cb.3 X509_STORE_load_locations.3 \ |
| ︙ | ︙ | |||
1650 1651 1652 1653 1654 1655 1656 | ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" | | | | > > > > > > | | | | | | | 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 | ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id_len.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_cofactor_mode.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_md.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_outlen.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_type.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_signature_md.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_id.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_param_enc.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_cofactor_mode.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_md.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_outlen.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_type.3" ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3" ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" |
| ︙ | ︙ | |||
1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 | ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" | > > > | 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 | ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write.3" ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_CMS.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_CMS.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_CMS.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" |
| ︙ | ︙ | |||
2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 | ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" | > | 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 | ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_CMS.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" |
| ︙ | ︙ | |||
2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 | ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" | > > > > > > > > > > > > > > > | 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 | ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_mgf1_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_oaep_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_padding.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_pss_saltlen.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_bits.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_mgf1_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_oaep_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3" ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" |
| ︙ | ︙ | |||
2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 | ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" | > | 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 | ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs_only.3" ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" |
| ︙ | ︙ | |||
2673 2674 2675 2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 | ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" | > | 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 | ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_flags.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" |
| ︙ | ︙ | |||
3210 3211 3212 3213 3214 3215 3216 3217 3218 3219 3220 3221 3222 3223 | ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" | > | 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 3251 | ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher_strength.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" |
| ︙ | ︙ | |||
4184 4185 4186 4187 4188 4189 4190 | -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" | | > > | | > > > > | | | | | | | 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223 4224 4225 4226 4227 4228 4229 4230 4231 4232 4233 4234 4235 4236 4237 4238 4239 4240 4241 4242 4243 4244 | -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id_len.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_cofactor_mode.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_outlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_signature_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_param_enc.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_cofactor_mode.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_outlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_type.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" |
| ︙ | ︙ | |||
4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 4542 4543 4544 4545 4546 4547 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 | -rm -f "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" | > > > | 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 4591 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 4602 4603 4604 4605 4606 4607 4608 4609 4610 4611 4612 4613 4614 4615 | -rm -f "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_CMS.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_CMS.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_CMS.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" |
| ︙ | ︙ | |||
4588 4589 4590 4591 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 | -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" | > | 4625 4626 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 | -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_CMS.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" |
| ︙ | ︙ | |||
4727 4728 4729 4730 4731 4732 4733 4734 4735 4736 4737 4738 4739 4740 | -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" | > > > > > > > > > > > > > > > | 4765 4766 4767 4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787 4788 4789 4790 4791 4792 4793 | -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_mgf1_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_oaep_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_padding.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_pss_saltlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_bits.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_mgf1_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_oaep_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3" -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" |
| ︙ | ︙ | |||
4787 4788 4789 4790 4791 4792 4793 4794 4795 4796 4797 4798 4799 4800 | -rm -f "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" | > | 4840 4841 4842 4843 4844 4845 4846 4847 4848 4849 4850 4851 4852 4853 4854 | -rm -f "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs_only.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" |
| ︙ | ︙ | |||
5207 5208 5209 5210 5211 5212 5213 5214 5215 5216 5217 5218 5219 5220 | -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" | > | 5261 5262 5263 5264 5265 5266 5267 5268 5269 5270 5271 5272 5273 5274 5275 | -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" |
| ︙ | ︙ | |||
5744 5745 5746 5747 5748 5749 5750 5751 5752 5753 5754 5755 5756 5757 | -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" | > | 5799 5800 5801 5802 5803 5804 5805 5806 5807 5808 5809 5810 5811 5812 5813 | -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher_strength.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" |
| ︙ | ︙ |
Changes to jni/libressl/man/PEM_read_bio_PrivateKey.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.16 2019/11/02 15:25:34 schwarze Exp $ .\" full merge up to: .\" OpenSSL man3/PEM_read_bio_PrivateKey.pod 18bad535 Apr 9 15:13:55 2019 +0100 .\" OpenSSL man3/PEM_read_CMS.pod 83cf7abf May 29 13:07:08 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2001-2004, 2009, 2013-2016 The OpenSSL Project. .\" All rights reserved. |
| ︙ | ︙ | |||
47 48 49 50 51 52 53 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt PEM_READ_BIO_PRIVATEKEY 3 .Os .Sh NAME .Nm pem_password_cb , .Nm PEM_read_bio_PrivateKey , .Nm PEM_read_PrivateKey , .Nm PEM_write_bio_PrivateKey , |
| ︙ | ︙ | |||
137 138 139 140 141 142 143 | .Nm PEM_read_bio_PKCS7 , .Nm PEM_read_PKCS7 , .Nm PEM_write_bio_PKCS7 , .Nm PEM_write_PKCS7 , .Nm PEM_read_bio_NETSCAPE_CERT_SEQUENCE , .Nm PEM_read_NETSCAPE_CERT_SEQUENCE , .Nm PEM_write_bio_NETSCAPE_CERT_SEQUENCE , | | > > > > | 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 | .Nm PEM_read_bio_PKCS7 , .Nm PEM_read_PKCS7 , .Nm PEM_write_bio_PKCS7 , .Nm PEM_write_PKCS7 , .Nm PEM_read_bio_NETSCAPE_CERT_SEQUENCE , .Nm PEM_read_NETSCAPE_CERT_SEQUENCE , .Nm PEM_write_bio_NETSCAPE_CERT_SEQUENCE , .Nm PEM_write_NETSCAPE_CERT_SEQUENCE , .Nm PEM_read_CMS , .Nm PEM_read_bio_CMS , .Nm PEM_write_CMS , .Nm PEM_write_bio_CMS .Nd PEM routines .Sh SYNOPSIS .In openssl/pem.h .Ft typedef int .Fo pem_password_cb .Fa "char *buf" .Fa "int size" |
| ︙ | ︙ | |||
718 719 720 721 722 723 724 725 726 727 728 729 730 731 | .Fa "NETSCAPE_CERT_SEQUENCE *x" .Fc .Ft int .Fo PEM_write_NETSCAPE_CERT_SEQUENCE .Fa "FILE *fp" .Fa "NETSCAPE_CERT_SEQUENCE *x" .Fc .Sh DESCRIPTION The PEM functions read or write structures in PEM format. In this sense PEM format is simply base64-encoded data surrounded by header lines. .Pp For more details about the meaning of arguments see the .Sx PEM function arguments | > > > > > > > > > > > > > > > > > > > > > > > > > | 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 | .Fa "NETSCAPE_CERT_SEQUENCE *x" .Fc .Ft int .Fo PEM_write_NETSCAPE_CERT_SEQUENCE .Fa "FILE *fp" .Fa "NETSCAPE_CERT_SEQUENCE *x" .Fc .In openssl/cms.h .Ft CMS_ContentInfo * .Fo PEM_read_CMS .Fa "FILE *fp" .Fa "CMS_ContentInfo **x" .Fa "pem_password_cb *cb" .Fa "void *u" .Fc .Ft CMS_ContentInfo * .Fo PEM_read_bio_CMS .Fa "BIO *bp" .Fa "CMS_ContentInfo **x" .Fa "pem_password_cb *cb" .Fa "void *u" .Fc .Ft int .Fo PEM_write_CMS .Fa "FILE *fp" .Fa "const CMS_ContentInfo *x" .Fc .Ft int .Fo PEM_write_bio_CMS .Fa "BIO *bp" .Fa "const CMS_ContentInfo *x" .Fc .Sh DESCRIPTION The PEM functions read or write structures in PEM format. In this sense PEM format is simply base64-encoded data surrounded by header lines. .Pp For more details about the meaning of arguments see the .Sx PEM function arguments |
| ︙ | ︙ | |||
933 934 935 936 937 938 939 940 941 942 943 944 945 946 | .Pp The .Sy NETSCAPE_CERT_SEQUENCE functions process a Netscape Certificate Sequence using a .Vt NETSCAPE_CERT_SEQUENCE structure. .Pp The old .Sy PrivateKey write routines are retained for compatibility. New applications should write private keys using the .Fn PEM_write_bio_PKCS8PrivateKey or .Fn PEM_write_PKCS8PrivateKey | > > > > > > | 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 | .Pp The .Sy NETSCAPE_CERT_SEQUENCE functions process a Netscape Certificate Sequence using a .Vt NETSCAPE_CERT_SEQUENCE structure. .Pp The .Sy CMS functions process a .Vt CMS_ContentInfo structure. .Pp The old .Sy PrivateKey write routines are retained for compatibility. New applications should write private keys using the .Fn PEM_write_bio_PKCS8PrivateKey or .Fn PEM_write_PKCS8PrivateKey |
| ︙ | ︙ | |||
1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 | .Fn PEM_read_bio_EC_PUBKEY , .Fn PEM_read_EC_PUBKEY , .Fn PEM_write_bio_EC_PUBKEY , and .Fn PEM_write_EC_PUBKEY first appeared in OpenSSL 0.9.8 and have been available since .Ox 4.5 . .Sh CAVEATS A frequent cause of problems is attempting to use the PEM routines like this: .Bd -literal -offset indent X509 *x; PEM_read_bio_X509(bp, &x, 0, NULL); .Ed | > > > > > > > > | 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 | .Fn PEM_read_bio_EC_PUBKEY , .Fn PEM_read_EC_PUBKEY , .Fn PEM_write_bio_EC_PUBKEY , and .Fn PEM_write_EC_PUBKEY first appeared in OpenSSL 0.9.8 and have been available since .Ox 4.5 . .Pp .Fn PEM_read_CMS , .Fn PEM_read_bio_CMS , .Fn PEM_write_CMS , and .Fn PEM_write_bio_CMS first appeared in OpenSSL 0.9.8h and have been available since .Ox 6.7 . .Sh CAVEATS A frequent cause of problems is attempting to use the PEM routines like this: .Bd -literal -offset indent X509 *x; PEM_read_bio_X509(bp, &x, 0, NULL); .Ed |
| ︙ | ︙ |
Changes to jni/libressl/man/PEM_write_bio_CMS_stream.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: PEM_write_bio_CMS_stream.3,v 1.4 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt PEM_WRITE_BIO_CMS_STREAM 3 .Os .Sh NAME .Nm PEM_write_bio_CMS_stream .Nd output CMS_ContentInfo structure in PEM format .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
88 89 90 91 92 93 94 | .Xr i2d_CMS_bio_stream 3 , .Xr PEM_write 3 , .Xr SMIME_write_CMS 3 .Sh HISTORY .Fn PEM_write_bio_CMS_stream first appeared in OpenSSL 1.0.0 and has been available since | | | 88 89 90 91 92 93 94 95 | .Xr i2d_CMS_bio_stream 3 , .Xr PEM_write 3 , .Xr SMIME_write_CMS 3 .Sh HISTORY .Fn PEM_write_bio_CMS_stream first appeared in OpenSSL 1.0.0 and has been available since .Ox 6.7 . |
Changes to jni/libressl/man/RC4.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: RC4.3,v 1.8 2020/03/29 17:05:02 schwarze Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Ulf Moeller <ulf@openssl.org>. .\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 29 2020 $ .Dt RC4 3 .Os .Sh NAME .Nm RC4_set_key , .Nm RC4 .Nd RC4 encryption .Sh SYNOPSIS |
| ︙ | ︙ | |||
108 109 110 111 112 113 114 | calls with the same .Fa key yield a continuous key stream. .Pp Since RC4 is a stream cipher (the input is XOR'ed with a pseudo-random key stream to produce the output), decryption uses the same function calls as encryption. | < < < < < | 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 | calls with the same .Fa key yield a continuous key stream. .Pp Since RC4 is a stream cipher (the input is XOR'ed with a pseudo-random key stream to produce the output), decryption uses the same function calls as encryption. .Sh SEE ALSO .Xr blowfish 3 , .Xr EVP_EncryptInit 3 , .Xr EVP_rc4 3 .Sh HISTORY .Fn RC4_set_key and .Fn RC4 appeared in SSLeay 0.4 or earlier and have been available since .Ox 2.4 . .Sh BUGS This cipher is broken and should no longer be used. |
Changes to jni/libressl/man/RSA_new.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: RSA_new.3,v 1.16 2019/11/01 12:02:58 schwarze Exp $ .\" full merge up to: .\" OpenSSL doc/man3/RSA_new.pod e9b77246 Jan 20 19:58:49 2017 +0100 .\" OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400 (final) .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" |
| ︙ | ︙ | |||
63 64 65 66 67 68 69 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 1 2019 $ .Dt RSA_NEW 3 .Os .Sh NAME .Nm RSA_new , .Nm RSAPrivateKey_dup , .Nm RSAPublicKey_dup , .Nm RSA_up_ref , |
| ︙ | ︙ | |||
221 222 223 224 225 226 227 228 229 230 231 232 233 234 | .Xr RSA_blinding_on 3 , .Xr RSA_check_key 3 , .Xr RSA_generate_key 3 , .Xr RSA_get0_key 3 , .Xr RSA_get_ex_new_index 3 , .Xr RSA_meth_new 3 , .Xr RSA_padding_add_PKCS1_type_1 3 , .Xr RSA_print 3 , .Xr RSA_private_encrypt 3 , .Xr RSA_PSS_PARAMS_new 3 , .Xr RSA_public_encrypt 3 , .Xr RSA_set_method 3 , .Xr RSA_sign 3 , .Xr RSA_sign_ASN1_OCTET_STRING 3 , | > | 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 | .Xr RSA_blinding_on 3 , .Xr RSA_check_key 3 , .Xr RSA_generate_key 3 , .Xr RSA_get0_key 3 , .Xr RSA_get_ex_new_index 3 , .Xr RSA_meth_new 3 , .Xr RSA_padding_add_PKCS1_type_1 3 , .Xr RSA_pkey_ctx_ctrl 3 , .Xr RSA_print 3 , .Xr RSA_private_encrypt 3 , .Xr RSA_PSS_PARAMS_new 3 , .Xr RSA_public_encrypt 3 , .Xr RSA_set_method 3 , .Xr RSA_sign 3 , .Xr RSA_sign_ASN1_OCTET_STRING 3 , |
| ︙ | ︙ |
Changes to jni/libressl/man/SMIME_read_CMS.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SMIME_read_CMS.3,v 1.6 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt SMIME_READ_CMS 3 .Os .Sh NAME .Nm SMIME_read_CMS .Nd parse S/MIME message .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
109 110 111 112 113 114 115 | .Xr CMS_verify 3 , .Xr d2i_CMS_ContentInfo 3 , .Xr SMIME_write_CMS 3 .Sh HISTORY .Fn SMIME_read_CMS first appeared in OpenSSL 0.9.8h and has been available since | | | 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 | .Xr CMS_verify 3 , .Xr d2i_CMS_ContentInfo 3 , .Xr SMIME_write_CMS 3 .Sh HISTORY .Fn SMIME_read_CMS first appeared in OpenSSL 0.9.8h and has been available since .Ox 6.7 . .Sh BUGS The MIME parser used by .Fn SMIME_read_CMS is somewhat primitive. While it will handle most S/MIME messages, more complex compound formats may not work. .Pp |
| ︙ | ︙ |
Changes to jni/libressl/man/SMIME_write_CMS.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SMIME_write_CMS.3,v 1.5 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt SMIME_WRITE_CMS 3 .Os .Sh NAME .Nm SMIME_write_CMS .Nd convert CMS structure to S/MIME format .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
121 122 123 124 125 126 127 | .Xr CMS_sign 3 , .Xr d2i_CMS_ContentInfo 3 , .Xr ERR_get_error 3 .Sh HISTORY .Fn SMIME_write_CMS first appeared in OpenSSL 0.9.8h and has been available since | | | 121 122 123 124 125 126 127 128 129 130 131 132 | .Xr CMS_sign 3 , .Xr d2i_CMS_ContentInfo 3 , .Xr ERR_get_error 3 .Sh HISTORY .Fn SMIME_write_CMS first appeared in OpenSSL 0.9.8h and has been available since .Ox 6.7 . .Sh BUGS .Fn SMIME_write_CMS always base64 encodes CMS structures. There should be an option to disable this. |
Changes to jni/libressl/man/SSL_CIPHER_get_name.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.11 2020/04/14 15:27:35 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>, .\" Dr. Stephen Henson <steve@openssl.org>, Todd Short <tshort@akamai.com>, .\" and Paul Yang <yang.yang@baishancloud.com>. .\" Copyright (c) 2000, 2005, 2009, 2013, 2014, 2015, 2016, 2017 |
| ︙ | ︙ | |||
48 49 50 51 52 53 54 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: April 14 2020 $ .Dt SSL_CIPHER_GET_NAME 3 .Os .Sh NAME .Nm SSL_CIPHER_get_name , .Nm SSL_CIPHER_get_bits , .Nm SSL_CIPHER_get_version , .Nm SSL_CIPHER_get_cipher_nid , |
| ︙ | ︙ | |||
208 209 210 211 212 213 214 | .Fn SSL_CIPHER_description consists of several fields separated by whitespace: .Bl -tag -width Ds .It Aq Ar ciphername Textual representation of the cipher name. .It Aq Ar protocol version Protocol version: | | > | > | < > < < < < > | < | 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 | .Fn SSL_CIPHER_description consists of several fields separated by whitespace: .Bl -tag -width Ds .It Aq Ar ciphername Textual representation of the cipher name. .It Aq Ar protocol version Protocol version: .Sy SSLv3 , .Sy TLSv1.2 , or .Sy TLSv1.3 . The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1. .It Kx= Ns Aq Ar key exchange Key exchange method: .Sy DH , .Sy ECDH , .Sy GOST , .Sy RSA , or .Sy TLSv1.3 . .It Au= Ns Aq Ar authentication Authentication method: .Sy ECDSA , .Sy GOST01 , .Sy RSA , .Sy TLSv1.3 , or .Sy None . .Sy None is the representation of anonymous ciphers. .It Enc= Ns Aq Ar symmetric encryption method Encryption method with number of secret bits: .Sy 3DES(168) , .Sy RC4(128) , .Sy AES(128) , .Sy AES(256) , .Sy AESCGM(128) , .Sy AESCGM(256) , .Sy Camellia(128) , .Sy Camellia(256) , .Sy ChaCha20-Poly1305 , .Sy GOST-28178-89-CNT , or .Sy None . .It Mac= Ns Aq Ar message authentication code Message digest: .Sy MD5 , .Sy SHA1 , .Sy SHA256 , .Sy SHA384 , .Sy AEAD , .Sy GOST94 , .Sy GOST89IMIT , or .Sy STREEBOG256 . .El .Sh RETURN VALUES .Fn SSL_CIPHER_get_name returns an internal pointer to a NUL-terminated string. .Fn SSL_CIPHER_get_version returns a pointer to a static NUL-terminated string. If |
| ︙ | ︙ | |||
311 312 313 314 315 316 317 | .Fn SSL_CIPHER_description : .Bd -literal ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD .Ed .Pp A complete list can be retrieved by invoking the following command: .Pp | | | 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 | .Fn SSL_CIPHER_description : .Bd -literal ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD .Ed .Pp A complete list can be retrieved by invoking the following command: .Pp .Dl $ openssl ciphers -v ALL:COMPLEMENTOFALL .Sh SEE ALSO .Xr openssl 1 , .Xr ssl 3 , .Xr SSL_get_ciphers 3 , .Xr SSL_get_current_cipher 3 .Sh HISTORY .Fn SSL_CIPHER_description |
| ︙ | ︙ |
Changes to jni/libressl/man/SSL_CTX_add_extra_chain_cert.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.7 2020/01/02 09:09:16 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and .\" Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2000, 2002, 2013, 2015 The OpenSSL Project. .\" All rights reserved. .\" |
| ︙ | ︙ | |||
46 47 48 49 50 51 52 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | > > > | | > > > > > > > > > > | 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: January 2 2020 $ .Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 .Os .Sh NAME .Nm SSL_CTX_add_extra_chain_cert , .Nm SSL_CTX_get_extra_chain_certs_only , .Nm SSL_CTX_get_extra_chain_certs , .Nm SSL_CTX_clear_extra_chain_certs .Nd add, retrieve, and clear extra chain certificates .Sh SYNOPSIS .In openssl/ssl.h .Ft long .Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509" .Ft long .Fn SSL_CTX_get_extra_chain_certs_only "SSL_CTX *ctx" "STACK_OF(X509) **certs" .Ft long .Fn SSL_CTX_get_extra_chain_certs "SSL_CTX *ctx" "STACK_OF(X509) **certs" .Ft long .Fn SSL_CTX_clear_extra_chain_certs "SSL_CTX *ctx" .Sh DESCRIPTION .Fn SSL_CTX_add_extra_chain_cert adds the certificate .Fa x509 to the extra chain certificates associated with .Fa ctx . Several certificates can be added one after another. .Pp .Fn SSL_CTX_get_extra_chain_certs_only retrieves an internal pointer to the stack of extra chain certificates associated with .Fa ctx , or set .Pf * Fa certs to .Dv NULL if there are none. .Pp .Fn SSL_CTX_get_extra_chain_certs does the same except that it retrieves an internal pointer to the chain associated with the certificate if there are no extra chain certificates. .Pp .Fn SSL_CTX_clear_extra_chain_certs clears all extra chain certificates associated with .Fa ctx . .Pp These functions are implemented as macros. .Pp |
| ︙ | ︙ | |||
119 120 121 122 123 124 125 126 127 128 129 130 131 132 | .Ox 2.6 . .Pp .Fn SSL_CTX_get_extra_chain_certs and .Fn SSL_CTX_clear_extra_chain_certs first appeared in OpenSSL 1.0.1 and have been available since .Ox 5.3 . .Sh CAVEATS Certificates added with .Fn SSL_CTX_add_extra_chain_cert are ignored when certificates are also available that have been added using the functions documented in .Xr SSL_CTX_set1_chain 3 . .Pp | > > > > | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 | .Ox 2.6 . .Pp .Fn SSL_CTX_get_extra_chain_certs and .Fn SSL_CTX_clear_extra_chain_certs first appeared in OpenSSL 1.0.1 and have been available since .Ox 5.3 . .Pp .Fn SSL_CTX_get_extra_chain_certs_only first appeared in OpenSSL 1.0.2 and has been available since .Ox 6.7 . .Sh CAVEATS Certificates added with .Fn SSL_CTX_add_extra_chain_cert are ignored when certificates are also available that have been added using the functions documented in .Xr SSL_CTX_set1_chain 3 . .Pp |
| ︙ | ︙ |
Changes to jni/libressl/man/SSL_CTX_set_cipher_list.3.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 | .\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.15 2020/04/25 14:03:38 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" .\" Copyright (c) 2018, 2020 Ingo Schwarze <schwarze@openbsd.org> .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| ︙ | ︙ | |||
61 62 63 64 65 66 67 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: April 25 2020 $ .Dt SSL_CTX_SET_CIPHER_LIST 3 .Os .Sh NAME .Nm SSL_CTX_set_cipher_list , .Nm SSL_set_cipher_list .Nd choose list of available SSL_CIPHERs .Sh SYNOPSIS |
| ︙ | ︙ | |||
130 131 132 133 134 135 136 137 138 139 | .Bl -tag -width Ds .It Cm DEFAULT An alias for .Sm off .Cm ALL No :! Cm aNULL No :! Cm eNULL . .Sm on It can only be used as the first word. .It Cm @STRENGTH Sort the list by decreasing encryption strength, preserving the order of cipher suites that have the same strength. | > > > > > > | | < < < | | 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 | .Bl -tag -width Ds .It Cm DEFAULT An alias for .Sm off .Cm ALL No :! Cm aNULL No :! Cm eNULL . .Sm on It can only be used as the first word. The .Cm DEFAULT cipher list can be displayed with the .Xr openssl 1 .Cm ciphers command. .It Cm @STRENGTH Sort the list by decreasing encryption strength, preserving the order of cipher suites that have the same strength. It is usually given as the last word. .El .Pp The following words can be used to select groups of cipher suites, with or without a prefix character. If two or more of these words are joined with plus signs .Pq Ql + to form a longer word, only the intersection of the specified sets is selected. .Bl -tag -width Ds .It Cm ADH Cipher suites using ephemeral DH for key exchange without doing any server authentication. Equivalent to .Cm DH Ns + Ns Cm aNULL . .It Cm AEAD Cipher suites using Authenticated Encryption with Additional Data. .It Cm AECDH Cipher suites using ephemeral ECDH for key exchange without doing any server authentication. Equivalent to .Cm ECDH Ns + Ns Cm aNULL . .It Cm aECDSA Cipher suites using ECDSA server authentication. .It Cm AES Cipher suites using AES or AESGCM for symmetric encryption. .It Cm AES128 Cipher suites using AES(128) or AESGCM(128) for symmetric encryption. .It Cm AES256 |
| ︙ | ︙ | |||
206 207 208 209 210 211 212 | but not included in .Cm DEFAULT . Currently similar to .Cm aNULL Ns :! Ns Cm eNULL except for the order of the cipher suites which are .Em not selected. | < < | < | < < < < < > | < < < < < < < < < < < < < < < < < < < < < < < < < < | 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 | but not included in .Cm DEFAULT . Currently similar to .Cm aNULL Ns :! Ns Cm eNULL except for the order of the cipher suites which are .Em not selected. .It Cm 3DES Cipher suites using triple DES for symmetric encryption. .It Cm DH Cipher suites using ephemeral DH for key exchange. .It Cm DHE Cipher suites using ephemeral DH for key exchange, but excluding those that don't do any server authentication. Similar to .Cm DH Ns :! Ns Cm aNULL except for the order of the cipher suites which are .Em not selected. .It Cm ECDH Cipher suites using ephemeral ECDH for key exchange. .It Cm ECDHE Cipher suites using ephemeral ECDH for key exchange, but excluding those that don't do any server authentication. Similar to .Cm ECDH Ns :! Ns Cm aNULL except for the order of the cipher suites which are .Em not selected. .It Cm ECDSA An alias for .Cm aECDSA . .It Cm eNULL Cipher suites that do not use any encryption. Not enabled by .Cm DEFAULT , and not even included in .Cm ALL . .It Cm GOST89MAC Cipher suites using GOST 28147-89 for message authentication instead of HMAC. .It Cm GOST94 Cipher suites using HMAC based on GOST R 34.11-94 for message authentication. .It Cm HIGH Cipher suites of high strength. .It Cm kGOST Cipher suites using VKO 34.10 key exchange, specified in RFC 4357. .It Cm kRSA Cipher suites using RSA key exchange. .It Cm LOW Cipher suites of low strength. .It Cm MD5 Cipher suites using MD5 for message authentication. .It Cm MEDIUM Cipher suites of medium strength. .It Cm NULL An alias for .Cm eNULL . .It Cm RC4 Cipher suites using RC4 for symmetric encryption. .It Cm RSA Cipher suites using RSA for both key exchange and server authentication. |
| ︙ | ︙ | |||
312 313 314 315 316 317 318 | Cipher suites using SHA384 for message authentication. .It Cm SSLv3 An alias for .Cm TLSv1 . .It Cm STREEBOG256 Cipher suites using STREEBOG256 for message authentication. .It Cm TLSv1 | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 | Cipher suites using SHA384 for message authentication. .It Cm SSLv3 An alias for .Cm TLSv1 . .It Cm STREEBOG256 Cipher suites using STREEBOG256 for message authentication. .It Cm TLSv1 Cipher suites usable with the TLSv1.0, TLSv1.1, and TLSv1.2 protocols. .It Cm TLSv1.2 Cipher suites for the TLSv1.2 protocol. .It Cm TLSv1.3 Cipher suites for the TLSv1.3 protocol. If the .Fa control string selects at least one cipher suite but neither contains the word .Cm TLSv1.3 nor specifically includes nor excludes any TLSv1.3 cipher suites, all the .Cm TLSv1.3 cipher suites are made available, too. .El .Pp The full words returned by the .Xr openssl 1 .Cm ciphers command can be used to select individual cipher suites. .Pp The following words do not match anything because LibreSSL no longer provides any such cipher suites: .Pp .Bl -tag -width Ds -compact .It Cm DES Cipher suites using single DES for symmetric encryption. .It Cm DSS Cipher suites using DSS server authentication. .It Cm IDEA Cipher suites using IDEA for symmetric encryption. .El .Pp The following are deprecated aliases: .Pp .Bl -column kEECDH ECDHE -compact -offset indent .It avoid: Ta use: .It Cm EDH Ta Cm DHE .It Cm EECDH Ta Cm ECDHE .It Cm kEDH Ta Cm DH .It Cm kEECDH Ta Cm ECDH .El .Pp Unknown words are silently ignored, selecting no cipher suites. Failure is only flagged if the .Fa control string contains invalid bytes or if no matching cipher suites are available at all. .Pp |
| ︙ | ︙ | |||
367 368 369 370 371 372 373 | .Xr SSL_get_ciphers 3 .Sh HISTORY .Fn SSL_CTX_set_cipher_list and .Fn SSL_set_cipher_list first appeared in SSLeay 0.5.2 and have been available since .Ox 2.4 . | > > > > > > > > > > > | 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 | .Xr SSL_get_ciphers 3 .Sh HISTORY .Fn SSL_CTX_set_cipher_list and .Fn SSL_set_cipher_list first appeared in SSLeay 0.5.2 and have been available since .Ox 2.4 . .Sh CAVEATS In LibreSSL, .Fn SSL_CTX_set_cipher_list and .Fn SSL_set_cipher_list can be used to configure the list of available cipher suites for all versions of the TLS protocol, whereas in OpenSSL, they only control cipher suites for protocols up to TLSv1.2. If compatibility with OpenSSL is required, the list of available TLSv1.3 cipher suites can only be changed with .Fn SSL_set_ciphersuites . |
Changes to jni/libressl/man/SSL_CTX_set_client_CA_list.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.6 2020/03/30 10:28:59 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. .\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 30 2020 $ .Dt SSL_CTX_SET_CLIENT_CA_LIST 3 .Os .Sh NAME .Nm SSL_CTX_set_client_CA_list , .Nm SSL_set_client_CA_list , .Nm SSL_CTX_add_client_CA , .Nm SSL_add_client_CA |
| ︙ | ︙ | |||
139 140 141 142 143 144 145 | .Fa ctx or .Fa ssl (as appropriate) is opened. .Pp These functions are only useful for TLS/SSL servers. .Sh RETURN VALUES | < < < < < | 139 140 141 142 143 144 145 146 147 148 149 150 151 152 | .Fa ctx or .Fa ssl (as appropriate) is opened. .Pp These functions are only useful for TLS/SSL servers. .Sh RETURN VALUES .Fn SSL_CTX_add_client_CA and .Fn SSL_add_client_CA have the following return values: .Bl -tag -width Ds .It 0 A failure while manipulating the |
| ︙ | ︙ |
Changes to jni/libressl/man/SSL_CTX_set_quiet_shutdown.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_CTX_set_quiet_shutdown.3,v 1.6 2020/03/30 10:28:59 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. .\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 30 2020 $ .Dt SSL_CTX_SET_QUIET_SHUTDOWN 3 .Os .Sh NAME .Nm SSL_CTX_set_quiet_shutdown , .Nm SSL_CTX_get_quiet_shutdown , .Nm SSL_set_quiet_shutdown , .Nm SSL_get_quiet_shutdown |
| ︙ | ︙ | |||
140 141 142 143 144 145 146 | The session is thus considered to be shut down, but no .Dq close notify alert is sent to the peer. This behaviour violates the TLS standard. .Pp The default is normal shutdown behaviour as described by the TLS standard. .Sh RETURN VALUES | < < < < < | 140 141 142 143 144 145 146 147 148 149 150 151 152 153 | The session is thus considered to be shut down, but no .Dq close notify alert is sent to the peer. This behaviour violates the TLS standard. .Pp The default is normal shutdown behaviour as described by the TLS standard. .Sh RETURN VALUES .Fn SSL_CTX_get_quiet_shutdown and .Fn SSL_get_quiet_shutdown return the current setting. .Sh SEE ALSO .Xr ssl 3 , .Xr SSL_clear 3 , |
| ︙ | ︙ |
Changes to jni/libressl/man/SSL_CTX_set_tmp_dh_callback.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.8 2020/03/30 10:28:59 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. .\" Copyright (c) 2001, 2014, 2015 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 30 2020 $ .Dt SSL_CTX_SET_TMP_DH_CALLBACK 3 .Os .Sh NAME .Nm SSL_CTX_set_tmp_dh_callback , .Nm SSL_CTX_set_tmp_dh , .Nm SSL_set_tmp_dh_callback , .Nm SSL_set_tmp_dh |
| ︙ | ︙ | |||
171 172 173 174 175 176 177 | .Fn SSL_CTX_set_tmp_dh or alternatively, use the callback but ignore .Fa keylength and .Fa is_export and simply supply at least 2048-bit parameters in the callback. .Sh RETURN VALUES | < < < < < | 171 172 173 174 175 176 177 178 179 180 181 182 183 184 | .Fn SSL_CTX_set_tmp_dh or alternatively, use the callback but ignore .Fa keylength and .Fa is_export and simply supply at least 2048-bit parameters in the callback. .Sh RETURN VALUES .Fn SSL_CTX_set_tmp_dh and .Fn SSL_set_tmp_dh do return 1 on success and 0 on failure. Check the error queue to find out the reason of failure. .Sh EXAMPLES Set up DH parameters with a key length of 2048 bits. |
| ︙ | ︙ |
Changes to jni/libressl/man/SSL_CTX_use_certificate.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.14 2019/11/14 20:48:48 millert Exp $ .\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000 .\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. .\" Copyright (c) 2000, 2001, 2002, 2003, 2005 The OpenSSL Project. .\" All rights reserved. .\" |
| ︙ | ︙ | |||
46 47 48 49 50 51 52 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 14 2019 $ .Dt SSL_CTX_USE_CERTIFICATE 3 .Os .Sh NAME .Nm SSL_CTX_use_certificate , .Nm SSL_CTX_use_certificate_ASN1 , .Nm SSL_CTX_use_certificate_file , .Nm SSL_use_certificate , |
| ︙ | ︙ | |||
202 203 204 205 206 207 208 | .Dv SSL_FILETYPE_ASN1 . .Fn SSL_use_certificate_file loads the certificate from .Fa file into .Fa ssl . See the | | | 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 | .Dv SSL_FILETYPE_ASN1 . .Fn SSL_use_certificate_file loads the certificate from .Fa file into .Fa ssl . See the .Sx NOTES section on why .Fn SSL_CTX_use_certificate_chain_file should be preferred. .Pp The .Fn SSL_CTX_use_certificate_chain* functions load a certificate chain into |
| ︙ | ︙ |
Changes to jni/libressl/man/SSL_free.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_free.3,v 1.5 2020/03/30 10:28:59 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. .\" Copyright (c) 2000, 2001 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 30 2020 $ .Dt SSL_FREE 3 .Os .Sh NAME .Nm SSL_free .Nd free an allocated SSL structure .Sh SYNOPSIS .In openssl/ssl.h |
| ︙ | ︙ | |||
99 100 101 102 103 104 105 | .Xr SSL_shutdown 3 was not called for the connection and .Xr SSL_set_shutdown 3 was not used to set the .Vt SSL_SENT_SHUTDOWN state, the session will also be removed from the session cache as required by RFC2246. | < < < | 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | .Xr SSL_shutdown 3 was not called for the connection and .Xr SSL_set_shutdown 3 was not used to set the .Vt SSL_SENT_SHUTDOWN state, the session will also be removed from the session cache as required by RFC2246. .Sh SEE ALSO .Xr ssl 3 , .Xr SSL_clear 3 , .Xr SSL_new 3 , .Xr SSL_set_shutdown 3 , .Xr SSL_shutdown 3 .Sh HISTORY .Fn SSL_free appeared in SSLeay 0.4 or earlier and has been available since .Ox 2.4 . |
Changes to jni/libressl/man/SSL_pending.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_pending.3,v 1.5 2020/01/23 03:40:18 beck Exp $ .\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>, .\" Bodo Moeller <bodo@openssl.org>, and Matt Caswell <matt@openssl.org>. .\" Copyright (c) 2000, 2005, 2015, 2016 The OpenSSL Project. .\" All rights reserved. .\" |
| ︙ | ︙ | |||
46 47 48 49 50 51 52 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | < < < < < < < < < < < < < < < < < < < | 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: January 23 2020 $ .Dt SSL_PENDING 3 .Os .Sh NAME .Nm SSL_pending .Nd obtain number of readable bytes buffered in an SSL object .Sh SYNOPSIS .In openssl/ssl.h .Ft int .Fn SSL_pending "const SSL *ssl" .Sh DESCRIPTION Data is received in whole blocks known as records from the peer. A whole record is processed, for example decrypted, in one go and is buffered until it is read by the application via a call to .Xr SSL_read 3 . .Pp .Fn SSL_pending returns the number of bytes of application data which are available for immediate read. .Pp .Fn SSL_pending takes into account only bytes from the TLS/SSL record that is currently being processed (if any). .Sh RETURN VALUES .Fn SSL_pending returns the number of buffered and processed application data bytes that are pending and are available for immediate read. .Sh SEE ALSO .Xr ssl 3 , .Xr SSL_read 3 .Sh HISTORY .Fn SSL_pending appeared in SSLeay 0.4 or earlier and has been available since .Ox 2.4 . .Sh BUGS Up to OpenSSL 0.9.6, .Fn SSL_pending did not check if the record type of pending data is application data. |
Changes to jni/libressl/man/SSL_set_shutdown.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_set_shutdown.3,v 1.5 2020/03/30 10:28:59 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. .\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 30 2020 $ .Dt SSL_SET_SHUTDOWN 3 .Os .Sh NAME .Nm SSL_set_shutdown , .Nm SSL_get_shutdown .Nd manipulate shutdown state of an SSL connection .Sh SYNOPSIS |
| ︙ | ︙ | |||
118 119 120 121 122 123 124 | .Dv SSL_SENT_SHUTDOWN the application must still call .Xr SSL_shutdown 3 or .Fn SSL_set_shutdown itself. .Sh RETURN VALUES | < < < | 118 119 120 121 122 123 124 125 126 127 128 129 130 131 | .Dv SSL_SENT_SHUTDOWN the application must still call .Xr SSL_shutdown 3 or .Fn SSL_set_shutdown itself. .Sh RETURN VALUES .Fn SSL_get_shutdown returns the current setting. .Sh SEE ALSO .Xr ssl 3 , .Xr SSL_clear 3 , .Xr SSL_CTX_set_quiet_shutdown 3 , .Xr SSL_free 3 , |
| ︙ | ︙ |
Changes to jni/libressl/man/SSL_set_verify_result.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: SSL_set_verify_result.3,v 1.5 2020/03/29 17:05:02 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>. .\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 29 2020 $ .Dt SSL_SET_VERIFY_RESULT 3 .Os .Sh NAME .Nm SSL_set_verify_result .Nd override result of peer certificate verification .Sh SYNOPSIS .In openssl/ssl.h |
| ︙ | ︙ | |||
75 76 77 78 79 80 81 | It does not become part of the established session, so if the session is to be reused later, the original value will reappear. .Pp The valid codes for .Fa verify_result are documented in .Xr openssl 1 . | < < < | 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 | It does not become part of the established session, so if the session is to be reused later, the original value will reappear. .Pp The valid codes for .Fa verify_result are documented in .Xr openssl 1 . .Sh SEE ALSO .Xr openssl 1 , .Xr ssl 3 , .Xr SSL_get_peer_certificate 3 , .Xr SSL_get_verify_result 3 .Sh HISTORY .Fn SSL_set_verify_result first appeared in SSLeay 0.6.1 and has been available since .Ox 2.4 . |
Changes to jni/libressl/man/X509_STORE_CTX_new.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: X509_STORE_CTX_new.3,v 1.20 2019/12/05 14:38:56 claudio Exp $ .\" full merge up to: OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 .\" selective merge up to: OpenSSL 7643a172 Apr 21 13:35:51 2017 +0200 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org> .\" and Rich Salz <rsalz@openssl.org>. .\" Copyright (c) 2009, 2015, 2016 The OpenSSL Project. All rights reserved. .\" |
| ︙ | ︙ | |||
46 47 48 49 50 51 52 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | > | 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: December 5 2019 $ .Dt X509_STORE_CTX_NEW 3 .Os .Sh NAME .Nm X509_STORE_CTX_new , .Nm X509_STORE_CTX_cleanup , .Nm X509_STORE_CTX_free , .Nm X509_STORE_CTX_init , .Nm X509_STORE_CTX_get0_store , .Nm X509_STORE_CTX_set0_trusted_stack , .Nm X509_STORE_CTX_trusted_stack , .Nm X509_STORE_CTX_set_cert , .\" X509_STORE_CTX_get0_chain moved to X509_STORE_CTX_get_error(3) .Nm X509_STORE_CTX_set_chain , .Nm X509_STORE_CTX_set0_crls , .Nm X509_STORE_CTX_set_flags , .Nm X509_STORE_CTX_get0_param , .Nm X509_STORE_CTX_set0_param , .Nm X509_STORE_CTX_get0_untrusted , .Nm X509_STORE_CTX_set0_untrusted , .Nm X509_STORE_CTX_set_default .Nd X509_STORE_CTX initialisation .Sh SYNOPSIS |
| ︙ | ︙ | |||
115 116 117 118 119 120 121 122 123 124 125 126 127 128 | .Fa "STACK_OF(X509) *sk" .Fc .Ft void .Fo X509_STORE_CTX_set0_crls .Fa "X509_STORE_CTX *ctx" .Fa "STACK_OF(X509_CRL) *sk" .Fc .Ft X509_VERIFY_PARAM * .Fo X509_STORE_CTX_get0_param .Fa "X509_STORE_CTX *ctx" .Fc .Ft void .Fo X509_STORE_CTX_set0_param .Fa "X509_STORE_CTX *ctx" | > > > > > | 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | .Fa "STACK_OF(X509) *sk" .Fc .Ft void .Fo X509_STORE_CTX_set0_crls .Fa "X509_STORE_CTX *ctx" .Fa "STACK_OF(X509_CRL) *sk" .Fc .Ft void .Fo X509_STORE_CTX_set_flags .Fa "X509_STORE_CTX *ctx" .Fa "unsigned long flags" .Fc .Ft X509_VERIFY_PARAM * .Fo X509_STORE_CTX_get0_param .Fa "X509_STORE_CTX *ctx" .Fc .Ft void .Fo X509_STORE_CTX_set0_param .Fa "X509_STORE_CTX *ctx" |
| ︙ | ︙ | |||
227 228 229 230 231 232 233 234 235 236 237 238 239 240 | These CRLs will only be used if CRL verification is enabled in the associated .Vt X509_VERIFY_PARAM structure. This might be used where additional "useful" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure. .Pp .Fn X509_STORE_CTX_get0_param retrieves an internal pointer to the verification parameters associated with .Fa ctx . .Pp .Fn X509_STORE_CTX_set0_param sets the internal verification parameter pointer to | > > > > > > > | 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 | These CRLs will only be used if CRL verification is enabled in the associated .Vt X509_VERIFY_PARAM structure. This might be used where additional "useful" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure. .Pp .Fn X509_STORE_CTX_set_flags sets the internal verification parameter flags to .Fa flags . See .Xr X509_VERIFY_PARAM_set_flags 3 for a description of the verification flags. .Pp .Fn X509_STORE_CTX_get0_param retrieves an internal pointer to the verification parameters associated with .Fa ctx . .Pp .Fn X509_STORE_CTX_set0_param sets the internal verification parameter pointer to |
| ︙ | ︙ | |||
335 336 337 338 339 340 341 | .Fn X509_STORE_CTX_new and .Fn X509_STORE_CTX_free first appeared in OpenSSL 0.9.5 and have been available since .Ox 2.7 . .Pp .Fn X509_STORE_CTX_trusted_stack | > > | | 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 | .Fn X509_STORE_CTX_new and .Fn X509_STORE_CTX_free first appeared in OpenSSL 0.9.5 and have been available since .Ox 2.7 . .Pp .Fn X509_STORE_CTX_trusted_stack and .Fn X509_STORE_CTX_set_flags first appeared in OpenSSL 0.9.6 and have been available since .Ox 2.9 . .Pp .Fn X509_STORE_CTX_set0_crls , .Fn X509_STORE_CTX_get0_param , .Fn X509_STORE_CTX_set0_param , and .Fn X509_STORE_CTX_set_default |
| ︙ | ︙ |
Changes to jni/libressl/man/X509_STORE_CTX_set_verify_cb.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.5 2020/03/29 17:05:02 schwarze Exp $ .\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2009, 2016 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 29 2020 $ .Dt X509_STORE_CTX_SET_VERIFY_CB 3 .Os .Sh NAME .Nm X509_STORE_CTX_set_verify_cb .Nd set verification callback .Sh SYNOPSIS .In openssl/x509_vfy.h |
| ︙ | ︙ | |||
104 105 106 107 108 109 110 | The verification callback can be set and inherited from the parent structure performing the operation. In some cases (such as S/MIME verification) the .Vt X509_STORE_CTX structure is created and destroyed internally and the only way to set a custom verification callback is by inheriting it from the associated .Vt X509_STORE . | < < < | 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
The verification callback can be set and inherited from the parent
structure performing the operation.
In some cases (such as S/MIME verification) the
.Vt X509_STORE_CTX
structure is created and destroyed internally and the only way to set a
custom verification callback is by inheriting it from the associated
.Vt X509_STORE .
.Sh EXAMPLES
Default callback operation:
.Bd -literal
int
verify_callback(int ok, X509_STORE_CTX *ctx)
{
return ok;
|
| ︙ | ︙ |
Changes to jni/libressl/man/X509_STORE_set_verify_cb_func.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.9 2020/03/29 17:05:02 schwarze Exp $ .\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2009 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: March 29 2020 $ .Dt X509_STORE_SET_VERIFY_CB_FUNC 3 .Os .Sh NAME .Nm X509_STORE_set_verify_cb , .Nm X509_STORE_set_verify_cb_func .Nd set verification callback .Sh SYNOPSIS |
| ︙ | ︙ | |||
82 83 84 85 86 87 88 | .Vt X509_STORE is inherited by the corresponding .Vt X509_STORE_CTX structure when it is initialized. This can be used to set the verification callback when the .Vt X509_STORE_CTX is otherwise inaccessible (for example during S/MIME verification). | < < < < < | 82 83 84 85 86 87 88 89 90 91 92 93 94 95 | .Vt X509_STORE is inherited by the corresponding .Vt X509_STORE_CTX structure when it is initialized. This can be used to set the verification callback when the .Vt X509_STORE_CTX is otherwise inaccessible (for example during S/MIME verification). .Sh SEE ALSO .Xr X509_STORE_CTX_set_verify_cb 3 , .Xr X509_STORE_new 3 .Sh HISTORY .Fn X509_STORE_set_verify_cb_func first appeared in SSLeay 0.8.0 and has been available since .Ox 2.4 . |
| ︙ | ︙ |
Changes to jni/libressl/man/crypto.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: crypto.3,v 1.23 2019/11/02 15:28:04 schwarze Exp $ .\" OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100 .\" .\" This file was written by Ulf Moeller <ulf@openssl.org> and .\" Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without |
| ︙ | ︙ | |||
45 46 47 48 49 50 51 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt CRYPTO 3 .Os .Sh NAME .Nm crypto .Nd OpenSSL cryptographic library .Sh DESCRIPTION The OpenSSL crypto library implements a wide range of cryptographic |
| ︙ | ︙ | |||
101 102 103 104 105 106 107 108 109 110 111 112 113 114 | and .Xr SHA256 3 . .Pp .Sy Input, output, and data encoding facilities include .Xr ASN1_TYPE_get 3 , .Xr BIO_new 3 , .Xr evp 3 , .Xr EVP_EncodeInit 3 , .Xr PEM_read 3 , .Xr PKCS7_encrypt 3 , .Xr PKCS7_sign 3 , .Xr PKCS12_create 3 , and | > | 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | and .Xr SHA256 3 . .Pp .Sy Input, output, and data encoding facilities include .Xr ASN1_TYPE_get 3 , .Xr BIO_new 3 , .Xr CMS_ContentInfo_new 3 , .Xr evp 3 , .Xr EVP_EncodeInit 3 , .Xr PEM_read 3 , .Xr PKCS7_encrypt 3 , .Xr PKCS7_sign 3 , .Xr PKCS12_create 3 , and |
| ︙ | ︙ |
Changes to jni/libressl/man/d2i_CMS_ContentInfo.3.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | .\" $OpenBSD: d2i_CMS_ContentInfo.3,v 1.3 2019/11/02 15:39:46 schwarze Exp $ .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org> .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt D2I_CMS_CONTENTINFO 3 .Os .Sh NAME .Nm d2i_CMS_ContentInfo , .Nm i2d_CMS_ContentInfo , .Nm d2i_CMS_bio , .Nm i2d_CMS_bio , |
| ︙ | ︙ | |||
121 122 123 124 125 126 127 | RFC 5652: Cryptographic Message Syntax, section 3: General Syntax .Pp RFC 2634: Enhanced Security Services for S/MIME, section 2.7: Receipt Request Syntax .Sh HISTORY These functions first appeared in OpenSSL 0.9.8h and have been available since | | | 121 122 123 124 125 126 127 128 | RFC 5652: Cryptographic Message Syntax, section 3: General Syntax .Pp RFC 2634: Enhanced Security Services for S/MIME, section 2.7: Receipt Request Syntax .Sh HISTORY These functions first appeared in OpenSSL 0.9.8h and have been available since .Ox 6.7 . |
Changes to jni/libressl/man/i2d_CMS_bio_stream.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: i2d_CMS_bio_stream.3,v 1.4 2019/11/02 15:39:46 schwarze Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2008 The OpenSSL Project. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions |
| ︙ | ︙ | |||
44 45 46 47 48 49 50 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt I2D_CMS_BIO_STREAM 3 .Os .Sh NAME .Nm i2d_CMS_bio_stream .Nd output CMS_ContentInfo structure in BER format .Sh SYNOPSIS .In openssl/cms.h |
| ︙ | ︙ | |||
85 86 87 88 89 90 91 | .Xr ERR_get_error 3 , .Xr PEM_write_bio_CMS_stream 3 , .Xr SMIME_write_CMS 3 .Sh HISTORY .Fn i2d_CMS_bio_stream first appeared in OpenSSL 1.0.0 and has been available since | | | 85 86 87 88 89 90 91 92 93 94 95 | .Xr ERR_get_error 3 , .Xr PEM_write_bio_CMS_stream 3 , .Xr SMIME_write_CMS 3 .Sh HISTORY .Fn i2d_CMS_bio_stream first appeared in OpenSSL 1.0.0 and has been available since .Ox 6.7 . .Sh BUGS The prefix "i2d" is arguably wrong because the function outputs BER format. |
Changes to jni/libressl/man/lh_new.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: lh_new.3,v 1.7 2020/03/28 22:40:58 schwarze Exp $ .\" OpenSSL 1bc74519 May 20 08:11:46 2016 -0400 .\" .\" -------------------------------------------------------------------------- .\" Major patches to this file were contributed by .\" Ulf Moeller <ulf@openssl.org>, Geoff Thorpe <geoff@openssl.org>, .\" and Ben Laurie <ben@openssl.org>. .\" -------------------------------------------------------------------------- |
| ︙ | ︙ | |||
111 112 113 114 115 116 117 | .\" SUCH DAMAGE. .\" .\" The licence and distribution terms for any publically available version or .\" derivative of this code cannot be changed. i.e. this code cannot simply be .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" | | | 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | .\" SUCH DAMAGE. .\" .\" The licence and distribution terms for any publically available version or .\" derivative of this code cannot be changed. i.e. this code cannot simply be .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" .Dd $Mdocdate: March 28 2020 $ .Dt LH_NEW 3 .Os .Sh NAME .Nm lh_new , .Nm lh_free , .Nm lh_insert , .Nm lh_delete , |
| ︙ | ︙ | |||
398 399 400 401 402 403 404 | .Fn lh_<type>_retrieve returns the hash table entry if it has been found, or .Dv NULL otherwise. .Pp .Fn lh_<type>_error returns 1 if an error occurred in the last operation, or 0 otherwise. | < < < < < < | 398 399 400 401 402 403 404 405 406 407 408 409 410 411 | .Fn lh_<type>_retrieve returns the hash table entry if it has been found, or .Dv NULL otherwise. .Pp .Fn lh_<type>_error returns 1 if an error occurred in the last operation, or 0 otherwise. .Sh NOTES The various LHASH macros and callback types exist to make it possible to write type-checked code without resorting to function-prototype casting \(em an evil that makes application code much harder to audit/verify and also opens the window of opportunity for stack corruption and other hard-to-find bugs. It also, apparently, violates ANSI-C. |
| ︙ | ︙ |
Changes to jni/libressl/man/lh_stats.3.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: lh_stats.3,v 1.7 2020/03/29 17:05:02 schwarze Exp $ .\" OpenSSL e2f92610 May 18 11:44:05 2016 -0400 .\" .\" -------------------------------------------------------------------------- .\" Major patches to this file were contributed by .\" Ulf Moeller <ulf@openssl.org>. .\" -------------------------------------------------------------------------- .\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. |
| ︙ | ︙ | |||
109 110 111 112 113 114 115 | .\" SUCH DAMAGE. .\" .\" The licence and distribution terms for any publically available version or .\" derivative of this code cannot be changed. i.e. this code cannot simply be .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" | | | 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 | .\" SUCH DAMAGE. .\" .\" The licence and distribution terms for any publically available version or .\" derivative of this code cannot be changed. i.e. this code cannot simply be .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" .Dd $Mdocdate: March 29 2020 $ .Dt LH_STATS 3 .Os .Sh NAME .Nm lh_stats , .Nm lh_node_stats , .Nm lh_node_usage_stats , .Nm lh_stats_bio , |
| ︙ | ︙ | |||
183 184 185 186 187 188 189 | .Pp .Fn lh_stats_bio , .Fn lh_node_stats_bio , and .Fn lh_node_usage_stats_bio are the same as the above, except that the output goes to a .Vt BIO . | < < | 183 184 185 186 187 188 189 190 191 192 193 194 195 196 | .Pp .Fn lh_stats_bio , .Fn lh_node_stats_bio , and .Fn lh_node_usage_stats_bio are the same as the above, except that the output goes to a .Vt BIO . .Sh SEE ALSO .Xr BIO_new 3 , .Xr lh_new 3 .Sh HISTORY .Fn lh_stats , .Fn lh_node_stats , .Fn lh_node_usage_stats |
| ︙ | ︙ |
Changes to jni/libressl/man/openssl.cnf.5.
|
| | | 1 2 3 4 5 6 7 8 | .\" $OpenBSD: openssl.cnf.5,v 1.7 2020/02/17 12:52:42 inoguchi Exp $ .\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100 .\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 1999, 2000, 2004, 2013, 2015, 2016, 2017 The OpenSSL Project. .\" All rights reserved. .\" |
| ︙ | ︙ | |||
46 47 48 49 50 51 52 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" | | | 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd $Mdocdate: February 17 2020 $ .Dt OPENSSL.CNF 5 .Os .Sh NAME .Nm openssl.cnf .Nd OpenSSL configuration files .Sh DESCRIPTION The OpenSSL CONF library can be used to read configuration files; see |
| ︙ | ︙ | |||
130 131 132 133 134 135 136 137 138 139 140 141 142 143 | It is also possible to assign values to environment variables by using the name .Ic ENV Ns :: Ns Ar name . This will work if the program looks up environment variables using the CONF library instead of calling .Xr getenv 3 directly. .Pp It is possible to escape certain characters by using any kind of quote or the .Ql \e character. By making the last character of a line a .Ql \e , | > > | 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 | It is also possible to assign values to environment variables by using the name .Ic ENV Ns :: Ns Ar name . This will work if the program looks up environment variables using the CONF library instead of calling .Xr getenv 3 directly. The value string must not exceed 64k in length after variable expansion or an error will occur. .Pp It is possible to escape certain characters by using any kind of quote or the .Ql \e character. By making the last character of a line a .Ql \e , |
| ︙ | ︙ |
Changes to jni/libressl/man/tls_config_set_protocols.3.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | .\" $OpenBSD: tls_config_set_protocols.3,v 1.8 2020/01/22 06:46:34 beck Exp $ .\" .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> .\" Copyright (c) 2015, 2016 Joel Sing <jsing@openbsd.org> .\" Copyright (c) 2015 Bob Beck <beck@openbsd.org> .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: January 22 2020 $ .Dt TLS_CONFIG_SET_PROTOCOLS 3 .Os .Sh NAME .Nm tls_config_set_protocols , .Nm tls_config_parse_protocols , .Nm tls_config_set_alpn , .Nm tls_config_set_ciphers , |
| ︙ | ︙ | |||
74 75 76 77 78 79 80 81 82 83 84 | specifies which versions of the TLS protocol may be used. Possible values are the bitwise OR of: .Pp .Bl -tag -width "TLS_PROTOCOL_TLSv1_2" -offset indent -compact .It Dv TLS_PROTOCOL_TLSv1_0 .It Dv TLS_PROTOCOL_TLSv1_1 .It Dv TLS_PROTOCOL_TLSv1_2 .El .Pp Additionally, the values .Dv TLS_PROTOCOL_TLSv1 | > | | | | | | 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 | specifies which versions of the TLS protocol may be used. Possible values are the bitwise OR of: .Pp .Bl -tag -width "TLS_PROTOCOL_TLSv1_2" -offset indent -compact .It Dv TLS_PROTOCOL_TLSv1_0 .It Dv TLS_PROTOCOL_TLSv1_1 .It Dv TLS_PROTOCOL_TLSv1_2 .It Dv TLS_PROTOCOL_TLSv1_3 .El .Pp Additionally, the values .Dv TLS_PROTOCOL_TLSv1 (TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3), .Dv TLS_PROTOCOLS_ALL (all supported protocols) and .Dv TLS_PROTOCOLS_DEFAULT (TLSv1.2 and TLSv1.3) may be used. .Pp The .Fn tls_config_parse_protocols utility function parses a protocol string and returns the corresponding value via the .Ar protocols argument. This value can then be passed to the .Fn tls_config_set_protocols function. The protocol string is a comma or colon separated list of keywords. Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all supported protocols), default (an alias for secure), legacy (an alias for all) and secure (currently TLSv1.2 and TLSv1.3). If a value has a negative prefix (in the form of a leading exclamation mark) then it is removed from the list of available protocols, rather than being added to it. .Pp .Fn tls_config_set_alpn sets the ALPN protocols that are supported. The alpn string is a comma separated list of protocols, in order of preference. |
| ︙ | ︙ |
Changes to jni/libressl/man/tls_conn_version.3.
|
| | | > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | .\" $OpenBSD: tls_conn_version.3,v 1.10 2019/11/02 13:43:14 jsing Exp $ .\" .\" Copyright (c) 2015 Bob Beck <beck@openbsd.org> .\" Copyright (c) 2016, 2018 Joel Sing <jsing@openbsd.org> .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: November 2 2019 $ .Dt TLS_CONN_VERSION 3 .Os .Sh NAME .Nm tls_conn_version , .Nm tls_conn_cipher , .Nm tls_conn_cipher_strength , .Nm tls_conn_alpn_selected , .Nm tls_conn_servername , .Nm tls_conn_session_resumed , .Nm tls_peer_cert_provided , .Nm tls_peer_cert_contains_name , .Nm tls_peer_cert_chain_pem , .Nm tls_peer_cert_issuer , .Nm tls_peer_cert_subject , .Nm tls_peer_cert_hash , .Nm tls_peer_cert_notbefore , .Nm tls_peer_cert_notafter .Nd inspect an established TLS connection .Sh SYNOPSIS .In tls.h .Ft const char * .Fn tls_conn_version "struct tls *ctx" .Ft const char * .Fn tls_conn_cipher "struct tls *ctx" .Ft int .Fn tls_conn_cipher_strength "struct tls *ctx" .Ft const char * .Fn tls_conn_alpn_selected "struct tls *ctx" .Ft const char * .Fn tls_conn_servername "struct tls *ctx" .Ft int .Fn tls_conn_session_resumed "struct tls *ctx" .Ft int |
| ︙ | ︙ | |||
77 78 79 80 81 82 83 84 85 86 87 88 89 90 | connected to .Ar ctx . .Pp .Fn tls_conn_cipher returns a string corresponding to the cipher suite negotiated with the peer connected to .Ar ctx . .Pp .Fn tls_conn_alpn_selected returns a string that specifies the ALPN protocol selected for use with the peer connected to .Ar ctx . If no protocol was selected then NULL is returned. .Pp | > > > > > | 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 | connected to .Ar ctx . .Pp .Fn tls_conn_cipher returns a string corresponding to the cipher suite negotiated with the peer connected to .Ar ctx . .Pp .Fn tls_conn_cipher_strength returns the strength in bits for the symmetric cipher that is being used with the peer connected to .Ar ctx . .Pp .Fn tls_conn_alpn_selected returns a string that specifies the ALPN protocol selected for use with the peer connected to .Ar ctx . If no protocol was selected then NULL is returned. .Pp |
| ︙ | ︙ | |||
193 194 195 196 197 198 199 200 201 202 | .Fn tls_conn_alpn_selected appeared in .Ox 6.1 . .Pp .Fn tls_conn_session_resumed appeared in .Ox 6.3 . .Sh AUTHORS .An Bob Beck Aq Mt beck@openbsd.org .An Joel Sing Aq Mt jsing@openbsd.org | > > > > | 201 202 203 204 205 206 207 208 209 210 211 212 213 214 | .Fn tls_conn_alpn_selected appeared in .Ox 6.1 . .Pp .Fn tls_conn_session_resumed appeared in .Ox 6.3 . .Pp .Fn tls_conn_cipher_strength appeared in .Ox 6.7 . .Sh AUTHORS .An Bob Beck Aq Mt beck@openbsd.org .An Joel Sing Aq Mt jsing@openbsd.org |
Changes to jni/libressl/missing.
1 2 3 4 5 | #! /bin/sh # Common wrapper for a few potentially missing GNU programs. scriptversion=2018-03-07.03; # UTC | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 | #! /bin/sh # Common wrapper for a few potentially missing GNU programs. scriptversion=2018-03-07.03; # UTC # Copyright (C) 1996-2020 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. |
| ︙ | ︙ |
Changes to jni/libressl/scripts/travis.
| ︙ | ︙ | |||
93 94 95 96 97 98 99 100 | ./configure --host=aarch64-linux fi make -j 4 check file apps/openssl/.libs/openssl elif [ "x$ARCH" = "xandroid" ]; then echo y | sdkmanager 'ndk-bundle' | > < | | < | 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 | ./configure --host=aarch64-linux fi make -j 4 check file apps/openssl/.libs/openssl elif [ "x$ARCH" = "xandroid" ]; then touch $HOME/.android/repositories.cfg echo y | sdkmanager 'ndk-bundle' echo y | sdkmanager 'ndk;20.1.5948944' echo y | sdkmanager 'cmake;3.6.4111459' export CMAKE=$ANDROID_HOME/cmake/3.6.4111459/bin/cmake export NINJA=$ANDROID_HOME/cmake/3.6.4111459/bin/ninja export ANDROID_NDK_HOME=$ANDROID_HOME/ndk-bundle export TC_FILE=$ANDROID_NDK_HOME/build/cmake/android.toolchain.cmake # get available API level and architecture |
| ︙ | ︙ |
Changes to jni/libressl/ssl/CMakeLists.txt.
1 2 3 4 5 6 7 8 | set( SSL_SRC bio_ssl.c bs_ber.c bs_cbb.c bs_cbs.c d1_both.c d1_clnt.c | < > > > > > < | | | | | | | | | | < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
set(
SSL_SRC
bio_ssl.c
bs_ber.c
bs_cbb.c
bs_cbs.c
d1_both.c
d1_clnt.c
d1_lib.c
d1_pkt.c
d1_srtp.c
d1_srvr.c
pqueue.c
s3_cbc.c
s3_lib.c
ssl_algs.c
ssl_asn1.c
ssl_both.c
ssl_cert.c
ssl_ciph.c
ssl_ciphers.c
ssl_clnt.c
ssl_err.c
ssl_init.c
ssl_kex.c
ssl_lib.c
ssl_methods.c
ssl_packet.c
ssl_pkt.c
ssl_rsa.c
ssl_sess.c
ssl_sigalgs.c
ssl_srvr.c
ssl_stat.c
ssl_tlsext.c
ssl_transcript.c
ssl_txt.c
ssl_versions.c
t1_enc.c
t1_lib.c
tls13_buffer.c
tls13_client.c
tls13_error.c
tls13_handshake.c
tls13_handshake_msg.c
tls13_key_schedule.c
tls13_key_share.c
tls13_legacy.c
tls13_lib.c
tls13_record.c
tls13_record_layer.c
tls13_server.c
)
add_library(ssl ${SSL_SRC})
target_include_directories(ssl
PRIVATE
.
../include/compat
PUBLIC
../include)
export_symbol(ssl ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym)
target_link_libraries(ssl crypto ${PLATFORM_LIBS})
if (WIN32)
set(SSL_POSTFIX -${SSL_MAJOR_VERSION})
endif()
set_target_properties(ssl PROPERTIES
OUTPUT_NAME ssl${SSL_POSTFIX}
ARCHIVE_OUTPUT_NAME ssl${SSL_POSTFIX})
set_target_properties(ssl PROPERTIES VERSION ${SSL_VERSION}
SOVERSION ${SSL_MAJOR_VERSION})
if(ENABLE_LIBRESSL_INSTALL)
install(
TARGETS ssl
ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
)
endif(ENABLE_LIBRESSL_INSTALL)
|
Changes to jni/libressl/ssl/Makefile.am.
1 2 3 4 5 6 7 8 9 | include $(top_srcdir)/Makefile.am.common lib_LTLIBRARIES = libssl.la EXTRA_DIST = VERSION EXTRA_DIST += CMakeLists.txt EXTRA_DIST += ssl.sym libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym | | < > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 | include $(top_srcdir)/Makefile.am.common lib_LTLIBRARIES = libssl.la EXTRA_DIST = VERSION EXTRA_DIST += CMakeLists.txt EXTRA_DIST += ssl.sym libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD) libssl_la_SOURCES = bio_ssl.c libssl_la_SOURCES += bs_ber.c libssl_la_SOURCES += bs_cbb.c libssl_la_SOURCES += bs_cbs.c libssl_la_SOURCES += d1_both.c libssl_la_SOURCES += d1_clnt.c libssl_la_SOURCES += d1_lib.c libssl_la_SOURCES += d1_pkt.c libssl_la_SOURCES += d1_srtp.c libssl_la_SOURCES += d1_srvr.c libssl_la_SOURCES += pqueue.c libssl_la_SOURCES += s3_cbc.c libssl_la_SOURCES += s3_lib.c libssl_la_SOURCES += ssl_algs.c libssl_la_SOURCES += ssl_asn1.c libssl_la_SOURCES += ssl_both.c libssl_la_SOURCES += ssl_cert.c libssl_la_SOURCES += ssl_ciph.c libssl_la_SOURCES += ssl_ciphers.c libssl_la_SOURCES += ssl_clnt.c libssl_la_SOURCES += ssl_err.c libssl_la_SOURCES += ssl_init.c libssl_la_SOURCES += ssl_kex.c libssl_la_SOURCES += ssl_lib.c libssl_la_SOURCES += ssl_methods.c libssl_la_SOURCES += ssl_packet.c libssl_la_SOURCES += ssl_pkt.c libssl_la_SOURCES += ssl_rsa.c libssl_la_SOURCES += ssl_sess.c libssl_la_SOURCES += ssl_sigalgs.c libssl_la_SOURCES += ssl_srvr.c libssl_la_SOURCES += ssl_stat.c libssl_la_SOURCES += ssl_tlsext.c libssl_la_SOURCES += ssl_transcript.c libssl_la_SOURCES += ssl_txt.c libssl_la_SOURCES += ssl_versions.c libssl_la_SOURCES += t1_enc.c libssl_la_SOURCES += t1_lib.c libssl_la_SOURCES += tls13_buffer.c libssl_la_SOURCES += tls13_client.c libssl_la_SOURCES += tls13_error.c libssl_la_SOURCES += tls13_handshake.c libssl_la_SOURCES += tls13_handshake_msg.c libssl_la_SOURCES += tls13_key_schedule.c libssl_la_SOURCES += tls13_key_share.c libssl_la_SOURCES += tls13_legacy.c libssl_la_SOURCES += tls13_lib.c libssl_la_SOURCES += tls13_record.c libssl_la_SOURCES += tls13_record_layer.c libssl_la_SOURCES += tls13_server.c noinst_HEADERS = bytestring.h noinst_HEADERS += srtp.h noinst_HEADERS += ssl_locl.h noinst_HEADERS += ssl_sigalgs.h noinst_HEADERS += ssl_tlsext.h noinst_HEADERS += tls13_internal.h noinst_HEADERS += tls13_handshake.h noinst_HEADERS += tls13_record.h |
Changes to jni/libressl/ssl/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ | |||
130 131 132 133 134 135 136 |
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
| > | > | | | | | > | | | > | 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 |
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
libssl_la_DEPENDENCIES = $(abs_top_builddir)/crypto/libcrypto.la \
$(am__DEPENDENCIES_1)
am_libssl_la_OBJECTS = bio_ssl.lo bs_ber.lo bs_cbb.lo bs_cbs.lo \
d1_both.lo d1_clnt.lo d1_lib.lo d1_pkt.lo d1_srtp.lo \
d1_srvr.lo pqueue.lo s3_cbc.lo s3_lib.lo ssl_algs.lo \
ssl_asn1.lo ssl_both.lo ssl_cert.lo ssl_ciph.lo ssl_ciphers.lo \
ssl_clnt.lo ssl_err.lo ssl_init.lo ssl_kex.lo ssl_lib.lo \
ssl_methods.lo ssl_packet.lo ssl_pkt.lo ssl_rsa.lo ssl_sess.lo \
ssl_sigalgs.lo ssl_srvr.lo ssl_stat.lo ssl_tlsext.lo \
ssl_transcript.lo ssl_txt.lo ssl_versions.lo t1_enc.lo \
t1_lib.lo tls13_buffer.lo tls13_client.lo tls13_error.lo \
tls13_handshake.lo tls13_handshake_msg.lo \
tls13_key_schedule.lo tls13_key_share.lo tls13_legacy.lo \
tls13_lib.lo tls13_record.lo tls13_record_layer.lo \
tls13_server.lo
libssl_la_OBJECTS = $(am_libssl_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
libssl_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
|
| ︙ | ︙ | |||
168 169 170 171 172 173 174 | am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__maybe_remake_depfiles = depfiles am__depfiles_remade = ./$(DEPDIR)/bio_ssl.Plo ./$(DEPDIR)/bs_ber.Plo \ ./$(DEPDIR)/bs_cbb.Plo ./$(DEPDIR)/bs_cbs.Plo \ ./$(DEPDIR)/d1_both.Plo ./$(DEPDIR)/d1_clnt.Plo \ | | | | | | | | | | | | > > | | | 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 | am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__maybe_remake_depfiles = depfiles am__depfiles_remade = ./$(DEPDIR)/bio_ssl.Plo ./$(DEPDIR)/bs_ber.Plo \ ./$(DEPDIR)/bs_cbb.Plo ./$(DEPDIR)/bs_cbs.Plo \ ./$(DEPDIR)/d1_both.Plo ./$(DEPDIR)/d1_clnt.Plo \ ./$(DEPDIR)/d1_lib.Plo ./$(DEPDIR)/d1_pkt.Plo \ ./$(DEPDIR)/d1_srtp.Plo ./$(DEPDIR)/d1_srvr.Plo \ ./$(DEPDIR)/pqueue.Plo ./$(DEPDIR)/s3_cbc.Plo \ ./$(DEPDIR)/s3_lib.Plo ./$(DEPDIR)/ssl_algs.Plo \ ./$(DEPDIR)/ssl_asn1.Plo ./$(DEPDIR)/ssl_both.Plo \ ./$(DEPDIR)/ssl_cert.Plo ./$(DEPDIR)/ssl_ciph.Plo \ ./$(DEPDIR)/ssl_ciphers.Plo ./$(DEPDIR)/ssl_clnt.Plo \ ./$(DEPDIR)/ssl_err.Plo ./$(DEPDIR)/ssl_init.Plo \ ./$(DEPDIR)/ssl_kex.Plo ./$(DEPDIR)/ssl_lib.Plo \ ./$(DEPDIR)/ssl_methods.Plo ./$(DEPDIR)/ssl_packet.Plo \ ./$(DEPDIR)/ssl_pkt.Plo ./$(DEPDIR)/ssl_rsa.Plo \ ./$(DEPDIR)/ssl_sess.Plo ./$(DEPDIR)/ssl_sigalgs.Plo \ ./$(DEPDIR)/ssl_srvr.Plo ./$(DEPDIR)/ssl_stat.Plo \ ./$(DEPDIR)/ssl_tlsext.Plo ./$(DEPDIR)/ssl_transcript.Plo \ ./$(DEPDIR)/ssl_txt.Plo ./$(DEPDIR)/ssl_versions.Plo \ ./$(DEPDIR)/t1_enc.Plo ./$(DEPDIR)/t1_lib.Plo \ ./$(DEPDIR)/tls13_buffer.Plo ./$(DEPDIR)/tls13_client.Plo \ ./$(DEPDIR)/tls13_error.Plo ./$(DEPDIR)/tls13_handshake.Plo \ ./$(DEPDIR)/tls13_handshake_msg.Plo \ ./$(DEPDIR)/tls13_key_schedule.Plo \ ./$(DEPDIR)/tls13_key_share.Plo ./$(DEPDIR)/tls13_legacy.Plo \ ./$(DEPDIR)/tls13_lib.Plo ./$(DEPDIR)/tls13_record.Plo \ ./$(DEPDIR)/tls13_record_layer.Plo \ ./$(DEPDIR)/tls13_server.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ $(AM_CFLAGS) $(CFLAGS) |
| ︙ | ︙ | |||
369 370 371 372 373 374 375 | AM_CFLAGS = AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ -D__END_HIDDEN_DECLS= lib_LTLIBRARIES = libssl.la EXTRA_DIST = VERSION CMakeLists.txt ssl.sym libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym | | | | | | | | > | 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 | AM_CFLAGS = AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat \ -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= \ -D__END_HIDDEN_DECLS= lib_LTLIBRARIES = libssl.la EXTRA_DIST = VERSION CMakeLists.txt ssl.sym libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD) libssl_la_SOURCES = bio_ssl.c bs_ber.c bs_cbb.c bs_cbs.c d1_both.c \ d1_clnt.c d1_lib.c d1_pkt.c d1_srtp.c d1_srvr.c pqueue.c \ s3_cbc.c s3_lib.c ssl_algs.c ssl_asn1.c ssl_both.c ssl_cert.c \ ssl_ciph.c ssl_ciphers.c ssl_clnt.c ssl_err.c ssl_init.c \ ssl_kex.c ssl_lib.c ssl_methods.c ssl_packet.c ssl_pkt.c \ ssl_rsa.c ssl_sess.c ssl_sigalgs.c ssl_srvr.c ssl_stat.c \ ssl_tlsext.c ssl_transcript.c ssl_txt.c ssl_versions.c \ t1_enc.c t1_lib.c tls13_buffer.c tls13_client.c tls13_error.c \ tls13_handshake.c tls13_handshake_msg.c tls13_key_schedule.c \ tls13_key_share.c tls13_legacy.c tls13_lib.c tls13_record.c \ tls13_record_layer.c tls13_server.c noinst_HEADERS = bytestring.h srtp.h ssl_locl.h ssl_sigalgs.h \ ssl_tlsext.h tls13_internal.h tls13_handshake.h tls13_record.h all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(am__configure_deps) |
| ︙ | ︙ | |||
467 468 469 470 471 472 473 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bio_ssl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bs_ber.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bs_cbb.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bs_cbs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_both.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_clnt.Plo@am__quote@ # am--include-marker | < > > > > > | 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bio_ssl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bs_ber.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bs_cbb.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bs_cbs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_both.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_clnt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_pkt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_srtp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/d1_srvr.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pqueue.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_cbc.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/s3_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_algs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_asn1.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_both.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_cert.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_ciph.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_ciphers.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_clnt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_init.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_kex.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_methods.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_packet.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_pkt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_rsa.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_sess.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_sigalgs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_srvr.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_stat.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_tlsext.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_transcript.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_txt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_versions.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_enc.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t1_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_buffer.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_client.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_error.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_handshake.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_handshake_msg.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_key_schedule.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_key_share.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_legacy.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_record.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_record_layer.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_server.Plo@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @echo '# dummy' >$@-t && $(am__mv) $@-t $@ am--depfiles: $(am__depfiles_remade) |
| ︙ | ︙ | |||
678 679 680 681 682 683 684 | distclean: distclean-am -rm -f ./$(DEPDIR)/bio_ssl.Plo -rm -f ./$(DEPDIR)/bs_ber.Plo -rm -f ./$(DEPDIR)/bs_cbb.Plo -rm -f ./$(DEPDIR)/bs_cbs.Plo -rm -f ./$(DEPDIR)/d1_both.Plo -rm -f ./$(DEPDIR)/d1_clnt.Plo | < | 689 690 691 692 693 694 695 696 697 698 699 700 701 702 | distclean: distclean-am -rm -f ./$(DEPDIR)/bio_ssl.Plo -rm -f ./$(DEPDIR)/bs_ber.Plo -rm -f ./$(DEPDIR)/bs_cbb.Plo -rm -f ./$(DEPDIR)/bs_cbs.Plo -rm -f ./$(DEPDIR)/d1_both.Plo -rm -f ./$(DEPDIR)/d1_clnt.Plo -rm -f ./$(DEPDIR)/d1_lib.Plo -rm -f ./$(DEPDIR)/d1_pkt.Plo -rm -f ./$(DEPDIR)/d1_srtp.Plo -rm -f ./$(DEPDIR)/d1_srvr.Plo -rm -f ./$(DEPDIR)/pqueue.Plo -rm -f ./$(DEPDIR)/s3_cbc.Plo -rm -f ./$(DEPDIR)/s3_lib.Plo |
| ︙ | ︙ | |||
712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 | -rm -f ./$(DEPDIR)/ssl_transcript.Plo -rm -f ./$(DEPDIR)/ssl_txt.Plo -rm -f ./$(DEPDIR)/ssl_versions.Plo -rm -f ./$(DEPDIR)/t1_enc.Plo -rm -f ./$(DEPDIR)/t1_lib.Plo -rm -f ./$(DEPDIR)/tls13_buffer.Plo -rm -f ./$(DEPDIR)/tls13_client.Plo -rm -f ./$(DEPDIR)/tls13_handshake.Plo -rm -f ./$(DEPDIR)/tls13_handshake_msg.Plo -rm -f ./$(DEPDIR)/tls13_key_schedule.Plo -rm -f ./$(DEPDIR)/tls13_lib.Plo -rm -f ./$(DEPDIR)/tls13_record.Plo -rm -f ./$(DEPDIR)/tls13_record_layer.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: | > > > > | 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 | -rm -f ./$(DEPDIR)/ssl_transcript.Plo -rm -f ./$(DEPDIR)/ssl_txt.Plo -rm -f ./$(DEPDIR)/ssl_versions.Plo -rm -f ./$(DEPDIR)/t1_enc.Plo -rm -f ./$(DEPDIR)/t1_lib.Plo -rm -f ./$(DEPDIR)/tls13_buffer.Plo -rm -f ./$(DEPDIR)/tls13_client.Plo -rm -f ./$(DEPDIR)/tls13_error.Plo -rm -f ./$(DEPDIR)/tls13_handshake.Plo -rm -f ./$(DEPDIR)/tls13_handshake_msg.Plo -rm -f ./$(DEPDIR)/tls13_key_schedule.Plo -rm -f ./$(DEPDIR)/tls13_key_share.Plo -rm -f ./$(DEPDIR)/tls13_legacy.Plo -rm -f ./$(DEPDIR)/tls13_lib.Plo -rm -f ./$(DEPDIR)/tls13_record.Plo -rm -f ./$(DEPDIR)/tls13_record_layer.Plo -rm -f ./$(DEPDIR)/tls13_server.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: |
| ︙ | ︙ | |||
769 770 771 772 773 774 775 | maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/bio_ssl.Plo -rm -f ./$(DEPDIR)/bs_ber.Plo -rm -f ./$(DEPDIR)/bs_cbb.Plo -rm -f ./$(DEPDIR)/bs_cbs.Plo -rm -f ./$(DEPDIR)/d1_both.Plo -rm -f ./$(DEPDIR)/d1_clnt.Plo | < > > > > > | 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 | maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/bio_ssl.Plo -rm -f ./$(DEPDIR)/bs_ber.Plo -rm -f ./$(DEPDIR)/bs_cbb.Plo -rm -f ./$(DEPDIR)/bs_cbs.Plo -rm -f ./$(DEPDIR)/d1_both.Plo -rm -f ./$(DEPDIR)/d1_clnt.Plo -rm -f ./$(DEPDIR)/d1_lib.Plo -rm -f ./$(DEPDIR)/d1_pkt.Plo -rm -f ./$(DEPDIR)/d1_srtp.Plo -rm -f ./$(DEPDIR)/d1_srvr.Plo -rm -f ./$(DEPDIR)/pqueue.Plo -rm -f ./$(DEPDIR)/s3_cbc.Plo -rm -f ./$(DEPDIR)/s3_lib.Plo -rm -f ./$(DEPDIR)/ssl_algs.Plo -rm -f ./$(DEPDIR)/ssl_asn1.Plo -rm -f ./$(DEPDIR)/ssl_both.Plo -rm -f ./$(DEPDIR)/ssl_cert.Plo -rm -f ./$(DEPDIR)/ssl_ciph.Plo -rm -f ./$(DEPDIR)/ssl_ciphers.Plo -rm -f ./$(DEPDIR)/ssl_clnt.Plo -rm -f ./$(DEPDIR)/ssl_err.Plo -rm -f ./$(DEPDIR)/ssl_init.Plo -rm -f ./$(DEPDIR)/ssl_kex.Plo -rm -f ./$(DEPDIR)/ssl_lib.Plo -rm -f ./$(DEPDIR)/ssl_methods.Plo -rm -f ./$(DEPDIR)/ssl_packet.Plo -rm -f ./$(DEPDIR)/ssl_pkt.Plo -rm -f ./$(DEPDIR)/ssl_rsa.Plo -rm -f ./$(DEPDIR)/ssl_sess.Plo -rm -f ./$(DEPDIR)/ssl_sigalgs.Plo -rm -f ./$(DEPDIR)/ssl_srvr.Plo -rm -f ./$(DEPDIR)/ssl_stat.Plo -rm -f ./$(DEPDIR)/ssl_tlsext.Plo -rm -f ./$(DEPDIR)/ssl_transcript.Plo -rm -f ./$(DEPDIR)/ssl_txt.Plo -rm -f ./$(DEPDIR)/ssl_versions.Plo -rm -f ./$(DEPDIR)/t1_enc.Plo -rm -f ./$(DEPDIR)/t1_lib.Plo -rm -f ./$(DEPDIR)/tls13_buffer.Plo -rm -f ./$(DEPDIR)/tls13_client.Plo -rm -f ./$(DEPDIR)/tls13_error.Plo -rm -f ./$(DEPDIR)/tls13_handshake.Plo -rm -f ./$(DEPDIR)/tls13_handshake_msg.Plo -rm -f ./$(DEPDIR)/tls13_key_schedule.Plo -rm -f ./$(DEPDIR)/tls13_key_share.Plo -rm -f ./$(DEPDIR)/tls13_legacy.Plo -rm -f ./$(DEPDIR)/tls13_lib.Plo -rm -f ./$(DEPDIR)/tls13_record.Plo -rm -f ./$(DEPDIR)/tls13_record_layer.Plo -rm -f ./$(DEPDIR)/tls13_server.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool |
| ︙ | ︙ |
Changes to jni/libressl/ssl/VERSION.
|
| | | 1 | 48:1:0 |
Changes to jni/libressl/ssl/bs_cbb.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: bs_cbb.c,v 1.22 2020/03/13 15:54:34 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
24 25 26 27 28 29 30 |
#define CBB_INITIAL_SIZE 64
static int
cbb_init(CBB *cbb, uint8_t *buf, size_t cap)
{
struct cbb_buffer_st *base;
| | < | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
#define CBB_INITIAL_SIZE 64
static int
cbb_init(CBB *cbb, uint8_t *buf, size_t cap)
{
struct cbb_buffer_st *base;
if ((base = calloc(1, sizeof(struct cbb_buffer_st))) == NULL)
return 0;
base->buf = buf;
base->len = 0;
base->cap = cap;
base->can_resize = 1;
|
| ︙ | ︙ | |||
49 50 51 52 53 54 55 | uint8_t *buf = NULL; memset(cbb, 0, sizeof(*cbb)); if (initial_capacity == 0) initial_capacity = CBB_INITIAL_SIZE; | | | 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
uint8_t *buf = NULL;
memset(cbb, 0, sizeof(*cbb));
if (initial_capacity == 0)
initial_capacity = CBB_INITIAL_SIZE;
if ((buf = calloc(1, initial_capacity)) == NULL)
return 0;
if (!cbb_init(cbb, buf, initial_capacity)) {
free(buf);
return 0;
}
|
| ︙ | ︙ | |||
371 372 373 374 375 376 377 378 379 380 381 382 383 384 |
int
CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len)
{
if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len))
return 0;
return 1;
}
int
CBB_add_u8(CBB *cbb, size_t value)
{
if (value > UINT8_MAX)
| > | 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 |
int
CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len)
{
if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len))
return 0;
memset(*out_data, 0, len);
return 1;
}
int
CBB_add_u8(CBB *cbb, size_t value)
{
if (value > UINT8_MAX)
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/d1_clnt.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: d1_clnt.c,v 1.83 2020/01/23 10:48:37 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * |
| ︙ | ︙ | |||
132 133 134 135 136 137 138 |
{
long n;
int al, ok = 0;
size_t cookie_len;
uint16_t ssl_version;
CBS hello_verify_request, cookie;
| | < | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 |
{
long n;
int al, ok = 0;
size_t cookie_len;
uint16_t ssl_version;
CBS hello_verify_request, cookie;
n = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok);
if (!ok)
return ((int)n);
if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
D1I(s)->send_cookie = 0;
S3I(s)->tmp.reuse_message = 1;
return (1);
|
| ︙ | ︙ |
Deleted jni/libressl/ssl/d1_enc.c.
|
| < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < |
Changes to jni/libressl/ssl/d1_lib.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: d1_lib.c,v 1.45 2020/03/12 17:01:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * |
| ︙ | ︙ | |||
69 70 71 72 73 74 75 |
#include "pqueue.h"
#include "ssl_locl.h"
static int dtls1_listen(SSL *s, struct sockaddr *client);
SSL3_ENC_METHOD DTLSv1_enc_data = {
| < | 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
#include "pqueue.h"
#include "ssl_locl.h"
static int dtls1_listen(SSL *s, struct sockaddr *client);
SSL3_ENC_METHOD DTLSv1_enc_data = {
.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
};
long
dtls1_default_timeout(void)
{
/* 2 hours, the 24 hours mentioned in the DTLSv1 spec
|
| ︙ | ︙ | |||
133 134 135 136 137 138 139 |
}
static void
dtls1_clear_queues(SSL *s)
{
pitem *item = NULL;
hm_fragment *frag = NULL;
| | | | | | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 |
}
static void
dtls1_clear_queues(SSL *s)
{
pitem *item = NULL;
hm_fragment *frag = NULL;
DTLS1_RECORD_DATA_INTERNAL *rdata;
while ((item = pqueue_pop(D1I(s)->unprocessed_rcds.q)) != NULL) {
rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data;
free(rdata->rbuf.buf);
free(item->data);
pitem_free(item);
}
while ((item = pqueue_pop(D1I(s)->processed_rcds.q)) != NULL) {
rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data;
free(rdata->rbuf.buf);
free(item->data);
pitem_free(item);
}
while ((item = pqueue_pop(D1I(s)->buffered_messages)) != NULL) {
frag = (hm_fragment *)item->data;
free(frag->fragment);
free(frag);
pitem_free(item);
}
while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
frag = (hm_fragment *)item->data;
free(frag->fragment);
free(frag);
pitem_free(item);
}
while ((item = pqueue_pop(D1I(s)->buffered_app_data.q)) != NULL) {
rdata = (DTLS1_RECORD_DATA_INTERNAL *) item->data;
free(rdata->rbuf.buf);
free(item->data);
pitem_free(item);
}
}
void
|
| ︙ | ︙ | |||
451 452 453 454 455 456 457 |
return 1;
}
void
dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
unsigned short epoch)
{
| < | > | | > | > > > | > | > > > | 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 |
return 1;
}
void
dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq,
unsigned short epoch)
{
CBB cbb;
if (!CBB_init_fixed(&cbb, dst, SSL3_SEQUENCE_SIZE))
goto err;
if (!CBB_add_u16(&cbb, epoch))
goto err;
if (!CBB_add_bytes(&cbb, &seq[2], SSL3_SEQUENCE_SIZE - 2))
goto err;
if (!CBB_finish(&cbb, NULL, NULL))
goto err;
return;
err:
CBB_cleanup(&cbb);
}
|
Changes to jni/libressl/ssl/d1_pkt.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: d1_pkt.c,v 1.73 2020/03/13 16:40:42 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * |
| ︙ | ︙ | |||
182 183 184 185 186 187 188 |
return brw + (ret & 0xFF);
}
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
int len, int peek);
static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
| | | | | | | | | | < | | | 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 |
return brw + (ret & 0xFF);
}
static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
int len, int peek);
static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr,
unsigned int *is_next_epoch);
static int dtls1_buffer_record(SSL *s, record_pqueue *q,
unsigned char *priority);
static int dtls1_process_record(SSL *s);
/* copy buffered record into SSL structure */
static int
dtls1_copy_record(SSL *s, pitem *item)
{
DTLS1_RECORD_DATA_INTERNAL *rdata;
rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data;
free(S3I(s)->rbuf.buf);
s->internal->packet = rdata->packet;
s->internal->packet_length = rdata->packet_length;
memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
/* Set proper sequence number for mac calculation */
memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6);
return (1);
}
static int
dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
{
DTLS1_RECORD_DATA_INTERNAL *rdata;
pitem *item;
/* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100)
return 0;
rdata = malloc(sizeof(DTLS1_RECORD_DATA_INTERNAL));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
goto init_err;
rdata->packet = s->internal->packet;
rdata->packet_length = s->internal->packet_length;
memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD_INTERNAL));
item->data = rdata;
s->internal->packet = NULL;
s->internal->packet_length = 0;
memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
if (!ssl3_setup_buffers(s))
goto err;
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL)
goto err;
|
| ︙ | ︙ | |||
325 326 327 328 329 330 331 |
static int
dtls1_process_record(SSL *s)
{
int i, al;
int enc_err;
SSL_SESSION *sess;
| | | 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 |
static int
dtls1_process_record(SSL *s)
{
int i, al;
int enc_err;
SSL_SESSION *sess;
SSL3_RECORD_INTERNAL *rr;
unsigned int mac_size, orig_len;
unsigned char md[EVP_MAX_MD_SIZE];
rr = &(S3I(s)->rrec);
sess = s->session;
/* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
|
| ︙ | ︙ | |||
357 358 359 360 361 362 363 | SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } /* decrypt in place in 'rr->input' */ rr->data = rr->input; | < | < < | | 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 |
SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
goto f_err;
}
/* decrypt in place in 'rr->input' */
rr->data = rr->input;
/* enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
* -1: if the padding is invalid */
if ((enc_err = tls1_enc(s, 0)) == 0) {
/* For DTLS we simply ignore bad packets. */
rr->length = 0;
s->internal->packet_length = 0;
goto err;
}
/* r->length is now the compressed data plus mac */
if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
(EVP_MD_CTX_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */
unsigned char *mac = NULL;
unsigned char mac_tmp[EVP_MAX_MD_SIZE];
mac_size = EVP_MD_CTX_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
orig_len = rr->length + rr->padding_length;
/* orig_len is the length of the record before any padding was
* removed. This is public information, as is the MAC in use,
* therefore we can safely process the record in a different
* amount of time if it's too short to possibly contain a MAC.
*/
if (orig_len < mac_size ||
|
| ︙ | ︙ | |||
465 466 467 468 469 470 471 |
* ssl->s3->internal->rrec.data, - data
* ssl->s3->internal->rrec.length, - number of bytes
*/
/* used only by dtls1_read_bytes */
int
dtls1_get_record(SSL *s)
{
| | | 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 |
* ssl->s3->internal->rrec.data, - data
* ssl->s3->internal->rrec.length, - number of bytes
*/
/* used only by dtls1_read_bytes */
int
dtls1_get_record(SSL *s)
{
SSL3_RECORD_INTERNAL *rr;
unsigned char *p = NULL;
DTLS1_BITMAP *bitmap;
unsigned int is_next_epoch;
int n;
rr = &(S3I(s)->rrec);
|
| ︙ | ︙ | |||
636 637 638 639 640 641 642 |
* none of our business
*/
int
dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
{
int al, i, j, ret;
unsigned int n;
| | | 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 |
* none of our business
*/
int
dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
{
int al, i, j, ret;
unsigned int n;
SSL3_RECORD_INTERNAL *rr;
void (*cb)(const SSL *ssl, int type2, int val) = NULL;
if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
if (!ssl3_setup_buffers(s))
return (-1);
if ((type &&
|
| ︙ | ︙ | |||
1174 1175 1176 1177 1178 1179 1180 |
i = do_dtls1_write(s, type, buf, len);
return i;
}
int
do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
| | < | | > > > | | 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 |
i = do_dtls1_write(s, type, buf, len);
return i;
}
int
do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
unsigned char *p;
int i, mac_size, clear = 0;
SSL3_RECORD_INTERNAL *wr;
SSL3_BUFFER_INTERNAL *wb;
SSL_SESSION *sess;
int bs;
CBB cbb;
memset(&cbb, 0, sizeof(cbb));
/* first check if there is a SSL3_BUFFER_INTERNAL still being written
* out. This will happen with non blocking IO */
if (S3I(s)->wbuf.left != 0) {
OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
return (ssl3_write_pending(s, type, buf, len));
}
/* If we have an alert to send, lets send it */
|
| ︙ | ︙ | |||
1218 1219 1220 1221 1222 1223 1224 | mac_size = EVP_MD_CTX_size(s->internal->write_hash); if (mac_size < 0) goto err; } /* DTLS implements explicit IV, so no need for empty fragments. */ | | > | | | | < | | | | > > | > | 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 | mac_size = EVP_MD_CTX_size(s->internal->write_hash); if (mac_size < 0) goto err; } /* DTLS implements explicit IV, so no need for empty fragments. */ p = wb->buf; if (!CBB_init_fixed(&cbb, p, DTLS1_RT_HEADER_LENGTH)) goto err; /* Write the header. */ if (!CBB_add_u8(&cbb, type)) goto err; if (!CBB_add_u16(&cbb, s->version)) goto err; if (!CBB_add_u16(&cbb, D1I(s)->w_epoch)) goto err; if (!CBB_add_bytes(&cbb, &(S3I(s)->write_sequence[2]), 6)) goto err; p += DTLS1_RT_HEADER_LENGTH; /* lets setup the record stuff. */ /* Make space for the explicit IV in case of CBC. * (this is a bit of a boundary violation, but what the heck). */ if (s->internal->enc_write_ctx && (EVP_CIPHER_mode(s->internal->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) bs = EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher); else bs = 0; wr->type = type; wr->data = p + bs; /* make room for IV in case of CBC */ wr->length = (int)len; wr->input = (unsigned char *)buf; /* we now 'read' from wr->input, wr->length bytes into * wr->data */ |
| ︙ | ︙ | |||
1269 1270 1271 1272 1273 1274 1275 | wr->length += mac_size; } /* this is true regardless of mac size */ wr->input = p; wr->data = p; | < < | < > > | < < < | < | < | < < < < | < < < | | > | > > | 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 |
wr->length += mac_size;
}
/* this is true regardless of mac size */
wr->input = p;
wr->data = p;
/* bs != 0 in case of CBC */
if (bs) {
arc4random_buf(p, bs);
/* master IV and last CBC residue stand for
* the rest of randomness */
wr->length += bs;
}
/* tls1_enc can only have an error on read */
tls1_enc(s, 1);
if (!CBB_add_u16(&cbb, wr->length))
goto err;
if (!CBB_finish(&cbb, NULL, NULL))
goto err;
/* we should now have
* wr->data pointing to the encrypted data, which is
* wr->length long */
wr->type = type; /* not needed but helps for debugging */
wr->length += DTLS1_RT_HEADER_LENGTH;
tls1_record_sequence_increment(S3I(s)->write_sequence);
/* now let's set up wb */
wb->left = wr->length;
wb->offset = 0;
/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
S3I(s)->wpend_tot = len;
S3I(s)->wpend_buf = buf;
S3I(s)->wpend_type = type;
S3I(s)->wpend_ret = len;
/* we now just need to write the buffer */
return ssl3_write_pending(s, type, buf, len);
err:
CBB_cleanup(&cbb);
return -1;
}
static int
dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
|
| ︙ | ︙ | |||
1411 1412 1413 1414 1415 1416 1417 | } } return (i); } static DTLS1_BITMAP * | | | 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 |
}
}
return (i);
}
static DTLS1_BITMAP *
dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
{
*is_next_epoch = 0;
/* In current epoch, accept HM, CCS, DATA, & ALERT */
if (rr->epoch == D1I(s)->r_epoch)
return &D1I(s)->bitmap;
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/d1_srtp.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: d1_srtp.c,v 1.24 2020/03/16 15:25:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
136 137 138 139 140 141 142 |
SRTP_AES128_CM_SHA1_32,
},
{0}
};
int
srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
| | | > | 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
SRTP_AES128_CM_SHA1_32,
},
{0}
};
int
srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr,
unsigned int len)
{
SRTP_PROTECTION_PROFILE *p;
p = srtp_known_profiles;
while (p->name) {
if ((len == strlen(p->name)) &&
!strncmp(p->name, profile_name, len)) {
*pptr = p;
return 0;
}
p++;
}
return 1;
}
int
srtp_find_profile_by_num(unsigned int profile_num,
SRTP_PROTECTION_PROFILE **pptr)
{
SRTP_PROTECTION_PROFILE *p;
p = srtp_known_profiles;
while (p->name) {
if (p->id == profile_num) {
*pptr = p;
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/s3_cbc.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: s3_cbc.c,v 1.21 2020/03/16 15:25:13 tb Exp $ */ /* ==================================================================== * Copyright (c) 2012 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * |
| ︙ | ︙ | |||
69 70 71 72 73 74 75 | /* Some utility functions are needed: * * These macros return the given value with the MSB copied to all the other * bits. They use the fact that arithmetic shift shifts-in the sign bit. * However, this is not ensured by the C standard so you may need to replace * them with something else on odd CPUs. */ | | | | | | | | | | | | | 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 |
/* Some utility functions are needed:
*
* These macros return the given value with the MSB copied to all the other
* bits. They use the fact that arithmetic shift shifts-in the sign bit.
* However, this is not ensured by the C standard so you may need to replace
* them with something else on odd CPUs. */
#define DUPLICATE_MSB_TO_ALL(x) ((unsigned int)((int)(x) >> (sizeof(int) * 8 - 1)))
#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
static unsigned int
constant_time_lt(unsigned int a, unsigned int b)
{
a -= b;
return DUPLICATE_MSB_TO_ALL(a);
}
/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
static unsigned int
constant_time_ge(unsigned int a, unsigned int b)
{
a -= b;
return DUPLICATE_MSB_TO_ALL(~a);
}
/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
static unsigned char
constant_time_eq_8(unsigned int a, unsigned int b)
{
unsigned int c = a ^ b;
c--;
return DUPLICATE_MSB_TO_ALL_8(c);
}
/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
* record in |rec| in constant time and returns 1 if the padding is valid and
* -1 otherwise. It also removes any explicit IV from the start of the record
* without leaking any timing about whether there was enough space after the
* padding was removed.
*
* block_size: the block size of the cipher used to encrypt the record.
* returns:
* 0: (in non-constant time) if the record is publicly invalid.
* 1: if the padding was valid
* -1: otherwise. */
int
tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD_INTERNAL *rec,
unsigned int block_size, unsigned int mac_size)
{
unsigned int padding_length, good, to_check, i;
const unsigned int overhead = 1 /* padding length byte */ + mac_size;
/* Check if version requires explicit IV */
if (SSL_USE_EXPLICIT_IV(s)) {
/* These lengths are all public so we can test them in
* non-constant time.
*/
if (overhead + block_size > rec->length)
|
| ︙ | ︙ | |||
165 166 167 168 169 170 171 | good &= good >> 2; good &= good >> 1; good <<= sizeof(good)*8 - 1; good = DUPLICATE_MSB_TO_ALL(good); padding_length = good & (padding_length + 1); rec->length -= padding_length; | | | 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 | good &= good >> 2; good &= good >> 1; good <<= sizeof(good)*8 - 1; good = DUPLICATE_MSB_TO_ALL(good); padding_length = good & (padding_length + 1); rec->length -= padding_length; rec->padding_length = padding_length; return (int)((good & 1) | (~good & -1)); } /* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in * constant time (independent of the concrete value of rec->length, which may * vary within a 256-byte window). |
| ︙ | ︙ | |||
190 191 192 193 194 195 196 | * a single or pair of cache-lines, then the variable memory accesses don't * actually affect the timing. CPUs with smaller cache-lines [if any] are * not multi-core and are not considered vulnerable to cache-timing attacks. */ #define CBC_MAC_ROTATE_IN_PLACE void | | | | | | | | | | 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 |
* a single or pair of cache-lines, then the variable memory accesses don't
* actually affect the timing. CPUs with smaller cache-lines [if any] are
* not multi-core and are not considered vulnerable to cache-timing attacks.
*/
#define CBC_MAC_ROTATE_IN_PLACE
void
ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD_INTERNAL *rec,
unsigned int md_size, unsigned int orig_len)
{
#if defined(CBC_MAC_ROTATE_IN_PLACE)
unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
unsigned char *rotated_mac;
#else
unsigned char rotated_mac[EVP_MAX_MD_SIZE];
#endif
/* mac_end is the index of |rec->data| just after the end of the MAC. */
unsigned int mac_end = rec->length;
unsigned int mac_start = mac_end - md_size;
/* scan_start contains the number of bytes that we can ignore because
* the MAC's position can only vary by 255 bytes. */
unsigned int scan_start = 0;
unsigned int i, j;
unsigned int div_spoiler;
unsigned int rotate_offset;
OPENSSL_assert(orig_len >= md_size);
OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
#if defined(CBC_MAC_ROTATE_IN_PLACE)
rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63);
#endif
|
| ︙ | ︙ | |||
261 262 263 264 265 266 267 268 269 270 271 272 273 274 | for (j = 0; j < md_size; j++) out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); rotate_offset++; rotate_offset &= constant_time_lt(rotate_offset, md_size); } #endif } /* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in * little-endian order. The value of p is advanced by four. */ #define u32toLE(n, p) \ (*((p)++)=(unsigned char)(n), \ *((p)++)=(unsigned char)(n>>8), \ *((p)++)=(unsigned char)(n>>16), \ | > > > > > > > > > > > > > > | 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 | for (j = 0; j < md_size; j++) out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); rotate_offset++; rotate_offset &= constant_time_lt(rotate_offset, md_size); } #endif } #define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) #define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ *((c)++)=(unsigned char)(((l)>>48)&0xff), \ *((c)++)=(unsigned char)(((l)>>40)&0xff), \ *((c)++)=(unsigned char)(((l)>>32)&0xff), \ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) /* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in * little-endian order. The value of p is advanced by four. */ #define u32toLE(n, p) \ (*((p)++)=(unsigned char)(n), \ *((p)++)=(unsigned char)(n>>8), \ *((p)++)=(unsigned char)(n>>16), \ |
| ︙ | ︙ | |||
298 299 300 301 302 303 304 |
l2n(sha1->h4, md_out);
}
static void
tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
{
SHA256_CTX *sha256 = ctx;
| | | | 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 |
l2n(sha1->h4, md_out);
}
static void
tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
{
SHA256_CTX *sha256 = ctx;
unsigned int i;
for (i = 0; i < 8; i++) {
l2n(sha256->h[i], md_out);
}
}
static void
tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
{
SHA512_CTX *sha512 = ctx;
unsigned int i;
for (i = 0; i < 8; i++) {
l2n8(sha512->h[i], md_out);
}
}
/* Largest hash context ever used by the functions above. */
|
| ︙ | ︙ | |||
364 365 366 367 368 369 370 |
* padding too. )
*/
int
ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
size_t* md_out_size, const unsigned char header[13],
const unsigned char *data, size_t data_plus_mac_size,
size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
| | | | | | | 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 |
* padding too. )
*/
int
ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
size_t* md_out_size, const unsigned char header[13],
const unsigned char *data, size_t data_plus_mac_size,
size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
unsigned int mac_secret_length)
{
union {
/*
* Alignment here is to allow this to be cast as SHA512_CTX
* without losing alignment required by the 64-bit SHA_LONG64
* integer it contains.
*/
LARGEST_DIGEST_CTX_ALIGNMENT align;
unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
} md_state;
void (*md_final_raw)(void *ctx, unsigned char *md_out);
void (*md_transform)(void *ctx, const unsigned char *block);
unsigned int md_size, md_block_size = 64;
unsigned int header_length, variance_blocks,
len, max_mac_bytes, num_blocks,
num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
unsigned int bits; /* at most 18 bits */
unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
/* hmac_pad is the masked HMAC key. */
unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
unsigned char first_block[MAX_HASH_BLOCK_SIZE];
unsigned char mac_out[EVP_MAX_MD_SIZE];
unsigned int i, j, md_out_size_u;
EVP_MD_CTX md_ctx;
/* mdLengthSize is the number of bytes in the length field that terminates
* the hash. */
unsigned int md_length_size = 8;
char length_is_big_endian = 1;
/* This is a, hopefully redundant, check that allows us to forget about
* many possible overflows later in this function. */
OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
switch (EVP_MD_CTX_type(ctx)) {
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/s3_lib.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: s3_lib.c,v 1.192 2020/04/18 14:07:56 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
1559 1560 1561 1562 1563 1564 1565 | tls1_cleanup_key_block(s); ssl3_release_read_buffer(s); ssl3_release_write_buffer(s); freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); DH_free(S3I(s)->tmp.dh); EC_KEY_free(S3I(s)->tmp.ecdh); | < > < < < | 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 | tls1_cleanup_key_block(s); ssl3_release_read_buffer(s); ssl3_release_write_buffer(s); freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); DH_free(S3I(s)->tmp.dh); EC_KEY_free(S3I(s)->tmp.ecdh); freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); tls13_key_share_free(S3I(s)->hs_tls13.key_share); tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); tls1_transcript_free(s); tls1_transcript_hash_free(s); |
| ︙ | ︙ | |||
1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 | tls1_cleanup_key_block(s); sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); DH_free(S3I(s)->tmp.dh); S3I(s)->tmp.dh = NULL; EC_KEY_free(S3I(s)->tmp.ecdh); S3I(s)->tmp.ecdh = NULL; freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); S3I(s)->hs.sigalgs = NULL; S3I(s)->hs.sigalgs_len = 0; | > > > > | | < < < < < < | 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 | tls1_cleanup_key_block(s); sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); DH_free(S3I(s)->tmp.dh); S3I(s)->tmp.dh = NULL; EC_KEY_free(S3I(s)->tmp.ecdh); S3I(s)->tmp.ecdh = NULL; S3I(s)->tmp.ecdh_nid = NID_undef; freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); S3I(s)->tmp.x25519 = NULL; freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); S3I(s)->hs.sigalgs = NULL; S3I(s)->hs.sigalgs_len = 0; tls13_key_share_free(S3I(s)->hs_tls13.key_share); S3I(s)->hs_tls13.key_share = NULL; tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); S3I(s)->hs_tls13.secrets = NULL; freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); S3I(s)->hs_tls13.cookie = NULL; S3I(s)->hs_tls13.cookie_len = 0; S3I(s)->hs.extensions_seen = 0; rp = S3I(s)->rbuf.buf; |
| ︙ | ︙ | |||
1653 1654 1655 1656 1657 1658 1659 |
s->version = TLS1_VERSION;
}
static long
ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)
{
EVP_PKEY *pkey = NULL;
| < < < < | > | < < < < | > | < | | < < < | < | < < | | | > | < < < < | 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 |
s->version = TLS1_VERSION;
}
static long
ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp)
{
EVP_PKEY *pkey = NULL;
SESS_CERT *sc;
int ret = 0;
*pkey_tmp = NULL;
if (s->server != 0)
return 0;
if (s->session == NULL || SSI(s)->sess_cert == NULL)
return 0;
sc = SSI(s)->sess_cert;
if ((pkey = EVP_PKEY_new()) == NULL)
return 0;
if (sc->peer_dh_tmp != NULL) {
if (!EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp))
goto err;
} else if (sc->peer_ecdh_tmp) {
if (!EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp))
goto err;
} else if (sc->peer_x25519_tmp != NULL) {
if (!ssl_kex_dummy_ecdhe_x25519(pkey))
goto err;
} else if (S3I(s)->hs_tls13.key_share != NULL) {
if (!tls13_key_share_peer_pkey(S3I(s)->hs_tls13.key_share,
pkey))
goto err;
} else {
goto err;
}
*pkey_tmp = pkey;
pkey = NULL;
ret = 1;
err:
EVP_PKEY_free(pkey);
return (ret);
}
static int
_SSL_session_reused(SSL *s)
{
|
| ︙ | ︙ | |||
2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 |
return 1;
}
static int
_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs)
{
*certs = ctx->extra_certs;
return 1;
}
static int
_SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)
{
| > > > > > > > > > > | 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 |
return 1;
}
static int
_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs)
{
*certs = ctx->extra_certs;
if (*certs == NULL)
*certs = ctx->internal->cert->key->chain;
return 1;
}
static int
_SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **certs)
{
*certs = ctx->extra_certs;
return 1;
}
static int
_SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)
{
|
| ︙ | ︙ | |||
2321 2322 2323 2324 2325 2326 2327 | case SSL_CTRL_GET_CHAIN_CERTS: return SSL_CTX_get0_chain_certs(ctx, (STACK_OF(X509) **)parg); case SSL_CTRL_EXTRA_CHAIN_CERT: return _SSL_CTX_add_extra_chain_cert(ctx, parg); case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: | > | > > | 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 | case SSL_CTRL_GET_CHAIN_CERTS: return SSL_CTX_get0_chain_certs(ctx, (STACK_OF(X509) **)parg); case SSL_CTRL_EXTRA_CHAIN_CERT: return _SSL_CTX_add_extra_chain_cert(ctx, parg); case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: if (larg == 0) return _SSL_CTX_get_extra_chain_certs(ctx, parg); else return _SSL_CTX_get_extra_chain_certs_only(ctx, parg); case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: return _SSL_CTX_clear_extra_chain_certs(ctx); case SSL_CTRL_SET_GROUPS: return SSL_CTX_set1_groups(ctx, parg, larg); |
| ︙ | ︙ | |||
2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 |
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
/* Skip TLS v1.2 only ciphersuites if not supported. */
if ((c->algorithm_ssl & SSL_TLSV1_2) &&
!SSL_USE_TLS1_2_CIPHERS(s))
continue;
ssl_set_cert_masks(cert, c);
mask_k = cert->mask_k;
mask_a = cert->mask_a;
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
| > > > > > > > > > > < | 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 |
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
/* Skip TLS v1.2 only ciphersuites if not supported. */
if ((c->algorithm_ssl & SSL_TLSV1_2) &&
!SSL_USE_TLS1_2_CIPHERS(s))
continue;
/* Skip TLS v1.3 only ciphersuites if not supported. */
if ((c->algorithm_ssl & SSL_TLSV1_3) &&
!SSL_USE_TLS1_3_CIPHERS(s))
continue;
/* If TLS v1.3, only allow TLS v1.3 ciphersuites. */
if (SSL_USE_TLS1_3_CIPHERS(s) &&
!(c->algorithm_ssl & SSL_TLSV1_3))
continue;
ssl_set_cert_masks(cert, c);
mask_k = cert->mask_k;
mask_a = cert->mask_a;
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
ok = (alg_k & mask_k) && (alg_a & mask_a);
/*
* If we are considering an ECC cipher suite that uses our
* certificate check it.
*/
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_both.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_both.c,v 1.17 2020/03/12 17:15:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
244 245 246 247 248 249 250 |
ssl3_get_finished(SSL *s, int a, int b)
{
int al, ok, md_len;
long n;
CBS cbs;
/* should actually be 36+4 :-) */
| | | 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 |
ssl3_get_finished(SSL *s, int a, int b)
{
int al, ok, md_len;
long n;
CBS cbs;
/* should actually be 36+4 :-) */
n = ssl3_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
if (!ok)
return ((int)n);
/* If this occurs, we have missed a message */
if (!S3I(s)->change_cipher_spec) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
|
| ︙ | ︙ | |||
443 444 445 446 447 448 449 450 451 452 453 454 455 456 |
unsigned char *p;
uint32_t l;
long n;
int i, al;
CBS cbs;
uint8_t u8;
if (S3I(s)->tmp.reuse_message) {
S3I(s)->tmp.reuse_message = 0;
if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
| > > > | 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 |
unsigned char *p;
uint32_t l;
long n;
int i, al;
CBS cbs;
uint8_t u8;
if (SSL_IS_DTLS(s))
return (dtls1_get_message(s, st1, stn, mt, max, ok));
if (S3I(s)->tmp.reuse_message) {
S3I(s)->tmp.reuse_message = 0;
if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) {
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
goto f_err;
}
|
| ︙ | ︙ | |||
695 696 697 698 699 700 701 |
headerlen = SSL3_RT_HEADER_LENGTH;
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
if (S3I(s)->rbuf.buf == NULL) {
len = SSL3_RT_MAX_PLAIN_LENGTH +
SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
| | | 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 |
headerlen = SSL3_RT_HEADER_LENGTH;
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
if (S3I(s)->rbuf.buf == NULL) {
len = SSL3_RT_MAX_PLAIN_LENGTH +
SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
if ((p = calloc(1, len)) == NULL)
goto err;
S3I(s)->rbuf.buf = p;
S3I(s)->rbuf.len = len;
}
s->internal->packet = &(S3I(s)->rbuf.buf[0]);
return 1;
|
| ︙ | ︙ | |||
729 730 731 732 733 734 735 |
if (S3I(s)->wbuf.buf == NULL) {
len = s->max_send_fragment +
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
len += headerlen + align +
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
| | | 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 |
if (S3I(s)->wbuf.buf == NULL) {
len = s->max_send_fragment +
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
if (!(s->internal->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
len += headerlen + align +
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
if ((p = calloc(1, len)) == NULL)
goto err;
S3I(s)->wbuf.buf = p;
S3I(s)->wbuf.len = len;
}
return 1;
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_ciph.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_ciph.c,v 1.117 2020/04/19 14:54:14 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
391 392 393 394 395 396 397 398 399 400 401 402 403 404 |
.name = SSL_TXT_TLSV1_2,
.algorithm_ssl = SSL_TLSV1_2,
},
{
.name = SSL_TXT_TLSV1_3,
.algorithm_ssl = SSL_TLSV1_3,
},
/* strength classes */
{
.name = SSL_TXT_LOW,
.algo_strength = SSL_LOW,
},
{
| > > > > > > > > > > > > > > > > > > > > > > | 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 |
.name = SSL_TXT_TLSV1_2,
.algorithm_ssl = SSL_TLSV1_2,
},
{
.name = SSL_TXT_TLSV1_3,
.algorithm_ssl = SSL_TLSV1_3,
},
/* cipher suite aliases */
#ifdef LIBRESSL_HAS_TLS1_3
{
.valid = 1,
.name = "TLS_AES_128_GCM_SHA256",
.id = TLS1_3_CK_AES_128_GCM_SHA256,
.algorithm_ssl = SSL_TLSV1_3,
},
{
.valid = 1,
.name = "TLS_AES_256_GCM_SHA384",
.id = TLS1_3_CK_AES_256_GCM_SHA384,
.algorithm_ssl = SSL_TLSV1_3,
},
{
.valid = 1,
.name = "TLS_CHACHA20_POLY1305_SHA256",
.id = TLS1_3_CK_CHACHA20_POLY1305_SHA256,
.algorithm_ssl = SSL_TLSV1_3,
},
#endif
/* strength classes */
{
.name = SSL_TXT_LOW,
.algo_strength = SSL_LOW,
},
{
|
| ︙ | ︙ | |||
754 755 756 757 758 759 760 |
*ca_curr = NULL; /* end of list */
}
static void
ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac,
| | | < | 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 |
*ca_curr = NULL; /* end of list */
}
static void
ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long alg_mkey,
unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac,
unsigned long alg_ssl, unsigned long algo_strength, int rule,
int strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp;
int reverse = 0;
if (rule == CIPHER_DEL)
reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
head = *head_p;
tail = *tail_p;
|
| ︙ | ︙ | |||
904 905 906 907 908 909 910 | free(number_uses); return (1); } static int ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p, | | > > | 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 |
free(number_uses);
return (1);
}
static int
ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list, int *tls13_seen)
{
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
unsigned long algo_strength;
int j, multi, found, rule, retval, ok, buflen;
unsigned long cipher_id = 0;
const char *l, *buf;
char ch;
*tls13_seen = 0;
retval = 1;
l = rule_str;
for (;;) {
ch = *l;
if (ch == '\0')
|
| ︙ | ︙ | |||
956 957 958 959 960 961 962 |
for (;;) {
ch = *l;
buf = l;
buflen = 0;
while (((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) ||
| | > | 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 |
for (;;) {
ch = *l;
buf = l;
buflen = 0;
while (((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) ||
(ch == '-') || (ch == '.') ||
(ch == '_')) {
ch = *(++l);
buflen++;
}
if (buflen == 0) {
/*
* We hit something we cannot deal with,
|
| ︙ | ︙ | |||
1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 |
if (ca_list[j]->valid) {
/*
* explicit ciphersuite found; its protocol
* version does not become part of the search
* pattern!
*/
cipher_id = ca_list[j]->id;
} else {
/*
* not an explicit ciphersuite; only in this
* case, the protocol version is considered
* part of the search pattern
*/
if (ca_list[j]->algorithm_ssl) {
| > > | 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 |
if (ca_list[j]->valid) {
/*
* explicit ciphersuite found; its protocol
* version does not become part of the search
* pattern!
*/
cipher_id = ca_list[j]->id;
if (ca_list[j]->algorithm_ssl == SSL_TLSV1_3)
*tls13_seen = 1;
} else {
/*
* not an explicit ciphersuite; only in this
* case, the protocol version is considered
* part of the search pattern
*/
if (ca_list[j]->algorithm_ssl) {
|
| ︙ | ︙ | |||
1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 |
* together with "@", so throw away the
* rest of the command, if any left, until
* end or ':' is found.
*/
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
} else if (found) {
ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth,
alg_enc, alg_mac, alg_ssl, algo_strength, rule,
-1, head_p, tail_p);
} else {
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
}
| > > | 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 |
* together with "@", so throw away the
* rest of the command, if any left, until
* end or ':' is found.
*/
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
} else if (found) {
if (alg_ssl == SSL_TLSV1_3)
*tls13_seen = 1;
ssl_cipher_apply_rule(cipher_id, alg_mkey, alg_auth,
alg_enc, alg_mac, alg_ssl, algo_strength, rule,
-1, head_p, tail_p);
} else {
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
}
|
| ︙ | ︙ | |||
1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 |
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
/*
* Return with error if nothing to do.
*/
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
return NULL;
| > > | 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 |
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
int tls13_seen = 0;
int any_active;
/*
* Return with error if nothing to do.
*/
if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
return NULL;
|
| ︙ | ︙ | |||
1197 1198 1199 1200 1201 1202 1203 | /* Now arrange all ciphers by preference: */ /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); | | | 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 |
/* Now arrange all ciphers by preference: */
/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
if (ssl_aes_is_accelerated()) {
/*
* We have hardware assisted AES - prefer AES as a symmetric
* cipher, with CHACHA20 second.
*/
ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
CIPHER_ADD, -1, &head, &tail);
ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
|
| ︙ | ︙ | |||
1264 1265 1266 1267 1268 1269 1270 |
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *));
if (ca_list == NULL) {
free(co_list);
SSLerrorx(ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
| | | < | | > | 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 |
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *));
if (ca_list == NULL) {
free(co_list);
SSLerrorx(ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey,
disabled_auth, disabled_enc, disabled_mac, disabled_ssl, head);
/*
* If the rule_string begins with DEFAULT, apply the default rule
* before using the (possibly available) additional rules.
*/
ok = 1;
rule_p = rule_str;
if (strncmp(rule_str, "DEFAULT", 7) == 0) {
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
&head, &tail, ca_list, &tls13_seen);
rule_p += 7;
if (*rule_p == ':')
rule_p++;
}
if (ok && (strlen(rule_p) > 0))
ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list,
&tls13_seen);
free((void *)ca_list); /* Not needed anymore */
if (!ok) {
/* Rule processing failure */
free(co_list);
return (NULL);
|
| ︙ | ︙ | |||
1305 1306 1307 1308 1309 1310 1311 1312 1313 |
free(co_list);
return (NULL);
}
/*
* The cipher selection for the list is done. The ciphers are added
* to the resulting precedence to the STACK_OF(SSL_CIPHER).
*/
for (curr = head; curr != NULL; curr = curr->next) {
| > > > > > > > | > > | > > | | 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 |
free(co_list);
return (NULL);
}
/*
* The cipher selection for the list is done. The ciphers are added
* to the resulting precedence to the STACK_OF(SSL_CIPHER).
*
* If the rule string did not contain any references to TLSv1.3,
* include inactive TLSv1.3 cipher suites. This avoids attempts to
* use TLSv1.3 with an older rule string that does not include
* TLSv1.3 cipher suites. If the rule string resulted in no active
* cipher suites then we return an empty stack.
*/
any_active = 0;
for (curr = head; curr != NULL; curr = curr->next) {
if (curr->active ||
(!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3))
sk_SSL_CIPHER_push(cipherstack, curr->cipher);
any_active |= curr->active;
}
if (!any_active)
sk_SSL_CIPHER_zero(cipherstack);
free(co_list); /* Not needed any longer */
tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
if (tmp_cipher_list == NULL) {
sk_SSL_CIPHER_free(cipherstack);
return NULL;
}
|
| ︙ | ︙ | |||
1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 |
break;
case SSL_kECDHE:
kx = "ECDH";
break;
case SSL_kGOST:
kx = "GOST";
break;
default:
kx = "unknown";
}
switch (alg_auth) {
case SSL_aRSA:
au = "RSA";
break;
case SSL_aDSS:
au = "DSS";
break;
case SSL_aNULL:
au = "None";
break;
case SSL_aECDSA:
au = "ECDSA";
break;
case SSL_aGOST01:
au = "GOST01";
break;
default:
au = "unknown";
break;
}
switch (alg_enc) {
| > > > > > > | 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 |
break;
case SSL_kECDHE:
kx = "ECDH";
break;
case SSL_kGOST:
kx = "GOST";
break;
case SSL_kTLS1_3:
kx = "TLSv1.3";
break;
default:
kx = "unknown";
}
switch (alg_auth) {
case SSL_aRSA:
au = "RSA";
break;
case SSL_aDSS:
au = "DSS";
break;
case SSL_aNULL:
au = "None";
break;
case SSL_aECDSA:
au = "ECDSA";
break;
case SSL_aGOST01:
au = "GOST01";
break;
case SSL_aTLS1_3:
au = "TLSv1.3";
break;
default:
au = "unknown";
break;
}
switch (alg_enc) {
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_clnt.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_clnt.c,v 1.64 2020/03/06 16:36:47 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
807 808 809 810 811 812 813 | const SSL_METHOD *method; unsigned long alg_k; size_t outlen; int i, al, ok; long n; s->internal->first_packet = 1; | | | 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 | const SSL_METHOD *method; unsigned long alg_k; size_t outlen; int i, al, ok; long n; s->internal->first_packet = 1; n = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, /* ?? */ &ok); if (!ok) return ((int)n); s->internal->first_packet = 0; if (n < 0) goto truncated; |
| ︙ | ︙ | |||
868 869 870 871 872 873 874 875 876 877 878 879 880 881 |
/* Server random. */
if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE))
goto truncated;
if (!CBS_write_bytes(&server_random, s->s3->server_random,
sizeof(s->s3->server_random), NULL))
goto err;
/* Session ID. */
if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
goto truncated;
if ((CBS_len(&session_id) > sizeof(s->session->session_id)) ||
(CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) {
| > > > > > > > > > > > > > > > > > > > > > > > > > > | 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 |
/* Server random. */
if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE))
goto truncated;
if (!CBS_write_bytes(&server_random, s->s3->server_random,
sizeof(s->s3->server_random), NULL))
goto err;
if (!SSL_IS_DTLS(s) && !ssl_enabled_version_range(s, NULL, &max_version))
goto err;
if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION &&
s->version < max_version) {
/*
* RFC 8446 section 4.1.3. We must not downgrade if the server
* random value contains the TLS 1.2 or TLS 1.1 magical value.
*/
if (!CBS_skip(&server_random,
CBS_len(&server_random) - sizeof(tls13_downgrade_12)))
goto err;
if (s->version == TLS1_2_VERSION &&
CBS_mem_equal(&server_random, tls13_downgrade_12,
sizeof(tls13_downgrade_12))) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
goto f_err;
}
if (CBS_mem_equal(&server_random, tls13_downgrade_11,
sizeof(tls13_downgrade_11))) {
al = SSL_AD_ILLEGAL_PARAMETER;
SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
goto f_err;
}
}
/* Session ID. */
if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
goto truncated;
if ((CBS_len(&session_id) > sizeof(s->session->session_id)) ||
(CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) {
|
| ︙ | ︙ | |||
1044 1045 1046 1047 1048 1049 1050 | CBS cbs, cert_list; X509 *x = NULL; const unsigned char *q; STACK_OF(X509) *sk = NULL; SESS_CERT *sc; EVP_PKEY *pkey = NULL; | | < | 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 |
CBS cbs, cert_list;
X509 *x = NULL;
const unsigned char *q;
STACK_OF(X509) *sk = NULL;
SESS_CERT *sc;
EVP_PKEY *pkey = NULL;
n = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok);
if (!ok)
return ((int)n);
if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
S3I(s)->tmp.reuse_message = 1;
return (1);
}
|
| ︙ | ︙ | |||
1260 1261 1262 1263 1264 1265 1266 |
return (-1);
}
static int
ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public)
{
| < < < < < | < < | < < < < < < < < < < < < < < < < < < < | < < < | 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 |
return (-1);
}
static int
ssl3_get_server_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, int nid, CBS *public)
{
EC_KEY *ecdh = NULL;
int ret = -1;
/* Extract the server's ephemeral ECDH public key. */
if ((ecdh = EC_KEY_new()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ssl_kex_peer_public_ecdhe_ecp(ecdh, nid, public)) {
SSLerror(s, SSL_R_BAD_ECPOINT);
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
goto err;
}
sc->peer_nid = nid;
sc->peer_ecdh_tmp = ecdh;
ecdh = NULL;
ret = 1;
err:
EC_KEY_free(ecdh);
return (ret);
}
static int
ssl3_get_server_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, int nid, CBS *public)
|
| ︙ | ︙ | |||
1439 1440 1441 1442 1443 1444 1445 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; alg_a = S3I(s)->hs.new_cipher->algorithm_auth; /* * Use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped. */ | | | 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 | alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; alg_a = S3I(s)->hs.new_cipher->algorithm_auth; /* * Use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped. */ n = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); if (n < 0) goto err; |
| ︙ | ︙ | |||
1607 1608 1609 1610 1611 1612 1613 | long n; uint8_t ctype_num; CBS cert_request, ctypes, rdn_list; X509_NAME *xn = NULL; const unsigned char *q; STACK_OF(X509_NAME) *ca_sk = NULL; | | < | 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 |
long n;
uint8_t ctype_num;
CBS cert_request, ctypes, rdn_list;
X509_NAME *xn = NULL;
const unsigned char *q;
STACK_OF(X509_NAME) *ca_sk = NULL;
n = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A,
SSL3_ST_CR_CERT_REQ_B, -1, s->internal->max_cert_list, &ok);
if (!ok)
return ((int)n);
S3I(s)->tmp.cert_req = 0;
if (S3I(s)->tmp.message_type == SSL3_MT_SERVER_DONE) {
S3I(s)->tmp.reuse_message = 1;
|
| ︙ | ︙ | |||
1761 1762 1763 1764 1765 1766 1767 |
ssl3_get_new_session_ticket(SSL *s)
{
int ok, al, ret = 0;
uint32_t lifetime_hint;
long n;
CBS cbs, session_ticket;
| | | 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 |
ssl3_get_new_session_ticket(SSL *s)
{
int ok, al, ret = 0;
uint32_t lifetime_hint;
long n;
CBS cbs, session_ticket;
n = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
SSL3_ST_CR_SESSION_TICKET_B, -1, 16384, &ok);
if (!ok)
return ((int)n);
if (S3I(s)->tmp.message_type == SSL3_MT_FINISHED) {
S3I(s)->tmp.reuse_message = 1;
return (1);
|
| ︙ | ︙ | |||
1837 1838 1839 1840 1841 1842 1843 |
{
CBS cert_status, response;
size_t stow_len;
int ok, al;
long n;
uint8_t status_type;
| | < | 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 |
{
CBS cert_status, response;
size_t stow_len;
int ok, al;
long n;
uint8_t status_type;
n = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
SSL3_ST_CR_CERT_STATUS_B, SSL3_MT_CERTIFICATE_STATUS,
16384, &ok);
if (!ok)
return ((int)n);
if (n < 0) {
/* need at least status type + length */
al = SSL_AD_DECODE_ERROR;
SSLerror(s, SSL_R_LENGTH_MISMATCH);
|
| ︙ | ︙ | |||
1909 1910 1911 1912 1913 1914 1915 |
int
ssl3_get_server_done(SSL *s)
{
int ok, ret = 0;
long n;
| | < > | 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 |
int
ssl3_get_server_done(SSL *s)
{
int ok, ret = 0;
long n;
n = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE,
30, /* should be very small, like 0 :-) */ &ok);
if (!ok)
return ((int)n);
if (n > 0) {
/* should contain no data */
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
SSLerror(s, SSL_R_LENGTH_MISMATCH);
return (-1);
}
ret = 1;
|
| ︙ | ︙ | |||
2048 2049 2050 2051 2052 2053 2054 |
return (ret);
}
static int
ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
{
| < < < | < | < < < < < < < < < < < | < < < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | | < < < < > > > > > | < < | 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 |
return (ret);
}
static int
ssl3_send_client_kex_ecdhe_ecp(SSL *s, SESS_CERT *sc, CBB *cbb)
{
EC_KEY *ecdh = NULL;
uint8_t *key = NULL;
size_t key_len = 0;
int ret = -1;
CBB ecpoint;
if ((ecdh = EC_KEY_new()) == NULL) {
SSLerror(s, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ssl_kex_generate_ecdhe_ecp(ecdh, sc->peer_nid))
goto err;
/* Encode our public key. */
if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
goto err;
if (!ssl_kex_public_ecdhe_ecp(ecdh, &ecpoint))
goto err;
if (!CBB_flush(cbb))
goto err;
if (!ssl_kex_derive_ecdhe_ecp(ecdh, sc->peer_ecdh_tmp, &key, &key_len))
goto err;
s->session->master_key_length = tls1_generate_master_secret(s,
s->session->master_key, key, key_len);
ret = 1;
err:
freezero(key, key_len);
EC_KEY_free(ecdh);
return (ret);
}
static int
ssl3_send_client_kex_ecdhe_ecx(SSL *s, SESS_CERT *sc, CBB *cbb)
|
| ︙ | ︙ | |||
2792 2793 2794 2795 2796 2797 2798 | long n; /* If we have no ticket it cannot be a resumed session. */ if (!s->session->tlsext_tick) return (1); /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ | | > | 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 | long n; /* If we have no ticket it cannot be a resumed session. */ if (!s->session->tlsext_tick) return (1); /* this function is called when we really expect a Certificate * message, so permit appropriate message length */ n = ssl3_get_message(s, SSL3_ST_CR_CERT_A, SSL3_ST_CR_CERT_B, -1, s->internal->max_cert_list, &ok); if (!ok) return ((int)n); S3I(s)->tmp.reuse_message = 1; if ((S3I(s)->tmp.message_type == SSL3_MT_FINISHED) || (S3I(s)->tmp.message_type == SSL3_MT_NEWSESSION_TICKET)) return (2); return (1); } |
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_err.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_err.c,v 1.37 2020/01/21 05:19:02 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * |
| ︙ | ︙ | |||
458 459 460 461 462 463 464 |
{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"},
{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"},
{ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"},
{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"},
{ERR_REASON(SSL_R_X509_LIB) , "x509 lib"},
{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
| | > | 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 |
{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) , "wrong signature size"},
{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE) , "wrong signature type"},
{ERR_REASON(SSL_R_WRONG_SSL_VERSION) , "wrong ssl version"},
{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) , "wrong version number"},
{ERR_REASON(SSL_R_X509_LIB) , "x509 lib"},
{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
{ERR_REASON(SSL_R_PEER_BEHAVING_BADLY), "peer is doing strange or hostile things"},
{ERR_REASON(SSL_R_UNKNOWN), "unknown failure occurred"},
{0, NULL}
};
#endif
void
ERR_load_SSL_strings(void)
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_lib.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_lib.c,v 1.212 2020/03/16 15:25:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
136 137 138 139 140 141 142 143 144 145 146 147 148 149 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ #include <stdio.h> #include "ssl_locl.h" #include <openssl/bn.h> #include <openssl/dh.h> #include <openssl/lhash.h> | > > > > | 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 | * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ #include <arpa/inet.h> #include <sys/socket.h> #include <netinet/in.h> #include <stdio.h> #include "ssl_locl.h" #include <openssl/bn.h> #include <openssl/dh.h> #include <openssl/lhash.h> |
| ︙ | ︙ | |||
184 185 186 187 188 189 190 191 192 193 194 195 196 197 | s->internal->type = 0; s->version = s->method->internal->version; s->client_version = s->version; s->internal->rwstate = SSL_NOTHING; s->internal->rstate = SSL_ST_READ_HEADER; BUF_MEM_free(s->internal->init_buf); s->internal->init_buf = NULL; ssl_clear_cipher_state(s); s->internal->first_packet = 0; | > > > | 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 | s->internal->type = 0; s->version = s->method->internal->version; s->client_version = s->version; s->internal->rwstate = SSL_NOTHING; s->internal->rstate = SSL_ST_READ_HEADER; tls13_ctx_free(s->internal->tls13); s->internal->tls13 = NULL; BUF_MEM_free(s->internal->init_buf); s->internal->init_buf = NULL; ssl_clear_cipher_state(s); s->internal->first_packet = 0; |
| ︙ | ︙ | |||
452 453 454 455 456 457 458 |
{
return (X509_VERIFY_PARAM_set_trust(s->param, trust));
}
int
SSL_set1_host(SSL *s, const char *hostname)
{
| > > > > > > > > > > | | 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 |
{
return (X509_VERIFY_PARAM_set_trust(s->param, trust));
}
int
SSL_set1_host(SSL *s, const char *hostname)
{
#ifndef _WIN32
struct in_addr ina;
struct in6_addr in6a;
if (hostname != NULL && *hostname != '\0' &&
(inet_pton(AF_INET, hostname, &ina) == 1 ||
inet_pton(AF_INET6, hostname, &in6a) == 1))
return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname);
else
#endif
return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
}
X509_VERIFY_PARAM *
SSL_CTX_get0_param(SSL_CTX *ctx)
{
return (ctx->param);
}
|
| ︙ | ︙ | |||
507 508 509 510 511 512 513 514 515 516 517 518 519 520 | BIO_free(s->bbio); s->bbio = NULL; } if (s->rbio != s->wbio) BIO_free_all(s->rbio); BIO_free_all(s->wbio); BUF_MEM_free(s->internal->init_buf); /* add extra stuff */ sk_SSL_CIPHER_free(s->cipher_list); sk_SSL_CIPHER_free(s->internal->cipher_list_by_id); | > > | 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 | BIO_free(s->bbio); s->bbio = NULL; } if (s->rbio != s->wbio) BIO_free_all(s->rbio); BIO_free_all(s->wbio); tls13_ctx_free(s->internal->tls13); BUF_MEM_free(s->internal->init_buf); /* add extra stuff */ sk_SSL_CIPHER_free(s->cipher_list); sk_SSL_CIPHER_free(s->internal->cipher_list_by_id); |
| ︙ | ︙ | |||
781 782 783 784 785 786 787 |
{
return (s->internal->read_ahead);
}
int
SSL_pending(const SSL *s)
{
| < < < < < < < < | | 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 |
{
return (s->internal->read_ahead);
}
int
SSL_pending(const SSL *s)
{
return (s->method->internal->ssl_pending(s));
}
X509 *
SSL_get_peer_certificate(const SSL *s)
{
X509 *r;
|
| ︙ | ︙ | |||
996 997 998 999 1000 1001 1002 |
if (s->internal->handshake_func == NULL) {
SSLerror(s, SSL_R_UNINITIALIZED);
return (-1);
}
if (s != NULL && !SSL_in_init(s))
| | | 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 |
if (s->internal->handshake_func == NULL) {
SSLerror(s, SSL_R_UNINITIALIZED);
return (-1);
}
if (s != NULL && !SSL_in_init(s))
return (s->method->internal->ssl_shutdown(s));
return (1);
}
int
SSL_renegotiate(SSL *s)
{
|
| ︙ | ︙ | |||
1517 1518 1519 1520 1521 1522 1523 | *outlen = result[0]; return (status); } /* SSL_get0_next_proto_negotiated is deprecated. */ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, | | | 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 |
*outlen = result[0];
return (status);
}
/* SSL_get0_next_proto_negotiated is deprecated. */
void
SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
unsigned int *len)
{
*data = NULL;
*len = 0;
}
/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
void
|
| ︙ | ︙ | |||
1624 1625 1626 1627 1628 1629 1630 | * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return * it sets data to point to len bytes of protocol name (not including the * leading length-prefix byte). If the server didn't respond with* a negotiated * protocol then len will be zero. */ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, | | | 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 |
* SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
* it sets data to point to len bytes of protocol name (not including the
* leading length-prefix byte). If the server didn't respond with* a negotiated
* protocol then len will be zero.
*/
void
SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len)
{
*data = NULL;
*len = 0;
*data = ssl->s3->internal->alpn_selected;
*len = ssl->s3->internal->alpn_selected_len;
}
|
| ︙ | ︙ | |||
1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 |
if (dh_tmp)
mask_k |= SSL_kDHE;
if (rsa_enc || rsa_sign)
mask_a |= SSL_aRSA;
mask_a |= SSL_aNULL;
/*
* An ECC certificate may be usable for ECDH and/or
* ECDSA cipher suites depending on the key usage extension.
*/
if (have_ecc_cert) {
x = (c->pkeys[SSL_PKEY_ECC]).x509;
| > > > | 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 |
if (dh_tmp)
mask_k |= SSL_kDHE;
if (rsa_enc || rsa_sign)
mask_a |= SSL_aRSA;
mask_a |= SSL_aNULL;
mask_a |= SSL_aTLS1_3;
mask_k |= SSL_kTLS1_3;
/*
* An ECC certificate may be usable for ECDH and/or
* ECDSA cipher suites depending on the key usage extension.
*/
if (have_ecc_cert) {
x = (c->pkeys[SSL_PKEY_ECC]).x509;
|
| ︙ | ︙ | |||
2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 |
s->method = meth;
else {
s->method->internal->ssl_free(s);
s->method = meth;
ret = s->method->internal->ssl_new(s);
}
if (conn == 1)
s->internal->handshake_func = meth->internal->ssl_connect;
else if (conn == 0)
s->internal->handshake_func = meth->internal->ssl_accept;
}
return (ret);
}
| > > > > > > > > > | 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 |
s->method = meth;
else {
s->method->internal->ssl_free(s);
s->method = meth;
ret = s->method->internal->ssl_new(s);
}
/*
* XXX - reset the client max version to that of the incoming
* method, otherwise a caller that uses a TLS_method() and then
* sets with TLS_client_method() cannot do TLSv1.3.
*/
if (meth->internal->max_version == TLS1_3_VERSION &&
meth->internal->ssl_connect != NULL)
s->internal->max_version = meth->internal->max_version;
if (conn == 1)
s->internal->handshake_func = meth->internal->ssl_connect;
else if (conn == 0)
s->internal->handshake_func = meth->internal->ssl_accept;
}
return (ret);
}
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_locl.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_locl.h,v 1.272 2020/04/18 14:07:56 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
165 166 167 168 169 170 171 | #include "tls13_internal.h" __BEGIN_HIDDEN_DECLS #define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ __attribute__((__unused__)) | > | < | < < < < < < < < < | | < > | 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 | #include "tls13_internal.h" __BEGIN_HIDDEN_DECLS #define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ __attribute__((__unused__)) #ifndef LIBRESSL_HAS_TLS1_3_CLIENT #define LIBRESSL_HAS_TLS1_3_CLIENT #endif #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) || defined(LIBRESSL_HAS_TLS1_3_SERVER) #define LIBRESSL_HAS_TLS1_3 #endif /* LOCAL STUFF */ #define SSL_DECRYPT 0 #define SSL_ENCRYPT 1 /* |
| ︙ | ︙ | |||
330 331 332 333 334 335 336 337 338 339 340 341 342 343 | #define SSL_USE_SIGALGS(s) \ (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ #define SSL_USE_TLS1_2_CIPHERS(s) \ (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) #define SSL_PKEY_RSA_ENC 0 #define SSL_PKEY_RSA_SIGN 1 #define SSL_PKEY_DH_RSA 2 #define SSL_PKEY_ECC 3 #define SSL_PKEY_GOST01 4 #define SSL_PKEY_NUM 5 | > > > > | 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 | #define SSL_USE_SIGALGS(s) \ (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS) /* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */ #define SSL_USE_TLS1_2_CIPHERS(s) \ (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS) /* Allow TLS 1.3 ciphersuites only. */ #define SSL_USE_TLS1_3_CIPHERS(s) \ (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS) #define SSL_PKEY_RSA_ENC 0 #define SSL_PKEY_RSA_SIGN 1 #define SSL_PKEY_DH_RSA 2 #define SSL_PKEY_ECC 3 #define SSL_PKEY_GOST01 4 #define SSL_PKEY_NUM 5 |
| ︙ | ︙ | |||
372 373 374 375 376 377 378 379 380 381 382 | int (*ssl_new)(SSL *s); void (*ssl_clear)(SSL *s); void (*ssl_free)(SSL *s); int (*ssl_accept)(SSL *s); int (*ssl_connect)(SSL *s); int (*ssl_renegotiate)(SSL *s); int (*ssl_renegotiate_check)(SSL *s); | > | < | | | 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 | int (*ssl_new)(SSL *s); void (*ssl_clear)(SSL *s); void (*ssl_free)(SSL *s); int (*ssl_accept)(SSL *s); int (*ssl_connect)(SSL *s); int (*ssl_shutdown)(SSL *s); int (*ssl_renegotiate)(SSL *s); int (*ssl_renegotiate_check)(SSL *s); int (*ssl_pending)(const SSL *s); int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, int peek); int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); const struct ssl_method_st *(*get_ssl_method)(int version); long (*get_timeout)(void); int (*ssl_version)(void); |
| ︙ | ︙ | |||
438 439 440 441 442 443 444 445 446 447 448 |
uint8_t *sigalgs;
} SSL_HANDSHAKE;
typedef struct ssl_handshake_tls13_st {
uint16_t min_version;
uint16_t max_version;
uint16_t version;
/* Version proposed by peer server. */
uint16_t server_version;
| > > > < | < < | > > > > | 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 |
uint8_t *sigalgs;
} SSL_HANDSHAKE;
typedef struct ssl_handshake_tls13_st {
uint16_t min_version;
uint16_t max_version;
uint16_t version;
int use_legacy;
int hrr;
/* Version proposed by peer server. */
uint16_t server_version;
uint16_t server_group;
struct tls13_key_share *key_share;
struct tls13_secrets *secrets;
uint8_t *cookie;
size_t cookie_len;
/* Preserved transcript hash. */
uint8_t transcript_hash[EVP_MAX_MD_SIZE];
size_t transcript_hash_len;
/* Legacy session ID. */
uint8_t legacy_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
size_t legacy_session_id_len;
} SSL_HANDSHAKE_TLS13;
typedef struct ssl_ctx_internal_st {
uint16_t min_version;
uint16_t max_version;
unsigned long options;
|
| ︙ | ︙ | |||
772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 |
int rstate; /* where we are when reading */
int mac_packet;
int empty_record_count;
} SSL_INTERNAL;
typedef struct ssl3_state_internal_st {
unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
int read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
int write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
| > > > > > > > > > > > > > > > > > > > | | | | | 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 |
int rstate; /* where we are when reading */
int mac_packet;
int empty_record_count;
} SSL_INTERNAL;
typedef struct ssl3_record_internal_st {
int type; /* type of record */
unsigned int length; /* How many bytes available */
unsigned int padding_length; /* Number of padding bytes. */
unsigned int off; /* read/write offset into 'buf' */
unsigned char *data; /* pointer to the record data */
unsigned char *input; /* where the decode bytes are */
unsigned long epoch; /* epoch number, needed by DTLS1 */
unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
} SSL3_RECORD_INTERNAL;
typedef struct ssl3_buffer_internal_st {
unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
* see ssl3_setup_buffers() */
size_t len; /* buffer size */
int offset; /* where to 'copy from' */
int left; /* how many bytes left */
} SSL3_BUFFER_INTERNAL;
typedef struct ssl3_state_internal_st {
unsigned char read_sequence[SSL3_SEQUENCE_SIZE];
int read_mac_secret_size;
unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
unsigned char write_sequence[SSL3_SEQUENCE_SIZE];
int write_mac_secret_size;
unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
SSL3_BUFFER_INTERNAL rbuf; /* read IO goes into here */
SSL3_BUFFER_INTERNAL wbuf; /* write IO goes into here */
/* we allow one fatal and one warning alert to be outstanding,
* send close alert via the warning alert */
int alert_dispatch;
unsigned char send_alert[2];
/* flags for countermeasure against known-IV weakness */
int need_empty_fragments;
int empty_fragment_done;
SSL3_RECORD_INTERNAL rrec; /* each decoded record goes in here */
SSL3_RECORD_INTERNAL wrec; /* goes out from here */
/* storage for Alert/Handshake protocol data received but not
* yet processed by ssl3_read_bytes: */
unsigned char alert_fragment[2];
unsigned int alert_fragment_len;
unsigned char handshake_fragment[4];
unsigned int handshake_fragment_len;
|
| ︙ | ︙ | |||
852 853 854 855 856 857 858 859 860 861 862 863 864 865 | unsigned long message_size; int message_type; DH *dh; EC_KEY *ecdh; /* holds short lived ECDH key */ uint8_t *x25519; int reuse_message; /* used for certificate requests */ int cert_req; | > | 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 | unsigned long message_size; int message_type; DH *dh; EC_KEY *ecdh; /* holds short lived ECDH key */ int ecdh_nid; uint8_t *x25519; int reuse_message; /* used for certificate requests */ int cert_req; |
| ︙ | ︙ | |||
892 893 894 895 896 897 898 899 900 901 902 903 904 905 |
* protocol that the server selected once the ServerHello has been
* processed.
*/
unsigned char *alpn_selected;
size_t alpn_selected_len;
} SSL3_STATE_INTERNAL;
#define S3I(s) (s->s3->internal)
typedef struct dtls1_state_internal_st {
unsigned int send_cookie;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
unsigned int cookie_len;
| > > > > > > > | 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 |
* protocol that the server selected once the ServerHello has been
* processed.
*/
unsigned char *alpn_selected;
size_t alpn_selected_len;
} SSL3_STATE_INTERNAL;
#define S3I(s) (s->s3->internal)
typedef struct dtls1_record_data_internal_st {
unsigned char *packet;
unsigned int packet_length;
SSL3_BUFFER_INTERNAL rbuf;
SSL3_RECORD_INTERNAL rrec;
} DTLS1_RECORD_DATA_INTERNAL;
typedef struct dtls1_state_internal_st {
unsigned int send_cookie;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
unsigned int cookie_len;
|
| ︙ | ︙ | |||
997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 |
int peer_cert_type;
CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
/* Obviously we don't have the private keys of these,
* so maybe we shouldn't even use the CERT_PKEY type here. */
DH *peer_dh_tmp;
EC_KEY *peer_ecdh_tmp;
uint8_t *peer_x25519_tmp;
int references; /* actually always 1 at the moment */
} SESS_CERT;
/*#define SSL_DEBUG */
/*#define RSA_DEBUG */
typedef struct ssl3_enc_method {
| > < > > > | 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 |
int peer_cert_type;
CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
/* Obviously we don't have the private keys of these,
* so maybe we shouldn't even use the CERT_PKEY type here. */
int peer_nid;
DH *peer_dh_tmp;
EC_KEY *peer_ecdh_tmp;
uint8_t *peer_x25519_tmp;
int references; /* actually always 1 at the moment */
} SESS_CERT;
/*#define SSL_DEBUG */
/*#define RSA_DEBUG */
typedef struct ssl3_enc_method {
unsigned int enc_flags;
} SSL3_ENC_METHOD;
/*
* Flag values for enc_flags.
*/
/* Uses explicit IV. */
#define SSL_ENC_FLAG_EXPLICIT_IV (1 << 0)
/* Uses signature algorithms extension. */
#define SSL_ENC_FLAG_SIGALGS (1 << 1)
/* Uses SHA256 default PRF. */
#define SSL_ENC_FLAG_SHA256_PRF (1 << 2)
/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
#define SSL_ENC_FLAG_TLS1_2_CIPHERS (1 << 4)
/* Allow TLS 1.3 ciphersuites only. */
#define SSL_ENC_FLAG_TLS1_3_CIPHERS (1 << 5)
/*
* ssl_aead_ctx_st contains information about an AEAD that is being used to
* encrypt an SSL connection.
*/
struct ssl_aead_ctx_st {
EVP_AEAD_CTX ctx;
/*
|
| ︙ | ︙ | |||
1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 |
int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
uint16_t *out_ver);
uint16_t ssl_max_server_version(SSL *s);
int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver,
uint16_t max_ver);
const SSL_METHOD *tls_legacy_client_method(void);
const SSL_METHOD *dtls1_get_client_method(int ver);
const SSL_METHOD *dtls1_get_server_method(int ver);
const SSL_METHOD *tls1_get_client_method(int ver);
const SSL_METHOD *tls1_get_server_method(int ver);
extern SSL3_ENC_METHOD DTLSv1_enc_data;
extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD TLSv1_1_enc_data;
extern SSL3_ENC_METHOD TLSv1_2_enc_data;
void ssl_clear_cipher_state(SSL *s);
void ssl_clear_cipher_read_state(SSL *s);
void ssl_clear_cipher_write_state(SSL *s);
int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
| > > | 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 |
int ssl_version_set_max(const SSL_METHOD *meth, uint16_t ver, uint16_t min_ver,
uint16_t *out_ver);
uint16_t ssl_max_server_version(SSL *s);
int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver,
uint16_t max_ver);
const SSL_METHOD *tls_legacy_client_method(void);
const SSL_METHOD *tls_legacy_server_method(void);
const SSL_METHOD *dtls1_get_client_method(int ver);
const SSL_METHOD *dtls1_get_server_method(int ver);
const SSL_METHOD *tls1_get_client_method(int ver);
const SSL_METHOD *tls1_get_server_method(int ver);
extern SSL3_ENC_METHOD DTLSv1_enc_data;
extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD TLSv1_1_enc_data;
extern SSL3_ENC_METHOD TLSv1_2_enc_data;
extern SSL3_ENC_METHOD TLSv1_3_enc_data;
void ssl_clear_cipher_state(SSL *s);
void ssl_clear_cipher_read_state(SSL *s);
void ssl_clear_cipher_write_state(SSL *s);
int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
|
| ︙ | ︙ | |||
1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 | int ssl3_send_server_key_exchange(SSL *s); int ssl3_send_certificate_request(SSL *s); int ssl3_send_server_done(SSL *s); int ssl3_get_client_certificate(SSL *s); int ssl3_get_client_key_exchange(SSL *s); int ssl3_get_cert_verify(SSL *s); int tls1_new(SSL *s); void tls1_free(SSL *s); void tls1_clear(SSL *s); int dtls1_new(SSL *s); void dtls1_free(SSL *s); void dtls1_clear(SSL *s); long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg); long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); int dtls1_get_record(SSL *s); int dtls1_dispatch_alert(SSL *s); | > > > > > > > < > | 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 |
int ssl3_send_server_key_exchange(SSL *s);
int ssl3_send_certificate_request(SSL *s);
int ssl3_send_server_done(SSL *s);
int ssl3_get_client_certificate(SSL *s);
int ssl3_get_client_key_exchange(SSL *s);
int ssl3_get_cert_verify(SSL *s);
int ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey);
int ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid);
int ssl_kex_public_ecdhe_ecp(EC_KEY *ecdh, CBB *cbb);
int ssl_kex_peer_public_ecdhe_ecp(EC_KEY *ecdh, int nid, CBS *cbs);
int ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer,
uint8_t **shared_key, size_t *shared_key_len);
int tls1_new(SSL *s);
void tls1_free(SSL *s);
void tls1_clear(SSL *s);
int dtls1_new(SSL *s);
void dtls1_free(SSL *s);
void dtls1_clear(SSL *s);
long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
int dtls1_get_record(SSL *s);
int dtls1_dispatch_alert(SSL *s);
int ssl_init_wbio_buffer(SSL *s, int push);
void ssl_free_wbio_buffer(SSL *s);
int tls1_transcript_hash_init(SSL *s);
int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len);
int tls1_transcript_hash_value(SSL *s, const unsigned char *out, size_t len,
size_t *outlen);
void tls1_transcript_hash_free(SSL *s);
int tls1_transcript_init(SSL *s);
void tls1_transcript_free(SSL *s);
void tls1_transcript_reset(SSL *s);
int tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len);
int tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len);
void tls1_transcript_freeze(SSL *s);
void tls1_transcript_unfreeze(SSL *s);
int tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len);
void tls1_cleanup_key_block(SSL *s);
int tls1_change_cipher_state(SSL *s, int which);
int tls1_setup_key_block(SSL *s);
int tls1_enc(SSL *s, int snd);
int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
|
| ︙ | ︙ | |||
1329 1330 1331 1332 1333 1334 1335 |
int tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block,
SSL_SESSION **ret);
long ssl_get_algorithm2(SSL *s);
int tls1_check_ec_server_key(SSL *s);
| < < < < < < < < < | | | | | | | | 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 |
int tls1_process_ticket(SSL *s, CBS *session_id, CBS *ext_block,
SSL_SESSION **ret);
long ssl_get_algorithm2(SSL *s);
int tls1_check_ec_server_key(SSL *s);
/* s3_cbc.c */
void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD_INTERNAL *rec,
unsigned int md_size, unsigned int orig_len);
int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD_INTERNAL *rec,
unsigned int block_size, unsigned int mac_size);
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
size_t *md_out_size, const unsigned char header[13],
const unsigned char *data, size_t data_plus_mac_size,
size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
unsigned int mac_secret_length);
int SSL_state_func_code(int _state);
#define SSLerror(s, r) SSL_error_internal(s, r, __FILE__, __LINE__)
#define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),__FILE__,__LINE__)
void SSL_error_internal(const SSL *s, int r, char *f, int l);
#ifndef OPENSSL_NO_SRTP
int srtp_find_profile_by_name(char *profile_name,
SRTP_PROTECTION_PROFILE **pptr, unsigned int len);
int srtp_find_profile_by_num(unsigned int profile_num,
SRTP_PROTECTION_PROFILE **pptr);
#endif /* OPENSSL_NO_SRTP */
__END_HIDDEN_DECLS
#endif
|
Changes to jni/libressl/ssl/ssl_methods.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_methods.c,v 1.12 2020/02/06 16:05:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
64 65 66 67 68 69 70 71 72 73 74 75 | .min_version = DTLS1_VERSION, .max_version = DTLS1_VERSION, .ssl_new = dtls1_new, .ssl_clear = dtls1_clear, .ssl_free = dtls1_free, .ssl_accept = ssl_undefined_function, .ssl_connect = ssl3_connect, .get_ssl_method = dtls1_get_client_method, .get_timeout = dtls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | | 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
.min_version = DTLS1_VERSION,
.max_version = DTLS1_VERSION,
.ssl_new = dtls1_new,
.ssl_clear = dtls1_clear,
.ssl_free = dtls1_free,
.ssl_accept = ssl_undefined_function,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = dtls1_get_client_method,
.get_timeout = dtls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = dtls1_read_bytes,
.ssl_write_bytes = dtls1_write_app_data_bytes,
.ssl3_enc = &DTLSv1_enc_data,
};
static const SSL_METHOD DTLSv1_client_method_data = {
.ssl_dispatch_alert = dtls1_dispatch_alert,
|
| ︙ | ︙ | |||
115 116 117 118 119 120 121 122 123 124 125 126 | .min_version = DTLS1_VERSION, .max_version = DTLS1_VERSION, .ssl_new = dtls1_new, .ssl_clear = dtls1_clear, .ssl_free = dtls1_free, .ssl_accept = ssl3_accept, .ssl_connect = ssl3_connect, .get_ssl_method = dtls1_get_method, .get_timeout = dtls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | | 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 |
.min_version = DTLS1_VERSION,
.max_version = DTLS1_VERSION,
.ssl_new = dtls1_new,
.ssl_clear = dtls1_clear,
.ssl_free = dtls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = dtls1_get_method,
.get_timeout = dtls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = dtls1_read_bytes,
.ssl_write_bytes = dtls1_write_app_data_bytes,
.ssl3_enc = &DTLSv1_enc_data,
};
static const SSL_METHOD DTLSv1_method_data = {
.ssl_dispatch_alert = dtls1_dispatch_alert,
|
| ︙ | ︙ | |||
164 165 166 167 168 169 170 171 172 173 174 175 | .min_version = DTLS1_VERSION, .max_version = DTLS1_VERSION, .ssl_new = dtls1_new, .ssl_clear = dtls1_clear, .ssl_free = dtls1_free, .ssl_accept = ssl3_accept, .ssl_connect = ssl_undefined_function, .get_ssl_method = dtls1_get_server_method, .get_timeout = dtls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | | 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
.min_version = DTLS1_VERSION,
.max_version = DTLS1_VERSION,
.ssl_new = dtls1_new,
.ssl_clear = dtls1_clear,
.ssl_free = dtls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl_undefined_function,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = dtls1_get_server_method,
.get_timeout = dtls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = dtls1_read_bytes,
.ssl_write_bytes = dtls1_write_app_data_bytes,
.ssl3_enc = &DTLSv1_enc_data,
};
static const SSL_METHOD DTLSv1_server_method_data = {
.ssl_dispatch_alert = dtls1_dispatch_alert,
|
| ︙ | ︙ | |||
204 205 206 207 208 209 210 |
dtls1_get_server_method(int ver)
{
if (ver == DTLS1_VERSION)
return (DTLSv1_server_method());
return (NULL);
}
| | > | | | 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 |
dtls1_get_server_method(int ver)
{
if (ver == DTLS1_VERSION)
return (DTLSv1_server_method());
return (NULL);
}
#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
.version = TLS1_3_VERSION,
.min_version = TLS1_VERSION,
.max_version = TLS1_3_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl_undefined_function,
.ssl_connect = tls13_legacy_connect,
.ssl_shutdown = tls13_legacy_shutdown,
.get_ssl_method = tls1_get_client_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
.ssl_pending = tls13_legacy_pending,
.ssl_read_bytes = tls13_legacy_read_bytes,
.ssl_write_bytes = tls13_legacy_write_bytes,
.ssl3_enc = &TLSv1_3_enc_data,
};
static const SSL_METHOD TLS_client_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
.num_ciphers = ssl3_num_ciphers,
.get_cipher = ssl3_get_cipher,
.get_cipher_by_char = ssl3_get_cipher_by_char,
|
| ︙ | ︙ | |||
244 245 246 247 248 249 250 251 252 253 254 255 | .min_version = TLS1_VERSION, .max_version = TLS1_2_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl_undefined_function, .ssl_connect = ssl3_connect, .get_ssl_method = tls1_get_client_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl_undefined_function, .ssl_renegotiate_check = ssl_ok, | > | | 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 |
.min_version = TLS1_VERSION,
.max_version = TLS1_2_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl_undefined_function,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_client_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_2_enc_data,
};
static const SSL_METHOD TLS_legacy_client_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
|
| ︙ | ︙ | |||
273 274 275 276 277 278 279 280 281 282 283 284 | .min_version = TLS1_VERSION, .max_version = TLS1_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl_undefined_function, .ssl_connect = ssl3_connect, .get_ssl_method = tls1_get_client_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | | 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 |
.min_version = TLS1_VERSION,
.max_version = TLS1_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl_undefined_function,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_client_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_enc_data,
};
static const SSL_METHOD TLSv1_client_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
|
| ︙ | ︙ | |||
302 303 304 305 306 307 308 309 310 311 312 313 | .min_version = TLS1_1_VERSION, .max_version = TLS1_1_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl_undefined_function, .ssl_connect = ssl3_connect, .get_ssl_method = tls1_get_client_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | | 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 |
.min_version = TLS1_1_VERSION,
.max_version = TLS1_1_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl_undefined_function,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_client_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_1_enc_data,
};
static const SSL_METHOD TLSv1_1_client_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
|
| ︙ | ︙ | |||
331 332 333 334 335 336 337 338 339 340 341 342 | .min_version = TLS1_2_VERSION, .max_version = TLS1_2_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl_undefined_function, .ssl_connect = ssl3_connect, .get_ssl_method = tls1_get_client_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | > > > > | | 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 |
.min_version = TLS1_2_VERSION,
.max_version = TLS1_2_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl_undefined_function,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_client_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_2_enc_data,
};
static const SSL_METHOD TLSv1_2_client_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
.num_ciphers = ssl3_num_ciphers,
.get_cipher = ssl3_get_cipher,
.get_cipher_by_char = ssl3_get_cipher_by_char,
.put_cipher_by_char = ssl3_put_cipher_by_char,
.internal = &TLSv1_2_client_method_internal_data,
};
const SSL_METHOD *
tls1_get_client_method(int ver)
{
#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
if (ver == TLS1_3_VERSION)
return (TLS_client_method());
#endif
if (ver == TLS1_2_VERSION)
return (TLSv1_2_client_method());
if (ver == TLS1_1_VERSION)
return (TLSv1_1_client_method());
if (ver == TLS1_VERSION)
return (TLSv1_client_method());
return (NULL);
}
const SSL_METHOD *
SSLv23_client_method(void)
{
return (TLS_client_method());
}
const SSL_METHOD *
TLS_client_method(void)
{
#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
return (&TLS_client_method_data);
#else
return tls_legacy_client_method();
#endif
}
const SSL_METHOD *
|
| ︙ | ︙ | |||
414 415 416 417 418 419 420 421 422 423 424 425 | .min_version = TLS1_VERSION, .max_version = TLS1_2_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl3_accept, .ssl_connect = ssl3_connect, .get_ssl_method = tls1_get_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl_undefined_function, .ssl_renegotiate_check = ssl_ok, | > | | 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 |
.min_version = TLS1_VERSION,
.max_version = TLS1_2_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_2_enc_data,
};
static const SSL_METHOD TLS_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
|
| ︙ | ︙ | |||
443 444 445 446 447 448 449 450 451 452 453 454 | .min_version = TLS1_VERSION, .max_version = TLS1_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl3_accept, .ssl_connect = ssl3_connect, .get_ssl_method = tls1_get_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | | 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 |
.min_version = TLS1_VERSION,
.max_version = TLS1_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_enc_data,
};
static const SSL_METHOD TLSv1_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
|
| ︙ | ︙ | |||
472 473 474 475 476 477 478 479 480 481 482 483 | .min_version = TLS1_1_VERSION, .max_version = TLS1_1_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl3_accept, .ssl_connect = ssl3_connect, .get_ssl_method = tls1_get_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | | 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 |
.min_version = TLS1_1_VERSION,
.max_version = TLS1_1_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_1_enc_data,
};
static const SSL_METHOD TLSv1_1_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
|
| ︙ | ︙ | |||
501 502 503 504 505 506 507 508 509 510 511 512 | .min_version = TLS1_2_VERSION, .max_version = TLS1_2_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl3_accept, .ssl_connect = ssl3_connect, .get_ssl_method = tls1_get_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | | 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 |
.min_version = TLS1_2_VERSION,
.max_version = TLS1_2_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl3_connect,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_2_enc_data,
};
static const SSL_METHOD TLSv1_2_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
|
| ︙ | ︙ | |||
563 564 565 566 567 568 569 570 |
const SSL_METHOD *
TLSv1_2_method(void)
{
return (&TLSv1_2_method_data);
}
static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
| > | | | > | | | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 |
const SSL_METHOD *
TLSv1_2_method(void)
{
return (&TLSv1_2_method_data);
}
#ifdef LIBRESSL_HAS_TLS1_3_SERVER
static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
.version = TLS1_3_VERSION,
.min_version = TLS1_VERSION,
.max_version = TLS1_3_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = tls13_legacy_accept,
.ssl_connect = ssl_undefined_function,
.ssl_shutdown = tls13_legacy_shutdown,
.get_ssl_method = tls1_get_server_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
.ssl_pending = tls13_legacy_pending,
.ssl_read_bytes = tls13_legacy_read_bytes,
.ssl_write_bytes = tls13_legacy_write_bytes,
.ssl3_enc = &TLSv1_3_enc_data,
};
static const SSL_METHOD TLS_server_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
.num_ciphers = ssl3_num_ciphers,
.get_cipher = ssl3_get_cipher,
.get_cipher_by_char = ssl3_get_cipher_by_char,
.put_cipher_by_char = ssl3_put_cipher_by_char,
.internal = &TLS_server_method_internal_data,
};
#endif
static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
.version = TLS1_2_VERSION,
.min_version = TLS1_VERSION,
.max_version = TLS1_2_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl_undefined_function,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_server_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl_undefined_function,
.ssl_renegotiate_check = ssl_ok,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_2_enc_data,
};
static const SSL_METHOD TLS_legacy_server_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
.num_ciphers = ssl3_num_ciphers,
.get_cipher = ssl3_get_cipher,
.get_cipher_by_char = ssl3_get_cipher_by_char,
.put_cipher_by_char = ssl3_put_cipher_by_char,
.internal = &TLS_legacy_server_method_internal_data,
};
static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
.version = TLS1_VERSION,
.min_version = TLS1_VERSION,
.max_version = TLS1_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl_undefined_function,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_server_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_enc_data,
};
static const SSL_METHOD TLSv1_server_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
|
| ︙ | ︙ | |||
630 631 632 633 634 635 636 637 638 639 640 641 | .min_version = TLS1_1_VERSION, .max_version = TLS1_1_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl3_accept, .ssl_connect = ssl_undefined_function, .get_ssl_method = tls1_get_server_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | | 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 |
.min_version = TLS1_1_VERSION,
.max_version = TLS1_1_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl_undefined_function,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_server_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_1_enc_data,
};
static const SSL_METHOD TLSv1_1_server_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
|
| ︙ | ︙ | |||
659 660 661 662 663 664 665 666 667 668 669 670 | .min_version = TLS1_2_VERSION, .max_version = TLS1_2_VERSION, .ssl_new = tls1_new, .ssl_clear = tls1_clear, .ssl_free = tls1_free, .ssl_accept = ssl3_accept, .ssl_connect = ssl_undefined_function, .get_ssl_method = tls1_get_server_method, .get_timeout = tls1_default_timeout, .ssl_version = ssl_undefined_void_function, .ssl_renegotiate = ssl3_renegotiate, .ssl_renegotiate_check = ssl3_renegotiate_check, | > | > > > > > > > > > > > > > > | 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 |
.min_version = TLS1_2_VERSION,
.max_version = TLS1_2_VERSION,
.ssl_new = tls1_new,
.ssl_clear = tls1_clear,
.ssl_free = tls1_free,
.ssl_accept = ssl3_accept,
.ssl_connect = ssl_undefined_function,
.ssl_shutdown = ssl3_shutdown,
.get_ssl_method = tls1_get_server_method,
.get_timeout = tls1_default_timeout,
.ssl_version = ssl_undefined_void_function,
.ssl_renegotiate = ssl3_renegotiate,
.ssl_renegotiate_check = ssl3_renegotiate_check,
.ssl_pending = ssl3_pending,
.ssl_read_bytes = ssl3_read_bytes,
.ssl_write_bytes = ssl3_write_bytes,
.ssl3_enc = &TLSv1_2_enc_data,
};
static const SSL_METHOD TLSv1_2_server_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
.num_ciphers = ssl3_num_ciphers,
.get_cipher = ssl3_get_cipher,
.get_cipher_by_char = ssl3_get_cipher_by_char,
.put_cipher_by_char = ssl3_put_cipher_by_char,
.internal = &TLSv1_2_server_method_internal_data,
};
const SSL_METHOD *
tls1_get_server_method(int ver)
{
#ifdef LIBRESSL_HAS_TLS1_3_SERVER
if (ver == TLS1_3_VERSION)
return (TLS_server_method());
#endif
if (ver == TLS1_2_VERSION)
return (TLSv1_2_server_method());
if (ver == TLS1_1_VERSION)
return (TLSv1_1_server_method());
if (ver == TLS1_VERSION)
return (TLSv1_server_method());
return (NULL);
}
const SSL_METHOD *
SSLv23_server_method(void)
{
return (TLS_server_method());
}
const SSL_METHOD *
TLS_server_method(void)
{
#ifdef LIBRESSL_HAS_TLS1_3_SERVER
return (&TLS_server_method_data);
#else
return tls_legacy_server_method();
#endif
}
const SSL_METHOD *
tls_legacy_server_method(void)
{
return (&TLS_legacy_server_method_data);
}
const SSL_METHOD *
TLSv1_server_method(void)
{
return (&TLSv1_server_method_data);
}
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_pkt.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_pkt.c,v 1.24 2020/03/16 15:25:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
116 117 118 119 120 121 122 | #include <openssl/buffer.h> #include <openssl/evp.h> #include "bytestring.h" static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | | | 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
#include <openssl/buffer.h>
#include <openssl/evp.h>
#include "bytestring.h"
static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
unsigned int len);
static int ssl3_get_record(SSL *s);
/*
* Force a WANT_READ return for certain error conditions where
* we don't want to spin internally.
*/
static void
|
| ︙ | ︙ | |||
148 149 150 151 152 153 154 |
*/
static int
ssl3_read_n(SSL *s, int n, int max, int extend)
{
int i, len, left;
size_t align;
unsigned char *pkt;
| | | 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 |
*/
static int
ssl3_read_n(SSL *s, int n, int max, int extend)
{
int i, len, left;
size_t align;
unsigned char *pkt;
SSL3_BUFFER_INTERNAL *rb;
if (n <= 0)
return n;
rb = &(S3I(s)->rbuf);
if (rb->buf == NULL)
if (!ssl3_setup_read_buffer(s))
|
| ︙ | ︙ | |||
325 326 327 328 329 330 331 |
*/
/* used only by ssl3_read_bytes */
static int
ssl3_get_record(SSL *s)
{
int al;
int enc_err, n, i, ret = -1;
| | | | 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 |
*/
/* used only by ssl3_read_bytes */
static int
ssl3_get_record(SSL *s)
{
int al;
int enc_err, n, i, ret = -1;
SSL3_RECORD_INTERNAL *rr;
SSL_SESSION *sess;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mac_size, orig_len;
rr = &(S3I(s)->rrec);
sess = s->session;
again:
/* check if we have the header */
if ((s->internal->rstate != SSL_ST_READ_BODY) ||
|
| ︙ | ︙ | |||
356 357 358 359 360 361 362 | if ((ret = ssl_server_legacy_first_packet(s)) != 1) return (ret); ret = -1; } CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH); | | | 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 |
if ((ret = ssl_server_legacy_first_packet(s)) != 1)
return (ret);
ret = -1;
}
CBS_init(&header, s->internal->packet, SSL3_RT_HEADER_LENGTH);
/* Pull apart the header into the SSL3_RECORD_INTERNAL */
if (!CBS_get_u8(&header, &type) ||
!CBS_get_u16(&header, &ssl_version) ||
!CBS_get_u16(&header, &len)) {
SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
goto err;
}
|
| ︙ | ︙ | |||
427 428 429 430 431 432 433 | SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); goto f_err; } /* decrypt in place in 'rr->input' */ rr->data = rr->input; | < | | < < | | 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 |
SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
goto f_err;
}
/* decrypt in place in 'rr->input' */
rr->data = rr->input;
/* enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
* -1: if the padding is invalid */
if ((enc_err = tls1_enc(s, 0)) == 0) {
al = SSL_AD_BAD_RECORD_MAC;
SSLerror(s, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
goto f_err;
}
/* r->length is now the compressed data plus mac */
if ((sess != NULL) && (s->enc_read_ctx != NULL) &&
(EVP_MD_CTX_md(s->read_hash) != NULL)) {
/* s->read_hash != NULL => mac_size != -1 */
unsigned char *mac = NULL;
unsigned char mac_tmp[EVP_MAX_MD_SIZE];
mac_size = EVP_MD_CTX_size(s->read_hash);
OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
orig_len = rr->length + rr->padding_length;
/* orig_len is the length of the record before any padding was
* removed. This is public information, as is the MAC in use,
* therefore we can safely process the record in a different
* amount of time if it's too short to possibly contain a MAC.
*/
if (orig_len < mac_size ||
|
| ︙ | ︙ | |||
592 593 594 595 596 597 598 |
n = (len - tot);
for (;;) {
if (n > s->max_send_fragment)
nw = s->max_send_fragment;
else
nw = n;
| | | 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 |
n = (len - tot);
for (;;) {
if (n > s->max_send_fragment)
nw = s->max_send_fragment;
else
nw = n;
i = do_ssl3_write(s, type, &(buf[tot]), nw);
if (i <= 0) {
S3I(s)->wnum = tot;
return i;
}
if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
(s->internal->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
|
| ︙ | ︙ | |||
616 617 618 619 620 621 622 | n -= i; tot += i; } } static int | | | < < < < < | < | | < < < | < < < < | < < < < < < < < < < | | < < < < < < | | < < < < < < < < < < < < < | | < < < < < < < | < < | < < < < < < < < < < < < | < | < < | < | | < < | | < < < < < < | < < < | > < | | | | > > > | > | > > | > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > | > > > > > > > > > | 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 |
n -= i;
tot += i;
}
}
static int
ssl3_create_record(SSL *s, unsigned char *p, int type, const unsigned char *buf,
unsigned int len)
{
SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
SSL_SESSION *sess = s->session;
int eivlen, mac_size;
uint16_t version;
CBB cbb;
memset(&cbb, 0, sizeof(cbb));
if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) ||
(EVP_MD_CTX_md(s->internal->write_hash) == NULL)) {
mac_size = 0;
} else {
mac_size = EVP_MD_CTX_size(s->internal->write_hash);
if (mac_size < 0)
goto err;
}
/*
* Some servers hang if initial client hello is larger than 256
* bytes and record version number > TLS 1.0.
*/
version = s->version;
if (S3I(s)->hs.state == SSL3_ST_CW_CLNT_HELLO_B && !s->internal->renegotiate &&
TLS1_get_version(s) > TLS1_VERSION)
version = TLS1_VERSION;
if (!CBB_init_fixed(&cbb, p, SSL3_RT_HEADER_LENGTH))
goto err;
/* Write the header. */
if (!CBB_add_u8(&cbb, type))
goto err;
if (!CBB_add_u16(&cbb, version))
goto err;
p += SSL3_RT_HEADER_LENGTH;
/* Explicit IV length. */
eivlen = 0;
if (s->internal->enc_write_ctx && SSL_USE_EXPLICIT_IV(s)) {
int mode = EVP_CIPHER_CTX_mode(s->internal->enc_write_ctx);
if (mode == EVP_CIPH_CBC_MODE) {
eivlen = EVP_CIPHER_CTX_iv_length(s->internal->enc_write_ctx);
if (eivlen <= 1)
eivlen = 0;
}
} else if (s->internal->aead_write_ctx != NULL &&
s->internal->aead_write_ctx->variable_nonce_in_record) {
eivlen = s->internal->aead_write_ctx->variable_nonce_len;
}
/* lets setup the record stuff. */
wr->type = type;
wr->data = p + eivlen;
wr->length = (int)len;
wr->input = (unsigned char *)buf;
/* we now 'read' from wr->input, wr->length bytes into wr->data */
memcpy(wr->data, wr->input, wr->length);
wr->input = wr->data;
/* we should still have the output to wr->data and the input
* from wr->input. Length should be wr->length.
* wr->data still points in the wb->buf */
if (mac_size != 0) {
if (tls1_mac(s, &(p[wr->length + eivlen]), 1) < 0)
goto err;
wr->length += mac_size;
}
wr->input = p;
wr->data = p;
if (eivlen) {
/* if (RAND_pseudo_bytes(p, eivlen) <= 0)
goto err;
*/
wr->length += eivlen;
}
/* tls1_enc can only have an error on read */
tls1_enc(s, 1);
/* record length after mac and block padding */
if (!CBB_add_u16(&cbb, wr->length))
goto err;
if (!CBB_finish(&cbb, NULL, NULL))
goto err;
/* we should now have
* wr->data pointing to the encrypted data, which is
* wr->length long */
wr->type = type; /* not needed but helps for debugging */
wr->length += SSL3_RT_HEADER_LENGTH;
return 1;
err:
CBB_cleanup(&cbb);
return 0;
}
static int
do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
SSL3_RECORD_INTERNAL *wr = &(S3I(s)->wrec);
SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
SSL_SESSION *sess = s->session;
unsigned char *p;
int i, clear = 0;
int prefix_len = 0;
size_t align;
if (wb->buf == NULL)
if (!ssl3_setup_write_buffer(s))
return -1;
/* first check if there is a SSL3_BUFFER_INTERNAL still being written
* out. This will happen with non blocking IO */
if (wb->left != 0)
return (ssl3_write_pending(s, type, buf, len));
/* If we have an alert to send, lets send it */
if (S3I(s)->alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
if (i <= 0)
return (i);
/* if it went, fall through and send more stuff */
/* we may have released our buffer, so get it again */
if (wb->buf == NULL)
if (!ssl3_setup_write_buffer(s))
return -1;
}
if (len == 0)
return 0;
align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
p = wb->buf + align;
wb->offset = align;
if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) ||
(EVP_MD_CTX_md(s->internal->write_hash) == NULL)) {
clear = s->internal->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
}
if (!clear && !S3I(s)->empty_fragment_done) {
/*
* Countermeasure against known-IV weakness in CBC ciphersuites
* (see http://www.openssl.org/~bodo/tls-cbc.txt)
*/
if (S3I(s)->need_empty_fragments &&
type == SSL3_RT_APPLICATION_DATA) {
/* extra fragment would be couple of cipher blocks,
* which would be multiple of SSL3_ALIGN_PAYLOAD, so
* if we want to align the real payload, then we can
* just pretent we simply have two headers. */
align = (size_t)wb->buf + 2 * SSL3_RT_HEADER_LENGTH;
align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
p = wb->buf + align;
wb->offset = align;
if (!ssl3_create_record(s, p, type, buf, 0))
goto err;
prefix_len = wr->length;
if (prefix_len > (SSL3_RT_HEADER_LENGTH +
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
/* insufficient space */
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
p = wb->buf + wb->offset + prefix_len;
}
S3I(s)->empty_fragment_done = 1;
}
if (!ssl3_create_record(s, p, type, buf, len))
goto err;
/* now let's set up wb */
wb->left = prefix_len + wr->length;
/* memorize arguments so that ssl3_write_pending can detect
* bad write retries later */
S3I(s)->wpend_tot = len;
|
| ︙ | ︙ | |||
819 820 821 822 823 824 825 |
}
/* if S3I(s)->wbuf.left != 0, we need to call this */
int
ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
int i;
| | | 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 |
}
/* if S3I(s)->wbuf.left != 0, we need to call this */
int
ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
{
int i;
SSL3_BUFFER_INTERNAL *wb = &(S3I(s)->wbuf);
/* XXXX */
if ((S3I(s)->wpend_tot > (int)len) || ((S3I(s)->wpend_buf != buf) &&
!(s->internal->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
(S3I(s)->wpend_type != type)) {
SSLerror(s, SSL_R_BAD_WRITE_RETRY);
return (-1);
|
| ︙ | ︙ | |||
895 896 897 898 899 900 901 |
*/
int
ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
{
void (*cb)(const SSL *ssl, int type2, int val) = NULL;
int al, i, j, ret, rrcount = 0;
unsigned int n;
| | | 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 |
*/
int
ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
{
void (*cb)(const SSL *ssl, int type2, int val) = NULL;
int al, i, j, ret, rrcount = 0;
unsigned int n;
SSL3_RECORD_INTERNAL *rr;
if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */
if (!ssl3_setup_read_buffer(s))
return (-1);
if (len < 0) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
|
| ︙ | ︙ | |||
1417 1418 1419 1420 1421 1422 1423 |
int
ssl3_dispatch_alert(SSL *s)
{
int i, j;
void (*cb)(const SSL *ssl, int type, int val) = NULL;
S3I(s)->alert_dispatch = 0;
| | | 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 |
int
ssl3_dispatch_alert(SSL *s)
{
int i, j;
void (*cb)(const SSL *ssl, int type, int val) = NULL;
S3I(s)->alert_dispatch = 0;
i = do_ssl3_write(s, SSL3_RT_ALERT, &S3I(s)->send_alert[0], 2);
if (i <= 0) {
S3I(s)->alert_dispatch = 1;
} else {
/* Alert sent to BIO. If it is important, flush it now.
* If the message does not get sent due to non-blocking IO,
* we will not worry too much. */
if (S3I(s)->send_alert[0] == SSL3_AL_FATAL)
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_srvr.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_srvr.c,v 1.73 2020/03/06 16:31:30 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
797 798 799 800 801 802 803 | int i, j, ok, al, ret = -1, cookie_valid = 0; long n; unsigned long id; SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *ciphers = NULL; unsigned long alg_k; const SSL_METHOD *method; | | | | 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 |
int i, j, ok, al, ret = -1, cookie_valid = 0;
long n;
unsigned long id;
SSL_CIPHER *c;
STACK_OF(SSL_CIPHER) *ciphers = NULL;
unsigned long alg_k;
const SSL_METHOD *method;
uint16_t max_version, shared_version;
/*
* We do this so that we will respond with our native type.
* If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
* This down switching should be handled by a different method.
* If we are SSLv3, we will respond with SSLv3, even if prompted with
* TLSv1.
*/
if (S3I(s)->hs.state == SSL3_ST_SR_CLNT_HELLO_A) {
S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
}
s->internal->first_packet = 1;
n = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
SSL3_RT_MAX_PLAIN_LENGTH, &ok);
if (!ok)
return ((int)n);
s->internal->first_packet = 0;
if (n < 0)
|
| ︙ | ︙ | |||
1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 |
/*
* Check if we want to use external pre-shared secret for this
* handshake for not reused session only. We need to generate
* server_random before calling tls_session_secret_cb in order to allow
* SessionTicket processing to use it in key derivation.
*/
arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
if (!s->internal->hit && s->internal->tls_session_secret_cb) {
SSL_CIPHER *pref_cipher = NULL;
s->session->master_key_length = sizeof(s->session->master_key);
if (s->internal->tls_session_secret_cb(s, s->session->master_key,
&s->session->master_key_length, ciphers, &pref_cipher,
| > > > > > > > > > > > > > > > > > > > > > > > | 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 |
/*
* Check if we want to use external pre-shared secret for this
* handshake for not reused session only. We need to generate
* server_random before calling tls_session_secret_cb in order to allow
* SessionTicket processing to use it in key derivation.
*/
arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
if (!SSL_IS_DTLS(s) && !ssl_enabled_version_range(s, NULL, &max_version))
goto err;
if (!SSL_IS_DTLS(s) && max_version >= TLS1_2_VERSION &&
s->version < max_version) {
/*
* RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3
* we must set the last 8 bytes of the server random to magical
* values to indicate we meant to downgrade. For TLS 1.2 it is
* recommended that we do the same.
*/
size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12);
uint8_t *magic = &s->s3->server_random[index];
if (s->version == TLS1_2_VERSION) {
/* Indicate we chose to downgrade to 1.2. */
memcpy(magic, tls13_downgrade_12,
sizeof(tls13_downgrade_12));
} else {
/* Indicate we chose to downgrade to 1.1 or lower */
memcpy(magic, tls13_downgrade_11,
sizeof(tls13_downgrade_11));
}
}
if (!s->internal->hit && s->internal->tls_session_secret_cb) {
SSL_CIPHER *pref_cipher = NULL;
s->session->master_key_length = sizeof(s->session->master_key);
if (s->internal->tls_session_secret_cb(s, s->session->master_key,
&s->session->master_key_length, ciphers, &pref_cipher,
|
| ︙ | ︙ | |||
1324 1325 1326 1327 1328 1329 1330 |
err:
return (-1);
}
static int
ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
{
| < < < < < | > | < | < < < < < < < < < < < < < < < < < < | < | < < < < < < < < < | | | > > > | 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 |
err:
return (-1);
}
static int
ssl3_send_server_kex_ecdhe_ecp(SSL *s, int nid, CBB *cbb)
{
int curve_id = 0;
EC_KEY *ecdh;
CBB ecpoint;
int al;
/*
* Only named curves are supported in ECDH ephemeral key exchanges.
* For supported named curves, curve_id is non-zero.
*/
if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
goto err;
}
if (S3I(s)->tmp.ecdh != NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
if ((S3I(s)->tmp.ecdh = EC_KEY_new()) == NULL) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerror(s, SSL_R_MISSING_TMP_ECDH_KEY);
goto f_err;
}
S3I(s)->tmp.ecdh_nid = nid;
ecdh = S3I(s)->tmp.ecdh;
if (!ssl_kex_generate_ecdhe_ecp(ecdh, nid))
goto err;
/*
* Encode the public key.
*
* Only named curves are supported in ECDH ephemeral key exchanges.
* In this case the ServerKeyExchange message has:
* [1 byte CurveType], [2 byte CurveName]
* [1 byte length of encoded point], followed by
* the actual encoded point itself.
*/
if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE))
goto err;
if (!CBB_add_u16(cbb, curve_id))
goto err;
if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
goto err;
if (!ssl_kex_public_ecdhe_ecp(ecdh, &ecpoint))
goto err;
if (!CBB_flush(cbb))
goto err;
return (1);
f_err:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
err:
return (-1);
}
static int
ssl3_send_server_kex_ecdhe_ecx(SSL *s, int nid, CBB *cbb)
{
uint8_t *public_key = NULL, *private_key = NULL;
int curve_id;
CBB ecpoint;
int ret = -1;
/* Generate an X25519 key pair. */
if (S3I(s)->tmp.x25519 != NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
if ((private_key = malloc(X25519_KEY_LENGTH)) == NULL)
goto err;
if ((public_key = malloc(X25519_KEY_LENGTH)) == NULL)
goto err;
X25519_keypair(public_key, private_key);
/* Serialize public key. */
if ((curve_id = tls1_ec_nid2curve_id(nid)) == 0) {
SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
goto err;
}
if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE))
goto err;
if (!CBB_add_u16(cbb, curve_id))
goto err;
if (!CBB_add_u8_length_prefixed(cbb, &ecpoint))
goto err;
if (!CBB_add_bytes(&ecpoint, public_key, X25519_KEY_LENGTH))
goto err;
if (!CBB_flush(cbb))
goto err;
S3I(s)->tmp.x25519 = private_key;
private_key = NULL;
ret = 1;
err:
free(public_key);
freezero(private_key, X25519_KEY_LENGTH);
return (ret);
}
static int
ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb)
{
|
| ︙ | ︙ | |||
1838 1839 1840 1841 1842 1843 1844 |
return (-1);
}
static int
ssl3_get_client_kex_ecdhe_ecp(SSL *s, CBS *cbs)
{
| | | < | < < < < < < < | < < < < < < < | < | | < < < | < < > > | | < < > < < < > | < | | 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 |
return (-1);
}
static int
ssl3_get_client_kex_ecdhe_ecp(SSL *s, CBS *cbs)
{
uint8_t *key = NULL;
size_t key_len = 0;
EC_KEY *ecdh_peer = NULL;
EC_KEY *ecdh;
CBS public;
int ret = -1;
/*
* Use the ephemeral values we saved when generating the
* ServerKeyExchange message.
*/
if ((ecdh = S3I(s)->tmp.ecdh) == NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
/*
* Get client's public key from encoded point in the ClientKeyExchange
* message.
*/
if (!CBS_get_u8_length_prefixed(cbs, &public))
goto err;
if (CBS_len(cbs) != 0)
goto err;
if ((ecdh_peer = EC_KEY_new()) == NULL)
goto err;
if (!ssl_kex_peer_public_ecdhe_ecp(ecdh_peer, S3I(s)->tmp.ecdh_nid,
&public))
goto err;
/* Derive the shared secret and compute master secret. */
if (!ssl_kex_derive_ecdhe_ecp(ecdh, ecdh_peer, &key, &key_len))
goto err;
s->session->master_key_length = tls1_generate_master_secret(s,
s->session->master_key, key, key_len);
EC_KEY_free(S3I(s)->tmp.ecdh);
S3I(s)->tmp.ecdh = NULL;
S3I(s)->tmp.ecdh_nid = NID_undef;
ret = 1;
err:
freezero(key, key_len);
EC_KEY_free(ecdh_peer);
return (ret);
}
static int
ssl3_get_client_kex_ecdhe_ecx(SSL *s, CBS *cbs)
{
|
| ︙ | ︙ | |||
2037 2038 2039 2040 2041 2042 2043 |
{
unsigned long alg_k;
int al, ok;
CBS cbs;
long n;
/* 2048 maxlen is a guess. How long a key does that permit? */
| | | 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 |
{
unsigned long alg_k;
int al, ok;
CBS cbs;
long n;
/* 2048 maxlen is a guess. How long a key does that permit? */
n = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
if (!ok)
return ((int)n);
if (n < 0)
goto err;
|
| ︙ | ︙ | |||
2099 2100 2101 2102 2103 2104 2105 | size_t hdatalen; int type = 0; int ret = 0; long n; EVP_MD_CTX_init(&mctx); | | | 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 | size_t hdatalen; int type = 0; int ret = 0; long n; EVP_MD_CTX_init(&mctx); n = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return ((int)n); if (n < 0) goto err; |
| ︙ | ︙ | |||
2322 2323 2324 2325 2326 2327 2328 | CBS cbs, client_certs; int i, ok, al, ret = -1; X509 *x = NULL; long n; const unsigned char *q; STACK_OF(X509) *sk = NULL; | | < | 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 |
CBS cbs, client_certs;
int i, ok, al, ret = -1;
X509 *x = NULL;
long n;
const unsigned char *q;
STACK_OF(X509) *sk = NULL;
n = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
-1, s->internal->max_cert_list, &ok);
if (!ok)
return ((int)n);
if (S3I(s)->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
if ((s->verify_mode & SSL_VERIFY_PEER) &&
(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_tlsext.c.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | /* $OpenBSD: ssl_tlsext.c,v 1.63 2020/04/21 17:06:16 jsing Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include <openssl/ocsp.h> #include "ssl_locl.h" #include "bytestring.h" #include "ssl_sigalgs.h" #include "ssl_tlsext.h" |
| ︙ | ︙ | |||
439 440 441 442 443 444 445 |
*alert = SSL_AD_DECODE_ERROR;
return 0;
}
int
tlsext_ri_server_needs(SSL *s)
{
| | | 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 |
*alert = SSL_AD_DECODE_ERROR;
return 0;
}
int
tlsext_ri_server_needs(SSL *s)
{
return (s->version < TLS1_3_VERSION && S3I(s)->send_connection_binding);
}
int
tlsext_ri_server_build(SSL *s, CBB *cbb)
{
CBB reneg;
|
| ︙ | ︙ | |||
567 568 569 570 571 572 573 |
return 1;
}
int
tlsext_sigalgs_server_needs(SSL *s)
{
| | > > > > > > > > > > | > > > > > > > > > | > | > > > > > > > > > | 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 |
return 1;
}
int
tlsext_sigalgs_server_needs(SSL *s)
{
return (s->version >= TLS1_3_VERSION);
}
int
tlsext_sigalgs_server_build(SSL *s, CBB *cbb)
{
uint16_t *tls_sigalgs = tls12_sigalgs;
size_t tls_sigalgs_len = tls12_sigalgs_len;
CBB sigalgs;
if (s->version >= TLS1_3_VERSION) {
tls_sigalgs = tls13_sigalgs;
tls_sigalgs_len = tls13_sigalgs_len;
}
if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
return 0;
if (!ssl_sigalgs_build(&sigalgs, tls_sigalgs, tls_sigalgs_len))
return 0;
if (!CBB_flush(cbb))
return 0;
return 1;
}
int
tlsext_sigalgs_client_parse(SSL *s, CBS *cbs, int *alert)
{
CBS sigalgs;
if (s->version < TLS1_3_VERSION)
return 0;
if (!CBS_get_u16_length_prefixed(cbs, &sigalgs))
return 0;
if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64)
return 0;
if (!CBS_stow(&sigalgs, &S3I(s)->hs.sigalgs, &S3I(s)->hs.sigalgs_len))
return 0;
return 1;
}
/*
* Server Name Indication - RFC 6066, section 3.
*/
int
tlsext_sni_client_needs(SSL *s)
|
| ︙ | ︙ | |||
777 778 779 780 781 782 783 |
return 0;
return 1;
}
int
tlsext_ocsp_server_parse(SSL *s, CBS *cbs, int *alert)
{
| | | 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 |
return 0;
return 1;
}
int
tlsext_ocsp_server_parse(SSL *s, CBS *cbs, int *alert)
{
int alert_desc = SSL_AD_DECODE_ERROR;
CBS respid_list, respid, exts;
const unsigned char *p;
uint8_t status_type;
int ret = 0;
if (!CBS_get_u8(cbs, &status_type))
goto err;
|
| ︙ | ︙ | |||
805 806 807 808 809 810 811 |
/* XXX */
sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
s->internal->tlsext_ocsp_ids = NULL;
if (CBS_len(&respid_list) > 0) {
s->internal->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
if (s->internal->tlsext_ocsp_ids == NULL) {
| | | | 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 |
/* XXX */
sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free);
s->internal->tlsext_ocsp_ids = NULL;
if (CBS_len(&respid_list) > 0) {
s->internal->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
if (s->internal->tlsext_ocsp_ids == NULL) {
alert_desc = SSL_AD_INTERNAL_ERROR;
goto err;
}
}
while (CBS_len(&respid_list) > 0) {
OCSP_RESPID *id;
if (!CBS_get_u16_length_prefixed(&respid_list, &respid))
goto err;
p = CBS_data(&respid);
if ((id = d2i_OCSP_RESPID(NULL, &p, CBS_len(&respid))) == NULL)
goto err;
if (!sk_OCSP_RESPID_push(s->internal->tlsext_ocsp_ids, id)) {
alert_desc = SSL_AD_INTERNAL_ERROR;
OCSP_RESPID_free(id);
goto err;
}
}
/* Read in request_extensions */
if (!CBS_get_u16_length_prefixed(cbs, &exts))
|
| ︙ | ︙ | |||
844 845 846 847 848 849 850 | /* should be nothing left */ if (CBS_len(cbs) > 0) goto err; ret = 1; err: if (ret == 0) | | | 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 |
/* should be nothing left */
if (CBS_len(cbs) > 0)
goto err;
ret = 1;
err:
if (ret == 0)
*alert = alert_desc;
return ret;
}
int
tlsext_ocsp_server_needs(SSL *s)
{
return s->internal->tlsext_status_expected;
|
| ︙ | ︙ | |||
1222 1223 1224 1225 1226 1227 1228 |
return (!SSL_IS_DTLS(s) && S3I(s)->hs_tls13.max_version >=
TLS1_3_VERSION);
}
int
tlsext_keyshare_client_build(SSL *s, CBB *cbb)
{
| < | < < | < < < < < < < < < < | | < < < < < < < | < < < < | | < < < < < < > | > > > > | < < > > > | > | > > < > > > | | < | 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 |
return (!SSL_IS_DTLS(s) && S3I(s)->hs_tls13.max_version >=
TLS1_3_VERSION);
}
int
tlsext_keyshare_client_build(SSL *s, CBB *cbb)
{
CBB client_shares;
if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
return 0;
if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share,
&client_shares))
return 0;
if (!CBB_flush(cbb))
return 0;
return 1;
}
int
tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert)
{
CBS client_shares, key_exchange;
uint16_t group;
if (!CBS_get_u16_length_prefixed(cbs, &client_shares))
goto err;
while (CBS_len(&client_shares) > 0) {
/* Unpack client share. */
if (!CBS_get_u16(&client_shares, &group))
goto err;
if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange))
return 0;
/*
* XXX - check key exchange against supported groups from client.
* XXX - check that groups only appear once.
*/
/*
* Ignore this client share if we're using earlier than TLSv1.3
* or we've already selected a key share.
*/
if (S3I(s)->hs_tls13.max_version < TLS1_3_VERSION)
continue;
if (S3I(s)->hs_tls13.key_share != NULL)
continue;
/* XXX - consider implementing server preference. */
if (!tls1_check_curve(s, group))
continue;
/* Decode and store the selected key share. */
S3I(s)->hs_tls13.key_share = tls13_key_share_new(group);
if (S3I(s)->hs_tls13.key_share == NULL)
goto err;
if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share,
group, &key_exchange))
goto err;
}
return 1;
err:
*alert = SSL_AD_DECODE_ERROR;
|
| ︙ | ︙ | |||
1320 1321 1322 1323 1324 1325 1326 |
return tlsext_extension_seen(s, TLSEXT_TYPE_key_share);
}
int
tlsext_keyshare_server_build(SSL *s, CBB *cbb)
{
| < < < < < < | < < < < < < | < < < < < < < < < < < < < < | < < < < | < | > > | | | > | < > | | | | 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 |
return tlsext_extension_seen(s, TLSEXT_TYPE_key_share);
}
int
tlsext_keyshare_server_build(SSL *s, CBB *cbb)
{
if (S3I(s)->hs_tls13.key_share == NULL)
return 0;
if (!tls13_key_share_public(S3I(s)->hs_tls13.key_share, cbb))
return 0;
return 1;
}
int
tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert)
{
CBS key_exchange;
uint16_t group;
/* Unpack server share. */
if (!CBS_get_u16(cbs, &group))
goto err;
if (CBS_len(cbs) == 0) {
/* HRR does not include an actual key share. */
/* XXX - we should know that we are in a HRR... */
S3I(s)->hs_tls13.server_group = group;
return 1;
}
if (!CBS_get_u16_length_prefixed(cbs, &key_exchange))
return 0;
if (S3I(s)->hs_tls13.key_share == NULL)
return 0;
if (!tls13_key_share_peer_public(S3I(s)->hs_tls13.key_share,
group, &key_exchange))
goto err;
return 1;
err:
*alert = SSL_AD_DECODE_ERROR;
return 0;
|
| ︙ | ︙ | |||
1914 1915 1916 1917 1918 1919 1920 | if (!ext->build(s, &extension_data)) return 0; extensions_present = 1; } | | > > | | | | | | | | | | > > > > > | 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 |
if (!ext->build(s, &extension_data))
return 0;
extensions_present = 1;
}
if (!extensions_present &&
(msg_type & (SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH)) != 0)
CBB_discard_child(cbb);
if (!CBB_flush(cbb))
return 0;
return 1;
}
static int
tlsext_parse(SSL *s, CBS *cbs, int *alert, int is_server, uint16_t msg_type)
{
struct tls_extension_funcs *ext;
struct tls_extension *tlsext;
CBS extensions, extension_data;
uint16_t type;
size_t idx;
uint16_t version;
int alert_desc;
S3I(s)->hs.extensions_seen = 0;
if (is_server)
version = s->version;
else
version = TLS1_get_client_version(s);
/* An empty extensions block is valid. */
if (CBS_len(cbs) == 0)
return 1;
alert_desc = SSL_AD_DECODE_ERROR;
if (!CBS_get_u16_length_prefixed(cbs, &extensions))
goto err;
while (CBS_len(&extensions) > 0) {
if (!CBS_get_u16(&extensions, &type))
goto err;
if (!CBS_get_u16_length_prefixed(&extensions, &extension_data))
goto err;
if (s->internal->tlsext_debug_cb != NULL)
s->internal->tlsext_debug_cb(s, is_server, type,
(unsigned char *)CBS_data(&extension_data),
CBS_len(&extension_data),
s->internal->tlsext_debug_arg);
/* Unknown extensions are ignored. */
if ((tlsext = tls_extension_find(type, &idx)) == NULL)
continue;
/* RFC 8446 Section 4.2 */
if (version >= TLS1_3_VERSION &&
!(tlsext->messages & msg_type)) {
alert_desc = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
/* Check for duplicate known extensions. */
if ((S3I(s)->hs.extensions_seen & (1 << idx)) != 0)
goto err;
S3I(s)->hs.extensions_seen |= (1 << idx);
ext = tlsext_funcs(tlsext, is_server);
if (!ext->parse(s, &extension_data, &alert_desc))
goto err;
if (CBS_len(&extension_data) != 0)
goto err;
}
return 1;
err:
*alert = alert_desc;
return 0;
}
static void
tlsext_server_reset_state(SSL *s)
{
s->internal->servername_done = 0;
s->tlsext_status_type = -1;
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_tlsext.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_tlsext.h,v 1.22 2020/01/25 12:58:27 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> * Copyright (c) 2019 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above |
| ︙ | ︙ | |||
23 24 25 26 27 28 29 | /* TLSv1.3 - RFC 8446 Section 4.2. */ #define SSL_TLSEXT_MSG_CH 0x0001 /* ClientHello */ #define SSL_TLSEXT_MSG_SH 0x0002 /* ServerHello */ #define SSL_TLSEXT_MSG_EE 0x0004 /* EncryptedExtension */ #define SSL_TLSEXT_MSG_CT 0x0008 /* Certificate */ #define SSL_TLSEXT_MSG_CR 0x0010 /* CertificateRequest */ #define SSL_TLSEXT_MSG_NST 0x0020 /* NewSessionTicket */ | | | 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | /* TLSv1.3 - RFC 8446 Section 4.2. */ #define SSL_TLSEXT_MSG_CH 0x0001 /* ClientHello */ #define SSL_TLSEXT_MSG_SH 0x0002 /* ServerHello */ #define SSL_TLSEXT_MSG_EE 0x0004 /* EncryptedExtension */ #define SSL_TLSEXT_MSG_CT 0x0008 /* Certificate */ #define SSL_TLSEXT_MSG_CR 0x0010 /* CertificateRequest */ #define SSL_TLSEXT_MSG_NST 0x0020 /* NewSessionTicket */ #define SSL_TLSEXT_MSG_HRR 0x0040 /* HelloRetryRequest */ __BEGIN_HIDDEN_DECLS int tlsext_alpn_client_needs(SSL *s); int tlsext_alpn_client_build(SSL *s, CBB *cbb); int tlsext_alpn_client_parse(SSL *s, CBS *cbs, int *alert); int tlsext_alpn_server_needs(SSL *s); |
| ︙ | ︙ |
Changes to jni/libressl/ssl/ssl_transcript.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: ssl_transcript.c,v 1.2 2020/02/05 16:47:34 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
138 139 140 141 142 143 144 | * due to yet another bad API design, when called with a length of zero * it is impossible to tell if it succeeded (returning a length of zero) * or if it failed (and returned zero)... our implementation never * fails with a length of zero, so we trust all is okay... */ (void)BUF_MEM_grow_clean(S3I(s)->handshake_transcript, 0); | | | 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
* due to yet another bad API design, when called with a length of zero
* it is impossible to tell if it succeeded (returning a length of zero)
* or if it failed (and returned zero)... our implementation never
* fails with a length of zero, so we trust all is okay...
*/
(void)BUF_MEM_grow_clean(S3I(s)->handshake_transcript, 0);
tls1_transcript_unfreeze(s);
}
int
tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len)
{
size_t olen, nlen;
|
| ︙ | ︙ | |||
183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 |
}
void
tls1_transcript_freeze(SSL *s)
{
s->s3->flags |= TLS1_FLAGS_FREEZE_TRANSCRIPT;
}
int
tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len)
{
if (!tls1_transcript_hash_update(s, buf, len))
return 0;
if (!tls1_transcript_append(s, buf, len))
return 0;
return 1;
}
| > > > > > > | 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 |
}
void
tls1_transcript_freeze(SSL *s)
{
s->s3->flags |= TLS1_FLAGS_FREEZE_TRANSCRIPT;
}
void
tls1_transcript_unfreeze(SSL *s)
{
s->s3->flags &= ~TLS1_FLAGS_FREEZE_TRANSCRIPT;
}
int
tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len)
{
if (!tls1_transcript_hash_update(s, buf, len))
return 0;
if (!tls1_transcript_append(s, buf, len))
return 0;
return 1;
}
|
Changes to jni/libressl/ssl/t1_enc.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: t1_enc.c,v 1.122 2020/03/16 15:25:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
332 333 334 335 336 337 338 | } return (1); } static int tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key, | | > > > > < | 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 |
}
return (1);
}
static int
tls1_change_cipher_state_aead(SSL *s, char is_read, const unsigned char *key,
unsigned int key_len, const unsigned char *iv, unsigned int iv_len)
{
const EVP_AEAD *aead = S3I(s)->tmp.new_aead;
SSL_AEAD_CTX *aead_ctx;
/* XXX - Need to avoid clearing write state for DTLS. */
if (SSL_IS_DTLS(s))
return 0;
if (is_read) {
ssl_clear_cipher_read_state(s);
if (!tls1_aead_ctx_init(&s->internal->aead_read_ctx))
return 0;
aead_ctx = s->internal->aead_read_ctx;
} else {
ssl_clear_cipher_write_state(s);
if (!tls1_aead_ctx_init(&s->internal->aead_write_ctx))
return 0;
aead_ctx = s->internal->aead_write_ctx;
}
if (!EVP_AEAD_CTX_init(&aead_ctx->ctx, aead, key, key_len,
|
| ︙ | ︙ | |||
664 665 666 667 668 669 670 |
*/
int
tls1_enc(SSL *s, int send)
{
const SSL_AEAD_CTX *aead;
const EVP_CIPHER *enc;
EVP_CIPHER_CTX *ds;
| | | 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 |
*/
int
tls1_enc(SSL *s, int send)
{
const SSL_AEAD_CTX *aead;
const EVP_CIPHER *enc;
EVP_CIPHER_CTX *ds;
SSL3_RECORD_INTERNAL *rec;
unsigned char *seq;
unsigned long l;
int bs, i, j, k, ret, mac_size = 0;
if (send) {
aead = s->internal->aead_write_ctx;
rec = &S3I(s)->wrec;
|
| ︙ | ︙ | |||
927 928 929 930 931 932 933 |
return TLS1_FINISH_MAC_LENGTH;
}
int
tls1_mac(SSL *ssl, unsigned char *md, int send)
{
| | | 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 |
return TLS1_FINISH_MAC_LENGTH;
}
int
tls1_mac(SSL *ssl, unsigned char *md, int send)
{
SSL3_RECORD_INTERNAL *rec;
unsigned char *seq;
EVP_MD_CTX *hash;
size_t md_size, orig_len;
EVP_MD_CTX hmac, *mac_ctx;
unsigned char header[13];
int stream_mac = (send ?
(ssl->internal->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM) :
|
| ︙ | ︙ | |||
967 968 969 970 971 972 973 | if (SSL_IS_DTLS(ssl)) dtls1_build_sequence_number(header, seq, send ? D1I(ssl)->w_epoch : D1I(ssl)->r_epoch); else memcpy(header, seq, SSL3_SEQUENCE_SIZE); | < | < | 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 | if (SSL_IS_DTLS(ssl)) dtls1_build_sequence_number(header, seq, send ? D1I(ssl)->w_epoch : D1I(ssl)->r_epoch); else memcpy(header, seq, SSL3_SEQUENCE_SIZE); orig_len = rec->length + md_size + rec->padding_length; header[8] = rec->type; header[9] = (unsigned char)(ssl->version >> 8); header[10] = (unsigned char)(ssl->version); header[11] = (rec->length) >> 8; header[12] = (rec->length) & 0xff; |
| ︙ | ︙ |
Changes to jni/libressl/ssl/t1_lib.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: t1_lib.c,v 1.165 2020/03/10 17:02:21 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * |
| ︙ | ︙ | |||
122 123 124 125 126 127 128 |
#include "ssl_sigalgs.h"
#include "ssl_tlsext.h"
static int tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket,
SSL_SESSION **psess);
SSL3_ENC_METHOD TLSv1_enc_data = {
| < < < | 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
#include "ssl_sigalgs.h"
#include "ssl_tlsext.h"
static int tls_decrypt_ticket(SSL *s, CBS *session_id, CBS *ticket,
SSL_SESSION **psess);
SSL3_ENC_METHOD TLSv1_enc_data = {
.enc_flags = 0,
};
SSL3_ENC_METHOD TLSv1_1_enc_data = {
.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV,
};
SSL3_ENC_METHOD TLSv1_2_enc_data = {
.enc_flags = SSL_ENC_FLAG_EXPLICIT_IV|SSL_ENC_FLAG_SIGALGS|
SSL_ENC_FLAG_SHA256_PRF|SSL_ENC_FLAG_TLS1_2_CIPHERS,
};
long
tls1_default_timeout(void)
{
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/tls13_buffer.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls13_buffer.c,v 1.3 2020/03/10 17:11:25 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
return 0;
buf->data = data;
buf->capacity = capacity;
return 1;
}
ssize_t
tls13_buffer_extend(struct tls13_buffer *buf, size_t len,
tls13_read_cb read_cb, void *cb_arg)
{
ssize_t ret;
if (len == buf->len)
return buf->len;
if (len < buf->len)
return TLS13_IO_FAILURE;
if (!tls13_buffer_resize(buf, len))
return TLS13_IO_FAILURE;
for (;;) {
if ((ret = read_cb(&buf->data[buf->len],
buf->capacity - buf->len, cb_arg)) <= 0)
return ret;
buf->len += ret;
if (buf->len == buf->capacity)
return buf->len;
}
}
| > > > > > > > > > > > > | 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
return 0;
buf->data = data;
buf->capacity = capacity;
return 1;
}
int
tls13_buffer_set_data(struct tls13_buffer *buf, CBS *data)
{
if (!tls13_buffer_resize(buf, CBS_len(data)))
return 0;
memcpy(buf->data, CBS_data(data), CBS_len(data));
return 1;
}
ssize_t
tls13_buffer_extend(struct tls13_buffer *buf, size_t len,
tls13_read_cb read_cb, void *cb_arg)
{
ssize_t ret;
if (len == buf->len)
return buf->len;
if (len < buf->len)
return TLS13_IO_FAILURE;
if (!tls13_buffer_resize(buf, len))
return TLS13_IO_FAILURE;
for (;;) {
if ((ret = read_cb(&buf->data[buf->len],
buf->capacity - buf->len, cb_arg)) <= 0)
return ret;
if (ret > buf->capacity - buf->len)
return TLS13_IO_FAILURE;
buf->len += ret;
if (buf->len == buf->capacity)
return buf->len;
}
}
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/tls13_client.c.
|
| | < | < < | < < | < < < > > > > > > > > > < < | < | < < < | > > > | < < < < < | | | < < < < < < | < | < < < < < | | < < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | < | | > > | > > > > | < < | > < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
/* $OpenBSD: tls13_client.c,v 1.54 2020/04/28 20:37:22 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "ssl_locl.h"
#include <openssl/ssl3.h>
#include "bytestring.h"
#include "ssl_tlsext.h"
#include "tls13_handshake.h"
#include "tls13_internal.h"
int
tls13_client_init(struct tls13_ctx *ctx)
{
const uint16_t *groups;
size_t groups_len;
SSL *s = ctx->ssl;
if (!ssl_supported_version_range(s, &ctx->hs->min_version,
&ctx->hs->max_version)) {
SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
return 0;
}
s->client_version = s->version = ctx->hs->max_version;
if (!ssl_get_new_session(s, 0)) /* XXX */
return 0;
if (!tls1_transcript_init(s))
return 0;
/* Generate a key share using our preferred group. */
tls1_get_group_list(s, 0, &groups, &groups_len);
if (groups_len < 1)
return 0;
if ((ctx->hs->key_share = tls13_key_share_new(groups[0])) == NULL)
return 0;
if (!tls13_key_share_generate(ctx->hs->key_share))
return 0;
arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
/*
* The legacy session identifier should either be set to an
* unpredictable 32-byte value or zero length... a non-zero length
* legacy session identifier triggers compatibility mode (see RFC 8446
* Appendix D.4). In the pre-TLSv1.3 case a zero length value is used.
*/
if (ctx->hs->max_version >= TLS1_3_VERSION) {
arc4random_buf(ctx->hs->legacy_session_id,
sizeof(ctx->hs->legacy_session_id));
ctx->hs->legacy_session_id_len =
sizeof(ctx->hs->legacy_session_id);
}
return 1;
}
int
tls13_client_connect(struct tls13_ctx *ctx)
{
if (ctx->mode != TLS13_HS_CLIENT)
return TLS13_IO_FAILURE;
return tls13_handshake_perform(ctx);
}
static int
tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb)
{
CBB cipher_suites, compression_methods, session_id;
uint16_t client_version;
SSL *s = ctx->ssl;
/* Legacy client version is capped at TLS 1.2. */
client_version = ctx->hs->max_version;
if (client_version > TLS1_2_VERSION)
client_version = TLS1_2_VERSION;
if (!CBB_add_u16(cbb, client_version))
goto err;
if (!CBB_add_bytes(cbb, s->s3->client_random, SSL3_RANDOM_SIZE))
goto err;
if (!CBB_add_u8_length_prefixed(cbb, &session_id))
goto err;
if (!CBB_add_bytes(&session_id, ctx->hs->legacy_session_id,
ctx->hs->legacy_session_id_len))
goto err;
if (!CBB_add_u16_length_prefixed(cbb, &cipher_suites))
goto err;
if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &cipher_suites)) {
SSLerror(s, SSL_R_NO_CIPHERS_AVAILABLE);
goto err;
}
|
| ︙ | ︙ | |||
171 172 173 174 175 176 177 | return 1; err: return 0; } int | | | > > | | | < < < > | < > | | | | | < > > | 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
return 1;
err:
return 0;
}
int
tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb)
{
if (ctx->hs->min_version < TLS1_2_VERSION)
tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);
/* We may receive a pre-TLSv1.3 alert in response to the client hello. */
tls13_record_layer_allow_legacy_alerts(ctx->rl, 1);
if (!tls13_client_hello_build(ctx, cbb))
return 0;
return 1;
}
int
tls13_client_hello_sent(struct tls13_ctx *ctx)
{
tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION);
tls13_record_layer_allow_ccs(ctx->rl, 1);
tls1_transcript_freeze(ctx->ssl);
return 1;
}
static int
tls13_server_hello_is_legacy(CBS *cbs)
{
CBS extensions_block, extensions, extension_data;
uint16_t selected_version = 0;
uint16_t type;
|
| ︙ | ︙ | |||
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 |
return 1;
if (CBS_len(&extension_data) != 0)
return 1;
}
return (selected_version < TLS1_3_VERSION);
}
static int
tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
{
CBS server_random, session_id;
uint16_t cipher_suite, legacy_version;
uint8_t compression_method;
const SSL_CIPHER *cipher;
SSL *s = ctx->ssl;
| > > > > > > > > > > > > > > > > > > > > < | > > > > > > > | > > > > > > > | > | > | > > > | > > > > > > > > > > > > > > | | | > > > > > | | | < < < < | > | | > < < < | < < < < < | < < < < < < < | < | > | < | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | < < < < | > | < < | > | > > > | > > > > | > > > | > > > > > > | | < < < | | < < | 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 |
return 1;
if (CBS_len(&extension_data) != 0)
return 1;
}
return (selected_version < TLS1_3_VERSION);
}
static int
tls13_server_hello_is_retry(CBS *cbs)
{
CBS server_hello, server_random;
uint16_t legacy_version;
CBS_dup(cbs, &server_hello);
if (!CBS_get_u16(&server_hello, &legacy_version))
return 0;
if (!CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE))
return 0;
/* See if this is a HelloRetryRequest. */
return CBS_mem_equal(&server_random, tls13_hello_retry_request_hash,
sizeof(tls13_hello_retry_request_hash));
}
static int
tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
{
CBS server_random, session_id;
uint16_t tlsext_msg_type = SSL_TLSEXT_MSG_SH;
uint16_t cipher_suite, legacy_version;
uint8_t compression_method;
const SSL_CIPHER *cipher;
int alert_desc;
SSL *s = ctx->ssl;
if (!CBS_get_u16(cbs, &legacy_version))
goto err;
if (!CBS_get_bytes(cbs, &server_random, SSL3_RANDOM_SIZE))
goto err;
if (!CBS_get_u8_length_prefixed(cbs, &session_id))
goto err;
if (!CBS_get_u16(cbs, &cipher_suite))
goto err;
if (!CBS_get_u8(cbs, &compression_method))
goto err;
if (tls13_server_hello_is_legacy(cbs)) {
if (ctx->hs->max_version >= TLS1_3_VERSION) {
/*
* RFC 8446 section 4.1.3, We must not downgrade if
* the server random value contains the TLS 1.2 or 1.1
* magical value.
*/
if (!CBS_skip(&server_random, CBS_len(&server_random) -
sizeof(tls13_downgrade_12)))
goto err;
if (CBS_mem_equal(&server_random, tls13_downgrade_12,
sizeof(tls13_downgrade_12)) ||
CBS_mem_equal(&server_random, tls13_downgrade_11,
sizeof(tls13_downgrade_11))) {
ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
}
if (!CBS_skip(cbs, CBS_len(cbs)))
goto err;
ctx->hs->use_legacy = 1;
return 1;
}
/* From here on in we know we are doing TLSv1.3. */
tls13_record_layer_allow_legacy_alerts(ctx->rl, 0);
/* See if this is a HelloRetryRequest. */
/* XXX - see if we can avoid doing this twice. */
if (CBS_mem_equal(&server_random, tls13_hello_retry_request_hash,
sizeof(tls13_hello_retry_request_hash))) {
tlsext_msg_type = SSL_TLSEXT_MSG_HRR;
ctx->hs->hrr = 1;
}
if (!tlsext_client_parse(s, cbs, &alert_desc, tlsext_msg_type)) {
ctx->alert = alert_desc;
goto err;
}
/*
* See if a supported versions extension was returned. If it was then
* the legacy version must be set to 0x0303 (RFC 8446 section 4.1.3).
* Otherwise, fallback to the legacy version, ensuring that it is both
* within range and not TLS 1.3 or greater (which must use the
* supported version extension.
*/
if (ctx->hs->server_version != 0) {
if (legacy_version != TLS1_2_VERSION) {
ctx->alert = SSL_AD_PROTOCOL_VERSION;
goto err;
}
} else {
if (legacy_version < ctx->hs->min_version ||
legacy_version > ctx->hs->max_version ||
legacy_version > TLS1_2_VERSION) {
ctx->alert = SSL_AD_PROTOCOL_VERSION;
goto err;
}
ctx->hs->server_version = legacy_version;
}
/* The session_id must match. */
if (!CBS_mem_equal(&session_id, ctx->hs->legacy_session_id,
ctx->hs->legacy_session_id_len)) {
ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
/*
* Ensure that the cipher suite is one that we offered in the client
* hello and that it matches the TLS version selected.
*/
cipher = ssl3_get_cipher_by_value(cipher_suite);
if (cipher == NULL ||
sk_SSL_CIPHER_find(ssl_get_ciphers_by_id(s), cipher) < 0) {
ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
if (ctx->hs->server_version == TLS1_3_VERSION &&
cipher->algorithm_ssl != SSL_TLSV1_3) {
ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
/* XXX - move this to hs_tls13? */
S3I(s)->hs.new_cipher = cipher;
if (compression_method != 0) {
ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}
return 1;
err:
if (ctx->alert == 0)
ctx->alert = TLS1_AD_DECODE_ERROR;
return 0;
}
static int
tls13_client_engage_record_protection(struct tls13_ctx *ctx)
{
struct tls13_secrets *secrets;
struct tls13_secret context;
unsigned char buf[EVP_MAX_MD_SIZE];
uint8_t *shared_key = NULL;
size_t shared_key_len = 0;
size_t hash_len;
SSL *s = ctx->ssl;
int ret = 0;
/* Derive the shared key and engage record protection. */
if (!tls13_key_share_derive(ctx->hs->key_share, &shared_key,
&shared_key_len))
goto err;
s->session->cipher = S3I(s)->hs.new_cipher;
s->session->ssl_version = ctx->hs->server_version;
if ((ctx->aead = tls13_cipher_aead(S3I(s)->hs.new_cipher)) == NULL)
goto err;
if ((ctx->hash = tls13_cipher_hash(S3I(s)->hs.new_cipher)) == NULL)
goto err;
if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL)
goto err;
ctx->hs->secrets = secrets;
/* XXX - pass in hash. */
if (!tls1_transcript_hash_init(s))
goto err;
tls1_transcript_free(s);
if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
goto err;
context.data = buf;
context.len = hash_len;
/* Early secrets. */
if (!tls13_derive_early_secrets(secrets, secrets->zeros.data,
secrets->zeros.len, &context))
goto err;
/* Handshake secrets. */
if (!tls13_derive_handshake_secrets(ctx->hs->secrets, shared_key,
shared_key_len, &context))
goto err;
tls13_record_layer_set_aead(ctx->rl, ctx->aead);
tls13_record_layer_set_hash(ctx->rl, ctx->hash);
if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
&secrets->server_handshake_traffic))
goto err;
if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
&secrets->client_handshake_traffic))
goto err;
ret = 1;
err:
freezero(shared_key, shared_key_len);
return ret;
}
int
tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs)
{
/*
* The state machine has no way of knowing if we're going to receive a
* HelloRetryRequest or a ServerHello. As such, we have to handle
* this case here and hand off to the appropriate function.
*/
if (!tls13_server_hello_is_retry(cbs)) {
ctx->handshake_stage.hs_type |= WITHOUT_HRR;
return tls13_server_hello_recv(ctx, cbs);
}
if (!tls13_server_hello_process(ctx, cbs))
return 0;
/*
* This may have been a TLSv1.2 or earlier ServerHello that just happened
* to have matching server random...
*/
if (ctx->hs->use_legacy)
return tls13_use_legacy_client(ctx);
if (!ctx->hs->hrr)
return 0;
if (!tls13_synthetic_handshake_message(ctx))
return 0;
if (!tls13_handshake_msg_record(ctx))
return 0;
ctx->hs->hrr = 0;
return 1;
}
int
tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
{
/*
* Ensure that the server supported group is one that we listed in our
* supported groups and is not the same as the key share we previously
* offered.
*/
if (!tls1_check_curve(ctx->ssl, ctx->hs->server_group))
return 0; /* XXX alert */
if (ctx->hs->server_group == tls13_key_share_group(ctx->hs->key_share))
return 0; /* XXX alert */
/* Switch to new key share. */
tls13_key_share_free(ctx->hs->key_share);
if ((ctx->hs->key_share =
tls13_key_share_new(ctx->hs->server_group)) == NULL)
return 0;
if (!tls13_key_share_generate(ctx->hs->key_share))
return 0;
if (!tls13_client_hello_build(ctx, cbb))
return 0;
return 1;
}
int
tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
{
SSL *s = ctx->ssl;
/*
* We may have received a legacy (pre-TLSv1.3) ServerHello or a TLSv1.3
* ServerHello. HelloRetryRequests have already been handled.
*/
if (!tls13_server_hello_process(ctx, cbs))
return 0;
if (ctx->handshake_stage.hs_type & WITHOUT_HRR) {
tls1_transcript_unfreeze(s);
if (!tls13_handshake_msg_record(ctx))
return 0;
}
if (ctx->hs->use_legacy) {
if (!(ctx->handshake_stage.hs_type & WITHOUT_HRR))
return 0;
return tls13_use_legacy_client(ctx);
}
if (ctx->hs->hrr) {
/* The server has sent two HelloRetryRequests. */
ctx->alert = SSL_AD_ILLEGAL_PARAMETER;
return 0;
}
if (!tls13_client_engage_record_protection(ctx))
return 0;
ctx->handshake_stage.hs_type |= NEGOTIATED;
return 1;
}
int
tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs)
{
int alert_desc;
if (!tlsext_client_parse(ctx->ssl, cbs, &alert_desc, SSL_TLSEXT_MSG_EE)) {
ctx->alert = alert_desc;
goto err;
}
return 1;
err:
if (ctx->alert == 0)
ctx->alert = TLS1_AD_DECODE_ERROR;
return 0;
}
int
tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs)
{
CBS cert_request_context;
int alert_desc;
/*
* Thanks to poor state design in the RFC, this function can be called
* when we actually have a certificate message instead of a certificate
* request... in that case we call the certificate handler after
* switching state, to avoid advancing state.
*/
if (tls13_handshake_msg_type(ctx->hs_msg) == TLS13_MT_CERTIFICATE) {
ctx->handshake_stage.hs_type |= WITHOUT_CR;
return tls13_server_certificate_recv(ctx, cbs);
}
if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context))
goto err;
if (CBS_len(&cert_request_context) != 0)
goto err;
if (!tlsext_client_parse(ctx->ssl, cbs, &alert_desc, SSL_TLSEXT_MSG_CR)) {
ctx->alert = alert_desc;
goto err;
}
return 1;
err:
if (ctx->alert == 0)
ctx->alert = TLS1_AD_DECODE_ERROR;
return 0;
}
int
tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
{
CBS cert_request_context, cert_list, cert_data, cert_exts;
struct stack_st_X509 *certs = NULL;
SSL *s = ctx->ssl;
X509 *cert = NULL;
EVP_PKEY *pkey;
const uint8_t *p;
int cert_idx;
int ret = 0;
if ((certs = sk_X509_new_null()) == NULL)
goto err;
if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context))
goto err;
if (CBS_len(&cert_request_context) != 0)
goto err;
if (!CBS_get_u24_length_prefixed(cbs, &cert_list))
goto err;
while (CBS_len(&cert_list) > 0) {
if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
goto err;
if (!CBS_get_u16_length_prefixed(&cert_list, &cert_exts))
goto err;
|
| ︙ | ︙ | |||
488 489 490 491 492 493 494 |
/*
* At this stage we still have no proof of possession. As such, it would
* be preferable to keep the chain and verify once we have successfully
* processed the CertificateVerify message.
*/
if (ssl_verify_cert_chain(s, certs) <= 0 &&
s->verify_mode != SSL_VERIFY_NONE) {
| | > > | 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 |
/*
* At this stage we still have no proof of possession. As such, it would
* be preferable to keep the chain and verify once we have successfully
* processed the CertificateVerify message.
*/
if (ssl_verify_cert_chain(s, certs) <= 0 &&
s->verify_mode != SSL_VERIFY_NONE) {
ctx->alert = ssl_verify_alarm_type(s->verify_result);
tls13_set_errorx(ctx, TLS13_ERR_VERIFY_FAILED, 0,
"failed to verify peer certificate", NULL);
goto err;
}
ERR_clear_error();
cert = sk_X509_value(certs, 0);
X509_up_ref(cert);
|
| ︙ | ︙ | |||
529 530 531 532 533 534 535 | err: sk_X509_pop_free(certs, X509_free); X509_free(cert); return ret; } | < < < < < < < < < < < < < < < < | | < < < | | < < | > | | | 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 |
err:
sk_X509_pop_free(certs, X509_free);
X509_free(cert);
return ret;
}
int
tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
{
const struct ssl_sigalg *sigalg;
uint16_t signature_scheme;
uint8_t *sig_content = NULL;
size_t sig_content_len;
EVP_MD_CTX *mdctx = NULL;
EVP_PKEY_CTX *pctx;
EVP_PKEY *pkey;
X509 *cert;
CBS signature;
CBB cbb;
int ret = 0;
memset(&cbb, 0, sizeof(cbb));
if (!CBS_get_u16(cbs, &signature_scheme))
goto err;
if (!CBS_get_u16_length_prefixed(cbs, &signature))
goto err;
if ((sigalg = ssl_sigalg(signature_scheme, tls13_sigalgs,
tls13_sigalgs_len)) == NULL)
goto err;
if (!CBB_init(&cbb, 0))
goto err;
if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad,
sizeof(tls13_cert_verify_pad)))
goto err;
if (!CBB_add_bytes(&cbb, tls13_cert_server_verify_context,
strlen(tls13_cert_server_verify_context)))
goto err;
if (!CBB_add_u8(&cbb, 0))
goto err;
if (!CBB_add_bytes(&cbb, ctx->hs->transcript_hash,
ctx->hs->transcript_hash_len))
goto err;
if (!CBB_finish(&cbb, &sig_content, &sig_content_len))
|
| ︙ | ︙ | |||
611 612 613 614 615 616 617 |
goto err;
if (sigalg->flags & SIGALG_FLAG_RSA_PSS) {
if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING))
goto err;
if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
goto err;
}
| | > > | > > | < < < < | 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 |
goto err;
if (sigalg->flags & SIGALG_FLAG_RSA_PSS) {
if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING))
goto err;
if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
goto err;
}
if (!EVP_DigestVerifyUpdate(mdctx, sig_content, sig_content_len)) {
ctx->alert = TLS1_AD_DECRYPT_ERROR;
goto err;
}
if (EVP_DigestVerifyFinal(mdctx, CBS_data(&signature),
CBS_len(&signature)) <= 0) {
ctx->alert = TLS1_AD_DECRYPT_ERROR;
goto err;
}
ret = 1;
err:
if (!ret && ctx->alert == 0)
ctx->alert = TLS1_AD_DECODE_ERROR;
CBB_cleanup(&cbb);
EVP_MD_CTX_free(mdctx);
free(sig_content);
return ret;
}
int
tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
{
struct tls13_secrets *secrets = ctx->hs->secrets;
struct tls13_secret context = { .data = "", .len = 0 };
struct tls13_secret finished_key;
uint8_t transcript_hash[EVP_MAX_MD_SIZE];
size_t transcript_hash_len;
uint8_t *verify_data = NULL;
size_t verify_data_len;
uint8_t key[EVP_MAX_MD_SIZE];
HMAC_CTX *hmac_ctx = NULL;
unsigned int hlen;
int ret = 0;
/*
* Verify server finished.
*/
finished_key.data = key;
finished_key.len = EVP_MD_size(ctx->hash);
|
| ︙ | ︙ | |||
675 676 677 678 679 680 681 | if ((verify_data = calloc(1, verify_data_len)) == NULL) goto err; if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) goto err; if (hlen != verify_data_len) goto err; | | | > > > | 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 |
if ((verify_data = calloc(1, verify_data_len)) == NULL)
goto err;
if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
goto err;
if (hlen != verify_data_len)
goto err;
if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) {
ctx->alert = TLS1_AD_DECRYPT_ERROR;
goto err;
}
if (!CBS_skip(cbs, verify_data_len))
goto err;
/*
* Derive application traffic keys.
*/
if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash,
sizeof(transcript_hash), &transcript_hash_len))
goto err;
|
| ︙ | ︙ | |||
701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 | * Any records following the server finished message must be encrypted * using the server application traffic keys. */ if (!tls13_record_layer_set_read_traffic_key(ctx->rl, &secrets->server_application_traffic)) goto err; ret = 1; err: HMAC_CTX_free(hmac_ctx); free(verify_data); return ret; } int | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | < | 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 |
* Any records following the server finished message must be encrypted
* using the server application traffic keys.
*/
if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
&secrets->server_application_traffic))
goto err;
tls13_record_layer_allow_ccs(ctx->rl, 0);
ret = 1;
err:
HMAC_CTX_free(hmac_ctx);
free(verify_data);
return ret;
}
int
tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
{
SSL *s = ctx->ssl;
CBB cert_request_context, cert_list;
STACK_OF(X509) *chain;
CERT_PKEY *cpk;
X509 *cert;
int i, ret = 0;
/* XXX - Need to revisit certificate selection. */
cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC];
if ((chain = cpk->chain) == NULL)
chain = s->ctx->extra_certs;
if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context))
goto err;
if (!CBB_add_u24_length_prefixed(cbb, &cert_list))
goto err;
if (cpk->x509 == NULL)
goto done;
if (!tls13_cert_add(&cert_list, cpk->x509))
goto err;
for (i = 0; i < sk_X509_num(chain); i++) {
cert = sk_X509_value(chain, i);
if (!tls13_cert_add(&cert_list, cert))
goto err;
}
ctx->handshake_stage.hs_type |= WITH_CCV;
done:
if (!CBB_flush(cbb))
goto err;
ret = 1;
err:
return ret;
}
int
tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
{
SSL *s = ctx->ssl;
const struct ssl_sigalg *sigalg = NULL;
uint8_t *sig = NULL, *sig_content = NULL;
size_t sig_len, sig_content_len;
EVP_MD_CTX *mdctx = NULL;
EVP_PKEY_CTX *pctx;
EVP_PKEY *pkey;
CERT_PKEY *cpk;
CBB sig_cbb;
int ret = 0;
memset(&sig_cbb, 0, sizeof(sig_cbb));
/* XXX - Need to revisit certificate selection. */
cpk = &s->cert->pkeys[SSL_PKEY_RSA_ENC];
pkey = cpk->privatekey;
if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {
/* XXX - SSL_R_SIGNATURE_ALGORITHMS_ERROR */
goto err;
}
if (!CBB_init(&sig_cbb, 0))
goto err;
if (!CBB_add_bytes(&sig_cbb, tls13_cert_verify_pad,
sizeof(tls13_cert_verify_pad)))
goto err;
if (!CBB_add_bytes(&sig_cbb, tls13_cert_client_verify_context,
strlen(tls13_cert_client_verify_context)))
goto err;
if (!CBB_add_u8(&sig_cbb, 0))
goto err;
if (!CBB_add_bytes(&sig_cbb, ctx->hs->transcript_hash,
ctx->hs->transcript_hash_len))
goto err;
if (!CBB_finish(&sig_cbb, &sig_content, &sig_content_len))
goto err;
if ((mdctx = EVP_MD_CTX_new()) == NULL)
goto err;
if (!EVP_DigestSignInit(mdctx, &pctx, sigalg->md(), NULL, pkey))
goto err;
if (sigalg->flags & SIGALG_FLAG_RSA_PSS) {
if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING))
goto err;
if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
goto err;
}
if (!EVP_DigestSignUpdate(mdctx, sig_content, sig_content_len))
goto err;
if (EVP_DigestSignFinal(mdctx, NULL, &sig_len) <= 0)
goto err;
if ((sig = calloc(1, sig_len)) == NULL)
goto err;
if (EVP_DigestSignFinal(mdctx, sig, &sig_len) <= 0)
goto err;
if (!CBB_add_u16(cbb, sigalg->value))
goto err;
if (!CBB_add_u16_length_prefixed(cbb, &sig_cbb))
goto err;
if (!CBB_add_bytes(&sig_cbb, sig, sig_len))
goto err;
if (!CBB_flush(cbb))
goto err;
ret = 1;
err:
if (!ret && ctx->alert == 0)
ctx->alert = TLS1_AD_INTERNAL_ERROR;
CBB_cleanup(&sig_cbb);
EVP_MD_CTX_free(mdctx);
free(sig_content);
free(sig);
return ret;
}
int
tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb)
{
return 0;
}
int
tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
{
struct tls13_secrets *secrets = ctx->hs->secrets;
struct tls13_secret context = { .data = "", .len = 0 };
struct tls13_secret finished_key;
uint8_t transcript_hash[EVP_MAX_MD_SIZE];
size_t transcript_hash_len;
uint8_t key[EVP_MAX_MD_SIZE];
uint8_t *verify_data;
size_t hmac_len;
unsigned int hlen;
HMAC_CTX *hmac_ctx = NULL;
int ret = 0;
finished_key.data = key;
finished_key.len = EVP_MD_size(ctx->hash);
if (!tls13_hkdf_expand_label(&finished_key, ctx->hash,
&secrets->client_handshake_traffic, "finished",
&context))
|
| ︙ | ︙ | |||
746 747 748 749 750 751 752 | goto err; if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, ctx->hash, NULL)) goto err; if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) goto err; | < < | < < | 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 | goto err; if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len, ctx->hash, NULL)) goto err; if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len)) goto err; hmac_len = HMAC_size(hmac_ctx); if (!CBB_add_space(cbb, &verify_data, hmac_len)) goto err; if (!HMAC_Final(hmac_ctx, verify_data, &hlen)) goto err; if (hlen != hmac_len) goto err; ret = 1; err: HMAC_CTX_free(hmac_ctx); return ret; |
| ︙ | ︙ |
Changes to jni/libressl/ssl/tls13_handshake.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls13_handshake.c,v 1.55 2020/05/02 00:30:55 inoguchi Exp $ */ /* * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. |
| ︙ | ︙ | |||
21 22 23 24 25 26 27 |
#include "ssl_locl.h"
#include "tls13_handshake.h"
#include "tls13_internal.h"
/* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */
struct tls13_handshake_action {
| | | | | > | | | < | | | | | | | | > > > > < < < < < < > | | | > | | | > > | > > > > | < < > > | < < > > | < < > > | < < | | | > > > > > > > > > | > > > | < < < < < < < < | | | | > | > > > > > | > > > | > > | > > > > | | | | < > > > | > | > | < < | > > > > > | > > > > > < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 |
#include "ssl_locl.h"
#include "tls13_handshake.h"
#include "tls13_internal.h"
/* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */
struct tls13_handshake_action {
uint8_t handshake_type;
uint8_t sender;
uint8_t handshake_complete;
uint8_t send_preserve_transcript_hash;
uint8_t recv_preserve_transcript_hash;
int (*send)(struct tls13_ctx *ctx, CBB *cbb);
int (*sent)(struct tls13_ctx *ctx);
int (*recv)(struct tls13_ctx *ctx, CBS *cbs);
};
static const enum tls13_message_type
tls13_handshake_active_state(struct tls13_ctx *ctx);
static const struct tls13_handshake_action *
tls13_handshake_active_action(struct tls13_ctx *ctx);
static int tls13_handshake_advance_state_machine(struct tls13_ctx *ctx);
static int tls13_handshake_send_action(struct tls13_ctx *ctx,
const struct tls13_handshake_action *action);
static int tls13_handshake_recv_action(struct tls13_ctx *ctx,
const struct tls13_handshake_action *action);
static const struct tls13_handshake_action state_machine[] = {
[CLIENT_HELLO] = {
.handshake_type = TLS13_MT_CLIENT_HELLO,
.sender = TLS13_HS_CLIENT,
.send = tls13_client_hello_send,
.sent = tls13_client_hello_sent,
.recv = tls13_client_hello_recv,
},
[CLIENT_HELLO_RETRY] = {
.handshake_type = TLS13_MT_CLIENT_HELLO,
.sender = TLS13_HS_CLIENT,
.send = tls13_client_hello_retry_send,
.recv = tls13_client_hello_retry_recv,
},
[CLIENT_END_OF_EARLY_DATA] = {
.handshake_type = TLS13_MT_END_OF_EARLY_DATA,
.sender = TLS13_HS_CLIENT,
.send = tls13_client_end_of_early_data_send,
.recv = tls13_client_end_of_early_data_recv,
},
[CLIENT_CERTIFICATE] = {
.handshake_type = TLS13_MT_CERTIFICATE,
.sender = TLS13_HS_CLIENT,
.send_preserve_transcript_hash = 1,
.send = tls13_client_certificate_send,
.recv = tls13_client_certificate_recv,
},
[CLIENT_CERTIFICATE_VERIFY] = {
.handshake_type = TLS13_MT_CERTIFICATE_VERIFY,
.sender = TLS13_HS_CLIENT,
.recv_preserve_transcript_hash = 1,
.send = tls13_client_certificate_verify_send,
.recv = tls13_client_certificate_verify_recv,
},
[CLIENT_FINISHED] = {
.handshake_type = TLS13_MT_FINISHED,
.sender = TLS13_HS_CLIENT,
.recv_preserve_transcript_hash = 1,
.send = tls13_client_finished_send,
.sent = tls13_client_finished_sent,
.recv = tls13_client_finished_recv,
},
[SERVER_HELLO] = {
.handshake_type = TLS13_MT_SERVER_HELLO,
.sender = TLS13_HS_SERVER,
.send = tls13_server_hello_send,
.sent = tls13_server_hello_sent,
.recv = tls13_server_hello_recv,
},
[SERVER_HELLO_RETRY_REQUEST] = {
.handshake_type = TLS13_MT_SERVER_HELLO,
.sender = TLS13_HS_SERVER,
.send = tls13_server_hello_retry_request_send,
.recv = tls13_server_hello_retry_request_recv,
},
[SERVER_ENCRYPTED_EXTENSIONS] = {
.handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS,
.sender = TLS13_HS_SERVER,
.send = tls13_server_encrypted_extensions_send,
.recv = tls13_server_encrypted_extensions_recv,
},
[SERVER_CERTIFICATE] = {
.handshake_type = TLS13_MT_CERTIFICATE,
.sender = TLS13_HS_SERVER,
.send_preserve_transcript_hash = 1,
.send = tls13_server_certificate_send,
.recv = tls13_server_certificate_recv,
},
[SERVER_CERTIFICATE_REQUEST] = {
.handshake_type = TLS13_MT_CERTIFICATE_REQUEST,
.sender = TLS13_HS_SERVER,
.send = tls13_server_certificate_request_send,
.recv = tls13_server_certificate_request_recv,
},
[SERVER_CERTIFICATE_VERIFY] = {
.handshake_type = TLS13_MT_CERTIFICATE_VERIFY,
.sender = TLS13_HS_SERVER,
.recv_preserve_transcript_hash = 1,
.send = tls13_server_certificate_verify_send,
.recv = tls13_server_certificate_verify_recv,
},
[SERVER_FINISHED] = {
.handshake_type = TLS13_MT_FINISHED,
.sender = TLS13_HS_SERVER,
.recv_preserve_transcript_hash = 1,
.send_preserve_transcript_hash = 1,
.send = tls13_server_finished_send,
.sent = tls13_server_finished_sent,
.recv = tls13_server_finished_recv,
},
[APPLICATION_DATA] = {
.handshake_complete = 1,
},
};
const enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
[INITIAL] = {
CLIENT_HELLO,
SERVER_HELLO_RETRY_REQUEST,
CLIENT_HELLO_RETRY,
SERVER_HELLO,
},
[NEGOTIATED] = {
CLIENT_HELLO,
SERVER_HELLO_RETRY_REQUEST,
CLIENT_HELLO_RETRY,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_CERTIFICATE_REQUEST,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
CLIENT_CERTIFICATE,
CLIENT_FINISHED,
APPLICATION_DATA,
},
[NEGOTIATED | WITHOUT_HRR] = {
CLIENT_HELLO,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_CERTIFICATE_REQUEST,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
CLIENT_CERTIFICATE,
CLIENT_FINISHED,
APPLICATION_DATA,
},
[NEGOTIATED | WITHOUT_CR] = {
CLIENT_HELLO,
SERVER_HELLO_RETRY_REQUEST,
CLIENT_HELLO_RETRY,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
CLIENT_FINISHED,
APPLICATION_DATA,
},
[NEGOTIATED | WITHOUT_HRR | WITHOUT_CR] = {
CLIENT_HELLO,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
CLIENT_FINISHED,
APPLICATION_DATA,
},
[NEGOTIATED | WITH_PSK] = {
CLIENT_HELLO,
SERVER_HELLO_RETRY_REQUEST,
CLIENT_HELLO_RETRY,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_FINISHED,
CLIENT_FINISHED,
APPLICATION_DATA,
},
[NEGOTIATED | WITHOUT_HRR | WITH_PSK] = {
CLIENT_HELLO,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_FINISHED,
CLIENT_FINISHED,
APPLICATION_DATA,
},
[NEGOTIATED | WITH_CCV] = {
CLIENT_HELLO,
SERVER_HELLO_RETRY_REQUEST,
CLIENT_HELLO_RETRY,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_CERTIFICATE_REQUEST,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
CLIENT_CERTIFICATE,
CLIENT_CERTIFICATE_VERIFY,
CLIENT_FINISHED,
APPLICATION_DATA,
},
[NEGOTIATED | WITHOUT_HRR | WITH_CCV] = {
CLIENT_HELLO,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_CERTIFICATE_REQUEST,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
CLIENT_CERTIFICATE,
CLIENT_CERTIFICATE_VERIFY,
CLIENT_FINISHED,
APPLICATION_DATA,
},
};
const size_t handshake_count = sizeof(handshakes) / sizeof(handshakes[0]);
static const enum tls13_message_type
tls13_handshake_active_state(struct tls13_ctx *ctx)
{
struct tls13_handshake_stage hs = ctx->handshake_stage;
if (hs.hs_type >= handshake_count)
return INVALID;
if (hs.message_number >= TLS13_NUM_MESSAGE_TYPES)
return INVALID;
return handshakes[hs.hs_type][hs.message_number];
}
static const struct tls13_handshake_action *
tls13_handshake_active_action(struct tls13_ctx *ctx)
{
enum tls13_message_type mt = tls13_handshake_active_state(ctx);
if (mt == INVALID)
return NULL;
return &state_machine[mt];
}
static int
tls13_handshake_advance_state_machine(struct tls13_ctx *ctx)
{
if (++ctx->handshake_stage.message_number >= TLS13_NUM_MESSAGE_TYPES)
return 0;
return 1;
}
int
tls13_handshake_msg_record(struct tls13_ctx *ctx)
{
CBS cbs;
tls13_handshake_msg_data(ctx->hs_msg, &cbs);
return tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs));
}
int
tls13_handshake_perform(struct tls13_ctx *ctx)
{
const struct tls13_handshake_action *action;
int ret;
for (;;) {
if ((action = tls13_handshake_active_action(ctx)) == NULL)
return TLS13_IO_FAILURE;
if (action->handshake_complete) {
ctx->handshake_completed = 1;
tls13_record_layer_handshake_completed(ctx->rl);
return TLS13_IO_SUCCESS;
}
if (ctx->alert)
return tls13_send_alert(ctx->rl, ctx->alert);
if (action->sender == ctx->mode) {
if ((ret = tls13_handshake_send_action(ctx, action)) <= 0)
return ret;
} else {
if ((ret = tls13_handshake_recv_action(ctx, action)) <= 0)
return ret;
}
if (!tls13_handshake_advance_state_machine(ctx))
return TLS13_IO_FAILURE;
}
}
static int
tls13_handshake_send_action(struct tls13_ctx *ctx,
const struct tls13_handshake_action *action)
{
ssize_t ret;
CBB cbb;
/* If we have no handshake message, we need to build one. */
if (ctx->hs_msg == NULL) {
if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)
return TLS13_IO_FAILURE;
if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb,
action->handshake_type))
return TLS13_IO_FAILURE;
if (!action->send(ctx, &cbb))
return TLS13_IO_FAILURE;
if (!tls13_handshake_msg_finish(ctx->hs_msg))
return TLS13_IO_FAILURE;
if (ctx->alert)
return tls13_send_alert(ctx->rl, ctx->alert);
}
if ((ret = tls13_handshake_msg_send(ctx->hs_msg, ctx->rl)) <= 0)
return ret;
if (!tls13_handshake_msg_record(ctx))
return TLS13_IO_FAILURE;
if (action->send_preserve_transcript_hash) {
if (!tls1_transcript_hash_value(ctx->ssl,
ctx->hs->transcript_hash, sizeof(ctx->hs->transcript_hash),
&ctx->hs->transcript_hash_len))
return TLS13_IO_FAILURE;
}
if (ctx->handshake_message_sent_cb != NULL)
ctx->handshake_message_sent_cb(ctx);
tls13_handshake_msg_free(ctx->hs_msg);
ctx->hs_msg = NULL;
if (action->sent != NULL && !action->sent(ctx))
return TLS13_IO_FAILURE;
return TLS13_IO_SUCCESS;
}
static int
tls13_handshake_recv_action(struct tls13_ctx *ctx,
const struct tls13_handshake_action *action)
{
uint8_t msg_type;
ssize_t ret;
CBS cbs;
if (ctx->hs_msg == NULL) {
if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)
return TLS13_IO_FAILURE;
}
if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) <= 0)
return ret;
if (action->recv_preserve_transcript_hash) {
if (!tls1_transcript_hash_value(ctx->ssl,
ctx->hs->transcript_hash, sizeof(ctx->hs->transcript_hash),
&ctx->hs->transcript_hash_len))
return TLS13_IO_FAILURE;
}
if (!tls13_handshake_msg_record(ctx))
return TLS13_IO_FAILURE;
if (ctx->handshake_message_recv_cb != NULL)
ctx->handshake_message_recv_cb(ctx);
/*
* In TLSv1.3 there is no way to know if you're going to receive a
* certificate request message or not, hence we have to special case it
* here. The receive handler also knows how to deal with this situation.
*/
msg_type = tls13_handshake_msg_type(ctx->hs_msg);
if (msg_type != action->handshake_type &&
(msg_type != TLS13_MT_CERTIFICATE ||
action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST))
return tls13_send_alert(ctx->rl, SSL_AD_UNEXPECTED_MESSAGE);
if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
return TLS13_IO_FAILURE;
ret = TLS13_IO_FAILURE;
if (action->recv(ctx, &cbs)) {
if (CBS_len(&cbs) != 0) {
tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,
"trailing data in handshake message", NULL);
ctx->alert = SSL_AD_DECODE_ERROR;
} else {
ret = TLS13_IO_SUCCESS;
}
}
if (ctx->alert)
ret = tls13_send_alert(ctx->rl, ctx->alert);
tls13_handshake_msg_free(ctx->hs_msg);
ctx->hs_msg = NULL;
if (ctx->ssl->method->internal->version < TLS1_3_VERSION)
return TLS13_IO_USE_LEGACY;
return ret;
}
|
Changes to jni/libressl/ssl/tls13_handshake.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls13_handshake.h,v 1.5 2020/04/22 17:05:07 jsing Exp $ */ /* * Copyright (c) 2019 Theo Buehler <tb@openbsd.org> * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
20 21 22 23 24 25 26 | #include <stddef.h> /* for NULL */ __BEGIN_HIDDEN_DECLS #define INITIAL 0x00 #define NEGOTIATED 0x01 | | | | < < | 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
#include <stddef.h> /* for NULL */
__BEGIN_HIDDEN_DECLS
#define INITIAL 0x00
#define NEGOTIATED 0x01
#define WITHOUT_HRR 0x02
#define WITHOUT_CR 0x04
#define WITH_PSK 0x08
#define WITH_CCV 0x10
#define WITH_0RTT 0x20
enum tls13_message_type {
INVALID,
CLIENT_HELLO,
SERVER_HELLO_RETRY_REQUEST,
CLIENT_HELLO_RETRY,
SERVER_HELLO,
SERVER_ENCRYPTED_EXTENSIONS,
SERVER_CERTIFICATE_REQUEST,
SERVER_CERTIFICATE,
SERVER_CERTIFICATE_VERIFY,
SERVER_FINISHED,
CLIENT_END_OF_EARLY_DATA,
CLIENT_CERTIFICATE,
CLIENT_CERTIFICATE_VERIFY,
CLIENT_FINISHED,
APPLICATION_DATA,
TLS13_NUM_MESSAGE_TYPES,
};
__END_HIDDEN_DECLS
#endif /* !HEADER_TLS13_HANDSHAKE_H */
|
Changes to jni/libressl/ssl/tls13_handshake_msg.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls13_handshake_msg.c,v 1.2 2019/11/20 16:21:20 beck Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
}
void
tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs)
{
CBS_init(cbs, msg->data, msg->data_len);
}
uint8_t
tls13_handshake_msg_type(struct tls13_handshake_msg *msg)
{
return msg->msg_type;
}
| > > > > > > | 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
}
void
tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs)
{
CBS_init(cbs, msg->data, msg->data_len);
}
int
tls13_handshake_msg_set_buffer(struct tls13_handshake_msg *msg, CBS *cbs)
{
return tls13_buffer_set_data(msg->buf, cbs);
}
uint8_t
tls13_handshake_msg_type(struct tls13_handshake_msg *msg)
{
return msg->msg_type;
}
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/tls13_internal.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls13_internal.h,v 1.67 2020/04/28 20:37:22 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above |
| ︙ | ︙ | |||
29 30 31 32 33 34 35 | #define TLS13_HS_CLIENT 1 #define TLS13_HS_SERVER 2 #define TLS13_IO_SUCCESS 1 #define TLS13_IO_EOF 0 #define TLS13_IO_FAILURE -1 | > | | > | > > > > > > | > > > > > > > > | 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
#define TLS13_HS_CLIENT 1
#define TLS13_HS_SERVER 2
#define TLS13_IO_SUCCESS 1
#define TLS13_IO_EOF 0
#define TLS13_IO_FAILURE -1
#define TLS13_IO_ALERT -2
#define TLS13_IO_WANT_POLLIN -3
#define TLS13_IO_WANT_POLLOUT -4
#define TLS13_IO_WANT_RETRY -5 /* Retry the previous call immediately. */
#define TLS13_IO_USE_LEGACY -6
#define TLS13_ERR_VERIFY_FAILED 16
#define TLS13_ERR_HRR_FAILED 17
#define TLS13_ERR_TRAILING_DATA 18
#define TLS13_ERR_NO_SHARED_CIPHER 19
typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs);
typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
void *_cb_arg);
typedef void (*tls13_handshake_message_cb)(void *_cb_arg);
/*
* Buffers.
*/
struct tls13_buffer;
struct tls13_buffer *tls13_buffer_new(size_t init_size);
int tls13_buffer_set_data(struct tls13_buffer *buf, CBS *data);
void tls13_buffer_free(struct tls13_buffer *buf);
ssize_t tls13_buffer_extend(struct tls13_buffer *buf, size_t len,
tls13_read_cb read_cb, void *cb_arg);
void tls13_buffer_cbs(struct tls13_buffer *buf, CBS *cbs);
int tls13_buffer_finish(struct tls13_buffer *buf, uint8_t **out,
size_t *out_len);
/*
* Secrets.
*/
struct tls13_secret {
uint8_t *data;
size_t len;
};
/* RFC 8446 Section 7.1 Page 92 */
struct tls13_secrets {
|
| ︙ | ︙ | |||
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk,
size_t psk_len, const struct tls13_secret *context);
int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
const uint8_t *ecdhe, size_t ecdhe_len, const struct tls13_secret *context);
int tls13_derive_application_secrets(struct tls13_secrets *secrets,
const struct tls13_secret *context);
/*
* Record Layer.
*/
struct tls13_record_layer;
struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read,
tls13_write_cb wire_write, tls13_alert_cb alert_cb,
| > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 |
int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk,
size_t psk_len, const struct tls13_secret *context);
int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
const uint8_t *ecdhe, size_t ecdhe_len, const struct tls13_secret *context);
int tls13_derive_application_secrets(struct tls13_secrets *secrets,
const struct tls13_secret *context);
int tls13_update_client_traffic_secret(struct tls13_secrets *secrets);
int tls13_update_server_traffic_secret(struct tls13_secrets *secrets);
/*
* Key shares.
*/
struct tls13_key_share;
struct tls13_key_share *tls13_key_share_new(uint16_t group_id);
struct tls13_key_share *tls13_key_share_new_nid(int nid);
void tls13_key_share_free(struct tls13_key_share *ks);
uint16_t tls13_key_share_group(struct tls13_key_share *ks);
int tls13_key_share_peer_pkey(struct tls13_key_share *ks, EVP_PKEY *pkey);
int tls13_key_share_generate(struct tls13_key_share *ks);
int tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb);
int tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group,
CBS *cbs);
int tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key,
size_t *shared_key_len);
/*
* Record Layer.
*/
struct tls13_record_layer;
struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read,
tls13_write_cb wire_write, tls13_alert_cb alert_cb,
tls13_phh_recv_cb phh_recv_cb,
tls13_phh_sent_cb phh_sent_cb, void *cb_arg);
void tls13_record_layer_free(struct tls13_record_layer *rl);
void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow);
void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow);
void tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs);
void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
const EVP_AEAD *aead);
void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
const EVP_MD *hash);
void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl,
uint16_t version);
void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
struct tls13_secret *read_key);
int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
struct tls13_secret *write_key);
ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl);
ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs);
ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
size_t n);
ssize_t tls13_pending_application_data(struct tls13_record_layer *rl);
ssize_t tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
size_t n);
ssize_t tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc);
/*
* Handshake Messages.
*/
struct tls13_handshake_msg;
struct tls13_handshake_msg *tls13_handshake_msg_new(void);
void tls13_handshake_msg_free(struct tls13_handshake_msg *msg);
void tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs);
int tls13_handshake_msg_set_buffer(struct tls13_handshake_msg *msg, CBS *cbs);
uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg);
int tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs);
int tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body,
uint8_t msg_type);
int tls13_handshake_msg_finish(struct tls13_handshake_msg *msg);
int tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
struct tls13_record_layer *rl);
int tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
struct tls13_record_layer *rl);
struct tls13_handshake_stage {
uint8_t hs_type;
uint8_t message_number;
};
struct ssl_handshake_tls13_st;
struct tls13_error {
int code;
int subcode;
int errnum;
const char *file;
int line;
char *msg;
};
struct tls13_ctx {
struct tls13_error error;
SSL *ssl;
struct ssl_handshake_tls13_st *hs;
uint8_t mode;
struct tls13_handshake_stage handshake_stage;
int handshake_completed;
int close_notify_sent;
int close_notify_recv;
const EVP_AEAD *aead;
const EVP_MD *hash;
struct tls13_record_layer *rl;
struct tls13_handshake_msg *hs_msg;
uint8_t key_update_request;
uint8_t alert;
int phh_count;
time_t phh_last_seen;
tls13_handshake_message_cb handshake_message_sent_cb;
tls13_handshake_message_cb handshake_message_recv_cb;
};
#ifndef TLS13_PHH_LIMIT_TIME
#define TLS13_PHH_LIMIT_TIME 3600
#endif
#ifndef TLS13_PHH_LIMIT
#define TLS13_PHH_LIMIT 100
#endif
struct tls13_ctx *tls13_ctx_new(int mode);
void tls13_ctx_free(struct tls13_ctx *ctx);
const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher);
const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
/*
* Legacy interfaces.
*/
int tls13_use_legacy_client(struct tls13_ctx *ctx);
int tls13_use_legacy_server(struct tls13_ctx *ctx);
int tls13_legacy_accept(SSL *ssl);
int tls13_legacy_connect(SSL *ssl);
int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);
int tls13_legacy_pending(const SSL *ssl);
int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len,
int peek);
int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len);
int tls13_legacy_shutdown(SSL *ssl);
/*
* Message Types - RFC 8446, Section B.3.
*
* Values listed as "_RESERVED" were used in previous versions of TLS and are
* listed here for completeness. TLS 1.3 implementations MUST NOT send them but
* might receive them from older TLS implementations.
|
| ︙ | ︙ | |||
206 207 208 209 210 211 212 213 214 | #define TLS13_MT_FINISHED 20 #define TLS13_MT_CERTIFICATE_URL_RESERVED 21 #define TLS13_MT_CERTIFICATE_STATUS_RESERVED 22 #define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED 23 #define TLS13_MT_KEY_UPDATE 24 #define TLS13_MT_MESSAGE_HASH 254 int tls13_handshake_perform(struct tls13_ctx *ctx); | > > > > > > | > | | | | | | | | | | | < < | | > | | | | | | | | | | | | > > > > > > > > > > > > > > > > > > > > > > > > > | 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 |
#define TLS13_MT_FINISHED 20
#define TLS13_MT_CERTIFICATE_URL_RESERVED 21
#define TLS13_MT_CERTIFICATE_STATUS_RESERVED 22
#define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED 23
#define TLS13_MT_KEY_UPDATE 24
#define TLS13_MT_MESSAGE_HASH 254
int tls13_handshake_msg_record(struct tls13_ctx *ctx);
int tls13_handshake_perform(struct tls13_ctx *ctx);
int tls13_client_init(struct tls13_ctx *ctx);
int tls13_server_init(struct tls13_ctx *ctx);
int tls13_client_connect(struct tls13_ctx *ctx);
int tls13_server_accept(struct tls13_ctx *ctx);
int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_client_hello_sent(struct tls13_ctx *ctx);
int tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_client_finished_sent(struct tls13_ctx *ctx);
int tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_server_hello_sent(struct tls13_ctx *ctx);
int tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb);
int tls13_server_finished_sent(struct tls13_ctx *ctx);
void tls13_error_clear(struct tls13_error *error);
int tls13_cert_add(CBB *cbb, X509 *cert);
int tls13_synthetic_handshake_message(struct tls13_ctx *ctx);
int tls13_error_set(struct tls13_error *error, int code, int subcode,
const char *file, int line, const char *fmt, ...);
int tls13_error_setx(struct tls13_error *error, int code, int subcode,
const char *file, int line, const char *fmt, ...);
#define tls13_set_error(ctx, code, subcode, fmt, ...) \
tls13_error_set(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \
(fmt), __VA_ARGS__)
#define tls13_set_errorx(ctx, code, subcode, fmt, ...) \
tls13_error_setx(&(ctx)->error, (code), (subcode), __FILE__, __LINE__, \
(fmt), __VA_ARGS__)
extern const uint8_t tls13_downgrade_12[8];
extern const uint8_t tls13_downgrade_11[8];
extern const uint8_t tls13_hello_retry_request_hash[32];
extern const uint8_t tls13_cert_verify_pad[64];
extern const uint8_t tls13_cert_client_verify_context[];
extern const uint8_t tls13_cert_server_verify_context[];
__END_HIDDEN_DECLS
#endif
|
Changes to jni/libressl/ssl/tls13_key_schedule.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls13_key_schedule.c,v 1.8 2019/11/17 21:01:08 beck Exp $ */ /* Copyright (c) 2018, Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| ︙ | ︙ | |||
350 351 352 353 354 355 356 357 358 359 360 361 362 |
return 1;
}
int
tls13_update_client_traffic_secret(struct tls13_secrets *secrets)
{
if (!secrets->init_done || !secrets->early_done ||
!secrets->handshake_done || !secrets->schedule_done)
return 0;
return tls13_hkdf_expand_label(&secrets->client_application_traffic,
secrets->digest, &secrets->client_application_traffic,
| > > | > > | | 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 |
return 1;
}
int
tls13_update_client_traffic_secret(struct tls13_secrets *secrets)
{
struct tls13_secret context = { .data = "", .len = 0 };
if (!secrets->init_done || !secrets->early_done ||
!secrets->handshake_done || !secrets->schedule_done)
return 0;
return tls13_hkdf_expand_label(&secrets->client_application_traffic,
secrets->digest, &secrets->client_application_traffic,
"traffic upd", &context);
}
int
tls13_update_server_traffic_secret(struct tls13_secrets *secrets)
{
struct tls13_secret context = { .data = "", .len = 0 };
if (!secrets->init_done || !secrets->early_done ||
!secrets->handshake_done || !secrets->schedule_done)
return 0;
return tls13_hkdf_expand_label(&secrets->server_application_traffic,
secrets->digest, &secrets->server_application_traffic,
"traffic upd", &context);
}
|
Changes to jni/libressl/ssl/tls13_lib.c.
|
| | > < > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
/* $OpenBSD: tls13_lib.c,v 1.36 2020/04/28 20:30:41 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stddef.h>
#include <openssl/evp.h>
#include "ssl_locl.h"
#include "tls13_internal.h"
/*
* Downgrade sentinels - RFC 8446 section 4.1.3, magic values which must be set
* by the server in server random if it is willing to downgrade but supports
* TLSv1.3
*/
const uint8_t tls13_downgrade_12[8] = {
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01,
};
const uint8_t tls13_downgrade_11[8] = {
0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00,
};
/*
* HelloRetryRequest hash - RFC 8446 section 4.1.3.
*/
const uint8_t tls13_hello_retry_request_hash[32] = {
0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11,
0xbe, 0x1d, 0x8c, 0x02, 0x1e, 0x65, 0xb8, 0x91,
0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e,
0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c,
};
/*
* Certificate Verify padding - RFC 8446 section 4.4.3.
*/
const uint8_t tls13_cert_verify_pad[64] = {
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
};
const uint8_t tls13_cert_client_verify_context[] =
"TLS 1.3, client CertificateVerify";
const uint8_t tls13_cert_server_verify_context[] =
"TLS 1.3, server CertificateVerify";
const EVP_AEAD *
tls13_cipher_aead(const SSL_CIPHER *cipher)
{
if (cipher == NULL)
return NULL;
if (cipher->algorithm_ssl != SSL_TLSV1_3)
return NULL;
|
| ︙ | ︙ | |||
64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
static void
tls13_alert_received_cb(uint8_t alert_desc, void *arg)
{
struct tls13_ctx *ctx = arg;
SSL *s = ctx->ssl;
if (alert_desc == SSL_AD_CLOSE_NOTIFY) {
ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
S3I(ctx->ssl)->warn_alert = alert_desc;
return;
}
if (alert_desc == SSL_AD_USER_CANCELLED) {
/*
| > | 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
static void
tls13_alert_received_cb(uint8_t alert_desc, void *arg)
{
struct tls13_ctx *ctx = arg;
SSL *s = ctx->ssl;
if (alert_desc == SSL_AD_CLOSE_NOTIFY) {
ctx->close_notify_recv = 1;
ctx->ssl->internal->shutdown |= SSL_RECEIVED_SHUTDOWN;
S3I(ctx->ssl)->warn_alert = alert_desc;
return;
}
if (alert_desc == SSL_AD_USER_CANCELLED) {
/*
|
| ︙ | ︙ | |||
85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
S3I(ctx->ssl)->fatal_alert = alert_desc;
SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc);
ERR_asprintf_error_data("SSL alert number %d", alert_desc);
SSL_CTX_remove_session(s->ctx, s->session);
}
struct tls13_ctx *
tls13_ctx_new(int mode)
{
struct tls13_ctx *ctx = NULL;
if ((ctx = calloc(sizeof(struct tls13_ctx), 1)) == NULL)
goto err;
ctx->mode = mode;
if ((ctx->rl = tls13_record_layer_new(tls13_legacy_wire_read_cb,
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | | > > > > > < < < | | < < < < | < | < < < < < < < | < < | < < > | | | < < < < < | < | < < < | | < < | | | < | < < < < < < < | < < < | | < < < < < < | | < < < < | < < < | < | < < | | < < < < < | < | < < < < < < < | < < < | < < < < < | < < < < < | | < | < < | < < | | | | < < | < < < | > | < < | < > < < | < < < | | < < > | | < < | | | < < < < < < < < | < < < < < < < < | < < < < | < < < < < < < < < | 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 |
S3I(ctx->ssl)->fatal_alert = alert_desc;
SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc);
ERR_asprintf_error_data("SSL alert number %d", alert_desc);
SSL_CTX_remove_session(s->ctx, s->session);
}
static void
tls13_legacy_handshake_message_recv_cb(void *arg)
{
struct tls13_ctx *ctx = arg;
SSL *s = ctx->ssl;
CBS cbs;
if (s->internal->msg_callback == NULL)
return;
tls13_handshake_msg_data(ctx->hs_msg, &cbs);
s->internal->msg_callback(0, TLS1_3_VERSION, SSL3_RT_HANDSHAKE,
CBS_data(&cbs), CBS_len(&cbs), s, s->internal->msg_callback_arg);
}
static void
tls13_legacy_handshake_message_sent_cb(void *arg)
{
struct tls13_ctx *ctx = arg;
SSL *s = ctx->ssl;
CBS cbs;
if (s->internal->msg_callback == NULL)
return;
tls13_handshake_msg_data(ctx->hs_msg, &cbs);
s->internal->msg_callback(1, TLS1_3_VERSION, SSL3_RT_HANDSHAKE,
CBS_data(&cbs), CBS_len(&cbs), s, s->internal->msg_callback_arg);
}
static int
tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)
{
struct tls13_secrets *secrets = ctx->hs->secrets;
if (ctx->mode == TLS13_HS_CLIENT)
return (tls13_update_client_traffic_secret(secrets) &&
tls13_record_layer_set_write_traffic_key(ctx->rl,
&secrets->client_application_traffic));
return (tls13_update_server_traffic_secret(secrets) &&
tls13_record_layer_set_read_traffic_key(ctx->rl,
&secrets->server_application_traffic));
}
static int
tls13_phh_update_peer_traffic_secret(struct tls13_ctx *ctx)
{
struct tls13_secrets *secrets = ctx->hs->secrets;
if (ctx->mode == TLS13_HS_CLIENT)
return (tls13_update_server_traffic_secret(secrets) &&
tls13_record_layer_set_read_traffic_key(ctx->rl,
&secrets->server_application_traffic));
return (tls13_update_client_traffic_secret(secrets) &&
tls13_record_layer_set_write_traffic_key(ctx->rl,
&secrets->client_application_traffic));
}
/*
* XXX arbitrarily chosen limit of 100 post handshake handshake
* messages in an hour - to avoid a hostile peer from constantly
* requesting certificates or key renegotiaitons, etc.
*/
static int
tls13_phh_limit_check(struct tls13_ctx *ctx)
{
time_t now = time(NULL);
if (ctx->phh_last_seen > now - TLS13_PHH_LIMIT_TIME) {
if (ctx->phh_count > TLS13_PHH_LIMIT)
return 0;
} else
ctx->phh_count = 0;
ctx->phh_count++;
ctx->phh_last_seen = now;
return 1;
}
static ssize_t
tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
{
ssize_t ret = TLS13_IO_FAILURE;
if (!CBS_get_u8(cbs, &ctx->key_update_request))
goto err;
if (CBS_len(cbs) != 0)
goto err;
if (!tls13_phh_update_peer_traffic_secret(ctx))
goto err;
if (ctx->key_update_request) {
CBB cbb;
CBS cbs; /* XXX */
free(ctx->hs_msg);
ctx->hs_msg = tls13_handshake_msg_new();
if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb, TLS13_MT_KEY_UPDATE))
goto err;
if (!CBB_add_u8(&cbb, 0))
goto err;
if (!tls13_handshake_msg_finish(ctx->hs_msg))
goto err;
tls13_handshake_msg_data(ctx->hs_msg, &cbs);
ret = tls13_record_layer_phh(ctx->rl, &cbs);
tls13_handshake_msg_free(ctx->hs_msg);
ctx->hs_msg = NULL;
} else
ret = TLS13_IO_SUCCESS;
return ret;
err:
ctx->key_update_request = 0;
/* XXX alert */
return TLS13_IO_FAILURE;
}
static void
tls13_phh_done_cb(void *cb_arg)
{
struct tls13_ctx *ctx = cb_arg;
if (ctx->key_update_request) {
tls13_phh_update_local_traffic_secret(ctx);
ctx->key_update_request = 0;
}
}
static ssize_t
tls13_phh_received_cb(void *cb_arg, CBS *cbs)
{
ssize_t ret = TLS13_IO_FAILURE;
struct tls13_ctx *ctx = cb_arg;
CBS phh_cbs;
if (!tls13_phh_limit_check(ctx))
return tls13_send_alert(ctx->rl, SSL3_AD_UNEXPECTED_MESSAGE);
if ((ctx->hs_msg == NULL) &&
((ctx->hs_msg = tls13_handshake_msg_new()) == NULL))
return TLS13_IO_FAILURE;
if (!tls13_handshake_msg_set_buffer(ctx->hs_msg, cbs))
return TLS13_IO_FAILURE;
if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl))
!= TLS13_IO_SUCCESS)
return ret;
if (!tls13_handshake_msg_content(ctx->hs_msg, &phh_cbs))
return TLS13_IO_FAILURE;
switch(tls13_handshake_msg_type(ctx->hs_msg)) {
case TLS13_MT_KEY_UPDATE:
ret = tls13_key_update_recv(ctx, &phh_cbs);
break;
case TLS13_MT_NEW_SESSION_TICKET:
/* XXX do nothing for now and ignore this */
break;
case TLS13_MT_CERTIFICATE_REQUEST:
/* XXX add support if we choose to advertise this */
/* FALLTHROUGH */
default:
ret = TLS13_IO_FAILURE; /* XXX send alert */
break;
}
tls13_handshake_msg_free(ctx->hs_msg);
ctx->hs_msg = NULL;
return ret;
}
struct tls13_ctx *
tls13_ctx_new(int mode)
{
struct tls13_ctx *ctx = NULL;
if ((ctx = calloc(sizeof(struct tls13_ctx), 1)) == NULL)
goto err;
ctx->mode = mode;
if ((ctx->rl = tls13_record_layer_new(tls13_legacy_wire_read_cb,
tls13_legacy_wire_write_cb, tls13_alert_received_cb,
tls13_phh_received_cb, tls13_phh_done_cb, ctx)) == NULL)
goto err;
ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
return ctx;
err:
tls13_ctx_free(ctx);
return NULL;
}
void
tls13_ctx_free(struct tls13_ctx *ctx)
{
if (ctx == NULL)
return;
tls13_error_clear(&ctx->error);
tls13_record_layer_free(ctx->rl);
tls13_handshake_msg_free(ctx->hs_msg);
freezero(ctx, sizeof(struct tls13_ctx));
}
int
tls13_cert_add(CBB *cbb, X509 *cert)
{
CBB cert_data, cert_exts;
uint8_t *data;
int cert_len;
if ((cert_len = i2d_X509(cert, NULL)) < 0)
return 0;
if (!CBB_add_u24_length_prefixed(cbb, &cert_data))
return 0;
if (!CBB_add_space(&cert_data, &data, cert_len))
return 0;
if (i2d_X509(cert, &data) != cert_len)
return 0;
if (!CBB_add_u16_length_prefixed(cbb, &cert_exts))
return 0;
if (!CBB_flush(cbb))
return 0;
return 1;
}
int
tls13_synthetic_handshake_message(struct tls13_ctx *ctx)
{
struct tls13_handshake_msg *hm = NULL;
unsigned char buf[EVP_MAX_MD_SIZE];
size_t hash_len;
CBB cbb;
CBS cbs;
SSL *s = ctx->ssl;
int ret = 0;
/*
* Replace ClientHello with synthetic handshake message - see
* RFC 8446 section 4.4.1.
*/
if (!tls1_transcript_hash_init(s))
goto err;
if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
goto err;
if ((hm = tls13_handshake_msg_new()) == NULL)
goto err;
if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH))
goto err;
if (!CBB_add_bytes(&cbb, buf, hash_len))
goto err;
if (!tls13_handshake_msg_finish(hm))
goto err;
tls13_handshake_msg_data(hm, &cbs);
tls1_transcript_reset(ctx->ssl);
if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs)))
goto err;
ret = 1;
err:
tls13_handshake_msg_free(hm);
return ret;
}
|
Changes to jni/libressl/ssl/tls13_record.c.
|
| | < < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
/* $OpenBSD: tls13_record.c,v 1.4 2020/02/15 14:36:58 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "ssl_locl.h"
#include "tls13_internal.h"
#include "tls13_record.h"
struct tls13_record {
uint16_t version;
uint8_t content_type;
size_t rec_len;
|
| ︙ | ︙ |
Changes to jni/libressl/ssl/tls13_record_layer.c.
|
| | < < > > > > > > | > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
/* $OpenBSD: tls13_record_layer.c,v 1.33 2020/05/03 15:57:25 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "ssl_locl.h"
#include "tls13_internal.h"
#include "tls13_record.h"
static ssize_t tls13_record_layer_write_chunk(struct tls13_record_layer *rl,
uint8_t content_type, const uint8_t *buf, size_t n);
static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl,
uint8_t content_type, const uint8_t *content, size_t content_len);
struct tls13_record_layer {
uint16_t legacy_version;
int ccs_allowed;
int ccs_seen;
int handshake_completed;
int legacy_alerts_allowed;
int phh;
/*
* Read and/or write channels are closed due to an alert being
* sent or received. In the case of an error alert both channels
* are closed, whereas in the case of a close notify only one
* channel is closed.
*/
int read_closed;
int write_closed;
struct tls13_record *rrec;
struct tls13_record *wrec;
uint8_t wrec_content_type;
size_t wrec_appdata_len;
size_t wrec_content_len;
/* Pending alert messages. */
uint8_t *alert_data;
size_t alert_len;
uint8_t alert_level;
uint8_t alert_desc;
/* Pending post-handshake handshake messages (RFC 8446, section 4.6). */
CBS phh_cbs;
uint8_t *phh_data;
size_t phh_len;
/* Buffer containing plaintext from opened records. */
uint8_t rbuf_content_type;
uint8_t *rbuf;
size_t rbuf_len;
CBS rbuf_cbs;
|
| ︙ | ︙ | |||
54 55 56 57 58 59 60 | struct tls13_secret read_nonce; struct tls13_secret write_nonce; uint8_t read_seq_num[TLS13_RECORD_SEQ_NUM_LEN]; uint8_t write_seq_num[TLS13_RECORD_SEQ_NUM_LEN]; /* Record callbacks. */ tls13_alert_cb alert_cb; | | > | 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 | struct tls13_secret read_nonce; struct tls13_secret write_nonce; uint8_t read_seq_num[TLS13_RECORD_SEQ_NUM_LEN]; uint8_t write_seq_num[TLS13_RECORD_SEQ_NUM_LEN]; /* Record callbacks. */ tls13_alert_cb alert_cb; tls13_phh_recv_cb phh_recv_cb; tls13_phh_sent_cb phh_sent_cb; /* Wire read/write callbacks. */ tls13_read_cb wire_read; tls13_write_cb wire_write; void *cb_arg; }; |
| ︙ | ︙ | |||
88 89 90 91 92 93 94 |
{
tls13_record_free(rl->wrec);
rl->wrec = NULL;
}
struct tls13_record_layer *
tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write,
| | > > > > > | | 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 |
{
tls13_record_free(rl->wrec);
rl->wrec = NULL;
}
struct tls13_record_layer *
tls13_record_layer_new(tls13_read_cb wire_read, tls13_write_cb wire_write,
tls13_alert_cb alert_cb,
tls13_phh_recv_cb phh_recv_cb,
tls13_phh_sent_cb phh_sent_cb,
void *cb_arg)
{
struct tls13_record_layer *rl;
if ((rl = calloc(1, sizeof(struct tls13_record_layer))) == NULL)
return NULL;
rl->legacy_version = TLS1_2_VERSION;
rl->wire_read = wire_read;
rl->wire_write = wire_write;
rl->alert_cb = alert_cb;
rl->phh_recv_cb = phh_recv_cb;
rl->phh_sent_cb = phh_sent_cb;
rl->cb_arg = cb_arg;
return rl;
}
void
tls13_record_layer_free(struct tls13_record_layer *rl)
|
| ︙ | ︙ | |||
127 128 129 130 131 132 133 | freezero(rl->write_iv.data, rl->write_iv.len); freezero(rl->read_nonce.data, rl->read_nonce.len); freezero(rl->write_nonce.data, rl->write_nonce.len); freezero(rl, sizeof(struct tls13_record_layer)); } | > > > > > > > > > > | | > > > > | < | | 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 |
freezero(rl->write_iv.data, rl->write_iv.len);
freezero(rl->read_nonce.data, rl->read_nonce.len);
freezero(rl->write_nonce.data, rl->write_nonce.len);
freezero(rl, sizeof(struct tls13_record_layer));
}
void
tls13_record_layer_rbuf(struct tls13_record_layer *rl, CBS *cbs)
{
CBS_dup(&rl->rbuf_cbs, cbs);
}
static const uint8_t tls13_max_seq_num[TLS13_RECORD_SEQ_NUM_LEN] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
};
int
tls13_record_layer_inc_seq_num(uint8_t *seq_num)
{
int i;
/* RFC 8446 section 5.3 - sequence numbers must not wrap. */
if (memcmp(seq_num, tls13_max_seq_num, TLS13_RECORD_SEQ_NUM_LEN) == 0)
return 0;
for (i = TLS13_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--) {
if (++seq_num[i] != 0)
break;
}
return 1;
}
static int
tls13_record_layer_update_nonce(struct tls13_secret *nonce,
struct tls13_secret *iv, uint8_t *seq_num)
{
ssize_t i, j;
|
| ︙ | ︙ | |||
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 |
* at least 8-bytes in length.
*/
for (i = nonce->len - 1, j = TLS13_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--, j--)
nonce->data[i] = iv->data[i] ^ (j >= 0 ? seq_num[j] : 0);
return 1;
}
void
tls13_record_layer_set_aead(struct tls13_record_layer *rl,
const EVP_AEAD *aead)
{
rl->aead = aead;
}
void
tls13_record_layer_set_hash(struct tls13_record_layer *rl,
const EVP_MD *hash)
{
rl->hash = hash;
}
void
tls13_record_layer_handshake_completed(struct tls13_record_layer *rl)
{
rl->handshake_completed = 1;
}
| > > > > > > > > > > > > > > > > > > > | 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 |
* at least 8-bytes in length.
*/
for (i = nonce->len - 1, j = TLS13_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--, j--)
nonce->data[i] = iv->data[i] ^ (j >= 0 ? seq_num[j] : 0);
return 1;
}
void
tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow)
{
rl->ccs_allowed = allow;
}
void
tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow)
{
rl->legacy_alerts_allowed = allow;
}
void
tls13_record_layer_set_aead(struct tls13_record_layer *rl,
const EVP_AEAD *aead)
{
rl->aead = aead;
}
void
tls13_record_layer_set_hash(struct tls13_record_layer *rl,
const EVP_MD *hash)
{
rl->hash = hash;
}
void
tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl,
uint16_t version)
{
rl->legacy_version = version;
}
void
tls13_record_layer_handshake_completed(struct tls13_record_layer *rl)
{
rl->handshake_completed = 1;
}
|
| ︙ | ︙ | |||
196 197 198 199 200 201 202 | * * A TLSv1.3 alert record can only contain a single alert - this means * that processing the alert must consume all of the record. The alert * will result in one of three things - continuation (user_cancelled), * read channel closure (close_notify) or termination (all others). */ if (rl->rbuf == NULL) | > | < > > | | | | | > > > > > | > > | | > > > > > > > > > > > > > > > | > > > > > > > > > > > | > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > | > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 |
*
* A TLSv1.3 alert record can only contain a single alert - this means
* that processing the alert must consume all of the record. The alert
* will result in one of three things - continuation (user_cancelled),
* read channel closure (close_notify) or termination (all others).
*/
if (rl->rbuf == NULL)
return TLS13_IO_FAILURE;
if (rl->rbuf_content_type != SSL3_RT_ALERT)
return TLS13_IO_FAILURE;
if (!CBS_get_u8(&rl->rbuf_cbs, &alert_level))
return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);
if (!CBS_get_u8(&rl->rbuf_cbs, &alert_desc))
return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);
if (CBS_len(&rl->rbuf_cbs) != 0)
return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);
tls13_record_layer_rbuf_free(rl);
/*
* Alert level is ignored for closure alerts (RFC 8446 section 6.1),
* however for error alerts (RFC 8446 section 6.2), the alert level
* must be specified as fatal.
*/
if (alert_desc == SSL_AD_CLOSE_NOTIFY) {
rl->read_closed = 1;
ret = TLS13_IO_EOF;
} else if (alert_desc == SSL_AD_USER_CANCELLED) {
/* Ignored at the record layer. */
ret = TLS13_IO_WANT_RETRY;
} else if (alert_level == SSL3_AL_FATAL) {
rl->read_closed = 1;
rl->write_closed = 1;
ret = TLS13_IO_ALERT;
} else if (rl->legacy_alerts_allowed && alert_level == SSL3_AL_WARNING) {
/* Ignored and not passed to the callback. */
return TLS13_IO_WANT_RETRY;
} else {
return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER);
}
rl->alert_cb(alert_desc, rl->cb_arg);
return ret;
}
static ssize_t
tls13_record_layer_send_alert(struct tls13_record_layer *rl)
{
ssize_t ret;
/* This has to fit into a single record, per RFC 8446 section 5.1. */
if ((ret = tls13_record_layer_write_record(rl, SSL3_RT_ALERT,
rl->alert_data, rl->alert_len)) != rl->alert_len) {
if (ret == TLS13_IO_EOF)
ret = TLS13_IO_ALERT;
return ret;
}
freezero(rl->alert_data, rl->alert_len);
rl->alert_data = NULL;
rl->alert_len = 0;
if (rl->alert_desc == SSL_AD_CLOSE_NOTIFY) {
rl->write_closed = 1;
ret = TLS13_IO_SUCCESS;
} else if (rl->alert_desc == SSL_AD_USER_CANCELLED) {
/* Ignored at the record layer. */
ret = TLS13_IO_SUCCESS;
} else {
rl->read_closed = 1;
rl->write_closed = 1;
ret = TLS13_IO_ALERT;
}
return ret;
}
static ssize_t
tls13_record_layer_send_phh(struct tls13_record_layer *rl)
{
ssize_t ret;
/* Push out pending post-handshake handshake messages. */
if ((ret = tls13_record_layer_write_chunk(rl, SSL3_RT_HANDSHAKE,
CBS_data(&rl->phh_cbs), CBS_len(&rl->phh_cbs))) < 0)
return ret;
if (!CBS_skip(&rl->phh_cbs, ret))
return TLS13_IO_FAILURE;
if (CBS_len(&rl->phh_cbs) != 0)
return TLS13_IO_WANT_RETRY;
freezero(rl->phh_data, rl->phh_len);
rl->phh_data = NULL;
rl->phh_len = 0;
CBS_init(&rl->phh_cbs, rl->phh_data, rl->phh_len);
rl->phh_sent_cb(rl->cb_arg);
return TLS13_IO_SUCCESS;
}
ssize_t
tls13_record_layer_send_pending(struct tls13_record_layer *rl)
{
/*
* If an alert is pending, then it needs to be sent. However,
* if we're already part of the way through sending post-handshake
* handshake messages, then we need to finish that first...
*/
if (rl->phh_data != NULL && CBS_len(&rl->phh_cbs) != rl->phh_len)
return tls13_record_layer_send_phh(rl);
if (rl->alert_data != NULL)
return tls13_record_layer_send_alert(rl);
if (rl->phh_data != NULL)
return tls13_record_layer_send_phh(rl);
return TLS13_IO_SUCCESS;
}
static ssize_t
tls13_record_layer_alert(struct tls13_record_layer *rl,
uint8_t alert_level, uint8_t alert_desc)
{
CBB cbb;
if (rl->alert_data != NULL)
return TLS13_IO_FAILURE;
if (!CBB_init(&cbb, 0))
goto err;
if (!CBB_add_u8(&cbb, alert_level))
goto err;
if (!CBB_add_u8(&cbb, alert_desc))
goto err;
if (!CBB_finish(&cbb, &rl->alert_data, &rl->alert_len))
goto err;
rl->alert_level = alert_level;
rl->alert_desc = alert_desc;
return tls13_record_layer_send_pending(rl);
err:
CBB_cleanup(&cbb);
return TLS13_IO_FAILURE;
}
ssize_t
tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs)
{
if (rl->phh_data != NULL)
return TLS13_IO_FAILURE;
if (!CBS_stow(cbs, &rl->phh_data, &rl->phh_len))
return TLS13_IO_FAILURE;
CBS_init(&rl->phh_cbs, rl->phh_data, rl->phh_len);
return tls13_record_layer_send_pending(rl);
}
static int
tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, EVP_AEAD_CTX *aead_ctx,
const EVP_MD *hash, struct tls13_secret *iv, struct tls13_secret *nonce,
struct tls13_secret *traffic_key)
{
|
| ︙ | ︙ | |||
404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 |
return 0;
}
static int
tls13_record_layer_open_record(struct tls13_record_layer *rl)
{
if (rl->aead == NULL)
return tls13_record_layer_open_record_plaintext(rl);
return tls13_record_layer_open_record_protected(rl);
}
static int
tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl,
uint8_t content_type, const uint8_t *content, size_t content_len)
{
uint8_t *data = NULL;
size_t data_len = 0;
| > > > < < < < | > > > | 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 |
return 0;
}
static int
tls13_record_layer_open_record(struct tls13_record_layer *rl)
{
if (rl->handshake_completed && rl->aead == NULL)
return 0;
if (rl->aead == NULL)
return tls13_record_layer_open_record_plaintext(rl);
return tls13_record_layer_open_record_protected(rl);
}
static int
tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl,
uint8_t content_type, const uint8_t *content, size_t content_len)
{
uint8_t *data = NULL;
size_t data_len = 0;
CBB cbb, body;
if (rl->aead != NULL)
return 0;
/*
* We're still operating in plaintext mode, so just copy the
* content into the record.
*/
if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN + content_len))
goto err;
if (!CBB_add_u8(&cbb, content_type))
goto err;
if (!CBB_add_u16(&cbb, rl->legacy_version))
goto err;
if (!CBB_add_u16_length_prefixed(&cbb, &body))
goto err;
if (!CBB_add_bytes(&body, content, content_len))
goto err;
if (!CBB_finish(&cbb, &data, &data_len))
goto err;
if (!tls13_record_set_data(rl->wrec, data, data_len))
goto err;
rl->wrec_content_len = content_len;
rl->wrec_content_type = content_type;
return 1;
err:
CBB_cleanup(&cbb);
freezero(data, data_len);
return 0;
|
| ︙ | ︙ | |||
538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 |
if (!tls13_record_layer_inc_seq_num(rl->write_seq_num))
goto err;
if (!tls13_record_set_data(rl->wrec, data, data_len))
goto err;
data = NULL;
data_len = 0;
ret = 1;
err:
CBB_cleanup(&cbb);
freezero(data, data_len);
freezero(header, header_len);
freezero(inner, inner_len);
return ret;
}
static int
tls13_record_layer_seal_record(struct tls13_record_layer *rl,
uint8_t content_type, const uint8_t *content, size_t content_len)
{
tls13_record_layer_wrec_free(rl);
if ((rl->wrec = tls13_record_new()) == NULL)
return 0;
if (rl->aead == NULL)
return tls13_record_layer_seal_record_plaintext(rl,
| > > > > > > | 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 |
if (!tls13_record_layer_inc_seq_num(rl->write_seq_num))
goto err;
if (!tls13_record_set_data(rl->wrec, data, data_len))
goto err;
rl->wrec_content_len = content_len;
rl->wrec_content_type = content_type;
data = NULL;
data_len = 0;
ret = 1;
err:
CBB_cleanup(&cbb);
freezero(data, data_len);
freezero(header, header_len);
freezero(inner, inner_len);
return ret;
}
static int
tls13_record_layer_seal_record(struct tls13_record_layer *rl,
uint8_t content_type, const uint8_t *content, size_t content_len)
{
if (rl->handshake_completed && rl->aead == NULL)
return 0;
tls13_record_layer_wrec_free(rl);
if ((rl->wrec = tls13_record_new()) == NULL)
return 0;
if (rl->aead == NULL)
return tls13_record_layer_seal_record_plaintext(rl,
|
| ︙ | ︙ | |||
597 598 599 600 601 602 603 |
* Bag of hacks ahead... after the first ClientHello message has been
* sent or received and before the peer's Finished message has been
* received, we may receive an unencrypted ChangeCipherSpec record
* (see RFC 8446 section 5 and appendix D.4). This record must be
* ignored.
*/
if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
| < | | < < | | < < | | < < | | < < | | | | < < | | < < | < | | > > > > > > > > > | > > > < < < > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > | < > > | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > | | > > > > > > | | | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 |
* Bag of hacks ahead... after the first ClientHello message has been
* sent or received and before the peer's Finished message has been
* received, we may receive an unencrypted ChangeCipherSpec record
* (see RFC 8446 section 5 and appendix D.4). This record must be
* ignored.
*/
if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
if (!rl->ccs_allowed || rl->ccs_seen >= 2)
return tls13_send_alert(rl, SSL_AD_UNEXPECTED_MESSAGE);
if (!tls13_record_content(rl->rrec, &cbs))
return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);
if (!CBS_get_u8(&cbs, &ccs))
return tls13_send_alert(rl, TLS1_AD_DECODE_ERROR);
if (ccs != 1)
return tls13_send_alert(rl, SSL_AD_ILLEGAL_PARAMETER);
rl->ccs_seen++;
tls13_record_layer_rrec_free(rl);
return TLS13_IO_WANT_RETRY;
}
/*
* Once record protection is engaged, we should only receive
* protected application data messages (aside from the
* dummy ChangeCipherSpec messages, handled above).
*/
if (rl->aead != NULL && content_type != SSL3_RT_APPLICATION_DATA)
return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);
if (!tls13_record_layer_open_record(rl))
goto err;
tls13_record_layer_rrec_free(rl);
switch (rl->rbuf_content_type) {
case SSL3_RT_ALERT:
return tls13_record_layer_process_alert(rl);
case SSL3_RT_HANDSHAKE:
break;
case SSL3_RT_APPLICATION_DATA:
if (!rl->handshake_completed)
return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);
break;
default:
return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);
}
return TLS13_IO_SUCCESS;
err:
return TLS13_IO_FAILURE;
}
static ssize_t
tls13_record_layer_pending(struct tls13_record_layer *rl, uint8_t content_type)
{
if (rl->rbuf_content_type != content_type)
return 0;
return CBS_len(&rl->rbuf_cbs);
}
static ssize_t
tls13_record_layer_read_internal(struct tls13_record_layer *rl,
uint8_t content_type, uint8_t *buf, size_t n, int peek)
{
ssize_t ret;
if ((ret = tls13_record_layer_send_pending(rl)) != TLS13_IO_SUCCESS)
return ret;
if (rl->read_closed)
return TLS13_IO_EOF;
/* If necessary, pull up the next record. */
if (CBS_len(&rl->rbuf_cbs) == 0) {
if ((ret = tls13_record_layer_read_record(rl)) <= 0)
return ret;
/* XXX - need to check record version. */
}
/*
* If we are in post handshake handshake mode, we may not see
* any record type that isn't a handshake until we are done.
*/
if (rl->phh && rl->rbuf_content_type != SSL3_RT_HANDSHAKE)
return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);
if (rl->rbuf_content_type != content_type) {
/*
* Handshake content can appear as post-handshake messages (yup,
* the RFC reused the same content type...), which means we can
* be trying to read application data and need to handle a
* post-handshake handshake message instead...
*/
if (rl->rbuf_content_type == SSL3_RT_HANDSHAKE) {
if (rl->handshake_completed) {
rl->phh = 1;
ret = TLS13_IO_FAILURE;
/*
* The post handshake handshake
* receive callback is allowed to
* return:
*
* TLS13_IO_WANT_POLLIN ->
* I need more handshake data.
*
* TLS13_IO_WANT_POLLOUT -> I got the
* whole handshake message, and have
* enqueued a response
*
* TLS13_IO_SUCCESS -> I got the whole handshake,
* nothing more to do
*
* TLS13_IO_FAILURE -> something broke.
*/
if (rl->phh_recv_cb != NULL) {
ret = rl->phh_recv_cb(
rl->cb_arg, &rl->rbuf_cbs);
}
tls13_record_layer_rbuf_free(rl);
if (ret == TLS13_IO_WANT_POLLIN)
return ret;
/*
* leave post handshake handshake mode
* if we do not need more handshake data
*/
rl->phh = 0;
if (ret == TLS13_IO_SUCCESS)
return TLS13_IO_WANT_RETRY;
return ret;
}
}
return tls13_send_alert(rl, SSL3_AD_UNEXPECTED_MESSAGE);
}
if (n > CBS_len(&rl->rbuf_cbs))
n = CBS_len(&rl->rbuf_cbs);
/* XXX - CBS_memcpy? CBS_copy_bytes? */
memcpy(buf, CBS_data(&rl->rbuf_cbs), n);
if (!peek) {
if (!CBS_skip(&rl->rbuf_cbs, n))
goto err;
}
if (CBS_len(&rl->rbuf_cbs) == 0)
tls13_record_layer_rbuf_free(rl);
return n;
err:
return TLS13_IO_FAILURE;
}
static ssize_t
tls13_record_layer_peek(struct tls13_record_layer *rl, uint8_t content_type,
uint8_t *buf, size_t n)
{
ssize_t ret;
do {
ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 1);
} while (ret == TLS13_IO_WANT_RETRY);
return ret;
}
static ssize_t
tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
uint8_t *buf, size_t n)
{
ssize_t ret;
do {
ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 0);
} while (ret == TLS13_IO_WANT_RETRY);
return ret;
}
static ssize_t
tls13_record_layer_write_record(struct tls13_record_layer *rl,
uint8_t content_type, const uint8_t *content, size_t content_len)
{
ssize_t ret;
if (rl->write_closed)
return TLS13_IO_EOF;
/*
* If we pushed out application data while handling other messages,
* we need to return content length on the next call.
*/
if (content_type == SSL3_RT_APPLICATION_DATA &&
rl->wrec_appdata_len != 0) {
ret = rl->wrec_appdata_len;
rl->wrec_appdata_len = 0;
return ret;
}
/* See if there is an existing record and attempt to push it out... */
if (rl->wrec != NULL) {
if ((ret = tls13_record_send(rl->wrec, rl->wire_write,
rl->cb_arg)) <= 0)
return ret;
tls13_record_layer_wrec_free(rl);
if (rl->wrec_content_type == content_type) {
ret = rl->wrec_content_len;
rl->wrec_content_len = 0;
rl->wrec_content_type = 0;
return ret;
}
/*
* The only partial record type should be application data.
* All other cases are handled to completion.
*/
if (rl->wrec_content_type != SSL3_RT_APPLICATION_DATA)
return TLS13_IO_FAILURE;
rl->wrec_appdata_len = rl->wrec_content_len;
}
if (content_len > TLS13_RECORD_MAX_PLAINTEXT_LEN)
goto err;
if (!tls13_record_layer_seal_record(rl, content_type, content, content_len))
goto err;
if ((ret = tls13_record_send(rl->wrec, rl->wire_write, rl->cb_arg)) <= 0)
return ret;
tls13_record_layer_wrec_free(rl);
return content_len;
err:
return TLS13_IO_FAILURE;
}
static ssize_t
tls13_record_layer_write_chunk(struct tls13_record_layer *rl,
uint8_t content_type, const uint8_t *buf, size_t n)
{
if (n > TLS13_RECORD_MAX_PLAINTEXT_LEN)
n = TLS13_RECORD_MAX_PLAINTEXT_LEN;
return tls13_record_layer_write_record(rl, content_type, buf, n);
}
static ssize_t
tls13_record_layer_write(struct tls13_record_layer *rl, uint8_t content_type,
const uint8_t *buf, size_t n)
{
ssize_t ret;
do {
ret = tls13_record_layer_send_pending(rl);
} while (ret == TLS13_IO_WANT_RETRY);
if (ret != TLS13_IO_SUCCESS)
return ret;
do {
ret = tls13_record_layer_write_chunk(rl, content_type, buf, n);
} while (ret == TLS13_IO_WANT_RETRY);
return ret;
}
ssize_t
tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
{
return tls13_record_layer_read(rl, SSL3_RT_HANDSHAKE, buf, n);
}
ssize_t
tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
size_t n)
{
return tls13_record_layer_write(rl, SSL3_RT_HANDSHAKE, buf, n);
}
ssize_t
tls13_pending_application_data(struct tls13_record_layer *rl)
{
if (!rl->handshake_completed)
return 0;
return tls13_record_layer_pending(rl, SSL3_RT_APPLICATION_DATA);
}
ssize_t
tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
{
if (!rl->handshake_completed)
return TLS13_IO_FAILURE;
return tls13_record_layer_peek(rl, SSL3_RT_APPLICATION_DATA, buf, n);
}
ssize_t
tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
{
if (!rl->handshake_completed)
return TLS13_IO_FAILURE;
return tls13_record_layer_read(rl, SSL3_RT_APPLICATION_DATA, buf, n);
}
ssize_t
tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
size_t n)
{
if (!rl->handshake_completed)
return TLS13_IO_FAILURE;
return tls13_record_layer_write(rl, SSL3_RT_APPLICATION_DATA, buf, n);
}
ssize_t
tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc)
{
uint8_t alert_level = SSL3_AL_FATAL;
ssize_t ret;
if (alert_desc == SSL_AD_CLOSE_NOTIFY ||
alert_desc == SSL_AD_USER_CANCELLED)
alert_level = SSL3_AL_WARNING;
do {
ret = tls13_record_layer_alert(rl, alert_level, alert_desc);
} while (ret == TLS13_IO_WANT_RETRY);
return ret;
}
|
Changes to jni/libressl/tap-driver.sh.
1 | #! /bin/sh | | | 1 2 3 4 5 6 7 8 9 | #! /bin/sh # Copyright (C) 2011-2020 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, |
| ︙ | ︙ |
Changes to jni/libressl/test-driver.
1 2 3 4 5 | #! /bin/sh # test-driver - basic testsuite driver script. scriptversion=2018-03-07.03; # UTC | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 | #! /bin/sh # test-driver - basic testsuite driver script. scriptversion=2018-03-07.03; # UTC # Copyright (C) 2011-2020 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, |
| ︙ | ︙ |
Changes to jni/libressl/tests/CMakeLists.txt.
| ︙ | ︙ | |||
125 126 127 128 129 130 131 |
# cipherstest
add_executable(cipherstest cipherstest.c)
target_link_libraries(cipherstest ${OPENSSL_LIBS})
add_test(cipherstest cipherstest)
# clienttest
| > | | | > > > > > | 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 |
# cipherstest
add_executable(cipherstest cipherstest.c)
target_link_libraries(cipherstest ${OPENSSL_LIBS})
add_test(cipherstest cipherstest)
# clienttest
# disabled
#add_executable(clienttest clienttest.c)
#target_link_libraries(clienttest ${OPENSSL_LIBS})
#add_test(clienttest clienttest)
# cmstest
add_executable(cmstest cmstest.c)
target_link_libraries(cmstest ${OPENSSL_LIBS})
add_test(cmstest cmstest)
# configtest
add_executable(configtest configtest.c)
target_link_libraries(configtest ${OPENSSL_LIBS})
add_test(configtest configtest)
# cts128test
|
| ︙ | ︙ | |||
214 215 216 217 218 219 220 221 222 223 224 225 226 227 |
target_link_libraries(gcm128test ${OPENSSL_LIBS})
add_test(gcm128test gcm128test)
# gost2814789t
add_executable(gost2814789t gost2814789t.c)
target_link_libraries(gost2814789t ${OPENSSL_LIBS})
add_test(gost2814789t gost2814789t)
# hkdf_test
add_executable(hkdf_test hkdf_test.c)
target_link_libraries(hkdf_test ${OPENSSL_LIBS})
add_test(hkdf_test hkdf_test)
# hmactest
| > > > > > > > | 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 |
target_link_libraries(gcm128test ${OPENSSL_LIBS})
add_test(gcm128test gcm128test)
# gost2814789t
add_executable(gost2814789t gost2814789t.c)
target_link_libraries(gost2814789t ${OPENSSL_LIBS})
add_test(gost2814789t gost2814789t)
# handshake_table
if(NOT BUILD_SHARED_LIBS)
add_executable(handshake_table handshake_table.c)
target_link_libraries(handshake_table ${OPENSSL_LIBS})
add_test(handshake_table handshake_table)
endif()
# hkdf_test
add_executable(hkdf_test hkdf_test.c)
target_link_libraries(hkdf_test ${OPENSSL_LIBS})
add_test(hkdf_test hkdf_test)
# hmactest
|
| ︙ | ︙ | |||
341 342 343 344 345 346 347 348 349 350 351 352 353 354 |
# recordtest
if(NOT BUILD_SHARED_LIBS)
add_executable(recordtest recordtest.c)
target_link_libraries(recordtest ${OPENSSL_LIBS})
add_test(recordtest recordtest)
endif()
# rfc5280time
add_executable(rfc5280time rfc5280time.c)
target_link_libraries(rfc5280time ${OPENSSL_LIBS})
if(SMALL_TIME_T)
add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test)
else()
| > > > > > > > | 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 |
# recordtest
if(NOT BUILD_SHARED_LIBS)
add_executable(recordtest recordtest.c)
target_link_libraries(recordtest ${OPENSSL_LIBS})
add_test(recordtest recordtest)
endif()
# record_layer_test
if(NOT BUILD_SHARED_LIBS)
add_executable(record_layer_test record_layer_test.c)
target_link_libraries(record_layer_test ${OPENSSL_LIBS})
add_test(record_layer_test record_layer_test)
endif()
# rfc5280time
add_executable(rfc5280time rfc5280time.c)
target_link_libraries(rfc5280time ${OPENSSL_LIBS})
if(SMALL_TIME_T)
add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test)
else()
|
| ︙ | ︙ |
Changes to jni/libressl/tests/Makefile.am.
| ︙ | ︙ | |||
127 128 129 130 131 132 133 | # cipherstest TESTS += cipherstest check_PROGRAMS += cipherstest cipherstest_SOURCES = cipherstest.c # clienttest | > | | | > > > > > | 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 | # cipherstest TESTS += cipherstest check_PROGRAMS += cipherstest cipherstest_SOURCES = cipherstest.c # clienttest # disabled #TESTS += clienttest #check_PROGRAMS += clienttest #clienttest_SOURCES = clienttest.c # cmstest TESTS += cmstest check_PROGRAMS += cmstest cmstest_SOURCES = cmstest.c # configtest TESTS += configtest check_PROGRAMS += configtest configtest_SOURCES = configtest.c # cts128test |
| ︙ | ︙ | |||
218 219 220 221 222 223 224 | # gost2814789t TESTS += gost2814789t check_PROGRAMS += gost2814789t gost2814789t_SOURCES = gost2814789t.c # handshake_table | | > | 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 | # gost2814789t TESTS += gost2814789t check_PROGRAMS += gost2814789t gost2814789t_SOURCES = gost2814789t.c # handshake_table TESTS += handshake_table check_PROGRAMS += handshake_table handshake_table_SOURCES = handshake_table.c # hkdf_test TESTS += hkdftest check_PROGRAMS += hkdftest hkdftest_SOURCES = hkdf_test.c |
| ︙ | ︙ | |||
332 333 334 335 336 337 338 339 340 341 342 343 344 345 | rc4test_SOURCES = rc4test.c # recordtest TESTS += recordtest check_PROGRAMS += recordtest recordtest_SOURCES = recordtest.c # rfc5280time check_PROGRAMS += rfc5280time rfc5280time_SOURCES = rfc5280time.c if SMALL_TIME_T TESTS += rfc5280time_small.test else TESTS += rfc5280time | > > > > > | 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 | rc4test_SOURCES = rc4test.c # recordtest TESTS += recordtest check_PROGRAMS += recordtest recordtest_SOURCES = recordtest.c # record_layer_test TESTS += record_layer_test check_PROGRAMS += record_layer_test record_layer_test_SOURCES = record_layer_test.c # rfc5280time check_PROGRAMS += rfc5280time rfc5280time_SOURCES = rfc5280time.c if SMALL_TIME_T TESTS += rfc5280time_small.test else TESTS += rfc5280time |
| ︙ | ︙ |
Changes to jni/libressl/tests/Makefile.in.
|
| | | < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# Makefile.in generated by automake 1.16.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
|
| ︙ | ︙ | |||
92 93 94 95 96 97 98 | @HOST_ASM_MACOSX_X86_64_TRUE@am__append_1 = $(abs_top_builddir)/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o TESTS = aeadtest.sh aes_wrap$(EXEEXT) $(am__append_2) asn1evp$(EXEEXT) \ asn1test$(EXEEXT) asn1time$(EXEEXT) base64test$(EXEEXT) \ bftest$(EXEEXT) $(am__EXEEXT_2) bnaddsub$(EXEEXT) \ bn_rand_interval$(EXEEXT) bntest$(EXEEXT) \ bn_to_string$(EXEEXT) buffertest$(EXEEXT) \ bytestringtest$(EXEEXT) casttest$(EXEEXT) chachatest$(EXEEXT) \ | | | > | | | | | | | | | | | | | | > | | 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 | @HOST_ASM_MACOSX_X86_64_TRUE@am__append_1 = $(abs_top_builddir)/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o TESTS = aeadtest.sh aes_wrap$(EXEEXT) $(am__append_2) asn1evp$(EXEEXT) \ asn1test$(EXEEXT) asn1time$(EXEEXT) base64test$(EXEEXT) \ bftest$(EXEEXT) $(am__EXEEXT_2) bnaddsub$(EXEEXT) \ bn_rand_interval$(EXEEXT) bntest$(EXEEXT) \ bn_to_string$(EXEEXT) buffertest$(EXEEXT) \ bytestringtest$(EXEEXT) casttest$(EXEEXT) chachatest$(EXEEXT) \ cipher_list$(EXEEXT) cipherstest$(EXEEXT) cmstest$(EXEEXT) \ configtest$(EXEEXT) cts128test$(EXEEXT) destest$(EXEEXT) \ dhtest$(EXEEXT) dsatest$(EXEEXT) ecdhtest$(EXEEXT) \ ecdsatest$(EXEEXT) ectest$(EXEEXT) enginetest$(EXEEXT) \ evptest.sh $(am__EXEEXT_3) exptest$(EXEEXT) freenull$(EXEEXT) \ gcm128test$(EXEEXT) gost2814789t$(EXEEXT) \ handshake_table$(EXEEXT) hkdftest$(EXEEXT) hmactest$(EXEEXT) \ ideatest$(EXEEXT) igetest$(EXEEXT) keypairtest.sh \ key_schedule$(EXEEXT) md4test$(EXEEXT) md5test$(EXEEXT) \ mont$(EXEEXT) $(am__append_9) optionstest$(EXEEXT) \ pbkdf2$(EXEEXT) $(am__append_11) pkcs7test$(EXEEXT) \ poly1305test$(EXEEXT) pq_test.sh randtest$(EXEEXT) \ rc2test$(EXEEXT) rc4test$(EXEEXT) recordtest$(EXEEXT) \ record_layer_test$(EXEEXT) $(am__append_13) $(am__EXEEXT_6) \ rmdtest$(EXEEXT) rsa_test$(EXEEXT) servertest.sh \ sha1test$(EXEEXT) sha256test$(EXEEXT) sha512test$(EXEEXT) \ sm3test$(EXEEXT) sm4test$(EXEEXT) ssl_versions$(EXEEXT) \ ssltest.sh testdsa.sh testenc.sh testrsa.sh \ timingsafe$(EXEEXT) tlsexttest$(EXEEXT) tlstest.sh \ tls_ext_alpn$(EXEEXT) tls_prf$(EXEEXT) utf8test$(EXEEXT) \ valid_handshakes_terminate$(EXEEXT) verifytest$(EXEEXT) \ x25519test$(EXEEXT) x509name$(EXEEXT) check_PROGRAMS = aeadtest$(EXEEXT) aes_wrap$(EXEEXT) $(am__EXEEXT_1) \ asn1evp$(EXEEXT) asn1test$(EXEEXT) asn1time$(EXEEXT) \ base64test$(EXEEXT) bftest$(EXEEXT) $(am__EXEEXT_2) \ bnaddsub$(EXEEXT) bn_rand_interval$(EXEEXT) bntest$(EXEEXT) \ bn_to_string$(EXEEXT) buffertest$(EXEEXT) \ bytestringtest$(EXEEXT) casttest$(EXEEXT) chachatest$(EXEEXT) \ cipher_list$(EXEEXT) cipherstest$(EXEEXT) cmstest$(EXEEXT) \ configtest$(EXEEXT) cts128test$(EXEEXT) destest$(EXEEXT) \ dhtest$(EXEEXT) dsatest$(EXEEXT) ecdhtest$(EXEEXT) \ ecdsatest$(EXEEXT) ectest$(EXEEXT) enginetest$(EXEEXT) \ evptest$(EXEEXT) $(am__EXEEXT_3) exptest$(EXEEXT) \ freenull$(EXEEXT) gcm128test$(EXEEXT) gost2814789t$(EXEEXT) \ handshake_table$(EXEEXT) hkdftest$(EXEEXT) hmactest$(EXEEXT) \ ideatest$(EXEEXT) igetest$(EXEEXT) keypairtest$(EXEEXT) \ key_schedule$(EXEEXT) md4test$(EXEEXT) md5test$(EXEEXT) \ mont$(EXEEXT) $(am__EXEEXT_4) optionstest$(EXEEXT) \ pbkdf2$(EXEEXT) $(am__EXEEXT_5) pkcs7test$(EXEEXT) \ poly1305test$(EXEEXT) pq_test$(EXEEXT) randtest$(EXEEXT) \ rc2test$(EXEEXT) rc4test$(EXEEXT) recordtest$(EXEEXT) \ record_layer_test$(EXEEXT) rfc5280time$(EXEEXT) \ rmdtest$(EXEEXT) rsa_test$(EXEEXT) servertest$(EXEEXT) \ sha1test$(EXEEXT) sha256test$(EXEEXT) sha512test$(EXEEXT) \ sm3test$(EXEEXT) sm4test$(EXEEXT) ssl_versions$(EXEEXT) \ ssltest$(EXEEXT) timingsafe$(EXEEXT) tlsexttest$(EXEEXT) \ tlstest$(EXEEXT) tls_ext_alpn$(EXEEXT) tls_prf$(EXEEXT) \ utf8test$(EXEEXT) valid_handshakes_terminate$(EXEEXT) \ verifytest$(EXEEXT) x25519test$(EXEEXT) x509name$(EXEEXT) |
| ︙ | ︙ | |||
155 156 157 158 159 160 161 | @ENABLE_EXTRATESTS_TRUE@am__append_5 = biotest # explicit_bzero # explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_6 = explicit_bzero @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_7 = explicit_bzero @HAVE_MEMMEM_FALSE@@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_8 = compat/memmem.c | < | 156 157 158 159 160 161 162 163 164 165 166 167 168 169 | @ENABLE_EXTRATESTS_TRUE@am__append_5 = biotest # explicit_bzero # explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_6 = explicit_bzero @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_7 = explicit_bzero @HAVE_MEMMEM_FALSE@@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__append_8 = compat/memmem.c # ocsp_test @ENABLE_EXTRATESTS_TRUE@am__append_9 = ocsptest.sh @ENABLE_EXTRATESTS_TRUE@am__append_10 = ocsp_test # pidwraptest # pidwraptest relies on an OS-specific way to give out pids and is generally |
| ︙ | ︙ | |||
191 192 193 194 195 196 197 | CONFIG_CLEAN_VPATH_FILES = @HOST_WIN_FALSE@am__EXEEXT_1 = arc4randomforktest$(EXEEXT) @ENABLE_EXTRATESTS_TRUE@am__EXEEXT_2 = biotest$(EXEEXT) @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__EXEEXT_3 = \ @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@ explicit_bzero$(EXEEXT) @ENABLE_EXTRATESTS_TRUE@am__EXEEXT_4 = ocsp_test$(EXEEXT) @ENABLE_EXTRATESTS_TRUE@am__EXEEXT_5 = pidwraptest$(EXEEXT) | < | 191 192 193 194 195 196 197 198 199 200 201 202 203 204 | CONFIG_CLEAN_VPATH_FILES = @HOST_WIN_FALSE@am__EXEEXT_1 = arc4randomforktest$(EXEEXT) @ENABLE_EXTRATESTS_TRUE@am__EXEEXT_2 = biotest$(EXEEXT) @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__EXEEXT_3 = \ @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@ explicit_bzero$(EXEEXT) @ENABLE_EXTRATESTS_TRUE@am__EXEEXT_4 = ocsp_test$(EXEEXT) @ENABLE_EXTRATESTS_TRUE@am__EXEEXT_5 = pidwraptest$(EXEEXT) am_aeadtest_OBJECTS = aeadtest.$(OBJEXT) aeadtest_OBJECTS = $(am_aeadtest_OBJECTS) aeadtest_LDADD = $(LDADD) am__DEPENDENCIES_1 = aeadtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ |
| ︙ | ︙ | |||
335 336 337 338 339 340 341 | am_cipherstest_OBJECTS = cipherstest.$(OBJEXT) cipherstest_OBJECTS = $(am_cipherstest_OBJECTS) cipherstest_LDADD = $(LDADD) cipherstest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) | | | | | | 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 | am_cipherstest_OBJECTS = cipherstest.$(OBJEXT) cipherstest_OBJECTS = $(am_cipherstest_OBJECTS) cipherstest_LDADD = $(LDADD) cipherstest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_cmstest_OBJECTS = cmstest.$(OBJEXT) cmstest_OBJECTS = $(am_cmstest_OBJECTS) cmstest_LDADD = $(LDADD) cmstest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_configtest_OBJECTS = configtest.$(OBJEXT) configtest_OBJECTS = $(am_configtest_OBJECTS) configtest_LDADD = $(LDADD) configtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ |
| ︙ | ︙ | |||
595 596 597 598 599 600 601 602 603 604 605 606 607 608 | am_rc4test_OBJECTS = rc4test.$(OBJEXT) rc4test_OBJECTS = $(am_rc4test_OBJECTS) rc4test_LDADD = $(LDADD) rc4test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_recordtest_OBJECTS = recordtest.$(OBJEXT) recordtest_OBJECTS = $(am_recordtest_OBJECTS) recordtest_LDADD = $(LDADD) recordtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) | > > > > > > > > | 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 | am_rc4test_OBJECTS = rc4test.$(OBJEXT) rc4test_OBJECTS = $(am_rc4test_OBJECTS) rc4test_LDADD = $(LDADD) rc4test_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_record_layer_test_OBJECTS = record_layer_test.$(OBJEXT) record_layer_test_OBJECTS = $(am_record_layer_test_OBJECTS) record_layer_test_LDADD = $(LDADD) record_layer_test_DEPENDENCIES = \ $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) am_recordtest_OBJECTS = recordtest.$(OBJEXT) recordtest_OBJECTS = $(am_recordtest_OBJECTS) recordtest_LDADD = $(LDADD) recordtest_DEPENDENCIES = $(abs_top_builddir)/tls/.libs/libtls.a \ $(abs_top_builddir)/ssl/.libs/libssl.a \ $(abs_top_builddir)/crypto/.libs/libcrypto.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_1) |
| ︙ | ︙ | |||
779 780 781 782 783 784 785 | ./$(DEPDIR)/base64test.Po ./$(DEPDIR)/bftest.Po \ ./$(DEPDIR)/biotest.Po ./$(DEPDIR)/bn_rand_interval.Po \ ./$(DEPDIR)/bn_to_string.Po ./$(DEPDIR)/bnaddsub.Po \ ./$(DEPDIR)/bntest-bntest.Po \ ./$(DEPDIR)/buffertest-buffertest.Po \ ./$(DEPDIR)/bytestringtest.Po ./$(DEPDIR)/casttest.Po \ ./$(DEPDIR)/chachatest.Po ./$(DEPDIR)/cipher_list.Po \ | | | > | | | | | | | | < | 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 | ./$(DEPDIR)/base64test.Po ./$(DEPDIR)/bftest.Po \ ./$(DEPDIR)/biotest.Po ./$(DEPDIR)/bn_rand_interval.Po \ ./$(DEPDIR)/bn_to_string.Po ./$(DEPDIR)/bnaddsub.Po \ ./$(DEPDIR)/bntest-bntest.Po \ ./$(DEPDIR)/buffertest-buffertest.Po \ ./$(DEPDIR)/bytestringtest.Po ./$(DEPDIR)/casttest.Po \ ./$(DEPDIR)/chachatest.Po ./$(DEPDIR)/cipher_list.Po \ ./$(DEPDIR)/cipherstest.Po ./$(DEPDIR)/cmstest.Po \ ./$(DEPDIR)/configtest.Po ./$(DEPDIR)/cts128test.Po \ ./$(DEPDIR)/destest.Po ./$(DEPDIR)/dhtest.Po \ ./$(DEPDIR)/dsatest.Po ./$(DEPDIR)/ecdhtest.Po \ ./$(DEPDIR)/ecdsatest.Po ./$(DEPDIR)/ectest.Po \ ./$(DEPDIR)/enginetest.Po ./$(DEPDIR)/evptest.Po \ ./$(DEPDIR)/explicit_bzero.Po ./$(DEPDIR)/exptest-exptest.Po \ ./$(DEPDIR)/freenull.Po ./$(DEPDIR)/gcm128test.Po \ ./$(DEPDIR)/gost2814789t.Po ./$(DEPDIR)/handshake_table.Po \ ./$(DEPDIR)/hkdf_test.Po ./$(DEPDIR)/hmactest.Po \ ./$(DEPDIR)/ideatest.Po ./$(DEPDIR)/igetest.Po \ ./$(DEPDIR)/key_schedule.Po ./$(DEPDIR)/keypairtest.Po \ ./$(DEPDIR)/md4test.Po ./$(DEPDIR)/md5test.Po \ ./$(DEPDIR)/mont.Po ./$(DEPDIR)/ocsp_test.Po \ ./$(DEPDIR)/optionstest.Po ./$(DEPDIR)/pbkdf2.Po \ ./$(DEPDIR)/pidwraptest.Po ./$(DEPDIR)/pkcs7test.Po \ ./$(DEPDIR)/poly1305test.Po ./$(DEPDIR)/pq_test.Po \ ./$(DEPDIR)/randtest.Po ./$(DEPDIR)/rc2test.Po \ ./$(DEPDIR)/rc4test.Po ./$(DEPDIR)/record_layer_test.Po \ ./$(DEPDIR)/recordtest.Po ./$(DEPDIR)/rfc5280time.Po \ ./$(DEPDIR)/rmdtest.Po ./$(DEPDIR)/rsa_test.Po \ ./$(DEPDIR)/servertest.Po ./$(DEPDIR)/sha1test.Po \ ./$(DEPDIR)/sha256test.Po ./$(DEPDIR)/sha512test.Po \ ./$(DEPDIR)/sm3test.Po ./$(DEPDIR)/sm4test.Po \ ./$(DEPDIR)/ssl_versions.Po ./$(DEPDIR)/ssltest.Po \ ./$(DEPDIR)/timingsafe.Po ./$(DEPDIR)/tls_ext_alpn.Po \ ./$(DEPDIR)/tls_prf.Po ./$(DEPDIR)/tlsexttest.Po \ ./$(DEPDIR)/tlstest.Po ./$(DEPDIR)/utf8test.Po \ ./$(DEPDIR)/valid_handshakes_terminate.Po \ ./$(DEPDIR)/verifytest.Po ./$(DEPDIR)/x25519test.Po \ ./$(DEPDIR)/x509name.Po compat/$(DEPDIR)/memmem.Po \ compat/$(DEPDIR)/pipe2.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) |
| ︙ | ︙ | |||
838 839 840 841 842 843 844 | $(arc4randomforktest_SOURCES) $(asn1evp_SOURCES) \ $(asn1test_SOURCES) $(asn1time_SOURCES) $(base64test_SOURCES) \ $(bftest_SOURCES) $(biotest_SOURCES) \ $(bn_rand_interval_SOURCES) $(bn_to_string_SOURCES) \ $(bnaddsub_SOURCES) $(bntest_SOURCES) $(buffertest_SOURCES) \ $(bytestringtest_SOURCES) $(casttest_SOURCES) \ $(chachatest_SOURCES) $(cipher_list_SOURCES) \ | | | > | | > | 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 | $(arc4randomforktest_SOURCES) $(asn1evp_SOURCES) \ $(asn1test_SOURCES) $(asn1time_SOURCES) $(base64test_SOURCES) \ $(bftest_SOURCES) $(biotest_SOURCES) \ $(bn_rand_interval_SOURCES) $(bn_to_string_SOURCES) \ $(bnaddsub_SOURCES) $(bntest_SOURCES) $(buffertest_SOURCES) \ $(bytestringtest_SOURCES) $(casttest_SOURCES) \ $(chachatest_SOURCES) $(cipher_list_SOURCES) \ $(cipherstest_SOURCES) $(cmstest_SOURCES) \ $(configtest_SOURCES) $(cts128test_SOURCES) $(destest_SOURCES) \ $(dhtest_SOURCES) $(dsatest_SOURCES) $(ecdhtest_SOURCES) \ $(ecdsatest_SOURCES) $(ectest_SOURCES) $(enginetest_SOURCES) \ $(evptest_SOURCES) $(explicit_bzero_SOURCES) \ $(exptest_SOURCES) $(freenull_SOURCES) $(gcm128test_SOURCES) \ $(gost2814789t_SOURCES) $(handshake_table_SOURCES) \ $(hkdftest_SOURCES) $(hmactest_SOURCES) $(ideatest_SOURCES) \ $(igetest_SOURCES) $(key_schedule_SOURCES) \ $(keypairtest_SOURCES) $(md4test_SOURCES) $(md5test_SOURCES) \ $(mont_SOURCES) $(ocsp_test_SOURCES) $(optionstest_SOURCES) \ $(pbkdf2_SOURCES) $(pidwraptest_SOURCES) $(pkcs7test_SOURCES) \ $(poly1305test_SOURCES) $(pq_test_SOURCES) $(randtest_SOURCES) \ $(rc2test_SOURCES) $(rc4test_SOURCES) \ $(record_layer_test_SOURCES) $(recordtest_SOURCES) \ $(rfc5280time_SOURCES) $(rmdtest_SOURCES) $(rsa_test_SOURCES) \ $(servertest_SOURCES) $(sha1test_SOURCES) \ $(sha256test_SOURCES) $(sha512test_SOURCES) $(sm3test_SOURCES) \ $(sm4test_SOURCES) $(ssl_versions_SOURCES) $(ssltest_SOURCES) \ $(timingsafe_SOURCES) $(tls_ext_alpn_SOURCES) \ $(tls_prf_SOURCES) $(tlsexttest_SOURCES) $(tlstest_SOURCES) \ $(utf8test_SOURCES) $(valid_handshakes_terminate_SOURCES) \ $(verifytest_SOURCES) $(x25519test_SOURCES) \ $(x509name_SOURCES) DIST_SOURCES = $(aeadtest_SOURCES) $(aes_wrap_SOURCES) \ $(am__arc4randomforktest_SOURCES_DIST) $(asn1evp_SOURCES) \ $(asn1test_SOURCES) $(asn1time_SOURCES) $(base64test_SOURCES) \ $(bftest_SOURCES) $(am__biotest_SOURCES_DIST) \ $(bn_rand_interval_SOURCES) $(bn_to_string_SOURCES) \ $(bnaddsub_SOURCES) $(bntest_SOURCES) $(buffertest_SOURCES) \ $(bytestringtest_SOURCES) $(casttest_SOURCES) \ $(chachatest_SOURCES) $(cipher_list_SOURCES) \ $(cipherstest_SOURCES) $(cmstest_SOURCES) \ $(configtest_SOURCES) $(cts128test_SOURCES) $(destest_SOURCES) \ $(dhtest_SOURCES) $(dsatest_SOURCES) $(ecdhtest_SOURCES) \ $(ecdsatest_SOURCES) $(ectest_SOURCES) $(enginetest_SOURCES) \ $(evptest_SOURCES) $(am__explicit_bzero_SOURCES_DIST) \ $(exptest_SOURCES) $(freenull_SOURCES) $(gcm128test_SOURCES) \ $(gost2814789t_SOURCES) $(handshake_table_SOURCES) \ $(hkdftest_SOURCES) $(hmactest_SOURCES) $(ideatest_SOURCES) \ $(igetest_SOURCES) $(key_schedule_SOURCES) \ $(keypairtest_SOURCES) $(md4test_SOURCES) $(md5test_SOURCES) \ $(mont_SOURCES) $(am__ocsp_test_SOURCES_DIST) \ $(optionstest_SOURCES) $(pbkdf2_SOURCES) \ $(am__pidwraptest_SOURCES_DIST) $(pkcs7test_SOURCES) \ $(poly1305test_SOURCES) $(pq_test_SOURCES) $(randtest_SOURCES) \ $(rc2test_SOURCES) $(rc4test_SOURCES) \ $(record_layer_test_SOURCES) $(recordtest_SOURCES) \ $(rfc5280time_SOURCES) $(rmdtest_SOURCES) $(rsa_test_SOURCES) \ $(servertest_SOURCES) $(sha1test_SOURCES) \ $(sha256test_SOURCES) $(sha512test_SOURCES) $(sm3test_SOURCES) \ $(sm4test_SOURCES) $(ssl_versions_SOURCES) $(ssltest_SOURCES) \ $(timingsafe_SOURCES) $(tls_ext_alpn_SOURCES) \ $(tls_prf_SOURCES) $(tlsexttest_SOURCES) \ $(am__tlstest_SOURCES_DIST) $(utf8test_SOURCES) \ |
| ︙ | ︙ | |||
1293 1294 1295 1296 1297 1298 1299 | buffertest_SOURCES = buffertest.c bytestringtest_SOURCES = bytestringtest.c casttest_SOURCES = casttest.c chachatest_SOURCES = chachatest.c cipher_list_SOURCES = cipher_list.c noinst_HEADERS = tests.h cipherstest_SOURCES = cipherstest.c | | | 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 | buffertest_SOURCES = buffertest.c bytestringtest_SOURCES = bytestringtest.c casttest_SOURCES = casttest.c chachatest_SOURCES = chachatest.c cipher_list_SOURCES = cipher_list.c noinst_HEADERS = tests.h cipherstest_SOURCES = cipherstest.c cmstest_SOURCES = cmstest.c configtest_SOURCES = configtest.c cts128test_SOURCES = cts128test.c destest_SOURCES = destest.c dhtest_SOURCES = dhtest.c dsatest_SOURCES = dsatest.c ecdhtest_SOURCES = ecdhtest.c ecdsatest_SOURCES = ecdsatest.c |
| ︙ | ︙ | |||
1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 | pkcs7test_SOURCES = pkcs7test.c poly1305test_SOURCES = poly1305test.c pq_test_SOURCES = pq_test.c randtest_SOURCES = randtest.c rc2test_SOURCES = rc2test.c rc4test_SOURCES = rc4test.c recordtest_SOURCES = recordtest.c rfc5280time_SOURCES = rfc5280time.c rmdtest_SOURCES = rmdtest.c rsa_test_SOURCES = rsa_test.c servertest_SOURCES = servertest.c sha1test_SOURCES = sha1test.c sha256test_SOURCES = sha256test.c sha512test_SOURCES = sha512test.c | > | 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 | pkcs7test_SOURCES = pkcs7test.c poly1305test_SOURCES = poly1305test.c pq_test_SOURCES = pq_test.c randtest_SOURCES = randtest.c rc2test_SOURCES = rc2test.c rc4test_SOURCES = rc4test.c recordtest_SOURCES = recordtest.c record_layer_test_SOURCES = record_layer_test.c rfc5280time_SOURCES = rfc5280time.c rmdtest_SOURCES = rmdtest.c rsa_test_SOURCES = rsa_test.c servertest_SOURCES = servertest.c sha1test_SOURCES = sha1test.c sha256test_SOURCES = sha256test.c sha512test_SOURCES = sha512test.c |
| ︙ | ︙ | |||
1392 1393 1394 1395 1396 1397 1398 | $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-checkPROGRAMS: @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ | < < < < < < < < < | 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 | $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-checkPROGRAMS: @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list aeadtest$(EXEEXT): $(aeadtest_OBJECTS) $(aeadtest_DEPENDENCIES) $(EXTRA_aeadtest_DEPENDENCIES) |
| ︙ | ︙ | |||
1483 1484 1485 1486 1487 1488 1489 | @rm -f cipher_list$(EXEEXT) $(AM_V_CCLD)$(LINK) $(cipher_list_OBJECTS) $(cipher_list_LDADD) $(LIBS) cipherstest$(EXEEXT): $(cipherstest_OBJECTS) $(cipherstest_DEPENDENCIES) $(EXTRA_cipherstest_DEPENDENCIES) @rm -f cipherstest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(cipherstest_OBJECTS) $(cipherstest_LDADD) $(LIBS) | | | | | 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 | @rm -f cipher_list$(EXEEXT) $(AM_V_CCLD)$(LINK) $(cipher_list_OBJECTS) $(cipher_list_LDADD) $(LIBS) cipherstest$(EXEEXT): $(cipherstest_OBJECTS) $(cipherstest_DEPENDENCIES) $(EXTRA_cipherstest_DEPENDENCIES) @rm -f cipherstest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(cipherstest_OBJECTS) $(cipherstest_LDADD) $(LIBS) cmstest$(EXEEXT): $(cmstest_OBJECTS) $(cmstest_DEPENDENCIES) $(EXTRA_cmstest_DEPENDENCIES) @rm -f cmstest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(cmstest_OBJECTS) $(cmstest_LDADD) $(LIBS) configtest$(EXEEXT): $(configtest_OBJECTS) $(configtest_DEPENDENCIES) $(EXTRA_configtest_DEPENDENCIES) @rm -f configtest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(configtest_OBJECTS) $(configtest_LDADD) $(LIBS) cts128test$(EXEEXT): $(cts128test_OBJECTS) $(cts128test_DEPENDENCIES) $(EXTRA_cts128test_DEPENDENCIES) @rm -f cts128test$(EXEEXT) |
| ︙ | ︙ | |||
1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 | rc2test$(EXEEXT): $(rc2test_OBJECTS) $(rc2test_DEPENDENCIES) $(EXTRA_rc2test_DEPENDENCIES) @rm -f rc2test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(rc2test_OBJECTS) $(rc2test_LDADD) $(LIBS) rc4test$(EXEEXT): $(rc4test_OBJECTS) $(rc4test_DEPENDENCIES) $(EXTRA_rc4test_DEPENDENCIES) @rm -f rc4test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(rc4test_OBJECTS) $(rc4test_LDADD) $(LIBS) recordtest$(EXEEXT): $(recordtest_OBJECTS) $(recordtest_DEPENDENCIES) $(EXTRA_recordtest_DEPENDENCIES) @rm -f recordtest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(recordtest_OBJECTS) $(recordtest_LDADD) $(LIBS) rfc5280time$(EXEEXT): $(rfc5280time_OBJECTS) $(rfc5280time_DEPENDENCIES) $(EXTRA_rfc5280time_DEPENDENCIES) @rm -f rfc5280time$(EXEEXT) | > > > > | 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 | rc2test$(EXEEXT): $(rc2test_OBJECTS) $(rc2test_DEPENDENCIES) $(EXTRA_rc2test_DEPENDENCIES) @rm -f rc2test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(rc2test_OBJECTS) $(rc2test_LDADD) $(LIBS) rc4test$(EXEEXT): $(rc4test_OBJECTS) $(rc4test_DEPENDENCIES) $(EXTRA_rc4test_DEPENDENCIES) @rm -f rc4test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(rc4test_OBJECTS) $(rc4test_LDADD) $(LIBS) record_layer_test$(EXEEXT): $(record_layer_test_OBJECTS) $(record_layer_test_DEPENDENCIES) $(EXTRA_record_layer_test_DEPENDENCIES) @rm -f record_layer_test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(record_layer_test_OBJECTS) $(record_layer_test_LDADD) $(LIBS) recordtest$(EXEEXT): $(recordtest_OBJECTS) $(recordtest_DEPENDENCIES) $(EXTRA_recordtest_DEPENDENCIES) @rm -f recordtest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(recordtest_OBJECTS) $(recordtest_LDADD) $(LIBS) rfc5280time$(EXEEXT): $(rfc5280time_OBJECTS) $(rfc5280time_DEPENDENCIES) $(EXTRA_rfc5280time_DEPENDENCIES) @rm -f rfc5280time$(EXEEXT) |
| ︙ | ︙ | |||
1751 1752 1753 1754 1755 1756 1757 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bntest-bntest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/buffertest-buffertest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bytestringtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/casttest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chachatest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher_list.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipherstest.Po@am__quote@ # am--include-marker | | | 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bntest-bntest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/buffertest-buffertest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bytestringtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/casttest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chachatest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher_list.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipherstest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmstest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/configtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cts128test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/destest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dsatest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdhtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdsatest.Po@am__quote@ # am--include-marker |
| ︙ | ︙ | |||
1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pidwraptest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/poly1305test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pq_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/randtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc2test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc4test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/recordtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc5280time.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmdtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/servertest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256test.Po@am__quote@ # am--include-marker | > | 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 | @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pidwraptest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/poly1305test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pq_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/randtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc2test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc4test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/record_layer_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/recordtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc5280time.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rmdtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/servertest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256test.Po@am__quote@ # am--include-marker |
| ︙ | ︙ | |||
2216 2217 2218 2219 2220 2221 2222 | cipherstest.log: cipherstest$(EXEEXT) @p='cipherstest$(EXEEXT)'; \ b='cipherstest'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) | | | | | 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 | cipherstest.log: cipherstest$(EXEEXT) @p='cipherstest$(EXEEXT)'; \ b='cipherstest'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) cmstest.log: cmstest$(EXEEXT) @p='cmstest$(EXEEXT)'; \ b='cmstest'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) configtest.log: configtest$(EXEEXT) @p='configtest$(EXEEXT)'; \ b='configtest'; \ |
| ︙ | ︙ | |||
2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 | $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) gost2814789t.log: gost2814789t$(EXEEXT) @p='gost2814789t$(EXEEXT)'; \ b='gost2814789t'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) hkdftest.log: hkdftest$(EXEEXT) @p='hkdftest$(EXEEXT)'; \ b='hkdftest'; \ | > > > > > > > | 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 | $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) gost2814789t.log: gost2814789t$(EXEEXT) @p='gost2814789t$(EXEEXT)'; \ b='gost2814789t'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) handshake_table.log: handshake_table$(EXEEXT) @p='handshake_table$(EXEEXT)'; \ b='handshake_table'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) hkdftest.log: hkdftest$(EXEEXT) @p='hkdftest$(EXEEXT)'; \ b='hkdftest'; \ |
| ︙ | ︙ | |||
2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 | $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) recordtest.log: recordtest$(EXEEXT) @p='recordtest$(EXEEXT)'; \ b='recordtest'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) rfc5280time.log: rfc5280time$(EXEEXT) @p='rfc5280time$(EXEEXT)'; \ b='rfc5280time'; \ | > > > > > > > | 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 | $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) recordtest.log: recordtest$(EXEEXT) @p='recordtest$(EXEEXT)'; \ b='recordtest'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) record_layer_test.log: record_layer_test$(EXEEXT) @p='record_layer_test$(EXEEXT)'; \ b='record_layer_test'; \ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) rfc5280time.log: rfc5280time$(EXEEXT) @p='rfc5280time$(EXEEXT)'; \ b='rfc5280time'; \ |
| ︙ | ︙ | |||
2688 2689 2690 2691 2692 2693 2694 | || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am | | | 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 | || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(HEADERS) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am |
| ︙ | ︙ | |||
2729 2730 2731 2732 2733 2734 2735 | maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ | | | 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 | maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ mostlyclean-am distclean: distclean-am -rm -f ./$(DEPDIR)/aeadtest.Po -rm -f ./$(DEPDIR)/aes_wrap.Po -rm -f ./$(DEPDIR)/arc4randomforktest.Po -rm -f ./$(DEPDIR)/asn1evp.Po -rm -f ./$(DEPDIR)/asn1test.Po |
| ︙ | ︙ | |||
2751 2752 2753 2754 2755 2756 2757 | -rm -f ./$(DEPDIR)/bntest-bntest.Po -rm -f ./$(DEPDIR)/buffertest-buffertest.Po -rm -f ./$(DEPDIR)/bytestringtest.Po -rm -f ./$(DEPDIR)/casttest.Po -rm -f ./$(DEPDIR)/chachatest.Po -rm -f ./$(DEPDIR)/cipher_list.Po -rm -f ./$(DEPDIR)/cipherstest.Po | | | 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 | -rm -f ./$(DEPDIR)/bntest-bntest.Po -rm -f ./$(DEPDIR)/buffertest-buffertest.Po -rm -f ./$(DEPDIR)/bytestringtest.Po -rm -f ./$(DEPDIR)/casttest.Po -rm -f ./$(DEPDIR)/chachatest.Po -rm -f ./$(DEPDIR)/cipher_list.Po -rm -f ./$(DEPDIR)/cipherstest.Po -rm -f ./$(DEPDIR)/cmstest.Po -rm -f ./$(DEPDIR)/configtest.Po -rm -f ./$(DEPDIR)/cts128test.Po -rm -f ./$(DEPDIR)/destest.Po -rm -f ./$(DEPDIR)/dhtest.Po -rm -f ./$(DEPDIR)/dsatest.Po -rm -f ./$(DEPDIR)/ecdhtest.Po -rm -f ./$(DEPDIR)/ecdsatest.Po |
| ︙ | ︙ | |||
2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 | -rm -f ./$(DEPDIR)/pidwraptest.Po -rm -f ./$(DEPDIR)/pkcs7test.Po -rm -f ./$(DEPDIR)/poly1305test.Po -rm -f ./$(DEPDIR)/pq_test.Po -rm -f ./$(DEPDIR)/randtest.Po -rm -f ./$(DEPDIR)/rc2test.Po -rm -f ./$(DEPDIR)/rc4test.Po -rm -f ./$(DEPDIR)/recordtest.Po -rm -f ./$(DEPDIR)/rfc5280time.Po -rm -f ./$(DEPDIR)/rmdtest.Po -rm -f ./$(DEPDIR)/rsa_test.Po -rm -f ./$(DEPDIR)/servertest.Po -rm -f ./$(DEPDIR)/sha1test.Po -rm -f ./$(DEPDIR)/sha256test.Po | > | 2807 2808 2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 | -rm -f ./$(DEPDIR)/pidwraptest.Po -rm -f ./$(DEPDIR)/pkcs7test.Po -rm -f ./$(DEPDIR)/poly1305test.Po -rm -f ./$(DEPDIR)/pq_test.Po -rm -f ./$(DEPDIR)/randtest.Po -rm -f ./$(DEPDIR)/rc2test.Po -rm -f ./$(DEPDIR)/rc4test.Po -rm -f ./$(DEPDIR)/record_layer_test.Po -rm -f ./$(DEPDIR)/recordtest.Po -rm -f ./$(DEPDIR)/rfc5280time.Po -rm -f ./$(DEPDIR)/rmdtest.Po -rm -f ./$(DEPDIR)/rsa_test.Po -rm -f ./$(DEPDIR)/servertest.Po -rm -f ./$(DEPDIR)/sha1test.Po -rm -f ./$(DEPDIR)/sha256test.Po |
| ︙ | ︙ | |||
2875 2876 2877 2878 2879 2880 2881 | -rm -f ./$(DEPDIR)/bntest-bntest.Po -rm -f ./$(DEPDIR)/buffertest-buffertest.Po -rm -f ./$(DEPDIR)/bytestringtest.Po -rm -f ./$(DEPDIR)/casttest.Po -rm -f ./$(DEPDIR)/chachatest.Po -rm -f ./$(DEPDIR)/cipher_list.Po -rm -f ./$(DEPDIR)/cipherstest.Po | | | 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907 2908 2909 2910 | -rm -f ./$(DEPDIR)/bntest-bntest.Po -rm -f ./$(DEPDIR)/buffertest-buffertest.Po -rm -f ./$(DEPDIR)/bytestringtest.Po -rm -f ./$(DEPDIR)/casttest.Po -rm -f ./$(DEPDIR)/chachatest.Po -rm -f ./$(DEPDIR)/cipher_list.Po -rm -f ./$(DEPDIR)/cipherstest.Po -rm -f ./$(DEPDIR)/cmstest.Po -rm -f ./$(DEPDIR)/configtest.Po -rm -f ./$(DEPDIR)/cts128test.Po -rm -f ./$(DEPDIR)/destest.Po -rm -f ./$(DEPDIR)/dhtest.Po -rm -f ./$(DEPDIR)/dsatest.Po -rm -f ./$(DEPDIR)/ecdhtest.Po -rm -f ./$(DEPDIR)/ecdsatest.Po |
| ︙ | ︙ | |||
2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 | -rm -f ./$(DEPDIR)/pidwraptest.Po -rm -f ./$(DEPDIR)/pkcs7test.Po -rm -f ./$(DEPDIR)/poly1305test.Po -rm -f ./$(DEPDIR)/pq_test.Po -rm -f ./$(DEPDIR)/randtest.Po -rm -f ./$(DEPDIR)/rc2test.Po -rm -f ./$(DEPDIR)/rc4test.Po -rm -f ./$(DEPDIR)/recordtest.Po -rm -f ./$(DEPDIR)/rfc5280time.Po -rm -f ./$(DEPDIR)/rmdtest.Po -rm -f ./$(DEPDIR)/rsa_test.Po -rm -f ./$(DEPDIR)/servertest.Po -rm -f ./$(DEPDIR)/sha1test.Po -rm -f ./$(DEPDIR)/sha256test.Po | > | 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 | -rm -f ./$(DEPDIR)/pidwraptest.Po -rm -f ./$(DEPDIR)/pkcs7test.Po -rm -f ./$(DEPDIR)/poly1305test.Po -rm -f ./$(DEPDIR)/pq_test.Po -rm -f ./$(DEPDIR)/randtest.Po -rm -f ./$(DEPDIR)/rc2test.Po -rm -f ./$(DEPDIR)/rc4test.Po -rm -f ./$(DEPDIR)/record_layer_test.Po -rm -f ./$(DEPDIR)/recordtest.Po -rm -f ./$(DEPDIR)/rfc5280time.Po -rm -f ./$(DEPDIR)/rmdtest.Po -rm -f ./$(DEPDIR)/rsa_test.Po -rm -f ./$(DEPDIR)/servertest.Po -rm -f ./$(DEPDIR)/sha1test.Po -rm -f ./$(DEPDIR)/sha256test.Po |
| ︙ | ︙ | |||
2957 2958 2959 2960 2961 2962 2963 | uninstall-am: .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \ check-am clean clean-checkPROGRAMS clean-generic clean-libtool \ | | | | | | | | | | | | < | 2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003 | uninstall-am: .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \ check-am clean clean-checkPROGRAMS clean-generic clean-libtool \ cscopelist-am ctags ctags-am distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ recheck tags tags-am uninstall uninstall-am .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: |
Changes to jni/libressl/tests/base64test.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: base64test.c,v 1.8 2020/03/10 11:13:28 inoguchi Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
"",
-1,
"YWJjZA======================================================"
"============",
74,
0,
},
};
#define N_NL_TESTS (sizeof(base64_nl_tests) / sizeof(*base64_nl_tests))
struct base64_test base64_no_nl_tests[] = {
/*
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 |
"",
-1,
"YWJjZA======================================================"
"============",
74,
0,
},
/* OpenSSL-1.1.1d test */
/* canonical */
{ "", 0, "", 0, 0, },
/* canonical */
{ "h", 1, "aA==\n", 5, 1, },
/* canonical */
{ "hello", 5, "aGVsbG8=\n", 9, 5, },
/* canonical */
{ "hello world!", 12, "aGVsbG8gd29ybGQh\n", 17, 12, },
/* canonical */
{ "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\xa0\xb0\xc0\xd0\xe0\xf0\x00", 17, "AAECAwQFBgcICaCwwNDg8AA=\n", 25, 17, },
/* invalid # Missing padding */
{ "", -1, "aGVsbG8", 7, 0, },
/* invalid */
{ "", -1, "aGVsbG8\n", 8, 0, },
/* valid # Tolerate missing newline */
{ "hello", -1, "aGVsbG8=", 8, 5, },
/* invalid # Don't tolerate extra trailing '=' */
{ "", -1, "aGVsbG8==\n", 10, 0, },
/* invalid */
{ "", -1, "aGVsbG8===\n", 11, 0, },
/* invalid # Don't tolerate data after '=' */
{ "", -1, "aGV=sbG8=\n", 10, 0, },
/* valid # Newlines are ignored */
{ "hello", -1, "aGV\nsbG8=\n", 10, 5, },
/* canonical */
{ "hello", 5, "\x61\x47\x56\x73\x62\x47\x38\x3d\x0a", 9, 5, },
/* invalid # Invalid characters */
{ "", -1, "\x61\x47\x56\x73\x62\x47\x38\x3d\x0a\x00", 10, 0, },
/* invalid */
{ "", -1, "\x61\x47\x56\x00\x73\x62\x47\x38\x3d\x0a", 10, 0, },
/* invalid */
{ "", -1, "\x61\x47\x56\x01\x73\x62\x47\x38\x3d\x0a", 10, 0, },
/* invalid */
{ "", -1, "\x61\x47\x56\x80\x73\x62\x47\x38\x3d\x0a", 10, 0, },
/* invalid */
{ "", -1, "\xe1\x47\x56\x73\x62\x47\x38\x3d\x0a", 9, 0, },
/* canonical */
{ "OpenSSLOpenSSL\n", 15, "T3BlblNTTE9wZW5TU0wK\n", 21, 15, },
/* valid */
{ "OpenSSLOpenSSL\n", -1, "T3BlblNTTE9wZW5TU0wK", 20, 15, },
/* invalid # Truncate 1-3 chars */
{ "", -1, "T3BlblNTTE9wZW5TU0w", 19, 0, },
/* invalid */
{ "", -1, "T3BlblNTTE9wZW5TU0", 18, 0, },
/* invalid */
{ "", -1, "T3BlblNTTE9wZW5TU", 17, 0, },
/* invalid */
{ "", -1, "T3BlblNTTE9wZW5TU0wK====", 24, 0, },
/* invalid */
{ "", -1, "T3BlblNTTE9wZW5TU0wK============================================\n", 65, 0, },
/* invalid */
{ "", -1, "YQ==YQ==YQ==\n", 13, 0, },
/* invalid */
{ "", -1, "A", 1, 0, },
/* invalid */
{ "", -1, "A\n", 2, 0, },
/* invalid */
{ "", -1, "A=", 2, 0, },
/* invalid */
{ "", -1, "A==\n", 4, 0, },
/* invalid */
{ "", -1, "A===\n", 5, 0, },
/* invalid */
{ "", -1, "A====\n", 6, 0, },
/* valid */
{ "OpenSSLOpenSSL\n", -1, "T3BlblNTTE9wZW5TU0wK\n\n", 22, 15, },
/* valid */
{ "OpenSSLOpenSSL\n", -1, "T3BlblNTTE\n9wZW5TU0wK", 21, 15, },
/* invalid # CVE 2015-0292 */
{ "", -1, "ZW5jb2RlIG1lCg==================================================================\n", 81, 0, },
/* canonical */
{ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 46, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\n", 65, 46, },
/* valid */
{ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", -1, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA\n==\n", 66, 46, },
/* valid */
{ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", -1, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA=\n=\n", 66, 46, },
/* invalid */
{ "", -1, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA====\n", 67, 0, },
/* canonical # Multiline output without padding */
{ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 60, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh4eHh4eHh4\n", 82, 60, },
/* canonical # Multiline output with padding */
{ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 64, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh4eHh4eHh4eHh4eA==\n", 90, 64, },
/* valid # Multiline output with line break in the middle of a b64 block is accepted */
{ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", -1, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh\n4eHh4eHh4eHh4eHh4eHh4eA==\n", 90, 64, },
/* valid # Long lines are accepted */
{ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", -1, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\n", 89, 64, },
/* invalid # Multiline input with data after '='. */
{ "", -1, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\neHh4eHh4eHh4eHh4eHh4eHh4\n", 90, 0, },
/* invalid */
{ "", -1, "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neA==eHh4eHh4eHh4eHh4eHh4\n", 90, 0, },
/* valid # B64_EOF ('-') terminates input and trailing bytes are ignored */
{ "OpenSSLOpenSSL\n", -1, "T3BlblNTTE9wZW5TU0wK\n-abcd", 26, 15, },
/* valid */
{ "OpenSSLOpenSSL\n", -1, "T3BlblNTTE9wZW5TU0wK-abcd", 25, 15, },
};
#define N_NL_TESTS (sizeof(base64_nl_tests) / sizeof(*base64_nl_tests))
struct base64_test base64_no_nl_tests[] = {
/*
|
| ︙ | ︙ | |||
217 218 219 220 221 222 223 |
fprintf(stderr, "FAIL: test %i - flush failed\n", test_no);
failure = 1;
goto done;
}
b64len = 0;
for (i = 0; i < bt->out_len; i++) {
| > > | | 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 |
fprintf(stderr, "FAIL: test %i - flush failed\n", test_no);
failure = 1;
goto done;
}
b64len = 0;
for (i = 0; i < bt->out_len; i++) {
if ((!test_nl ||
(test_nl && (i % 64 != 0 || i == bt->out_len - 1))) &&
(bt->out[i] == '\r' || bt->out[i] == '\n'))
continue;
buf[b64len++] = bt->out[i];
}
if (test_nl)
buf[b64len++] = '\n';
len = BIO_get_mem_data(bio_mem, &out);
|
| ︙ | ︙ | |||
269 270 271 272 273 274 275 | ssize_t i, inlen, len; int failure = 0; buf = malloc(BUF_SIZE); if (buf == NULL) errx(1, "malloc"); | > > | > < | > | | < < | 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 |
ssize_t i, inlen, len;
int failure = 0;
buf = malloc(BUF_SIZE);
if (buf == NULL)
errx(1, "malloc");
if ((input = malloc(BUF_SIZE)) == NULL)
errx(1, "malloc");
memcpy(input, bt->out, bt->out_len);
inlen = bt->out_len;
if (test_nl) {
memcpy(&input[bt->out_len], "\r\n", 2);
inlen += 2;
}
bio_mem = BIO_new_mem_buf(input, inlen);
if (bio_mem == NULL)
errx(1, "BIO_new_mem_buf failed");
bio_b64 = BIO_new(BIO_f_base64());
if (bio_b64 == NULL)
|
| ︙ | ︙ | |||
322 323 324 325 326 327 328 |
if (memcmp(bt->in, buf, bt->in_len) != 0) {
fprintf(stderr, "FAIL: test %i - decoding differs:\n", test_no);
fprintf(stderr, " decoding: ");
for (i = 0; i < len; i++)
fprintf(stderr, "0x%x ", buf[i]);
fprintf(stderr, "\n");
fprintf(stderr, " test data: ");
| | | | 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 |
if (memcmp(bt->in, buf, bt->in_len) != 0) {
fprintf(stderr, "FAIL: test %i - decoding differs:\n", test_no);
fprintf(stderr, " decoding: ");
for (i = 0; i < len; i++)
fprintf(stderr, "0x%x ", buf[i]);
fprintf(stderr, "\n");
fprintf(stderr, " test data: ");
for (i = 0; i < bt->in_len; i++)
fprintf(stderr, "0x%x ", bt->in[i]);
fprintf(stderr, "\n");
failure = 1;
}
done:
BIO_free_all(bio_mem);
free(buf);
|
| ︙ | ︙ |
Changes to jni/libressl/tests/bytestringtest.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: bytestringtest.c,v 1.13 2020/03/13 15:55:00 jsing Exp $ */ /* * Copyright (c) 2014, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
285 286 287 288 289 290 291 292 293 294 295 296 297 298 |
CHECK_GOTO(CBB_add_u32(&cbb, 0x708090a));
CHECK_GOTO(CBB_add_bytes(&cbb, (const uint8_t*) "\x0b\x0c", 2));
CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
ret = (buf_len == sizeof(kExpected)
&& memcmp(buf, kExpected, buf_len) == 0);
if (0) {
err:
CBB_cleanup(&cbb);
}
free(buf);
return ret;
}
| > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 |
CHECK_GOTO(CBB_add_u32(&cbb, 0x708090a));
CHECK_GOTO(CBB_add_bytes(&cbb, (const uint8_t*) "\x0b\x0c", 2));
CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
ret = (buf_len == sizeof(kExpected)
&& memcmp(buf, kExpected, buf_len) == 0);
if (0) {
err:
CBB_cleanup(&cbb);
}
free(buf);
return ret;
}
static int
test_cbb_add_space(void)
{
static const uint8_t kExpected[] = {1, 2, 0, 0, 0, 0, 7, 8};
uint8_t *buf = NULL;
size_t buf_len;
uint8_t *data;
int ret = 0;
CBB cbb;
CHECK(CBB_init(&cbb, 100));
CHECK_GOTO(CBB_add_u16(&cbb, 0x102));
CHECK_GOTO(CBB_add_space(&cbb, &data, 4));
CHECK_GOTO(CBB_add_u16(&cbb, 0x708));
CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
ret |= (buf_len == sizeof(kExpected)
&& memcmp(buf, kExpected, buf_len) == 0);
memset(buf, 0xa5, buf_len);
CHECK(CBB_init_fixed(&cbb, buf, buf_len));
CHECK_GOTO(CBB_add_u16(&cbb, 0x102));
CHECK_GOTO(CBB_add_space(&cbb, &data, 4));
CHECK_GOTO(CBB_add_u16(&cbb, 0x708));
CHECK_GOTO(CBB_finish(&cbb, NULL, NULL));
ret |= (buf_len == sizeof(kExpected)
&& memcmp(buf, kExpected, buf_len) == 0);
if (0) {
err:
CBB_cleanup(&cbb);
}
free(buf);
return ret;
}
|
| ︙ | ︙ | |||
853 854 855 856 857 858 859 860 861 862 863 864 865 866 | failed |= !test_skip(); failed |= !test_get_u(); failed |= !test_get_prefixed(); failed |= !test_get_prefixed_bad(); failed |= !test_get_asn1(); failed |= !test_cbb_basic(); failed |= !test_cbb_fixed(); failed |= !test_cbb_finish_child(); failed |= !test_cbb_discard_child(); failed |= !test_cbb_misuse(); failed |= !test_cbb_prefixed(); failed |= !test_cbb_asn1(); failed |= !test_indefinite_convert(); | > | 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 | failed |= !test_skip(); failed |= !test_get_u(); failed |= !test_get_prefixed(); failed |= !test_get_prefixed_bad(); failed |= !test_get_asn1(); failed |= !test_cbb_basic(); failed |= !test_cbb_add_space(); failed |= !test_cbb_fixed(); failed |= !test_cbb_finish_child(); failed |= !test_cbb_discard_child(); failed |= !test_cbb_misuse(); failed |= !test_cbb_prefixed(); failed |= !test_cbb_asn1(); failed |= !test_indefinite_convert(); |
| ︙ | ︙ |
Deleted jni/libressl/tests/clienttest.c.
|
| < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < |
Changes to jni/libressl/tests/compat/memmem.c.
|
| | > | | > > > > | > | < > | < < < < < < | | | | | < < < | | | < > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | < | < | < | < < > | < < > | | < < | < < | > > > | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 |
/* $OpenBSD: memmem.c,v 1.5 2020/04/16 12:39:28 claudio Exp $ */
/*
* Copyright (c) 2005-2020 Rich Felker, et al.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include <string.h>
#include <stdint.h>
static char *
twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1];
for (h+=2, k-=2; k; k--, hw = hw<<8 | *h++)
if (hw == nw) return (char *)h-2;
return hw == nw ? (char *)h-2 : 0;
}
static char *
threebyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8;
uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8;
for (h+=3, k-=3; k; k--, hw = (hw|*h++)<<8)
if (hw == nw) return (char *)h-3;
return hw == nw ? (char *)h-3 : 0;
}
static char *
fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
for (h+=4, k-=4; k; k--, hw = hw<<8 | *h++)
if (hw == nw) return (char *)h-4;
return hw == nw ? (char *)h-4 : 0;
}
#define MAX(a,b) ((a)>(b)?(a):(b))
#define MIN(a,b) ((a)<(b)?(a):(b))
#define BITOP(a,b,op) \
((a)[(size_t)(b)/(8*sizeof *(a))] op (size_t)1<<((size_t)(b)%(8*sizeof *(a))))
/*
* Maxime Crochemore and Dominique Perrin, Two-way string-matching,
* Journal of the ACM, 38(3):651-675, July 1991.
*/
static char *
twoway_memmem(const unsigned char *h, const unsigned char *z,
const unsigned char *n, size_t l)
{
size_t i, ip, jp, k, p, ms, p0, mem, mem0;
size_t byteset[32 / sizeof(size_t)] = { 0 };
size_t shift[256];
/* Computing length of needle and fill shift table */
for (i=0; i<l; i++)
BITOP(byteset, n[i], |=), shift[n[i]] = i+1;
/* Compute maximal suffix */
ip = -1; jp = 0; k = p = 1;
while (jp+k<l) {
if (n[ip+k] == n[jp+k]) {
if (k == p) {
jp += p;
k = 1;
} else k++;
} else if (n[ip+k] > n[jp+k]) {
jp += k;
k = 1;
p = jp - ip;
} else {
ip = jp++;
k = p = 1;
}
}
ms = ip;
p0 = p;
/* And with the opposite comparison */
ip = -1; jp = 0; k = p = 1;
while (jp+k<l) {
if (n[ip+k] == n[jp+k]) {
if (k == p) {
jp += p;
k = 1;
} else k++;
} else if (n[ip+k] < n[jp+k]) {
jp += k;
k = 1;
p = jp - ip;
} else {
ip = jp++;
k = p = 1;
}
}
if (ip+1 > ms+1) ms = ip;
else p = p0;
/* Periodic needle? */
if (memcmp(n, n+p, ms+1)) {
mem0 = 0;
p = MAX(ms, l-ms-1) + 1;
} else mem0 = l-p;
mem = 0;
/* Search loop */
for (;;) {
/* If remainder of haystack is shorter than needle, done */
if (z-h < l) return 0;
/* Check last byte first; advance by shift on mismatch */
if (BITOP(byteset, h[l-1], &)) {
k = l-shift[h[l-1]];
if (k) {
if (k < mem) k = mem;
h += k;
mem = 0;
continue;
}
} else {
h += l;
mem = 0;
continue;
}
/* Compare right half */
for (k=MAX(ms+1,mem); k<l && n[k] == h[k]; k++);
if (k < l) {
h += k-ms;
mem = 0;
continue;
}
/* Compare left half */
for (k=ms+1; k>mem && n[k-1] == h[k-1]; k--);
if (k <= mem) return (char *)h;
h += p;
mem = mem0;
}
}
void *
memmem(const void *h0, size_t k, const void *n0, size_t l)
{
const unsigned char *h = h0, *n = n0;
/* Return immediately on empty needle */
if (!l) return (void *)h;
/* Return immediately when needle is longer than haystack */
if (k<l) return 0;
/* Use faster algorithms for short needles */
h = memchr(h0, *n, k);
if (!h || l==1) return (void *)h;
k -= h - (const unsigned char *)h0;
if (k<l) return 0;
if (l==2) return twobyte_memmem(h, k, n);
if (l==3) return threebyte_memmem(h, k, n);
if (l==4) return fourbyte_memmem(h, k, n);
return twoway_memmem(h, h+k, n, l);
}
|
Changes to jni/libressl/tests/configtest.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: configtest.c,v 1.2 2020/01/20 08:40:16 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
54 55 56 57 58 59 60 61 62 63 64 65 66 |
.want_protocols = TLS_PROTOCOL_TLSv1,
},
{
.protostr = "tlsv1.2",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_2,
},
{
.protostr = "",
.want_return = -1,
.want_protocols = 0,
},
{
| > > > > > | | | | | 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
.want_protocols = TLS_PROTOCOL_TLSv1,
},
{
.protostr = "tlsv1.2",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_2,
},
{
.protostr = "tlsv1.3",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_3,
},
{
.protostr = "",
.want_return = -1,
.want_protocols = 0,
},
{
.protostr = "tlsv1.0:tlsv1.1:tlsv1.2:tlsv1.3",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
},
{
.protostr = "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
},
{
.protostr = "tlsv1.1,tlsv1.2,tlsv1.0",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
TLS_PROTOCOL_TLSv1_2,
},
|
| ︙ | ︙ | |||
105 106 107 108 109 110 111 |
.protostr = "sslv3,tlsv1.0,tlsv1.1,tlsv1.2",
.want_return = -1,
.want_protocols = 0,
},
{
.protostr = "all,!tlsv1.0",
.want_return = 0,
| | > | > | | | 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
.protostr = "sslv3,tlsv1.0,tlsv1.1,tlsv1.2",
.want_return = -1,
.want_protocols = 0,
},
{
.protostr = "all,!tlsv1.0",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
TLS_PROTOCOL_TLSv1_3,
},
{
.protostr = "!tlsv1.0",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
TLS_PROTOCOL_TLSv1_3,
},
{
.protostr = "!tlsv1.0,!tlsv1.1,!tlsv1.3",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_2,
},
{
.protostr = "!tlsv1.0,!tlsv1.1,tlsv1.2,!tlsv1.3",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_2,
},
};
#define N_PARSE_PROTOCOLS_TESTS \
(sizeof(parse_protocols_tests) / sizeof(*parse_protocols_tests))
|
| ︙ | ︙ |
Changes to jni/libressl/tests/evptest.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: evptest.c,v 1.9 2020/01/26 02:46:26 tb Exp $ */ /* Written by Ben Laurie, 2001 */ /* * Copyright (c) 2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: |
| ︙ | ︙ | |||
346 347 348 349 350 351 352 |
/* If we add command-line options, this statement should be switchable.
* It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
* they weren't already initialised. */
/* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
#endif
for (;;) {
| | | 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 |
/* If we add command-line options, this statement should be switchable.
* It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
* they weren't already initialised. */
/* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
#endif
for (;;) {
char line[8 * 1024];
char *p;
char *cipher;
unsigned char *iv, *key, *plaintext, *ciphertext;
int encdec;
int kn, in, pn, cn;
if (!fgets((char *)line, sizeof line, f))
|
| ︙ | ︙ |
Changes to jni/libressl/tests/evptests.txt.
|
| | | 1 2 3 4 5 6 7 8 | # $OpenBSD: evptests.txt,v 1.9 2020/01/26 03:31:40 tb Exp $ #cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt) #digest:::input:output # SHA(1) tests (from shatest.c) SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d # MD5 tests (from md5test.c) |
| ︙ | ︙ | |||
351 352 353 354 355 356 357 | SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 # ChaCha test vectors | | > > > > | > > > > > > > > > > > > | > > > | | | | | | 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 | SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0 SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1 SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1 SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1 SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1 # ChaCha test vectors ChaCha:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586:1 ChaCha:0000000000000000000000000000000000000000000000000000000000000000:01000000000000000000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:9f07e7be5551387a98ba977c732d080dcb0f29a048e3656912c6533e32ee7aed29b721769ce64e43d57133b074d839d531ed1f28510afb45ace10a1f4b794d6f:1 ChaCha:0000000000000000000000000000000000000000000000000000000000000001:01000000000000000000000000000002:416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f:a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221:1 ChaCha:1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0:2a000000000000000000000000000002:2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e:62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1:1 ChaCha:0000000000000000000000000000000000000000000000000000000000000001:00000000000000000000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:4540f05a9f1fb296d7736e7b208e3c96eb4fe1834688d2604f450952ed432d41bbe2a0b6ea7566d2a5d1e7e20d42af2c53d792b1c43fea817e9ad275ae546963:1 ChaCha:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000001:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:de9cba7bf3d69ef5e786dc63973f653a0b49e015adbff7134fcb7df137821031e85a050278a7084527214f73efc7fa5b5277062eb7a0433e445f41e31afab757:1 ChaCha:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000100000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:ef3fdfd6c61578fbf5cf35bd3dd33b8009631634d21e42ac33960bd138e50d32111e4caf237ee53ca8ad6426194a88545ddc497a0b466e7d6bbdb0041b2f586b:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c9:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c730:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444a:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF1798:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB29577D68099E04FFA05F752A73D377C70D3A8BC2DA80E6E780EC057182C33AD1DE387252258A1E18E6FAD910327CE7F42FD1E1E0515F9586E2F2EFCB9F472B1D:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB29577D68099E04FFA05F752A73D377C70D3A8BC2DA80E6E780EC057182C33AD1DE387252258A1E18E6FAD910327CE7F42FD1E1E0515F9586E2F2EFCB9F472B1DBDBAC354A4162151E9D92C79FB08BB4DDC56F19448C0175A46E2E6C491FEC71419AA43A349BEA768A92C75DE68FD9591E68067F3197094D3FB87ED81785EA075:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB29577D68099E04FFA05F752A73D377C70D3A8BC2DA80E6E780EC057182C33AD1DE387252258A1E18E6FAD910327CE7F42FD1E1E0515F9586E2F2EFCB9F472B1DBDBAC354A4162151E9D92C79FB08BB4DDC56F19448C0175A46E2E6C491FEC71419AA43A349BEA768A92C75DE68FD9591E68067F3197094D3FB87ED81785EA075E4B65E3E4C78F81DA9B751C5EFE024152301C48E63245B556C4C67AFF857E5EA15A908D83A1D9704F8E55E7352B20B694BF9970298E6B5AAD33EA2155D105D4E:1 ChaCha:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f:00000000000000000001020304050607:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab78fab78c94213668bbbd394c5de93b853178addd6b97f9fa1ec3e56c00c9ddff0a44a204241175a4cab0f961ba53ede9bdf960b94f9829b1f3414726429b362c5b538e391520f489b7ed8d20ae3fd49e9e259e44397514d618c96c4846be3c680bdc11c71dcbbe29ccf80d62a0938fa549391e6ea57ecbe2606790ec15d2224ae307c144226b7c4e8c2f97d2a1d67852d29beba110edd445197012062a393a9c92803ad3b4f31d7bc6033ccf7932cfed3f019044d25905916777286f82f9a4cc1ffe430ffd1dcfc27deed327b9f9630d2fa969fb6f0603cd19dd9a9519e673bcfcd9014125291a44669ef7285e74ed3729b677f801c3cdf058c50963168b496043716c7307cd9e0cdd137fccb0f05b47cdbb95c5f54831622c3652a32b2531fe326bcd6e2bbf56a194fa196fbd1a54952110f51c73433865f7664b836685e3664b3d8444aF89A242805E18C975F1146324996FDE17007CF3E6E8F4E764022533EDBFE07D4733E48BB372D75B0EF48EC983EB78532161CC529E5ABB89837DFCCA6261DBB37C7C5E6A87478BF41EE85A518C0F4EFA9BDE828C5A71B8E46597B634AFD204D3C501334239C3414285ED72D3A9169EABBD4DC25D52BB7516D3BA712D75AD8C0AE5D493C19E38A77939E7A058D713E9CCCCA58045F436B434B1C80D365472406E392951987DB6905C80D431DA18451135BE7E82BCAB358CB3971E61405B2FF17980D6E7E67E861E28201C1EE30B441040FD06878D65042C95582A4318207BFC700BE0CE32889AEC2FFE5085E8967910D879FA0E8C0FF85FDC510B9FF2FBF87CFCB29577D68099E04FFA05F752A73D377C70D3A8BC2DA80E6E780EC057182C33AD1DE387252258A1E18E6FAD910327CE7F42FD1E1E0515F9586E2F2EFCB9F472B1DBDBAC354A4162151E9D92C79FB08BB4DDC56F19448C0175A46E2E6C491FEC71419AA43A349BEA768A92C75DE68FD9591E68067F3197094D3FB87ED81785EA075E4B65E3E4C78F81DA9B751C5EFE024152301C48E63245B556C4C67AFF857E5EA15A908D83A1D9704F8E55E7352B20B694BF9970298E6B5AAD33EA2155D105D4E637D1E87C40A8E5F4E8C5A16A4B8F3DC27B31721D77A65FD1ED6F86BE25FB95DB29B1988493770A7C60E451FF97DD241A236851FC425691979FE30226559AD95:1 ChaCha:0100000000000000000000000000000000000000000000000000000000000000:000000000000000000000000000000000000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:c5d30a7ce1ec119378c84f487d775a8542f13ece238a9455e8229e888de85bbd29eb63d0a17a5b999b52da22be4023eb07620a54f6fa6ad8737b71eb0464dac0:1 ChaCha:ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff:0000000000000000ffffffffffffffff0000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:d9bf3f6bce6ed0b54254557767fb57443dd4778911b606055c39cc25e674b8363feabc57fde54f790c52c8ae43240b79d49042b777bfd6cb80e931270b7f50eb:1 ChaCha:5555555555555555555555555555555555555555555555555555555555555555:0000000000000000aaaaaaaaaaaaaaaa0000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:aff7418293f3a553894b1e7484bd1e8ede196eced5a1d6814de37091e07e076e34bbba8107a686c982850f0a7353940d40db1ab0b5765b78b4cf473d9485a3dd:1 ChaCha:5555555555555555555555555555555555555555555555555555555555555555:000000000000000055555555555555550000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:bea9411aa453c5434a5ae8c92862f564396855a9ea6e22d6d3b50ae1b3663311a4a3606c671d605ce16c3aece8e61ea145c59775017bee2fa6f88afc758069f7:1 ChaCha:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:0000000000000000aaaaaaaaaaaaaaaa0000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:9aa2a9f656efde5aa7591c5fed4b35aea2895dec7cb4543b9e9f21f5e7bcbcf3c43c748a970888f8248393a09d43e0b7e164bc4d0b0fb240a2d72115c4808906:1 ChaCha:00112233445566778899aabbccddeeffffeeddccbbaa99887766554433221100:00000000000000000f1e2d3c4b5a69780000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:9fadf409c00811d00431d67efbd88fba59218d5d6708b1d685863fabbb0e961eea480fd6fb532bfd494b2151015057423ab60a63fe4f55f7a212e2167ccab931:1 ChaCha:c46ec1b18ce8a878725a37e780dfb7351f68ed2e194c79fbc6aebee1a667975d:00000000000000001ada31d5cf6882210000000000000000:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:f63a89b75c2271f9368816542ba52f06ed49241792302b00b5e8f80ae9a473afc25b218f519af0fdd406362e8d69de7f54c604a6e00f353f110f771bdca8ab92:1 |
Changes to jni/libressl/tests/freenull.c.
|
| | > | 1 2 3 4 5 6 7 8 9 10 11 12 | /* $OpenBSD: freenull.c.head,v 1.3 2019/11/02 15:38:46 jsing Exp $ */ #include <openssl/asn1.h> #include <openssl/cmac.h> #include <openssl/cms.h> #include <openssl/comp.h> #include <openssl/conf_api.h> #include <openssl/dso.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif #include <openssl/gost.h> |
| ︙ | ︙ | |||
58 59 60 61 62 63 64 65 66 67 68 69 70 71 | BN_MONT_CTX_free(NULL); BN_RECP_CTX_free(NULL); BN_clear_free(NULL); BN_free(NULL); BUF_MEM_free(NULL); CERTIFICATEPOLICIES_free(NULL); CMAC_CTX_free(NULL); COMP_CTX_free(NULL); CONF_free(NULL); CRL_DIST_POINTS_free(NULL); DH_free(NULL); DIRECTORYSTRING_free(NULL); DISPLAYTEXT_free(NULL); DIST_POINT_NAME_free(NULL); | > > | 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | BN_MONT_CTX_free(NULL); BN_RECP_CTX_free(NULL); BN_clear_free(NULL); BN_free(NULL); BUF_MEM_free(NULL); CERTIFICATEPOLICIES_free(NULL); CMAC_CTX_free(NULL); CMS_ContentInfo_free(NULL); CMS_ReceiptRequest_free(NULL); COMP_CTX_free(NULL); CONF_free(NULL); CRL_DIST_POINTS_free(NULL); DH_free(NULL); DIRECTORYSTRING_free(NULL); DISPLAYTEXT_free(NULL); DIST_POINT_NAME_free(NULL); |
| ︙ | ︙ | |||
148 149 150 151 152 153 154 155 156 157 158 159 160 161 | PKEY_USAGE_PERIOD_free(NULL); POLICYINFO_free(NULL); POLICYQUALINFO_free(NULL); POLICY_CONSTRAINTS_free(NULL); POLICY_MAPPING_free(NULL); PROXY_CERT_INFO_EXTENSION_free(NULL); PROXY_POLICY_free(NULL); RSA_PSS_PARAMS_free(NULL); RSA_free(NULL); RSA_meth_free(NULL); SXNETID_free(NULL); SXNET_free(NULL); TS_ACCURACY_free(NULL); TS_MSG_IMPRINT_free(NULL); | > | 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 | PKEY_USAGE_PERIOD_free(NULL); POLICYINFO_free(NULL); POLICYQUALINFO_free(NULL); POLICY_CONSTRAINTS_free(NULL); POLICY_MAPPING_free(NULL); PROXY_CERT_INFO_EXTENSION_free(NULL); PROXY_POLICY_free(NULL); RSA_OAEP_PARAMS_free(NULL); RSA_PSS_PARAMS_free(NULL); RSA_free(NULL); RSA_meth_free(NULL); SXNETID_free(NULL); SXNET_free(NULL); TS_ACCURACY_free(NULL); TS_MSG_IMPRINT_free(NULL); |
| ︙ | ︙ |
Changes to jni/libressl/tests/handshake_table.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: handshake_table.c,v 1.14 2020/05/04 14:20:36 tb Exp $ */ /* * Copyright (c) 2019 Theo Buehler <tb@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
16 17 18 19 20 21 22 23 24 25 26 27 28 29 | */ #include <err.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include "tls13_handshake.h" /* * From RFC 8446: * * Appendix A. State Machine | > > | 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | */ #include <err.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #define MAX_FLAGS (UINT8_MAX + 1) #include "tls13_handshake.h" /* * From RFC 8446: * * Appendix A. State Machine |
| ︙ | ︙ | |||
82 83 84 85 86 87 88 89 90 91 |
uint8_t illegal;
};
#define DEFAULT 0x00
static struct child stateinfo[][TLS13_NUM_MESSAGE_TYPES] = {
[CLIENT_HELLO] = {
{SERVER_HELLO, DEFAULT, 0, 0},
},
[SERVER_HELLO] = {
| > > > > > > > < < < < < < < | 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
uint8_t illegal;
};
#define DEFAULT 0x00
static struct child stateinfo[][TLS13_NUM_MESSAGE_TYPES] = {
[CLIENT_HELLO] = {
{SERVER_HELLO_RETRY_REQUEST, DEFAULT, 0, 0},
{SERVER_HELLO, WITHOUT_HRR, 0, 0},
},
[SERVER_HELLO_RETRY_REQUEST] = {
{CLIENT_HELLO_RETRY, DEFAULT, 0, 0},
},
[CLIENT_HELLO_RETRY] = {
{SERVER_HELLO, DEFAULT, 0, 0},
},
[SERVER_HELLO] = {
{SERVER_ENCRYPTED_EXTENSIONS, DEFAULT, 0, 0},
},
[SERVER_ENCRYPTED_EXTENSIONS] = {
{SERVER_CERTIFICATE_REQUEST, DEFAULT, 0, 0},
{SERVER_CERTIFICATE, WITHOUT_CR, 0, 0},
{SERVER_FINISHED, WITH_PSK, 0, 0},
},
|
| ︙ | ︙ | |||
130 131 132 133 134 135 136 |
{0, DEFAULT, 0, 0},
},
};
const size_t stateinfo_count = sizeof(stateinfo) / sizeof(stateinfo[0]);
void build_table(enum tls13_message_type
| | | | | | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 |
{0, DEFAULT, 0, 0},
},
};
const size_t stateinfo_count = sizeof(stateinfo) / sizeof(stateinfo[0]);
void build_table(enum tls13_message_type
table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
struct child current, struct child end,
struct child path[], uint8_t flags, unsigned int depth);
size_t count_handshakes(void);
void edge(enum tls13_message_type start,
enum tls13_message_type end, uint8_t flag);
const char *flag2str(uint8_t flag);
void flag_label(uint8_t flag);
void forced_edges(enum tls13_message_type start,
enum tls13_message_type end, uint8_t forced);
int generate_graphics(void);
void fprint_entry(FILE *stream,
enum tls13_message_type path[TLS13_NUM_MESSAGE_TYPES],
uint8_t flags);
void fprint_flags(FILE *stream, uint8_t flags);
const char *mt2str(enum tls13_message_type mt);
__dead void usage(void);
int verify_table(enum tls13_message_type
table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print);
const char *
flag2str(uint8_t flag)
{
const char *ret;
if (flag & (flag - 1))
errx(1, "more than one bit is set");
switch (flag) {
case INITIAL:
ret = "INITIAL";
break;
case NEGOTIATED:
ret = "NEGOTIATED";
break;
case WITHOUT_CR:
ret = "WITHOUT_CR";
break;
case WITHOUT_HRR:
ret = "WITHOUT_HRR";
break;
case WITH_PSK:
ret = "WITH_PSK";
break;
case WITH_CCV:
ret = "WITH_CCV";
break;
|
| ︙ | ︙ | |||
214 215 216 217 218 219 220 | break; case CLIENT_CERTIFICATE_VERIFY: ret = "CLIENT_CERTIFICATE_VERIFY"; break; case CLIENT_FINISHED: ret = "CLIENT_FINISHED"; break; | < < < | | < < < | 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 | break; case CLIENT_CERTIFICATE_VERIFY: ret = "CLIENT_CERTIFICATE_VERIFY"; break; case CLIENT_FINISHED: ret = "CLIENT_FINISHED"; break; case SERVER_HELLO: ret = "SERVER_HELLO"; break; case SERVER_HELLO_RETRY_REQUEST: ret = "SERVER_HELLO_RETRY_REQUEST"; break; case SERVER_ENCRYPTED_EXTENSIONS: ret = "SERVER_ENCRYPTED_EXTENSIONS"; break; case SERVER_CERTIFICATE: ret = "SERVER_CERTIFICATE"; break; |
| ︙ | ︙ | |||
372 373 374 375 376 377 378 | ret++; } return ret; } void | | | 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 |
ret++;
}
return ret;
}
void
build_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
struct child current, struct child end, struct child path[], uint8_t flags,
unsigned int depth)
{
unsigned int i;
if (depth >= TLS13_NUM_MESSAGE_TYPES - 1)
errx(1, "recursed too deeply");
|
| ︙ | ︙ | |||
411 412 413 414 415 416 417 | errx(1, "path traversed twice"); for (i = 0; i < depth; i++) table[flags][i] = path[i].mt; } int | | | 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 |
errx(1, "path traversed twice");
for (i = 0; i < depth; i++)
table[flags][i] = path[i].mt;
}
int
verify_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
int print)
{
int success = 1, i;
size_t num_valid, num_found = 0;
uint8_t flags = 0;
do {
|
| ︙ | ︙ | |||
460 461 462 463 464 465 466 |
exit(1);
}
int
main(int argc, char *argv[])
{
static enum tls13_message_type
| | > > > > | 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 |
exit(1);
}
int
main(int argc, char *argv[])
{
static enum tls13_message_type
hs_table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES] = {
[INITIAL] = {
CLIENT_HELLO,
SERVER_HELLO_RETRY_REQUEST,
CLIENT_HELLO_RETRY,
SERVER_HELLO,
},
};
struct child start = {
CLIENT_HELLO, DEFAULT, 0, 0,
};
struct child end = {
APPLICATION_DATA, DEFAULT, 0, 0,
};
struct child path[TLS13_NUM_MESSAGE_TYPES] = {{0}};
uint8_t flags = NEGOTIATED;
unsigned int depth = 0;
int ch, graphviz = 0, print = 0;
#ifndef _MSC_VER
while ((ch = getopt(argc, argv, "Cg")) != -1) {
switch (ch) {
case 'C':
print = 1;
break;
case 'g':
graphviz = 1;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc != 0)
usage();
#endif
if (graphviz && print)
usage();
if (graphviz)
return generate_graphics();
|
| ︙ | ︙ |
Changes to jni/libressl/tests/key_schedule.c.
|
| | | | 1 2 3 4 5 6 7 8 9 10 | /* $OpenBSD: key_schedule.c,v 1.9 2019/11/18 02:09:58 beck Exp $ */ /* * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| ︙ | ︙ | |||
149 150 151 152 153 154 155 156 157 158 159 160 161 162 |
uint8_t expected_server_application_traffic[] = {
0xa1, 0x1a, 0xf9, 0xf0, 0x55, 0x31, 0xf8, 0x56,
0xad, 0x47, 0x11, 0x6b, 0x45, 0xa9, 0x50, 0x32,
0x82, 0x04, 0xb4, 0xf4, 0x4b, 0xfb, 0x6b, 0x3a,
0x4b, 0x4f, 0x1f, 0x3f, 0xcb, 0x63, 0x16, 0x43
};
uint8_t expected_exporter_master[] = {
0xfe, 0x22, 0xf8, 0x81, 0x17, 0x6e, 0xda, 0x18,
0xeb, 0x8f, 0x44, 0x52, 0x9e, 0x67, 0x92, 0xc5,
0x0c, 0x9a, 0x3f, 0x89, 0x45, 0x2f, 0x68, 0xd8,
0xae, 0x31, 0x1b, 0x43, 0x09, 0xd3, 0xcf, 0x50
};
| > > > > > > > > > > > > > > > > > > > > > | 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 |
uint8_t expected_server_application_traffic[] = {
0xa1, 0x1a, 0xf9, 0xf0, 0x55, 0x31, 0xf8, 0x56,
0xad, 0x47, 0x11, 0x6b, 0x45, 0xa9, 0x50, 0x32,
0x82, 0x04, 0xb4, 0xf4, 0x4b, 0xfb, 0x6b, 0x3a,
0x4b, 0x4f, 0x1f, 0x3f, 0xcb, 0x63, 0x16, 0x43
};
uint8_t expected_server_application_traffic_updated[] = {
0x51, 0x92, 0x1b, 0x8a, 0xa3, 0x00, 0x19, 0x76,
0xeb, 0x40, 0x1d, 0x0a, 0x43, 0x19, 0xa8, 0x51,
0x64, 0x16, 0xa6, 0xc5, 0x60, 0x01, 0xa3, 0x57,
0xe5, 0xd1, 0x62, 0x03, 0x1e, 0x84, 0xf9, 0x16,
};
uint8_t expected_client_application_traffic[] = {
0x9e, 0x40, 0x64, 0x6c, 0xe7, 0x9a, 0x7f, 0x9d,
0xc0, 0x5a, 0xf8, 0x88, 0x9b, 0xce, 0x65, 0x52,
0x87, 0x5a, 0xfa, 0x0b, 0x06, 0xdf, 0x00, 0x87,
0xf7, 0x92, 0xeb, 0xb7, 0xc1, 0x75, 0x04, 0xa5,
};
uint8_t expected_client_application_traffic_updated[] = {
0xfc, 0xdf, 0xcc, 0x72, 0x72, 0x5a, 0xae, 0xe4,
0x8b, 0xf6, 0x4e, 0x4f, 0xd8, 0xb7, 0x49, 0xcd,
0xbd, 0xba, 0xb3, 0x9d, 0x90, 0xda, 0x0b, 0x26,
0xe2, 0x24, 0x5c, 0xa6, 0xea, 0x16, 0x72, 0x07,
};
uint8_t expected_exporter_master[] = {
0xfe, 0x22, 0xf8, 0x81, 0x17, 0x6e, 0xda, 0x18,
0xeb, 0x8f, 0x44, 0x52, 0x9e, 0x67, 0x92, 0xc5,
0x0c, 0x9a, 0x3f, 0x89, 0x45, 0x2f, 0x68, 0xd8,
0xae, 0x31, 0x1b, 0x43, 0x09, 0xd3, 0xcf, 0x50
};
|
| ︙ | ︙ | |||
255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 |
fprintf(stderr, "server_application_traffic:\n");
compare_data(secrets->server_application_traffic.data, 32,
expected_server_application_traffic, 32);
if (memcmp(secrets->server_application_traffic.data,
expected_server_application_traffic, 32) != 0)
FAIL("server_application_traffic does not match\n");
fprintf(stderr, "exporter_master:\n");
compare_data(secrets->exporter_master.data, 32,
expected_exporter_master, 32);
if (memcmp(secrets->exporter_master.data,
expected_exporter_master, 32) != 0)
FAIL("exporter_master does not match\n");
tls13_secrets_destroy(secrets);
return failures;
}
| > > > > > > > > > > > > > > > > > > > > > > > > | 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 |
fprintf(stderr, "server_application_traffic:\n");
compare_data(secrets->server_application_traffic.data, 32,
expected_server_application_traffic, 32);
if (memcmp(secrets->server_application_traffic.data,
expected_server_application_traffic, 32) != 0)
FAIL("server_application_traffic does not match\n");
fprintf(stderr, "client_application_traffic:\n");
compare_data(secrets->client_application_traffic.data, 32,
expected_client_application_traffic, 32);
if (memcmp(secrets->client_application_traffic.data,
expected_client_application_traffic, 32) != 0)
FAIL("server_application_traffic does not match\n");
fprintf(stderr, "exporter_master:\n");
compare_data(secrets->exporter_master.data, 32,
expected_exporter_master, 32);
if (memcmp(secrets->exporter_master.data,
expected_exporter_master, 32) != 0)
FAIL("exporter_master does not match\n");
tls13_update_server_traffic_secret(secrets);
fprintf(stderr, "server_application_traffic after update:\n");
compare_data(secrets->server_application_traffic.data, 32,
expected_server_application_traffic_updated, 32);
if (memcmp(secrets->server_application_traffic.data,
expected_server_application_traffic_updated, 32) != 0)
FAIL("server_application_traffic does not match after update\n");
tls13_update_client_traffic_secret(secrets);
fprintf(stderr, "client_application_traffic after update:\n");
compare_data(secrets->client_application_traffic.data, 32,
expected_client_application_traffic_updated, 32);
if (memcmp(secrets->client_application_traffic.data,
expected_client_application_traffic_updated, 32) != 0)
FAIL("client_application_traffic does not match after update\n");
tls13_secrets_destroy(secrets);
return failures;
}
|
Changes to jni/libressl/tests/recordtest.c.
1 2 3 4 5 6 7 | /* * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * | > | 1 2 3 4 5 6 7 8 | /* $OpenBSD: recordtest.c,v 1.3 2020/03/13 16:01:12 jsing Exp $ */ /* * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ |
Changes to jni/libressl/tests/servertest.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: servertest.c,v 1.2 2020/01/25 05:02:27 jsing Exp $ */ /* * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
76 77 78 79 80 81 82 |
};
struct server_hello_test {
const unsigned char *desc;
unsigned char *client_hello;
const size_t client_hello_len;
const SSL_METHOD *(*ssl_method)(void);
| > | > | > | | 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
};
struct server_hello_test {
const unsigned char *desc;
unsigned char *client_hello;
const size_t client_hello_len;
const SSL_METHOD *(*ssl_method)(void);
const long ssl_clear_options;
const long ssl_set_options;
};
static struct server_hello_test server_hello_tests[] = {
{
.desc = "TLSv1.0 in SSLv2 record",
.client_hello = sslv2_client_hello_tls10,
.client_hello_len = sizeof(sslv2_client_hello_tls10),
.ssl_method = TLS_server_method,
.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
.ssl_set_options = 0,
},
{
.desc = "TLSv1.2 in SSLv2 record",
.client_hello = sslv2_client_hello_tls12,
.client_hello_len = sizeof(sslv2_client_hello_tls12),
.ssl_method = TLS_server_method,
.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
.ssl_set_options = 0,
},
};
#define N_SERVER_HELLO_TESTS \
(sizeof(server_hello_tests) / sizeof(*server_hello_tests))
static int
|
| ︙ | ︙ | |||
137 138 139 140 141 142 143 |
SSL_FILETYPE_PEM) != 1) {
fprintf(stderr, "Failed to load server private key");
goto failure;
}
SSL_CTX_set_dh_auto(ssl_ctx, 1);
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
| > > | | 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 |
SSL_FILETYPE_PEM) != 1) {
fprintf(stderr, "Failed to load server private key");
goto failure;
}
SSL_CTX_set_dh_auto(ssl_ctx, 1);
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
SSL_CTX_clear_options(ssl_ctx, sht->ssl_clear_options);
SSL_CTX_set_options(ssl_ctx, sht->ssl_set_options);
if ((ssl = SSL_new(ssl_ctx)) == NULL) {
fprintf(stderr, "SSL_new() returned NULL\n");
goto failure;
}
rbio->references = 2;
|
| ︙ | ︙ |
Changes to jni/libressl/tests/testssl.
| ︙ | ︙ | |||
49 50 51 52 53 54 55 | echo test sslv2/sslv3 with both client and server authentication via BIO pair $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 echo "Testing ciphersuites" | | | > | 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
echo test sslv2/sslv3 with both client and server authentication via BIO pair
$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
echo "Testing ciphersuites"
for protocol in SSLv3 TLSv1.2; do
echo "Testing ciphersuites for $protocol"
for cipher in `$openssl ciphers -v "$protocol+aRSA" |
awk "/ $protocol / { print \\$1 }"`; do
echo "Testing $cipher"
$ssltest -cipher $cipher
if [ $? -ne 0 ] ; then
echo "Failed $cipher"
exit 1
fi
done
|
| ︙ | ︙ | |||
103 104 105 106 107 108 109 | echo test dtlsv1 with both client and server authentication $ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1 echo "Testing DTLS ciphersuites" for protocol in SSLv3; do echo "Testing ciphersuites for $protocol" | | > | 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
echo test dtlsv1 with both client and server authentication
$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
echo "Testing DTLS ciphersuites"
for protocol in SSLv3; do
echo "Testing ciphersuites for $protocol"
for cipher in `$openssl ciphers -v "RSA+$protocol" |
awk "/ $protocol / { print \\$1 }" |
grep -v RC4`; do
echo "Testing $cipher"
$ssltest -cipher $cipher -dtls1
if [ $? -ne 0 ] ; then
echo "Failed $cipher"
exit 1
fi
|
| ︙ | ︙ |
Changes to jni/libressl/tests/tlsexttest.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tlsexttest.c,v 1.35 2020/04/17 17:24:03 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> * Copyright (c) 2019 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above |
| ︙ | ︙ | |||
1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 |
SSL_CTX_free(ssl_ctx);
SSL_free(ssl);
free(data);
return (failure);
}
static int
test_tlsext_sigalgs_server(void)
{
unsigned char *data = NULL;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
int failure = 0;
| > | 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 |
SSL_CTX_free(ssl_ctx);
SSL_free(ssl);
free(data);
return (failure);
}
#if 0
static int
test_tlsext_sigalgs_server(void)
{
unsigned char *data = NULL;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
int failure = 0;
|
| ︙ | ︙ | |||
1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 | CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); SSL_free(ssl); free(data); return (failure); } /* * Server Name Indication - RFC 6066 section 3. */ #define TEST_SNI_SERVERNAME "www.libressl.org" | > | 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 | CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); SSL_free(ssl); free(data); return (failure); } #endif /* * Server Name Indication - RFC 6066 section 3. */ #define TEST_SNI_SERVERNAME "www.libressl.org" |
| ︙ | ︙ | |||
3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 |
CBB_init(&cbb, 0);
if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
errx(1, "failed to create SSL_CTX");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "failed to create SSL");
S3I(ssl)->hs_tls13.max_version = 0;
if (tlsext_keyshare_client_needs(ssl)) {
FAIL("client should not need keyshare\n");
failure = 1;
goto done;
}
| > > > > > > | 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145 3146 3147 3148 3149 |
CBB_init(&cbb, 0);
if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
errx(1, "failed to create SSL_CTX");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "failed to create SSL");
if ((S3I(ssl)->hs_tls13.key_share =
tls13_key_share_new_nid(NID_X25519)) == NULL)
errx(1, "failed to create key share");
if (!tls13_key_share_generate(S3I(ssl)->hs_tls13.key_share))
errx(1, "failed to generate key share");
S3I(ssl)->hs_tls13.max_version = 0;
if (tlsext_keyshare_client_needs(ssl)) {
FAIL("client should not need keyshare\n");
failure = 1;
goto done;
}
|
| ︙ | ︙ | |||
3210 3211 3212 3213 3214 3215 3216 |
int alert;
CBB cbb;
CBS cbs;
uint8_t bogokey[] = {
0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3,
0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99,
0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6,
| | | 3218 3219 3220 3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 |
int alert;
CBB cbb;
CBS cbs;
uint8_t bogokey[] = {
0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3,
0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99,
0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6,
0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22,
};
CBB_init(&cbb, 0);
if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
errx(1, "failed to create SSL_CTX");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
|
| ︙ | ︙ | |||
3241 3242 3243 3244 3245 3246 3247 |
ssl->version = TLS1_3_VERSION;
if (tlsext_keyshare_server_needs(ssl)) {
FAIL("client should not need keyshare\n");
failure = 1;
goto done;
}
| | | > > > | | > > > | | > > > > > > > > > > > > | 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284 3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 |
ssl->version = TLS1_3_VERSION;
if (tlsext_keyshare_server_needs(ssl)) {
FAIL("client should not need keyshare\n");
failure = 1;
goto done;
}
if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) {
FAIL("failed to find keyshare extension");
failure = 1;
goto done;
}
S3I(ssl)->hs.extensions_seen |= (1 << idx);
if (!tlsext_keyshare_server_needs(ssl)) {
FAIL("server should need keyshare");
failure = 1;
goto done;
}
if (tlsext_keyshare_server_build(ssl, &cbb)) {
FAIL("server should not have built a keyshare response");
failure = 1;
goto done;
}
if ((S3I(ssl)->hs_tls13.key_share =
tls13_key_share_new_nid(NID_X25519)) == NULL)
errx(1, "failed to create key share");
if (!tls13_key_share_generate(S3I(ssl)->hs_tls13.key_share))
errx(1, "failed to generate key share");
CBS_init(&cbs, bogokey, sizeof(bogokey));
if (!tls13_key_share_peer_public(S3I(ssl)->hs_tls13.key_share,
0x001d, &cbs)) {
FAIL("failed to load peer public key");
failure = 1;
goto done;
}
if (!tlsext_keyshare_server_build(ssl, &cbb)) {
FAIL("server should be able to build a keyshare response");
failure = 1;
goto done;
}
if (!CBB_finish(&cbb, &data, &dlen)) {
FAIL("failed to finish CBB");
failure = 1;
goto done;
}
if (dlen != sizeof(tlsext_keyshare_server)) {
FAIL("got server keyshare with length %zu, "
"want length %zu\n", dlen, sizeof(tlsext_keyshare_server));
failure = 1;
goto done;
}
if ((S3I(ssl)->hs_tls13.key_share =
tls13_key_share_new_nid(NID_X25519)) == NULL)
errx(1, "failed to create key share");
if (!tls13_key_share_generate(S3I(ssl)->hs_tls13.key_share))
errx(1, "failed to generate key share");
CBS_init(&cbs, data, dlen);
if (!tlsext_keyshare_client_parse(ssl, &cbs, &alert)) {
FAIL("failed to parse server keyshare\n");
failure = 1;
goto done;
}
|
| ︙ | ︙ | |||
3306 3307 3308 3309 3310 3311 3312 | free(data); return (failure); } /* One day I hope to be the only Muppet in this codebase */ const uint8_t cookie[] = "\n" | | | | | | | < < < < < < < < < < | 3332 3333 3334 3335 3336 3337 3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 3348 3349 3350 3351 |
free(data);
return (failure);
}
/* One day I hope to be the only Muppet in this codebase */
const uint8_t cookie[] = "\n"
" (o)(o) \n"
" m' 'm \n"
" M -****- M \n"
" 'm m' \n"
" m''''''''''m \n"
" M M BB \n";
static int
test_tlsext_cookie_client(void)
{
unsigned char *data = NULL;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
|
| ︙ | ︙ | |||
3551 3552 3553 3554 3555 3556 3557 | failed |= test_tlsext_ecpf_client(); failed |= test_tlsext_ecpf_server(); failed |= test_tlsext_ri_client(); failed |= test_tlsext_ri_server(); failed |= test_tlsext_sigalgs_client(); | < | 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 | failed |= test_tlsext_ecpf_client(); failed |= test_tlsext_ecpf_server(); failed |= test_tlsext_ri_client(); failed |= test_tlsext_ri_server(); failed |= test_tlsext_sigalgs_client(); failed |= test_tlsext_sni_client(); failed |= test_tlsext_sni_server(); failed |= test_tlsext_ocsp_client(); failed |= test_tlsext_ocsp_server(); |
| ︙ | ︙ |
Changes to jni/libressl/tls/CMakeLists.txt.
| ︙ | ︙ | |||
20 21 22 23 24 25 26 |
compat/ftruncate.c
compat/pread.c
compat/pwrite.c
)
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
| | | < | | | | | | | | | | < | 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
compat/ftruncate.c
compat/pread.c
compat/pwrite.c
)
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DTLS_DEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
add_definitions(-DTLS_DEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()
add_library(tls ${TLS_SRC})
target_include_directories(tls
PRIVATE
.
../include/compat
PUBLIC
../include)
export_symbol(tls ${CMAKE_CURRENT_SOURCE_DIR}/tls.sym)
target_link_libraries(tls ssl crypto ${PLATFORM_LIBS})
if (WIN32)
set(TLS_POSTFIX -${TLS_MAJOR_VERSION})
endif()
set_target_properties(tls PROPERTIES
OUTPUT_NAME tls${TLS_POSTFIX}
ARCHIVE_OUTPUT_NAME tls${TLS_POSTFIX})
set_target_properties(tls PROPERTIES VERSION ${TLS_VERSION}
SOVERSION ${TLS_MAJOR_VERSION})
if(ENABLE_LIBRESSL_INSTALL)
install(
TARGETS tls
ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
|
| ︙ | ︙ |
Changes to jni/libressl/tls/Makefile.am.
| ︙ | ︙ | |||
9 10 11 12 13 14 15 | libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la libtls_la_LIBADD += $(PLATFORM_LDADD) libtls_la_CPPFLAGS = $(AM_CPPFLAGS) if OPENSSLDIR_DEFINED | | | | 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la libtls_la_LIBADD += $(PLATFORM_LDADD) libtls_la_CPPFLAGS = $(AM_CPPFLAGS) if OPENSSLDIR_DEFINED libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\" else libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\" endif libtls_la_SOURCES = tls.c libtls_la_SOURCES += tls_client.c libtls_la_SOURCES += tls_bio_cb.c libtls_la_SOURCES += tls_config.c libtls_la_SOURCES += tls_conninfo.c |
| ︙ | ︙ |
Changes to jni/libressl/tls/Makefile.in.
|
| | | | 1 2 3 4 5 6 7 8 9 10 11 | # Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without |
| ︙ | ︙ | |||
85 86 87 88 89 90 91 | PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ | | | | 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 | PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @OPENSSLDIR_DEFINED_TRUE@am__append_1 = -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\" @OPENSSLDIR_DEFINED_FALSE@am__append_2 = -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\" @HOST_WIN_TRUE@am__append_3 = compat/ftruncate.c compat/pread.c \ @HOST_WIN_TRUE@ compat/pwrite.c subdir = tls ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/check-hardening-options.m4 \ $(top_srcdir)/m4/check-libc.m4 \ $(top_srcdir)/m4/check-os-options.m4 \ |
| ︙ | ︙ |
Changes to jni/libressl/tls/VERSION.
|
| | | 1 | 20:1:0 |
Changes to jni/libressl/tls/tls.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls.c,v 1.84 2020/01/20 08:39:21 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 |
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1);
SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
if (ctx->config->alpn != NULL) {
if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn,
ctx->config->alpn_len) != 0) {
tls_set_errorx(ctx, "failed to set alpn");
goto err;
}
| > > > | 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 |
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1);
SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0)
SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
if (ctx->config->alpn != NULL) {
if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn,
ctx->config->alpn_len) != 0) {
tls_set_errorx(ctx, "failed to set alpn");
goto err;
}
|
| ︙ | ︙ |
Changes to jni/libressl/tls/tls.sym.
| ︙ | ︙ | |||
47 48 49 50 51 52 53 54 55 56 57 58 59 60 | tls_config_skip_private_key_check tls_config_verify tls_config_verify_client tls_config_verify_client_optional tls_configure tls_conn_alpn_selected tls_conn_cipher tls_conn_servername tls_conn_session_resumed tls_conn_version tls_connect tls_connect_cbs tls_connect_fds tls_connect_servername | > | 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 | tls_config_skip_private_key_check tls_config_verify tls_config_verify_client tls_config_verify_client_optional tls_configure tls_conn_alpn_selected tls_conn_cipher tls_conn_cipher_strength tls_conn_servername tls_conn_session_resumed tls_conn_version tls_connect tls_connect_cbs tls_connect_fds tls_connect_servername |
| ︙ | ︙ |
Changes to jni/libressl/tls/tls_config.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls_config.c,v 1.58 2020/01/20 08:39:21 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
| ︙ | ︙ | |||
24 25 26 27 28 29 30 | #include <stdlib.h> #include <unistd.h> #include <tls.h> #include "tls_internal.h" | | | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
#include <stdlib.h>
#include <unistd.h>
#include <tls.h>
#include "tls_internal.h"
static const char default_ca_file[] = TLS_DEFAULT_CA_FILE;
const char *
tls_default_ca_cert_file(void)
{
return default_ca_file;
}
|
| ︙ | ︙ | |||
249 250 251 252 253 254 255 256 257 258 259 260 261 262 |
proto = TLS_PROTOCOL_TLSv1;
else if (strcasecmp(p, "tlsv1.0") == 0)
proto = TLS_PROTOCOL_TLSv1_0;
else if (strcasecmp(p, "tlsv1.1") == 0)
proto = TLS_PROTOCOL_TLSv1_1;
else if (strcasecmp(p, "tlsv1.2") == 0)
proto = TLS_PROTOCOL_TLSv1_2;
if (proto == 0) {
free(s);
return (-1);
}
if (negate)
| > > | 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 |
proto = TLS_PROTOCOL_TLSv1;
else if (strcasecmp(p, "tlsv1.0") == 0)
proto = TLS_PROTOCOL_TLSv1_0;
else if (strcasecmp(p, "tlsv1.1") == 0)
proto = TLS_PROTOCOL_TLSv1_1;
else if (strcasecmp(p, "tlsv1.2") == 0)
proto = TLS_PROTOCOL_TLSv1_2;
else if (strcasecmp(p, "tlsv1.3") == 0)
proto = TLS_PROTOCOL_TLSv1_3;
if (proto == 0) {
free(s);
return (-1);
}
if (negate)
|
| ︙ | ︙ |
Changes to jni/libressl/tls/tls_conninfo.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls_conninfo.c,v 1.21 2019/11/02 13:37:59 jsing Exp $ */ /* * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> * Copyright (c) 2015 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. |
| ︙ | ︙ | |||
242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
if (tls_conninfo_alpn_proto(ctx) == -1)
goto err;
if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL)
goto err;
if ((ctx->conninfo->cipher = strdup(tmp)) == NULL)
goto err;
if (ctx->servername != NULL) {
if ((ctx->conninfo->servername =
strdup(ctx->servername)) == NULL)
goto err;
}
| > | 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 |
if (tls_conninfo_alpn_proto(ctx) == -1)
goto err;
if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL)
goto err;
if ((ctx->conninfo->cipher = strdup(tmp)) == NULL)
goto err;
ctx->conninfo->cipher_strength = SSL_get_cipher_bits(ctx->ssl_conn, NULL);
if (ctx->servername != NULL) {
if ((ctx->conninfo->servername =
strdup(ctx->servername)) == NULL)
goto err;
}
|
| ︙ | ︙ | |||
307 308 309 310 311 312 313 314 315 316 317 318 319 320 |
const char *
tls_conn_cipher(struct tls *ctx)
{
if (ctx->conninfo == NULL)
return (NULL);
return (ctx->conninfo->cipher);
}
const char *
tls_conn_servername(struct tls *ctx)
{
if (ctx->conninfo == NULL)
return (NULL);
return (ctx->conninfo->servername);
| > > > > > > > > | 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 |
const char *
tls_conn_cipher(struct tls *ctx)
{
if (ctx->conninfo == NULL)
return (NULL);
return (ctx->conninfo->cipher);
}
int
tls_conn_cipher_strength(struct tls *ctx)
{
if (ctx->conninfo == NULL)
return (0);
return (ctx->conninfo->cipher_strength);
}
const char *
tls_conn_servername(struct tls *ctx)
{
if (ctx->conninfo == NULL)
return (NULL);
return (ctx->conninfo->servername);
|
| ︙ | ︙ |
Changes to jni/libressl/tls/tls_internal.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls_internal.h,v 1.77 2019/11/16 21:39:52 beck Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. |
| ︙ | ︙ | |||
24 25 26 27 28 29 30 | #include <arpa/inet.h> #include <netinet/in.h> #include <openssl/ssl.h> __BEGIN_HIDDEN_DECLS | > > > > | | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
#include <arpa/inet.h>
#include <netinet/in.h>
#include <openssl/ssl.h>
__BEGIN_HIDDEN_DECLS
#ifndef TLS_DEFAULT_CA_FILE
#define TLS_DEFAULT_CA_FILE "/etc/ssl/cert.pem"
#endif
#define TLS_CIPHERS_DEFAULT "TLSv1.3:TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
#define TLS_CIPHERS_COMPAT "HIGH:!aNULL"
#define TLS_CIPHERS_LEGACY "HIGH:MEDIUM:!aNULL"
#define TLS_CIPHERS_ALL "ALL:!aNULL:!eNULL"
#define TLS_ECDHE_CURVES "X25519,P-256,P-384"
union tls_addr {
|
| ︙ | ︙ | |||
108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
int verify_time;
int skip_private_key_check;
};
struct tls_conninfo {
char *alpn;
char *cipher;
char *servername;
int session_resumed;
char *version;
char *hash;
char *issuer;
char *subject;
| > | 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 |
int verify_time;
int skip_private_key_check;
};
struct tls_conninfo {
char *alpn;
char *cipher;
int cipher_strength;
char *servername;
int session_resumed;
char *version;
char *hash;
char *issuer;
char *subject;
|
| ︙ | ︙ |
Changes to jni/libressl/tls/tls_ocsp.c.
1 2 3 4 5 6 7 | /* * Copyright (c) 2015 Marko Kreen <markokr@gmail.com> * Copyright (c) 2016 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. | > | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls_ocsp.c,v 1.19 2019/12/03 14:56:42 tb Exp $ */ /* * Copyright (c) 2015 Marko Kreen <markokr@gmail.com> * Copyright (c) 2016 Bob Beck <beck@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. |
| ︙ | ︙ |
Changes to jni/tls/tests/ciphers.test.
| ︙ | ︙ | |||
97 98 99 100 101 102 103 104 105 |
DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5
}
set ::EXPECTEDCIPHERS(libressl) {
| > > | > | > | > | | | > | | > | | < < < < < > | | | < < | | | > | | | > | | | < | < | < | < < < < < < | | < | < < | < | < < | < < < | < < < < < < < < < | | | < < | < | < < | | 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 |
DES-CBC-SHA
EXP-EDH-RSA-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5
}
# libressl 3.1.1 currently
set ::EXPECTEDCIPHERS(libressl) {
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305
GOST2012256-GOST89-GOST89
DHE-RSA-CAMELLIA256-SHA256
DHE-RSA-CAMELLIA256-SHA
GOST2001-GOST89-GOST89
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA256
CAMELLIA256-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-CAMELLIA128-SHA256
DHE-RSA-CAMELLIA128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
CAMELLIA128-SHA256
CAMELLIA128-SHA
ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA
RC4-SHA
RC4-MD5
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA
AEAD-AES128-GCM-SHA256
AEAD-AES256-GCM-SHA384
AEAD-CHACHA20-POLY1305-SHA256
}
set version ""
if {[string match "OpenSSL*" [tls::version]]} {
regexp {OpenSSL ([\d\.]+)} [tls::version] -> version
}
if {![info exists ::EXPECTEDCIPHERS(openssl$version)]} {
|
| ︙ | ︙ |
Changes to jni/tls/tls.c.
| ︙ | ︙ | |||
35 36 37 38 39 40 41 | * External functions */ /* * Forward declarations */ | | | 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | * External functions */ /* * Forward declarations */ #define F2N(key, dsp) \ (((key) == NULL) ? (char *) NULL : \ Tcl_TranslateFileName(interp, (key), (dsp))) #define REASON() ERR_reason_error_string(ERR_get_error()) static void InfoCallback _ANSI_ARGS_ ((CONST SSL *ssl, int where, int ret)); static int CiphersObjCmd _ANSI_ARGS_ ((ClientData clientData, |
| ︙ | ︙ | |||
1004 1005 1006 1007 1008 1009 1010 |
/* reset to NULL if blank string provided */
if (certfile && !*certfile) certfile = NULL;
if (cert && !*cert) cert = NULL;
if (cert_len <= 0) cert = NULL;
if (keyfile && !*keyfile) keyfile = NULL;
if (key && !*key) key = NULL;
| | | 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 |
/* reset to NULL if blank string provided */
if (certfile && !*certfile) certfile = NULL;
if (cert && !*cert) cert = NULL;
if (cert_len <= 0) cert = NULL;
if (keyfile && !*keyfile) keyfile = NULL;
if (key && !*key) key = NULL;
if (key_len <= 0) key = NULL;
if (ciphers && !*ciphers) ciphers = NULL;
if (CAfile && !*CAfile) CAfile = NULL;
if (CAdir && !*CAdir) CAdir = NULL;
if (DHparams && !*DHparams) DHparams = NULL;
/* new SSL state */
statePtr = (State *) ckalloc((unsigned) sizeof(State));
|
| ︙ | ︙ | |||
1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 |
CONST char *DHparams;
{
Tcl_Interp *interp = statePtr->interp;
SSL_CTX *ctx = NULL;
Tcl_DString ds;
Tcl_DString ds1;
int off = 0;
CONST SSL_METHOD *method;
if (!proto) {
Tcl_AppendResult(interp, "no valid protocol selected", NULL);
return (SSL_CTX *)0;
}
| > | 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 |
CONST char *DHparams;
{
Tcl_Interp *interp = statePtr->interp;
SSL_CTX *ctx = NULL;
Tcl_DString ds;
Tcl_DString ds1;
int off = 0;
int load_private_key;
CONST SSL_METHOD *method;
if (!proto) {
Tcl_AppendResult(interp, "no valid protocol selected", NULL);
return (SSL_CTX *)0;
}
|
| ︙ | ︙ | |||
1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 |
dh = get_dh2048();
}
SSL_CTX_set_tmp_dh(ctx, dh);
DH_free(dh);
}
#endif
/* set our certificate */
if (certfile != NULL) {
Tcl_DStringInit(&ds);
| > > < | | > > > > | | > > | > > | < < < > | > > > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > < < < < < < < | < < < < | < < < < < < < < < < < < < < < < < < < < < < < < < | | | 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 |
dh = get_dh2048();
}
SSL_CTX_set_tmp_dh(ctx, dh);
DH_free(dh);
}
#endif
load_private_key = 0;
/* set our certificate */
if (certfile != NULL) {
load_private_key = 1;
Tcl_DStringInit(&ds);
if (SSL_CTX_use_certificate_file(ctx, F2N(certfile, &ds),
SSL_FILETYPE_PEM) <= 0) {
Tcl_DStringFree(&ds);
Tcl_AppendResult(interp,
"unable to set certificate file ", certfile, ": ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
Tcl_DStringFree(&ds);
} else if (cert != NULL) {
load_private_key = 1;
if (SSL_CTX_use_certificate_ASN1(ctx, cert_len, cert) <= 0) {
Tcl_AppendResult(interp,
"unable to set certificate: ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
} else {
certfile = (char*)X509_get_default_cert_file();
if (SSL_CTX_use_certificate_file(ctx, certfile,
SSL_FILETYPE_PEM) <= 0) {
#if 0
Tcl_AppendResult(interp,
"unable to use default certificate file ", certfile, ": ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
#endif
}
}
/* set our private key */
if (load_private_key) {
if (keyfile == NULL && key == NULL) {
keyfile = certfile;
if (keyfile == NULL) {
key = cert;
key_len = cert_len;
}
}
if (keyfile != NULL) {
/* get the private key associated with this certificate */
Tcl_DStringInit(&ds);
if (SSL_CTX_use_PrivateKey_file(ctx, F2N(keyfile, &ds),
SSL_FILETYPE_PEM) <= 0) {
Tcl_DStringFree(&ds);
/* flush the passphrase which might be left in the result */
Tcl_SetResult(interp, NULL, TCL_STATIC);
Tcl_AppendResult(interp,
"unable to set public key file ", keyfile, ": ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
Tcl_DStringFree(&ds);
} else if (key != NULL) {
if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key, key_len) <= 0) {
/* flush the passphrase which might be left in the result */
Tcl_SetResult(interp, NULL, TCL_STATIC);
Tcl_AppendResult(interp,
"unable to set public key: ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
}
/* Now we know that a key and cert have been set against
* the SSL context */
if (!SSL_CTX_check_private_key(ctx)) {
Tcl_AppendResult(interp,
"private key does not match the certificate public key",
(char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
}
/* set verification CAs */
Tcl_DStringInit(&ds);
Tcl_DStringInit(&ds1);
if (!SSL_CTX_load_verify_locations(ctx, F2N(CAfile, &ds), F2N(CAdir, &ds1)) ||
!SSL_CTX_set_default_verify_paths(ctx)) {
#if 0
Tcl_DStringFree(&ds);
Tcl_DStringFree(&ds1);
/* Don't currently care if this fails */
Tcl_AppendResult(interp, "SSL default verify paths: ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
#endif
}
/* https://sourceforge.net/p/tls/bugs/57/ */
if ( CAfile != NULL ) {
STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
if ( certNames != NULL ) {
SSL_CTX_set_client_CA_list(ctx, certNames);
}
}
Tcl_DStringFree(&ds);
Tcl_DStringFree(&ds1);
return ctx;
}
|
| ︙ | ︙ |